Commit graph

2078 commits

Author SHA1 Message Date
Anna Trostanetski
9981a1dac8 Revert "Enable the scudo native allocator."
This reverts commit b198958412.

Reason for revert: b/147838132. Breaks JNI calls.

Bug: 147838132

Change-Id: I657cf9fddc1e8ee60c1830a1b3f560ab51928a40
2020-01-20 20:17:10 +00:00
Ryan Savitski
b72fed164e Merge "allow for heapprofd's signal to be multiplexed" 2020-01-16 16:04:08 +00:00
Mitch Phillips
43d5f9d4dd Add tagged pointers to bionic.
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).

We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.

If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.

Bug: 135754954
Bug: 147147490

Test: cd bionic && atest .
Change-Id: I6e5b809fc81f55dd517f845eaf20f3c0ebd4d86e
2020-01-15 15:03:00 -08:00
Ryan Savitski
e95316330b platform profiler signal: add traced_perf codepath
This patch adds a case for the profiling signal handler (previously just
for native heapprofd profiling) when si_value == 1, corresponding to
traced_perf being the requesting party.

The handler opens /proc/self/{maps,mem}, connects to (init-created)
/dev/socket/traced_perf, and then sends the fds over the socket.
Everything happens synchronously within the signal handler. Socket is
made non-blocking, and we do not retry.

Bug: 144281346
Change-Id: Iea904694caeefe317ed8818e5b150e8819af91c2
2020-01-15 22:55:04 +00:00
Ryan Savitski
175c8867b0 allow for heapprofd's signal to be multiplexed
This patch refactors heapprofd_malloc to make it easier to reuse the
reserved signal for multiple purposes. We define a new generic signal
handler for profilers, which dispatches to more specific logic based on
the signal's payload (si_value).

The profiler signal handler is installed during libc preinit, after
malloc initialization (so races against synchronous heapprofd
initialization need not be considered). In terms of code organization, I
copied the existing approach with a loosely referenced function in
bionic_globals.h. Do tell if you'd rather a different approach here.

The profileability of a process is quite tied to the malloc
files/interfaces in bionic - in particular, it's set through
android_mallopt. I do not change that, but instead introduce a new
android_mallopt option to be able to query profileability of the
process (which is now used by the new profiler signal handler). As part
of that, gZygoteChildProfileable is moved from heapprofd_malloc to
common (alongside gZygoteChild).

I've removed the masking and reraising of the heapprofd signal when
racing against malloc_limit init. We're ok with taking a simpler
approach and dropping the heapprofd signal in such an unlikely race.

Note: this requires a corresponding change in heapprofd to use sigqueue()
instead of kill(), as the latter leaves the si_value uninitialized(?) on
the receiving side.

Bug: 144281346
Change-Id: I93bb2e82cff5870e5ca499cf86439860aca9dfa5
2020-01-15 22:55:03 +00:00
Christopher Ferris
b198958412 Enable the scudo native allocator.
This is attempt number two, all known failures and issues have
been fixed.

Bug: 137795072

Test: Built both svelte and non-svelte versions. Ran enormous numbers
Test: of performance testing.
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Test: Ran libmemunreachable tests.
Test: Ran atest CtsRsBlasTestCases on cuttlefish instance.
Change-Id: Ib0c6ef38b63b7a1f39f4431ed8414afe3a92f9b5
2020-01-14 17:25:10 -08:00
Peter Collingbourne
6dfde988e3 Merge "Add an android_mallopt for controlling the heap tagging level." 2020-01-10 15:22:24 +00:00
Peter Collingbourne
1e110fb717 Add an android_mallopt for controlling the heap tagging level.
This doesn't add any functionality for now, but there are
a couple of changes in flight that will want to add enumerators
to the mallopt, so let's give them a place to add them.

Bug: 135772972
Bug: 135754954
Change-Id: I6e810020f66070e844500c6fa99b703963365659
2020-01-09 16:39:10 -08:00
Josh Gao
5074e7d28f Move sigrtmin.h into platform headers.
Test: mma
Change-Id: Ibc97ef96fe9e32b948c245b06039b95fe4342f39
2020-01-02 14:14:15 -08:00
Josh Gao
4956c372cf Move bionic_macros.h from private to platform.
Test: treehugger
Change-Id: Ie473914f4c8924c7240b3ac22093a9daf42fc948
2020-01-02 14:09:50 -08:00
Elliott Hughes
95c6cd753f Stop using the __ANDROID_API_x__ constants.
Historically we've made a few mistakes where they haven't matched the
right number. And most non-Googlers are much more familiar with the
numbers, so it seems to make sense to rely more on them. Especially in
header files, which we actually expect real people to have to read from
time to time.

Test: treehugger
Change-Id: I0d4a97454ee108de1d32f21df285315c5488d886
2019-12-20 13:26:14 -08:00
Ytai Ben-tsvi
5105ece816 Revert "Enable the scudo native allocator."
This reverts commit 6ffbe97859.

Reason for revert: Droidcop-triggered revert due to breakage b/146543543

Change-Id: Ie9a5b2f6ca5dbc8d3c6cafe70e34838d74e45c56
Bug: 146543543
2019-12-19 19:09:59 +00:00
Christopher Ferris
6ffbe97859 Enable the scudo native allocator.
Bug: 137795072

Test: Built both svelte and non-svelte versions. Ran enormous numbers
Test: of performance testing.
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Change-Id: Iec6c98f2bdf6e0d5a6d18dff0c0883fac391c6d5
2019-12-18 12:27:40 -08:00
Christopher Ferris
e1fd409fcb Add support for scudo svelte.
Bug: 137795072

Test: Built with scudo and scudo svelte.
Change-Id: Ib2afd5249b897b818012ee71547af1f4ee60201b
2019-12-16 16:22:55 -08:00
Evgeny Eltsin
a8f98b4fa5 Merge "Make android_mallopt weak for native bridge" 2019-12-16 18:14:31 +00:00
Evgeny Eltsin
edbc9e2074 Make android_mallopt weak for native bridge
It is not intercepted by malloc hooks.

Test: bionic-unit-tests --gtest_filter=android_mallopt*
Change-Id: I3fb4101bdcdb62d82a09212fda9eafff7f43c786
2019-12-16 16:37:44 +01:00
Peter Collingbourne
e5e7395c9f Update bionic to use the MTE API proposed on LKML.
Patch set available here:
https://lore.kernel.org/linux-arm-kernel/20191211184027.20130-1-catalin.marinas@arm.com/
and in my android-experimental-mte branch.

Bug: 135772972
Change-Id: Ib46fd508330b330ef3afc713a9a4e26675ddb857
2019-12-13 12:13:29 -08:00
Elliott Hughes
cdb52fc147 Make private/bionic_page.h available as platform/bionic/page.h.
Bug: http://b/145825270
Test: treehugger
Change-Id: I52958f370c0df2c02cb8250e2cf0705d4e93e908
2019-12-12 15:26:14 -08:00
Peter Collingbourne
1fb79443d6 Issue a prctl to let the kernel accept tagged pointers in syscall arguments.
This is a no-op (kernel returns -EINVAL) if the kernel doesn't understand
the prctl.

Bug: 144799191
Change-Id: I8708e92e31d7a60b2847ae2bc242e46dafb77680
2019-11-19 17:27:42 -08:00
Treehugger Robot
b6f26e3b72 Merge "Call __libc_init_malloc from scudo." 2019-11-16 00:48:29 +00:00
Elliott Hughes
0b12b00655 Merge "sysconf(_SC_ARG_MAX): go back to imitating the kernel." 2019-11-15 20:49:58 +00:00
Elliott Hughes
db602e8a47 sysconf(_SC_ARG_MAX): go back to imitating the kernel.
For reasons explained in the code comment, go back to roughly our old
code. The "new" tests are just the old tests resurrected.

This also passes the current toybox xargs tests, which were the
motivation for going back on our earlier decision.

Test: bionic and toybox tests
Change-Id: I33cbcc04107efe81fdbc8166dc9ae844e471173e
2019-11-15 09:24:35 -08:00
Mitch Phillips
c11e39bcff Call __libc_init_malloc from scudo.
Currently, scudo doesn't call libc's malloc initialisers. This causes
problems with any functionality that relies on an initialised__libc_globals
inside of bionic malloc's stubs (e.g. malloc()).

This manifests in two ways (that I can think of):
 1. Dispatch tables don't work with scudo, so malloc_debug has never
 worked in an executable linked against scudo.
 2. Allocators that require initialisation and are called from bionic
 malloc's stubs (GWP-ASan) never get initialised.

Bug: 135634846
Test: atest bionic-unit-tests-scudo
Change-Id: I3e3344d7d510ce4e8d3709cd69c8cb0fe5adedda
2019-11-15 08:42:03 -08:00
Mitch Phillips
1d2aadc036 Init fork handler after __libc_init_malloc.
pthread_atfork may call malloc() during its once-init. This causes
problems with allocators (GWP-ASan) that require explicit initialisation
before calls to malloc().

Bug: 135634846
Test: atest bionic
Change-Id: I1810a00465db99d5aa34fa6f74dea5908a628d3a
2019-11-14 16:02:09 -08:00
Raman Tenneti
afe44cc483 Merge "Revert "Revert "Make system property reads wait-free""" 2019-11-12 20:43:29 +00:00
Raman Tenneti
b481a2e743 Revert "Revert "Make system property reads wait-free""
This reverts commit de39d9242a.

Reason for revert: This revert is not needed

Change-Id: I34af8e5d75c724f6c4066fafbfc6bc7d58377601
2019-11-12 20:41:55 +00:00
Raman Tenneti
1b28efa2d1 Merge "Revert "Make system property reads wait-free"" 2019-11-12 18:26:48 +00:00
Raman Tenneti
de39d9242a Revert "Make system property reads wait-free"
This reverts commit 0cf90556de.

Reason for revert: Device boot failures - 144355953

Change-Id: Icd4fc8c7a1d06d688a6d37e6f1c1aa45563f711b
2019-11-12 18:24:06 +00:00
Treehugger Robot
985e678516 Merge "Make system property reads wait-free" 2019-11-12 17:14:30 +00:00
Daniel Colascione
0cf90556de Make system property reads wait-free
Right now, when we read a system property, we first (assuming we've
already looked up the property's prop_info) read the property's serial
number; if we find that the low bit (the dirty bit) in the serial
number is set, we futex-wait for that serial number to become
non-dirty. By doing so, we spare readers from seeing partially-updated
property values if they race with the property service's non-atomic
memcpy to the property value slot. (The futex-wait here isn't
essential to the algorithm: spinning while dirty would suffice,
although it'd be somewhat less efficient.)

The problem with this approach is that readers can wait on the
property service process, potentially causing delays due to scheduling
variance. Property reads are not guaranteed to complete in finite time
right now.

This change makes property reads wait-free and ensures that they
complete in finite time in all cases. In the new approach, we prevent
value tearing by backing up each property we're about to modify and
directing readers to the backup copy if they try to read a property
with the dirty bit set.

(The wait freedom is limited to the case of readers racing against
*one* property update. A writer can still delay readers by rapidly
updating a property --- but after this change, readers can't hang due
to PID 1 scheduling delays.)

I considered adding explicit atomic access to short property values,
but between binary compatibility with the existing property database
and the need to carefully handle transitions of property values
between "short" (compatible with atomics) and "long" (incompatible
with atomics) length domains, I figured the complexity wasn't worth it
and that making property reads wait-free would be adequate.

Test: boots
Bug: 143561649
Change-Id: Ifd3108aedba5a4b157b66af6ca0a4ed084bd5982
2019-11-11 11:17:00 -08:00
Christopher Ferris
6f517cd7a1 Rename iterate to malloc_iterate internally.
I have no idea why I used the iterate name internally which is
completely unlike every other function name. Change this to match
everyone else so that it's now malloc_iterate everywhere.

This is probably the last chance to change this before mainline
modules begin, so make everything consistent.

Test: Compiles, unit tests passes.
Change-Id: I56d293377fa0fe1a3dc3dd85d6432f877cc2003c
2019-11-08 11:49:14 -08:00
Christopher Ferris
7a3a5d8cd7 Merge "Fix allocations escaping malloc debug." 2019-11-06 23:31:33 +00:00
Christopher Ferris
ff88fb0d3a Fix allocations escaping malloc debug.
When using a FILE object for some malloc debug functions, calling
fprintf will trigger an allocation to be put in the object. The problem
is that these allocations were not allocated by the malloc debug
wrapper and they get freed during the fclose as if they are malloc
debug allocation. In most cases, the code will detect the bad pointer
and leak the memory, but it might also cause a crash.

The fix is to avoid using fprintf so that no allocations are made
in the object that survive and need to be freed in the fclose call.

Change the MallocXmlElem.h to use a file decsriptor not a FILE object.

Add new unit and system tests to detect this case.

Bug: 143742907

Test: Ran unit and system tests.
Test: Ran bionic unit tests.
Change-Id: I524392de822a29483aa5be8f14c680e70033eba2
2019-11-06 10:42:42 -08:00
Ryan Prichard
249757bae2 Use ifuncs in the linker
Using ifuncs allows the linker to select faster versions of libc functions
like strcmp, making linking faster.

The linker continues to first initialize TLS, then call the ifunc
resolvers. There are small amounts of code in Bionic that need to avoid
calling functions selected using ifuncs (generally string.h APIs). I've
tried to compile those pieces with -ffreestanding. Maybe it's unnecessary,
but maybe it could help avoid compiler-inserted memset calls, and maybe
it will be useful later on.

The ifuncs are called in a special early pass using special
__rel[a]_iplt_start / __rel[a]_iplt_end symbols. The linker will encounter
the ifuncs again as R_*_IRELATIVE dynamic relocations, so they're skipped
on the second pass.

Break linker_main.cpp into its own liblinker_main library so it can be
compiled with -ffreestanding.

On walleye, this change fixes a recent 2.3% linker64 start-up time
regression (156.6ms -> 160.2ms), but it also helps the 32-bit time by
about 1.9% on the same benchmark. I'm measuring the run-time using a
synthetic benchmark based on loading libandroid_servers.so.

Test: bionic unit tests, manual benchmarking
Bug: none
Merged-In: Ieb9446c2df13a66fc0d377596756becad0af6995
Change-Id: Ieb9446c2df13a66fc0d377596756becad0af6995
(cherry picked from commit 772bcbb0c2)
2019-11-05 13:37:51 -08:00
Elliott Hughes
6cb70ad776 Add the ScopedFd that we've never quite gotten around to.
This is actually for the new change I'm working on, but let's retrofit
it first to separate any bugs in these changes from those in the new
change...

Test: treehugger
Change-Id: I890aeb61f9792810a77ad0da3f9674c9cc5db7bb
2019-10-31 21:16:18 -07:00
Peter Collingbourne
609d6ec416 Merge "Adopt GNU calling convention for ifunc resolvers." 2019-10-29 17:19:33 +00:00
Elliott Hughes
ca3f8e4901 sleep/usleep: switch to trivial implementations.
Upstream keeps rearranging the deckchairs for these, so let's just
switch to the [roughly] one-liners rather than track that...

Test: treehugger
Change-Id: If655cf7a7f316657de44d41fadd43a8c55ee6f23
2019-10-28 22:25:02 -07:00
Peter Collingbourne
e949195f64 Adopt GNU calling convention for ifunc resolvers.
In order for an ifunc resolver to detect the presence of certain CPU features,
access to getauxval(AT_HWCAP) or getauxval(AT_HWCAP2) may be required. In order
for getauxval() to work, it needs to access the pointer to the auxiliary vector
stored by the linker in the libc shared globals data structure. Accessing the
shared globals requires libc to call the __libc_shared_globals() function
exported by the linker. However, in order to call this function, libc must
be fully relocated, which is not guaranteed to be the case at the point when
ifunc resolvers are called.

glibc solves this problem by passing the values of getauxval(AT_HWCAP)
(and getauxval(AT_HWCAP2) on aarch64) as arguments to the ifunc resolver.
Since this seems to be not only the most straightforward way to solve the
problem but also improves our compatibility with glibc, we adopt their
calling convention.

This change is ABI compatible with old resolvers because the arguments are
passed in registers, so the old resolvers will simply ignore the new arguments.

Bug: 135772972
Change-Id: Ie65bd6e7067f0c878df3d348c815fda61dc12de2
2019-10-28 20:20:29 -07:00
Elliott Hughes
e9ff762789 Merge "Reimplement the <ctype.h> is* functions." 2019-10-09 15:09:45 +00:00
Elliott Hughes
a4959aa6f8 Reimplement the <ctype.h> is* functions.
Following on from the towlower()/towupper() changes, add benchmarks for
most of <ctype.h>, rewrite the tests to cover the entire defined range
for all of these functions, and then reimplement most of the functions.

The old table-based implementation is mostly a bad idea on modern
hardware, with only ispunct() showing a significant benefit compared to
any other way I could think of writing it, and isalnum() a marginal but
still convincingly genuine benefit.

My new benchmarks make an effort to test an example from each relevant
range of characters to avoid, say, accidentally optimizing the behavior
of `isalnum('0')` at the expense of `isalnum('z')`.

Interestingly, clang is able to generate what I believe to be the
optimal implementations from the most readable code, which is
impressive. It certainly matched or beat all my attempts to be clever!

The BSD table-based implementations made a special case of EOF despite
having a `_ctype_` table that's offset by 1 to include EOF at index 0.
I'm not sure why they didn't take advantage of that, but removing the
explicit check for EOF measurably improves the generated code on arm and
arm64, so even the two functions that still use the table benefit from
this rewrite.

Here are the benchmark results:

arm64 before:
  BM_ctype_isalnum_n                 3.73 ns         3.73 ns    183727137
  BM_ctype_isalnum_y1                3.82 ns         3.81 ns    186383058
  BM_ctype_isalnum_y2                3.73 ns         3.72 ns    187809830
  BM_ctype_isalnum_y3                3.78 ns         3.77 ns    181383055
  BM_ctype_isalpha_n                 3.75 ns         3.75 ns    189453927
  BM_ctype_isalpha_y1                3.76 ns         3.75 ns    184854043
  BM_ctype_isalpha_y2                4.32 ns         3.78 ns    186326931
  BM_ctype_isascii_n                 2.49 ns         2.48 ns    275583822
  BM_ctype_isascii_y                 2.51 ns         2.51 ns    282123915
  BM_ctype_isblank_n                 3.11 ns         3.10 ns    220472044
  BM_ctype_isblank_y1                3.20 ns         3.19 ns    226088868
  BM_ctype_isblank_y2                3.11 ns         3.11 ns    220809122
  BM_ctype_iscntrl_n                 3.79 ns         3.78 ns    188719938
  BM_ctype_iscntrl_y1                3.72 ns         3.71 ns    186209237
  BM_ctype_iscntrl_y2                3.80 ns         3.80 ns    184315749
  BM_ctype_isdigit_n                 3.76 ns         3.74 ns    188334682
  BM_ctype_isdigit_y                 3.78 ns         3.77 ns    186249335
  BM_ctype_isgraph_n                 3.99 ns         3.98 ns    177814143
  BM_ctype_isgraph_y1                3.98 ns         3.95 ns    175140090
  BM_ctype_isgraph_y2                4.01 ns         4.00 ns    178320453
  BM_ctype_isgraph_y3                3.96 ns         3.95 ns    175412814
  BM_ctype_isgraph_y4                4.01 ns         4.00 ns    175711174
  BM_ctype_islower_n                 3.75 ns         3.74 ns    188604818
  BM_ctype_islower_y                 3.79 ns         3.78 ns    154738238
  BM_ctype_isprint_n                 3.96 ns         3.95 ns    177607734
  BM_ctype_isprint_y1                3.94 ns         3.93 ns    174877244
  BM_ctype_isprint_y2                4.02 ns         4.01 ns    178206135
  BM_ctype_isprint_y3                3.94 ns         3.93 ns    175959069
  BM_ctype_isprint_y4                4.03 ns         4.02 ns    176158314
  BM_ctype_isprint_y5                3.95 ns         3.94 ns    178745462
  BM_ctype_ispunct_n                 3.78 ns         3.77 ns    184727184
  BM_ctype_ispunct_y                 3.76 ns         3.75 ns    187947503
  BM_ctype_isspace_n                 3.74 ns         3.74 ns    185300285
  BM_ctype_isspace_y1                3.77 ns         3.76 ns    187202066
  BM_ctype_isspace_y2                3.73 ns         3.73 ns    184105959
  BM_ctype_isupper_n                 3.81 ns         3.80 ns    185038761
  BM_ctype_isupper_y                 3.71 ns         3.71 ns    185885793
  BM_ctype_isxdigit_n                3.79 ns         3.79 ns    184965673
  BM_ctype_isxdigit_y1               3.76 ns         3.75 ns    188251672
  BM_ctype_isxdigit_y2               3.79 ns         3.78 ns    184187481
  BM_ctype_isxdigit_y3               3.77 ns         3.76 ns    187635540

arm64 after:
  BM_ctype_isalnum_n                 3.37 ns         3.37 ns    205613810
  BM_ctype_isalnum_y1                3.40 ns         3.39 ns    204806361
  BM_ctype_isalnum_y2                3.43 ns         3.43 ns    205066077
  BM_ctype_isalnum_y3                3.50 ns         3.50 ns    200057128
  BM_ctype_isalpha_n                 2.97 ns         2.97 ns    236084076
  BM_ctype_isalpha_y1                2.97 ns         2.97 ns    236083626
  BM_ctype_isalpha_y2                2.97 ns         2.97 ns    236084246
  BM_ctype_isascii_n                 2.55 ns         2.55 ns    272879994
  BM_ctype_isascii_y                 2.46 ns         2.45 ns    286522323
  BM_ctype_isblank_n                 3.18 ns         3.18 ns    220431175
  BM_ctype_isblank_y1                3.18 ns         3.18 ns    220345602
  BM_ctype_isblank_y2                3.18 ns         3.18 ns    220308509
  BM_ctype_iscntrl_n                 3.10 ns         3.10 ns    220344270
  BM_ctype_iscntrl_y1                3.10 ns         3.07 ns    228973615
  BM_ctype_iscntrl_y2                3.07 ns         3.07 ns    229192626
  BM_ctype_isdigit_n                 3.07 ns         3.07 ns    228925676
  BM_ctype_isdigit_y                 3.07 ns         3.07 ns    229182934
  BM_ctype_isgraph_n                 2.66 ns         2.66 ns    264268737
  BM_ctype_isgraph_y1                2.66 ns         2.66 ns    264445277
  BM_ctype_isgraph_y2                2.66 ns         2.66 ns    264327427
  BM_ctype_isgraph_y3                2.66 ns         2.66 ns    264427480
  BM_ctype_isgraph_y4                2.66 ns         2.66 ns    264155250
  BM_ctype_islower_n                 2.66 ns         2.66 ns    264421600
  BM_ctype_islower_y                 2.66 ns         2.66 ns    264341148
  BM_ctype_isprint_n                 2.66 ns         2.66 ns    264415198
  BM_ctype_isprint_y1                2.66 ns         2.66 ns    264268793
  BM_ctype_isprint_y2                2.66 ns         2.66 ns    264419205
  BM_ctype_isprint_y3                2.66 ns         2.66 ns    264205886
  BM_ctype_isprint_y4                2.66 ns         2.66 ns    264440797
  BM_ctype_isprint_y5                2.72 ns         2.72 ns    264333293
  BM_ctype_ispunct_n                 3.52 ns         3.51 ns    198956572
  BM_ctype_ispunct_y                 3.38 ns         3.38 ns    201661792
  BM_ctype_isspace_n                 3.39 ns         3.39 ns    206896620
  BM_ctype_isspace_y1                3.39 ns         3.39 ns    206569020
  BM_ctype_isspace_y2                3.39 ns         3.39 ns    206564415
  BM_ctype_isupper_n                 2.76 ns         2.75 ns    254227134
  BM_ctype_isupper_y                 2.76 ns         2.75 ns    254235314
  BM_ctype_isxdigit_n                3.60 ns         3.60 ns    194418653
  BM_ctype_isxdigit_y1               2.97 ns         2.97 ns    236082424
  BM_ctype_isxdigit_y2               3.48 ns         3.48 ns    200390011
  BM_ctype_isxdigit_y3               3.48 ns         3.48 ns    202255815

arm32 before:
  BM_ctype_isalnum_n                 4.77 ns         4.76 ns    129230464
  BM_ctype_isalnum_y1                4.88 ns         4.87 ns    147939321
  BM_ctype_isalnum_y2                4.74 ns         4.73 ns    145508054
  BM_ctype_isalnum_y3                4.81 ns         4.80 ns    144968914
  BM_ctype_isalpha_n                 4.80 ns         4.79 ns    148262579
  BM_ctype_isalpha_y1                4.74 ns         4.73 ns    145061326
  BM_ctype_isalpha_y2                4.83 ns         4.82 ns    147642546
  BM_ctype_isascii_n                 3.74 ns         3.72 ns    186711139
  BM_ctype_isascii_y                 3.79 ns         3.78 ns    183654780
  BM_ctype_isblank_n                 4.20 ns         4.19 ns    169733252
  BM_ctype_isblank_y1                4.19 ns         4.18 ns    165713363
  BM_ctype_isblank_y2                4.22 ns         4.21 ns    168776265
  BM_ctype_iscntrl_n                 4.75 ns         4.74 ns    145417484
  BM_ctype_iscntrl_y1                4.82 ns         4.81 ns    146283250
  BM_ctype_iscntrl_y2                4.79 ns         4.78 ns    148662453
  BM_ctype_isdigit_n                 4.77 ns         4.76 ns    145789210
  BM_ctype_isdigit_y                 4.84 ns         4.84 ns    146909458
  BM_ctype_isgraph_n                 4.72 ns         4.71 ns    145874663
  BM_ctype_isgraph_y1                4.86 ns         4.85 ns    142037606
  BM_ctype_isgraph_y2                4.79 ns         4.78 ns    145109612
  BM_ctype_isgraph_y3                4.75 ns         4.75 ns    144829039
  BM_ctype_isgraph_y4                4.86 ns         4.85 ns    146769899
  BM_ctype_islower_n                 4.76 ns         4.75 ns    147537637
  BM_ctype_islower_y                 4.79 ns         4.78 ns    145648017
  BM_ctype_isprint_n                 4.82 ns         4.81 ns    147154780
  BM_ctype_isprint_y1                4.76 ns         4.76 ns    145117604
  BM_ctype_isprint_y2                4.87 ns         4.86 ns    145801406
  BM_ctype_isprint_y3                4.79 ns         4.78 ns    148043446
  BM_ctype_isprint_y4                4.77 ns         4.76 ns    145157619
  BM_ctype_isprint_y5                4.91 ns         4.90 ns    147810800
  BM_ctype_ispunct_n                 4.74 ns         4.73 ns    145588611
  BM_ctype_ispunct_y                 4.82 ns         4.81 ns    144065436
  BM_ctype_isspace_n                 4.78 ns         4.77 ns    147153712
  BM_ctype_isspace_y1                4.73 ns         4.72 ns    145252863
  BM_ctype_isspace_y2                4.84 ns         4.83 ns    148615797
  BM_ctype_isupper_n                 4.75 ns         4.74 ns    148276631
  BM_ctype_isupper_y                 4.80 ns         4.79 ns    145529893
  BM_ctype_isxdigit_n                4.78 ns         4.77 ns    147271646
  BM_ctype_isxdigit_y1               4.74 ns         4.74 ns    145142209
  BM_ctype_isxdigit_y2               4.83 ns         4.82 ns    146398497
  BM_ctype_isxdigit_y3               4.78 ns         4.77 ns    147617686

arm32 after:
  BM_ctype_isalnum_n                 4.35 ns         4.35 ns    161086146
  BM_ctype_isalnum_y1                4.36 ns         4.35 ns    160961111
  BM_ctype_isalnum_y2                4.36 ns         4.36 ns    160733210
  BM_ctype_isalnum_y3                4.35 ns         4.35 ns    160897524
  BM_ctype_isalpha_n                 3.67 ns         3.67 ns    189377208
  BM_ctype_isalpha_y1                3.68 ns         3.67 ns    189438146
  BM_ctype_isalpha_y2                3.75 ns         3.69 ns    190971186
  BM_ctype_isascii_n                 3.69 ns         3.68 ns    191029191
  BM_ctype_isascii_y                 3.68 ns         3.68 ns    191011817
  BM_ctype_isblank_n                 4.09 ns         4.09 ns    171887541
  BM_ctype_isblank_y1                4.09 ns         4.09 ns    171829345
  BM_ctype_isblank_y2                4.08 ns         4.07 ns    170585590
  BM_ctype_iscntrl_n                 4.08 ns         4.07 ns    170614383
  BM_ctype_iscntrl_y1                4.13 ns         4.11 ns    171495899
  BM_ctype_iscntrl_y2                4.19 ns         4.18 ns    165255578
  BM_ctype_isdigit_n                 4.25 ns         4.24 ns    165237008
  BM_ctype_isdigit_y                 4.24 ns         4.24 ns    165256149
  BM_ctype_isgraph_n                 3.82 ns         3.81 ns    183610114
  BM_ctype_isgraph_y1                3.82 ns         3.81 ns    183614131
  BM_ctype_isgraph_y2                3.82 ns         3.81 ns    183616840
  BM_ctype_isgraph_y3                3.79 ns         3.79 ns    183620182
  BM_ctype_isgraph_y4                3.82 ns         3.81 ns    185740009
  BM_ctype_islower_n                 3.75 ns         3.74 ns    183619502
  BM_ctype_islower_y                 3.68 ns         3.68 ns    190999901
  BM_ctype_isprint_n                 3.69 ns         3.68 ns    190899544
  BM_ctype_isprint_y1                3.68 ns         3.67 ns    190192384
  BM_ctype_isprint_y2                3.67 ns         3.67 ns    189351466
  BM_ctype_isprint_y3                3.67 ns         3.67 ns    189430348
  BM_ctype_isprint_y4                3.68 ns         3.68 ns    189430161
  BM_ctype_isprint_y5                3.69 ns         3.68 ns    190962419
  BM_ctype_ispunct_n                 4.14 ns         4.14 ns    171034861
  BM_ctype_ispunct_y                 4.19 ns         4.19 ns    168308152
  BM_ctype_isspace_n                 4.50 ns         4.50 ns    156250887
  BM_ctype_isspace_y1                4.48 ns         4.48 ns    155124476
  BM_ctype_isspace_y2                4.50 ns         4.50 ns    155077504
  BM_ctype_isupper_n                 3.68 ns         3.68 ns    191020583
  BM_ctype_isupper_y                 3.68 ns         3.68 ns    191015669
  BM_ctype_isxdigit_n                4.50 ns         4.50 ns    156276745
  BM_ctype_isxdigit_y1               3.28 ns         3.27 ns    214729725
  BM_ctype_isxdigit_y2               4.48 ns         4.48 ns    155265129
  BM_ctype_isxdigit_y3               4.48 ns         4.48 ns    155216846

I've also corrected a small mistake in the documentation for isxdigit().

Test: tests and benchmarks
Change-Id: I4a77859f826c3fc8f0e327e847886882f29ec4a3
2019-10-08 12:04:09 -07:00
George Burgess IV
57f01b91d7 Merge changes I13f94cdc,I2107ae65,I7dc10b56,I2037548c
* changes:
  libc: remove now-unused FORTIFY functions
  fortify: remove last uses of __bos_trivially_not*
  fortify(string): emit diagnostics regardless of API level
  fortify(fcntl): emit diagnostics regardless of API level
2019-10-08 17:12:58 +00:00
George Burgess IV
23e6f0a900 libc: remove now-unused FORTIFY functions
As of I2037548cc2061e46c379931588194c21dfe234b4, these are no longer
used. Since they're new in R, we can remove them instead of keeping
backwards compat 'forever'. Take that opportunity now.

Bug: 141267932
Test: TreeHugger
Change-Id: I13f94cdcff6e75ad19b964be76445f113f79559b
2019-10-07 19:09:38 -07:00
Evgenii Stepanov
b92d1c3a26 Block signals in pthread_create.
HWASan-instrumented code needs TLS_SLOT_SANITIZER set up to run, and
that is not done until the new thread calls __hwasan_thread_enter. Block
all signals until that time to prevent hwasan-instrumented signal
handlers running (and crashing) on the new thread.

Bug: 141893397
Test: seq 0 10000000 | xargs -n 1 -P 200 adb shell am instrument \
      -w -r -e command grant-all \
      com.android.permissionutils/.PermissionInstrumentation

(cherry picked from commit d181585dd5)

Change-Id: Id65fae836edcacdf057327ccf16cf0b5e0f9474a
2019-10-07 15:37:26 -07:00
Elliott Hughes
82ee3a08e2 Merge "Optimize tolower(3)/toupper(3) from <ctype.h>." 2019-09-30 18:49:51 +00:00
Elliott Hughes
1c8a2a99a7 Optimize tolower(3)/toupper(3) from <ctype.h>.
The tables in the BSD tolower/toupper are slower for ASCII than just
doing the bit twiddling.

We can't actually remove the tables on LP32, so move them into the
"cruft" we keep around for backwards compatibility (but remove them for
LP64 where they were never exposed).

I noticed that the new bit-twiddling tolower(3) was performing better
on arm64 than toupper(3). The 0xdf constant was requiring an extra MOV,
and there isn't a BIC that takes an immediate value. Since we've already
done the comparison to check that we're in the right range (where the
bit is always set), though, we can EOR 0x20 to get the same result as
the missing BIC 0x20 in just one instruction.

I've applied that same optimization to towupper(3) too.

Before:

  BM_ctype_tolower_n                 3.30 ns         3.30 ns    212353035
  BM_ctype_tolower_y                 3.31 ns         3.30 ns    211234204
  BM_ctype_toupper_n                 3.30 ns         3.29 ns    214161246
  BM_ctype_toupper_y                 3.29 ns         3.28 ns    207643473

  BM_wctype_towupper_ascii_n         3.53 ns         3.53 ns    195944444
  BM_wctype_towupper_ascii_y         3.48 ns         3.48 ns    199233248

After:

  BM_ctype_tolower_n                 2.93 ns         2.92 ns    242373703
  BM_ctype_tolower_y                 2.88 ns         2.87 ns    245365309
  BM_ctype_toupper_n                 2.93 ns         2.93 ns    243049353
  BM_ctype_toupper_y                 2.89 ns         2.89 ns    245072521

  BM_wctype_towupper_ascii_n         3.34 ns         3.33 ns    212951912
  BM_wctype_towupper_ascii_y         3.29 ns         3.29 ns    214651254

(Why do both the "y" and "n" variants speed up with the EOR
change? Because the compiler transforms the code so that we
unconditionally do the bit twiddling and then use CSEL to decide whether
or not to actually use the result.)

We also save 1028 bytes of data in the LP64 libc.so.

Test: ran the bionic benchmarks and tests
Change-Id: I7829339f8cb89a58efe539c2a01c51807413aa2d
2019-09-27 14:42:39 -07:00
Christopher Ferris
c5d3a4348a Make tls related header files platform accessible.
There are places in frameworks and art code that directly included
private bionic header files. Move these files to the new platform
include files.

This change also moves the __get_tls.h header file to tls.h and includes
the tls defines header so that there is a single header that platform
code can use to get __get_tls and the defines.

Also, simplify the visibility rules for platform includes.

Bug: 141560639

Test: Builds and bionic unit tests pass.
Change-Id: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
Merged-In: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
(cherry picked from commit 44631c919a)
2019-09-27 12:14:24 -07:00
Balaram Makam
0e670e26a2 ASCII fastpath for towupper and towlower.
This change elides unnecessary calls to __find_icu_symbol
for ASCII chars and improves PUBG mobile game loading time by 7% on
hikey620(Cortex-A53):

name                old time/op  new time/op  delta
PUBG_0.13.0_Launch   41.5s ± 2%   37.7s ± 3%  -9.24%  (p=0.008 n=5+5)

Below are the bionic benchmark results on a Pixel 2 XL for 64-bit,
showing a large speedup for ASCII and only a small slowdown for non-ASCII.

Before:

  BM_wctype_towlower_ascii_n         10.5 ns         10.4 ns     61973065
  BM_wctype_towlower_ascii_y         10.2 ns         10.2 ns     70158659
  BM_wctype_towlower_unicode_n       10.3 ns         10.3 ns     67719478
  BM_wctype_towlower_unicode_y       10.6 ns         10.5 ns     67841545
  BM_wctype_towupper_ascii_n         10.8 ns         10.8 ns     63456778
  BM_wctype_towupper_ascii_y         10.9 ns         10.9 ns     65116910
  BM_wctype_towupper_unicode_n       10.7 ns         10.7 ns     67463276
  BM_wctype_towupper_unicode_y       10.4 ns         10.4 ns     66467890

After:

  BM_wctype_towlower_ascii_n         3.35 ns         3.34 ns    205567652
  BM_wctype_towlower_ascii_y         3.30 ns         3.29 ns    214108746
  BM_wctype_towlower_unicode_n       10.9 ns         10.8 ns     65007743
  BM_wctype_towlower_unicode_y       10.6 ns         10.6 ns     63819060
  BM_wctype_towupper_ascii_n         3.53 ns         3.53 ns    195944444
  BM_wctype_towupper_ascii_y         3.48 ns         3.48 ns    199233248
  BM_wctype_towupper_unicode_n       11.1 ns         11.1 ns     62760216
  BM_wctype_towupper_unicode_y       11.0 ns         11.0 ns     61608872

Test: bionic unit tests on device
Test: bionic benchmarks on device
Signed-off-by: Balaram Makam <b.makam@samsung.com>
Change-Id: I77ab7efb66d7bcb35d00467663607535e5c1992f
2019-09-27 16:41:03 +00:00
Evgeny Eltsin
8a18af52d9 Make more pthread functions weak for native bridge
These are using __pthread_internal_*.

Test: run bionic-unit-tests on cuttlefish
Change-Id: Idbb2503f03bd9f1f2a20fced34b734f573c1c0ad
2019-09-25 16:55:47 +02:00
Christopher Ferris
2b0638ef29 Make bionic_malloc.h a platform header.
Instead of having platform directories directly include the
private header, create a platform header directory and export it.

Bug: 130763340

Test: Builds.
Change-Id: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
Merged-In: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
(cherry picked from commit 8f582ef2f8)
2019-09-16 12:27:33 -07:00
Logan Chien
2fb9a03b9c Merge "versioner: Fix bzero/bcopy fortify" 2019-09-03 23:12:43 +00:00
Logan Chien
b33952c777 versioner: Fix bzero/bcopy fortify
This commit replaces `bzero` with `__bionic_bzero` and `bcopy` with
`__bionic_bcopy` because `bzero` and `bcopy` are partially defined in
`libc.map.txt`.  Bionic versioner raises errors because versioner treats
static inline functions as exported function definitions then it
compares the availability with the information specified in
`libc.map.txt`.

This commit fixes the problem by replacing static inline functions into
`__bionic_{bzero,bcopy}` and defining aliases for source-level
compatibility.

Test: PATH=$(pwd)/prebuilts/clang-tools/linux-x86/bin:$PATH \
      bionic/tools/versioner/run_tests.py
Bug: 140110040

Change-Id: I97f2f0dc0abccd0a9fcfe5bb02f4e918362d35cc
2019-08-30 10:17:36 -07:00
Elliott Hughes
261bd745ee Support statvfs on API levels before 19.
Split statfs and statvfs. The former has been available forever, and the
latter is implemented in terms of the former. The implementation has
been moved into headers so that it can be used at low API levels.

There's no reason for any Android or Linux code to use statvfs rather
than statfs, but code that needs to build on Darwin too will want to use
statvfs because Darwin's statfs is very spartan.

Bug: https://github.com/android-ndk/ndk/issues/609
Test: treehugger
Change-Id: Icf3d5723a260099fddb2d9f902e3047b0f041647
2019-08-29 21:57:58 -07:00
Ryan Prichard
665e98edf7 Merge "Add additional dl_phdr_info fields" 2019-08-23 20:45:54 +00:00
Ryan Prichard
a2e83ab348 Add additional dl_phdr_info fields
Previously, Bionic's dl_phdr_info only included the first four
dl_iterate_phdr fields. Several other libc's have these additional fields:

    unsigned long long dlpi_adds -- incremented when a library is loaded
    unsigned long long dlpi_subs -- incremented when a library is unloaded
    size_t dlpi_tls_modid -- TLS module ID
    void* dlpi_tls_data -- pointer to current thread's TLS block or NULL

These extra fields are also exposed by glibc, musl, and FreeBSD. The
unwinder in libgcc.a, linked into shipping Android DSOs, has a
PC->eh_frame cache that activates if dl_phdr_info has the dlpi_adds and
dlpi_subs fields (indicated at run-time by a sufficiently-large size
argument to the callback).

Bug: https://github.com/android-ndk/ndk/issues/1062
Test: bionic unit tests
Change-Id: I6f0bab548cf8c828af2ddab9eb01c5c6d70cd81f
2019-08-22 12:43:17 -07:00
Josh Gao
6a51013728 Reland "fdsan: make fatal by default."
The two tests known to be failing (installd_dexopt_test and BpfMapTest)
have been fixed, so let's try this again.

This reverts commit 76351e3e3f.

Bug: http://b/137788030
Bug: http://b/139092341
Bug: http://b/139175951
Test: treehugger
2019-08-20 17:59:14 -07:00
Treehugger Robot
2fbbc253f6 Merge "Fix OOB read in fortify str[np]cpy implementations found by hwasan." 2019-08-15 05:26:43 +00:00
Pete Gillin
c6c17ac1e8 Merge "Revert "fdsan: make fatal by default."" 2019-08-09 11:29:36 +00:00
Pete Gillin
76351e3e3f Revert "fdsan: make fatal by default."
This reverts commit 66b5e3ca19.

Reason for revert: Causes installd_dexopt_test to fail. Presumably there is an existing issue which this change is turning into a hard fail, so that needs to be fixed before this can be rolled forwards. See b/139092341.

Bug: 139092341
Bug: 137788030
Change-Id: I1beccddff64c86541bc003b9b009f4046ec9cbf1
2019-08-09 11:18:39 +00:00
Peter Collingbourne
a51bded572 Fix OOB read in fortify str[np]cpy implementations found by hwasan.
The fortify implementations of stpncpy and strncpy read out of bounds and
only then check that they did so. This causes newer versions of hwasan
to complain during the fortify tests as a result of the new support for
byte-precise error checks. Move the bounds check into the loop so that it
is detected before the load.

Test: bionic-unit-tests
Change-Id: Id990a4a0217f6c4b39bba60ff41776875615fcb4
2019-08-08 18:54:31 -07:00
Tom Cherry
5dea560e4c Merge "Remove now unneeded #undef in __cxa_guard.cpp" 2019-08-07 23:04:50 +00:00
Josh Gao
592b5f52fd Merge "fdsan: make fatal by default." 2019-08-07 19:53:40 +00:00
Josh Gao
66b5e3ca19 fdsan: make fatal by default.
Make fdsan fatal by default on native processes, and Java processes that
target R or later.

Bug: http://b/137788030
Test: manual
Change-Id: I5900efc606fc0d47b69223574ad7dca89afe4eda
2019-08-07 19:53:14 +00:00
Tom Cherry
08baac348c Remove now unneeded #undef in __cxa_guard.cpp
Before aosp/1086558, this was needed, since we would have
_USING_LIBCXX defined, yet <atomic> was not available, so we'd run
into compiler issues.  After that change, we're using
__has_include(<atomic>) so this is no longer an issue.

Test: build
Change-Id: Ia81d343000e7d90f07422120fc1e1eb5becb01aa
2019-08-07 11:10:22 -07:00
Peter Collingbourne
6533208aaa linker: Add library load and unload hooks for HWASan.
These hooks notify the HWASan runtime library whenever a library is loaded
or unloaded so that it can update its shadow memory.

Bug: 138159093
Test: walleye_hwasan-userdebug boots with+without https://reviews.llvm.org/D65770
Change-Id: I6caf2a6540ed2c0d94db444e806a3c7ba504cabb
2019-08-05 16:51:01 -07:00
Ryan Prichard
d5c0a508bc Merge "Name stack+tls VMAs with PR_SET_VMA_ANON_NAME" 2019-07-24 20:46:32 +00:00
Yi Kong
7b50f7d51e Add missing nothrow attribute
The upcoming compiler update emits warning about the missing nothrow
attribute:

  bionic/libc/bionic/jemalloc.h:33:5: error: 'je_mallctl' is missing exception specification '__attribute__((nothrow))' [-Werror,-Wmissing-exception-spec]
  int je_mallctl(const char *name, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
      ^
                                                                                           __attribute__((nothrow))
  external/jemalloc_new/include/jemalloc/jemalloc.h:230:38: note: previous declaration is here
  JEMALLOC_EXPORT int JEMALLOC_NOTHROW    je_mallctl(const char *name,
                                          ^
  external/jemalloc_new/include/jemalloc/jemalloc_rename.h:12:22: note: expanded from macro 'je_mallctl'
  #  define je_mallctl je_mallctl

Test: build with clang r365631
Bug: 131328001
Change-Id: Ia8b6f47d38e5a003b6282f10724b65b1f971ba84
2019-07-23 15:03:16 -07:00
Ryan Prichard
03cef383ba Name stack+tls VMAs with PR_SET_VMA_ANON_NAME
Bionic creates a single thread mapping to hold a thread's stack and static
TLS memory. Use PR_SET_VMA_ANON_NAME to name this region
"stack_and_tls:tid". dumpsys meminfo can report this region as "Stack"
memory.

The main thread's memory is instead named stack_and_tls:main, and the VMA
is renamed to stack_and_tls:main in a post-fork child.

For the main thread, and threads using pthread_attr_setstack, Bionic still
creates the stack_and_tls mapping, but it only has TLS memory in it.

Bug: http://b/134795155
Test: run "dumpsys meminfo" and verify that this CL increases the reported
  stack memory usage from about 4MB to 21MB.
Change-Id: Id1f39ff083329e83426130b4ef94222ffacb90ae
Merged-In: Id1f39ff083329e83426130b4ef94222ffacb90ae
2019-07-23 02:06:51 +00:00
Tom Cherry
5a8482ef8f Merge "Load /etc/{passwd,group} from all partitions" 2019-07-19 18:00:41 +00:00
Tom Cherry
800c1a9707 Fix pthread_cond_clockwait() when cond is initialized with CLOCK_MONOTONIC
A bit of over-reliance on implementing pthread_cond_clockwait() in
terms of existing functions ended up with a bug that if the condition
variable was initialized to use CLOCK_MONOTONIC, then
pthread_cond_clockwait() would do the wrong thing.

This change corrects that and adds a test for this case.

Test: new and existing tests pthread_cond unit tests
Change-Id: I708d5dfbef95a67678db56dceda011f2f8fd1c5c
2019-07-17 10:46:47 -07:00
Tom Cherry
69010802d0 Implement new clock wait functions
pthread_cond_clockwait
pthread_mutex_clocklock
pthread_rwlock_clockrdlock
pthread_rwlock_clockwrlock
sem_clockwait

Bug: 35756266
Test: new unit tests
Change-Id: I71bd25eeec6476134b368d5bdf2f729d0bba595e
2019-07-15 09:06:19 -07:00
Treehugger Robot
34d11e52af Merge "Avoid calling snprintf in bionic_trace_begin." 2019-07-11 23:39:38 +00:00
Josh Gao
e1d121bef6 Avoid calling snprintf in bionic_trace_begin.
snprintf always calls free (on a null pointer) in its epilogue, which
results in infinite recursion if free calls a function that calls
bionic_trace_begin (e.g. when perfetto attempts to lock a mutex in
RecordFree).

Bug: http://b/137284735
Test: treehugger
Change-Id: I51c5b32e8f4e394be4602e06c7b94797df73c37b
2019-07-11 13:00:26 -07:00
Tom Cherry
777b34dcc3 Load /etc/{passwd,group} from all partitions
Note that unlike the oem_ range that is used for the vendor
partitions, we do not create oem_<n> entries for these new reserved
ranges; they will only appear in getpwent()/getgrent() if there is an
entry in the corresponding passwd/group file.

Bug: 73062966
Test: can load AIDs from partitions other than vendor
Test: bionic-unit-tests
Change-Id: Ifcbbf202894adff948eaaba2a59e25c993611140
2019-07-11 10:31:02 -07:00
Christopher Ferris
3d0bafb945 Do not check tcache clear when doing a purge.
On systems where the tcache is disabled, the tcache clear option will
fail, and not really do a purge.

Bug: 137037462
Bug: 136236080

Test: Built taimen as malloc svelte and verified the M_PURGE mallopt
Test: call failed before this fix and passes afterwards.
Change-Id: Ib30e5f3e083a9c6d046adff30f2aa7eacaf6df10
2019-07-08 15:15:01 -07:00
Elliott Hughes
b2bd7c575e Merge "libnetd_client: support hooking sendto/sendmsg/sendmmsg too." 2019-06-24 15:04:25 +00:00
George Burgess IV
36bc922772 Merge changes I33957ad4,I02f8f87d,Iba04e486
* changes:
  fortify: replace bzero/bcmp defines
  fortify: add __mempcpy_chk
  fortify: fix overflow checks in unistd
2019-06-21 00:18:44 +00:00
George Burgess IV
261b7f4867 fortify: replace bzero/bcmp defines
__builtin_*_chk will emit warnings when things are trivially broken.
Emitting errors instead is probably better (and we can be a bit smarter
about how we emit code for trivially safe cases.)

Bug: 131861088
Test: checkbuild + bionic-unit-tests on blueline
Change-Id: I33957ad419922d0760304758ecb9bc8ad33e0b64
2019-06-20 13:05:23 -07:00
Elliott Hughes
5c6a3f9fbc libnetd_client: support hooking sendto/sendmsg/sendmmsg too.
Samsung has asked for this for KNOX.

Test: treehugger
Change-Id: Iffaace9f8cb265ce8c911472989c9829cbf91a42
2019-06-20 08:32:24 -07:00
Elliott Hughes
50080a29f7 Remove the ___ hack.
Plain __ for generated syscalls didn't mean it was a hidden symbol, it
just meant "please don't use this". We added ___ to signify that a
hidden symbol should be generated, but then we added the map files
anyway so you now have to explicitly export symbols. Given that, this
convention serves no particular purpose so we may as well just use the
nicer names have everything look the same.

Test: treehugger
Change-Id: If424e17a49c36f4be545f5d283c4561a6ea9c7ea
2019-06-19 15:38:42 -07:00
Marco Nelissen
745137c827 Merge "Fix overflow check in malloc_limit" 2019-06-18 20:10:01 +00:00
Marco Nelissen
323431bc27 Fix overflow check in malloc_limit
Bug: 135201859

Change-Id: I78dcc497cb100ab1d5f4144e2774437891719ca3
2019-06-18 10:15:28 -07:00
George Burgess IV
849c0b9f51 fortify: add __mempcpy_chk
Bug: 131861088
Test: mma + bionic-unit-tests on blueline
Change-Id: I02f8f87d5db0ba5fecec410da32f6ffa2c98ef57
2019-06-13 23:29:37 -07:00
George Burgess IV
2356c93d39 fortify: add bit checking for open(at)?64 functions
This also adds _2-variants for these functions, for extra glorious
checking

Bug: 131861088
Test: mma
Change-Id: I80475ff4bb220c0c47894e9532426f53412f176f
2019-06-13 23:26:02 -07:00
Tom Cherry
6b116d1bbf Make 'app' users/groups more accurate
In an attempt to make bionic's reporting of users and groups more
accurate, this change makes the user / group functions do the
following:

1) Fail to query a uid/gid for a secondary user when the uid/gid
   doesn't exist.  Currently bionic would return successfully but with
   a empty string for the name.
2) Fail to query a platform uid/gid, except a limited pre-allocated
   set for a secondary user, as these are not used by second users.
3) Fail to query uids for all users for the GID-only app ranges:
   CACHE_GID, EXT_GID, EXT_CACHE_GID, SHARED_GID.
4) Fail to query gids in SHARED_GID range for secondary users, as
   these GIDs are only allocated for the first user.
5) Use "u#_a#_ext" and u#_a#_ext_cache" for EXT_GID and EXT_CACHE_GID
   ranges.  This both allows querying based on these names and
   returning these names for the appropriate uids/gids.

This also consolidates the tests for better readability.

Test: these unit tests, boot

Change-Id: I59a1af0792e7806d423439582e56ce7f9f801c94
2019-05-29 15:54:50 -07:00
Florian Mayer
9fc9509b52 Log when trying to profile non profilable app.
Change-Id: I91b489d3ff78ab7153ae1a7854ae448e87a6e8da
2019-05-29 10:31:17 +01:00
Pirama Arumuga Nainar
17e7c75265 Disable native_coverage for scudo-related libraries
Bug: http://b/133379274
Bug: http://b/133322197

Test: coverage-enabled mediaextractor, which uses scudo, no longer
crashes during llvm_gcov_init.

Change-Id: I85a0cc91a2fbd8433823769c3032ec2591424e55
2019-05-22 22:18:37 -07:00
Treehugger Robot
e1276ba538 Merge "pwd/grp: fix pwd _r reentrancy, new tests, clean up" 2019-05-21 18:29:33 +00:00
Tom Cherry
c57c5bdb7f pwd/grp: fix pwd _r reentrancy, new tests, clean up
getpwnam_r() and getpwuid_r() clobber the storage used by getpwnam()
and getpwuid().  This isn't likely to be a big issue, but since we do
this right for the group functions, fix this as well as add a test.
Both use more space in buf than is actually required, but well below
their sysconf() suggested values, so we accept that to keep the code
concise.

Add tests for dealing with unaligned input buffers, particularly for
getgrnam_r() and getgrgid_r(), as they require alignment but this
wasn't being tested.

Refactor common initialization code for both passwd and group state
structs.

Remove extraneous null pointer checks; the values they were testing
were offsets of a previous pointer, so guaranteed to never actually be
null.  If the underlying pointer is actually null, we're beyond repair
anyway, so accept that we'll crash.

Test: pwd/grp unit tests

Change-Id: I60c4d00e9ab3cf55daf8314c5029fd914025b696
2019-05-15 15:49:34 -07:00
Christopher Ferris
23c056dbcb Add removed platform functions used by apps.
Added get_malloc_leak_info and free_malloc_leak_info for arm 32 bit
only so that the kindle app will continue to run.

Bug: 132175052

Test: Ran kindle app, read pdf file. Verified libKindleReaderJNI.so
Test: is loaded in memory properly.
Change-Id: Ib1ea3a37b3729f9bcc2739c5f3a584ea8f66d200
Merged-In: Ib1ea3a37b3729f9bcc2739c5f3a584ea8f66d200
(cherry picked from commit 235f35a266)
2019-05-08 15:43:25 -07:00
Florian Mayer
0633e569bc Merge "Match maximum command line size for startup tracing." 2019-05-07 10:34:05 +00:00
Florian Mayer
f6d221eeed Match maximum command line size for startup tracing.
Fix too small buffer for the startup property not accounting for the
prefix.

Bug: 131893397

Change-Id: Iad2398bc09c61b1144430bcbef58e5a832b85b0a
2019-05-03 17:37:47 +01:00
Christopher Ferris
db9706afc3 Fix malloc_info missing large allocs.
Also change the names of some of the functions to make it very obvious
that the functions being called are in je code.

Write new test to make sure mallinfo and malloc_info match.

Bug: 131864803

Test: New unit tests pass (along with all other bionic unit tests).
Change-Id: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
Merged-In: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
(cherry picked from commit 125d32cb46)
2019-05-03 07:21:45 -07:00
Christopher Ferris
0f710fd593 Make purging clear the current thread cache too.
Bug: 131362671

Test: Ran bionic unit tests.
Test: Wrote a test that did a purge and verified that the tcache->ncached
Test: number went from 3 to 0. Also verified that mallinfo reflects the
Test: cached entries being flushed.
Change-Id: I64e35618fa3b523cf29bdaceedef676abe440dd3
2019-05-01 13:26:46 -07:00
Tom Cherry
0cd818a377 Merge "Allow device launched before Q to use legacy OEM AID value" 2019-04-29 15:25:25 +00:00
Nick Kralevich
560de5f5c7 Don't honor LIBC_HOOKS_ENABLE across a security boundary
Similar to the way we handle LIBC_DEBUG_MALLOC_OPTIONS
(bug 68003719), filter LIBC_HOOKS_ENABLE when we cross a
security boundary. This prevents modifying the allocation
behavior of a privileged program.

Introduced in
db478a6274%5E%21/#F0
(bug 30561479)

Test: compiles and boots
Change-Id: I59a7c224734b0991fd62efb45ab599dab8570723
2019-04-26 12:58:00 -07:00
Nick Kralevich
99cec1892d Don't honor LD_CONFIG_FILE across security transitions
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.

Commit 02586a2a34 ("linker: the
global group is added to all built-in namespaces", Aug 2017) added
support for the environment variable LD_CONFIG_FILE. This debug build
only feature allows the caller to specify the path to the loader
configuration file. Like other linker environment variables, setting
this variable allows the calling process to control executed code of the
called process, which has security implications (on debuggable builds
only).

Add LD_CONFIG_FILE to UNSAFE_VARIABLE_NAMES. This has the effect of
stripping, on all build types, the LD_CONFIG_FILE environment variable.
This has three advantages:

1) Prevents security bugs should LD_CONFIG_FILE ever be inadvertantly
exposed on a production build.
2) Makes the behavior of userdebug and user builds more similar, helping
prevent build-type dependent bugs where someone may come to rely on this
debug-only feature.
3) Protect droidfood users against malicious applications which can
trigger a security transition, eg, the execution of crash_dump or the
renderscript compiler.

Alternative considered but rejected:

If we treated LD_CONFIG_FILE like LD_PRELOAD, we could expose this on
all build types, and remove the build-type dependent behavior. But this
is contrary to enh's Aug 02 2017 guidance at
https://android-review.googlesource.com/c/platform/bionic/+/449956

  i'm still uncomfortable about LD_CONFIG_FILE because i'd like
  to be reducing the number of environment variables that affect
  the linker in P rather than increasing them.

Test: atest CtsBionicTestCases
Test: atest linker-unit-tests
Change-Id: I82d286546ee079b5cde04428dc89941c253c2d20
2019-04-26 12:08:54 -07:00
Tom Cherry
b368a0b2e4 Allow device launched before Q to use legacy OEM AID value
Devices launched before Q may be using OEM defined AID that are not in
the OEM_RESERVED ranges. Those devices should be allowed to keep using
legacy oem AID values given it may not be possible to upgrade the
userdata and persist files through OTA.

Bug: 131095318
Test: bionic-unit-tests

Change-Id: I73fc0c452420be5287adcacb36a1e772acc9bb3e
2019-04-25 09:26:48 -07:00
dimitry
c7b81108b4 Make pthread_get/setschedparam weak for native bridge
Bug: http://b/130825973
Test: run affected app on cuttlefish
Change-Id: I776f26f5eaebdfdb1256ff621bd05ef5a90b852a
2019-04-25 16:43:24 +02:00
Tom Cherry
731ed0fb52 Merge "Refactor some pieces of grp_pwd.cpp" 2019-04-24 23:02:06 +00:00
Tom Cherry
5fb07634c3 Refactor some pieces of grp_pwd.cpp
We loop through android_ids in many functions, but this can be
consolidated into find functions.

Test: bionic-unit-tests
Change-Id: I70c423affe49090a93e999c72bb4c84a068de5d8
2019-04-24 13:37:11 -07:00
Elliott Hughes
8c3140a612 Merge "threads.h: Add C11 thread support." 2019-04-24 20:33:08 +00:00
Elliott Hughes
4206711352 threads.h: Add C11 thread support.
FreeBSD, glibc, and musl have all implemented C11 threads at this
point. POSIX is looking at how to align with it. Probably time to jump
on the bandwagon ourselves...

Implemented in the same style as <termios.h> so we can provide this
functionality even on older API levels. This does mean that this is
strictly more expensive than calling pthread functions directly.

Although this isn't in POSIX yet, assume that it's going to be basically
the same as C11 and add the header test anyway. We should revisit this
when POSIX actually adds <threads.h>.

Test: new tests
Change-Id: I8602d67ce71ca7f8ed1529daa0a8ea1feb083dd6
2019-04-24 09:12:29 -07:00
Christopher Ferris
31fe3c637e Merge "Move all leak info functions to android_mallopt." 2019-04-23 17:45:01 +00:00
Ryan Prichard
b250766282 Merge "PIMutexUnlock: load owner_tid in non-common case" 2019-04-22 21:09:52 +00:00
Ryan Prichard
f32e1a1f50 Merge "Comment about lock destruction and unlocking" 2019-04-22 21:09:44 +00:00
Elliott Hughes
390be50067 Workaround ASan not knowing about reallocarray.
Ensure we call realloc@plt rather than (as was previously happening)
inlining realloc into reallocarray, which makes the allocation invisible
to ASan.

Bug: http://b/129989984
Test: objdump
Change-Id: If8a43cba11aa5a2f2f62bacd02ef6ef4032e0dbb
2019-04-20 22:18:49 -07:00
Ryan Prichard
aca110173f Comment about lock destruction and unlocking
Add a couple of comments explaining that a mutex can be freed during
the unlock call, immediately after the unlock's atomic exchange call but
before its futex wakeup call.

Bug: http://b/129744706
Test: bionic unit tests
Change-Id: I2d290ebde880f46866098d022720896039e7022e
2019-04-19 17:16:25 -07:00
Ryan Prichard
4b6c0f5dce PIMutexUnlock: load owner_tid in non-common case
For a recursive or errorcheck PI mutex, the old_owner variable wasn't
being initialized. As a result, unlocking a doubly-locked recursive
mutex owned by another thread decremented the mutex counter. Instead, the
unlock call should fail with EPERM.

Bug: http://b/130841532
Test: bionic-unit-tests
Test: bionic-unit-tests-glibc --gtest_filter='pthread.pthread_mutex_lock*'
Change-Id: I37adb094cb2ce8d51df7b4f48e8d6bc144436418
2019-04-19 17:16:16 -07:00
Christopher Ferris
30659fd243 Move all leak info functions to android_mallopt.
Bug: 130028357

Test: malloc_hooks unit tests.
Test: Enable backtrace for mediaserver, run dumpsys media.player -m
Test: Enable backtrace for calendar, run am dumpheap -n <PID> <FILE>
Change-Id: I6774e28ccd9b3f2310127a5b39ccd15fe696a787
Merged-In: I6774e28ccd9b3f2310127a5b39ccd15fe696a787
(cherry picked from commit 3aadc5e80a)
2019-04-19 11:27:02 -07:00
Christopher Ferris
8189e77bbb Remove gMallocLeakZygoteChild.
Remove this global variable and change the setting of it to non-zero
to a call to android_mallopt.

In addition, change the initialize function to use pass a bool* instead of
int*.

Bug: 130028357

Test: Ran malloc_debug/malloc_hooks/perfetto tests.
Change-Id: I20d382bdeaaf38aac6b9dcabea5b3dfab3c945f6
Merged-In: I20d382bdeaaf38aac6b9dcabea5b3dfab3c945f6
(cherry picked from commit 5225b342f0)
2019-04-16 11:22:06 -07:00
Jiyong Park
5569650721 Don't load libc_malloc_* libs from runtime ns for libc_scudo
malloc_common_dynamic.cpp is compiled into both libc.so and
libc_scudo.so. When compiled for libc_scudo.so, it doesn't try to load
libc_malloc_* libs from the runtime linker namespace. This is because,
unlike libc.so which is shared from the runtime APEX, libc_scudo.so is
copied to any APEX that it needs. Furthermore, libdl_android which
provides android_get_exported_namespace is not available for vendors. So
the vendor variant of libc_scudo.so can't anyway locate the runtime
namespace.

Bug: 130213757
Bug: 122566199
Test: `m libc_scudo libc_scudo` is successful
Test: inspect the built library to see if it has reference to
android_get_exported_namespace

Merged-In: I4c41de361fdb3fa34b95218923f4ce4e9c010f9e
Change-Id: I4c41de361fdb3fa34b95218923f4ce4e9c010f9e
(cherry picked from commit ff94a13d2d)
2019-04-11 21:37:59 +09:00
Jiyong Park
3ff116a68c Load libc_malloc_* libraries from the runtime APEX
/system/lib/libc.so is a symlink to libc.so in the runtime APEX.
libc_malloc_* libraries are bundled with libc.so because they share
implementation details.

However, since libc.so is loaded in the default namespace where the
runtime APEX path (/apex/com.android.runtime/lib) is not accessible,
libc.so has been using libc_malloc_* from /system/lib. This is
wrong because libc.so (from the runtime APEX) and libc_malloc_* (from
the platform) may not be in-sync.

libc.so now uses android_dlopen_ext to load libc_malloc_* libraries
correctly from the "runtime" linker namespace.

Bug: 122566199
Test: bionic-unit-tests

Merged-In: I46980fbe89e93ea79a7760c9b8eb007af0ada8d8
Change-Id: I46980fbe89e93ea79a7760c9b8eb007af0ada8d8
(cherry picked from commit 4e46ac69c2)
2019-04-11 21:36:16 +09:00
Ryan Prichard
93ea856949 Merge changes I59a8bc4a,Ic437d352
* changes:
  Fix dlsym and dladdr for TLS symbols
  Fix BionicAllocator comment
2019-04-04 20:38:47 +00:00
Christopher Ferris
e6fd53b751 Merge "Disable info messages by default for malloc debug." 2019-04-02 19:46:29 +00:00
Christopher Ferris
c328e4465d Disable info messages by default for malloc debug.
Add a new option verbose for malloc debug that is not enabled by default.
This disables all of the info log messages. It turns out these log
messages can add a measurable amount of time and can change the boot up.

Bug: 129239269

Test: Adjusted unit tests pass.
Test: Verified no messages unless verbose option used.
Change-Id: I805cb7c8ecb44de88119574e59d784877cacc383
2019-04-02 10:55:21 -07:00
Ryan Prichard
db6edcca36 Fix BionicAllocator comment
Test: n/a
Bug: none
Change-Id: Ic437d35231b47553add49e20d7ee451d42db710c
2019-04-01 16:17:59 -07:00
Christopher Ferris
fc26d71af1 Create a lib that uses scudo instead of jemalloc.
The media processes already use scudo as their allocator. However, it
doesn't really correctly replace the normal allocation functions, so create
a set of wrappers that allow us to use scudo closer to how jemalloc is used.

This is only a temporary change, and should be removed for the next
release of Android. In that version, we will be using standalone
scudo which won't require this wrapper code.

Bug: 123689570

Test: Ran new bionic unit tests. There are failures, but only with
Test: extensions that scudo does not support.

Change-Id: I0516c23d654a9b6c69b157c5501245d2e0b3d264
2019-04-01 13:02:49 -07:00
Christopher Ferris
1e3758e7a2 Fix double initialization call.
The previous refactor left a double call to the initialization of
the loaded hooks. Remove the unnecessary call.

Bug: 129239269

Test: All unit tests pass. No double printing of init messages.
Change-Id: Ie980f2383c75d69f8b06bf9a431bb59caef21188
2019-03-28 17:12:26 +00:00
Peter Collingbourne
feb5ed1b54 Use PR_SET_VMA_ANON_NAME to name the abort message mapping.
This makes it easier for tools to find the mapping. I am planning
to use this in crashpad to add HWASAN reports to the minidump.

Bug: http://crbug.com/crashpad/287
Change-Id: I600e551ef26d6ff62849319365d77912afa82fde
2019-03-27 16:50:27 -07:00
Christopher Ferris
ce491abe24 Increase the allocation limit again.
Still getting a few flakes, so double the allowed tries.

Bug: 128872105

Test: Test passes.
Change-Id: I0fb3d74655eaece6660dec26a2a1d01430ef8fbc
2019-03-26 15:47:07 -07:00
Elliott Hughes
886370c240 Fix internal uses of _PATH_BSHELL.
We regressed on this recently: code under the upstream-* directories has
_PATH_BSHELL defined as a call to __bionic_get_shell_path(). In our own
code, we may as well just call it directly.

Bug: https://issuetracker.google.com/129030706
Test: ran tests
Change-Id: Ic2423f521272be95e67f94771772fe8072636ef0
2019-03-25 17:28:22 -07:00
Peter Collingbourne
d75e308e61 Call __hwasan_init_static() during libc startup in statically linked executables.
__hwasan_init() was segfaulting when called from here because it
was calling into libc functions which required more of libc to be
initialized. Instead, call __hwasan_init_static(), which does a
minimal amount of initialization for statically linked executables,
just enough that we can run instrumented code. __hwasan_init() itself
will end up being called later (most likely from a global ctor)
after libc is fully initialized.

We'll need to wait for LLVM r352816+r352823 to land in our toolchain
before landing this.

Change-Id: I12ffc7e08f6dd161e4ff2088f8d56265af7baedf
2019-03-19 21:56:17 -07:00
Peter Collingbourne
b62888b709 Merge "Increase the size of the shadow call stack guard region to 16MB." 2019-03-19 23:29:05 +00:00
Christopher Ferris
9b78aa3529 Increase num tries before failing.
Bug: 128872105

Test: Ran the android_mallopt.set_allocation_limit_multiple_threads test
Test: a thousand times on taimen.
Change-Id: I67a474c53cd6eda8106feac99aee8e7b0bee1254
2019-03-18 21:45:36 -07:00
Peter Collingbourne
149ce93056 Add missing #include.
Fixes sanitizer build.

Test: walleye_hwasan-userdebug builds
Change-Id: If7890dbf2e715ca89b68f5c39c6ffbd24f15f2c2
2019-03-15 22:45:06 -07:00
Christopher Ferris
1fc5ccfe76 Add a platform API for setting an allocation limit.
Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(),
which can be used to set an upper bound on the total size of all
allocations made using the memory allocation APIs.

This is useful for programs such as audioextractor and mediaserver
which need to set such a limit as a security mitigation. Currently
these programs are using setrlimit(RLIMIT_AS) which isn't exactly
what these programs want to control. RLIMIT_AS is also problematic
under sanitizers which allocate large amounts of address space as
shadow memory, and is especially problematic under shadow call stack,
which requires 16MB of address space per thread.

Add new unit tests for bionic.

Add new unit tests for malloc debug that verify that when the limit
is enabled, malloc debug still functions for nearly every allocation
function.

Bug: 118642754
Test: Ran bionic-unit-tests/bionic-unit-tests-static.
Test: Ran malloc debug tests and perfetto integration tests.
Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
2019-03-15 10:54:55 -07:00
Christopher Ferris
fa10a3aa9a Add malloc_info for sanitizer.
Test: hwasan builds.
Change-Id: I39267c642af75b1ebb99633f25959638cc39628c
2019-03-08 11:11:27 -08:00
Christopher Ferris
6c619a0da3 Refactor the malloc_info code.
malloc_info needs to be per native allocator, but the code treated it
like a global function that doesn't depend on the native memory allocator.

Update malloc debug to dump the actual pointers that it has been tracking.

Test: bionic-unit-tests pass.
Test: malloc debug tests pass.
Test: malloc hook tests pass.
Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e
Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e
(cherry picked from commit a3656a98b1)
2019-03-07 08:39:55 -08:00
Christopher Ferris
a22f5d5175 Make aligned_alloc match the standard.
Jemalloc does not verify that the size parameter is a multiple of
alignment. Fix this since it only went into P.

Fix the unit tests, and fix malloc debug/malloc hooks to handle this
new restrictive behavior.

Bug: 126944692

Test: Ran bionic unit tests.
Test: Ran bionic unit tests with malloc hooks enabled (no new tests fail).
Test: Ran bionic unit tests with malloc debug enabled (no new tests fail).
Test: Ran malloc debug unit tests.
Change-Id: I4d50785928815679c781ca729f998454d76b9192
2019-03-01 23:56:23 -08:00
Treehugger Robot
0771b752f1 Merge "Workaround string-plus-int warning" 2019-03-01 02:21:16 +00:00
Yi Kong
4ca9a6b576 Workaround string-plus-int warning
The upcoming compiler warns against adding string and int:
In file included from bionic/libc/bionic/strsignal.cpp:41:
  bionic/libc/private/bionic_sigdefs.h:58:1: error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
  __BIONIC_SIGDEF(SIGWINCH,  "Window size changed")
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  bionic/libc/bionic/strsignal.cpp:40:83: note: expanded from macro '__BIONIC_SIGDEF'
  #define __BIONIC_SIGDEF(signal_number, unused) [ signal_number ] = #signal_number + 3,
                                                                     ~~~~~~~~~~~~~~~^~~

Use array indexing index to avoid this warning.

Test: m checkbuild
Change-Id: Ib5e20edbf5bac76352df0484dd233d0621beb4e9
2019-02-28 15:54:58 -08:00
Nick Kralevich
7fa3b47813 Ensure STDIN/STDOUT/STDERR always exist
File descriptor confusion can result if a process is exec()d and
STDIN/STDOUT/STDERR do not exist. In those situations, the first,
second, and third files opened by the exec()d application will have FD
0, 1, and 2 respectively. Code which reads / writes to these STD* file
descriptors may end up reading / writing to unintended files.

To prevent this, guarantee that FDs 0, 1, and 2 always exist. Bionic
only currently guarantees this for AT_SECURE programs (eg, a setuid
binary, setgid binary, filesystem capabilities, or SELinux domain
transition).

Extending this to all exec()s adds robustness against this class of
bugs. Additionally, it allows a caller to do:

  close(STDIN_FILENO);
  close(STDOUT_FILENO);
  close(STDERR_FILENO);

and know that the exec()d process will reopen these file descriptors on
its own. This has the potential to simplify other parts of Android, eg
https://android-review.googlesource.com/c/platform/system/apex/+/915694

Steps to reproduce:

  sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID

Expected:

  $ sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID
  [1] 3154
  total 0
  dr-x------ 2 shell shell  0 1970-04-17 12:15 .
  dr-xr-xr-x 9 shell shell  0 1970-04-17 12:15 ..
  lrwx------ 1 shell shell 64 1970-04-17 12:15 0 -> /dev/null
  lrwx------ 1 shell shell 64 1970-04-17 12:15 1 -> /dev/null
  lrwx------ 1 shell shell 64 1970-04-17 12:15 2 -> /dev/null
  $
  [1] + Terminated           \sleep 100 <&- >&- 2>&-

Actual:

  $ sleep 100 <&- >&- 2>&- & BGPID=$! && ls -la /proc/$BGPID/fd && kill $BGPID
  [1] 16345
  total 0
  dr-x------ 2 shell shell 0 2019-02-28 20:22 .
  dr-xr-xr-x 9 shell shell 0 2019-02-28 20:22 ..
  $
  [1] + Terminated           \sleep 100 <&- >&- 2>&-

Test: manual (see above)
Change-Id: I3e05700a1e8ebc7fc9d192211dd9fc030cc40139
2019-02-28 13:06:07 -08:00
Elliott Hughes
a21f6cca06 Log when malloc functions fail.
This shouldn't happen often, and resulting failures can be hard to debug.

From the bionic unit tests now:

  W libc    : malloc(18446744073709551615) failed: returning null pointer
  W libc    : calloc(18446744073709551615, 100) failed: returning null pointer
  W libc    : calloc(1, 18446744073709551615) failed: returning null pointer
  W libc    : calloc(18446744073709551615, 18446744073709551615) failed: returning null pointer
  W libc    : calloc(2, 18446744073709551615) failed: returning null pointer
  W libc    : calloc(18446744073709551615, 2) failed: returning null pointer
  W libc    : memalign(4096, 18446744073709551615) failed: returning null pointer
  W libc    : realloc(0x0, 18446744073709551615) failed: returning null pointer
  W libc    : realloc(0x75d7526070, 18446744073709551615) failed: returning null pointer
  W libc    : reallocaray(0x0, 9223372036854775812, 2) failed: returning null pointer
  W libc    : reallocaray(0x0, 2, 9223372036854775812) failed: returning null pointer

Bug: http://b/12821450
Test: ran tests
Change-Id: Ib176814404f4ba1297416dd3e1edd721bf59aeed
2019-02-26 12:22:38 -08:00
Christopher Ferris
503c17bae7 Fix wrong variable reference.
Bug: 125891203

Test: Verify that setting the program property to "" doesn't trigger
Test: heapprofd.
Change-Id: Id27cbb92c7a120d02151e29be993f369230c2de8
2019-02-22 12:47:23 -08:00
Dan Albert
a535d3ca65 Make static ifunc resolvers optional.
Gold isn't emitting these symbols, so we don't necessarily have the
support for them (gold is still the default for most architectures in
the NDK).

Test: bionic static unit tests
Bug: None
Change-Id: Ifc360cb6c26571fb3f0309adb0faf0af7ee5b36f
2019-02-20 12:44:19 -08:00
Elliott Hughes
f84d0a95bd Merge "libasync_safe: stop clobbering other folks' identifiers." 2019-02-16 00:12:51 +00:00
Elliott Hughes
3019d78d4a libasync_safe: stop clobbering other folks' identifiers.
The log priorities and ids are in an NDK header, available to everyone.

Move CHECK into its own header for now. This would be better if it was
more like the <android-base/logging.h> CHECK family, but I don't have an
easy way to do that without lots of copy & paste, so punting for now.

Bug: https://issuetracker.google.com/issues/119713191
Test: boots
Change-Id: I4566be8a0a024fede0e2d257c98b908ec67af2a8
2019-02-14 14:23:13 -08:00
Christopher Ferris
2822856e98 Avoid heapprofd init when other hooks enabled.
All of the heapprofd code assumes that it's the only hook that
has been enabled. Enforce that by disallowing heapprofd from
enabling if malloc debug or malloc hooks have been enabled.

Test: Ran all unit tests (bionic/malloc hooks/malloc debug/perfetto).
Test: Enabled malloc debug ran perfetto integration tests and verified
Test: that an error message goes to the log.
Change-Id: I506fbf1c5b8e4052855531fa0d161f5de06e6c1a
2019-02-14 10:23:58 -08:00
Christopher Ferris
883144719a Fix hwasan build.
Test: hwasan builds properly.
Change-Id: I3c911da08d1925b797423671e3beb72770a934b0
2019-02-13 22:15:28 -08:00
Christopher Ferris
e4cdbc4754 Refactor malloc common into distinct pieces.
The pieces:
- The malloc common shared by static and dynamic code (malloc_common.cpp).
- The code for shared libraries that includes any dlopen'ing
  (malloc_common_dynamic.cpp).
- The implementation of perfetto's heapprofd (malloc_heapprofd.cpp).

This makes it easier to see what's going on in the many different areas.
It should also make it easier to add the allocation capping option.

Other related changes:
- Update the unit tests for android_mallopt. All of the current options
  don't work on static binaries, so make sure that is reflected in the test.
- A few names changes to make sure that all code is consistent.

Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests).
Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
2019-02-12 14:19:07 -08:00
Ryan Prichard
808d176e7e Merge "Fix linker self-exec detection" 2019-02-08 22:33:11 +00:00
Ryan Prichard
1990ba5601 Fix linker self-exec detection
When the linker is invoked on itself, (`linker64 /system/bin/linker64`),
the linker prints an error, because self-invocation isn't allowed. The
current method for detecting self-invocation fails because the second
linker instance can crash in a constructor function before reaching
__linker_init.

Fix the problem by moving the error check into a constructor function,
which finishes initializing libc sufficiently to call async_safe_fatal.
The only important thing missing is __libc_sysinfo on 32-bit x86. The aux
vector isn't readily accessible, so use the fallback int 0x80.

Bug: http://b/123637025
Test: bionic unit tests (32-bit x86)
Change-Id: I8be6369e8be3938906628ae1f82be13e6c510119
2019-02-07 21:48:42 -08:00
Christopher Ferris
62e1e2c7e3 Modify malloc common function pointers.
Instead of every function being its own atomic, have a single
pointer that can be used to flip all pointers at once. This avoid cases
where the set of pointers can be in an partial switched state.

Also fix a few inconsistent naming of functions in the file.

Test: Ran unit tests (malloc debug, malloc hooks, perfetto).
Change-Id: I3f66da395414586a3fa87874d80dcdf5f702ed39
Merged-In: I3f66da395414586a3fa87874d80dcdf5f702ed39
(cherry picked from commit 77184aedaf)
2019-02-07 14:48:34 -08:00
Treehugger Robot
5569bc7d34 Merge "Eliminate ICU's .dat lookup from bionic" 2019-02-07 10:21:06 +00:00
Nikita Iashchenko
45f2d03ae5 Eliminate ICU's .dat lookup from bionic
Before this CL bionic did the following:

 * Finds the ICU .dat file with scandir()
 * Extracts the ICU version number from the file name. e.g. _63
 * dlopen() libicuuc
 * dlsym() necessary symbols, e.g. <symbol name>_<icu version>

Right now such ICU symbols are stored in libandroidicu.so and suffixed
with "_android", so it is responsible for "redirecting" to functions
with approriate version and we do not need to lookup the version on our
own. libicuuc is still available for NDK (and apps), and libandroidicu is
a subset of libicuuc and libicui18n.

After this CL bionic will do the following:

 * dlopen() libandroiicu
 * dlsym() <symbol_name>_android (without specific version suffix)

Bug: 122822987
Test: cts-tradefed run cts-dev -m CtsBionicTestCases
Change-Id: Iabd9f35b9c3462739fd2b18e60dcdc3e202031ac
2019-02-06 20:49:03 +00:00
Elliott Hughes
3912efa503 Merge "Pass caller names to __pthread_internal_find for better errors." 2019-02-04 16:42:27 +00:00
Treehugger Robot
c1d579798e Merge "Implement ifunc support for static executables." 2019-02-03 00:04:46 +00:00
Elliott Hughes
5bb113cba2 Pass caller names to __pthread_internal_find for better errors.
On http://b/122082295 we had this abort:

  12-27 15:29:31.237 10222 10814 10848 F libc    : invalid pthread_t 0xb1907960 passed to libc

This wasn't super helpful. We can do better. Now you get something like
this instead:

  03-27 02:34:58.754 25329 25329 W libc    : invalid pthread_t (0) passed to pthread_join

Test: adb shell crasher
Bug: http://b/123255692
Change-Id: I1d545665a233308480cc3747ec3120e2b6de0453
2019-02-01 16:31:10 -08:00
Peter Collingbourne
f1ed31ffe1 Increase the size of the shadow call stack guard region to 16MB.
Increasing the size of the guard region helps with the security of SCS,
but it's blocked on landing [1], which in turn is blocked on landing
[2]. Once those two CLs land we will be able to land this one.

[1] https://android-review.googlesource.com/c/platform/frameworks/av/+/837745
[2] https://android-review.googlesource.com/c/platform/bionic/+/818973

Bug: 118642754
Change-Id: I35409cbb6bfcd77e632567dd755376e345cfe67b
2019-01-31 14:37:34 -08:00
Florian Mayer
ccc0922653 Merge "Do not dlclose after failed reinit." 2019-01-30 17:26:18 +00:00
Florian Mayer
f671e036b9 Do not dlclose after failed reinit.
Update stale comment.

The reinitialization logic is tested in HeapprofdEndToEnd::ReInit in https://android.googlesource.com/platform/external/perfetto/+/master/src/profiling/memory/heapprofd_end_to_end_test.cc

Change-Id: Id496ee02e208d4f4cea7129b47ef327fb2bb67f2
2019-01-30 17:25:57 +00:00
Treehugger Robot
c676377cd3 Merge "Make trace end conform with other trace end prints" 2019-01-28 21:01:28 +00:00
Treehugger Robot
d5076ba63a Merge "Add tracepoints for pthread_create and pthread_join" 2019-01-28 21:01:24 +00:00
Ryan Prichard
ecdc451ccf Merge changes I3c9b1292,I05c28d6a,I788c4a95,If8cd798f,I1c8d1cd7, ...
* changes:
  Implement dynamic TLS accesses and allocation
  Implement TLS_DTPMOD and TLS_DTPREL relocations
  Ignore DT_TLSDESC_GOT / DT_TLSDESC_PLT
  Disable the dlfcn.dlopen_library_with_ELF_TLS test
  Add BionicAllocator::memalign
  Move the linker allocator into libc
  Replace some of linker_allocator's header includes
2019-01-28 19:32:59 +00:00
Philip Cuadra
77d0f90c7a Add tracepoints for pthread_create and pthread_join
Add additional tracepoints for clarity.

Test: cpatured trace with bionic, confirmed trace points
Change-Id: I4f9952c38a2637d53edb69ad99b43beb5a892da6
2019-01-28 10:59:02 -08:00
Philip Cuadra
7fc82c24ee Make trace end conform with other trace end prints
Add | to make bionic's trace end print match other trace end prints.

Test:  took systrace with bionic tag enabled
Change-Id: Ieabb139dd224aa8045be914f21c0432d42a93755
2019-01-28 10:48:49 -08:00
Florian Mayer
543b4013e7 Merge "Allow to reset malloc hooks." 2019-01-28 18:14:48 +00:00
Florian Mayer
db59b891ca Allow to reset malloc hooks.
This is used to prevent the additional indirection even after heap
profiling has finished, preventing any performance impact on processes
that are not currently being profiled.

Test: m
Test: flash sailfish
Test: try tearing down & re-enabling hooks

Bug: 120186127

Change-Id: Idc5988111a47870d2c093fd6a017b47e65f5616b
2019-01-28 15:01:50 +00:00
Ryan Prichard
16455b5100 Implement dynamic TLS accesses and allocation
Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and
any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation
counter, incremented in the linker, to signal when threads should
update/reallocate their DTV objects.

A generation count of 0 always indicates the constant zero DTV.

Once a DTV is allocated, it isn't freed until the thread exits, because
a signal handler could interrupt the fast path of __tls_get_addr between
accessing the DTV slot and reading a field of the DTV. Bionic keeps a
linked list of DTV objects so it can free them at thread-exit.

Dynamic TLS memory is allocated using a BionicAllocator instance in
libc_shared_globals. For async-signal safety, access to the
linker/libc-shared state is protected by first blocking signals, then by
acquiring the reader-writer lock, TlsModules::rwlock. A write lock is
needed to allocate or free memory.

In pthread_exit, unconditionally block signals before freeing dynamic
TLS memory or freeing the shadow call stack.

ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C".
(The header now includes a C++ template that doesn't compile inside
extern "C".)

Bug: http://b/78026329
Bug: http://b/123094171
Test: bionic unit tests
Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-25 17:53:01 -08:00
Peter Collingbourne
7a0f04cb8d Implement ifunc support for static executables.
A static executable is almost entirely statically relocated by the
linker, with the exception of IRELATIVE relocations, which must be
resolved by libc by enumerating the relocations using the special
linker-defined symbols __rela?_iplt_{start,end}. This patch implements
ifunc support by enumerating the relocations in this way.

Bug: 112482891
Test: /data/nativetest{,64}/bionic-unit-tests-static/bionic-unit-tests-static on walleye_hwasan-userdebug
Change-Id: Ia5522a190da0b86e095b141d5d4e68dd7dd4b695
2019-01-25 16:25:27 -08:00
Ryan Prichard
96773a2daf Add BionicAllocator::memalign
Bionic needs this functionality to allocate a TLS segment with greater
than 16-byte alignment. For simplicity, this allocator only supports up
to one page of alignment.

The memory layout changes slightly when allocating an object of exactly
PAGE_SIZE alignment. Instead of allocating the page_info header at the
start of the page containing the pointer, it is allocated at the start
of the preceding page.

Bug: http://b/78026329
Test: linker-unit-tests{32,64}
Change-Id: I1c8d1cd7ca72d113bced5ee15ba8d831426b0081
2019-01-25 15:31:35 -08:00
Ryan Prichard
083d850b30 Move the linker allocator into libc
Rename LinkerMemoryAllocator -> BionicAllocator
Rename LinkerSmallObjectAllocator -> BionicSmallObjectAllocator

libc and the linker need to share an instance of the allocator for
allocating and freeing dynamic ELF TLS memory (DTVs and segments). The
linker also continues to use this allocator.

Bug: http://b/78026329
Test: /data/nativetest/bionic-unit-tests-static
Test: /data/nativetest64/bionic-unit-tests-static
Test: /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: /data/nativetest64/linker-unit-tests/linker-unit-tests64
Change-Id: I2da037006ddf8041a75f3eba2071a8fcdcc223ce
2019-01-25 15:31:35 -08:00
Josh Gao
ba40ff657f Don't filter reserved signals in sigaction.
If a signal handler is blocking all of their signals, we should
probably respect that and not silently unblock bionic's reserved
signals for them. Otherwise, user code can deadlock, run out of stack,
etc. through no fault of their own, if one of the reserved signals
comes in while they've pivoted onto their signal stack.

Bug: http://b/122939726
Test: treehugger
Change-Id: I6425a3e7413edc16157b35dffe632e1ab1d76618
2019-01-24 13:21:18 -08:00
Ryan Savitski
ecc37e3877 conditional zygote child heap profiling + android_internal_mallopt
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.

With this & the corresponding framework change, we should now be
handling the 4 combinations of:
  {java, native} x {profile_at_runtime, profile_at_startup}.

See internal go/heapprofd-java-trigger for further context.

Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
(cherry picked from commit 998792e2b6)
Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
2019-01-23 18:30:54 +00:00
Ryan Prichard
fb8730d495 Handle R_GENERIC_TLS_TPREL relocations
This relocation is used for static TLS's initial-exec (IE) accesses.

A TLS symbol's value is its offset from the start of the ELF module's
TLS segment. It doesn't make sense to add the load_bias to this value,
so skip the call to soinfo::resolve_symbol_address.

Allow TLS relocations to refer to an unresolved weak symbol. In that case,
sym will be non-zero, but lsi will be nullptr. The dynamic linker resolves
the TPREL relocation to 0, making &missing_weak_symbol equal the thread
pointer.

Recognize Gold-style relocations to STB_LOCAL TLS symbols/sections and
issue an error.

Remove the "case R_AARCH64_TLS_TPREL64", because the R_GENERIC_TLS_TPREL
case handles it.

Remove the no-op R_AARCH64_TLSDESC handler. It's better to issue an error.
dlopen_library_with_ELF_TLS now fails with a consistent error about an
unimplemented dynamic TLS relocation.

Bug: http://b/78026329
Test: bionic unit tests (elftls tests are added in a later CL)
Change-Id: Ia08e1b5c8098117e12143d3b4ebb4dfaa5ca46ec
2019-01-17 00:45:55 -08:00
Ryan Prichard
1988350d1c Avoid a dlopen abort on an invalid TLS alignment
If the alignment of a TLS segment in a shared object is invalid, return
an error through dlerror() rather than aborting the process.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I60e589ddd8ca897f485d55af089f08bd3ff5b1fa
2019-01-16 23:19:40 -08:00
Ryan Prichard
361c1b4a3b Initialize static TLS memory using module list
This implementation simply iterates over each static TLS module and
copies its initialization image into a new thread's static TLS block.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: Ib7edb665271a07010bc68e306feb5df422f2f9e6
2019-01-16 16:52:47 -08:00
Ryan Prichard
e5e69e0912 Record TLS modules and layout static TLS memory
Bug: http://b/78026329
Test: bionic unit tests
Change-Id: Ibf1bf5ec864c7830e4cd1cb882842b644e6182ae
2019-01-16 16:52:47 -08:00
Ryan Prichard
977e47d018 StaticTlsLayout: add exe/tcb and solib layout
Replace reserve_tcb with reserve_exe_segment_and_tcb, which lays out both
the TCB and the executable's TLS segment, accounting for the difference in
layout between variant 1 and variant 2 targets.

The function isn't actually called with a non-null TlsSegment* yet.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: Ibd6238577423a7d0451f36da7e64912046959796
2019-01-16 15:54:52 -08:00
Treehugger Robot
aef4a49a3f Merge changes I221b1342,I1d1276da,I89b128df,Icb348a11,Ifb3b2d8d
* changes:
  Add a __bionic_get_tls_segment function
  Factor out ScopedRWLock into its own header
  Build the linker with -D_USING_LIBCXX
  Provide a stub aeabi.read_tp on other archs
  Remove TLS_SLOT_TSAN(8)
2019-01-16 23:23:25 +00:00
Florian Mayer
37a7f711eb Merge "Do not run heapprofd_initialize twice concurrently." 2019-01-16 18:48:41 +00:00
Ryan Prichard
4809755c0f Add a __bionic_get_tls_segment function
The function searches for a TLS segment in a ElfXX_Phdr table.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I221b13420d1a2da33fc2174b7dd256589f6ecfdb
2019-01-16 01:11:26 -08:00
Ryan Prichard
c86576c1fb Factor out ScopedRWLock into its own header
Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I1d1276da835bc8ecac7a7abb714d639a1ee58007
2019-01-16 01:11:26 -08:00
Neil Fuller
ca305a39e5 Merge "Track movement of ICU .dat file" 2019-01-13 16:22:59 +00:00
Ryan Prichard
45d1349c63 Reorganize static TLS memory for ELF TLS
For ELF TLS "local-exec" accesses, the static linker assumes that an
executable's TLS segment is located at a statically-known offset from the
thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86).
Because these layouts are incompatible, Bionic generally needs to allocate
its TLS slots differently between different architectures.

To allow per-architecture TLS slots:
 - Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are
   generally negative, while new x86 slots are generally positive.
 - Define a bionic_tcb struct that provides two things:
    - a void* raw_slots_storage[BIONIC_TLS_SLOTS] field
    - an inline accessor function: void*& tls_slot(size_t tpindex);

For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots),
because the runtime linker doesn't know how large the static TLS area is
until after it has loaded all of the initial solibs.

To accommodate Golang, it's necessary to allocate the pthread keys at a
fixed, small, positive offset from the thread pointer.

This CL moves the pthread keys into bionic_tls, then allocates a single
mapping per thread that looks like so:
 - stack guard
 - stack [omitted for main thread and with pthread_attr_setstack]
 - static TLS:
    - bionic_tcb [exec TLS will either precede or succeed the TCB]
    - bionic_tls [prefixed by the pthread keys]
    - [solib TLS segments will be placed here]
 - guard page

As before, if the new mapping includes a stack, the pthread_internal_t
is allocated on it.

At startup, Bionic allocates a temporary bionic_tcb object on the stack,
then allocates a temporary bionic_tls object using mmap. This mmap is
delayed because the linker can't currently call async_safe_fatal() before
relocating itself.

Later, Bionic allocates a stack-less thread mapping for the main thread,
and copies slots from the temporary TCB to the new TCB.
(See *::copy_from_bootstrap methods.)

Bug: http://b/78026329
Test: bionic unit tests
Test: verify that a Golang app still works
Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped
Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
(cherry picked from commit 1e660b70da)
2019-01-11 15:34:22 -08:00
Ryan Prichard
27d59338b9 pthread_key.cpp: factor out get_thread_key_data
This change makes it easier to move the location of the pthread keys
(e.g. into the bionic_tls struct).

Bug: http://b/78026329
Test: bionic unit tests
Test: disassembly of libc.so doesn't change
Merged-In: Ib75d9dab8726de96856af91ec3daa2c5cdbc2178
Change-Id: Ib75d9dab8726de96856af91ec3daa2c5cdbc2178
(cherry picked from commit ecad24fad9)
2019-01-11 15:33:57 -08:00
Neil Fuller
62d8d9fc8f Track movement of ICU .dat file
Track movement of ICU .dat file into the runtime module

This reverts commit b9e7b699a2.
This is a reapply of commit 68c6bd8b43

Bug: 120853401
Bug: 119293618
Test: build / boot
Change-Id: I69e0dde2756da64ac0b17f1726145dccacf5961f
2019-01-09 15:27:02 +00:00
Tim Murray
466e0ecb88 Remove some PR_SET_VMAs during pthread_create
PR_SET_VMA takes mmap_sem, which can cause contention and reduce
performance any time many threads are created at the same time,
like app startup.

Test: camera launch performance
Bug: 122471935
Change-Id: If7fa7ad99654c01d503f694976fd92bfd30d2afd
2019-01-08 13:27:41 -08:00
Ryan Prichard
0b0ee0c634 libc_shared_globals: add a constexpr ctor
Having a constexpr constructor should guarantee that the static
`globals` variable in __libc_shared_globals is initialized statically
(as opposed to dynamically), which is important because
__libc_shared_globals is called very early (before the linker has
relocated itself). With the constructor, though, the fields can safely
have in-line default initializers.

Bug: none
Test: bionic unit tests
Change-Id: Icde821557369625734a4d85d7ff55428bad5c247
2019-01-03 17:11:27 -08:00
Treehugger Robot
d14d83032c Merge "Check return value of scandir in icu.cpp" 2019-01-03 00:55:06 +00:00
Alex Light
ecb95b8a15 Check return value of scandir in icu.cpp
We could cause illegal memory access due to not checking the scanddir
return value.

Test: run linux-bionic dex2oat to build boot.oat
Bug: 119332362
Change-Id: Ic5824e0373b9b99d8f892b4fcf22e742c6f792da
2019-01-02 15:30:50 -08:00
Chih-Hung Hsieh
770032ddfa Fix/suppress bionic google-explicit-constructor warnings
* Add explicit to conversion constructors/operators

Bug: 28341362
Test: make with WITH_TIDY=1 DEFAULT_GLOBAL_TIDY_CHECKS=-*,google-explicit-constructor
Change-Id: Id1ad0327c1b8c6f094bcbb3ae599bc1f716b3f2f
2019-01-02 11:04:05 -08:00
Florian Mayer
3a538a4861 Do not run heapprofd_initialize twice concurrently.
Change-Id: Ib3fd479ca690c90ca35d98386a1d3ec942715fa3
2018-12-20 11:31:02 +00:00
Ryan Prichard
37754cdef6 Move errno to a pthread_internal_t field.
This change is intended to allow native-bridge to use independent
TLS memory for host and guest environments, while still sharing a
thread-local errno between the two.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I838cd321e159add60760bc12a8aa7e9ddc960c33
Merged-In: I838cd321e159add60760bc12a8aa7e9ddc960c33
(cherry picked from commit a9c7c55462)
2018-12-11 12:59:23 -08:00
Elliott Hughes
34583c1089 Move dlerror out of a TLS slot and into a pthread_internal_t member.
Bug: N/A
Test: boots, tests pass.
Change-Id: Idf25d2ee457a5d26d0bdd6281cee72c345c8b755
2018-12-06 05:19:57 +00:00
Ryan Prichard
07440a8773 Replace TLS_SLOT_BIONIC_PREINIT w/ shared globals
Instead of passing the address of a KernelArgumentBlock to libc.so for
initialization, use __loader_shared_globals() to initialize globals.

Most of the work happened in the previous CLs. This CL switches a few
KernelArgumentBlock::getauxval calls to [__bionic_]getauxval and stops
routing the KernelArgumentBlock address through the libc init functions.

Bug: none
Test: bionic unit tests
Change-Id: I96c7b02c21d55c454558b7a5a9243c682782f2dd
Merged-In: I96c7b02c21d55c454558b7a5a9243c682782f2dd
(cherry picked from commit 746ad15912)
2018-12-04 13:51:56 -08:00
Ryan Prichard
5a66490e3b Use shared globals so getauxval works earlier
Make getauxval() work in .preinit_array. It still won't be usable for
ifuncs unless we can guarantee that the __loader_shared_globals relocation
is resolved before the ifunc calls [__bionic_]getauxval.

Define __bionic_getauxval for use in replacing calls to
KernelArgumentBlock::getauxval, which doesn't (and sometimes isn't allowed
to) access TLS variables like errno.

Bug: http://b/25751302
Test: bionic unit tests
Change-Id: I461feeaed7f43cfa2a2b6c34147194f0df82b516
Merged-In: I461feeaed7f43cfa2a2b6c34147194f0df82b516
(cherry picked from commit bdab4a2b97)
2018-12-04 13:51:46 -08:00
Ryan Prichard
9cfca866ce Split main thread init into early+late functions
Split __libc_init_main_thread into __libc_init_main_thread_early and
__libc_init_main_thread_late. The early function is called very early in
the startup of the dynamic linker and static executables. It initializes
the global auxv pointer and enough TLS memory to do system calls, access
errno, and run -fstack-protector code (but with a zero cookie because the
code for generating a cookie is complex).

After the linker is relocated, __libc_init_main_thread_late finishes
thread initialization.

Bug: none
Test: bionic unit tests
Change-Id: I6fcd8d7587a380f8bd649c817b40a3a6cc1d2ee0
Merged-In: I6fcd8d7587a380f8bd649c817b40a3a6cc1d2ee0
(cherry picked from commit 39bc44bb0e)
2018-12-04 13:51:36 -08:00
dimitry
5332af69b6 Make __libc_init_malloc weak-for-native-bridge
Bug: http://b/120406045
Test: make

Change-Id: Ieee30beca3f3bb8525030643b0245041cd4a6167
2018-12-04 14:06:44 +01:00
Elliott Hughes
eebf5fddf3 Reduce strerror(3)'s impact on .data.rel.ro.
Test: tests pass
Change-Id: I60b15dfac6ca7dce45f4858ad10b8255e2f1b66d
2018-12-03 08:46:21 -08:00
Florian Mayer
9f1fddca26 Merge "Use cmdline instead for enabling heapprofd." 2018-11-30 21:56:00 +00:00
Florian Mayer
4e28ea13c7 Use cmdline instead for enabling heapprofd.
Because we also want to profile Java applications, which have longer
names, the character limit of comm is a problem. To avoid complexity, it
is preferable to apply the same logic for finding running processes
(which includes Java apps), and determining whether to profile a process
from startup.

Test: m
Test: flash sailfish
Test: setprop heapprofd.enable 1
      setprop heapprofd.enable.ls 1
      ls
      /system/bin/ls
      /system/bin/ls /

Bug: 120175590

Change-Id: Id0859d4a333efcb05883e611ea6a31a51468f82c
2018-11-30 11:14:43 +00:00
Ryan Prichard
6b70fda682 Merge changes I376d7695,Ied443375,I614d25e7
* changes:
  Use shared globals to init __progname + environ
  Move the abort message to libc_shared_globals
  Expose libc_shared_globals to libc.so with symbol
2018-11-30 02:06:52 +00:00
Haibo Huang
7260329093 Merge "Use ifunc for ARM32 fortify functions" 2018-11-29 00:47:35 +00:00
Ryan Prichard
48b1159bb8 Use shared globals to init __progname + environ
Initialize the __progname and environ global variables using
libc_shared_globals rather than KernelArgumentBlock.

Also: suppose the linker is invoked on an executable:

    linker prog [args...]

The first argument passed to main() and constructor functions is "prog"
rather than "linker". For consistency, this CL changes the BSD
__progname global from "linker" to "prog".

Bug: none
Test: bionic unit tests
Change-Id: I376d76953c9436706dbc53911ef6585c1acc1c31
2018-11-28 14:26:14 -08:00
Ryan Prichard
7752bcb234 Move the abort message to libc_shared_globals
__libc_shared_globals() is available in dynamic modules as soon as
relocation has finished (i.e. after ifuncs run). Before ifuncs have run,
the android_set_abort_message() function already doesn't work because it
calls public APIs via the PLT. (If this matters, we can use a static
bool variable to enable android_set_abort_message after libc
initialization).

__libc_shared_globals() is hidden, so it's available in the linker
immediately (i.e. before relocation). TLS memory (e.g. errno) currently
isn't accessible until after relocation, but a later patch fixes that.

Bug: none
Test: bionic unit tests
Change-Id: Ied4433758ed2da9ee404c6158e319cf502d05a53
2018-11-28 14:26:14 -08:00
Ryan Prichard
abf736a780 Expose libc_shared_globals to libc.so with symbol
Previously, the address of the global variable was communicated from the
dynamic linker to libc.so using a field of KernelArgumentBlock, which is
communicated using the TLS_SLOT_BIONIC_PREINIT slot.

As long as this function isn't called during relocations (i.e. while
executing an ifunc), it always return a non-NULL value. If it's called
before its PLT entry is relocated, I expect a crash.

I removed the __libc_init_shared_globals function. It's currently empty,
and I don't think there's one point in libc's initialization where
shared globals should be initialized.

Bug: http://b/25751302
Test: bionic unit tests
Change-Id: I614d25e7ef5e0d2ccc40d5c821dee10f1ec61c2e
2018-11-28 14:26:14 -08:00
Elliott Hughes
12ed389ca5 Merge "Remove _sys_signal_strings." 2018-11-28 22:01:47 +00:00
Haibo Huang
f1c8d1a6f9 Use ifunc for ARM32 fortify functions
Test: compile and run bionic unit tests
Test: make PRODUCT-sdk_phone_arm64-sdk
Change-Id: I614f495ad6053d507446a6a896b9199825325188
2018-11-28 10:56:21 -08:00
Luke Huang
f47e89f29b Merge "Replace android_open_proxy with dns_open_proxy" 2018-11-28 12:21:33 +00:00
Elliott Hughes
f8294fd8dc Remove _sys_signal_strings.
We already have sys_siglist as public API.

Test: tests pass
Change-Id: I45bf72955f41b34d91fac19dbfb2946bb9995ef4
2018-11-27 14:43:38 -08:00
Ryan Prichard
0ff8df5f6a Merge "Cleanup: __libc_init_AT_SECURE, auxv, sysinfo" 2018-11-27 21:23:21 +00:00
Florian Mayer
e965bcdbe3 Fix minor bug in dispatch table initialization order.
Other minor changes:
 * document assignment that relies on _Atomic assignments to use
   atomic_store.
 * consistently use atomic_store when assigning to atomics.
 * remove incorrect comment.

Test: m
Test: flash & boot sailfish

Change-Id: I4789c08f7ac28a2de8d6925d03af354514bfd9d7
2018-11-27 17:38:18 +00:00
Ryan Prichard
701bd0cc88 Cleanup: __libc_init_AT_SECURE, auxv, sysinfo
__sanitize_environment_variables is only called when getauxval(AT_SECURE)
is true.

Instead of scanning __libc_auxv, reuse getauxval. If the entry is missing,
getauxval will set errno to ENOENT.

Reduce the number of times that __libc_sysinfo and __libc_auxv are
initialized. (Previously, __libc_sysinfo was initialized 3 times for the
linker's copy). The two variables are initialized in these places:
 - __libc_init_main_thread for libc.a (including the linker copy)
 - __libc_preinit_impl for libc.so
 - __linker_init: the linker's copy of __libc_sysinfo is still initialized
   twice, because __libc_init_main_thread runs after relocation. A later
   CL consolidates the linker's two initializations.

Bug: none
Test: bionic unit tests
Change-Id: I196f4c9011b0d803ee85c07afb415fcb146f4d65
2018-11-26 18:37:13 -08:00
Florian Mayer
9e70e8100a Merge "System property for heapprofd at process startup." 2018-11-19 21:53:25 +00:00
Peter Collingbourne
8d849ffbad Merge "Allocate a small guard region around the shadow call stack." 2018-11-19 20:44:03 +00:00
Luke Huang
e3ed892faa Replace android_open_proxy with dns_open_proxy
remove android_open_proxy and use dns_open_proxy instead of it.
dns_open_proxy is in libnetd_client and
it does the same thing as android_open_proxy except return value.
It returns fd directly now.

Test: build, dns works fine
Change-Id: I984743fb50b23eeb9a7d24e9fc347832acfe2afe
2018-11-19 18:00:37 +08:00
Peter Collingbourne
734beec3d4 Allocate a small guard region around the shadow call stack.
This lets us do two things:

1) Make setjmp and longjmp compatible with shadow call stack.
   To avoid leaking the shadow call stack address into memory, only the
   lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires
   allocating an additional guard page so that we're guaranteed to be
   able to allocate a sufficiently aligned SCS.

2) SCS overflow detection. Overflows now result in a SIGSEGV instead
   of corrupting the allocation that comes after it.

Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1
Test: bionic-unit-tests
2018-11-16 14:37:08 -08:00
Elliott Hughes
c0f4656452 Make android_get_application_target_sdk_version available to the NDK.
Also move this and android_get_device_api_level into <android/api-level.h>
so that they're always available.

This involves cleaning up <sys/cdefs.h> slightly.

Bug: N/A
Test: builds
Change-Id: I25435c55f3549cd0d827a7581bee75ea8228028b
2018-11-15 11:07:30 -08:00
Elliott Hughes
ff1428a48e Move API levels from uint32_t to int.
(cherrypick of a6c71a09670ca636cca5cfea9d74b03a951e2b5e.)

Bug: N/A
Test: builds
Change-Id: I9c414e30e3c4fe2a4e16a2fe4ce18eae85fe4844
2018-11-13 21:25:07 -08:00
Christopher Ferris
17c4bd9e59 Merge "Move to jemalloc5." 2018-11-13 20:48:07 +00:00
Christopher Ferris
d73a49e91e Move to jemalloc5.
Bug: 62621531

Test: Builds and boots. All unit tests pass.
Change-Id: I09d106cc3b658885b9155d6838f8df61498d3f85
2018-11-13 10:32:33 -08:00
Peter Collingbourne
da772e2113 bionic: Allocate a shadow call stack for each thread.
Instead of allocating the stack within a 16MB guard region as we
were doing before, just allocate the stack on its own. This isn't
as secure as with the guard region (since it means that an attacker
who can read the pthread_internal_t can determine the address of the
SCS), but it will at least allow us to discover more blockers until
a solution to b/118642754 is decided on.

Bug: 112907825
Bug: 118642754
Change-Id: Ibe5dffbad1b4700eaa0e24177eea792e7c329a61
2018-11-12 20:04:40 -08:00
Peter Collingbourne
5d427bcb08 bionic: Add shadow call stack guard region field to pthread_internal_t.
Landing this change separately to the change that implements SCS
because it needs to land at the same time as an internal change. This
will simplify the situation in case SCS needs to be reverted again.

Change-Id: Ibe18750829665b6dcf6e36628a5e5bbdd1a0dd4f
Merged-In: Ibe18750829665b6dcf6e36628a5e5bbdd1a0dd4f
2018-11-12 13:42:28 -08:00
Florian Mayer
0dbe6d1aec System property for heapprofd at process startup.
Test: m
Test: flash sailfish
Test: setprop heapprofd.enable 1;
      setprop heapprofd.enable.ls 1;
      ls;

Bug: 117821125

Change-Id: I4a42e430e5e1e194a22f83683061751aa5dfe7ff
2018-11-09 12:00:24 +00:00
Josh Gao
f90687c4ec Increase the size of the signal stack on 64-bit.
The signal stack is sufficiently large for a single invocation of the
signal handler, but in cases where the signal handler needs to recurse,
(e.g. if our address space is limited by RLIMIT_AS), it's too small for
us to get to the part where we recognize that we've recursed and bail
out.

Bug: http://b/118772392
Test: /data/nativetest64/debuggerd_test/debuggerd_test64 --gtest_filter=CrasherTest.seccomp_crash_oom
Change-Id: Ic7a2cf8b01b3f7ea7f4a2318a3ec22a0c3649da6
2018-11-08 21:24:31 +00:00
Josh Gao
6f3a56bb18 Merge "Revert "bionic: Allocate a shadow call stack for each thread."" 2018-11-01 01:32:00 +00:00
Treehugger Robot
d6ac79300d Merge "Reverse two pthread_internal_t fields" 2018-10-30 23:31:15 +00:00
Ryan Prichard
25c34e0feb Reverse two pthread_internal_t fields
The golang runtime currently expects to find the pthread key data after
the tls slots.

Bug: http://b/78026329
Bug: http://b/118381796
Test: run a golang-based app, bionic unit tests
Change-Id: Idc777d809b803093e1c81d9a2ce4eafcc7d61f8d
Merged-In: Idc777d809b803093e1c81d9a2ce4eafcc7d61f8d
(cherry picked from commit a2c30723da)
2018-10-30 12:30:21 -07:00
Florian Mayer
e898a17e8f Merge "Allow to re-initialize heapprofd." 2018-10-30 11:34:17 +00:00
Peter Collingbourne
7b13dd918e Revert "bionic: Allocate a shadow call stack for each thread."
This reverts commit da1bc79f93.

Reason for revert: Caused OOM in media process

Bug: 112907825
Bug: 118593766
Change-Id: I545663871d75889b209b9fd2131cdaa97166478f
2018-10-29 21:48:59 +00:00
Peter Collingbourne
f284a47544 Merge "bionic: Allocate a shadow call stack for each thread." 2018-10-29 21:05:25 +00:00
Peter Collingbourne
da1bc79f93 bionic: Allocate a shadow call stack for each thread.
Bug: 112907825
Change-Id: I7c1479a0cd68696739bf6aa5e0700ba4f2a137ec
Merged-In: I7c1479a0cd68696739bf6aa5e0700ba4f2a137ec
2018-10-29 19:55:18 +00:00
Florian Mayer
176a47594e Allow to re-initialize heapprofd.
Without this change, any process can only be profiled by heapprofd
once.

Change-Id: I2d0f50eebcc3b219750354ccdc4ea22a2e39c4b6
2018-10-29 12:24:15 +00:00
Treehugger Robot
2bfe37afc8 Merge "Move Bionic slots to the end of pthread_internal_t" 2018-10-26 00:49:21 +00:00
Ryan Prichard
29d6dbc906 Move Bionic slots to the end of pthread_internal_t
With ELF TLS, the static linker assumes that an executable's TLS segment
is at a known offset from the thread pointer (i.e. __get_tls()). The
segment can be located prior to the TP (variant 2, x86[_64], sparc) or
after it (variant 1, arm{32,64}, ppc, mips, ia64, riscv).

We can't make our pthread_internal_t exactly follow the ordinary arm64
ABI (at least) because TP[5] is used for clang's -fstack-protector on
Android. Instead, reserve extra space after the TP (up to 16 words), which
will be followed by the executable's TLS segment.

Bug: http://b/78026329
Test: boot device, bionic unit tests
Change-Id: I0f3b270b793f9872ba0effeac03f4dec364438d6
Merged-In: I0f3b270b793f9872ba0effeac03f4dec364438d6
(cherry picked from commit f397317e96)
2018-10-25 23:31:17 +00:00
Elliott Hughes
5e62b34c0d Clean up bionic_macros.h a bit.
Use <android-base/macros.h> instead where possible, and move the bionic
macros out of the way of the libbase ones. Yes, there are folks who manage
to end up with both included at once (thanks OpenGL!), and cleaning that
up doesn't seem nearly as practical as just making this change.

Bug: N/A
Test: builds
Change-Id: I23fc544f39d5addf81dc61471771a5438778895b
2018-10-25 11:00:00 -07:00
Elliott Hughes
2d0b28bc0d Add getloadavg(3).
Lets us build ninja with bionic.

Bug: N/A
Test: ran tests
Change-Id: I97eef1247d794b58a2b9aee4851551632e5a4e48
2018-10-23 11:23:00 -07:00
Tim Murray
ac578f2587 malloc: add M_PURGE mallopt flag
Add a new mallopt flag that purges any pending decaying pages.

Test: boots and works
bug 117795621

Change-Id: Ib250ae2b705b6a368c1efb801d6a7be54e075acb
(cherry pciekd from commit 5083e833a6)
2018-10-22 16:25:28 -07:00
Florian Mayer
f7f71e3c7b Add RT signal to load heapprofd library.
Tests: Ran malloc_debug_unit_tests
Tests: Flashed to walleye, sent signal, observed
  "Unable to open shared library: heapprofd.so".

Change-Id: Ia8ce216837e29e3edbda8789ca28023d53fa1fda
2018-10-18 21:38:06 +01:00
Josh Gao
7ff7d03286 Merge "Properly fail with ESRCH when pthread_killing an exited thread." 2018-10-18 17:47:17 +00:00
Josh Gao
ddf757e35e Properly fail with ESRCH when pthread_killing an exited thread.
Previously, we were callign tgkill(pid, 0, signal) instead, which would
fail with EINVAL instead.

Test: bionic-unit-tests
Change-Id: I25b127dcf347e0223274502b0516a950b6c2093e
2018-10-17 17:35:56 -07:00
Treehugger Robot
ecf0c7515d Merge "strerror: add missing ERFKILL and EHWPOISON." 2018-10-15 23:56:22 +00:00
Elliott Hughes
92a9116100 strerror: add missing ERFKILL and EHWPOISON.
There's little value to having strings for these, but we may as well
for consistency. There's no ELASTERRNO constant we can use to check
whether we've fallen behind again, but these were added in 2009 and
2011 respectively, so we're not likely to have to deal with any more
new errno values any time soon...

Bug: http://b/117755069
Test: ran tests
Change-Id: I5b7155c22cad92c2fe03a0b4c7cae415c37fa186
2018-10-15 13:12:19 -07:00
Greg Hackmann
cc953e08f4 fdsan: reset va_list between varargs traversals
When error_level != ANDROID_FDSAN_ERROR_LEVEL_FATAL, fdsan_error()
traverses the varargs twice.  Each traversal needs its own
va_start()/va_end() pair.  Otherwise async_safe_format_buffer_va_list()
will start consuming arguments where async_safe_format_log_va_list()
stopped, ironically causing the sanitizer runtime to perform bad memory
accesses.

Test: debuggerd_test32
Test: debuggerd_test64

Change-Id: Ic85ca94501e55e9a435410fab89edb273c381a5a
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2018-10-15 10:41:34 -07:00
Treehugger Robot
391af2cefe Merge "Allow invoking the linker on an executable." 2018-10-11 01:04:57 +00:00
Ryan Prichard
8f639a4096 Allow invoking the linker on an executable.
The executable can be inside a zip file using the same syntax used for
shared objects: path.zip!/libentry.so.

The linker currently requires an absolute path. This restriction could be
loosened, but it didn't seem important? If it allowed non-absolute paths,
we'd need to decide how to handle:
 - foo/bar      (relative to CWD?)
 - foo          (search PATH / LD_LIBRARY_PATH, or also relative to CWD?)
 - foo.zip!/bar (normalize_path() requires an absolute path)

The linker adjusts the argc/argv passed to main() and to constructor
functions to hide the initial linker argument, but doesn't adjust the auxv
vector or files like /proc/self/{exe,cmdline,auxv,stat}. Those files will
report that the kernel loaded the linker as an executable.

I think the linker_logger.cpp change guarding against (g_argv == NULL)
isn't actually necessary, but it seemed like a good idea given that I'm
delaying initialization of g_argv until after C++ constructors have run.

Bug: http://b/112050209
Test: bionic unit tests
Change-Id: I846faf98b16fd34218946f6167e8b451897debe5
2018-10-10 14:31:06 -07:00
Josh Gao
baf20fc912 Block TIMER_SIGNAL in sigprocmask(SIG_SETMASK, ...).
Previously, we were zeroing out the reserved signals, when we actually
wanted to have TIMER_SIGNAL always be blocked, and the other signals
always be unblocked. This resulted in process termination when a
SIGEV_THREAD timer callback calls sigprocmask(SIG_SETMASK, ...) with
any signal mask value, and then subsequently fails to complete its
callback and reach the sigtimedwait in bionic before the next timer
iteration triggers.

Add a how argument to filter_reserved_signals to appropriately
block/unblock our reserved signals.

Bug: http://b/116783733
Test: bionic-unit-tests32/64
Change-Id: Ie5339682cdeb914711cd4089cd26ee395704d0df
2018-10-09 16:27:22 -07:00
Treehugger Robot
ddf92a1ba5 Merge "Always return /vendor/bin/sh as shell for OEM ids in getpwnam() etc." 2018-09-27 23:23:34 +00:00
Tom Cherry
fa5f61c8d9 Always return /vendor/bin/sh as shell for OEM ids in getpwnam() etc.
During the review of the script that generates /vendor/etc/passwd, it
was suggested that the shell be /vendor/bin/sh instead of the typical
/system/bin/sh.  This has subsequently caused bionic unit tests to
fail, since they always check that the shell is set to /system/bin/sh.

In the spirit of that review, libc is modified to return
/vendor/bin/sh for the OEM AID ranges and the test is updated to
expect this.

Test: bionic unit tests
Change-Id: Ie7c1c48fde8a71b3df1aa0ef112d42ab7bd3baec
2018-09-27 20:29:49 +00:00
Elliott Hughes
b177085ce7 Add reallocarray(3).
Originally a BSD extension, now in glibc too. We've used it internally
for a while.

(cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.)

Bug: http://b/112163459
Test: ran tests
Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
2018-09-26 14:24:18 -07:00
Evgenii Stepanov
8d11bea6c5 Merge "[hwasan] Tweak process and thread initialization." 2018-09-20 21:39:55 +00:00
Josh Gao
ce9d653b38 Merge changes from topics "fdsan_ziparchive_type", "fdsan_java_socket"
* changes:
  fdsan: improve documentation.
  fdsan: add type for libziparchive's ZipArchive.
  fdsan: add types for Java sockets.
2018-09-20 19:22:03 +00:00
Evgenii Stepanov
13e8dcbdc9 [hwasan] Tweak process and thread initialization.
Make sure that TLS_SLOT_TSAN is always available and correctly set up in
HWASan-instrumented functions by setting up the tls register and running hwasan
initialization (__hwasan_init in the main thread and __hwasan_thread_enter in
secondary) early enough.

This is needed to accomodate a change in HWASan: https://reviews.llvm.org/D52249

Bug: 112438058
Test: boot with SANITIZE_TARGET=hwaddress, run bionic-tests
Change-Id: Icd909a4ea0da6c6c1095522bcc28debef5f2c63d
2018-09-20 12:20:12 -07:00
Josh Gao
5fa9df8efc fdsan: add type for libziparchive's ZipArchive.
Test: debuggerd `pidof system_server` | grep " fd "
Change-Id: I6a9a4306ecffe3899e4cc7285a0eb33efaa62616
2018-09-18 13:23:31 -07:00
Josh Gao
d527cf1f99 fdsan: add types for Java sockets.
Test: art/tools/run-libcore-tests.sh
Change-Id: If61211bc4ae225c3f89db989a167f9dc4fce375a
2018-09-17 17:31:58 -07:00
Bernie Innocenti
fb4eaa019e Improve netd detection
The alleged improvement consists in making the detection actually work
when netd is spawned by init, which of course uses the full path.
I had tested the previous logic by running netd from the shell, which
worked because argv[0] was just set to "netd". My bad -_-

Test: flash, boot and grep logcat for "Skipping libnetd_client init"
Change-Id: Ie5f11436dfa2a9347721147dc2b980144452404a
2018-09-07 10:29:18 -07:00
Elliott Hughes
431d2ff141 Merge "Add android_get_device_api_level." 2018-09-07 15:40:45 +00:00
Treehugger Robot
dc91d900ae Merge "bionic: Add magic to abort message" 2018-09-07 01:32:14 +00:00
Luis Hector Chavez
6d93c60778 bionic: Add magic to abort message
This change adds a 128-bit magic value just before the abort message
(and its length). This allows Chrome OS crash collector (which cannot
reliably correlate a crash with its corresponding tombstone) to extract
the abort message from the core dump.

Bug: 62387553
Test: /data/nativetest{,64}/debuggerd_test/*
Test: /data/nativetest{,64}/bionic-unit-tests{,-static}/*

Change-Id: I69ff021d773b3a10081ab16ddf6f23233320fb02
2018-09-06 15:18:21 -07:00