Commit graph

30745 commits

Author SHA1 Message Date
Nicolas Geoffray
ce4c42e09f Revert "Add tagged pointers to bionic."
This reverts commit 43d5f9d4dd.

Bug: 135754954
Bug: 147147490

Exempt-From-Owner-Approval: clean revert

Reason for revert: Breaks ART gtest, see:
https://ci.chromium.org/p/art/builders/ci/angler-armv8-non-gen-cc/561

The crash happens on mprotect of a page, the test crashes with ENOMEM.

Change-Id: I52eea1abbfaf8d8e2226f92d30aa55aba3810528
2020-01-21 13:57:26 +00:00
Dan Willemsen
a547762ae3 Merge "Convert more bionic tests to Android.bp" 2020-01-21 04:52:16 +00:00
Mitch Phillips
3460b6c265 Merge "Add tagged pointers to bionic." 2020-01-20 23:31:27 +00:00
Anna Trostanetski
9981a1dac8 Revert "Enable the scudo native allocator."
This reverts commit b198958412.

Reason for revert: b/147838132. Breaks JNI calls.

Bug: 147838132

Change-Id: I657cf9fddc1e8ee60c1830a1b3f560ab51928a40
2020-01-20 20:17:10 +00:00
Ryan Prichard
0bf9aed92e Merge "Neon-optimized version of the GNU symbol calculation" 2020-01-17 20:48:14 +00:00
Tom Cherry
2185a12312 Add a README.md for async_safe
Particularly to document why both this and liblog exist, when they do
essentially the same thing.

Test: n/a
Change-Id: I216194402a12270cfbb6bc9b840d054dc9c1dc16
2020-01-17 12:12:26 -08:00
Elliott Hughes
91e3bd1f33 Document the changed fdsan default from Q to R.
Change-Id: I98c50232184a8bf929579a7a30460dc33555475e
2020-01-16 15:23:58 -08:00
Dan Willemsen
4bcfe3c330 Convert more bionic tests to Android.bp
Bug: 122332847
Bug: 130734182
Test: mmm bionic/tests; same files installed before & after
Test: m cts; same files in cts before & after
Test: `objdump -x <files> | grep NEEDED` is identical
Test: `objdump -x <files> | grep RUNPATH` difference make sense
      (additional lib64 entries from soong, minimal reorder)
Test: treehugger
Change-Id: I6eea4c3f9c0040efeba64e2b47c7b573767cd386
2020-01-16 10:12:46 -08:00
Christopher Ferris
f5421dde7f Merge "Add new malloc align tests." 2020-01-16 17:20:26 +00:00
Ryan Savitski
b72fed164e Merge "allow for heapprofd's signal to be multiplexed" 2020-01-16 16:04:08 +00:00
Treehugger Robot
c9bde27fbb Merge "Restore handling of R_GENERIC_NONE relocations" 2020-01-16 11:33:15 +00:00
Treehugger Robot
3cb0e3dc21 Merge "Add a liblog dependency" 2020-01-16 11:19:45 +00:00
Ryan Prichard
f82e39f1d9 Add a liblog dependency
Modules with a libbase dependency also need a liblog dependency now.

Fixes the linker-reloc-bench build target.

Bug: b/147779981
Test: manual
Change-Id: I41dd35717b665524a26a92a0c268e42c93a383b7
2020-01-15 19:59:04 -08:00
Ryan Prichard
ac951d785e Merge "Add a linker relocation benchmark" 2020-01-16 00:57:07 +00:00
Ryan Prichard
4f140695d9 Restore handling of R_GENERIC_NONE relocations
Previously, the linker was ignoring the symbol of the R_GENERIC_NONE
relocation, so continue ignoring it. This is a little unfortunate because
it requires adding an extra condition on the fast path for relocation
handling.

I tried benchmarking this change, and I can't tell whether it has no
effect or is a regression of up to 1%. It might be possible to refactor
this code (e.g. do the lookup anyway, but avoid reporting an error), or by
changing the linker behavior, but this simple change gets the linker
working again.

Bug: http://b/147719203
Test: verify that the broken app works again
Change-Id: I7589b65705fec522d5fbadc05136dd5489833aea
2020-01-15 15:19:17 -08:00
Mitch Phillips
43d5f9d4dd Add tagged pointers to bionic.
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).

We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.

If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.

Bug: 135754954
Bug: 147147490

Test: cd bionic && atest .
Change-Id: I6e5b809fc81f55dd517f845eaf20f3c0ebd4d86e
2020-01-15 15:03:00 -08:00
Ryan Savitski
e95316330b platform profiler signal: add traced_perf codepath
This patch adds a case for the profiling signal handler (previously just
for native heapprofd profiling) when si_value == 1, corresponding to
traced_perf being the requesting party.

The handler opens /proc/self/{maps,mem}, connects to (init-created)
/dev/socket/traced_perf, and then sends the fds over the socket.
Everything happens synchronously within the signal handler. Socket is
made non-blocking, and we do not retry.

Bug: 144281346
Change-Id: Iea904694caeefe317ed8818e5b150e8819af91c2
2020-01-15 22:55:04 +00:00
Ryan Savitski
175c8867b0 allow for heapprofd's signal to be multiplexed
This patch refactors heapprofd_malloc to make it easier to reuse the
reserved signal for multiple purposes. We define a new generic signal
handler for profilers, which dispatches to more specific logic based on
the signal's payload (si_value).

The profiler signal handler is installed during libc preinit, after
malloc initialization (so races against synchronous heapprofd
initialization need not be considered). In terms of code organization, I
copied the existing approach with a loosely referenced function in
bionic_globals.h. Do tell if you'd rather a different approach here.

The profileability of a process is quite tied to the malloc
files/interfaces in bionic - in particular, it's set through
android_mallopt. I do not change that, but instead introduce a new
android_mallopt option to be able to query profileability of the
process (which is now used by the new profiler signal handler). As part
of that, gZygoteChildProfileable is moved from heapprofd_malloc to
common (alongside gZygoteChild).

I've removed the masking and reraising of the heapprofd signal when
racing against malloc_limit init. We're ok with taking a simpler
approach and dropping the heapprofd signal in such an unlikely race.

Note: this requires a corresponding change in heapprofd to use sigqueue()
instead of kill(), as the latter leaves the si_value uninitialized(?) on
the receiving side.

Bug: 144281346
Change-Id: I93bb2e82cff5870e5ca499cf86439860aca9dfa5
2020-01-15 22:55:03 +00:00
Christopher Ferris
5ad528917b Merge "Enable the scudo native allocator." 2020-01-15 19:50:35 +00:00
Christopher Ferris
f32494c985 Add new malloc align tests.
Bug: 146576216

Test: Ran the test on jemalloc and glibc.
Test: Ran the test on scudo and verified that failed without the align
Test: change.
Change-Id: I31a96f8672c6bce2423210300288a13df1eda42a
2020-01-15 09:22:21 -08:00
Steven Moreland
fee43f6e89 Merge "stack_protector_DeathTest: work w/ local reorder" 2020-01-15 16:49:05 +00:00
Jing Ji
be64282b8c Merge "libc: Add pidfd_open to common seccomp allowed list" 2020-01-15 06:25:34 +00:00
Christopher Ferris
b198958412 Enable the scudo native allocator.
This is attempt number two, all known failures and issues have
been fixed.

Bug: 137795072

Test: Built both svelte and non-svelte versions. Ran enormous numbers
Test: of performance testing.
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Test: Ran libmemunreachable tests.
Test: Ran atest CtsRsBlasTestCases on cuttlefish instance.
Change-Id: Ib0c6ef38b63b7a1f39f4431ed8414afe3a92f9b5
2020-01-14 17:25:10 -08:00
Jing Ji
e986722e65 libc: Add pidfd_open to common seccomp allowed list
Apps could use this API to monitor the death of processes

Bug: 118991081
Test: manual
Change-Id: If38e0b6c57713a069706b59128b22a94f23a497c
2020-01-14 14:35:34 -08:00
Steven Moreland
06f39d36a4 stack_protector_DeathTest: work w/ local reorder
Before, the helper method for this test had two local variables:
    char buf[128];
    volatile char* p;

Then the test wrote zeros into the buffer and one past the buffer end.
This relied on the fact that the compiler constructed the stack frame
with 'p' first and then the buffer (and also optimized away the 'size'
variable).

However, some compiler options (namely -ftrivial-auto-var-init=pattern)
result in the stack frame being reordered so that 'p' is actually after
buf, and the test cannot pass.

Fixes: 132780819
Test: bionic-unit-tests-static (w/ w/o flag)
Change-Id: Icc87c02add211c2afb7c96ae22701ec27990364c
2020-01-14 14:11:16 -08:00
Ryan Prichard
41f19708c8 Add a linker relocation benchmark
The benchmark creates a set of DSOs that mimic the work involved in
loading the current version of libandroid_servers.so. The synthetic
benchmark has roughly the same number of libraries with roughly the same
relocations.

Currently, on a local aosp_walleye build that includes recent performance
improvements (including the Neon-based CL
I3983bca1dddc9241bb70290ad3651d895f046660), using the "performance"
governor, the benchmark reports these scores:

$ adb shell taskset 10 \
  /data/benchmarktest64/linker-reloc-bench/linker-reloc-bench \
  --benchmark_repetitions=20 --benchmark_display_aggregates_only=true
...
--------------------------------------------------------------------------------
Benchmark                                      Time             CPU   Iterations
--------------------------------------------------------------------------------
BM_linker_relocation/real_time_mean        70048 us          465 us           20
BM_linker_relocation/real_time_median      70091 us          466 us           20
BM_linker_relocation/real_time_stddev        329 us         8.29 us           20

$ adb shell taskset 10 \
  /data/benchmarktest/linker-reloc-bench/linker-reloc-bench \
  --benchmark_repetitions=20 --benchmark_display_aggregates_only=true
...
--------------------------------------------------------------------------------
Benchmark                                      Time             CPU   Iterations
--------------------------------------------------------------------------------
BM_linker_relocation/real_time_mean        83051 us          462 us           20
BM_linker_relocation/real_time_median      83069 us          464 us           20
BM_linker_relocation/real_time_stddev        184 us         8.91 us           20

Test: manual
Bug: none
Change-Id: I6dac66978f8666f95c76387093bda6be0151bfce
2020-01-14 13:12:56 -08:00
Ryan Prichard
7909f4c667 Merge "Optimize GNU hash linking for large inputs" 2020-01-14 19:11:59 +00:00
Elliott Hughes
26f583f046 Merge "Consistent <termios.h> behavior on all API levels." 2020-01-14 19:08:41 +00:00
Robert Sesek
2f21482f14 Merge "Revert "Move pipe, open, and getdents from the APP to COMMON seccomp whitelist."" 2020-01-14 16:59:18 +00:00
Peter Collingbourne
c7a9d88816 Merge "Let libmemunreachable use bionic_libc_platform_headers." 2020-01-14 00:37:44 +00:00
Ryan Prichard
129f7a1d8e Neon-optimized version of the GNU symbol calculation
On 64-bit walleye, improves the linker relocation benchmark from 71.9ms to
70.7ms (1.7% of the run-time).

On a 32-bit device, it improves the linker relocation benchmark from
205.5ms to 201.2ms (2.1% of the run-time).

$ adb shell taskset 10 /data/benchmarktest64/linker-benchmarks/linker-benchmarks --benchmark_repetitions=100 --benchmark_display_aggregates_only
--------------------------------------------------------------------
Benchmark                          Time             CPU   Iterations
--------------------------------------------------------------------
BM_gnu_hash_simple_mean        15232 ns        15212 ns          100
BM_gnu_hash_simple_median      15176 ns        15159 ns          100
BM_gnu_hash_simple_stddev        111 ns          110 ns          100
BM_gnu_hash_neon_mean          10265 ns        10252 ns          100
BM_gnu_hash_neon_median        10261 ns        10249 ns          100
BM_gnu_hash_neon_stddev         28.1 ns         23.9 ns          100

Bug: none
Test: linker-unit-tests
Test: linker-benchmarks
Change-Id: I3983bca1dddc9241bb70290ad3651d895f046660
2020-01-13 13:29:25 -08:00
Ryan Prichard
339ecef22d Optimize GNU hash linking for large inputs
Symbol lookup is O(L) where L is the number of libraries to search (e.g.
in the global and local lookup groups). Factor out the per-DSO work into
soinfo_do_lookup_impl, and optimize for the situation where all the DSOs
are using DT_GNU_HASH (rather than SysV hashes).

To load a set of libraries, the loader first constructs an auxiliary list
of libraries (SymbolLookupList, containing SymbolLookupLib objects). The
SymbolLookupList is reused for each DSO in a load group. (-Bsymbolic is
accommodated by modifying the SymbolLookupLib at the front of the list.)
To search for a symbol, soinfo_do_lookup_impl has a small loop that first
scans a vector of GNU bloom filters looking for a possible match.

There was a slight improvement from templatizing soinfo_do_lookup_impl
and skipping the does-this-DSO-lack-GNU-hash check.

Rewrite the relocation processing loop to be faster. There are specialized
functions that handle the expected relocation types in normal relocation
sections and in PLT relocation sections.

This CL can reduce the initial link time of large programs by around
40-50% (e.g. audioserver, cameraserver, etc). On the linker relocation
benchmark (64-bit walleye), it reduces the time from 131.6ms to 71.9ms.

Bug: http://b/143577578 (incidentally fixed by this CL)
Test: bionic-unit-tests
Change-Id: If40a42fb6ff566570f7280b71d58f7fa290b9343
2020-01-13 13:29:25 -08:00
Robert Sesek
866387dc32 Revert "Move pipe, open, and getdents from the APP to COMMON seccomp whitelist."
This reverts commit 74cdb253ba.

Chromium (and thus WebView) no longer uses Breakpad for crash reporting,
so the old compat syscalls that were whitelisted for Breakpad can be
moved back to the APP list.

Test: `am start com.android.settings/.SettingsLicenseActivity`
Test: Get the pid of the sandboxed_process0 for the license viewer.
Test: Send the process SIGABRT and check logcat for Crashpad log
      messages.

Bug: 115557900
Change-Id: I877ebe6bfabec544e58723b2e9a2f84c9cbf0a57
2020-01-13 14:20:59 -05:00
Peter Collingbourne
6a363f7f41 Let libmemunreachable use bionic_libc_platform_headers.
Bug: 135772972
Change-Id: I2702abce849a46292dc467f9083f3b6816bfc5e6
2020-01-13 10:40:08 -08:00
Peter Collingbourne
f2b1e03606 Export the unwinder implementation from libc.
This supports the soong commit which causes most platform binaries to stop
statically linking against the unwinder implementation. The soong commit
message has more motivation for this change.

ARM32 uses LLVM libunwind, while all other platforms use libgcc as the
unwinder implementation. This matches the current choices of unwinders on
the various architectures, but means that apps which were directly linking
against the libc.so unwinder symbols on ARM32 are now using LLVM libunwind
instead of libgcc.

Set libc_headers sdk_version to 1 so that libunwind_llvm can depend on it,
and stop statically linking libunwind into libc_malloc_debug.

Bug: 144430859
Change-Id: I52c7f7893d93f500383aeb0b76086c3b6f1935a5
2020-01-10 19:07:59 -08:00
Ryan Prichard
a04764bd28 Merge changes I578d36a1,Id17508ab,I385f312b
* changes:
  Create linker_log[_va_list] functions
  Validate defined versions in prelink_image
  Prelink each library only once
2020-01-10 22:21:15 +00:00
Tom Cherry
9c5c87ed05 Merge "Add liblog as a dependency where libbase is used." 2020-01-10 16:59:02 +00:00
Peter Collingbourne
6dfde988e3 Merge "Add an android_mallopt for controlling the heap tagging level." 2020-01-10 15:22:24 +00:00
Elliott Hughes
f39b0856fe Consistent <termios.h> behavior on all API levels.
Bug: https://issuetracker.google.com/146886722 (where the difference was noticed)
Bug: http://b/69816452 (most recent fixes)
Test: treehugger
Change-Id: I487399c44f63ba276ccde74bf0c4a01e4cd4f4bf
2020-01-09 16:42:15 -08:00
Peter Collingbourne
1e110fb717 Add an android_mallopt for controlling the heap tagging level.
This doesn't add any functionality for now, but there are
a couple of changes in flight that will want to add enumerators
to the mallopt, so let's give them a place to add them.

Bug: 135772972
Bug: 135754954
Change-Id: I6e810020f66070e844500c6fa99b703963365659
2020-01-09 16:39:10 -08:00
Tom Cherry
2f95d19a69 Add liblog as a dependency where libbase is used.
(Also fix issues found from bpfmt)

Bug: 119867234
Test: build
Change-Id: I16e93ad7c26dadfb625acbe514abe0c0084f84b6
2020-01-09 10:07:12 -08:00
Treehugger Robot
3779d6da40 Merge "Add /system_ext/bin to shell search path" 2020-01-08 03:43:18 +00:00
Logan Chien
932a83399a Merge changes from topic "update-clang-tools-6114689"
* changes:
  versioner: Add __VERSIONER_FORTIFY_INLINE
  versioner: Only enable annotation while running versioner
2020-01-08 02:32:17 +00:00
Elliott Hughes
d63a8c67fb Merge "Track library name change." 2020-01-08 00:51:20 +00:00
Elliott Hughes
4540db6fae Track library name change.
Test: treehugger
Change-Id: Ief93c2a18144ee2da134a4800e1965b91be7f32c
2020-01-07 13:48:44 -08:00
Elliott Hughes
55f681f0b3 Merge "Explicitly test printf %s with nullptr." 2020-01-07 21:11:20 +00:00
Ryan Prichard
cec75e3303 Merge "Do not add duplicate soinfos to g_default_namespace" 2020-01-07 20:18:14 +00:00
Elliott Hughes
094b33fbf0 Merge "Fix a few incorrect types in SYSCALLS.TXT." 2020-01-07 17:37:15 +00:00
Elliott Hughes
5dc31300ff Explicitly test printf %s with nullptr.
I haven't found a bug, but tests are good.

Bug: https://github.com/landley/toybox/issues/163
Change-Id: I57149800099abc699cc841b69a5a72aeac7c2bcc
2020-01-07 08:48:10 -08:00
Justin Yun
580d17d2ad Add /system_ext/bin to shell search path
/system_ext/bin has executable binaries. They must be in the shell
search path.

Bug: 134909174
Bug: 134359158
Test: check PATH in the adb shell
Change-Id: I997a2347fa85c444f2e335bede0d63b7703ba001
2020-01-07 20:39:52 +09:00