Don't ask the kernel to copy data to userspace if we don't need it.
(Noticed while cleaning up sysconf to not call clock_getres.)
Change-Id: Icc0f7559775b8a2dcefe638ce831d06b75d67122
There are a hundred other reasons why we can't run on kernels old enough
to not have all the clocks covered by sysconf.
This was causing trouble for jemalloc 4.1.0 in a seccomp-constrained process
because jemalloc 4.1.0 introduced a call to sysconf that caused us to make
clock_getres syscalls for the first time, leading to SIGSYS.
Bug: http://b/27408522
Change-Id: I2eb6986d871bc03cbef278e5617734409c39e057
glibc, FreeBSD, OpenBSD, and Darwin all just leave the fd unchanged and
possibly uninitialized. Setting it to -1 seems friendlier, though.
Bug: http://b/27506278
Change-Id: I7acdc8eecbea4404d5fb4ba0b4d572245a323886
I can only assume I was testing the 32-bit implementation when I claimed
this worked. While improving the 32-bit code I realized that I'd used
signed comparisons instead of unsigned, and came back to find that the
64-bit code didn't work.
By way of apology, make x86-64 the first architecture where __memset_chk
falls through to memset.
Change-Id: I54d9eee5349b6a2abb2ce81e161fdcde09556561
Make it easier to diagnose applications mucking with the contents of
jmp_buf by checksumming its contents.
Bug: http://b/27417786
Change-Id: I9989e2ea3979a36ae0bc4c9e1bacafddbacc731b
This involves actually implementing assembler __memset_chk for arm64,
but that's easily done.
Obviously I'd like this for all architectures (and all the string functions),
but this is low-hanging fruit...
Change-Id: I70ec48c91aafd1f0feb974a2555c51611de9ef82
Also remove an if that implied that IFA_BROADCAST is a possibility for
AF_INET6.
The existing tests fail if you have a point-to-point interface configured,
so no new test necessary.
Bug: http://b/27442503
Change-Id: I4c5823b32204ae6c15527853414c2a0cef320b53
The DNS search string contains zeros as domain separator. The resolver
code erroneously used strlcpy(), which resulted in only the first domain
to be copied. The code uses pointers into this string to access the
individual domains. Since the structure is zero-initialized, this bug only
resulted in zero-length domains instead of accessing unitialized memory.
BUG: 27312811
Change-Id: Ia9d066c405dfcc5e82d6766d93ead2ce574e7b0d
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.
Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.
Also remove the obsolete FORTIFY event logging.
Also remove the unused __libc_fatal_no_abort.
This change doesn't improve the diagnostics from the optimized assembler
implementations.
Change-Id: I176a90701395404d50975b547a00bd2c654e1252
Change all of the hard-coded config values to be defined constants.
Also make sure to use these constants in the usage output.
Bug: 26739265
Change-Id: I597a6d71279a2df9cc7e98c42ac70224261bac99
...so memset it is, then.
I'll be glad when GCC is dead and we can use "= {}" like it's the 21st century.
Change-Id: I28d820d3926ac9bf44bf7c1e89e184726c840391
The purpose of this change is to silence Valgrind's warning about a
syscall parameter pointing to uninitialised bytes.
Change-Id: I2737235f9ac288dbc8ec4be0c6f1cef181c9b7d7
Changes affecting future time stamps
America/Cayman will not observe daylight saving this year after all.
Revert our guess that it would. (Thanks to Matt Johnson.)
Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
(Thanks to Alexander Krivenyshev.)
Asia/Tehran now has DST predictions for the year 2038 and later,
to be March 21 00:00 to September 21 00:00. This is likely better
than predicting no DST, albeit off by a day every now and then.
Changes affecting past and future time stamps
America/Metlakatla switched from PST all year to AKST/AKDT on
2015-11-01 at 02:00. (Thanks to Steffen Thorsen.)
America/Santa_Isabel has been removed, and replaced with a
backward compatibility link to America/Tijuana. Its contents were
apparently based on a misreading of Mexican legislation.
Changes affecting past time stamps
Asia/Karachi's two transition times in 2002 were off by a minute.
(Thanks to Matt Johnson.)
Bug: 26833368
(cherry-picked from commit 5408d8f39a)
Change-Id: I568ae45e0b38382507db3c244392ccc2edff29d3
I added the code to force alignments of 8 for 32 bit and 16 for 64 bit,
but I missed a couple of tests that failed due to this change. Fix the
failing tests.
Bug: 26739265
Change-Id: Ice9932d1419e59c07483c4c9fcdb84970844f0a6
When using sscanf and "%4s", the array passed in must include space for
a nul terminator.
Bug: 26739265
Change-Id: I0140a6100ca370666ae61689087ba41b4914789d
Add backtrace_string to convert a malloc_debug backtrace to a string.
Also move the backtrace functions to libc_malloc_debug_backtrace so that
libmemunreachable can reuse them.
Change-Id: I5ad67001c0b4d184903c762863a8588181d4873b
In order to enforce this constraint:
The pointer returned if the allocation succeeds shall be suitably
aligned so that it may be assigned to a pointer to any type of object
and then used to access such an object in the space allocated.
Force all allocations on 32 bit systems to have 8 byte alignment,
and all allocations on 64 bit systems to have 16 byte alignment.
Add a test to verify that the allocator returns the correct alignments.
Bug: 26739265
Change-Id: I9af53279617408676b94e4ec6481b3ed7ffafc6a
Add a pthread_atfork handler to malloc_debug to lock the TrackData mutex
during fork and reset it in the child. Ensures that the TrackData is
consistent when forking from a multi-threaded process, and that the
mutex is in a defined state in the child.
Change-Id: I0dfed30045a28551217ceac227d33b2e18894932
Found by passing a bad regular expression to the Google benchmark
code (https://github.com/google/benchmark).
Change-Id: I475db71c25706bbf02091b754acabe8254062f3a
Since we set both fields to NULL all the time, we can alias the two
fields together on LP32 to provide build-time compatibility.
BUG=24918750
TEST=python now builds for Brillo boards
Change-Id: I3394aea80c9a5288669389f71d0e4132f2157e3c
Small modifications needed to allow compilation with the new headers:
- Manually modify bionic/libc/kernel/uapi/asm-mips/asm/siginfo.h to
remove the uapi from the include.
- PR_XXX defines are now available for mips, so remove the definition
from linker_mips.cpp.
Bug: 23789423
Change-Id: I6dc8a03b012426d3a937db15cb24d3a50fab5a8c
Check if thread_id is in fact pthread_self before
locking on g_thread_list_lock in __pthread_internal_find.
The main reason for doing this is not performance but to allow
the linker use raise() which was not working because pthread_kill()
couldn't find pthread_self() thread because the global thread
list is initialized in libc.so and the linker's version of this
list is empty.
Bug: http://b/25867917
Change-Id: I18fe620e8cd465b30f0e1ff45fff32958f3c5c00
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.
Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
__size_mul_overflow generates warning under following compilation envrionment:
-OX -D_FORTIFY_SOURCE=2 (X=1, 2, 3)
For example:
echo '#include <stdio.h>' | \
prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/bin/arm-linux-androideabi-gcc \
-I bionic/libc/arch-arm/include \
-I bionic/libc/include \
-I bionic/libc/kernel/uapi \
-I bionic/libc/kernel/common \
-I bionic/libc/kernel/uapi/asm-arm \
-I bionic/libm/include \
-I bionic/libm/include/arm \
-I bionic/libc/include \
-Werror \
-O1 \
-D_FORTIFY_SOURCE=2 \
-c \
-x c \
-
bionic/libc/include/stdio.h:360:13: error: '__size_mul_overflow' is
static but used in inline function 'fread' which is not static [-Werror]
if (__size_mul_overflow(size, count, &total)) {
^
C99 - 6.7.4
"An inline definition of a function with external linkage shall not contain
a definition of a modifiable object with static storage duration, and shall
not contain a reference to an identifier with internal linkage."
As standard does not require compiler to determine when it is safe to
reference an internal function in an external inline function, but instead
delegalizes such reference as a whole, gcc throws a warning for such code
under C99 compilation. Warning produced by libc header is inhereted widely
and strips the option of using -Werror to track code sanity.
Replace static inline specifier with gnu89 extern inline. Latter "is used
only for inlining. In no case is the function compiled on its own", which
is slightly different from former semantically, but should produce the same
result here.
Change-Id: I6a3374498e5499d110e54468cf9d0d67d2debbe2
Included in this change:
- Change the tag when a pointer is freed so it's easy to detect if
an already freed pointer is being used.
- Move the free backtrace out of the header. This backtrace is only
used under only some circumstances, so no need to allocate space
in all headers for it.
- Add new option free_track_backtrace_num_frames to specify how many
frames to record when the free occurs. This removes the dependency
on the backtrace option to get backtraces.
Bug: 26739265
Change-Id: I76f5209507dcf46af67ada162a7cb2bf282116f2
This was a regression since kati has been introduced. Without
this, touching libc/arch-common/bionic/__dso_handle.h doesn't
let ninja rebuild object files.
Bug: 26839129
Change-Id: Ie9ef4559c0d1ff0910a4d250ea36938b291d15db
This file should have been deleted with the malloc debug rewrite, but
popped back into existence due to a merge conflict.
Change-Id: I74e53daaf3febf650b20e3da5329558ac84c5bcd
This also lets us test the EOVERFLOW behavior, which pointed out that the
fgetpos/fsetpos return on failure has always been wrong...
Bug: http://b/24807045
Change-Id: I35273eb07c8c9155af858adb27569983397580b6
If snprintf() is called from the linker, it may erroneously return a
null string. The libc internal __libc_format_buffer() does not have
this problem, so it is now used instead.
Bug: 26756577
Change-Id: I37a97e27f59b3c0a087f54a6603cc3aff7f07522
This has been requested a few times over the years. This is basically
a very late rebase of https://android-review.googlesource.com/45470
which was abandoned years ago. One addition is that this version has
_FILE_OFFSET_BITS=64 support.
POSIX puts this in <unistd.h>. glibc also has it in <fcntl.h>.
Bug: http://b/13077650
Change-Id: I5862b1dc326e326c01ad92438ecc1578d19ba739
Broke the build. There's no such file as bionic_sdk_version.h anywhere in the tree.
This reverts commit 892b61d340.
Change-Id: Iec3f4588edfb1d1524bb5f16451fd05dc6ebe44a
Gcc doesn't like the brace object initialization, so make all of
the Feature objects explicit.
Also, no arguments to the error_log macros make gcc unhappy, so add
an option to turn these into warnings. These will be fixed when we
add the explicit _error and _warn log functions.
Change-Id: I35af834dabb5548923e893dd980a751fdebfa13a
Posix standards says sem_wait is interruptible by the delivery
of a signal. To keep compatiblity with old apps, only fix that
in newer sdk versions.
Bug: 26743454
Change-Id: I924cbb436658e3e0f397c922d866ece99b8241a3
The major components of the rewrite:
- Completely remove the qemu shared library code. Nobody was using it
and it appears to have broken at some point.
- Adds the ability to enable/disable different options independently.
- Adds a new option that can enable the backtrace on alloc/free when
a process gets a specific signal.
- Adds a new way to enable malloc debug. If a special property is
set, and the process has an environment variable set, then debug
malloc will be enabled. This allows something that might be
a derivative of app_process to be started with an environment variable
being enabled.
- get_malloc_leak_info() used to return one element for each pointer that
had the exact same backtrace. The new version returns information for
every one of the pointers with same backtrace. It turns out ddms already
automatically coalesces these, so the old method simply hid the fact
that there where multiple pointers with the same amount of backtrace.
- Moved all of the malloc debug specific code into the library.
Nothing related to the malloc debug data structures remains in libc.
- Removed the calls to the debug malloc cleanup routine. Instead, I
added an atexit call with the debug malloc cleanup routine. This gets
around most problems related to the timing of doing the cleanup.
The new properties and environment variables:
libc.debug.malloc.options
Set by option name (such as "backtrace"). Setting this to a bad value
will cause a usage statement to be printed to the log.
libc.debug.malloc.program
Same as before. If this is set, then only the program named will
be launched with malloc debug enabled. This is not a complete match,
but if any part of the property is in the program name, malloc debug is
enabled.
libc.debug.malloc.env_enabled
If set, then malloc debug is only enabled if the running process has the
environment variable LIBC_DEBUG_MALLOC_ENABLE set.
Bug: 19145921
Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
Move fdopen/fopen/freopen and change them to initialize _seek64 instead
of the legacy _seek. The in-memory streams can stick with _seek for now,
since you're not going to fit a > 4GiB in-memory stream on a 32-bit device
anyway.
Bug: http://b/24807045
Change-Id: I09dcb426817b571415ce24d4d15f364cdda395b3
The first rule of stdio is you never change struct FILE. This broke all
NDK-built apps that used stdin/stdout/stderr. (Which is more than you
might think, given that those streams don't go anywhere useful. Svelte!)
I've added a big code comment because I knew when I removed the field that
doing so was a mistake, but I couldn't think why.
Bug: http://b/24807045
Bug: http://b/26747402
Change-Id: Ie1233586b223bb1cdf8e354c66d5ff23487a833a
BSD doesn't invalidate the fd stored in struct FILE, which can make
it possible (via fileno(3), for example), to perform operations on
an fd you didn't intend to (rather than just failing with EBADF).
Fixing this makes the code slightly simpler anyway, and might help
catch bad code before it ships.
Bug: http://stackoverflow.com/questions/10816837/fclose-works-differently-on-android-and-linux
Change-Id: I9db74584038229499197a2695c70b58ed0372a87
* Default to clang when USE_CLANG_PLATFORM_BUILD is not set
and the target has no clang bug.
BUG: 26102335
Change-Id: Ied6c9dc5593bfbadbb8d8b38e66ea237d649bae5
This is just a subset of the recently-implemented getifaddrs(3), though if
we want to handle interfaces (such as "rmnet_*") that don't have an address,
we need to either expose ifaddrs_storage and keep track of which interfaces
we've already seen (which is pretty messy), or refactor the netlink code so
we can reuse it and just extract the information we need for if_nameindex(3).
This patch goes the latter route.
Also clean up if_nametoindex(3) and if_indextoname(3).
Change-Id: I5ffc5df0bab62286cdda2e7af06f032c767119a8
This moves the Android.bp file to use wildcards in the same places that
they're using in the Android.mk file. It also fixes a file that was in a
different order.
Make and Soong still produce binaries with object files in different
orders, but that's due to Make reordering the object files based on
compile type. Soong keeps the original specified order. It's not
possible to emulate the reordered files in the Android.bp, since the
arch-specific files won't interleave properly.
Change-Id: I9052b3ed7c523c13df5cbe606f913c32c88c7c5f
1. The definitions were wrong.
2. The definitions were inline functions.
3. The definitions were polluting the namespace even for code that doesn't
want BSD cruft.
Note that everybody will still get these by default, because you still get
all the BSD stuff by default.
Bug: http://b/12706131
Change-Id: I062ecd09feef7a6e8ba1922d465b96a9c4bf4f4e
Building with USE_SOONG=true will build with an Android.bp file if it is
present in the directory, otherwise an Android.mk file. Only a few of
the bionic directories compile with soong, so include all of them from
the top level Android.mk file and remove the top level Android.bp file.
Individual subdirectories with Android.bp files will use soong with
USE_SOONG=true.
Change-Id: Idf8d7977ea4668fa646be25b543bf9d3773de615
Also fix a bug where we were mutating the address/broadcast address
of an existing entry rather than the new entry, and use 'const' to
ensure we don't make that mistake again.
Change-Id: I31c127a5d21879b52c85cd0f7ed2e66554a21e39
We had these symbols incorrectly versioned as LIBC_PRIVATE
in M release. This change moves __aeabi* symbols from LIBC
to LIBC_N and adds __gnu_Unwind_Find_exidx to the list
Bug: https://github.com/android-ndk/ndk/issues/1
Change-Id: I0b353012adeacb00ae29ea10c63b9d1cf1cadbe7
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.
Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
It'll take me a while to refactor things cleanly, but if we just want
something that boots for testing...
Bug: http://b/26276517
Change-Id: I24729d3dc546e36e0eff383f0d1d05c3aa1f2e0b
bzero is hashdefined to memset in strings.h and it
was removed from POSIX 2008.
Bug: http://b/26407170
Change-Id: Ia6d54f0e314dc7f5f3fbad0e9b00344f49f77d43
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.
See e7a9e52740/init/property_service.cpp
line 120-126
For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
build.fingerprint u:object_r:fingerprint_prop:s0
However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0
Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.
Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
Correct the comment, and remove the unused functionality. getauxval(3) does
now set errno to let you know it failed to find anything, but since none of
this function's callers care anyway it seems safer to leave errno untouched
until we actually have a demonstrated need for it.
Bug: https://code.google.com/p/android/issues/detail?id=198111
Change-Id: I232a42dc5a02c8faab94c7d69bef610408276c23
The following arm symbols should be exported by libc.so:
__aeabi_atexit; # arm
__aeabi_memclr; # arm
__aeabi_memclr4; # arm
__aeabi_memclr8; # arm
__aeabi_memcpy; # arm
__aeabi_memcpy4; # arm
__aeabi_memcpy8; # arm
__aeabi_memmove; # arm
__aeabi_memmove4; # arm
__aeabi_memmove8; # arm
__aeabi_memset; # arm
__aeabi_memset4; # arm
__aeabi_memset8; # arm
Bug: https://github.com/android-ndk/ndk/issues/1
Change-Id: I542d1ad023b8aece5dc05a28a9ca549cb51455b4
This reverts commit 76814a8250.
This differs from the original in fixing the GCC -Werror build:
bionic/libc/bionic/ifaddrs.cpp: In function 'void __handle_netlink_response(ifaddrs**, nlmsghdr*)':
bionic/libc/bionic/ifaddrs.cpp:113:62: error: use of old-style cast [-Werror=old-style-cast]
ifinfomsg* ifi = reinterpret_cast<ifinfomsg*>(NLMSG_DATA(hdr));
This appears to be a GCC bug; the GCC command-line correctly uses -isystem,
and manually adding #pragma GCC system_header doesn't help. So just turn the
warning off for GCC for now. We won't need to worry about building with GCC
soon anyway.
Bug: http://b/26238832
Change-Id: I01615bd335edf11baf487b1c83a9157cd780f4a1
Shared namespaces clone the list of loaded native
libraries from the caller namespace. This allows
classloaders for bundled apps to share already loaded
libraries with default namespace.
Bug: http://b/22548808
Bug: http://b/26165097
Change-Id: I8949d45937fdb38e1f586ff0679003adac0d9dad
(cherry picked from commit e78deef364)
The BIONIC_ROUND_UP_POWER_OF_2 macro did not have parentheses around
the whole expression. This lead to the wrong value being computed when
used as part of a mathematical expression such as this:
value = BIONIC_ROUND_UP_POWER_OF_2(value) - 1;
This only happens on 64 bit abis.
Change-Id: I6f8afbdaf16fe64a88fa0246d074b3534c9159c1
It actually means "crash immediately". Well, it's an error. And callers are
much more likely to realize their mistake if we crash immediately rather
than return EINVAL. Historically, glibc has crashed and bionic -- before
the recent changes -- returned EINVAL, so this is a behavior change.
Change-Id: I0c2373a6703b20b8a97aacc1e66368a5885e8c51
Under some circumstances, doing a calloc will make sure that the memory
returned will be zero up to the size of the requested size. However, if
there is more usable size than the requested size, that extra part
of the allocation will not be zeroed. This change fixes it so that the
entire usable memory is always zeroed.
Change-Id: I8a66d6767c074023c4ba3568bf2705e1886740fc
This change removes endpwent, dlmalloc_inspect_all, dlmalloc_trim
from lp64 libc.so. It also removed necessety of having brillo
version scripts for lp64 platforms.
Bug: http://b/26164862
Change-Id: I4e9b38907bb1dc410f0eb6d2f5d5944fe713da51
Brillo doesn't use the ndk cruft, so we need
separate set of version scripts. Added new "nobrillo"
tag to mark such symbols in *.map.txt files.
Bug: http://b/26164862
Change-Id: Iaee1b7119f75b68c2971679fc32817e6df29fd94
Brillo doesn't use the ndk cruft, so the same version scripts do not
apply. Until we have brillo-specific version scripts, just disable the
version script check.
Bug: 26164862
Change-Id: I682860ec1c5b36014c7a6cf24da43df553e9dc9f
Treat subsequent calls to __system_properties_init() as a
reinitialization of system properties and revoke access to prop files
that have been previously mapped but that the process's current context
does not have access to. Additionally reset the no_access_ flag in
case permissions have loosened and previously unaccessible files can now
be accessed.
This is meant to work around an issue that setcon() does not revoke
mmap() mappings, so we must manually revoke them after a successful
setcon() call.
Bug 26114086
Change-Id: I4d690abb6817283ca64ac26ea4c1dad398a98fbc
Currently, if the debug.atrace.tags.enableflags property is not found,
it is set to a safe value such that a pointer to this property can be
stored for later access. This may result in selinux denials because not
all processes write permissions for this property or permission to
connect to the property write socket at all.
Change I6d953c0c281fd72ad3eba8a479fd258023579b5b writes this property to
a safe value upon boot, which greatly decreases the cases in which this
property will not be accessible and removes the need to write it here.
This commit removes this write.
Bug 26115803
Change-Id: Ief72c5f731d3a1231b5080eb531fa0a491a8b1d1
The permitted_when_isolated_path is a way to white-list
directories not present in search-path. It is ignored for
not isolated namespaces.
Bug: http://b/25853516
Bug: http://b/22548808
Change-Id: Ib1538037268eea69323ea49968a34a4a1d1938a5
We need to ensure %gs:20 is set up early enough for -fstack-protector-strong
on x86, and that __set_tls doesn't get stack protector checks because it's a
prerequisite for them. x86 devices/emulators won't boot without this.
Bug: http://b/26073874
Change-Id: Icf0d34294648cc0c8cb406a3617befe0d45c525a
POSIX defined bcopy to handle overlapping memory akin to memmove and
bionic appears to have always done so.
Change-Id: I2599113411e3532913270ba1c1b49e35cbc5f106
Previously only clang was happy. GCC said:
error: missing initializer for field 'wcio_mbstate_in' of 'struct wchar_io_data'
Change-Id: I25a11b64f4dfa22a5dd5daded152191fe2cfacaf
This reverts commit c8bae05f3f.
We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.
This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.
This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.
Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
This reverts commit 4371961e00.
This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).
Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
Primarily a debug feature that can be switched at runtime to permit
developer to have the option of high-resolution Android logs with
either CLOCK_REALTIME (default) or CLOCK_MONOTONIC to correlate with
other system activities like kernel logs or systrace.
Bug: 23668800
Change-Id: Ib29024899540f51a72cad5dde25517a7134d68f7
If a __system_property* function is called before
__system_properties_init() then the app will will abort. This commit
returns either an error code or a safe return value instead.
Bug 26027140
Change-Id: I95ffd143e9563658ab67a397991e84fb4c46ab77
Several parts in pthread_internal_t should be initialized
to zero, like tls, key_data and thread_local_dtors. So
just clear the whole pthread_internal_t is more convenient.
Bug: 25990348
Change-Id: Ibb6d1200ea5e6e1afbc77971f179197e8239f6ea
The purpose of this change is to add read access control to the property
space.
In the current design, a process either has access to the single
/dev/__properties__ file and therefore all properties that it contains
or it has access to no properties. This change separates properties
into multiple property files based on their selabel, which allows
creation of sepolicies that allow read access of only specific sets of
properties to specific domains.
Bug 21852512
Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
Previously we call __sinit() lazily. But it is likely to cause data
races like in https://android-review.googlesource.com/#/c/183237/. So
we prefer to call __sinit() explicitly at libc initialization.
Bug: 25392375
Change-Id: I181ea7a4b2e4c7350b45f2e6c86886ea023e80b8
Currently we use __thread variable to store thread_local_dtors,
which makes tsan test fork_atexit.cc hang. The problem is as below:
The main thread creates a worker thread, the worker thread calls
pthread_exit() -> __cxa_thread_finalize() -> __emutls_get_address()
-> pthread_once(emutls_init) -> emutls_init().
Then the main thread calls fork(), the child process cals
exit() -> __cxa_thread_finalize() -> __emutls_get_address()
-> pthread_once(emutls_init).
So the child process is waiting for pthread_once(emutls_init)
to finish which will never occur.
It might be the test's fault because POSIX standard says if a
multi-threaded process calls fork(), the new process may only
execute async-signal-safe operations until exec functions are
called. And exit() is not async-signal-safe. But we can make
bionic more reliable by not using __thread in
__cxa_thread_finalize().
Bug: 25392375
Change-Id: Ife403dd7379dad8ddf1859c348c1c0adea07afb3
After ToolchainCflags were added to soong crt no longer needs to try to
recreate the bare minimum cflags for compiling for each architecture.
Also always use GCC to match crt.mk
Change-Id: I01a833ab70d989033c84f072e3660d060189688c
The anonymous namespace is introduced to
handle cases when linker can not find the
caller. This usually happens when caller
code was not loaded by dynamic linker;
for example mono-generated code.
Bug: http://b/25844435
Bug: http://b/22548808
Change-Id: I9e5b1d23c1c75bc78548d68e79216a6a943a33cf
Use blueprint's new anonymous embedded struct feature to move the arch
variant properties down a level, replacing arch.cortex_a9.srcs with
arch.arm.cortex_a9.srcs, while still supporting top-level properties
like arch.arm.srcs.
Change-Id: Ib41c80e3549440d5efdfd293a15cffa3f51a0fe4
It is reported by tsan that funlockfile() can unlock an unlocked mutex.
It happens when printf() is called before fopen() or other stdio stuff.
As FLOCKFILE(fp) is called before __sinit(), _stdio_handles_locking is false,
and _FLOCK(fp) will not be locked. But then cantwrite(fp) in __vfprintf()
calls__sinit(), which makes _stdio_handles_locking become true, and
FUNLOCKFILE(fp) unlocks _FLOCK(fp).
Change _stdio_handles_locking into _caller_handles_locking,
so __sinit() won't change its value. Add test due to my previous fault.
Bug: 25392375
Change-Id: I483e3c3cdb28da65e62f1fd9615bf58c5403b4dd
* Many processes, including adbd, failed to start in mips/mips64
emulator when libc.so was compiled by clang.
BUG: 25291096
Change-Id: If3434ebdca4a3a6bf6102b120ee838a7ab66cd74
Currently is_private_anonymous is calculated as true if _either_
MAP_PRIVATE or MAP_ANONYMOUS is set, which is a mistake.
According to Documentation/vm/ksm.txt, "KSM only merges anonymous
(private) pages, never pagecache (file) pages". MAP_PRIVATE can
still be set on file cache pages so in order to not redundantly
set MADV_MERGEABLE on pages that are not fitted for it, both
MAP_PRIVATE and MAP_ANONYMOUS should be set.
Along with this fix, add an extra check that the mapped page is
not a stack page before setting MADV_MERGEABLE for it. Stack pages
change too quickly and always end up in KSM 'page_volatile' list.
Change-Id: If4954142852f17cc61f02985ea1cb625a7f3dec6
If tsan is used, the following callchain can happen:
__libc_preinit() -> __libc_init_globals() ->
__libc_init_vdso() -> strcmp() -> __tsan_init()
-> sysconf(_SC_PAGE_SIZE) -> getauxval().
But __libc_auxv is initialized in __libc_init_common(),
after __libc_init_globals(). One simple way to fix
this is to initialize __libc_auxv at __libc_init_globals().
Bug: 25392375
Change-Id: I3893b1f567d5f3b7a8c881c0c1b8234b06b7751b
This removes another way to obtain objects larger than PTRDIFF_MAX. The
only known remaining hole is now jemalloc's merging of virtual memory
spans.
Technically this could be wrapped in an __LP64__ ifndef since it can't
occur on 64-bit due to the 1:1 split. It doesn't really matter either
way.
Change-Id: Iab2af242b775bc98a59421994d87aca0433215bd
In order to run tsan unit tests, we need to support pthread spin APIs.
Bug: 18623621
Bug: 25392375
Change-Id: Icbb4a74e72e467824b3715982a01600031868e29
If calling pthread_mutex_trylock from pthread_mutex_destroy, tsan
warns about an attempt to destroy a locked mutex.
Bug: 25392375
Change-Id: I5feee20e7a0d0915adad24da874ec1ccce241381
We should fall back to GMT if neither the environment variable nor the
system property is set. This is the case if you wipe a WiFi-only device,
because we currently only take the time zone from cell networks.
Bug: http://b/24773112
Change-Id: I90d236d4d492b6562d75021bd312030b91c1e298
