Looks like I'd been bad here, and added new stuff to this file rather
than <elf.h> directly. I've also done nothing to upstream any of this.
This patch at least addresses the former problem, moving our stuff out
into <elf.h>.
Rather than *delete* anything that conflicts with Linux in elf_common.h,
I've disable it with // or #if, and marked those as Android changes to
make it less likely that the next update accidentally drops them (which
isn't super likely, since most of them should actually cause build
failures when they conflict with uapi).
Test: treehugger
Change-Id: Id0deccc7305c60b0f708b55e2eed0dedc0bca41d
arm32/arm64: Previously, the loader miscalculated a negative value for
offset_bionic_tcb_ when the executable's alignment was greater than
(8 * sizeof(void*)). The process then tended to crash.
riscv: Previously, the loader didn't propagate the p_align field of the
PT_TLS segment into StaticTlsLayout::alignment_, so high alignment
values were ignored.
__bionic_check_tls_alignment: Stop capping alignment at page_size().
There is no need to cap it, and the uncapped value is necessary for
correctly positioning the TLS segment relative to the thread pointer
(TP) for ARM and x86. The uncapped value is now used for computing
static TLS layout, but only a page of alignment is actually provided:
* static TLS: __allocate_thread_mapping uses mmap, which provides only
a page's worth of alignment
* dynamic TLS: BionicAllocator::memalign caps align to page_size()
* There were no callers to StaticTlsLayout::alignment(), so remove it.
Allow PT_TLS.p_align to be 0: quietly convert it to 1.
For static TLS, ensure that the address of a TLS block is congruent to
p_vaddr, modulo p_align. That is, ensure this formula holds:
(&tls_block % p_align) == (p_vaddr % p_align)
For dynamic TLS, a TLS block is still allocated congruent to 0 modulo
p_align. Fixing dynamic TLS congruence is mostly a separate problem
from fixing static TLS congruence, and requires changing the dynamic
TLS allocator and/or DTV structure, so it should be fixed in a
later follow-up commit.
Typically (p_vaddr % p_align) is zero, but it's currently possible to
get a non-zero value with LLD: when .tbss has greater than page
alignment, but .tdata does not, LLD can produce a TLS segment where
(p_vaddr % p_align) is non-zero. LLD calculates TP offsets assuming
the loader will align the segment using (p_vaddr % p_align).
Previously, Bionic and LLD disagreed on the offsets from the TP to
the executable's TLS variables.
Add unit tests for StaticTlsLayout in bionic-unit-tests-static.
See also:
* https://github.com/llvm/llvm-project/issues/40872
* https://sourceware.org/bugzilla/show_bug.cgi?id=24606
* https://reviews.llvm.org/D61824
* https://reviews.freebsd.org/D31538
Bug: http://b/133354825
Bug: http://b/328844725
Bug: http://b/328844839
Test: bionic-unit-tests bionic-unit-tests-static
Change-Id: I8850c32ff742a45d3450d8fc39075c10a1e11000
We're starting to see projects _only_ use the SPDX identifiers (and
they're more readable "at a glance" anyway), so it's probably time to
include these...
Test: N/A
Change-Id: I5c76d77dcd392a8db1166108e410389d349a42c3
Vendor modules do not follow bionic versioning but define their own
versioning for LLNDK. Ignore the __INTRODUCED_IN annotation for
vendor modules.
Bug: 302113279
Test: build trunk-staging and next configurations
Change-Id: I04646b524d17f7ae47f0f96cb98f221f3e821629
We cannot use a WriteProtected because we are accessing it in a
multithreaded context.
Test: atest memtag_stack_dlopen_test w/ MTE
Test: atest bionic-unit-tests w/ MTE
Test: atest bionic-unit-tests on _fullmte
Bug: 328256432
Change-Id: I39faa75f97fd5b3fb755a46e88346c17c0e9a8e2
We would get the SP inside of memtag_handle_longjmp, which could prevent
us from detecting the case where a longjmp is going into a function that
had already returned. This changes makes the behaviour more predictable.
Change-Id: I75bf931c8f4129a2f38001156b7bbe0b54a726ee
When 'no page size' is turned on (especially if it is turned
on by default in some environments), we need a way to turn
it off, thus restoring the old behavior.
Bug: 312546062
Change-Id: I411cff621246b6ba40e70bb51234f3886ba9527a
Test: N/A
The test failed the first time someone ran it as a non-root user.
Definitely not worth changing sepolicy for this, and even if we did,
that wouldn't work for static binaries (to the extent that we care).
Bug: http://b/326189243
Test: treehugger
Change-Id: I02441ce7f69ac477b0223565ac490046cee12579
The -1 from pathconf()/fpathconf() with these isn't the "I don't know
what you're talking about" -1/EINVAL, but the "I understand the
question, but don't have an answer for you --- you'll have to try it and
see" -1.
Bug: http://b/326245682
Test: treehugger
Change-Id: I67be277f3ffd9b5a355787ae7ffc4a31e32b0128
Since Treble, /vendor components has been using /vendor/bin/sh. But this
gets complicated with APEXes, /odm, apps, etc. We now switch back to
/system/bin/sh for all domains. In practice, this should be okay because
/system/bin/sh is almost stable.
Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor components
Change-Id: Id830aa8281e7cbda1f15474174c38d8e28dc358b
Also enable stack MTE if main binary links in a library that needs it.
Otherwise the following is possible:
1. a binary doesn't require stack MTE, but links in libraries that use
stg on the stack
2. that binary later dlopens a library that requires stack MTE, and our
logic in dlopen remaps the stacks with MTE
3. the libraries from step 1 now have tagged pointers with missing tags
in memory, so things go wrong
This reverts commit f53e91cc81.
Reason for revert: Fixed problem detected in b/324568991
Test: atest memtag_stack_dlopen_test with MTE enabled
Test: check crash is gone on fullmte build
Change-Id: I4a93f6814a19683c3ea5fe1e6d455df5459d31e1
For devices with ro.board.api_level >= 202404, use /system/bin/sh for
all domains include /vendor and other partitions.
Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor components
Change-Id: Ifa4f38e542377ce1482516fba4f0001c09c5a869
initgroups() is just a call to getgrouplist() followed by a call to
setgroups(). The tricky part is memory allocation. OpenBSD allocates an
NGROUPS_MAX-sized array of gid_t on the stack. FreeBSD allocates a
sysconf(_SC_NGROUPS_MAX)-sized array of gid_t on the heap. bionic had a
mix where it would try a 2-element stack array but fall back to a heap
allocation, which sounds reasonable if you want to avoid a 256KiB
(64Ki*4 bytes) allocation on either stack or heap. But that constant 2?
That's weird in two ways... It's really small (musl has an NGROUPS_MAX
of 32 unlike the Linux kernel's 64Ki, but 32 is still a lot larger than
2), but at the same time it's too big --- bionic's getgrouplist() always
returns a single element.
So although the FreeBSD "what the hell, let's just allocate 256KiB on
the heap" implementation would have been fine, there's really no point,
and anyone who's trying to understand initgroups() on Android really
needs to read getgroupslist() anyway, so let's just have the most
trivial implementation -- a single-element array -- and let's have it
right next to getgroupslist() in the same file as all the other <grp.h>
functions.
Also add a trivial smoke test. You mostly won't have permission to do
anything interesting with initgroups(), and it's basically unused save
for privilege dropping tcpdump and strace, but we may as well make an
effort. (I tested tcpdump before and after too.)
Test: treehugger
Change-Id: I67fe02e309ed1dbefc490c01733738363ca606be
The previous implementation wasn't wrong (it returned the "maximum
maximum"), but we can return the actual runtime value from the kernel.
Noticed while looking at initgroups().
Test: treehugger
Change-Id: I891fe4ff29bd82ee05d9e05ed8299d32c21abd7f
This is for advanced use-cases that have high performance demands and
know they will repeatedly re-use the crash_detail.
Bug: 155462331
Change-Id: Ib15dac70d1d598f78b74b539aeadf88b0ca32bc7
llvm-libc will reuse parts of the existing system headers for types that have
implications on the ABI.
Fixes:
error: external/llvm-libc/Android.bp:3:1: module "llvmlibc" variant
"android_recovery_riscv64_static": depends on //bionic/libc:libc_headers
which is not visible to this module You may need to add
"//external/llvm-libc" to its visibility
Test: TH
Bug: 321313756
Change-Id: I33b93d8e1617a480249641dc2cdf4bbee9f9e19d
These files were segregated because they were lacking a little cleanup.
Unfortunately that means this change has to do some of the cleanup, but
that's probably for the best.
Test: treehugger
Change-Id: I2dd33504787fc3313995de99e0745a0df22915b3
This reverts commit 79c9694c91.
Reason for revert: DroidMonitor: Potential culprit for Bug b/324348078 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: I32f7bc824900e18a7d53b025ffe3aaef0ee71802
Factor out generic __get_elf_note() logic and rename __get_elf_note() to
__find_elf_note(). Expose __get_elf_note() in libc/private/bionic_note.h
This will be used in the subsequent patch to test the presence of
NT_ANDROID_TYPE_PAD_SEGMENT note when loading segments.
Test: atest -c linker-unit-tests [Later patch]
Test: m && launch_cvd
Bug: 316403210
Change-Id: Ia7cb2f40b10cfaef402182a675087c8422b37e4d
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
