Commit graph

3028 commits

Author SHA1 Message Date
Florian Mayer
7f6425c8c5 Fix missing null-terminator to exec call.
Change-Id: I4fcb11b7cfc9b744ad3320022c12ae2c93d3c401
2022-04-22 22:06:26 +00:00
Mitch Phillips
3865c8f942 Merge "[GWP-ASan] Provide runtime configuration through an env var + sysprop." 2022-04-21 18:12:43 +00:00
Mitch Phillips
e6997d52de [GWP-ASan] Provide runtime configuration through an env var + sysprop.
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:

 1. "Torture testing" the system, i.e. running it under an extremely
    high sampling rate under GWP-ASan.
 2. Increasing sampling remotely to allow further crash report
    collection of rare issues.

There are three sets of system properites:
 1. libc.debug.gwp_asan.*.system_default: Default values for native
    executables and system apps.
 2. libc.debug.gwp_asan.*.app_default: Default values for non-system
    apps, and
 3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
    individual app or native process.

There are three variables that can be changed:
 1. The allocation sampling rate (default: 2500) - using the environment
    variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
    system property.
 2. The process sampling rate (default: 128 for system apps/processes, 1
    for opted-in apps) - using the environment variable
    GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
    system property,
 3. The number of slots available (default: 32) - using the environment
    variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
    system property.

If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".

Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
2022-04-20 11:26:00 -07:00
Florian Mayer
4817ca64bb Skip setjmp.bug_152210274 on HWASan.
Bug: 227390656
Change-Id: Ic6dc89d844bab4aba93132b3af7942961d3af644
2022-04-15 23:15:26 +00:00
Florian Mayer
750dcd326e Use SKIP_WITH_HWASAN macro from libbase.
Change-Id: I83681d2191bf4184e52d84d1107d61065927bb24
2022-04-15 16:14:56 -07:00
Christopher Ferris
bbf9cd86ca In android_set_abort_message, check for nullptr.
If a process is failing due to out of memory, some code calls
android_set_abort_message with a nullptr. Specifically, the libc++
library std::terminate can call do this. In this case, put a
null in the abort message.

Test: Call with nullptr and verify the code does not crash.
Test: Modified crasher to set an abort message and set a null abort
Test: message. Ran both, verified the abort message displays in
Test: first case, and doesn't display in the second case.
Change-Id: Ia9250f47e4537853ce93bbb20b35915a78caa502
2022-04-12 13:46:48 -07:00
Elliott Hughes
97ef479dfe Merge "Fix unistd.exec_argv0_null for new kernels." 2022-04-01 21:59:56 +00:00
Elliott Hughes
bb1cc5a82c Fix unistd.exec_argv0_null for new kernels.
There are other options here (see the code comment for details), but
this is the least effort/least disruptive for now.

Bug: http://b/227498625
Test: treehugger
Change-Id: I33be6fbfc022238de2f1846a69af1e712a9d6391
2022-04-01 11:12:36 -07:00
Elliott Hughes
6bdefa6ca2 Merge "C11 removed gets()." 2022-03-31 16:30:43 +00:00
Elliott Hughes
1063039d19 C11 removed gets().
Test: treehugger
Change-Id: I793e29cbd52dd882b72eb58055cbc0dd05eb0f59
2022-03-30 17:25:10 -07:00
Ryan Prichard
8ea6af53e2 Always process TLS relocs using general code path
This is important for enabling the error about unsupported TLS
relocations to local symbols. The fast path tends to skip this error,
because it fails during lookup_symbol(). Add a test for this error.

I didn't see a performance regression in the linker_relocation
benchmark.

Bug: http://b/226978634
Test: m bionic-unit-tests
Change-Id: Ibef9bde2973cf8c2d420ecc9e8fe2c69a5097ce2
2022-03-25 15:51:11 -07:00
Treehugger Robot
8321ff1468 Merge "Suppress -Wformat warning" 2022-03-16 18:55:05 +00:00
Yi Kong
f9b1313968 Suppress -Wformat warning
This is exactly what it is testing for.

Original warning:
  bionic/tests/stdio_test.cpp:370:47: error: '%n' specifier not supported on this platform [-Werror,-Wformat]
    EXPECT_DEATH(snprintf(buf, sizeof(buf), "a %n b", &i), "%n not allowed on Android");
                                               ~^

Test: presubmit
Bug: 219872355
Change-Id: I6e378722b2d681cf64f4cf31ef000bd28203b00d
2022-03-16 08:15:15 +00:00
Evgenii Stepanov
9705aac89a Fix mte tests to allow auto-upgrade.
The kernel MTE mode auto-upgrade feature (see mte_tcf_preferred) allows
silent auto-upgrade of Async MTE mode to Asymm or Sync depending on the
OS settings. Relax the tests to allow either Sync or Async faults when
requesting Async mode, and only Sync faults when requesting Sync.

Also tighten the MTENote test to check that both system allocator and
prctl are off when MTE is disabled.

Bug: 214622342
Test: bionic-unit-tests on fvp with all variations of
    /sys/devices/system/cpu/cpu*/mte_tcf_preferred=(async|asymm|sync)

Change-Id: I77a92789d6b330742d00b08c9f0fecc3a6c8fca6
2022-03-10 16:38:06 -08:00
Pirama Arumuga Nainar
fef519b637 Disable LTO for libBionicStandardTests
Bug: http://b/218788252

IR verifier too strict for ifunc resolver that accept parameters.  This
is only exposed with Thin LTO.  The error is:

  IFunc resolver has incorrect type
  i32 ()* @_Z5hwcapv

Test: mmma GLOBAL_THINLTO=true bionic
Change-Id: Ifed4041ee8557ba1a5eb7a5a82f54b5ca5c79161
2022-02-22 15:01:27 -08:00
Elliott Hughes
34da4b5842 Merge "posix_spawn: always clear O_CLOEXEC for dup'ed fds." 2022-02-18 00:24:12 +00:00
Treehugger Robot
5d3c384fa4 Merge "Explain why we test ifunc variables." 2022-02-17 22:04:08 +00:00
Pirama Arumuga Nainar
afc77a08b4 Merge "Cast ifunc resolver's return type" 2022-02-17 21:26:06 +00:00
Elliott Hughes
82c90724e3 Explain why we test ifunc variables.
Bug: http://b/218788252
Test: treehugger
Change-Id: I51825ab61adeaf6f1242df9a22f89cbd0671db48
2022-02-17 11:55:49 -08:00
Pirama Arumuga Nainar
9be2427895 Cast ifunc resolver's return type
Bug: http://b/218788252

Even though a resolver can return any pointer, LLVM IR verifier now
checks that the resolver returns a pointer to the ifunc's function type.

Test: m GLOBAL_THINLTO=true libtest_ifunc_variable_impl.so
Change-Id: I7d87ffcf50bab1d61b01328907e036c51feb6a0f
2022-02-17 11:36:04 -08:00
Zijun Zhao
99ed14b85b Merge "Add %m and %#x support for async_safe logging" 2022-02-17 17:23:32 +00:00
zijunzhao
75c36fe0c2 Add %m and %#x support for async_safe logging
Bugs: None
Test: None
Change-Id: I889015b89b85e222e26f8aa20e35d46a86a0cb7c
2022-02-17 07:23:58 +00:00
Elliott Hughes
62d49fd8e1 posix_spawn: always clear O_CLOEXEC for dup'ed fds.
dup2(2) is a no-op if the new and old fds are equal, but it's pretty
clear that any useful caller in the posix_spawn(3) context wants us to
clear O_CLOEXEC even if we don't actually "move" the fd.

Bug: https://www.austingroupbugs.net/view.php?id=411
Test: treehugger
Change-Id: I5ce1a1f9216df5afd295cc9e35b84527873e9541
2022-02-16 14:39:07 -08:00
Elliott Hughes
82e24a579d CFI uses SIGTRAP on arm/arm64.
Not sure how treehugger missed this, but "growler" followed up pretty
quickly, so that's something...

Bug: http://b/219758263
Test: treehugger
Change-Id: I8e4afa31aee975740d10eb2acec51d2f4f1fa414
2022-02-15 14:04:44 -08:00
Elliott Hughes
ab74e3260a Merge "Silence the CFI death tests." 2022-02-14 21:23:08 +00:00
Elliott Hughes
4411b940b9 Silence the CFI death tests.
We don't want expected crashes showing up in the automated crash
reporting!

Bug: http://b/210932139
Test: treehugger
Change-Id: I6b232f0808cdcd39739f249236177cabc40669b1
2022-02-11 13:16:50 -08:00
Mitch Phillips
9425b16978 [MTE] Relax ELF note.
Currently, the ELF note parsing in the loader is not permissive. This
patch relaxes the restrictions on the bits of the ELF note that could be
extended in the future.

This may allow more MTE options in apexes. If we add some extra metadata
bit (say, in bit 5) in the future, and then build MTE into every apex,
we don't want it to crash on Android 13 devices (we'd much rather it
just be a no-op).

Remove the (unused anywhere) NT_MEMTAG_DEFAULT and call it
NT_MEMTAG_NONE.

And finally, make the tests work on bionic-unit-tests-static. We
previously didn't deploy the test binaries, so add them as a data
dependency.

Bug: N/A
Test: atest bionic-unit-tests-static
Change-Id: I13530faad55c719c6eb848297f8ce378e18afbfc
2022-02-08 13:17:18 -08:00
Colin Cross
a48237bcdc Disable fortify tests for musl
musl doesn't have fortify, and is missing the *_chk symbols to allow
the tests to compile.

Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I9a1d2dfe19db219cd2c5a6dc39cb5d08ed0e4369
2022-02-03 16:25:38 -08:00
Colin Cross
9da85fa4a0 Export bionic's resolv base64 functions to musl
Musl doesn't provide the resolv b64_* functions, but adb uses them.
Export them from bionic.

Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I37837e6179a15754d4cbd89e67649df9dea9d9f1
2022-02-03 16:25:26 -08:00
Colin Cross
2a9843fe63 Export bionic's execinfo functions to musl
Musl doesn't provide the execinfo function.  Export the from bionic.

Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I0361b84b0160d419cd857f5bb1314a58d0a69234
2022-02-03 16:25:21 -08:00
Colin Cross
fdced95e45 Enable mallinfo tests for musl
We've added mallinfo and mallinfo2 to musl, enable the bionic tests
for it.  Also modify the comparison test to explicitly cast the
mallinfo fields to size_t, as they are ints in musl.

Bug: 190084016
Test: bionic-unit-tests-glibc --gtest_filter=malloc.*
Change-Id: Ib2a1d6cf698de817c314a61fe29fda85edabb9ed
2022-02-03 11:08:30 -08:00
Colin Cross
daa6b82edf Fix bionic benchmarks and header tests for musl
Fix references to symbols that don't exist in musl in the bionic
benchmarks, and disable the header tests for musl.

Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I6b1964afa4a7b6e6a4812e9f2605fcfc2fae9691
2022-02-02 12:36:39 -08:00
Daniele Di Proietto
f7e721cdc9 Merge "Fix recursive deadlock inside bionic_systrace" 2022-01-26 23:12:27 +00:00
Daniele Di Proietto
f5f04b19fe Fix recursive deadlock inside bionic_systrace
The first time should_trace() returns true, bionic_trace_begin() calls
open() on trace_marker.

The problem is that open() can call bionic_trace_begin(). We've observed
this happening, for example when:

* fdtrack is enabled. dlopen("libfdtrack.so") can be used to enable
  fdtrack on a process.
* ThreadA is busy unwinding inside fdtrack and is holding an fdtrack
  internal mutex.
* ThreadB calls bionic_trace_begin() for the first time since the
  property "debug.atrace.tags.enableflags" contains ATRACE_TAG_BIONIC.
* ThreadB calls open("/sys/kernel/tracing/trace_marker"). Since fdtrack
  is enabled, ThreadB tries to do unwinding as well.
* ThreadB, inside fdtrack's unwinding tries to grab the same mutex that
  ThreadA is holding.
* Mutex contention is reported using bionic_systrace, therefore
  bionic_trace_begin() is called again on ThreadB.
* ThreadB tries to grab g_lock in bionin_systrace.cpp, but that's
  already held by ThreadB itself, earlier on the stack. Therefore
  ThreadB is stuck.

I managed to reproduce the above scenario by manually pausing ThreadA
inside unwinding with a debugger and letting ThreadB hitting
bionic_trace_begin() for the first time.

We could avoid using g_lock while calling open() (either by releasing
g_lock and reacquiring it later, or by using atomics), but
bionic_trace_begin() would try to call open() again. In my tests, open()
does not call bionic_trace_begin() a third time, because fdtrack has
reentrancy protection, but there might be another code path inside open
that calls bionic_trace_begin again (it could be racy or only happen in
certain configurations).

This commit fixes the problem by implementing reentrancy protection in
bionic_systrace.

Sample callstack from ThreadA deadlocked before the fix:
```
  * frame #0: 0x0000007436db077c libc.so`syscall at syscall.S:41
    frame #1: 0x0000007436db0ba0 libc.so`bionic_trace_begin(char const*) [inlined] __futex(ftx=0x000000743737a548, op=<unavailable>, value=2, timeout=0x0000000000000000, bitset=-1) at bionic_futex.h:45:16
    frame #2: 0x0000007436db0b8c libc.so`bionic_trace_begin(char const*) [inlined] __futex_wait_ex(ftx=0x000000743737a548, value=2) at bionic_futex.h:66:10
    frame #3: 0x0000007436db0b78 libc.so`bionic_trace_begin(char const*) [inlined] Lock::lock(this=0x000000743737a548) at bionic_lock.h:67:7
    frame #4: 0x0000007436db0b74 libc.so`bionic_trace_begin(char const*) [inlined] should_trace() at bionic_systrace.cpp:38:10
    frame #5: 0x0000007436db0b74 libc.so`bionic_trace_begin(message="Contending for pthread mutex") at bionic_systrace.cpp:59:8
    frame #6: 0x0000007436e193e4 libc.so`NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*) [inlined] NonPI::NormalMutexLock(mutex=0x0000007296cae9f0, shared=0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:592:17
    frame #7: 0x0000007436e193c8 libc.so`NonPI::MutexLockWithTimeout(mutex=0x0000007296cae9f0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:719:16
    frame #8: 0x0000007436e1912c libc.so`::pthread_mutex_lock(mutex_interface=<unavailable>) at pthread_mutex.cpp:839:12 [artificial]
    frame #9: 0x00000071a4e5b290 libfdtrack.so`std::__1::mutex::lock() [inlined] std::__1::__libcpp_mutex_lock(__m=<unavailable>) at __threading_support:256:10
    frame #10: 0x00000071a4e5b28c libfdtrack.so`std::__1::mutex::lock(this=<unavailable>) at mutex.cpp:31:14
    frame #11: 0x00000071a4e32634 libfdtrack.so`unwindstack::Elf::Step(unsigned long, unwindstack::Regs*, unwindstack::Memory*, bool*, bool*) [inlined] std::__1::lock_guard<std::__1::mutex>::lock_guard(__m=0x0000007296cae9f0) at __mutex_base:104:27
    frame #12: 0x00000071a4e32618 libfdtrack.so`unwindstack::Elf::Step(this=0x0000007296cae9c0, rel_pc=66116, regs=0x0000007266ca0470, process_memory=0x0000007246caa130, finished=0x0000007ff910efb4, is_signal_frame=0x0000007ff910efb0) at Elf.cpp:206:31
    frame #13: 0x00000071a4e2b3b0 libfdtrack.so`unwindstack::LocalUnwinder::Unwind(this=0x00000071a4ea1528, frame_info=<unavailable>, max_frames=34) at LocalUnwinder.cpp:102:22
    frame #14: 0x00000071a4e2a3ec libfdtrack.so`fd_hook(event=<unavailable>) at fdtrack.cpp:119:18
    frame #15: 0x0000007436dbf684 libc.so`::__open_2(pathname=<unavailable>, flags=<unavailable>) at open.cpp:72:10
    frame #16: 0x0000007436db0a04 libc.so`bionic_trace_begin(char const*) [inlined] open(pathname=<unavailable>, flags=524289) at fcntl.h:63:12
    frame #17: 0x0000007436db09f0 libc.so`bionic_trace_begin(char const*) [inlined] get_trace_marker_fd() at bionic_systrace.cpp:49:25
    frame #18: 0x0000007436db09c0 libc.so`bionic_trace_begin(message="pthread_create") at bionic_systrace.cpp:63:25
```

Bug: 213642769
Change-Id: I10d331859045cb4a8609b007f5c6cf2577ff44df
2022-01-25 20:50:12 +00:00
Evgenii Stepanov
e37ca53157 Fix MemtagNoteTest and make it runnable on non-MTE devices.
Update the path to the helper binary, and run the test on non-MTE
hardware with the expectation that the bug is not detected.

Test: bionic-unit-tests
Bug: none
Change-Id: I34eb4dc46d0bacd83824d307398f7891d4806686
2022-01-21 19:55:54 +00:00
Elliott Hughes
e62be7eea5 Merge "Don't use LLVM when readelf(1) will do." 2022-01-14 19:45:54 +00:00
Elliott Hughes
1ff7be0713 Don't use LLVM when readelf(1) will do.
This was probably the least worst choice at the time, but we have toybox
readelf now, which is a much lighter-weight dependency (that we already
have for some other tests).

This is also one less use of the *renderscript* LLVM, which we'll be
wanting to finally delete soon.

Test: treehugger
Change-Id: I0e05b8f139ec6e6a425b575368f3d514b8b1cc64
2022-01-13 15:46:13 -08:00
Elliott Hughes
db358e6ae1 Don't use llvm-defaults to build some tests.
It's not clear this was ever needed, it doesn't seem to make any
difference now, and these are the defaults for the obsolete renderscript
LLVM anyway, so... yeah.

This was noticed because it was causing some of our tests to be built as
C++11 rather than [the current default of] C++17.

Test: treehugger
Change-Id: I7d72b3fd58e9cf9a02048b0298eee845d19307f7
2022-01-12 09:15:46 -08:00
Christopher Ferris
724efbb57c Mark variables as unused.
clang is smart enough to notice a variable is set but not used,
but these variable are used for testing purposes. Mark one as
unused, and convert the other to a DoNotOptimize.

Bug: 197240255

Test: Compiles without warnings.
Test: Ran unit tests on coral hwasan build.
Change-Id: Ibc873e477355a702579e5a680780c77db0c58046
2021-12-14 23:02:53 +00:00
Christopher Ferris
8248e62fa9 Add mallinfo2 call.
Bug: 208293616

Test: New unit tests pass.
Change-Id: I619219b7322e2dd1c82b9c8a171dfbfe7eac6706
2021-12-13 14:26:17 -08:00
Peter Collingbourne
a43e7a87b3 Merge "Fix a race condition in the bionic pthread tests." 2021-12-03 00:55:43 +00:00
Peter Collingbourne
c5b81844b6 Fix a race condition in the bionic pthread tests.
It's possible for the main thread to leave the RunTimedTest
function before the waiting thread has had a chance to call e.g.
pthread_cond_timedwait(). In this case, pthread_cond_timedwait()
will access the local variable ts after its lifetime has ended. Fix
the bug by making ts a field of pthread_CondWakeupTest instead. The
lifetime of pthread_CondWakeupTest is tied to that of the waiting
thread via the pthread_join() call.

Found with HWASan + uaccess logging.

Change-Id: Iefe8deb30a367dc518013d741c425b041596b0d3
2021-12-02 12:45:54 -08:00
Evgenii Stepanov
19e63753d2 Merge "Regression test for scudo crash in resizeTaggedChunk." 2021-11-17 06:04:01 +00:00
Evgenii Stepanov
f0d7a34e25 Regression test for scudo crash in resizeTaggedChunk.
This is a copy of the upstream scudo test for CTS:
https://reviews.llvm.org/rG913d78c40c37c9c3428285d868ce454b058e40f3

Bug: 206701345
Test: CtsBionicTestCases
Change-Id: I76b6b33c0665d7ad3bdd8c07d39a39d0d24d94df
2021-11-16 20:10:12 -08:00
Stephen Hines
30cd30f644 Remove outdated ld.bfd usage.
LLD supports `-z global`, unlike ld.gold, which this was previously a
workaround for.

Test: mm in test dir
Change-Id: I1f621c329accfb31912a19544e34447aff0dfa28
2021-11-10 18:09:49 -08:00
Treehugger Robot
4b6ae54acf Merge "uchar.h tests: small improvements." 2021-11-09 18:48:20 +00:00
Elliott Hughes
3d8156d3ec uchar.h tests: small improvements.
Explicitly test an invalid 5-byte UTF-8 sequence with mbrtoc16(3); the
fact that we weren't testing this was shown by coverage data.

Merge the surrogate pair tests in with their fewer-byte siblings to make
it clearer to a human reader that we've covered both cases.

Clear errno to make assertions about errno more convincing.

Test: treehugger
Change-Id: I485a48cc141f3e52058e2138326f3134d41b2243
2021-11-05 17:49:36 -07:00
Elliott Hughes
b6b7e2ee2e Add the missing '--' to shell invocations.
This came up with POSIX recently. Doesn't seem like it matters since
everyone's had this wrong for 40 years, but "meh" --- it's a trivial
fix, and it's strictly correct even if nobody needs this, so let's just
do it...

(Geoff Clare pointed out that my app compat concern "what if someone's
relying on this bug to pass flags to the shell?" isn't relevant because
while you can indeed do that, you then can't pass a command!)

Bug: https://austingroupbugs.net/view.php?id=1440
Test: treehugger
Change-Id: I64f6440da55e2dc29d0136ee62007197d2f00d46
2021-11-04 17:29:35 -07:00
Christopher Ferris
2abfa9e4f8 Update to v5.15 kernel headers.
Kernel headers coming from:

Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.15

Test: Builds, and ran bionic unit tests on flame.
Change-Id: I86901ea6d89fb0f7384b90a47bef35d194083c24
2021-11-02 15:53:58 -07:00
Yi Kong
d8854293d1 Merge "Workaround Clang cannot build ifunc with LTO" 2021-10-23 12:47:26 +00:00