Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.
Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
These cover the parts of fnmatch() that I think I understand. Missing
FNM_LEADING_DIR because I still haven't understood that yet. All the
descriptions of its behavior that I've seen are slightly (or very)
inconsistent, and it seems like the implementations are genuinely
different too.
Test: treehugger
Change-Id: I1284c406639bef1bfe74db3cad45965c8ab29c2b
A constructor or destructor function with an integral priority is
placed in an .init_array or .fini_array section with the priority
suffixed to the section name:
- __attribute__((constructor)) ==> .init_array
- __attribute__((constructor(42))) ==> .init_array.42
The suffixed init/fini sections appear before the unsuffixed sections,
so the prioritized functions appeared before the __{INIT,FINI}_ARRAY__
symbols and were dropped when the symbols were used.
The (static) linker doesn't recognize priority suffixes on
.preinit_array.
This bug affected .init_array and .fini_array for static executables.
For dynamic executables, only .fini_array was affected, because
.init_array is handled by the dynamic loader instead, which uses
DT_INIT_ARRAY[SZ]. For DSOs, neither is affected, because the two
sections are only handled by the dynamic loader.
This patch also fixes a minor inconsistency where dynamic init/preinit
were passed argc/argv/envp, but static were not.
Bug: http://b/170983066
Test: bionic-unit-tests
Change-Id: I0fffa776e5d9bdb6f8af06b4c1af148236742fef
A downstream user of bionic has a test that requires the sizes and
offsets of various fields in pthread_internal_t to be consistent
between x86 and arm32, and between x86_64 and arm64, by checking that
the sizes and offsets match hardcoded constants. Since this test often
makes it difficult to update bionic's internal data structures, add
a test to bionic that does the same thing so that we can remove the
downstream test and make it easier to change internal data structures
in bionic.
Change-Id: Id5bd3f9fae00aa3b50d1b1267e782e26fe6c8369
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
In bionic, libcutils_headers header library cannot be used due to
cyclic dependencies, so it gets the actual include path instead, which
is less bad than depending on the build system injecting the for all
modules.
Bug: 165825252
Test: build
Change-Id: Id43bdea9553b1174ceb3efc2a3ed505888619c62
Mostly from extra test cases, but also:
* Move the fgets size < 0 assertion into fgets.
* Use ELF aliases for strtoq/strtouq rather than duplicating code.
* Don't check uname() succeeded, since it can't fail.
Test: treehugger
Change-Id: I2e6b3b88b0a3eb16bd68be68b9bc9f40d8043291
The SYNC tagging level enables stack trace collection for allocations and
deallocations, which allows allocation and deallocation stack traces to
appear in tombstones when encountering a tag check fault in synchronous tag
checking mode.
Bug: 135772972
Change-Id: Ibda9f51b29d2c8e2c993fc74425dea7bfa23ab1e
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Relanding unchanged - the build problem was due to a split topic.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Iaf49597ea265e6f2a042de5ee873238073b2e545
Reason for revert: Breaks rvc-d1-dev-plus-aosp: http://ab/6443190
Reverted Changes:
Ide447b89a:bionic_libc_platform_headers is only available whe...
Ia93cd3ec8:bionic_libc_platform_headers is only available whe...
Icdc495588:Make bionic_platform_headers available only for Bi...
Idfd7c87dc:bionic_libc_platform_headers is only available whe...
Bug: 152255951
Bug: 155269399
Change-Id: I214f1165bb0a7e59d3b35a13b3cceb1965be922b
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Icdc49558893c5355860f78d23275c49ba0119900
The question of why the unit tests need the bootstrap bionic came up
while I was working on http://b/152572170.
Test: none
Change-Id: I08651200e2193c6ea4d3a734b59f022d69e5f154
This causes failures in signal handler tests, because it looks like clang
doesn't understand how to enable the stack protection in a signal handler.
Clang winds up scribbling on the real stack.
Bug: 149934069
Bug: 151372823
Test: Ran all unit tests on bonito/taimen and the signal handler tests pass.
Change-Id: If73f55e7505b6d7f35b340be0b03c798b21e2829
Simplify:
- Use a single memory-mapped region to hold the table of destructors.
Double its capacity each time it is expanded.
- Add a recompaction pass at the end of __cxa_finalize that shifts
entries forward and uses madvise to clean pages.
Bug: http://b/148055738
Test: bionic-unit-tests
Change-Id: Ieb9da2b88640a8a5277d217b43826b5b7e246781
This change adds standard branch protection to bionic unit tests
for arm64 targets. For more information see
https://developer.arm.com/search#q=branch-protection
Both Armv8.3-A Pointer Authentication (using the A-key) hint-space
instructions and Armv8.5-A Branch Target Identification hint-space
landing pads are added to the generated code.
Test: 1. Tested on flame
2. Tested on FVP
Change-Id: Ice991c538a9101448dea64c357f3f6bfb93877eb
When a library is present in a namespace via the secondary_namespaces
list (i.e. the executable, LD_PRELOAD, DF_1_GLOBAL, or
android_create_namespace inheritance), then we want to search that
library's symbols, but not the symbols of its dependencies. Otherwise,
we want to search the dependencies to handle cross-NS dependency.
Bug: http://b/148569846
Test: bionic unit tests
Change-Id: If798d69de28ed5c0f1a155e4ff85c7e08934e531
This function will be used by Scudo and GWP-ASan to efficiently collect
stack traces for frames built with frame pointers.
Bug: 135634846
Bug: 135772972
Change-Id: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Merged-In: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Add a hook that's called upon file descriptor creation to libc, and a
library that uses it to capture backtraces for file descriptor creation,
to make it easier to hunt down file descriptor leaks.
Currently, this doesn't capture all of the ways of creating a file
descriptor, but completeness isn't required for this to be useful as
long as leaked file descriptors are created with a function that is
tracked. The primary unhandled case is binder, which receives file
descriptors as a payload in a not-trivially-parsable byte blob, but
there's a chance that the leak we're currently trying to track down
isn't of a file descriptor received over binder, so leave that for
later.
Bug: http://b/140703823
Test: manual
Change-Id: I308a14c2e234cdba4207157b634ab6b8bc539dd9
(cherry picked from commit b7eccd4b15)
mte_supported() lets code efficiently detect the presence of MTE, and
ScopedDisableMTE lets code disable MTE RAII-style in a particular region
of code.
Bug: 135772972
Change-Id: I628a054b50d79f67f39f35d44232b7a2ae166afb
On Android, fcntl is always implemented by fcntl64(2). This means that
an LP32 binary can `fcntl(F_SETLK, struct flock)` (because fcntl64(2)
passes through to the 32-bit fcntl(2) to handle F_SETLK), and it can
also `fcntl(F_SETLK64, struct flock64)`. What it can't do before this
patch is set _FILE_OFFSET_BITS=64 and then `fcntl(F_SETLK, struct
flock)` where that `struct flock` is actually implicitly `struct
flock64`.
Move the kernel uapi structs out of the way, define them ourselves based
on __LP64__ and _FILE_OFFSET_BITS, and fix up the relevant F_ constants.
(Also add a .clang-format to turn off clang-format in libc/include/.)
Bug: N/A
Test: treehugger (and strace!)
Change-Id: Iccd6c83d9133e1efcf93a7b49a6ae0f1bbd3d58b
Test (a) that we can load the library, but also (b) that readelf thinks
it contains the relocation encoding we were expecting. Do this for all
four of RELR, ANDROID_RELR, relocation packer, and the original ELF
relocation encoding.
Bug: http://b/147452927
Test: treehugger
Change-Id: I5fab72f99d46991c1b206a1c15c76e185b7148b3
Until now we've only supported RELR with our own OS-private-use
constants. Add support for the official numbers (while maintaining
support for the historical numbers).
Add tests to ensure we continue to support both indefinitely.
We can't yet flip the build system over to using the official constants
because the old GNU binutils objcopy we still use in most cases (for the
mini-debug section) only supports the historical constants.
Bug: http://b/147452927
Test: treehugger
Change-Id: If214fce7fade4316115947e90b78ab40864b61f2
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).
We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.
If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.
Bug: 135754954
Bug: 147147490
Test: cd bionic && atest .
Change-Id: Ie424325ba1e3c4443040ac265aeaa28d9e405d28
This reverts commit 43d5f9d4dd.
Bug: 135754954
Bug: 147147490
Exempt-From-Owner-Approval: clean revert
Reason for revert: Breaks ART gtest, see:
https://ci.chromium.org/p/art/builders/ci/angler-armv8-non-gen-cc/561
The crash happens on mprotect of a page, the test crashes with ENOMEM.
Change-Id: I52eea1abbfaf8d8e2226f92d30aa55aba3810528
This patch introduces tagged pointers to bionic. We add a static tag to
all pointers on arm64 compatible platforms (needs requisite
top-byte-ignore hardware feature and relevant kernel patches).
We dynamically detect TBI-compatible devices (a device with the TBI feature and
kernel support) at process start time, and insert an implementation-dependent
tag into the top byte of the pointer for all heap allocations. We then check
that the tag has not been truncated when deallocating the memory.
If an application incorrectly writes to the top byte of the pointer, we
terminate the process at time of detection. This will allow MTE-incompatible
applications to be caught early.
Bug: 135754954
Bug: 147147490
Test: cd bionic && atest .
Change-Id: I6e5b809fc81f55dd517f845eaf20f3c0ebd4d86e
In configs like ASAN, we can't use _chk functions. This CL builds off of
previous work to allow us to still emit diagnostics in conditions like
these.
Wasn't 100% sure what a good test story would look like here. Opinions
appreciated.
Bug: 141267932
Test: checkbuild on internal-master. TreeHugger for x86_64.
Change-Id: I65da9ecc9903d51a09f740e38ab413b9beaeed88
This reverts commit d7e11b8853.
Reason for revert: Breaks aosp_x86_64-eng. Will look into it and
unbreak when it's not almost midnight. :)
Change-Id: I21f76efe4d19c70d0b14630e441376d359a45b49
In configs like ASAN, we can't use _chk functions. This CL builds off of
previous work to allow us to still emit diagnostics in conditions like
these.
Wasn't 100% sure what a good test story would look like here. Opinions
appreciated.
Bug: 141267932
Test: checkbuild on internal-master
Change-Id: I8d4f77d7b086a8128a18a0a0389243d7fa05b00f
I plan to add tests to this test binary that take a long time to run.
The first is a malloc test that demonstrates that jemalloc appears
to be leaking memory slowly over time.
Test: Ran the bionic-stress-tests on host and verified it runs forever,
Test: but doesn't display RSS/VSS data.
Test: Ran the bionic-stress-tests on a taimen and verified it runs forever,
Test: and does display RSS/VSS data.
Change-Id: Ic612e4181ffea898d4d83af097939cd517a180ee
https://reviews.llvm.org/D58797 added several new compile time
_FORTIFY_SOURCE diagnostics. This broke clang_fortify_tests:
FAILED: out/target/product/walleye/obj/STATIC_LIBRARIES/bionic-compile-time-tests2-clang++_intermediates/clang_fortify_tests.o
error: 'warning' diagnostics seen but not expected:
Line 159: 'memcpy' will always overflow; destination buffer has size 8, but size argument is 9
Line 161: 'memmove' will always overflow; destination buffer has size 8, but size argument is 9
Line 165: 'memset' will always overflow; destination buffer has size 8, but size argument is 9
Line 183: 'strncpy' size argument is too large; destination buffer has size 8, but size argument is 9
Line 185: 'stpncpy' size argument is too large; destination buffer has size 8, but size argument is 9
Line 189: 'strncat' size argument is too large; destination buffer has size 8, but size argument is 9
Line 227: 'strncpy' size argument is too large; destination buffer has size 4, but size argument is 5
Line 232: 'stpncpy' size argument is too large; destination buffer has size 4, but size argument is 5
Line 242: 'strncat' size argument is too large; destination buffer has size 4, but size argument is 5
Line 490: 'snprintf' size argument is too large; destination buffer has size 8, but size argument is 9
Line 495: 'vsnprintf' size argument is too large; destination buffer has size 8, but size argument is 9
error: 'note' diagnostics seen but not expected:
File bionic/libc/include/bits/fortify/fcntl.h Line 50: 'open' has been explicitly marked unavailable here
File bionic/libc/include/bits/fortify/fcntl.h Line 102: 'open64' has been explicitly marked unavailable here
File bionic/libc/include/bits/fortify/fcntl.h Line 75: 'openat' has been explicitly marked unavailable here
File bionic/libc/include/bits/fortify/fcntl.h Line 121: 'openat64' has been explicitly marked unavailable here
File bionic/libc/include/bits/fortify/stdio.h Line 68: 'sprintf' has been explicitly marked unavailable here
16 errors generated.
Bug: 131328001
Bug: 138701853
Test: Build with r365631 toolchain
Change-Id: I103ecb7b3abcf4b5cfc4f36ccab69e03d0976275
This CL allows us to diagnose string functions that get an explicit size
passed into them, and string functions that are trivially misused.
Bug: 131861088
Test: mma
Change-Id: I894aec99420a75c6474cfd7d5010f0cf2f10ab21
Chrome OS has a fairly extensive FORTIFY test suite for both
compile-time and run-time diagnostics. It covers tons of edge cases, and
conveniently centralizes diagnostic and death testing.
A fair amount of it has been ifdef'ed out, since Bionic doesn't yet
diagnose (or crash on) some of these things. The intent is to explicitly
declare defeat on the things we don't care to FORTIFY, and slowly fix
the rest in easier-to-digest CLs.
Once that's done, we might be able to look into retiring some of the
FORTIFY testing that we don't share with the CrOS folks.
Bug: 131861088
Test: mma + bionic-unit-tests on blueline
Change-Id: I16734ea0769e03cf658ef10532d64f28fdb36a89
Cleanup of references to 'coverage' in build files. Part of a larger
cleanup to make fuzzing work again in the Android build tree.
Also fixed a test issue with emulated TLS with the new changes, and
removed libc.so fuzzer support until a linked bug is fixed
(b/132640749).
Bug: 121042685
Test: With all patches in the bug merged: mmma bionic
Change-Id: I592352fe9210ff811a2660a88cbbfe48d70a1e57
Merged-In: I592352fe9210ff811a2660a88cbbfe48d70a1e57
Cleanup of references to 'coverage' in build files. Part of a larger
cleanup to make fuzzing work again in the Android build tree.
Also fixed a test issue with emulated TLS with the new changes, and
removed libc.so fuzzer support until a linked bug is fixed
(b/132640749).
Bug: 121042685
Test: With all patches in the bug merged: mmma bionic
This is the qt-dev-plus-aosp cherrypick of aosp/954684. See the AOSP
commit for further information.
Change-Id: I592352fe9210ff811a2660a88cbbfe48d70a1e57
