Commit graph

27708 commits

Author SHA1 Message Date
Ryan Prichard
aa3dd3d520 Merge "Add tests for dynamic ELF TLS" 2019-01-30 04:46:54 +00:00
Vic Yang
7bb60fcbcd Revert "linker: Purge block allocator memory when possible"
This reverts commit fb78a4ac1b.

Reason for revert: Performance regression.

Change-Id: Ib12335fc7478dad933da00b8bc525366c9330a17
2019-01-29 20:21:41 -08:00
George Burgess IV
d7873cf94e Merge "bionic: update for glibc 2.17" 2019-01-29 22:24:58 +00:00
Ryan Prichard
3c9c75974e Merge "Implement arm64 TLSDESC" 2019-01-29 20:17:56 +00:00
Ryan Prichard
06d2d790ad Add tests for dynamic ELF TLS
Bug: http://b/78026329
Test: bionic unit tests
Merged-In: I508fa38b331eeec7dae53039b4b1ec6cedea3034
Change-Id: I508fa38b331eeec7dae53039b4b1ec6cedea3034
2019-01-29 08:35:10 +00:00
Ryan Prichard
ffaae70936 Implement arm64 TLSDESC
Each TLSDESC relocation relocates a 2-word descriptor in the GOT that
contains:
 - the address of a TLS resolver function
 - an argument to pass (indirectly) to the resolver function

(Specifically, the address of the 2-word descriptor is passed to the
resolver.)

The loader resolves R_GENERIC_TLSDESC relocations using one of three
resolver functions that it defines:
 - tlsdesc_resolver_static
 - tlsdesc_resolver_dynamic
 - tlsdesc_resolver_unresolved_weak

The resolver functions are written in assembly because they have a
restrictive calling convention. They're only allowed to modify x0 and
(apparently) the condition codes.

For a relocation to memory in static TLS (i.e. the executable or an solib
loaded initially), the loader uses a simple resolver function,
tlsdesc_resolver_static, that returns the static offset it receives from
the loader.

For relocations to dynamic TLS memory (i.e. memory in a dlopen'ed solib),
the loader uses tlsdesc_resolver_dynamic, which allocates TLS memory on
demand. It inlines the fast path of __tls_get_addr, then falls back to
__tls_get_addr when it needs to allocate memory. The loader handles these
dynamic TLS relocations in two passes:
 - In the first pass, it allocates a table of TlsDynamicResolverArg
   objects, one per dynamic TLSDESC relocation.
 - In the second pass, once the table is finalized, it writes the
   addresses of the TlsDynamicResolverArg objects into the TLSDESC
   relocations.

tlsdesc_resolver_unresolved_weak returns a negated thread pointer so that
taking the address of an unresolved weak TLS symbols produces NULL.

The loader handles R_GENERIC_TLSDESC in a target-independent way, but
only for arm64, because Bionic has only implemented the resolver functions
for arm64.

Bug: http://b/78026329
Test: bionic unit tests
Test: check that backtrace works inside a resolver function and inside
  __tls_get_addr called from a resolver
  (gdbclient.py, b __tls_get_addr, bt)
Merged-In: I752e59ff986292449892c449dad2546e6f0ff7b6
Change-Id: I752e59ff986292449892c449dad2546e6f0ff7b6
2019-01-29 08:33:09 +00:00
Treehugger Robot
c676377cd3 Merge "Make trace end conform with other trace end prints" 2019-01-28 21:01:28 +00:00
Treehugger Robot
d5076ba63a Merge "Add tracepoints for pthread_create and pthread_join" 2019-01-28 21:01:24 +00:00
Ryan Prichard
ecdc451ccf Merge changes I3c9b1292,I05c28d6a,I788c4a95,If8cd798f,I1c8d1cd7, ...
* changes:
  Implement dynamic TLS accesses and allocation
  Implement TLS_DTPMOD and TLS_DTPREL relocations
  Ignore DT_TLSDESC_GOT / DT_TLSDESC_PLT
  Disable the dlfcn.dlopen_library_with_ELF_TLS test
  Add BionicAllocator::memalign
  Move the linker allocator into libc
  Replace some of linker_allocator's header includes
2019-01-28 19:32:59 +00:00
Philip Cuadra
77d0f90c7a Add tracepoints for pthread_create and pthread_join
Add additional tracepoints for clarity.

Test: cpatured trace with bionic, confirmed trace points
Change-Id: I4f9952c38a2637d53edb69ad99b43beb5a892da6
2019-01-28 10:59:02 -08:00
Philip Cuadra
7fc82c24ee Make trace end conform with other trace end prints
Add | to make bionic's trace end print match other trace end prints.

Test:  took systrace with bionic tag enabled
Change-Id: Ieabb139dd224aa8045be914f21c0432d42a93755
2019-01-28 10:48:49 -08:00
Florian Mayer
543b4013e7 Merge "Allow to reset malloc hooks." 2019-01-28 18:14:48 +00:00
Florian Mayer
db59b891ca Allow to reset malloc hooks.
This is used to prevent the additional indirection even after heap
profiling has finished, preventing any performance impact on processes
that are not currently being profiled.

Test: m
Test: flash sailfish
Test: try tearing down & re-enabling hooks

Bug: 120186127

Change-Id: Idc5988111a47870d2c093fd6a017b47e65f5616b
2019-01-28 15:01:50 +00:00
Treehugger Robot
122ecb1ca8 Merge "bionic_unit_tests: Remove dependency on libpagemap" 2019-01-27 03:42:35 +00:00
Ryan Prichard
16455b5100 Implement dynamic TLS accesses and allocation
Initialize a thread's DTV to an empty zeroed DTV. Allocate the DTV and
any ELF module's TLS segment on-demand in __tls_get_addr. Use a generation
counter, incremented in the linker, to signal when threads should
update/reallocate their DTV objects.

A generation count of 0 always indicates the constant zero DTV.

Once a DTV is allocated, it isn't freed until the thread exits, because
a signal handler could interrupt the fast path of __tls_get_addr between
accessing the DTV slot and reading a field of the DTV. Bionic keeps a
linked list of DTV objects so it can free them at thread-exit.

Dynamic TLS memory is allocated using a BionicAllocator instance in
libc_shared_globals. For async-signal safety, access to the
linker/libc-shared state is protected by first blocking signals, then by
acquiring the reader-writer lock, TlsModules::rwlock. A write lock is
needed to allocate or free memory.

In pthread_exit, unconditionally block signals before freeing dynamic
TLS memory or freeing the shadow call stack.

ndk_cruft.cpp: Avoid including pthread_internal.h inside an extern "C".
(The header now includes a C++ template that doesn't compile inside
extern "C".)

Bug: http://b/78026329
Bug: http://b/123094171
Test: bionic unit tests
Change-Id: I3c9b12921c9e68b33dcc1d1dd276bff364eff5d7
2019-01-25 17:53:01 -08:00
Ryan Prichard
3b463cf7f4 Implement TLS_DTPMOD and TLS_DTPREL relocations
Generalize the omitted symbol and missing-TLS-segment behaviors to all TLS
relocations.

R_GENERIC_TLS_DTPMOD is a module ID, which starts at 1 for the executable.

R_GENERIC_TLS_DTPREL is an offset from the start of a module to a specific
TLS symbol.

binutils currently disagrees with Bionic about the values of
R_AARCH64_TLS_DTPMOD64 and R_AARCH64_TLS_DTPREL64, so disable
DTPMOD/DTPREL for now on arm64.

Bug: http://b/78026329
Test: bionic unit tests (Tests for dynamic TLS will be added later)
Change-Id: I05c28d6a1036bdd6127f605036679b7475689445
2019-01-25 17:53:01 -08:00
Ryan Prichard
ea41ab0548 Ignore DT_TLSDESC_GOT / DT_TLSDESC_PLT
These dynamic table entries are used for lazy relocation of TLSDESC
relocations. Bionic relocates everything eagerly and can ignore these
entries.

Bug: http://b/78026329
Test: bionic unit tests
Test: manual
Change-Id: I788c4a95041fae66de2fbeab3babe0205631999c
2019-01-25 17:53:01 -08:00
Ryan Prichard
5f5a1929e8 Disable the dlfcn.dlopen_library_with_ELF_TLS test
This test is verifying that an ELF TLS solib can't be loaded, but once
ELF TLS is implemented, it *can* be loaded. Removing the test requires
coordinated changes with internal test suites.

I could modify the test to verify that the solib was successfully loaded,
but support for dynamic ELF TLS appears across a few different CLs.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: If8cd798f456568a5c76310b754cea48ca8edaa82
2019-01-25 17:53:01 -08:00
Peter Collingbourne
7a0f04cb8d Implement ifunc support for static executables.
A static executable is almost entirely statically relocated by the
linker, with the exception of IRELATIVE relocations, which must be
resolved by libc by enumerating the relocations using the special
linker-defined symbols __rela?_iplt_{start,end}. This patch implements
ifunc support by enumerating the relocations in this way.

Bug: 112482891
Test: /data/nativetest{,64}/bionic-unit-tests-static/bionic-unit-tests-static on walleye_hwasan-userdebug
Change-Id: Ia5522a190da0b86e095b141d5d4e68dd7dd4b695
2019-01-25 16:25:27 -08:00
Ryan Prichard
96773a2daf Add BionicAllocator::memalign
Bionic needs this functionality to allocate a TLS segment with greater
than 16-byte alignment. For simplicity, this allocator only supports up
to one page of alignment.

The memory layout changes slightly when allocating an object of exactly
PAGE_SIZE alignment. Instead of allocating the page_info header at the
start of the page containing the pointer, it is allocated at the start
of the preceding page.

Bug: http://b/78026329
Test: linker-unit-tests{32,64}
Change-Id: I1c8d1cd7ca72d113bced5ee15ba8d831426b0081
2019-01-25 15:31:35 -08:00
Ryan Prichard
083d850b30 Move the linker allocator into libc
Rename LinkerMemoryAllocator -> BionicAllocator
Rename LinkerSmallObjectAllocator -> BionicSmallObjectAllocator

libc and the linker need to share an instance of the allocator for
allocating and freeing dynamic ELF TLS memory (DTVs and segments). The
linker also continues to use this allocator.

Bug: http://b/78026329
Test: /data/nativetest/bionic-unit-tests-static
Test: /data/nativetest64/bionic-unit-tests-static
Test: /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: /data/nativetest64/linker-unit-tests/linker-unit-tests64
Change-Id: I2da037006ddf8041a75f3eba2071a8fcdcc223ce
2019-01-25 15:31:35 -08:00
Ryan Prichard
52165b34b9 Replace some of linker_allocator's header includes
The <async_safe/log.h> include in linker_allocator.h was made
unnecessary when the STL dependency was removed.

Replace the linker_*.h header includes with private/bionic_*.h
includes.

This change prepares LinkerMemoryAllocator for use in libc allocating
dynamic ELF TLS memory.

Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I6ad62bd513e71dd3f91a4b724a92b19a1eb6c3b4
2019-01-25 14:48:00 -08:00
Treehugger Robot
70ee1825d0 Merge "Call realpath(3) only when the path is accessible for read" 2019-01-25 22:41:50 +00:00
Treehugger Robot
fbd6f3c796 Merge changes Iece631a5,I53769e0e
* changes:
  linker: Reduce number of mmap()/prctl() calls in block allocator
  linker: Purge block allocator memory when possible
2019-01-25 22:39:27 +00:00
Josh Gao
65502ea8e0 Merge "Don't filter reserved signals in sigaction." 2019-01-25 22:24:45 +00:00
Sandeep Patil
4e02cc1858 bionic_unit_tests: Remove dependency on libpagemap
Use libmeminfo instead.
Bug: 111694435
Test: bionic-unit-tests --gtest_filter=DlExtRelroSharingTest.*

Change-Id: Ice217a91a16ee0216354608b2776c0f1e5f65c09
Merged-In: Ice217a91a16ee0216354608b2776c0f1e5f65c09
Signed-off-by: Sandeep Patil <sspatil@google.com>
2019-01-25 13:07:02 -08:00
Jiyong Park
42e81985b1 Call realpath(3) only when the path is accessible for read
Suppress the SELinux denial log spam by not calling realpath(3) when the
path does not exist or is not accessible for read, and then not auditing
access(2) failure.

Bug: 120996057
Test: copy ping to /data/local/tmp, run it, verify no errors
Test: run bionic-unit-tests, the tests pass
Change-Id: Ie6058bfc9524a9b5c50fc7183fdddea6a8fb9200
2019-01-25 20:48:12 +09:00
Josh Gao
ba40ff657f Don't filter reserved signals in sigaction.
If a signal handler is blocking all of their signals, we should
probably respect that and not silently unblock bionic's reserved
signals for them. Otherwise, user code can deadlock, run out of stack,
etc. through no fault of their own, if one of the reserved signals
comes in while they've pivoted onto their signal stack.

Bug: http://b/122939726
Test: treehugger
Change-Id: I6425a3e7413edc16157b35dffe632e1ab1d76618
2019-01-24 13:21:18 -08:00
Ryan Prichard
3ce06c7b0a Merge "Reassign TLS slot 2 to TLS_SLOT_APP." 2019-01-24 18:53:28 +00:00
Treehugger Robot
a9aeccbf74 Merge "support LIB in runpath" 2019-01-24 11:20:34 +00:00
Jiyong Park
57b9d1e6c0 support LIB in runpath
In addition to ORIGIN, LIB is now expanded to either lib or lib64
depending on the ABI in the DT_RUNPATH.

Test: To be added (can't be added to AOSP directly since there are
internal tests that have to be updated as well)

Change-Id: I34a8316f1765a27c731bc270ee25c0ce287d7eed
2019-01-24 17:00:37 +09:00
Ryan Savitski
301f6f3e37 Merge changes I4f001910,Ic251afec
* changes:
  android_mallopt: opcode preprocess define + missing header
  conditional zygote child heap profiling + android_internal_mallopt
2019-01-24 03:45:13 +00:00
Ryan Prichard
a0834d805c Reassign TLS slot 2 to TLS_SLOT_APP.
Bug: http://b/78026329
Bug: http://b/118381796
Test: mmma bionic
Change-Id: I1c50d3293206e59d54fbbfe9c9e3d6fd54dded3e
2019-01-23 18:48:48 -08:00
Vic Yang
dac328ad51 linker: Reduce number of mmap()/prctl() calls in block allocator
Given that the block allocator does not free allocated memory unless
all objects are freed, we can allocate a large chunk of memory at a
time.  This gives us:
  1. Higher space efficiency, especially when the objects being
     allocated has a large size.
  2. Much less mmap()/prctl() calls.
  3. Much less vm_area_struct objects.
While this increases the size of virtual memory allocated, the number
of dirty pages would be unchanged or less.

Test result on a Go device:
  - Zygote starts 24ms faster on average.
  - Kernel vm_area_struct usage 138KB less, across the entire system.

Bug: 112073665
Test: Boot and check the result from 'showmap'.
Change-Id: Iece631a5081151dd1e5bf25dbddac9b264bcdcff
2019-01-23 14:33:02 -08:00
Vic Yang
fb78a4ac1b linker: Purge block allocator memory when possible
If all allocated memory from a block allocator is freed, it is a good
opportunity to purge all the pages allocated to reduce lingering dirty
pages.

Memory saving varies with the platform and what processes are running.
Measuring right after boot, this saves ~1.8MB on cuttelfish and ~1.3MB
on a 32-bit ARM device.

Bug: 112073665
Test: Boot and check memory usage with 'showmap'.
Change-Id: I53769e0ec9699f0b3645cdf281a2c0bbffb98676
2019-01-23 12:24:46 -08:00
Ryan Savitski
f77928de32 android_mallopt: opcode preprocess define + missing header
Addressing Elliott's remaining comments on the android_mallopt change.
Intending to let this get merged in normally (should be clean).

Test: blueline-userdebug still builds.
Change-Id: I4f00191091b8af367f84d087432a5af5f83036ee
2019-01-23 18:40:17 +00:00
Ryan Savitski
ecc37e3877 conditional zygote child heap profiling + android_internal_mallopt
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.

With this & the corresponding framework change, we should now be
handling the 4 combinations of:
  {java, native} x {profile_at_runtime, profile_at_startup}.

See internal go/heapprofd-java-trigger for further context.

Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
(cherry picked from commit 998792e2b6)
Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
2019-01-23 18:30:54 +00:00
Treehugger Robot
176d2fbcae Merge "Blacklist setregid(32) for apps." 2019-01-23 08:12:29 +00:00
Christopher Ferris
0a692a6d8d Merge "Bionic malloc debug: add a new option "abort_on_error"" 2019-01-23 01:43:47 +00:00
Iris Chang
7f209a979c Bionic malloc debug: add a new option "abort_on_error"
This new option causes an abort after malloc debug detects an error.
This allows vendors to get process coredumps to analyze memory for
corruption.

Bug: 123009873
Test: New test cases added for unit tests and config tests.

Change-Id: I6b480af7f747d6a82f61e8bf3df204a5f7ba017f
2019-01-22 15:54:36 -08:00
Martijn Coenen
011523f4df Merge changes If330efda,I34864837,I8bc5c1cb
* changes:
  Add support for seccomp filter that limits setresuid/setresgid.
  Create APP_ZYGOTE seccomp policy.
  genfunctosyscallnrs: maps bionic functions to syscall numbers.
2019-01-22 22:22:42 +00:00
Martijn Coenen
e17fce1a47 Blacklist setregid(32) for apps.
Given that it's friends setgid/setresgid already are, I don't see why
setregid(32) should be allowed.

Test: (Fixed up) CtsSeccompHostTestcases passes
Change-Id: I31bb429da26baa18ec63b6bfc62628a937fdab0c
2019-01-22 17:22:54 +01:00
Martijn Coenen
d269d9b9e9 Add support for seccomp filter that limits setresuid/setresgid.
Add a new function that installs a seccomp filter that checks
all setresuid/setresgid syscalls to fall within the passed in
uid/gid range. It allows all other syscalls through. Therefore,
this filter is meant to be used in addition to one of the
regular whitelist syscall filters. (If multiple seccomp filters
are installed a in process, all filters are run, and the most
restrictive result is used).

Since the regular app and app_zygote seccomp filters block all
other calls to change uid/gid (setuid, setgid, setgroups,
setreuid, setregid, setfsuid), combining these filters prevents
the process from using any other uid/gid than the one passed as
arguments to the new function.

Bug: 111434506
Test: atest CtsSeccompHostTestCases
Change-Id: If330efdafbedd8e7d38ca81896a4dbb0bc49f431
2019-01-19 09:09:30 +01:00
Martijn Coenen
c3752be837 Create APP_ZYGOTE seccomp policy.
The APP_ZYGOTE seccomp policy is identical to the APP seccomp policy,
with the exception of allowing setresgid(32), which the app zygote
needs to be able to do (within a certain range).

Bug: 111434506
Test: manual
Change-Id: I34864837c981d201225e3e2e5501c0415a9a7dc8
2019-01-19 09:09:30 +01:00
Martijn Coenen
0c6de75a45 genfunctosyscallnrs: maps bionic functions to syscall numbers.
Bionic maps typical C functions like setresuid() to a syscall,
depending on the architecture used. This tool generates a .h
file that maps all bionic functions in SYSCALLS.txt to the
syscall number used on a particular architecture. It can then
be used to generate correct seccomp policy at runtime.

Example output in func_to_syscall_nrs.h:

Bug: 111434506
Test: manually inspect func_to_syscall_nrs.h
Change-Id: I8bc5c1cb17a2e7b5c534b2e0496411f2d419ad86
2019-01-19 09:09:30 +01:00
Logan Chien
822326db92 Merge "Add libc_headers header lib" 2019-01-19 02:34:34 +00:00
Ryan Prichard
6a8e4b0644 Merge "Add tests for static ELF TLS" 2019-01-19 01:02:25 +00:00
Logan Chien
17af91b588 Add libc_headers header lib
This commit extracts `libc_headers` for `libasync_safe` and
`libpropertyinfoparser` (in the `system/core` repository).

Before this change, `libasync_safe` expects that `libc` is automatically
added to `system_shared_libs` of the libasync_safe vendor variant even
if `libc_defaults` explicitly declines any `system_shared_libs`.

This commit defines `libc_headers` for `libasync_safe` and
`libpropertyinfoparser` so that they can find the headers from libc
without causing circular dependencies.

Bug: 123006819
Test: make checkbuild
Change-Id: I2435ab61d36ff79ca2b4ef70bd898b795159c725
2019-01-19 07:18:38 +08:00
Ryan Prichard
e4ee12f813 Add tests for static ELF TLS
Bug: http://b/78026329
Test: bionic unit tests
Merged-In: I806f2bd193998dfe352372476104876edb27aebf
Change-Id: I806f2bd193998dfe352372476104876edb27aebf
2019-01-18 22:44:55 +00:00
Ryan Prichard
c85a8823ca Merge "Turn off XOM on libnstest_root.so" 2019-01-18 21:44:27 +00:00