This flag is required to filter out shared VMAs when compacting memory
using process_madvise.
Test: atest bionic-unit-tests-static
Bug: 173258203
Change-Id: I01fc0cc614b03128a5a9b0a6c8c5c2d829b701f9
Update a comment in android-changes-for-ndk-developers.md about the
removed debug.ld.greylist_disabled system property.
Update language to comply with Android's inclusive language guidance
#inclusivefixit
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: http://b/162536543
Test: bionic-unit-tests
Change-Id: I760ee14bce14d9d799926c43d2c14fd8ffbc6968
This reverts commit 01fb8d7120.
Reason for revert: Re-land the test after fixing b/156397945
Bug: 156397945
Change-Id: Ie9ec5fef7a308e28d512c6438c5c06758bdbcf06
Change the location set in the linker
Bug: 130219528
Bug: 138994281
Test: atest CtsBionicTestCases
Test: atest CtsJniTestCases
Change-Id: I215a8e023ccc4d5ffdd7df884c809f8d12050c8f
When a library is present in a namespace via the secondary_namespaces
list (i.e. the executable, LD_PRELOAD, DF_1_GLOBAL, or
android_create_namespace inheritance), then we want to search that
library's symbols, but not the symbols of its dependencies. Otherwise,
we want to search the dependencies to handle cross-NS dependency.
Bug: http://b/148569846
Test: bionic unit tests
Change-Id: If798d69de28ed5c0f1a155e4ff85c7e08934e531
Historically we've made a few mistakes where they haven't matched the
right number. And most non-Googlers are much more familiar with the
numbers, so it seems to make sense to rely more on them. Especially in
header files, which we actually expect real people to have to read from
time to time.
Test: treehugger
Change-Id: I0d4a97454ee108de1d32f21df285315c5488d886
The executable flag might not be present for the executable segment
if the code is being handled by native bridge implementation. Old
heuristics for this case was to assume first segment is executable.
This doesn't stand any more. Instead, look for segment that contains
the function test is going to call.
Test: bionic-unit-tests --gtest_filter=dlext.ns_anonymous
Change-Id: I960bebba86e225d739b73f6d093e145fff17b4a8
This change makes it easier to diagnose mistakes in linker
configuration that result in a library being accidentally loaded in
multiple namespaces without its dependencies available everywhere.
Test: manually tested the error message
Test: bionic-unit-tests
Change-Id: I03a20507f8fc902c2445a7fbbf59767ffffd5ebf
Scudo creates a large map on 64 bit which can cause a slow down trying
to get the usage stats for all maps. Since the test only really cares
about a small subset of maps, only get the usage stats for those maps.
Test: Ran unit tests on scudo and jemalloc based systems.
Change-Id: Iba3cff1487ca304083aac323a3971b9f939f5c11
The call to the load hook needs to be moved before the call to link_image()
because the latter calls ifunc resolvers which might access global
variables. This fixes a bunch of ifunc tests.
The dlfcn.segment_gap test is currently failing. One problem is that the name
of the .bss.end_of_gap section changes as a result of global instrumentation.
Add some wildcards in so that we match both names. The other problem seems
to be the same as b/139089152.
It turns out that we need to untag pointers in a few more places. Since we have
quite a few of these now it seems worth creating a function for it.
Test: bionic-unit-tests
Change-Id: I44e2b0904faacdda7cc0c5e844ffc09de01dea2d
These are old enough now that the latest devices will have kernels that
support them.
Also add basic doc comments to <sys/mman.h>.
Test: treehugger
Change-Id: I1b5ff5db0b6270f5c374287cac1d6a751a0259f5
ANDROID_DLEXT_WRITE_RELRO was inadvertently writing out the RELRO
section of all libraries loaded during a given dlopen() call instead of
only the main library; since the other libraries are loaded at
unpredictable addresses this additional data is rarely useful.
Fix this to only happen when the
ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE flag is being used.
Bug: 128623590
Test: DlExtRelroSharingTest.CheckRelroSizes
Change-Id: I05e8651d06ce2de77b8c85fe2b6238f9c09691ad
ANDROID_DLEXT_WRITE_RELRO was causing the GNU RELRO sections of
libraries to become corrupted if more than one library was being loaded
at once (i.e. if the root library has DT_NEEDED entries for libraries
that weren't already loaded). The file offset was not being correctly
propagated between calls, so after writing out the (correct) RELRO data
to the file, it was mapping the data at file offset 0 for all libraries,
which corrupted the data for all but one of the libraries.
Fix this by passing file_offset as a pointer the same way that
phdr_table_map_gnu_relro does.
Bug: 128623590
Test: tbd
Change-Id: I196cd336bd5a67454e89fd85487356b1c7856871
When built with clang-r353983, the ReservedRecursiveTooSmall test fail
due to the reserved memory is now large enough for android_dlopen_ext.
Reduce the reserved memory size to agree with ReservedTooSmall test.
Test: bionic-unit-tests
Bug: 126457671
Change-Id: I3e311a3f35b0de5d028fa1b9b3681d5ec32faee8
Introduce a new flag ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE which
instructs the linker to use the reserved address space to load all of
the newly-loaded libraries required by a dlopen() call instead of only
the main library. They will be loaded consecutively into that region if
they fit. The RELRO sections of all the loaded libraries will also be
considered for reading/writing shared RELRO data.
This will allow the WebView implementation to potentially consist of
more than one .so file while still benefiting from the RELRO sharing
optimisation, which would otherwise only apply to the "root" .so file.
Test: bionic-unit-tests (existing and newly added)
Bug: 110790153
Change-Id: I61da775c29fd5017d9a1e2b6b3757c3d20a355b3
This reverts commit 1906e77665
and fixes dlopen(nullptr)
It's enabled for the following .so libraries
libicuuc.so
libicui18n.so
This CL does not move the .so files into a APEX.
Thus, no visible effect before moving .so files.
Bug: 121248172
Test: dlfcn#dlopen_from_nullptr
Test: Perform the following test after moving libicuuc to /apex
dlopen("/system/lib64/libicuuc.so") for targetSdkVersion < Q
Change-Id: Ia310ea566485fe00ca28e2203f4bffbd92243638
Use a global gtest isolation runner rather than the custom one in
bionic.
Test: Ran all unit tests and verified same behavior before and after.
Change-Id: I24a7cf17cf8e018d0f51969c64b53ce9059cc779
This check was not necessary since it is perfectly fine for a dso to
have any number of PT_LOAD segments, given that the number is > 0.
Bug: http://b/109747297
Test: make
Change-Id: I0e3b400fddf05ed7b9342bacbfffd3b578f26cf3
This commit allows users to create a link without soname filters between
two linker namespaces.
The motivation is to establish one-way shared library isolation. For
example, assume that there are two linker namespaces `default` and
`vndk`. We would like to limit the shared libraries that can be used by
the `default` namespace. In the meanwhile, we would like to allow the
`vndk` namespace to use shared libs from the `default` namespace if the
soname cannot be find in the search path or loaded sonames of the `vndk`
namespace.
shared_libs = %VNDK_CORE_LIBRARIES%
shared_libs += %VNDK_SAMEPROCESS_LIBRARIES%
vndk <-------------------------------------------- default
\_______________________________________________/^
allow_all_shared_libs = true
android_link_namespaces_all_libs() is added to libdl, but it is
versioned as LIBC_PRIVATE. android_link_namespaces_all_libs() is only
for unit tests.
Bug: 69824336
Test: adb shell /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: adb shell /data/nativetest64/linker-unit-tests/linker-unit-tests64
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests
Test: Update /system/etc/ld.config*.txt and check whether the vndk
linker namespace of the vendor process can access the shared libs from
the default linker namespace.
Change-Id: I2879f0c5f5af60c7e56f8f743ebd2872e552286b
There were a bunch more unreasonable/incorrect ones, but these ones
seemed legit. Nothing very interesting, though.
Bug: N/A
Test: ran tests, benchmarks
Change-Id: If66971194d4a7b4bf6d0251bedb88e8cdc88a76f
This change addresses multiple problems introduced by
02586a2a34
1. In the case of unsuccessful dlopen the failure guard is triggered
for two namespaces which leads to double unload.
2. In the case where load_tasks includes libraries from 3 and more
namespaces it results in incorrect linking of libraries shared between
second and third/forth and so on namespaces.
The root cause of these problems was recursive call to find_libraries.
It does not do what it is expected to do. It does not form new load_tasks
list and immediately jumps to linking local_group. Not only this skips
reference counting it also will include unlinked but accessible library
from third (and fourth and fifth) namespaces in invalid local group. The
best case scenario here is that for 3 or more namesapces this will
fail to link. The worse case scenario it will link the library
incorrectly with will lead to very hard to catch bugs.
This change removes recursive call and replaces it with explicit list of
local_groups which should be linked. It also revisits the way we do
reference counting - with this change the reference counts are updated after
after libraries are successfully loaded.
Also update soinfo_free to abort in case when linker tries to free same
soinfo for the second time - this makes linker behavior less undefined.
Test: bionic-unit-tests
Bug: http://b/69787209
Change-Id: Iea25ced181a98c6503cce6e2b832c91d697342d5
This reverts commit 58554ccb8a.
causes /vendor/bin/qseecomd to hit the new abort:
[ 8.983301] c5 603 DEBUG: Abort message: 'soinfo=0x7147894cd0 is not in soinfo_list (double unload?)'
Bug: http://b/69909887
Bug: http://b/69787209
Change-Id: Ied38f797e0a071a1acc5ed41adf1b45e855143c7
In the case of unsuccessful dlopen the failure guard is triggered
for two namespaces which leads to double unload.
Also update soinfo_free to abort in case when linker tries to free same
soinfo for the second time - this makes linker behavior less undefined.
Test: bionic-unit-tests
Bug: http://b/69787209
Change-Id: I886787ee021b050667f967bce7aa2708390886ea
Added a test to make sure linker produces correct error message
when user attempts to load a library in a linked namespace and fails.
Bug: http://b/67866190
Bug: http://b/64950640
Bug: http://b/64888291
Test: bionic-unit-test --gtest_filter=dlext*
Change-Id: I5b5c2070d1388eff123118350b2b5c8fc7571a29
The executable flag might not be present for the executable segment
if the code is being handled by native bridge implementation. This
commit changes the test to restore executable flag for first segment
if it was removed.
Test: bionic-unit-tests
Change-Id: Ie930539135edc4db3245574b5cbe476aa1ad49c7
dlext.ns_shared creates a child namespace, which is isolated & shared,
from the default namespace. It then checks whether a lib that was loaded
in the parent(=default) namespace *after* the child namespace is created
is not accessible to the child namespace. Because this test is using the
default namespace as a parent namespace, the test result is dependent on
the specific configuration of the default namespace, which isn't
desirable.
Specifically, since ANDROID_NAMESPACE_TYPE_SHARED now copies search
paths and permitted paths of the parent namespace to the child namespace,
a lib that is accessible to the former is also accessible to the latter
even if the lib hasn't been shared when creating the latter. So, the
result of the test varies depending on whether the default namespace has
permitted paths or not. (if it is configured as an isolated namespace
and has permitted paths, then the test fails).
In order to make this test be independent from how the default namespace
is configured, a parent namespace is explicitly created and the child
namespaces are created from the parent namespace, not from the default
namespace.
Bug: 65189955
Test: bionic-unit-tests --gtest_filter=dlext.ns_shared successful
Test: the same test successful when the default namespace is configured
as follows
namespace.default.isolated = true
namespace.default.permitted_paths = ...:/data
Change-Id: Ifa33c6c42f8c327b2b1c380c7abba8e8f1afee82
Strictly, the mode isn't really meaningful unless you supply O_EXCL,
but the kernel will take it and fstat will return it even if you
never give the file a name.
Also warn for O_TMPFILE without a mode at compile time where possible.
Bug: N/A
Test: ran tests
Change-Id: I729b6d6e6190676fd017a1190b6200bf9abdbfd8
With this, stack frame 0 is the abort, not tgkill.
arm:
#00 pc 0001a41c /system/lib/libc.so (abort+63)
arm64:
#00 pc 000000000001d75c /system/lib64/libc.so (abort+120)
Also "include what you use" for <sys/syscall.h>.
Bug: N/A
Test: ran `crasher abort` and `crasher64 abort`
Change-Id: I6517ac67b39b4133e890d52efc115071c812958b
greylist is needed only for application namepaces. Since we started using
linker-namesapces for vendors and other platform apps linker should not
enable greylist workaround by default.
Bug: http://b/37731053
Bug: https://issuetracker.google.com/38146125
Test: sailfish builds and boots
Test: bionic-unit-tests and linker-unit-tests pass
Change-Id: Iee83db6fb1ae754f5ade18491321d9bca3b5ead4
(cherry picked from commit e8ffe56a9c)
Make shared namespace inherit namespace links and
search/permitted paths from the parent namespace.
Bug: http://b/37854032
Test: bionic_unit_tests --gtest_filter=dl*:Dl*
Change-Id: I174661d4a1dd0cbe4a378179073719aa955f3592
(cherry picked from commit ec43dd6c36)
DlExtRelroSharingTest.VerifyMemorySaving verifies whether
android_dlopen_ext(ANDROID_DLEXT_USE_RELRO) really saves memory.
This patch compares Pss of the tested library rather than total
Pss of the process, in case different behavior of dlopen() and
android_dlopen_ext() introduces random Pss usage.
Test: DlExtRelroSharingTest.VerifyMemorySaving
Change-Id: I696eca736018fca5d9ec9385ac1c79ced280281d
This change adds two tests for dlopen from temporary files.
1. One Uses memfd_create() can be used to load libraries directly
from memory. This requires relaxing namespace accessibility check
in order to make this work in isolated namespaces.
2. Another checks that open with O_TMPFILE works.
Bug: http://b/37245203
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I3be1d7198ca17e7f1ba022a0d86c64d59a493506
(cherry picked from commit bb8b22a087)