This addresses post-commit feedback from
I88c39ca166bacde0b692aa3063e743bb046a5d2f. With this, our FORTIFY impl
now sits in one file.
Bug: 12231437
Test: mma; no new CtsBionicTestCases failures on bullhead internal
master.
Change-Id: I6f9ff81c3e86cf9d6a0efa650eb5765f1e2fa09c
As requested in the bug. This also rips __memcpy_chk out of memcpy.S,
which lets us cut down on copypasta (all of the implementations look
identical).
Bug: 12231437
Test: mma on aosp_{arm,arm64,mips,x86,x86_64} internal master;
checkbuild on bullhead internal master; CtsBionicTestCases on bullhead.
No new failures.
Change-Id: I88c39ca166bacde0b692aa3063e743bb046a5d2f
AFAICT, all of these were added prior to the new-style FORTIFY going
in. Because clang saw two definitions of the "same" function, it got
upset. (e.g. 35d937e4eb)
Now that our FORTIFY functions are overloads of their library functions,
these undefs can be removed.
(This is a step toward making FORTIFY a library with -U_FORTIFY_SOURCE
on it, as requested in the bug.)
Bug: 12231437
Test: CtsBionicUnitTests. No new failures.
Change-Id: I844ff77106ee2bea72ae1cd0bb85d146939ecd05
...by inlining them.
Also fix a couple of harmless bugs in passing. I've added tests, but in
both cases I don't think it was actually possible to hit the bad behavior:
we'd hit another test and fail immediately after in an externally
indistinguishable way.
Bug: N/A
Test: readelf
Change-Id: I8466050b0bfe2b7b94c76b383cf10c1d9d28debd
We don't need these in libandroid_support, but we do need the other
parts of wchar.cpp, and they're not really related.
Test: make checkbuild
Bug: None
Change-Id: I40f3089b034abfd4873e81c0b6216a7cfd977d8d
libandroid_support shouldn't be using Bionic's TLS slot. Add a
thread_local based implementation. We can't use the thread_local
implementation in bionic because the linker needs this and pthread
thread-locals (which is how thread_local is implemented) doesn't work
that early.
Test: make checkbuild
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Bug: https://github.com/android-ndk/ndk/issues/300
Change-Id: I7dcbf554ade2264d541d722fa3f86df04926e67a
Upstream's killpg is diverging further from glibc behavior, so let's just fork.
Bug: N/A
Test: ran tests
Change-Id: I70a3543018bc0a5c0bbf019ac527043b90568fda
Before this change we have the old NDK inline termios functions with the
modern constants. Unfortunately the old NDK inline functions relied on
hacking the constants. Fix things by sharing the implementation between
the platform and the NDK headers.
Bug: https://github.com/android-ndk/ndk/issues/441
Test: ran tests
Change-Id: I2773634059530bc954167f29c4783413a2294d5a
Warnings:
bionic/libc/bionic/fts.c:722:5: warning: Null passed to a callee that
requires a non-null 1st parameter
bionic/libc/bionic/sched_cpualloc.c:34:25: warning: Result of 'malloc'
is converted to a pointer of type 'cpu_set_t', which is incompatible
with sizeof operand type 'unsigned long'
bionic/linker/linker_main.cpp:315:7: warning: Access to field 'e_type'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:493:66: warning: Access to field 'e_phoff'
results in a dereference of a null pointer (loaded from variable
'elf_hdr')
bionic/linker/linker_main.cpp:90:14: warning: Access to field 'next'
results in a dereference of a null pointer (loaded from variable 'prev')
Bug: None
Test: mma; analyzer warnings are gone. CtsBionicTestCases pass.
Change-Id: I699a60c2c6f64c50b9ea06848a680c98a8abb44a
__libc_preinit sets up the stack protector global cookie value, and thus
cannot intialize a stack protector cookie for itself in the function
prologue. LTO compilation can inline functions requiring a stack
protector into __libc_preinit. This patch disables stack protection for
__libc_preinit and forces all potentially inlined functions into a
helper that can have a stack protector.
Test: run bionic-unit-tests
Change-Id: I45911611190f216c91eb6feff722967214c5f99f
With this, stack frame 0 is the abort, not tgkill.
arm:
#00 pc 0001a41c /system/lib/libc.so (abort+63)
arm64:
#00 pc 000000000001d75c /system/lib64/libc.so (abort+120)
Also "include what you use" for <sys/syscall.h>.
Bug: N/A
Test: ran `crasher abort` and `crasher64 abort`
Change-Id: I6517ac67b39b4133e890d52efc115071c812958b
No other C library expose these, and I couldn't find any callers.
Bug: http://b/62531921
Test: builds
Change-Id: I4a3505bc0897286a4036c48066b98d16665b573a
This breaks code that declares `errno` itself for whatever crazy reason:
b.c:22:12: error: conflicting types for '__errno'
extern int errno;
^
/usr/local/google/ndkports/toolchain/bin/../sysroot/usr/include/errno.h:47:20: note: expanded from macro 'errno'
#define errno (*__errno())
^
/usr/local/google/ndkports/toolchain/bin/../sysroot/usr/include/errno.h:44:15: note: previous declaration is here
volatile int* __errno(void) __attribute_const__;
^
Bug: N/A
Test: built various bits of GNU source
Change-Id: I27c03bf3bde419a001f98f1ea6c267c847f31271
File libc/SYSCALLS.TXT is updated to generate bionic's system call wrappers
for clock_gettime() & gettimeofday() that will be called if kernel vdso
implementations fail to execute.
The system call wrappers are generated using a python script gensyscalls.py.
Since all architectures support vdso now, there is no more need for conditional
statements regarding supported architectures in libc/bionic/vdso.cpp &
libc/private/bionic_vdso.h files.
Test: builds
Change-Id: I7213f29c179a7929851499d78a72900638ae861a
Signed-off-by: Goran Ferenc <goran.ferenc@imgtec.com>
Add the mallopt function, and only a single option so far.
Bug: 36401135
Test: Built and booted bullhead.
Test: Ran jemalloc unit tests.
Test: Ran bionic unit tests.
Test: Ran a test that allocated and free'd a large piece of memory,
Test: and verified that after changing the parameter, the PSS
Test: sticks around (decay timer set to 1), the PSS is purged (decay
Test: timer set to 0).
Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
__isthreaded is annoying for ARC++ and useless for everyone. Just hard-code
the value in ndk_cruft for LP32 and be done with it.
Bug: N/A
Test: builds
Change-Id: I08f11a404bbec55ed57cb1e18b5116163c7d7d13
Switch raise to using tgkill with direct syscalls of getpid/gettid,
and switch abort to use raise(SIGABRT).
Bug: http://b/37769298
Test: debuggerd_test
Change-Id: If6f9d17fd8ae6177e742dc9f2f44bd78539431ba
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
Netflix was using this, and looking the header file, although
__system_property_find_nth has been available since the beginning of time,
__system_property_foreach only appeared in 16. So anyone who wants to run
on pre-JellyBean devices would want to use __system_property_find_nth.
It's pretty much a one-liner in terms of __system_property_foreach anyway,
so it doesn't cost us anything to keep it.
Also restore slightly better tests than we originally removed.
Bug: http://b/36566667
Test: ran tests
Change-Id: Id268c2c2e848da17bb0a5a5420af234d9dcb829a
This is the last bionic caller that was manually trying to cache
property values.
Bug: N/A
Test: builds and boots
Change-Id: Id66c0a05d8448f08c39dbf7189241e75615d44b4
We're currently reporting errno from the clean up call to close(),
which is much less interesting than the failing connect() call that
precedes it. This change reports errno from the connect() call
instead.
Bug: 36249702
Test: Boot bullhead, bionic unit tests
Test: Fake bad end point and see relevant error returned
Change-Id: Icadec463f50cd0a2a2faa08f049a7996cd32786f
User code on a non-treble device was starting with errno == ENOENT rather
than 0 because of this treble support:
openat(AT_FDCWD, "/property_contexts", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
faccessat(AT_FDCWD, "/system/etc/selinux/plat_property_contexts", R_OK) = -1 ENOENT (No such file or directory)
This caused us to fail some toybox tests by reporting bogus errno values
where errno should have been left unset:
PASS: date -d @0
FAIL: date -d @0x123
echo -ne '' | TZ=UTC date -d @0x123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '@0x123'
+date: bad date '@0x123': No such file or directory
PASS: date -d 06021234
PASS: date -d 060212341982
FAIL: date -d 123
echo -ne '' | TZ=UTC date -d 123 2>&1
--- expected
+++ actual
@@ -1 +1 @@
-date: bad date '123'
+date: bad date '123': No such file or directory
PASS: date -d 1110143115.30
PASS: date -d 111014312015.30
PASS: date Unix time missing @
Bug: http://b/37248982
Test: ran tests
Change-Id: Iacf08c89dbe207ec53a7837e6ac7f78f5541ef35
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
libc_logging is getting statically linked into the crash handler
library, resulting in two copies of the abort message code existing in
processes, one in the linker, and one in the crash handler.
Move android_set_abort_message to its own file to solve this.
Bug: http://b/36862204
Test: /data/nativetest/debuggerd_test/debuggerd_test32
Change-Id: Ie198c5a3bb07645aa43296915c9a6752693f14a9
For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
Used by CFI, so broke cfi_test#early_init@x86, but I've added a specific
test for this (and a similar test for getauxval from preinit, which this
patch does not fix).
Bug: http://b/35885875
Test: ran tests
Change-Id: I43885bedfb88c0a26b4474bd3c27a87dec7bbc97
snprintf to a buffer of length PATH_MAX consumes about 7kB of stack.
Bug: http://b/35858739
Test: bionic-unit-tests --gtest_filter="*big_enough*"
Change-Id: I34a7f42c1fd2582ca0d0a9b7e7a5290bc1cc19b1
This changes system_properties' initialize_properties to prefer
loading property_contexts from /system/etc/selinux &
/vendor/etc/selinux, while falling back to the pre-existing behavior
of loading from /.
Test: Device with *_property_contexts in / boots up fine, no denials
to do with properties, getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & /vendor, but not
in /, boots up fine, no denials to do with properties,
getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & vendor and with
empty *_property_contexts in / boots up fine, no denials to do
with properties, getprop -Z lists correct labels.
Bug: 36002573
Change-Id: I15174acdf89ee8f5a96acf1e38a54d4214df51ef
__pthread_internal_free doesn't happen on threads that are detached,
causing the bionic TLS allocation (and guard pages) to be leaked.
Fix the leak, and name the allocations to make things apparent if this
ever happens again.
Bug: http://b/36045112
Test: manually ran a program that detached empty threads
Change-Id: Id1c7852b7384474244f7bf5a0f7da54ff962e0a1
