Add the capability to read /etc/passwd and /etc/group for getpw* and
getgr* functions.
Bug: 27999086
Test: pwd, grp, grp_pwd_file unit tests
Test: Read in custom users/groups from /etc/{passwd,group}
Change-Id: Idc1f054af8a7ca34743a90493495f0ccc775a0d8
This doesn't address `struct sigaction` and `sigaction`. That will
come later.
Bug: http://b/72493232
Test: ran tests
Change-Id: I4134346757ce3a4dac6feae413361cec16223386
The main motivation here is that the sigprocmask in pthread_exit wasn't
actually blocking the real-time signals, and debuggerd (amongst other
things) is using them. I wasn't able to write a test that actually won
that race but I did write an equivalent one for posix_spawn.
This also fixes all the uses of sigset_t where the sigset_t isn't
exposed to the outside (which we can't easily fix because it would be
an ABI change).
Bug: https://issuetracker.google.com/72291624
Test: ran tests
Change-Id: Ib6eebebc5a7b0150079f1cb79593247917dcf750
Bug: http://b/29177606
Test: run bionic-unit-tests on walleye.
Test: run bionic-unit-tests-glibc on host.
Change-Id: Iac349284aa73515f384e7509445f87434757f59e
There were a bunch more unreasonable/incorrect ones, but these ones
seemed legit. Nothing very interesting, though.
Bug: N/A
Test: ran tests, benchmarks
Change-Id: If66971194d4a7b4bf6d0251bedb88e8cdc88a76f
This is also slightly faster for the no VDSO case (56ns vs 66ns).
Bug: N/A
Test: ran tests, benchmarks
Change-Id: I2b0edd06ee6942eb57c32678279278a53ca5ee9b
Currently, getpwnam, getpwent, etc return successfully for any uid
from AID_APP_START (10000) to AID_USER_OFFSET (100000) for each user.
This is not correct however, as only specific ranges above
AID_APP_START are reserved as valid ranges. This change corrects this.
This is particularly important as the newly added AID_OVERFLOWUID is
65534, which is above AID_APP_START but not in any reserved range,
collided with the faulty returned values.
Bug: 69119022
Bug: 69128408
Test: pwd/grp bionic unit tests
Change-Id: I3dae97a90597915fa30a88fe27cda88b107e9c35
To make it easier for Native Bridge implementations
to override these symbols.
Bug: http://b/67993967
Test: make
Change-Id: I4c53e53af494bca365dd2b3305ab0ccc2b23ba44
Move all the new checks over to the existing __fortify_fatal.
Bug: http://b/67455242
Test: ran tests
Change-Id: Idb899c58c32d52d3b423caf1a91feb7defcba9b3
I'm skeptical about the usefulness of this, but it's in POSIX, it's
in glibc (but not iOS), and it is used in some internal source (test
runners and container code).
Bug: N/A
Test: ran tests
Change-Id: I92c5398f2a679b21a33fba92bc8e67e3ae2eb76f
We store a pointer to the long ro. property within the shared property
area, as we know that this pointer will never change locations or be
invalidated and it saves us from needing to allocate arbitrarily sized
storage for the property.
Bug: 23102347
Bug: 34954705
Test: bionic-unit-tests
Change-Id: I9f9147a2f951f20f51e4664c6faf9ff7f6a9502a
This fixes mips and mips64 build failures.
Test: successful aosp_mips-eng and aosp_mips64-eng builds
Change-Id: I6648b9cae876cda13369cf10edf61ce9fdca342c
<machine/asm.h> was internal use only.
<machine/fenv.h> is quite large, but can live in <bits/...>.
<machine/regdef.h> is trivially replaced by saying $x instead of x in
our assembler.
<machine/setjmp.h> is trivially inlined into <setjmp.h>.
<sgidefs.h> is unused.
Bug: N/A
Test: builds
Change-Id: Id05dbab43a2f9537486efb8f27a5ef167b055815
While this was never an inline, this function alone has caused most of
the bug reports related to _FILE_OFFSET_BITS=64. Providing an inline
for it should allow a lot more code to build with _FILE_OFFSET_BITS=64
when targeting pre-L.
Test: make checkbuild
Test: built trivial cc_binary for LP32 against API 14 with
_FILE_OFFSET_BITS=64 set
Bug: lots
Change-Id: I8479d34af4da358c11423bee43d45b59e9d4143e
On aarch64/x86/x86_64 add a macro that inserts a cfi directive that will
stop unwinding.
For arm, clang doesn't allow emitting .cantunwind, so add a comment and
leave it the same as it current is.
Add this macro to __libc_init and __start_thread.
Also, remove duplicate compilation of libc_init_static.cpp that already
includes the static library that includes that file.
Bug: 15469122
Test: Did unwinds using new unwinder tool (unwind) and debuggerd -b
Test: and verified new unwinder works on aarch64/x86/x86_64.
Test: Verified that it works on old unwinder for aarch64/x86, but
Test: x86_64 doesn't work properly, but as well as before.
Change-Id: I77302e8f6c7ba1549d98a4a164106ee82c9ecadc
pthread's and semaphore's default behavior is to use CLOCK_REALTIME,
however this behavior is essentially never intended, as that clock is
prone to change discontinuously.
What users really intend is to use CLOCK_MONOTONIC, however only
pthread_cond_timedwait() provides this as an option and even there, a
large amount of existing code does not opt into CLOCK_MONOTONIC.
We have seen numerous bugs directly attributable to this difference.
Therefore, we provide this general workaround to always use
CLOCK_MONOTONIC for waiting, regardless of what the input timespec
is.
Specifically this impacts the below APIs:
pthread_mutex_timedlock()
pthread_cond_timedwait()
pthread_rwlock_timedrdlock()
pthread_rwlock_timedwrlock()
sem_timedwait()
Test: boot bullhead, boot sailfish
Test: bionic pthread/semaphore unit tests
Test: check that pthread_cond_timedwait() timeouts are uneffected by
CLOCK_REALTIME time changes
Bug: 64694413
Bug: 64623895
Bug: 35756266
Bug: 35678943
Change-Id: Ibba98f5d88be1c306d14e9b9366302ecbef6d534
This reverts commit ea3df0c52b, and
increases the address limit on non-aarch64 64-bit platforms as well.
RLIMIT_AS problem fixed in a different commit.
Bug: 63141434, 64293803
Test: device boots
Change-Id: I1284c4196cc1f0c9d97c3ced97a19de328050d21
...by inlining them.
Also fix a couple of harmless bugs in passing. I've added tests, but in
both cases I don't think it was actually possible to hit the bad behavior:
we'd hit another test and fail immediately after in an externally
indistinguishable way.
Bug: N/A
Test: readelf
Change-Id: I8466050b0bfe2b7b94c76b383cf10c1d9d28debd
This reverts commit ae735163e5.
QA claims this causes:
AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'void android.media.MediaPlayer.setSurface(android.view.Surface)' on a null object reference
AndroidRuntime: at com.android.setupwizardlib....
Bug: http://b/63141434
Change-Id: I05a6849471623d4cde8b254b1020b0ccbd84b699
Starting from Linux 4.7, arm64's defconfig enables 48-bit VAs, see:
https://git.kernel.org/torvalds/c/211102d8
On arm64, the CFI shadow configuration currently assumes that VAs
are 39-bit long, and as expected this results in a segfault on a
(defconfig) 4.7+ kernel, when linking a CFI-enabled library.
Consequently, this change increases the max target address to
account for the new max VA size.
Change-Id: I3fb808563fa77a457c65e9663da0613117332072
File libc/SYSCALLS.TXT is updated to generate bionic's system call wrappers
for clock_gettime() & gettimeofday() that will be called if kernel vdso
implementations fail to execute.
The system call wrappers are generated using a python script gensyscalls.py.
Since all architectures support vdso now, there is no more need for conditional
statements regarding supported architectures in libc/bionic/vdso.cpp &
libc/private/bionic_vdso.h files.
Test: builds
Change-Id: I7213f29c179a7929851499d78a72900638ae861a
Signed-off-by: Goran Ferenc <goran.ferenc@imgtec.com>
Add the mallopt function, and only a single option so far.
Bug: 36401135
Test: Built and booted bullhead.
Test: Ran jemalloc unit tests.
Test: Ran bionic unit tests.
Test: Ran a test that allocated and free'd a large piece of memory,
Test: and verified that after changing the parameter, the PSS
Test: sticks around (decay timer set to 1), the PSS is purged (decay
Test: timer set to 0).
Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
This is the last bionic caller that was manually trying to cache
property values.
Bug: N/A
Test: builds and boots
Change-Id: Id66c0a05d8448f08c39dbf7189241e75615d44b4
Also document that the caller should provide locking at an
appropriate scope.
Bug: N/A
Test: ran tests
Change-Id: Ib84802fd8b9dbe69f98feab80edef05549a3f73e
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
(cherrypick of 7933bec2872aa1c3430149c7649726333c0ac9d8.)
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
libc_logging is getting statically linked into the crash handler
library, resulting in two copies of the abort message code existing in
processes, one in the linker, and one in the crash handler.
Move android_set_abort_message to its own file to solve this.
Bug: http://b/36862204
Test: /data/nativetest/debuggerd_test/debuggerd_test32
Change-Id: Ie198c5a3bb07645aa43296915c9a6752693f14a9
__system_property_set sometimes produces broken_pipe error
when trying to write a property.
This change improves error messages and uses writev() instead
of sequence of send() calls.
Bug: http://b/35381074
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I7a5b169c015db4e6b720370e58662de8206d1086
Thread local buffers were using pthread_setspecific for storage with
lazy initialization. pthread_setspecific shares TLS slots between the
linker and libc.so, so thread local buffers being initialized in a
different order between libc.so and the linker meant that bad things
would happen (manifesting as snprintf not working because the
locale was mangled)
Bug: http://b/20464031
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
everything passes
Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests
thread_local tests are failing both before and after (KUSER_HELPERS?)
Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
no additional failures
Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
Some of the function pointer types were wrong, and x86 cares if you
say `int` when you meant `int8_t` (because it feels at liberty to
leave the top bits dirty and ignore them, both sides need to agree
which they're dealing with).
Also slightly improve the wcstoimax and wcstoumax tests, since my
investigation started there.
Bug: http://b/33451822
Test: tests pass on x86, arm, and arm64
Change-Id: I553193962f0cb993666f9f8e415990bba5b669e1
Let the caller know when libc has an entropy source and arc4random is safe.
This is useful for the callers that want entropy, but don't absolutely need it.
Bug: http://b/27729263
Test: booted angler-userdebug w/ safestack
Change-Id: Iab3050bd19f23518e1676629573eebc656ba1090
Pretty useless, because the POSIX APIs are useless for actually
internationalization, but it lets us put this to bed for good.
Bug: http://b/18492914
Test: bionic tests
Change-Id: I4dd0aff66c44b5547039be3ffea806c865b9014a
When arc4random can get entropy (which is true for basically everyone
but init on kernels that don't support getrandom), use it instead of
AT_RANDOM.
Bug: http://b/29622562
Change-Id: I6932803af2c477e65562ff531bd959f199fad1df
This change implements the following property:
Any 2**N aligned memory region on size 2**N contains no more than one DSO.
The value N can be configured, with 16 or 18 looking like a good choice.
Additionally, DSOs are loaded at random page-aligned address inside these large
regions.
This change has dual purpose:
1. Larger values of N allow a lot more compact CFI shadow implementation.
See change I14dfea630de468eb5620e7f55f92b1397ba06217.
For example, CFI shadow for the system_server process has the following size (RSS, KB):
152 for N = 12, 32 for N = 16, 16 for N = 18.
2. Extra randomization is good for security.
This change does not result in extra RAM usage, because everything is still page-aligned.
It does result in a bit more VM fragmentation because of the gaps between shared libraries.
As it turns out, this fragmentation is barely noticeable because the kernel creates new mapping
at the highest possible address, and we do enough small mappings to almost completely fill the
gaps (ex. in the Zygote the gaps are filled with .ttf file mappings and thread stacks).
I've measured VM fragmentation as the sum of all VM gaps (unmapped regions) that are larger
than 1MB according to /proc/$PID/maps. On aosp_angler-userdebug, the numbers are (in GB):
| N = 12 | N = 18
system_server | 521.9 | 521.1
zygote64 | 522.1 | 521.3
zygote32 | 2.55 | 2.55
mediaserver | 4.00 | 4.00
Change-Id: Ia6df840dd409c82837efd1f263be420d9723c84a
Before, dynamic executables would initialize the global stack protector
twice, once for the linker, and once for the executable. This worked
because the result was the same for both initializations, because it
used getauxval(AT_RANDOM), which won't be the case once arc4random gets
used for it.
Bug: http://b/29622562
Change-Id: I7718b1ba8ee8fac7127ab2360cb1088e510fef5c
Test: ran the stack protector tests on angler (32/64bit, static/dynamic)
And clang won't let you have a function declaration where some arguments
have nullability specifiers and others don't.
Change-Id: I450b0221a3f7f068d5fe971dfbc0ba91d25710e8
Previously, arc4random would register a fork-detecting pthread_atfork
handler to not have to call getpid() after a fork. pthread_atfork uses
pthread_mutex_lock, which requires the current thread to be initialized,
preventing the use of arc4random for initializing the global stack guard,
which needs to happen before the main thread has been initialized.
Extract the arc4random fork-detection flag and use the existing
arc4random fork handler to set it.
Bug: http://b/29622562
Change-Id: I98c9329fa0e489c3f78cad52747eaaf2f5226b80
This function only exists for backwards compatibility, so leave it as it was.
Bug: http://b/26944282
Change-Id: I31973d1402660933103ee2d815649ab9569e4dfc
This patch uses __kernel_vsyscall instead of "int 0x80"
as the syscall entry point. AT_SYSINFO points to
an adapter to mask the arch specific difference and gives a
performance boost on i386 architecture.
Change-ID: Ib340c604d02c6c25714a95793737e3cfdc3fc5d7
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.
Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.
Also remove the obsolete FORTIFY event logging.
Also remove the unused __libc_fatal_no_abort.
This change doesn't improve the diagnostics from the optimized assembler
implementations.
Change-Id: I176a90701395404d50975b547a00bd2c654e1252
Add backtrace_string to convert a malloc_debug backtrace to a string.
Also move the backtrace functions to libc_malloc_debug_backtrace so that
libmemunreachable can reuse them.
Change-Id: I5ad67001c0b4d184903c762863a8588181d4873b
The major components of the rewrite:
- Completely remove the qemu shared library code. Nobody was using it
and it appears to have broken at some point.
- Adds the ability to enable/disable different options independently.
- Adds a new option that can enable the backtrace on alloc/free when
a process gets a specific signal.
- Adds a new way to enable malloc debug. If a special property is
set, and the process has an environment variable set, then debug
malloc will be enabled. This allows something that might be
a derivative of app_process to be started with an environment variable
being enabled.
- get_malloc_leak_info() used to return one element for each pointer that
had the exact same backtrace. The new version returns information for
every one of the pointers with same backtrace. It turns out ddms already
automatically coalesces these, so the old method simply hid the fact
that there where multiple pointers with the same amount of backtrace.
- Moved all of the malloc debug specific code into the library.
Nothing related to the malloc debug data structures remains in libc.
- Removed the calls to the debug malloc cleanup routine. Instead, I
added an atexit call with the debug malloc cleanup routine. This gets
around most problems related to the timing of doing the cleanup.
The new properties and environment variables:
libc.debug.malloc.options
Set by option name (such as "backtrace"). Setting this to a bad value
will cause a usage statement to be printed to the log.
libc.debug.malloc.program
Same as before. If this is set, then only the program named will
be launched with malloc debug enabled. This is not a complete match,
but if any part of the property is in the program name, malloc debug is
enabled.
libc.debug.malloc.env_enabled
If set, then malloc debug is only enabled if the running process has the
environment variable LIBC_DEBUG_MALLOC_ENABLE set.
Bug: 19145921
Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.
Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
Correct the comment, and remove the unused functionality. getauxval(3) does
now set errno to let you know it failed to find anything, but since none of
this function's callers care anyway it seems safer to leave errno untouched
until we actually have a demonstrated need for it.
Bug: https://code.google.com/p/android/issues/detail?id=198111
Change-Id: I232a42dc5a02c8faab94c7d69bef610408276c23
The BIONIC_ROUND_UP_POWER_OF_2 macro did not have parentheses around
the whole expression. This lead to the wrong value being computed when
used as part of a mathematical expression such as this:
value = BIONIC_ROUND_UP_POWER_OF_2(value) - 1;
This only happens on 64 bit abis.
Change-Id: I6f8afbdaf16fe64a88fa0246d074b3534c9159c1
It actually means "crash immediately". Well, it's an error. And callers are
much more likely to realize their mistake if we crash immediately rather
than return EINVAL. Historically, glibc has crashed and bionic -- before
the recent changes -- returned EINVAL, so this is a behavior change.
Change-Id: I0c2373a6703b20b8a97aacc1e66368a5885e8c51
In order to run tsan unit tests, we need to support pthread spin APIs.
Bug: 18623621
Bug: 25392375
Change-Id: Icbb4a74e72e467824b3715982a01600031868e29
It removes calling to pthread_mutex_lock() at the beginning of new
thread, which helps to support thread sanitizer.
Change-Id: Ia3601c476de7976a9177b792bd74bb200cee0e13
For the __release and __release_rt functions, the previous macros
would add a dwarf cfi entry for the function with no values. This works
with libunwind since it always tries the arm unwind information first.
This change removes those entries by creating a no dwarf version of the
assembler macro.
Change-Id: Ib93e42fff5a79b8d770eab0071fdee7d2afa988d
Read /proc/stat to count online cpus is not correct for all android
kernels. Change to reading /sys/devices/system/cpu/online instead.
Bug: 24376925
Change-Id: I3785a6c7aa15a467022a9a261b457194d688fb38
I'm removing the TODO on the assumption that being compatible with glibc
is more useful than BSD. The new internal "bionic_page.h" header factors
out some duplication between libc and the linker.
Bug: http://b/22735893
Change-Id: I4aec4dcba5886fb6f6b9290a8f85660643261321
According to the comments in Posix_close(), TEMP_FAILURE_RETRY() should
not be used with close():
462bdac45c%5E%21/#F12
Kill ScopedFd by simplifying the single caller.
Change-Id: I248c40b8c2fc95f1938a6edfc245c81847fc44af
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Previous implementation of rwlock contains four atomic variables, which
is hard to maintain and change. So I make following changes in this CL:
1. Add pending flags in rwlock.state, so we don't need to synchronize
between different atomic variables. Using compare_and_swap operations
on rwlock.state is enough for all state change.
2. Add pending_lock to protect readers/writers waiting and wake up
operations. As waiting/wakeup is not performance critical, using a
lock is easier to maintain.
3. Add writer preference option.
4. Add unit tests for rwlock.
Bug: 19109156
Change-Id: Idcaa58d695ea401d64445610b465ac5cff23ec7c
Found by the toybox id(1) which calls both getpwuid(3) and getgrgid(3) before
looking at either result. The use of a shared buffer in this code meant that
even on a single thread, the data for any of the passwd functions would be
clobbered by the data for any of the group functions (or vice versa).
This might seem like an insufficient fix, but POSIX explicitly says (for
getpwnam) that the result "might be overwritten by a subsequent call to
getpwent(), getpwnam(), or getpwuid()" and likewise for other members of
that group, plus equivalent text for the group-related functions.
Change-Id: I2272f47e91f72e043fdaf7c169fa9f6978ff4370
POSIX specifies that pthread_kill(3) and pthread_sigmask(3) are
supposed to live in signal.h rather than pthread.h.
Since signal.h now needs pthread_t and pthread_attr_t, I've moved
those defintions into include/machine/pthread_types.h to keep the
namespace clean. I also sorted some includes. The combination of these
two things seems to have exploded into a cascade of missing includes,
so this patch also cleans up all those.
Change-Id: Icfa92a39432fe83f542a797e5a113289d7e4ad0c
Make the definition of DISALLOW_COPY_AND_ASSIGN conditional. This is
so that the projects that include libnativehelper and bionic macros
do not have to be careful in which order those projects are included.
Bug: 18334516
Change-Id: Ib12a2c2b7ad2e360edcf3b26cb1be626540fadc1
Enable the -std=gnu++11 flag for libstdc++ static and
dynamic libs.
ScopeGuard uses DISABLE_ macros instead of '= delete';
Change-Id: I07e21b306f95fffd49345f7fa136cfdac61e0225
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: If1ba5c807322409faa914e27ecb675e2c4541f0d
Attempt: 2
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: I4cf84c70dbaabe99310230dfda12385ae5401859
On most architectures the kernel subtracts a random offset to the stack
pointer in create_elf_tables by calling arch_align_stack before writing
the auxval table and so on. On all but x86 this doesn't cause a problem
because the random offset is less than a page, but on x86 it's up to two
pages. This means that our old technique of rounding the stack pointer
doesn't work. (Our old implementation of that technique was wrong too.)
It's also incorrect to assume that the main thread's stack base and size
are constant. Likewise to assume that the main thread has a guard page.
The main thread is not like other threads.
This patch switches to reading /proc/self/maps (and checking RLIMIT_STACK)
whenever we're asked.
Bug: 17111575
Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Change-Id: I1d4dbffe7bc7bda1d353c3a295dbf68d29f63158
Removes the leading underscores from __android_set_abort_message() and
moves its declaration into a public header file.
Bug: 17059126
Change-Id: I470c79db47ec783ea7a54b800f8b78ecbe7479ab
bionic_systrace.h contains an implementation of tracing that
can be used with systrace.py and its associated viewer. pthread_mutex
now uses this tracing to track pthread_mutex contention, which can be
enabled by using the "bionic" command line option to systrace.
Bug: 15116468
Change-Id: I30ed5b377c91ca4c36568a0e647ddf95d4e4a61a
The getentropy_linux.c is lightly modified to build on Android, but we're now
completely in sync with upstream OpenBSD's arc4random implementation.
Change-Id: If32229fc28aba908035fb38703190d41ddcabc95
Also remove __bionic_name_mem which has exactly one caller, and is only
ever expected to be used in this one place.
Change-Id: I833744f91e887639f5b2d1269f966ee9032af207
There were two bugs here:
- For 64 bit values, this did not properly round up.
- The macro rounded to the power of 2 less than value, not to the power
of 2 greater than value.
Change-Id: If8cb41536a9d2f5c1bc213676f1e67a7903a36b0
It's okay for a program to choose to drag in stdio, but it's unfortunate
if even the minimal "int main() { return 42; }" drags in stdio...
This brings the minimal static binary on ARM down from 78KiB to 46KiB.
Given that we don't have a separate -lpthread it's not obvious to me that
we can shave this down any further. I'm not sure whether this is a worthwhile
change for that reason. (And the fact that dynamic binaries, the usual case,
are unaffected either way.)
Change-Id: I02f91dcff37d14354314a30b72fed2563f431c88
This is actually revision 1.33, which is no longer the latest, but it's
as close to head as we can currently reasonably get. I've also switched
to the OpenBSD getentropy_linux.c implementation of getentropy, lightly
modified to try to report an error on failure.
Bug: 14499627
Change-Id: Ia7c561184b1f366c9bf66f248aa60f0d53535fcb
This allows an easier way to share config parameters between unit tests
and the bionic code.
It also fixes a problem where the 32 bit bionic tests based on glibc, or
the cts list executable did not have the pvalloc,valloc tests.
Change-Id: Ib47942cb8a278252faa7498a6ef23e9578db544f
mbrtoc32 and c32rtomb get their implementations from mbrtowc and wcrtomb. The
wc functions now simply call the c32 functions.
Bug: 14646575
Change-Id: I49d4b95fed0f9d790260c996c4d0f8bfd1686324
The problem with the original patch was that using syscall(3) means that
errno can be set, but pthread_create(3) was abusing the TLS errno slot as
a pthread_mutex_t for the thread startup handshake.
There was also a mistake in the check for syscall failures --- it should
have checked against -1 instead of 0 (not just because that's the default
idiom, but also here because futex(2) can legitimately return values > 0).
This patch stops abusing the TLS errno slot and adds a pthread_mutex_t to
pthread_internal_t instead. (Note that for LP64 sizeof(pthread_mutex_t) >
sizeof(uintptr_t), so we could potentially clobber other TLS slots too.)
I've also rewritten the LP32 compatibility stubs to directly reuse the
code from the .h file.
This reverts commit 75c55ff84e.
Bug: 15195455
Change-Id: I6ffb13e5cf6a35d8f59f692d94192aae9ab4593d
This reverts commit ced906c849.
Causes issues on art / dalvik due to a broken return value
check and other undiagnosed issues.
bug: 15195455
Change-Id: I5d6bbb389ecefb0e33a5237421a9d56d32a9317c
Also hide part of the system properties compatibility code, since
we needed to touch that to keep it building.
I'll remove __futex_syscall4 and futex in a later patch.
Bug: 11156955
Change-Id: Ibbf42414c5bb07fb9f1c4a169922844778e4eeae
To use jemalloc, add MALLOC_IMPL = jemalloc in a board config file
and you get the new version automatically.
Update the pthread_create_key tests since jemalloc uses a few keys.
Add a new test to verify memalign works as expected.
Bug: 981363
Change-Id: I16eb152b291a95bd2499e90492fc6b4bd7053836
If libnetd_client can't be found, operate as before and use the default netId
potentially overriden by a more specific netId passed in to
android_get*fornet().
(cherry picked from commit 559c7842cc)
Change-Id: I42ef3293172651870fb46d2de22464c4f03e8e0b
+ Name the dispatch header correctly (NetdClientDispatch.h).
+ Hide the global dispatch variable (__netdClientDispatch).
+ Explain why it's okay to read the variable without locking.
+ Use quotes instead of angle-brackets for non-system includes.
+ Add necessary declarations for C compiles (and not just C++).
Change-Id: Id0932165e71d81da5fce77a684f40c2263f58e61
The library exists outside bionic. It is dynamically loaded, to replace selected
standard socket syscalls with versions that talk to netd.
Change connect() to use the library if available.
(cherry picked from commit 3a6b627a14df8111b03e452f2df4b5f4938e0e49)
Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
This more general interface lets liblog give us any fatal log message,
regardless of source. This means we can remove the special case for
LOG_ALWAYS_FATAL with a simpler scheme that automatically works for
the VM too.
Change-Id: Ia6dbf7c3dbabf223081bd5159294835d954bb067
pthread_once is nice for decoupling, but it makes resource availability less
predictable, which is a bad thing.
This fixes a test failure if uselocale(3) is called before
pthread.pthread_key_create_lots runs.
Change-Id: Ie2634f986a50e7965582d4bd6e5aaf48cf0d55c8
Add tests for the above.
Add the fortify implementations of __stpcpy_chk and __stpncpy_chk.
Modify the strncpy test to cover more cases and use this template for
stpncpy.
Add all of the fortify test cases.
Bug: 13746695
Change-Id: I8c0f0d4991a878b8e8734fff12c8b73b07fdd344
Also neuter __isthreaded.
We should come back to try to hide struct FILE's internals for LP64.
Bug: 3453512
Bug: 3453550
Change-Id: I7e115329fb4579246a72fea367b9fc8cb6055d18
This is part of the upstream sync (Net/Open/Free BSDs expose the
nameser.h in their public headers).
Change-Id: Ib063d4e50586748cc70201a8296cd90d2e48bbcf
* libc (fatal) logging now makes socket connection to the
user-space logging service.
* Add a TARGET_USES_LOGD make flag for BoardConfig.mk to manage
whether logd is enabled for use or not.
Change-Id: I96ab598c76d6eec86f9d0bc81094c1fb3fb0d9b4
Our <machine/asm.h> files were modified from upstream, to the extent
that no architecture was actually using the upstream ENTRY or END macros,
assuming that architecture even had such a macro upstream. This patch moves
everyone to the same macros, with just a few tweaks remaining in the
<machine/asm.h> files, which no one should now use directly.
I've removed most of the unused cruft from the <machine/asm.h> files, though
there's still rather a lot in the mips/mips64 ones.
Bug: 12229603
Change-Id: I2fff287dc571ac1087abe9070362fb9420d85d6d
Remove the linker's reliance on BSD cruft and use the glibc-style
ElfW macro. (Other code too, but the linker contains the majority
of the code that needs to work for Elf32 and Elf64.)
All platforms need dl_iterate_phdr_static, so it doesn't make sense
to have that part of the per-architecture configuration.
Bug: 12476126
Change-Id: I1d7f918f1303a392794a6cd8b3512ff56bd6e487
Also make the other architectures more similar to one another,
use NULL instead of 0 in calling code, and remove an unused #define.
Change-Id: I52b874afb6a351c802f201a0625e484df6d093bb
This patch changes the domain that the memory barrier operates on. Assumes
that the scope of bionic_atomic_barrier() does not include device memory,
memory shared with the GPU or any other memory external to the processor
cluster.
Change-Id: I291e741c98a64c86f3a3cf99811bbf1e714ac9aa
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
The bionic_atomic_cmpxchg() API states that the cmpxchg() will be done without
explicit memory barriers. LDAXR/STLXR semantics involve half barriers for
load/store.
This patch optimises cmpxchg() by using LDXR/STXR and avoiding unnecessary half
bariers. It also fixes the clobber list for all the bionic_atomic_*() functions.
Change-Id: Iae9468965785cfeeec791d52f1e8cbc524adb682
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This is the first patch out of a series of patches that add support for
AArch64, the new 64bit execution state of the ARMv8 Architecture. The
patches add support for LP64 programming model.
The patch adds:
* "arch-aarch64" to the architecture directories.
* "arch-aarch64/include" - headers used by libc
* "arch-aarch64/bionic":
- crtbegin, crtend support;
- aarch64 specific syscall stubs;
- setjmp, clone, vfork assembly files.
Change-Id: If72b859f81928d03ad05d4ccfcb54c2f5dbf99a5
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch adds support for AArch64 atomic operations. Some
of the stubs use the lightweight store/load exclusive.
Change-Id: Iaf704d048b2dc15bf08cf8e4f0c3ea9f2052fe13
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
It looks like we can probably just use the generic GCC stuff instead;
the generated code looks pretty similar. We should come back to that.
These routines are only used by the pthread implementation, and
__bionic_atomic_inc isn't used, so we can remove it.
Change-Id: I8b5b8cb30a1b159f0e85c3675aee06ddef39b429
I fixed this bug a while back, but didn't remove it from the list,
could have added a better test, and could have written clearer code
that didn't require a comment.
Change-Id: Iebdf0f9a54537a7d5cbca254a5967b1543061f3d
Let the kernel keep pthread_internal_t::tid updated, including
across forks and for the main thread. This then lets us fix
pthread_join to only return after the thread has really exited.
Also fix the thread attributes of the main thread so we don't
unmap the main thread's stack (which is really owned by the
dynamic linker and contains things like environment variables),
which fixes crashes when joining with an exited main thread
and also fixes problems reported publicly with accessing environment
variables after the main thread exits (for which I've added a new
unit test).
In passing I also fixed a bug where if the clone(2) inside
pthread_create(3) fails, we'd unmap the child's stack and TLS (which
contains the mutex) and then try to unlock the mutex. Boom! It wasn't
until after I'd uploaded the fix for this that I came across a new
public bug reporting this exact failure.
Bug: 8206355
Bug: 11693195
Bug: https://code.google.com/p/android/issues/detail?id=57421
Bug: https://code.google.com/p/android/issues/detail?id=62392
Change-Id: I2af9cf6e8ae510a67256ad93cad891794ed0580b
We only need it for MAX_ERRNO, and it's time we had somewhere to put
the little assembler utility macros we've been putting off writing.
Change-Id: I9354d2e0dc47c689296a34b5b229fc9ba75f1a83
<pthread.h> was missing nonnull attributes, noreturn on pthread_exit,
and had incorrect cv qualifiers for several standard functions.
I've also marked the non-standard stuff (where I count glibc rather
than POSIX as "standard") so we can revisit this cruft for LP64 and
try to ensure we're compatible with glibc.
I've also broken out the pthread_cond* functions into a new file.
I've made the remaining pthread files (plus ptrace) part of the bionic code
and fixed all the warnings.
I've added a few more smoke tests for chunks of untested pthread functionality.
We no longer need the libc_static_common_src_files hack for any of the
pthread implementation because we long since stripped out the rest of
the armv5 support, and this hack was just to ensure that __get_tls in libc.a
went via the kernel if necessary.
This patch also finishes the job of breaking up the pthread.c monolith, and
adds a handful of new tests.
Change-Id: Idc0ae7f5d8aa65989598acd4c01a874fe21582c7
The x86_64 build was failing because clone.S had a call to __thread_entry which
was being added to a different intermediate .a on the way to making libc.so,
and the linker couldn't guarantee statically that such a relocation would be
possible.
ld: error: out/target/product/generic_x86_64/obj/STATIC_LIBRARIES/libc_common_intermediates/libc_common.a(clone.o): requires dynamic R_X86_64_PC32 reloc against '__thread_entry' which may overflow at runtime; recompile with -fPIC
This patch addresses that by ensuring that the caller and callee end up in the
same intermediate .a. While I'm here, I've tried to clean up some of the mess
that led to this situation too. In particular, this removes libc/private/ from
the default include path (except for the DNS code), and splits out the DNS
code into its own library (since it's a weird special case of upstream NetBSD
code that's diverged so heavily it's unlikely ever to get back in sync).
There's more cleanup of the DNS situation possible, but this is definitely a
step in the right direction, and it's more than enough to get x86_64 building
cleanly.
Change-Id: I00425a7245b7a2573df16cc38798187d0729e7c4
If __get_tls has the right type, a lot of confusing casting can disappear.
It was probably a mistake that __get_tls was exposed as a function for mips
and x86 (but not arm), so let's (a) ensure that the __get_tls function
always matches the macro, (b) that we have the function for arm too, and
(c) that we don't have the function for any 64-bit architecture.
Change-Id: Ie9cb989b66e2006524ad7733eb6e1a65055463be
Although 'register' is deprecated, we need to use v1, and there's
no way to do that through register constraints on the assembler
fragment itself.
Change-Id: Ib5b12c4c3652513d10cc61d4a4b11314ece25663
In c++11, register has been deprecated, and
libc is now built as gnu++11
From the documentation:
A register specifier is a hint to the implementation
that the variable so declared will be heavily used.
[ Note: The hint can be ignored and in most implementations
it will be ignored if the address of the variable is taken.
This use is deprecated (see D.2)
Change-Id: I459dc3f5f9de63fc09eeda3bc6700f31bdf20f6f
KernelArgumentBlock is defined as a class in KernelArgumentBlock.h, but
forward declarations refer to it as a struct.
While this is essentially the same, the mismatch causes a compiler
warning in clang (and may cause warnings in future versions of gcc) in
code that is supposed to be compiled with -Werror.
Change-Id: I4ba49d364c44d0a42c276aff3a8098300dbdcdf0
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
This change creates assembler versions of __memcpy_chk/__memset_chk
that is implemented in the memcpy/memset assembler code. This change
avoids an extra call to memcpy/memset, instead allowing a simple fall
through to occur from the chk code into the body of the real
implementation.
Testing:
- Ran the libc_test on __memcpy_chk/__memset_chk on all nexus devices.
- Wrote a small test executable that has three calls to __memcpy_chk and
three calls to __memset_chk. First call dest_len is length + 1. Second
call dest_len is length. Third call dest_len is length - 1.
Verified that the first two calls pass, and the third fails. Examined
the logcat output on all nexus devices to verify that the fortify
error message was sent properly.
- I benchmarked the new __memcpy_chk and __memset_chk on all systems. For
__memcpy_chk and large copies, the savings is relatively small (about 1%).
For small copies, the savings is large on cortex-a15/krait devices
(between 5% to 30%).
For cortex-a9 and small copies, the speed up is present, but relatively
small (about 3% to 5%).
For __memset_chk and large copies, the savings is also small (about 1%).
However, all processors show larger speed-ups on small copies (about 30% to
100%).
Bug: 9293744
Merge from internal master.
(cherry-picked from 7c860db074)
Change-Id: I916ad305e4001269460ca6ebd38aaa0be8ac7f52
Only works on some kernels, and only on page-aligned regions of
anonymous memory. It will show up in /proc/pid/maps as
[anon:<name>] and in /proc/pid/smaps as Name: <name>
Change-Id: If31667cf45ff41cc2a79a140ff68707526def80e
This change creates assembler versions of __memcpy_chk/__memset_chk
that is implemented in the memcpy/memset assembler code. This change
avoids an extra call to memcpy/memset, instead allowing a simple fall
through to occur from the chk code into the body of the real
implementation.
Testing:
- Ran the libc_test on __memcpy_chk/__memset_chk on all nexus devices.
- Wrote a small test executable that has three calls to __memcpy_chk and
three calls to __memset_chk. First call dest_len is length + 1. Second
call dest_len is length. Third call dest_len is length - 1.
Verified that the first two calls pass, and the third fails. Examined
the logcat output on all nexus devices to verify that the fortify
error message was sent properly.
- I benchmarked the new __memcpy_chk and __memset_chk on all systems. For
__memcpy_chk and large copies, the savings is relatively small (about 1%).
For small copies, the savings is large on cortex-a15/krait devices
(between 5% to 30%).
For cortex-a9 and small copies, the speed up is present, but relatively
small (about 3% to 5%).
For __memset_chk and large copies, the savings is also small (about 1%).
However, all processors show larger speed-ups on small copies (about 30% to
100%).
Bug: 9293744
Change-Id: I8926d59fe2673e36e8a27629e02a7b7059ebbc98
Also make sysconf use PTHREAD_STACK_MIN rather than redefining its
own, different, constant.
Bug: 9997352
Change-Id: I9a8e7d2b18e691439abfb45533e82c36eee9e81d
Adds an extra mark parameter to android_getaddrinfoforiface,
android_gethostbyaddrforiface and android_gethostbynameforiface that if set
will cause all packets sent by DNS requests to have that mark
Change-Id: I6f72390e4ce5bfc3cc73183f9b2fb3705a11685f
This is needed to compile open-source code that wants to
expand/compress domain names itself, such as ping6.
Bug: 9469682
Change-Id: I339c6538936d05c031bc6fb0a8793aaf1429dea4
This was gated off of "#ifndef ADNROID_CHANGES" (note mispelling)
and is unconditionally defined in libc/include/resolv.h
(which this file includes). No need for duplicate definitions.
Change-Id: I00719bcf39eaa26eb96ab4274f171f3d2b5bae61
* A dlmalloc usage error shouldn't call abort(3) because we want to
cause a SIGSEGV by writing the address dlmalloc didn't like to an
address the kernel won't like, so that debuggerd will dump the
memory around the address that upset dlmalloc.
* Switch to the simpler FreeBSD/NetBSD style of registering stdio
cleanup. Hopefully this will let us simplify more of the stdio
implementation.
* Clear the stdio cleanup handler before we abort because of a dlmalloc
corruption error. This fixes the reported bug, where we'd hang inside
dlmalloc because the stdio cleanup reentered dlmalloc.
Bug: 9301265
Change-Id: Ief31b389455d6876e5a68f0f5429567d37277dbc
Add methods to attach/detach UID ranges to a specific dns cache/interface.
This mirrors the already existing code for attaching specific processes to
specific interfaces but will be used to push all processes from a given
user to a specific cache/interface.
Change-Id: Ic24391e92d3ca46fcb46cc4fc53e13984dec40b3
__strcat_chk and __strncat_chk are slightly inefficient,
because they end up traversing over the same memory region
two times.
This change optimizes __strcat_chk / __strncat_chk so they
only access the memory once. Although I haven't benchmarked these
changes, it should improve the performance of these functions.
__strlen_chk - expose this function, even if -D_FORTIFY_SOURCE
isn't defined. This is needed to compile libc itself without
-D_FORTIFY_SOURCE.
Change-Id: Id2c70dff55a276b47c59db27a03734d659f84b74
