Commit graph

1365 commits

Author SHA1 Message Date
Greg Hackmann
e2faf07d65 Add {get,set}domainname(2)
{get,set}domainname aren't in POSIX but are widely-implemented
extensions.

The Linux kernel provides a setdomainname syscall but not a symmetric
getdomainname syscall, since it expects userspace to get the domain name
from uname(2).

Change-Id: I96726c242f4bb646c130b361688328b0b97269a0
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-03-25 14:16:58 -07:00
Mingwei Shi
be91052932 libc: implement kernel vdso syscalls for i386
This patch uses __kernel_vsyscall instead of "int 0x80"
as the syscall entry point. AT_SYSINFO points to
an adapter to mask the arch specific difference and gives a
performance boost on i386 architecture.

Change-ID: Ib340c604d02c6c25714a95793737e3cfdc3fc5d7
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
2016-03-25 14:10:05 -07:00
Greg Hackmann
a03c62b469 epoll_create: reject size <= 0
Even though the size parameter to epoll_create(2) is (otherwise) unused,
passing in size <= 0 is explicitly documented as an error.

This change fixes the LTP epoll01 testcase.

Change-Id: I044a38be823c2fa956b57e77cc66571dfae8a4bb
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-03-24 16:37:20 -07:00
Greg Hackmann
fb23fa3046 clone: check for NULL child stack
The clone syscall accepts NULL child stacks, interpreting this to mean
the child gets a copy of the parent's stack with copy-on-write
semantics.  However clone(2) is explicitly documented to treat this an
an error.

"Fortunately" every architecture's __bionic_clone implementation pushes
something onto the child stack before making the clone syscall.  So we
know fixing this won't break legacy apps, because any app that tried
using a NULL child stack would have died with SIGSEGV.

This change fixes the LTP clone04 testcase.

Change-Id: I663b34f34bc8dad2aa405c46e4eed4418cccca0d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-03-24 16:37:20 -07:00
Elliott Hughes
725b2a96a7 Add pthread_getname_np.
Also guard both these GNU extensions with _GNU_SOURCE.

Also improve the tests to test each case on both the current thread and
another thread, since the code paths are totally different.

Bug: http://b/27810459
Change-Id: I72b05bca5c5b6ca8ba4585b8edfb716a1c252f92
2016-03-23 17:40:25 -07:00
Elliott Hughes
545afa16bb Fix PTHREAD_THREADS_MAX.
We don't have a compile-time limit on the number of threads,
and we don't have a definite run-time limit either.

Bug: http://b/27617302
Change-Id: I6a6fe083e7b655d24eb9e7ef7f3e0280d483080b
2016-03-15 17:23:12 -07:00
Christopher Ferris
20f2c1ebd5 Init functions after debug malloc succeeds.
Do not initialize all of the global function pointers associated with
debug malloc until the initialization has completed correctly.

Bug: 27600760
Change-Id: I0621b54bc2d9fab63805d7992d384e550d6fed2a
2016-03-11 12:27:02 -08:00
Elliott Hughes
ffd19ee64d Merge "Improve and fix the stack-protector tests." 2016-03-10 16:12:27 +00:00
Elliott Hughes
fc69a8ad5f Improve and fix the stack-protector tests.
Bug: http://b/26888853
Change-Id: I505dbf7d5934f7247fb639f55dd6a9341df3947b
2016-03-09 14:50:03 -08:00
Elliott Hughes
2bf5332f23 Minor clock_getcpuclockid optimization.
Don't ask the kernel to copy data to userspace if we don't need it.
(Noticed while cleaning up sysconf to not call clock_getres.)

Change-Id: Icc0f7559775b8a2dcefe638ce831d06b75d67122
2016-03-07 11:54:02 -08:00
Josh Gao
ba2232d013 Merge "forkpty: set the output fd to -1 on the slave side." 2016-03-05 03:04:37 +00:00
Elliott Hughes
d2b8de2cd1 Don't call clock_getres in sysconf.
There are a hundred other reasons why we can't run on kernels old enough
to not have all the clocks covered by sysconf.

This was causing trouble for jemalloc 4.1.0 in a seccomp-constrained process
because jemalloc 4.1.0 introduced a call to sysconf that caused us to make
clock_getres syscalls for the first time, leading to SIGSYS.

Bug: http://b/27408522
Change-Id: I2eb6986d871bc03cbef278e5617734409c39e057
2016-03-04 18:28:53 -08:00
Josh Gao
6d7c1ee9ff forkpty: set the output fd to -1 on the slave side.
glibc, FreeBSD, OpenBSD, and Darwin all just leave the fd unchanged and
possibly uninitialized. Setting it to -1 seems friendlier, though.

Bug: http://b/27506278
Change-Id: I7acdc8eecbea4404d5fb4ba0b4d572245a323886
2016-03-04 18:04:41 -08:00
Douglas Leung
29d4b71426 Add __memset_chk assembler for mips32 and mips64.
Change-Id: I365b1f345c695850c30ccb1a9f56f254ce182000
2016-03-04 15:15:00 -08:00
Elliott Hughes
81d6a18c69 Add x86 __memset_chk assembler.
Change-Id: Ic6732f761ea8a41f70d5ff59d47ad38417d17cc2
2016-03-03 16:10:33 -08:00
Elliott Hughes
f3b42e5ae7 Merge "Clean up bcopy cruft." 2016-03-03 22:24:51 +00:00
Elliott Hughes
ff9bda7201 Merge "Mandate optimized assembler for x86-64 __memset_chk." 2016-03-03 22:18:46 +00:00
Josh Gao
19ca2fe82f Merge changes I17c22dc2,I9989e2ea
* changes:
  Add a checksum to jmp_buf on AArch64.
  Add a checksum to jmp_buf on ARM.
2016-03-03 22:02:37 +00:00
Josh Gao
a4c69137c6 Add a checksum to jmp_buf on ARM.
Make it easier to diagnose applications mucking with the contents of
jmp_buf by checksumming its contents.

Bug: http://b/27417786
Change-Id: I9989e2ea3979a36ae0bc4c9e1bacafddbacc731b
2016-03-03 12:45:08 -08:00
Elliott Hughes
bed110af26 Clean up bcopy cruft.
Also remove some generic x86 assembler that's never built.

Change-Id: Ic126de2eee646b5ba2b6ee549679ba90d67a48bb
2016-03-03 10:41:42 -08:00
Elliott Hughes
01d5b946ac Remove optimized code for bzero, which was removed from POSIX in 2008.
I'll come back for the last bcopy remnant...

Bug: http://b/26407170
Change-Id: Iabfeb95fc8a4b4b3992e3cc209ec5221040e7c26
2016-03-02 17:21:07 -08:00
Elliott Hughes
61c95fe52d Mandate optimized assembler for x86-64 __memset_chk.
Change-Id: I4d6b452f3cf850d405e8f5d7da01d432603e606b
2016-03-02 16:39:29 -08:00
Elliott Hughes
784609317d Mandate optimized __memset_chk for arm and arm64.
This involves actually implementing assembler __memset_chk for arm64,
but that's easily done.

Obviously I'd like this for all architectures (and all the string functions),
but this is low-hanging fruit...

Change-Id: I70ec48c91aafd1f0feb974a2555c51611de9ef82
2016-03-02 11:58:41 -08:00
Elliott Hughes
2332d52439 Merge "Improve diagnostics from the assembler __memcpy_chk routines." 2016-03-02 19:13:03 +00:00
Elliott Hughes
ef925e50d3 Fix getifaddrs' handling of point-to-point interfaces.
Also remove an if that implied that IFA_BROADCAST is a possibility for
AF_INET6.

The existing tests fail if you have a point-to-point interface configured,
so no new test necessary.

Bug: http://b/27442503
Change-Id: I4c5823b32204ae6c15527853414c2a0cef320b53
2016-03-01 20:05:59 -08:00
Elliott Hughes
3c6016f04a Improve diagnostics from the assembler __memcpy_chk routines.
Change-Id: Iec16c92ed80beee505cba2121ea33e3550197b02
2016-03-01 14:45:58 -08:00
Elliott Hughes
62e59646f8 Improve diagnostics from the assembler __memset_chk routines.
Change-Id: Ic165043ab8cd5e16866b3e11cfba960514cbdc57
2016-03-01 12:46:47 -08:00
Elliott Hughes
0f67d5ffa4 Create logging sockets with SOCK_NONBLOCK...
...rather than calling fcntl on them directly after creation.

Bug: https://code.google.com/p/android/issues/detail?id=201440
Change-Id: Ia3941b7645455d69620b1a361902df009b5da2c5
2016-02-27 19:18:41 -08:00
Elliott Hughes
31adf6cd38 Merge "Improve FORTIFY failure diagnostics." 2016-02-28 00:30:31 +00:00
Elliott Hughes
b83d6747fa Improve FORTIFY failure diagnostics.
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.

Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.

Also remove the obsolete FORTIFY event logging.

Also remove the unused __libc_fatal_no_abort.

This change doesn't improve the diagnostics from the optimized assembler
implementations.

Change-Id: I176a90701395404d50975b547a00bd2c654e1252
2016-02-26 22:06:17 -08:00
Elliott Hughes
f86c4494ff If you're going to use memset...
...you'd better #include <string.h>.

Change-Id: I83e0877f4151fc764588e2d876e66d7712d41f61
2016-02-25 22:05:28 -08:00
Elliott Hughes
2c6c95348c GCC doesn't like {}, and clang doesn't like {0}...
...so memset it is, then.

I'll be glad when GCC is dead and we can use "= {}" like it's the 21st century.

Change-Id: I28d820d3926ac9bf44bf7c1e89e184726c840391
2016-02-25 21:51:50 -08:00
Anton Kirilov
6bd5cf60fa Fix a structure initialisation in pthread_exit().
The purpose of this change is to silence Valgrind's warning about a
syscall parameter pointing to uninitialised bytes.

Change-Id: I2737235f9ac288dbc8ec4be0c6f1cef181c9b7d7
2016-02-25 20:49:15 -08:00
Colin Cross
2c75991359 Add backtrace_string and export to libmemunreachable
Add backtrace_string to convert a malloc_debug backtrace to a string.
Also move the backtrace functions to libc_malloc_debug_backtrace so that
libmemunreachable can reuse them.

Change-Id: I5ad67001c0b4d184903c762863a8588181d4873b
2016-02-18 16:09:17 -08:00
Colin Cross
2d4721c0c5 Export malloc_backtrace
Change-Id: Ic1adb4dfd86b9ca698443a36263a3df2c91edda3
2016-02-18 16:09:16 -08:00
Colin Cross
869691c6f7 Export malloc_iterate and friends
Export malloc_iterate, malloc_enable, and malloc_disable to be used by
libmemunreachable.

Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-02-18 15:05:38 -08:00
Elliott Hughes
7dac8b8aab Fix scope ids for link-local IPv6 addresses from getifaddrs(3).
Bug: http://b/27219454
Change-Id: I7a166ff5553565f7afdab18dd2c703af4d475ab4
2016-02-17 14:38:09 -08:00
Elliott Hughes
01b85d5df3 Set x86 TLS limit to 0xfffff, not PAGE_SIZE.
Not least because we set limit_in_pages to 1. PAGE_SIZE pages was never
anyone's intention.

Change-Id: Ide867f44a2fb20d4d5d0cd67ced468e8665a0193
2016-02-09 22:44:16 -08:00
Mike Frysinger
9c212fc436 Merge "define pw_gecos to pw_passwd for LP32 systems" 2016-02-06 19:29:29 +00:00
Mike Frysinger
ca6af7f4a8 define pw_gecos to pw_passwd for LP32 systems
Since we set both fields to NULL all the time, we can alias the two
fields together on LP32 to provide build-time compatibility.

BUG=24918750
TEST=python now builds for Brillo boards

Change-Id: I3394aea80c9a5288669389f71d0e4132f2157e3c
2016-02-06 09:28:44 -05:00
Dimitry Ivanov
b90837c3d3 Merge "Add check for pthread_self() when looking up a thread" 2016-02-05 04:29:54 +00:00
Dimitry Ivanov
4bc739a54c Add check for pthread_self() when looking up a thread
Check if thread_id is in fact pthread_self before
locking on g_thread_list_lock in __pthread_internal_find.

The main reason for doing this is not performance but to allow
the linker use raise() which was not working because pthread_kill()
couldn't find pthread_self() thread because the global thread
list is initialized in libc.so and the linker's version of this
list is empty.

Bug: http://b/25867917
Change-Id: I18fe620e8cd465b30f0e1ff45fff32958f3c5c00
2016-02-04 16:48:47 -08:00
Elliott Hughes
0c485dae70 Add in6addr_any and in6addr_loopback symbols.
Change-Id: I3a90fa448b6bd43321672ba74b84a4e9e8a67738
2016-02-03 14:13:52 -08:00
Elliott Hughes
f226ee59e0 Add fopen64/freopen64/tmpfile64 aliases.
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.

Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
2016-02-03 11:24:28 -08:00
Christopher Ferris
2fc7f9db3d Remove unused file.
This file should have been deleted with the malloc debug rewrite, but
popped back into existence due to a merge conflict.

Change-Id: I74e53daaf3febf650b20e3da5329558ac84c5bcd
2016-01-27 10:58:36 -08:00
Tom Cherry
194860a9e6 Merge "Replace snprintf() with __libc_format_buffer()" 2016-01-27 00:09:52 +00:00
Tom Cherry
8352475c75 Replace snprintf() with __libc_format_buffer()
If snprintf() is called from the linker, it may erroneously return a
null string.  The libc internal __libc_format_buffer() does not have
this problem, so it is now used instead.

Bug: 26756577

Change-Id: I37a97e27f59b3c0a087f54a6603cc3aff7f07522
2016-01-26 23:51:01 +00:00
Elliott Hughes
d4ae54f668 Fix lockf for LP32.
Bug: http://b/13077650
Change-Id: Ibbe2d907d23791c908475e0875a5c745ac948813
2016-01-26 14:32:55 -08:00
Elliott Hughes
d9bb708575 Merge "Implement POSIX lockf." 2016-01-26 20:45:32 +00:00
Elliott Hughes
5704c423c8 Implement POSIX lockf.
This has been requested a few times over the years. This is basically
a very late rebase of https://android-review.googlesource.com/45470
which was abandoned years ago. One addition is that this version has
_FILE_OFFSET_BITS=64 support.

POSIX puts this in <unistd.h>. glibc also has it in <fcntl.h>.

Bug: http://b/13077650
Change-Id: I5862b1dc326e326c01ad92438ecc1578d19ba739
2016-01-26 11:09:44 -08:00
Yabin Cui
ca48274298 Revert "Revert "Make sem_wait able to return errno EINTR for sdk > 23.""
This reverts commit 6d51085202.
And add missing bionic_sdk_version.h.

Change-Id: I24cc738b1fd1d26234c52afbc787f5b3c4a9c9cb
2016-01-25 17:39:18 -08:00
Elliott Hughes
ac67b4eb7c Merge "Revert "Make sem_wait able to return errno EINTR for sdk > 23."" 2016-01-26 00:32:38 +00:00
Dan Albert
6d51085202 Revert "Make sem_wait able to return errno EINTR for sdk > 23."
Broke the build. There's no such file as bionic_sdk_version.h anywhere in the tree.

This reverts commit 892b61d340.

Change-Id: Iec3f4588edfb1d1524bb5f16451fd05dc6ebe44a
2016-01-26 00:20:06 +00:00
Yabin Cui
c96b6e1747 Merge "Make sem_wait able to return errno EINTR for sdk > 23." 2016-01-25 23:39:29 +00:00
Yabin Cui
892b61d340 Make sem_wait able to return errno EINTR for sdk > 23.
Posix standards says sem_wait is interruptible by the delivery
of a signal. To keep compatiblity with old apps, only fix that
in newer sdk versions.

Bug: 26743454

Change-Id: I924cbb436658e3e0f397c922d866ece99b8241a3
2016-01-25 13:44:39 -08:00
Christopher Ferris
63860cb8fd Malloc debug rewrite.
The major components of the rewrite:

- Completely remove the qemu shared library code. Nobody was using it
  and it appears to have broken at some point.
- Adds the ability to enable/disable different options independently.
- Adds a new option that can enable the backtrace on alloc/free when
  a process gets a specific signal.
- Adds a new way to enable malloc debug. If a special property is
  set, and the process has an environment variable set, then debug
  malloc will be enabled. This allows something that might be
  a derivative of app_process to be started with an environment variable
  being enabled.
- get_malloc_leak_info() used to return one element for each pointer that
  had the exact same backtrace. The new version returns information for
  every one of the pointers with same backtrace. It turns out ddms already
  automatically coalesces these, so the old method simply hid the fact
  that there where multiple pointers with the same amount of backtrace.
- Moved all of the malloc debug specific code into the library.
  Nothing related to the malloc debug data structures remains in libc.
- Removed the calls to the debug malloc cleanup routine. Instead, I
  added an atexit call with the debug malloc cleanup routine. This gets
  around most problems related to the timing of doing the cleanup.

The new properties and environment variables:

libc.debug.malloc.options
  Set by option name (such as "backtrace"). Setting this to a bad value
  will cause a usage statement to be printed to the log.

libc.debug.malloc.program
  Same as before. If this is set, then only the program named will
  be launched with malloc debug enabled. This is not a complete match,
  but if any part of the property is in the program name, malloc debug is
  enabled.

libc.debug.malloc.env_enabled
  If set, then malloc debug is only enabled if the running process has the
  environment variable LIBC_DEBUG_MALLOC_ENABLE set.

Bug: 19145921

Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2016-01-25 10:54:21 -08:00
Josh Gao
0ac0cee0d1 Remove dlmalloc.
Bug: http://b/17207577
Change-Id: Ie009badca6deb1f91b27a4340b70cdd6bedff893
2016-01-25 10:14:35 -08:00
Dimitry Ivanov
bba395492a Revert "Temporary apply LIBC version to __pthread_gettid"
This reverts commit 0ef1d121b5.

Bug: http://b/26392296
Bug: http://b/26391427
Change-Id: I7bbb555de3a43813e7623ff6ad4e17874d283eca
2016-01-22 01:43:04 +00:00
Elliott Hughes
d1293faba6 Fix GCC build breakage.
Change-Id: I0339f525c68af942fb97f4bffc771717e67e0e07
2016-01-19 09:47:47 -08:00
Elliott Hughes
ed57b98758 Implement if_nameindex(3)/if_freenameindex(3).
This is just a subset of the recently-implemented getifaddrs(3), though if
we want to handle interfaces (such as "rmnet_*") that don't have an address,
we need to either expose ifaddrs_storage and keep track of which interfaces
we've already seen (which is pretty messy), or refactor the netlink code so
we can reuse it and just extract the information we need for if_nameindex(3).
This patch goes the latter route.

Also clean up if_nametoindex(3) and if_indextoname(3).

Change-Id: I5ffc5df0bab62286cdda2e7af06f032c767119a8
2016-01-18 12:07:38 -08:00
Yi Kong
fdb2963e0a Handle AF_PACKET in getifaddr(3).
Also fix a bug where we were mutating the address/broadcast address
of an existing entry rather than the new entry, and use 'const' to
ensure we don't make that mistake again.

Change-Id: I31c127a5d21879b52c85cd0f7ed2e66554a21e39
2016-01-08 19:18:44 -08:00
Elliott Hughes
42d949ff9d Defend against -fstack-protector in libc startup.
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.

Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
2016-01-06 20:06:08 -08:00
Tom Cherry
9353089262 Merge "Revert "system_properties.cpp: special case ro.* properties"" 2016-01-06 19:16:31 +00:00
Tom Cherry
e97ce31fe7 Revert "system_properties.cpp: special case ro.* properties"
This reverts commit c5fd81ab25.

Bug: 26416032

Change-Id: Id2d6761fdf55efa28c0b08b597daaa5cd381d758
2016-01-06 19:13:54 +00:00
Elliott Hughes
031dfe198b Merge "Fix a broken link in a comment." 2016-01-06 01:27:09 +00:00
Elliott Hughes
40c2bf6cf6 Fix a broken link in a comment.
Bug: https://code.google.com/p/android/issues/detail?id=197784
Change-Id: I2f9e5bc2dd2b8a6992c7c55bc856e4a323c7c8a8
2016-01-05 16:33:33 -08:00
Nick Kralevich
c5fd81ab25 system_properties.cpp: special case ro.* properties
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.

See e7a9e52740/init/property_service.cpp
line 120-126

For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:

  # ro.build.fingerprint is either set in /system/build.prop, or is
  # set at runtime by system_server.
  build.fingerprint       u:object_r:fingerprint_prop:s0

However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0

Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.

Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
2016-01-05 16:30:17 -08:00
Dimitry Ivanov
0ef1d121b5 Temporary apply LIBC version to __pthread_gettid
This is workaround for http://b/26391427

Bug: http://b/26391427
Change-Id: Ibf5c611cf4c04dfa595644225e6d9503089a18da
2016-01-05 00:19:13 -08:00
Dimitry Ivanov
c8bb96a163 Revert "Temporary apply LIBC version to __pthread_gettid"
This reverts commit eb90e91cb5.

Change-Id: I63450087b6d3c23218b77d5eee37965f254a82d6
2016-01-05 08:03:56 +00:00
Dimitry Ivanov
eb90e91cb5 Temporary apply LIBC version to __pthread_gettid
This is workaround for http://b/26391427

Bug: http://b/26391427
Change-Id: I4ccc56e8b1bd2597f267df9706a33bb635abcfcb
2016-01-04 22:36:18 -08:00
Elliott Hughes
9cddb482b4 Revert "Revert "Implement getifaddrs(3)/freeifaddrs(3).""
This reverts commit 76814a8250.

This differs from the original in fixing the GCC -Werror build:

  bionic/libc/bionic/ifaddrs.cpp: In function 'void __handle_netlink_response(ifaddrs**, nlmsghdr*)':
  bionic/libc/bionic/ifaddrs.cpp:113:62: error: use of old-style cast [-Werror=old-style-cast]
       ifinfomsg* ifi = reinterpret_cast<ifinfomsg*>(NLMSG_DATA(hdr));

This appears to be a GCC bug; the GCC command-line correctly uses -isystem,
and manually adding #pragma GCC system_header doesn't help. So just turn the
warning off for GCC for now. We won't need to worry about building with GCC
soon anyway.

Bug: http://b/26238832
Change-Id: I01615bd335edf11baf487b1c83a9157cd780f4a1
2016-01-04 13:00:39 -08:00
Yi Kong
76814a8250 Revert "Implement getifaddrs(3)/freeifaddrs(3)."
Werror build broken. Revert while working on a fix.

This reverts commit 0945ed5cc5.

Change-Id: I67edab7a7a3b9aa673ce9d14aa95380f947838a1
2015-12-22 17:47:54 +00:00
Elliott Hughes
0945ed5cc5 Implement getifaddrs(3)/freeifaddrs(3).
Time to dust off the old libcore implementation from gingerbread and add it
to bionic. Unlike the original, this actually looks at both RTM_NEWLINK and
RTM_NEWADDR.

Bug: http://b/26238832
Change-Id: I7bb4b432deb766065b66b9c9ff36ed68249aba82
2015-12-19 14:49:09 -08:00
Tom Cherry
dd57119ced Merge "Reset access to system properties on reinitialization" 2015-12-17 17:54:05 +00:00
Elliott Hughes
dd586f2ebd sem_timedwait with a null timeout doesn't mean "forever".
It actually means "crash immediately". Well, it's an error. And callers are
much more likely to realize their mistake if we crash immediately rather
than return EINVAL. Historically, glibc has crashed and bionic -- before
the recent changes -- returned EINVAL, so this is a behavior change.

Change-Id: I0c2373a6703b20b8a97aacc1e66368a5885e8c51
2015-12-16 15:15:58 -08:00
Dimitry Ivanov
bc2e88a85d Revert "Revert "Remove remaining ndk_cruft from LP64 platforms""
This reverts commit 23af25b747.

Bug: http://b/26164862
Change-Id: I201bf49530f33f8ba6a1a35b79723afb9e84c7a5
2015-12-16 19:02:04 +00:00
Dimitry Ivanov
23af25b747 Revert "Remove remaining ndk_cruft from LP64 platforms"
This reverts commit b1d0a2ae77.

Change-Id: I1da06be0b78a4f2a4cad7e4a19a3ee755f55a813
2015-12-15 01:34:14 +00:00
Dimitry Ivanov
b1d0a2ae77 Remove remaining ndk_cruft from LP64 platforms
This change removes endpwent, dlmalloc_inspect_all, dlmalloc_trim
from lp64 libc.so. It also removed necessety of having brillo
version scripts for lp64 platforms.

Bug: http://b/26164862
Change-Id: I4e9b38907bb1dc410f0eb6d2f5d5944fe713da51
2015-12-14 15:49:28 -08:00
Tom Cherry
b417169d80 Reset access to system properties on reinitialization
Treat subsequent calls to __system_properties_init() as a
reinitialization of system properties and revoke access to prop files
that have been previously mapped but that the process's current context
does not have access to.  Additionally reset the no_access_ flag in
case permissions have loosened and previously unaccessible files can now
be accessed.

This is meant to work around an issue that setcon() does not revoke
mmap() mappings, so we must manually revoke them after a successful
setcon() call.

Bug 26114086

Change-Id: I4d690abb6817283ca64ac26ea4c1dad398a98fbc
2015-12-11 11:16:21 -08:00
Tom Cherry
e46ded5ce1 Merge "Do not set properties in bionic_systrace" 2015-12-10 23:05:15 +00:00
Tom Cherry
46e2eadad2 Do not set properties in bionic_systrace
Currently, if the debug.atrace.tags.enableflags property is not found,
it is set to a safe value such that a pointer to this property can be
stored for later access.  This may result in selinux denials because not
all processes write permissions for this property or permission to
connect to the property write socket at all.

Change I6d953c0c281fd72ad3eba8a479fd258023579b5b writes this property to
a safe value upon boot, which greatly decreases the cases in which this
property will not be accessible and removes the need to write it here.
This commit removes this write.

Bug 26115803

Change-Id: Ief72c5f731d3a1231b5080eb531fa0a491a8b1d1
2015-12-10 13:33:37 -08:00
Dimitry Ivanov
9d8632e1a7 Merge "constexpr constructor for atfork_list_t" 2015-12-10 17:39:48 +00:00
Elliott Hughes
6500f51c0e Merge "Fix -fstack-protector-strong for x86." 2015-12-10 02:33:34 +00:00
Mark Salyzyn
9da687e2f4 bionic: Build Breakage
Bug: 23668800
Change-Id: Ic7cf5864d3f5881e6f7105a49ecf62b1bc4a604c
2015-12-08 13:42:41 -08:00
Elliott Hughes
6c54ddd20f Fix -fstack-protector-strong for x86.
We need to ensure %gs:20 is set up early enough for -fstack-protector-strong
on x86, and that __set_tls doesn't get stack protector checks because it's a
prerequisite for them. x86 devices/emulators won't boot without this.

Bug: http://b/26073874
Change-Id: Icf0d34294648cc0c8cb406a3617befe0d45c525a
2015-12-08 12:48:42 -08:00
Dimitry Ivanov
89a50fe1eb constexpr constructor for atfork_list_t
Bug: http://b/26026986
Change-Id: Iad95383a23f81eea776bebce641c555d26547b77
2015-12-08 11:40:51 -08:00
Mark Salyzyn
eaccfde075 Merge "Add monotonic logging for bionic" 2015-12-08 18:59:05 +00:00
Rohit Agrawal
d51a0b0f9d Base bcopy on memmove rather than memcpy.
POSIX defined bcopy to handle overlapping memory akin to memmove and
bionic appears to have always done so.

Change-Id: I2599113411e3532913270ba1c1b49e35cbc5f106
2015-12-07 13:06:14 -08:00
Elliott Hughes
cfd5a46b09 Make all of ndk_cruft.cpp one big extern "C".
Change-Id: Iddd9b5f36e661e443fa13d12326e72df8c0d209c
2015-12-07 11:13:23 -08:00
Elliott Hughes
bb46afd6c4 Revert "Revert "Remove __sinit and __sdidinit.""
This reverts commit c8bae05f3f.

We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.

This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.

This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.

Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
2015-12-05 07:30:59 -08:00
Elliott Hughes
c8bae05f3f Revert "Remove __sinit and __sdidinit."
This reverts commit 4371961e00.

This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).

Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
2015-12-04 17:47:20 -08:00
Tom Cherry
4ade5195f1 Merge "Do not create prop files for ctl.* properties" 2015-12-05 00:21:46 +00:00
Tom Cherry
21eadee6e9 Do not create prop files for ctl.* properties
Change-Id: Ia6660c68c9e0cb89938751dbc0747ee038394778
2015-12-04 15:55:32 -08:00
Elliott Hughes
8766edc098 Fix GCC build.
error: '__sdidinit' initialized and declared 'extern' [-Werror]

Change-Id: I97d9c174da6a99ca61b72572dfb4694813372a60
2015-12-04 15:53:25 -08:00
Elliott Hughes
2558b11230 Merge "Remove __sinit and __sdidinit." 2015-12-04 23:27:07 +00:00
Mark Salyzyn
870f165ceb Add monotonic logging for bionic
Primarily a debug feature that can be switched at runtime to permit
developer to have the option of high-resolution Android logs with
either CLOCK_REALTIME (default) or CLOCK_MONOTONIC to correlate with
other system activities like kernel logs or systrace.

Bug: 23668800
Change-Id: Ib29024899540f51a72cad5dde25517a7134d68f7
2015-12-04 14:45:25 -08:00
Tom Cherry
6ed51c0e85 add checks for initialization for system properties
If a __system_property* function is called before
__system_properties_init() then the app will will abort.  This commit
returns either an error code or a safe return value instead.

Bug 26027140

Change-Id: I95ffd143e9563658ab67a397991e84fb4c46ab77
2015-12-04 13:26:47 -08:00
Yabin Cui
2452cf3c33 Merge "Clear pthread_internal_t allocated on user provided stack." 2015-12-04 00:58:05 +00:00
Yabin Cui
304348af19 Clear pthread_internal_t allocated on user provided stack.
Several parts in pthread_internal_t should be initialized
to zero, like tls, key_data and thread_local_dtors. So
just clear the whole pthread_internal_t is more convenient.

Bug: 25990348
Change-Id: Ibb6d1200ea5e6e1afbc77971f179197e8239f6ea
2015-12-03 16:51:20 -08:00
Tom Cherry
845e24a05e Remove c++14'isms from system_properties
Change-Id: If78e7d2770e8f8321f0d1824c3c52f93820dd325
2015-12-03 15:40:23 -08:00
Elliott Hughes
4371961e00 Remove __sinit and __sdidinit.
We're eagerly initializing stdio now, so this can all be simplified.

Change-Id: Icb288f8dd0ee08f02bea0d23670f75e78bed6b99
2015-12-03 13:23:03 -08:00
Tom Cherry
49a309ff6a Separate properties by selabel
The purpose of this change is to add read access control to the property
space.

In the current design, a process either has access to the single
/dev/__properties__ file and therefore all properties that it contains
or it has access to no properties.  This change separates properties
into multiple property files based on their selabel, which allows
creation of sepolicies that allow read access of only specific sets of
properties to specific domains.

Bug 21852512

Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
2015-12-02 15:17:03 -08:00
Yabin Cui
6bef152af2 Merge "Init stdio in __libc_init_common." 2015-11-30 23:57:02 +00:00
Yabin Cui
d68c9e5906 Init stdio in __libc_init_common.
Previously we call __sinit() lazily. But it is likely to cause data
races like in https://android-review.googlesource.com/#/c/183237/. So
we prefer to call __sinit() explicitly at libc initialization.

Bug: 25392375

Change-Id: I181ea7a4b2e4c7350b45f2e6c86886ea023e80b8
2015-11-30 13:51:07 -08:00
Yabin Cui
952e9eb086 Don't use __thread in __cxa_thread_finalize().
Currently we use __thread variable to store thread_local_dtors,
which makes tsan test fork_atexit.cc hang. The problem is as below:
The main thread creates a worker thread, the worker thread calls
pthread_exit() -> __cxa_thread_finalize() -> __emutls_get_address()
-> pthread_once(emutls_init) -> emutls_init().
Then the main thread calls fork(), the child process cals
exit() -> __cxa_thread_finalize() -> __emutls_get_address()
-> pthread_once(emutls_init).
So the child process is waiting for pthread_once(emutls_init)
to finish which will never occur.

It might be the test's fault because POSIX standard says if a
multi-threaded process calls fork(), the new process may only
execute async-signal-safe operations until exec functions are
called. And exit() is not async-signal-safe. But we can make
bionic more reliable by not using __thread in
__cxa_thread_finalize().

Bug: 25392375
Change-Id: Ife403dd7379dad8ddf1859c348c1c0adea07afb3
2015-11-24 17:24:06 -08:00
Yabin Cui
17554356cc Merge "Change _stdio_handles_locking into _caller_handles_locking." 2015-11-23 18:57:26 +00:00
Yabin Cui
74ed96d597 Merge "Use FUTEX_WAIT_BITSET to avoid converting timeouts." 2015-11-21 01:50:29 +00:00
Yabin Cui
76144aaa63 Change _stdio_handles_locking into _caller_handles_locking.
It is reported by tsan that funlockfile() can unlock an unlocked mutex.
It happens when printf() is called before fopen() or other stdio stuff.
As FLOCKFILE(fp) is called before __sinit(), _stdio_handles_locking is false,
and _FLOCK(fp) will not be locked. But then cantwrite(fp) in __vfprintf()
calls__sinit(), which makes _stdio_handles_locking become true, and
FUNLOCKFILE(fp) unlocks _FLOCK(fp).

Change _stdio_handles_locking into _caller_handles_locking,
so __sinit() won't change its value. Add test due to my previous fault.

Bug: 25392375
Change-Id: I483e3c3cdb28da65e62f1fd9615bf58c5403b4dd
2015-11-20 17:44:26 -08:00
Vitaly Vul
ee67dd75e2 mmap: fix calculation of is_private_anonymous variable
Currently is_private_anonymous is calculated as true if _either_
MAP_PRIVATE or MAP_ANONYMOUS is set, which is a mistake.
According to Documentation/vm/ksm.txt, "KSM only merges anonymous
(private) pages, never pagecache (file) pages". MAP_PRIVATE can
still be set on file cache pages so in order to not redundantly
set MADV_MERGEABLE on pages that are not fitted for it, both
MAP_PRIVATE and MAP_ANONYMOUS should be set.

Along with this fix, add an extra check that the mapped page is
not a stack page before setting MADV_MERGEABLE for it. Stack pages
change too quickly and always end up in KSM 'page_volatile' list.

Change-Id: If4954142852f17cc61f02985ea1cb625a7f3dec6
2015-11-20 09:16:59 -08:00
Josh Gao
f30170dfa5 Merge changes I73a39c6d,Iab2af242
* changes:
  Fix test build break.
  extend the PTRDIFF_MAX size check to mremap
2015-11-20 01:55:56 +00:00
Yabin Cui
284068f44f Fix tsan abort for lake of __libc_auxv initialization.
If tsan is used, the following callchain can happen:
__libc_preinit() -> __libc_init_globals() ->
__libc_init_vdso() -> strcmp() -> __tsan_init()
-> sysconf(_SC_PAGE_SIZE) -> getauxval().
But __libc_auxv is initialized in __libc_init_common(),
after __libc_init_globals(). One simple way to fix
this is to initialize __libc_auxv at __libc_init_globals().

Bug: 25392375
Change-Id: I3893b1f567d5f3b7a8c881c0c1b8234b06b7751b
2015-11-19 14:24:06 -08:00
Yabin Cui
c9a659c57b Use FUTEX_WAIT_BITSET to avoid converting timeouts.
Add unittests for pthread APIs with timeout parameter.

Bug: 17569991

Change-Id: I6b3b9b2feae03680654cd64c3112ce7644632c87
2015-11-19 13:42:03 -08:00
Daniel Micay
c22a7de798 extend the PTRDIFF_MAX size check to mremap
This removes another way to obtain objects larger than PTRDIFF_MAX. The
only known remaining hole is now jemalloc's merging of virtual memory
spans.

Technically this could be wrapped in an __LP64__ ifndef since it can't
occur on 64-bit due to the 1:1 split. It doesn't really matter either
way.

Change-Id: Iab2af242b775bc98a59421994d87aca0433215bd
2015-11-19 08:57:47 -05:00
Yabin Cui
2c09e5de29 Merge "Implement pthread spin." 2015-11-19 01:55:37 +00:00
Yabin Cui
fe3a83a934 Implement pthread spin.
In order to run tsan unit tests, we need to support pthread spin APIs.

Bug: 18623621
Bug: 25392375
Change-Id: Icbb4a74e72e467824b3715982a01600031868e29
2015-11-18 17:51:21 -08:00
Yabin Cui
0307eee293 Avoid tsan warning about pthread_mutex_destroy.
If calling pthread_mutex_trylock from pthread_mutex_destroy, tsan
warns about an attempt to destroy a locked mutex.

Bug: 25392375
Change-Id: I5feee20e7a0d0915adad24da874ec1ccce241381
2015-11-17 16:17:44 -08:00
Yabin Cui
b804b9d67b Merge "Implement pthread barrier." 2015-11-17 00:22:54 +00:00
Yabin Cui
e7c2fffa16 Implement pthread barrier.
Bug: 24341262
Change-Id: I5472549e5d7545c1c3f0bef78235f545557b9630
2015-11-16 14:02:26 -08:00
Nick Kralevich
2fb02651c8 libc_init_common.cpp: Clarify when environment stripping occurs
The current comment implies that we only strip sensitive
environment variables on executing a setuid program. This is
true but incomplete. The AT_SECURE flag is set whenever a
security transition occurs, such as executing a setuid program,
SELinux security transition, executing a file with file capabilities,
etc...

Fixup the comments.

Change-Id: I30a73992adfde14d6e5f642b3a1ead2ee56726be
2015-11-10 16:45:49 -08:00
Tom Cherry
926ebe1094 Refactor prop_area into a class
Bug 21852512

Change-Id: I432bf592f1a71a046c32616fc334ad77c220f0ca
2015-11-09 17:22:44 -08:00
Daniel Micay
4200e260d2 fix the mremap signature
The mremap definition was incorrect (unsigned long instead of int) and
it was missing the optional new_address parameter.

Change-Id: Ib9d0675aaa098c21617cedc9b2b8cf267be3aec4
2015-11-06 13:14:43 -08:00
Daniel Micay
706186d266 fix PTRDIFF_MAX check in the 32-bit mmap wrapper
It wasn't making use of the page-rounded size.

Change-Id: I911345fcfd6419a4dbc18a4622b42e1b76729abb
2015-11-03 05:30:29 -05:00
Christopher Ferris
1721cd6a74 Make _signal hidden in all cases.
_signal was static in 64 bit, and hidden on 32 bit. There is no
reason to have this distinction, so make it hidden in all cases.

Change-Id: I09d5d93ac8cab4fe14dc7bdfeb25aa46a3b7413d
2015-10-30 17:10:47 -07:00
Elliott Hughes
c36be975ce Merge "Add prlimit to LP32." 2015-10-30 23:35:40 +00:00
Christopher Ferris
9978a9a82e Move __set_errno to ndk_cruft.cpp.
Change-Id: I5caa1cc161961d2e4629429c0d406875b93cdbd0
2015-10-29 18:11:32 -07:00
Elliott Hughes
4151db5f99 Add prlimit to LP32.
Bug: http://b/24918750
Change-Id: I0151cd66ccf79a6169610de35bb9c288c0fa4917
2015-10-28 20:04:59 -07:00
Elliott Hughes
d7c7daada2 Remove the legacy endusershell/getusershell/setusershell stubs.
These don't work, aren't thread-safe, aren't in POSIX (or our header
files), and are only used by one app (whose developers I've contacted).
But the presence of these symbols causes configure to be confused, which
is a pain for Brillo.

Bug: http://b/24812426
Change-Id: I7fa6ef82864d5563929d9b8a7f8fcacb30b26d45
2015-10-28 14:20:16 -07:00
Elliott Hughes
6331e806de Implement scandirat and scandirat64.
Bug: http://b/12612339
Change-Id: Id3b249a884fe08964b26a017ae9574961f0cb441
2015-10-27 13:47:36 -07:00
Christopher Ferris
a818445622 Rename LIBC64_HIDDEN to LIBC32_LEGACY_PUBLIC.
Change-Id: If4da9e46398ca5524f6f0680d70588e3dc7e80b4
2015-10-23 12:32:52 -07:00
Yabin Cui
d26e780df6 Use bionic lock in pthread_internal_t.
It removes calling to pthread_mutex_lock() at the beginning of new
thread, which helps to support thread sanitizer.

Change-Id: Ia3601c476de7976a9177b792bd74bb200cee0e13
2015-10-22 20:14:33 -07:00
Elliott Hughes
d29ba55513 Merge "Opt Brillo out of the ndk cruft." 2015-10-17 03:06:41 +00:00
Josh Gao
c433a36fb5 Merge "Move malloc dispatch table to __libc_globals." 2015-10-14 23:47:41 +00:00
Josh Gao
198d13e8c2 Merge "make mmap fail on requests larger than PTRDIFF_MAX" 2015-10-14 02:17:10 +00:00
Josh Gao
3c8fc2fea9 Move malloc dispatch table to __libc_globals.
Change-Id: Ic20b980d1e8b6c2d4b773ebe336658fd17c737cb
2015-10-12 17:54:58 -07:00
Elliott Hughes
fb8fd5076e Opt Brillo out of the ndk cruft.
Bug: http://b/24812426
Change-Id: I6a858d8ceebce9e2285e5b12de9fd89d2b42b352
2015-10-12 17:53:48 -07:00
Elliott Hughes
1ab3f303d2 Merge "Fix inet_aton on LP32." 2015-10-10 00:39:11 +00:00
Elliott Hughes
7b77cb35af Fix inet_aton on LP32.
I wasn't checking for overflow. Luckily, I had a test that overflows on LP32.

Change-Id: If2cf33d88f459eb26d0ce75f3c5ed192f516ab7a
2015-10-09 17:36:05 -07:00
Josh Gao
fe9d0ed6cb Move setjmp cookie to a shared globals struct.
Change-Id: I59a4c187d61524c4e48655c4c6376dba0d41eee2
2015-10-09 15:59:04 -07:00
Josh Gao
93c0f5ee00 Move VDSO pointers to a shared globals struct.
Change-Id: I01cbc9cf0917dc1fac52d9205bda2c68529d12ef
2015-10-09 15:59:04 -07:00
Elliott Hughes
047866672c Fix inet_addr/inet_aton/inet_network.
Rewrite inet_addr and inet_network in terms of inet_aton, and reimplement
that to include all the missing error checks.

Bug: http://b/24754503
Change-Id: I5dfa971c87201968985a0894df419f0fbf54768a
2015-10-09 15:44:24 -07:00
Josh Gao
a5d5d16c3c Use foreach loop to match setuid unsafe env vars.
Change-Id: I1e94daefac8e601281f38c7ce29ba3172a4a60bb
2015-10-02 11:31:09 -07:00
Stephen Hines
4a65557d0e Merge "Remove invalid left shifts of -1." 2015-10-01 05:23:14 +00:00
Yabin Cui
cb6f599c44 Fix the way to count online cpus.
Read /proc/stat to count online cpus is not correct for all android
kernels. Change to reading /sys/devices/system/cpu/online instead.

Bug: 24376925
Change-Id: I3785a6c7aa15a467022a9a261b457194d688fb38
2015-09-29 17:49:37 -07:00
Stephen Hines
23360cc498 Remove invalid left shifts of -1.
Bug: 24492248

Shifting sign bits left is considered undefined behavior, so we need to
switch these uses to unsigned equivalents. The time_t-related code is
updated relative to upstream sources.

Change-Id: I226e5a929a10f5c57dfcb90c748fdac34eb377c2
2015-09-29 10:04:54 -07:00
Elliott Hughes
9e3a249152 Merge "Clean up /proc/<pid>/maps sscanfs." 2015-09-22 22:49:20 +00:00
Elliott Hughes
0dec228921 Clean up /proc/<pid>/maps sscanfs.
sscanf will swallow whitespace for us.

Change-Id: I59931cbad00f0144fd33ed4749ac0aaad15e6de6
2015-09-22 15:45:50 -07:00
Jorge Lucangeli Obes
dd51453904 Merge "Add preliminary OEM UID/GID support." 2015-09-22 21:53:39 +00:00
Jorge Lucangeli Obes
a39e30141d Add preliminary OEM UID/GID support.
Until we implement full support for passwd/group files, add a simple
way to use the new OEM UID/GID range (5000-5999).

oem_XXX -> 5000 + XXX iff 0 <= XXX < 1000.

Bug: 23225475

Change-Id: If48b88135d5df538313414f747d6c4c63bf0a103
2015-09-22 13:33:17 -07:00
Yabin Cui
33ac04a215 Increase alternative signal stack size on 64-bit devices.
Bug: 23041777
Bug: 24187462
Change-Id: I7d84c0cc775a74753a3e8e101169c0fb5dbf7437
2015-09-22 11:18:26 -07:00
Josh Gao
7fda8d2aa4 Implement setjmp cookies on ARM.
Reuse the top bits of _JB_SIGFLAG field previously used to store a
boolean to store a cookie that's validated by [sig]longjmp to make it
harder to use as a ROP gadget. Additionally, encrypt saved registers
with the cookie so that an attacker can't modify a register's value to
a specific value without knowing the cookie.

Bug: http://b/23942752
Change-Id: Id0eb8d06916e89d5d776bfcaa9458f8826717ba3
2015-09-17 14:07:24 -07:00
Mor-sarid, Nitzan
569333293a Fix the way to get main thread stack start address.
For previous way to get the stack using the [stack] string from
/proc/self/task/<pid>/maps is not enough. On x86/x86_64, if an
alternative signal stack is used while a task switch happens,
the [stack] indicator may no longer be correct.

Instead, stack_start from /proc/self/stat which is always inside
the main stack, is used to find the main stack in /proc/self/maps.

Change-Id: Ieb010e71518b57560d541cd3b3563e5aa9660750
Signed-off-by: Nitzan Mor-sarid <nitzan.mor-sarid@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
2015-09-16 11:45:13 -07:00
Daniel Micay
5ca66528c5 make mmap fail on requests larger than PTRDIFF_MAX
Allocations larger than PTRDIFF_MAX can be successfully created on
32-bit with a 3:1 split, or in 32-bit processes running on 64-bit.

Allowing these allocations to succeed is dangerous, as it introduces
overflows for `end - start` and isn't compatible with APIs (mis)using
ssize_t to report either the size or an error. POSIX is guilty of this,
as are many other Android APIs. LLVM even considers the `ptr + size`
case to be undefined, as all pointer arithmetic compiles down to signed
operations and overflow is treated as undefined for standard C pointer
arithmetic (GNU C `void *` arithmetic works differently).

This also prevents dlmalloc from allocating > PTRDIFF_MAX as it doesn't
merge mappings like jemalloc. A similar check will need to be added in
jemalloc's code path for huge allocations.

The musl libc implementation also performs this sanity check.

Change-Id: I5f849543f94a39719f5d27b00cef3079bb5933e9
2015-09-12 01:52:12 -04:00
Christopher Ferris
efc134dba3 Only close stdin/stdout/stderr for debug malloc.
The debug malloc code unconditionally closes stdin/stdout/stderr,
which means that other atexit functions cannot use them. Only
close these if there is a debug malloc final function to call.

This doesn't appear to be a problem on most normal applications or the
atexit_exit bionic unit test would be failing. However, if you
enable stat dumping in jemalloc, nothing prints. Most likely trying
to add an atexit function from within libc is causing that atexit
to run after the debug malloc atexit function.

Change-Id: I963720d4ccaaa511e44af07a7461f17eb3f84e8e
2015-09-03 17:45:33 -07:00
Elliott Hughes
32bf43f44a Rename debug_stacktrace to debug_backtrace.
All the functions say "backtrace", so it's weird that the filename
says "stacktrace".

Change-Id: I1c88a56c1f9adb1bae4615edc8af3e73db270a8c
2015-09-01 16:01:50 -07:00
Elliott Hughes
848808c660 Merge "Add preadv/pwritev." 2015-08-26 22:04:32 +00:00
Elliott Hughes
6f4594d5dc Add preadv/pwritev.
Bug: http://b/12612572
Change-Id: I38ff2684d69bd0fe3f21b1d371b88fa60d5421cb
2015-08-26 14:48:55 -07:00
Christopher Ferris
d518a6d3bc Merge "Fix the 16 bit/32 bit instruction check for arm." 2015-08-26 19:39:36 +00:00
Christopher Ferris
b72c9d80ab Fix the 16 bit/32 bit instruction check for arm.
The current code only looks for a branch, instead make this more
general.

Change-Id: Ib442d6f2f04074e274b320ca0cf04734cc78e5d2
2015-08-26 10:55:09 -07:00
Elliott Hughes
7ac3c128bb Add strchrnul.
Bug: http://b/18374026
Change-Id: Iea923309c090a51a2d41c5a83320ab3789f40f1c
2015-08-26 09:59:29 -07:00
Yabin Cui
62c26ed93e Merge "add fortified implementations of write/pwrite{,64}" 2015-08-21 03:03:22 +00:00
Daniel Micay
afdd15456a add fortified implementations of write/pwrite{,64}
These are just based on the read/pread{,64} implementations with the
function calls and error messages adjusted as appropriate. The only
difference is that the buffer parameters are const.

Change-Id: Ida1597a903807f583f230d74bcedffdb7b24fcf6
2015-08-20 13:46:51 -04:00
Christopher Ferris
224bef8ec4 Modify ip to get the instr being executed.
The ip values being reported are always pointing at the next
instruction to execute, not the currently executing instruction.
Change the ip address to point at the currently executing instruction.

This fixes a problem where the next instruction is not actually
part of the same function, so if an addr2line is used, it reports
the wrong value.

This does not modify the ip for mips.

Bug: 22565486
Change-Id: Ie0df4c9727f62ce06948b9a2b0e4b7956eb6e752
2015-08-18 15:41:31 -07:00
Daniel Micay
9101b00400 add a fortified implementation of getcwd
Change-Id: Ice3e6d3e1ff07788305dc85f8ee4059baad5fac4
2015-08-01 00:42:30 -04:00
Elliott Hughes
36443fd542 Remove PAGE_SIZE from <limits.h>.
It turns out that everyone's still getting PAGE_SIZE from <sys/user.h> via
<sys/ucontext.h> via <signal.h> anyway.

glibc has PAGE_SIZE in <sys/user.h> rather than <limits.h> so this part is
good. The bad part is that we have such wide transitive inclusion of
<sys/user.h>!

Bug: http://b/22735893
Change-Id: I363adffe4a27b4ca1eedf695ea621f5dd2d5ca10
2015-07-28 19:54:53 -07:00
Elliott Hughes
820a86f2df Remove PAGESIZE.
This was pretty much unused, and isn't in glibc.

Bug: http://b/22735893
Change-Id: If17f0dcd931c90ef1ccb134a3950c3b0011a03f4
2015-07-28 16:46:06 -07:00
Elliott Hughes
afab3ffcce Move PAGE_MASK into <sys/user.h>.
I'm removing the TODO on the assumption that being compatible with glibc
is more useful than BSD. The new internal "bionic_page.h" header factors
out some duplication between libc and the linker.

Bug: http://b/22735893
Change-Id: I4aec4dcba5886fb6f6b9290a8f85660643261321
2015-07-28 14:58:37 -07:00
Mark Salyzyn
667dc75ee1 deprecate TARGET_USES_LOGD
This is not the kernel logger you are looking for

Bug: 22787659
Change-Id: I340d8bb5cdaa73be9565521681ee238b7033934b
2015-07-28 08:51:17 -07:00
Yabin Cui
8af3263349 Merge "add fortified implementations of fread/fwrite" 2015-07-27 22:46:29 +00:00
Elliott Hughes
189394b885 Use AT_PAGESZ for sysconf(_SC_PAGE_SIZE).
Bug: http://b/18342333
Change-Id: Id12ed4e85a0f35d7d27202f7792df42a65a74b4e
2015-07-24 23:22:07 -07:00
Daniel Micay
fed2659869 add fortified implementations of fread/fwrite
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.

Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
2015-07-23 18:55:46 -04:00
Yabin Cui
1661125315 Don't abort when failed to write tracing message.
Also make the code thread-safe with lock.

Bug: 20666100
Change-Id: I0f331a617b75280f36179c187418450230d713ef
2015-07-22 18:24:53 -07:00
Yabin Cui
2565492db0 Merge "Add getgrgid_r/getgrnam_r." 2015-07-22 03:22:26 +00:00
Yabin Cui
c4786d366b Add getgrgid_r/getgrnam_r.
Bug: 22568551
Change-Id: I3c0772d119d6041063c6be53f5bcc5ea1768f0d5
2015-07-21 19:33:34 -07:00
Elliott Hughes
3b49d61ac2 Merge "libc: arch-x86: implement kernel vdso time functions" 2015-07-22 01:51:00 +00:00
Robert Jarzmik
10726d52ac libc: arch-x86: implement kernel vdso time functions
This patch give the possibility of time vdso support on 32bit kernel.
If the 32bit x86 kernel provides gettimeofday() and clock_gettime()
primitives in vdso. In this case make bionic use them. If the kernel
doesn't provide them, fallback to the legacy system call versions.

Change-Id: I87b772a9486fa356903e1f98f486ab9eb0b6f6f7
Signed-off-by: Robert Jarzmik <robert.jarzmik@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
2015-07-22 01:31:38 +00:00
Elliott Hughes
d29486343a Use a less misleading name for the code that sets up the main thread.
Change-Id: I50c1b0a3b633cf8bc40a6bd86f12adb6b91e2888
2015-07-21 11:57:09 -07:00
Christopher Ferris
c99fabb7a0 Merge "Add support for non-zero vaddr in maps." 2015-07-21 17:29:10 +00:00
Elliott Hughes
613f814508 Revert "Revert "make vdso function pointers read-only at runtime""
This reverts commit 1946856b1f.

This goes back to the original scheme of PROT_NONEing a page within
libc. Allocating a new page didn't fail safe for cases where these
functions are called from the dynamic linker.

Bug: http://b/22568628
Change-Id: I3e7241c8b54c27ea4a898bc952375c1e9ae38c80
2015-07-20 15:59:33 -07:00
Elliott Hughes
1946856b1f Revert "make vdso function pointers read-only at runtime"
This reverts commit df1a3c6d21.

This change prevented N9 from booting (http://b/22568628).

Change-Id: I071d6d6a0ae7881d65641839e665acdcf58462b4
2015-07-20 17:30:33 +00:00
Daniel Micay
df1a3c6d21 make vdso function pointers read-only at runtime
Global, writable function pointers are low-hanging fruit for hijacking
control flow with an overflow from a global buffer or an arbitrary write
vulnerability. This moves the function pointer table into a dedicated
page and makes it read-only at runtime, similar to RELRO.

This increases the memory usage of the library by just under one page.
This could be avoided by having the linker load the vdso by replacing
weak symbols. It's not significant within the Zygote spawning model
though because it's read-only after early init.

Change-Id: Id7a49c96c1b15c2e1926528304b3c54a81e78caf
2015-07-17 11:11:42 -07:00
Christopher Ferris
70b6e1daff Add support for non-zero vaddr in maps.
If a map has a non-zero vaddr then it needs to be added to the
computed relative offset.

Bug: 22532054
Change-Id: If55015165d25ecc4b530f674b481c8c7ef760a23
2015-07-16 15:25:39 -07:00
Christopher Ferris
3a40a0000a Do not hold hash table lock while backtracing.
There is a deadlock if holding the hash table lock while trying to do
a backtrace. Change the code so that the hash table lock is only held
while actually modifying either g_hash_table, or while modifying an
entry from g_hash_table.

Bug: 22423683
(cherry picked from commit 9fee99b060)

Change-Id: I72173bfe6f824ceaceea625c24e7851b87467135
2015-07-13 13:18:31 -07:00
Elliott Hughes
a20a35fdda Prevent user-defined basename_r from breaking basename(3).
LP64 is immune because basename_r is hidden there, but on LP32 a basename_r
defined in the executable breaks basename because its call to basename_r
will resolve to that one rather than the one in libc.

Bug: http://b/22415484
Change-Id: Ied3ca7ad3fb0e744eb705fc924743f893b4ad490
2015-07-10 23:58:59 -07:00
Elliott Hughes
eeb6b57e75 Name the thread stack and signal stack guard pages.
Bug: http://b/22228722
Change-Id: I1dae672e386e404fb304a34496a29fe21134c784
2015-07-01 23:48:39 -07:00
Dmitriy Ivanov
c2247478d5 Improve personality initialization
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
   personality value.
3. Set personality for static executables.

Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
2015-06-30 19:01:24 -07:00
Elliott Hughes
b1304935b6 Hide accidentally-exposed __clock_nanosleep.
Bug: http://b/21858067
Change-Id: Iaa83a5e17cfff796aed4f641d0d14427614d9399
2015-06-15 19:39:04 -07:00
Elliott Hughes
ba1d40a3f1 Merge "Statically linked executables should honor AT_SECURE." 2015-06-10 22:49:57 +00:00
Christopher Ferris
60907c7f4e Allow NULL in pthread_mutex_lock/unlock.
The pthread_mutex_lock and pthread_mutex_unlock were allowed to
fail silently on L 32 bit devices when passed a NULL. We changed
this to a crash on 32 bit devices, but there are still games that make
these calls and are not likely to be updated. Therefore, once again
allow NULL to be passed in on 32 bit devices.

Bug: 19995172
(cherry picked from commit 511cfd9dc8)

Change-Id: I159a99a941cff94297ef3fffda7075f8ef1ae252
2015-06-10 10:50:43 -07:00
Elliott Hughes
1801db3d3f Statically linked executables should honor AT_SECURE.
Bug: http://b/19647373
Change-Id: I10e7682d9cec26a523f1a3597ca5326c3ca42ebe
2015-06-09 20:10:25 -07:00
Nick Kralevich
12fb28bbd8 Merge "Add O_PATH support for flistxattr()" 2015-06-08 17:39:01 +00:00
Nick Kralevich
e1d0810cd7 Add O_PATH support for flistxattr()
A continuation of commit 2825f10b7f.

Add O_PATH compatibility support for flistxattr(). This allows
a process to list out all the extended attributes associated with
O_PATH file descriptors.

Change-Id: Ie2285ac7ad2e4eac427ddba6c2d182d41b130f75
2015-06-06 11:25:41 -07:00
Christopher Ferris
f9554a1776 Export two dlmalloc functions everywhere.
The functions dlmalloc_inspect_all and dlmalloc_trim get
exported on devices that use dlmalloc, so be consistent and
export them everywhere.

Bug: 21640784
Change-Id: I5b8796cd03c8f401d37d9c22823144f766f9c4c7
2015-06-05 17:12:17 -07:00
Christopher Ferris
c062218a9b Reorder DIR structure due to bad apps.
It turns out that apportable apps expect that the DIR structure is
the same as in L and below. Modify the structure to have the same
order, and move the new variable to the end of the structure.

Bug: 21037208
(cherry picked from commit 5edb0f40f6)

Change-Id: I0c1ab5e295ec8bef638daa4cfea5830aeea602e6
2015-06-04 14:04:16 -07:00
Nick Kralevich
2825f10b7f libc: Add O_PATH support for fgetxattr / fsetxattr
Support O_PATH file descriptors when handling fgetxattr and fsetxattr.
This avoids requiring file read access to pull extended attributes.

This is needed to support O_PATH file descriptors when calling
SELinux's fgetfilecon() call. In particular, this allows the querying
and setting of SELinux file context by using something like the following
code:

  int dirfd = open("/path/to/dir", O_DIRECTORY);
  int fd = openat(dirfd, "file", O_PATH | O_NOFOLLOW);
  char *context;
  fgetfilecon(fd, &context);

This change was motivated by a comment in
https://android-review.googlesource.com/#/c/152680/1/toys/posix/ls.c

Change-Id: Ic0cdf9f9dd0e35a63b44a4c4a08400020041eddf
2015-06-01 15:51:56 -07:00
Dan Albert
9d476a02e9 Cleanup ftruncate negative test.
Addresses post-submit comments from
I54692ab8105dd09db6af7a2c0894a17bdd118aa0.

Bug: http://b/21309901
Change-Id: Ie19ee8cdcc4055a65fe7dfc103156e54eafe8977
2015-06-01 13:22:57 -07:00
Dan Albert
c05554ec5c Fix error handling for negative size in ftruncate.
Bug: 21309901
Change-Id: I54692ab8105dd09db6af7a2c0894a17bdd118aa0
2015-05-20 14:20:33 -07:00
Yabin Cui
40a8f214a5 Hide rt_sigqueueinfo.
Bug: 19358804
Change-Id: I38a53ad64c81d0eefdd1d24599e769fd8a477a56
2015-05-18 11:29:20 -07:00
Jeff Brown
11331f60dd Add float support to binary event log.
Bug: 20664753
Change-Id: I6e43c07daa727c19d87f5192bb719af63dd93654
2015-04-28 18:20:22 -07:00
Mark Salyzyn
bfd65279a5 bionic: add __system_property_area_serial()
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.

Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
2015-04-27 07:44:03 -07:00
Nick Kralevich
42502d702e Merge "add fortified memchr/memrchr implementations" 2015-04-25 21:29:57 +00:00