dlclose used to unmap the part of the reserved region
for ANDROID_DLEXT_RESERVED_ADDRESS that was neccessary
to map PT_LOAD segments. With this change dlclose
replaces mapped PT_LOAD segments with a PROT_NONE,
MAP_ANONYMOUS | MAP_NORESERVE.
Previously caller was unmapping the reserved region after
the failed dlclose which led to race condition when someone
else reused the region freed by dlclose but before the unmap
by the chromium code.
Bug: http://code.google.com/p/chromium/issues/detail?id=568880
Change-Id: I0f5eaa2bf6641f83dde469b631c518482acc59a2
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.
Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
Also, we're not a debugger.
Also include LD_LIBRARY_PATH and LD_PRELOAD because they would have helped
diagnose a recent issue.
Change-Id: I7237a7236b7140ab49483c02efa705317d07bd3f
Shared namespaces clone the list of loaded native
libraries from the caller namespace. This allows
classloaders for bundled apps to share already loaded
libraries with default namespace.
Bug: http://b/22548808
Bug: http://b/26165097
Change-Id: I8949d45937fdb38e1f586ff0679003adac0d9dad
(cherry picked from commit e78deef364)
The permitted_when_isolated_path is a way to white-list
directories not present in search-path. It is ignored for
not isolated namespaces.
Bug: http://b/25853516
Bug: http://b/22548808
Change-Id: Ib1538037268eea69323ea49968a34a4a1d1938a5
dlopen on isolated namespaces should be able to open
public libraries using absolute path not only soname.
Bug: http://b/25853820
Change-Id: If574a67853dc51226f0f376e9e2d108316002f84
The anonymous namespace is introduced to
handle cases when linker can not find the
caller. This usually happens when caller
code was not loaded by dynamic linker;
for example mono-generated code.
Bug: http://b/25844435
Bug: http://b/22548808
Change-Id: I9e5b1d23c1c75bc78548d68e79216a6a943a33cf
The linker crashes if native library has invalid section
headers. This change adds boundary checks on target offsets
and generates dlerror instead of crash.
Bug: http://b/25800330
Change-Id: Ibe282029997302b9b557637c3aad064d7d0febc5
x86_64 32-bit or 64-bit relocations do not depend on ELF bit size, they
are 32-bit or 64-bit respectively.
Known compiler that emits such code is nacl-clang which emits
R_X86_64_PC32 which should write 32 bits but ended up writing 64 bits.
Change-Id: Ibb6b484c0fea6a7e291362148e8ac749d6674529
This fixes the bug with using the libraries loaded
prior to android_set_target_sdk_version call.
Bug: http://b/22548808
Change-Id: I3ca2d367b0fa930a437bbb65f780834803d2ef0a
Commit 9185e04f72 changed the ifdef around
old_name_ from __arm__ to __work_around_b_###__, but missed one place in
dlfcn.cpp. So if you do a build w/out that workaround for arm, you end
up with a build failure:
bionic/linker/dlfcn.cpp:275:27: error: no member named 'old_name_' in 'soinfo'
strlcpy(__libdl_info->old_name_, __libdl_info->soname_, sizeof(__libdl_info->old_name_));
~~~~~~~~~~~~ ^
bionic/linker/dlfcn.cpp:275:82: error: no member named 'old_name_' in 'soinfo'
strlcpy(__libdl_info->old_name_, __libdl_info->soname_, sizeof(__libdl_info->old_name_));
~~~~~~~~~~~~ ^
Bug: 24425865
Change-Id: Idbe1cc1c28083afeee6d90203c221f30f661c69c
/proc/self/fd is not available when PR_DUMPABLE is set to 0
which is default for the user builds. It leads to permission
denials on readlink.
This change fixes the problem by setting PR_DUMPABLE flag to 1
for readlink and restoring it's previous value after the call.
Bug: http://b/24912743
Change-Id: I3fd179c5c6b56af96d6a15ee597024ccb15e1a13
(cherry picked from commit cf92738fa5)
Some apps will fail to load native libraries with
text relocations when switching target sdk version to M.
It could be hard to diagnose because some of them
suppress dlerror and/or UnsatisfiedLinkError.
This change unconditionally logs the error message making
the cause of the failure more visible to developers.
Bug: http://b/24876001
Change-Id: I0477a0d1307d0879000f3a3a43b974b4cf34bdb2
(cherry picked from commit f32b689d3d)
x86_64 gcc exports malloc/free and co functions because they
are defined with visibility "default" somewhere in gcc builtins;
and vector d-tors for some reason. Switching to clang fixes
this problem.
Bug: http://b/24785482
Change-Id: I741503b4b446523e7ff3fb16de13ed99991fd0c0
This patch also fixes realpath for libraries opened directly
from apks.
Bug: http://b/21960914
Bug: http://b/21961857
Change-Id: I35ade661c87f1d448191f385811f6e9fd3cacf11
This change makes dynamic linker reuse ZipArchiveHandles in
ld_library_path on dlopen to optimize the lookup of dt_needed
libraries.
Bug: http://b/21960534
Change-Id: I65f897910d46dd2ffabdcb0b7842db2f127eee30
Don't pass the parent load's dlextinfo to dependent loads, since this
causes the linker to try to load the dependencies using the same
addresses/relro/fds/etc as the main library, which is never going to
work. This was how it worked before ae69a95 which broke this.
Bug: http://b/23742664
Bug: http://b/20948231
Bug: http://b/20841817
Change-Id: I340ebae1127666d5c6c6f9c6521b89fb93f15bdd
With this change, we only define the rules to create the symlinks in
this Android.mk but without attaching the symlinks to the module linker.
Instead the core build system will set up the dependency whenever a
module needs these symlinks.
Bug: 22850550
Change-Id: I36c58fd411f1c27f3f638b229699d7dc1d66abb2
This corrects an issue with mips32 Art on mips64r6 Android, where
Java ran slowly due to unintended use of kernel-trap emulation of
single-precision floating point registers. This also regressed all
Art tests due to an extra logcat line
WARNING: linker: Using FRE=1 mode to run "..."
When targeting mips32r6, Art generates modeless or FR=1 floating point
code, same as Android's own native mips32r6 modules. So the trapping was
unneeded. Linker was confusing Art-generated modules with those from
old NDK compilers, which do need that trapping mode.
This linker filename check may become unnecessary, if Art learns how to
generate .MIPS.abiflags segments in its generated elf-like codefiles.
Change-Id: I18069d1234960c680c5df739514da09015a7fdb6
SIGPIPE is a pretty normal way for command-line apps to die, but because
we catch it and report it via debuggerd, we get a lot of bogus bugs. We
could catch SIGPIPE in our tools, but that's not really legit and slightly
misleading.
"But", you say, "catching SIGPIPE is useful for app bugs!". Except a trawl
through buganizer suggests it's misleading there too. Not least because
it's usually an innocent victim that dies --- the problem is usually on the
other end of the pipe (which you learn nothing about because that process
already died, which is what closed the pipe).
We also don't catch SIGALRM, which is another signal that will terminate
your process if you don't catch it, but that one actually represents a
logic error in the crashing process, so there's a stronger argument for
catching that. (Except it too is not a real source of bugs.)
Bug: http://b/20659371
Change-Id: I79820b36573ddaa9a7bad0561a52f23e7a8d15ac
I'm removing the TODO on the assumption that being compatible with glibc
is more useful than BSD. The new internal "bionic_page.h" header factors
out some duplication between libc and the linker.
Bug: http://b/22735893
Change-Id: I4aec4dcba5886fb6f6b9290a8f85660643261321
IFUNC relocations require executable flag for the load
segment containing .text. When dso has text relocs linker
removes exec which causes crash during ifunc relocations.
This patch fixes this problem by restoring segments protection
for ifunc relocs.
Bug: http://b/22611399
Change-Id: Icbf3be0fec0e42bf805bcad7533e2032a2e11b9c
(cherry picked from commit de0fb393ae)
Sorry, I undertested my previous change and these guys somehow sneaked in.
This only affects SANITIZE_TARGET builds.
Change-Id: Id6986d89fa3d4965339f7b6fe973e9db73b380da
Setup a /system/bin/linker_asan as a symlink to "linker".
Read the linker name from PT_INTERP, and if it is linker_asan,
switch default library lookup paths to the ASan set, which
starts with the path to the instrumented libraries
(/data/lib), followed by /system/lib as a fallback.
This ensures that ASan binaries prefer ASan libraries, when
available. This approach is way better then RPATH/RUNPATH and even
better than LD_LIBRARY_PATH:
- RUNPATH is per-DSO, while default paths are global.
- LD_LIBRARY_PATH is overwritten by android_update_LD_LIBRARY_PATH.
- neither RUNPATH nor LD_LIBRARY_PATH appear in
android_get_LD_LIBRARY_PATH which is used to build java.lang.path.
Having ASan libraries in java.lang.path is a good thing.
Bug: 22355945
Change-Id: I1d2791fbf5740618f18f71a3ae3d873714669d3f
When dlopen-ing a library, add the caller's DT_RUNPATH to the directory search
list. This fixes dlfcn.dt_runpath in bionic-unit-tests-glibc(32|64).
Bug: 21899363
Change-Id: Ife6a7e192939292cf4dc291b7e6b95945761cde3
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
There is possibility of someone dlclosing a library
while dl_iterate_phdr in progress which can lead to
dl_iterate_phdr calling callback with invalid address
if it was unmapped by dlclose.
Bug: http://b/22047255
Change-Id: I3fc0d9fd2c51fb36fd34cb035f37271fa893a7be
(cherry picked from commit f7d5bf334d)
Enables running of older MIPS NDK-built apps on mips64r6.
Works with kernel supporting FRE emulation, and old kernels.
Change-Id: If5e392ed89e9910cd1ccd30e0fd5c4a5acea2c7d
Remove support of text-relocations for apps targeting sdk version > 22
Bug: http://b/20013628
Change-Id: I2127739544480c747315e32df15dfbd1b79de4f5
(cherry picked from commit 3e6f780754)
Enables running of older MIPS NDK-built apps on mips64r6.
Works with kernel supporting FRE emulation, and old kernels.
Change-Id: I13923fe62cd83ad1d337f13a50f2eda2dfdd906f
Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...)
if the library is opened by application with target api level <= 22
Bug: http://b/21565766
Bug: http://b/17512583
Change-Id: Ic45ed1e4f53e84cba9d74cab6b0049c0c7aa8423
(cherry picked from commit 04f7e3e955)
Applies only for apps targeting sdk version <= 22
Bug: http://b/21565766
Change-Id: If0bf2229dc1341e9ca09f9a05d0890515273d5a2
(cherry picked from commit 38c37d6705)
GDB does not yet have support for compact branches, and is not able
to set a breakpoint on rtld_db_dlactivity(), which is compiled into
one JIC instruction. Unfortunately, We cannot turn off generation of
JIC compact branch. Instead, add unoptimized FP handling code, so GDB
will have something to land on.
Change-Id: Iddcf40ec018972398179018d049b8323fcd258b7
Linker used to skip RTLD_NEXT within local_group when
caller->next is nullptr (which represents load order
but not the order within local_group dependency tree)
Bug: http://b/21380474
Change-Id: I178fc4657b19bceb871635b177c1df67855b1708
According to the comments in Posix_close(), TEMP_FAILURE_RETRY() should
not be used with close():
462bdac45c%5E%21/#F12
Kill ScopedFd by simplifying the single caller.
Change-Id: I248c40b8c2fc95f1938a6edfc245c81847fc44af
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Answers the question: what if dependent library
was preloaded with RTLD_LOCAL flag.
Also add test for RTLD_NEXT within local_group.
Bug: http://b/17512583
Change-Id: I79e081e68b3a8c0ed8980d4275a06515fea94ec9
There's no reason to have multiple years in our own copyright headers,
and given the stupidity of our NOTICE file generation, it just creates
more junk.
Change-Id: I065a3811c2e2584e3b649a18ad9460286bc72b92
We did not set DF_1_GLOBAL flag for LD_PRELOADed
libraries which led to the situation when ld_preloads
where ignored during on dlopen()
Change-Id: I696b3b2506a8ed4c0984ad2c803210a7a4f8e686
This change adds realpath to soinfo and
extends limit on filenames from 128 to PATH_MAX.
It also removes soinfo::name field, linker uses
dt_soname instead.
Bug: http://b/19818481
Bug: https://code.google.com/p/android/issues/detail?id=80336
Change-Id: I9cff4cb5bda3ee2bc74e1bbded9594ea7fbe2a08
This flag allows to force loading of the library
in the case when for some reason multiple ELF files
share the same filename (because the already-loaded
library has been removed and overwritten, for example).
Change-Id: I798d44409ee13d63eaa75d685e99c4d028d2b0c1
When the Android dynamic linker handles a text relocation,
it first relaxes the permissions on the segment being modified,
performs the modifications, and then restores the page permissions.
The relaxation worked by adding PROT_WRITE to whatever protection
bits were set in the section. In effect, the pages were getting set
to PROT_READ|PROT_WRITE|PROT_EXEC, modified, then restored to
PROT_READ|PROT_EXEC
The SELinux kernel code differentiates between 4 different kinds
of executable memory:
* Executable stack (execstack)
* Executable heap (execheap)
* File-based executable code which has been modified (execmod)
* All other executable memory (execmem)
The execmod capability is only triggered by the kernel when a
dirty but non-executable mmap()ed page becomes executable. When that
occurs, an SELinux policy check is done to see if the execmod capability
is provided by policy.
However, if the page is already executable, and PROT_WRITE is added
to the page, it's considered an execmem permission check, not an execmod
permission check.
There are certain circumstances where we may want to distinguish between
execmod and execmem. This change adjusts the dynamic linker to avoid
using RWX pages, so that an RX -> RW -> RX transition will properly
be detected as an execmod permission check instead of an execmem permission
check.
Bug: 20013628
Change-Id: I14d7be29170b156942f9809023f3b2fc1f37846c
Add code to support loading shared libraries directly from within
APK files.
Extends the linker's handling of LD_LIBRARY_PATH, DT_RUNPATH, etc
to allow elements to be either directories as normal, or ZIP
format files. For ZIP, the ZIP subdirectory string is separated
from the path to file by '!'.
For example, if DT_NEEDED is libchrome.so and Chrome.apk is the
Android ARM APK then the path element
/system/app/Chrome.apk!lib/armeabi-v7a
would cause the linker to load lib/armeabi-v7a/libchrome.so
directly from inside Chrome.apk. For loading to succeed,
libchrome.so must be 'stored' and not compressed in Chrome.apk,
and must be page aligned within the file.
Motivation:
Chromium tracking issue:
https://code.google.com/p/chromium/issues/detail?id=390618
Bug: 8076853
Change-Id: Ic49046600b1417eae3ee8f37ee98c8ac1ecc19e7
Add basic general purpose memory allocator to
linker in order to enable usage of other libraries
like libziparchive.
Change-Id: I4a680ebb36ed5ba67c61249f81dba9f567808434
Kindle app relies on soinfo's sysv hash
fields while linking native libraries.
This change allows to keep sysv hash fields
intact for the libraries linked with --hash-style=both.
Bug: 19059885
Change-Id: I12528652955638f1a6586bda99e111bb1c8aa7a3
