Use the new __bionic_name_mem function to name malloc'd memory as
"libc_malloc" on kernels that support it.
Change-Id: I7235eae6918fa107010039b9ab8b7cb362212272
Only works on some kernels, and only on page-aligned regions of
anonymous memory. It will show up in /proc/pid/maps as
[anon:<name>] and in /proc/pid/smaps as Name: <name>
Change-Id: If31667cf45ff41cc2a79a140ff68707526def80e
This change creates assembler versions of __memcpy_chk/__memset_chk
that is implemented in the memcpy/memset assembler code. This change
avoids an extra call to memcpy/memset, instead allowing a simple fall
through to occur from the chk code into the body of the real
implementation.
Testing:
- Ran the libc_test on __memcpy_chk/__memset_chk on all nexus devices.
- Wrote a small test executable that has three calls to __memcpy_chk and
three calls to __memset_chk. First call dest_len is length + 1. Second
call dest_len is length. Third call dest_len is length - 1.
Verified that the first two calls pass, and the third fails. Examined
the logcat output on all nexus devices to verify that the fortify
error message was sent properly.
- I benchmarked the new __memcpy_chk and __memset_chk on all systems. For
__memcpy_chk and large copies, the savings is relatively small (about 1%).
For small copies, the savings is large on cortex-a15/krait devices
(between 5% to 30%).
For cortex-a9 and small copies, the speed up is present, but relatively
small (about 3% to 5%).
For __memset_chk and large copies, the savings is also small (about 1%).
However, all processors show larger speed-ups on small copies (about 30% to
100%).
Bug: 9293744
Change-Id: I8926d59fe2673e36e8a27629e02a7b7059ebbc98
Also make sysconf use PTHREAD_STACK_MIN rather than redefining its
own, different, constant.
Bug: 9997352
Change-Id: I9a8e7d2b18e691439abfb45533e82c36eee9e81d
off_t is signed to support seeking backwards, but that's a liability
when using off_t to represent a subset of a file.
Change-Id: I2a3615166eb16212347eb47f1242e3bfb93c2022
Restoring DEFAULT_MMAP_THRESHOLD to 64k, the way it was before
999089181e.
This forces allocations in the 64k-256k range to be mmaped.
Change-Id: Iace55ed638edd272b3e94fa6cd2ddd349042be84
Signed-off-by: Rom Lemarchand <romlem@google.com>
This reverts commits eb1b07469f and
d14dc3b87f, and fixes the bug where
we were calling mmap (which might cause errno to be set) before
__set_tls (which is required to implement errno).
Bug: 8557703
Change-Id: I2c36d00240c56e156e1bb430d8c22a73a068b70c
We notify debuggerd of problems by installing signal handlers. That's
fine except for when the signal is caused by us running off the end of
a thread's stack and into the guard page.
Bug: 8557703
Change-Id: I1ef65b4bb3bbca7e9a9743056177094921e60ed3
pthread_getattr_np was reporting the values supplied to us, not the values we
actually used, which is kinda the whole point of pthread_getattr_np.
pthread_attr_setguardsize and pthread_attr_setstacksize were reporting EINVAL
for any size that wasn't a multiple of the system page size. This is
unnecessary. We can just round like POSIX suggests and glibc already does.
Also improve the error reporting for pthread_create failures.
Change-Id: I7ebc518628a8a1161ec72e111def911d500bba71
Allow a new bionic to work with an old init property area by supporting
the old format.
(cherry picked from commit ad76c85b9c)
Change-Id: Ib496e818a62a5834d40c71eb4745783d998be893
On the reader size, don't assume that the property size is PA_SIZE,
read it from the size of the file. Allows init to use a different
property size without recompiling statically linked executables.
(cherry picked from commit 285b42a04c)
Change-Id: I074204e9e6591b35faf7c1c58fb11ec162aff7bf
Kernel provides virtual DSO for stack unwinding/exception handlind info for
signal usage case. Stack unwinding routines use 'dl_iterate_phdr' function
for additional DWARF info gathering from DSOs. Patch enables virtual DSO
enumeration via dl_iterate_phdr function.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ic2882b28f40b456a088bc1e63c50cbfda7e4a102
Names are immutable, so the fixed-sized arrays can be replaced with
variable-length ones to save memory (especially on internal tree nodes).
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 492ce95d9f)
Change-Id: Ib074192d1b71150233d78c58e9ffcf7ecf688b6b
If a root process other than init calls __system_property_add, which
it should never do, it will break the design assumption that there is
only one mutator.
Pass O_EXCL to open() in map_prop_region_rw to ensure that only one
process ever has the property pages open for write.
(cherry picked from commit fb9b7b436f)
Change-Id: I6df3afedbfb5d07891b095aa24b78278381a5aaf
d329697 is too complicated. Change the multiple property pages back to
a single 128K property area that's mapped in entirely at initialization
(the memory will not get allocated until the pages are touched).
d329697 has other changes useful for testing (moving property area
initialization inside bionic and adding __system_property_set_filename)
so undo the change manually rather than with git revert.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 5f05348c18)
Change-Id: I690704552afc07a4dd410277893ca9c40bc13e5f
See the comments for an explanation of how properties are stored.
The trie structure is designed to scale better than the previous
array-based implementation. Searching an array with n properties
required average O(n) string compares of the entire key; searching the
trie requires average O(log n) string compares of each token (substrings
between '.' characters).
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 6ac8e6a46d)
Change-Id: Icbe31908572f33b4d9b85d5b62ac837cbd0f85e0
1) Reading the value must finish before checking whether it's intact
2) Setting the serial's dirty bit must visible before modifying the
value
3) The modified value must be visible before clearing the serial's dirty
bit
4) New properties and their TOC entries must be visible before updating
the property count
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 5bfa3ee8b3)
Change-Id: Id3fa45261fc2df2ae493ab5194bc2b6bff04e966
The property area is initially one 4K region, automatically expanding as
needed up to 64 regions.
To avoid duplicating code, __system_property_area_init() now allocates
and initializes the first region (previously it was allocated in init's
init_property_area() and initialized in bionic). For testing purposes,
__system_property_set_filename() may be used to override the file used
to map in regions.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit d32969701b)
Change-Id: I038d451fe8849b0c4863663eec6f57f6521bf4a7
Avoid keeping unnecessary file descriptors around when they're not
needed. Libc doesn't log so much that opening / closing overhead
matters.
Change-Id: I590ec5c27562db9bac025f781c48ec9a7724ce77
find_nth() will be inefficient on a trie. Since find_nth() is only used
internally and only for enumerating properties, we can add a foreach()
function to do this directly.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 577418403d)
Change-Id: Iaca97d1182ce2c28863ba85241cbb5cf6185eb2f
Move the implementation of writing to the system property area
from init to bionic, next to the reader implementation. This
will allow full property testing to be added to bionic tests.
Add new accessor and waiting functions to hide the implementation
from watchprops and various bionic users.
Also hide some of the implementation details of the property area
from init by moving them into _system_properties.h, and other details
from everybody by moving them into system_properties.h.
(cherry picked from commit dc1038b790)
Change-Id: I192d3825ee276c5047bc751039fe6cfe226a7cca
Removed 'join_count' from pthread_internal_t and switched to using the flag
PTHREAD_ATTR_FLAG_JOINED to indicate if a thread is being joined. Combined with
a switch to a while loop in pthread_join, this fixes spurious wake-ups but
prevents a thread from being joined multiple times. This is fine for
two reasons:
1) The pthread_join specification allows for undefined behavior when multiple
threads try to join a single thread.
2) There is no thread safe way to allow multiple threads to join a single
thread with the pthread interface. The second thread calling pthread_join
could be pre-empted until the thread is destroyed and its handle reused for
a different thread. Therefore multi-join is always an error.
Bug: https://code.google.com/p/android/issues/detail?id=52255
Change-Id: I8b6784d47620ffdcdbfb14524e7402e21d46c5f7
* A dlmalloc usage error shouldn't call abort(3) because we want to
cause a SIGSEGV by writing the address dlmalloc didn't like to an
address the kernel won't like, so that debuggerd will dump the
memory around the address that upset dlmalloc.
* Switch to the simpler FreeBSD/NetBSD style of registering stdio
cleanup. Hopefully this will let us simplify more of the stdio
implementation.
* Clear the stdio cleanup handler before we abort because of a dlmalloc
corruption error. This fixes the reported bug, where we'd hang inside
dlmalloc because the stdio cleanup reentered dlmalloc.
Bug: 9301265
Change-Id: Ief31b389455d6876e5a68f0f5429567d37277dbc
- Implemented chk_memalign.
- Fixed a few bugs in leak_memalign.
- Implemented {leak,fill,check,qemu}_malloc_usable_size.
- Make malloc_usable_size update at run time.
- Add malloc_test.cpp as a small set of tests for the
malloc debug routines.
- Fix the qemu routines since it's been broken since it moved to C++.
- Add support for the %u format to the out_vformat in libc_logging.cpp.
This is used by the emulator code.
Tested using the bionic-unit-tests with setprop libc.debug.malloc
set to 1, 5, and 10.
I tested as much as possible on the emulator, but tracing doesn't appear
to be working properly.
Bug: 6143477
Merge change from internal master.
(cherry-picked from commit 3d594c2580)
Change-Id: I4ae00fffba82315a8c283f35893fd554460722fb
__strcat_chk and __strncat_chk are slightly inefficient,
because they end up traversing over the same memory region
two times.
This change optimizes __strcat_chk / __strncat_chk so they
only access the memory once. Although I haven't benchmarked these
changes, it should improve the performance of these functions.
__strlen_chk - expose this function, even if -D_FORTIFY_SOURCE
isn't defined. This is needed to compile libc itself without
-D_FORTIFY_SOURCE.
Change-Id: Id2c70dff55a276b47c59db27a03734d659f84b74
The function should take a 'const void*' parameter, instead of 'void*'.
Note that the implementation in upstream-dlmalloc/malloc.c already does
this.
For context, see http://b.android.com/55725
Change-Id: Iefd55cdb8996699189e0545f9195972490306227
This adds __libc_fatal, cleans up the internal logging code a bit more,
and switches suitable callers over to __libc_fatal. In addition to logging,
__libc_fatal stashes the message somewhere that the debuggerd signal handler
can find it before calling abort.
In the debuggerd signal handler, we pass this address to debuggerd so that
it can come back with ptrace to read the message and present it to the user.
Bug: 8531731
Change-Id: I416ec1da38a8a1b0d0a582ccd7c8aaa681ed4a29
- eventfd.cpp and eventfd.s will output to the same file when building libc.a
out/target/product/*/obj/STATIC_LIBRARIES/libc_intermediates/WHOLE/libc_common_objs/eventfd.o
- And then `eventfd` will undefined when statically linked to libc.
Also add a unit test.
Change-Id: Ib310ade3256712ca617a90539e8eb07459c98505
pthread_create returns EAGAIN when it can't allocate a pthread_internal_t,
when it can't allocate a stack for the new thread, or when clone(2) fails
because there are too many threads. It's useful to be able to know why your
pthread_create just failed, so add some logging.
Bug: 8470684
Change-Id: I1bb4497d4f7528eacce0db35c2014771cba64569
For some reason, socketcalls.c was only being compiled for ARM, where
it makes no sense. For x86 we generate stubs for the socket functions
that use __NR_socketcall directly.
Change-Id: I84181e6183fae2314ae3ed862276eba82ad21e8e
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.
Also use O_CLOEXEC when opening the /dev/log files.
Move everything logging-related into one header file.
Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
This is actually a slightly newer upstream version than the one I
originally pulled. Hopefully now it's in upstream-freebsd it will
be easier to track upstream, though I still need to sit down and
write the necessary scripts at some point.
Bug: 5110679
Change-Id: I87e563f0f95aa8e68b45578e2a8f448bbf827a33
The old scandir implementation didn't take into account the varying
size of directory entries, and didn't correctly clean up on its
error exits.
Bug: 7339844
Change-Id: Ib40e3564709752241a3119a496cbb2192e3f9abe
We could special-case raise(3) in non-threaded programs, but the more
conservative course is to make pthread_kill(3) work in signal handlers
at the cost of a race shared by other C libraries.
Change-Id: I59fb23d03bdabf403435e731704b33acdf3e0234
imgtec pointed out that pthread_kill(3) was broken, but most of the
other functions that ought to return ESRCH for invalid/exited threads
were equally broken.
Change-Id: I96347f6195549aee0c72dc39063e6c5d06d2e01f
Fix the pthread_setname_np test to take into account that emulator kernels are
so old that they don't support setting the name of other threads.
The CLONE_DETACHED thread is obsolete since 2.5 kernels.
Rename kernel_id to tid.
Fix the signature of __pthread_clone.
Clean up the clone and pthread_setname_np implementations slightly.
Change-Id: I16c2ff8845b67530544bbda9aa6618058603066d
bionic/libc/bionic/ssp.cpp:41:31: warning: converting to non-pointer type 'uintptr_t {aka unsigned int}' from NULL [-Wconversion-null]
Change-Id: Id154ed4a99520cca64ffd3dbe4d743db6e2da28a
This reverts commit 6f94de3ca4
(Doesn't try to increase the number of TLS slots; that leads to
an inability to boot. Adds more tests.)
Change-Id: Ia7d25ba3995219ed6e686463dbba80c95cc831ca
POSIX says pthread_create returns EAGAIN, not ENOMEM.
Also pull pthread_attr_t functions into their own file.
Also pull pthread_setname_np into its own file.
Also remove unnecessary #includes from pthread_key.cpp.
Also account for those pthread keys used internally by bionic,
so they don't count against the number of keys available to user
code. (They do with glibc, but glibc's limit is the much more
generous 1024.)
Also factor out the common errno-restoring idiom to reduce gotos.
Bug: 6702535
Change-Id: I555e66efffcf2c1b5a2873569e91489156efca42
This was originally motivated by noticing that we were setting the
wrong bits for the well-known tls entries. That was a harmless bug
because none of the well-known tls entries has a destructor, but
it's best not to leave land mines lying around.
Also add some missing POSIX constants, a new test, and fix
pthread_key_create's return value when we hit the limit.
Change-Id: Ife26ea2f4b40865308e8410ec803b20bcc3e0ed1
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
Otherwise people trying to use this are left wondering "did I not leak, or did
the leak checking code not get called when I exited?".
Change-Id: If79b225f8a2e24dd69aba1fb836bf9e81bb00efe
Previously, we'd collect every stack frame and then throw some away
when we came to log them. This meant that stack traces were effectively
shorter than the buffers that had been allocated for them. This patch
only stores frames we'll actually output.
Also dynamically call the C++ demangler so we don't have to try to
read mangled names. Because no one knows the mangling of operator new[]
for int arrays off the top of their head.
Bug: 7291287
Change-Id: I42b022fd7cd61675d05171de4c3b2704d058ef2a
Include the leaky executable's name in the log output. Fix the "sh" test.
Use uintptr_t instead of intptr_t.
Also fix debug formatting of NULL with %s.
Bug: 7291287
Change-Id: I015bf341cd48d43a247173612e6ccb1bf1243d53
Check that the permissions on the properties file
are exactly as we expect them to be.
Make sure we close the fd if fstat fails.
Refactor the code slightly.
Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable. Fall back to the environment variable
if the file doesn't exist.
Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a
We don't know that they're not going to be cleaned up by a
C++ global destructor that runs after us. This is the case with
bootanimation, for example.
Bug: 7291287
Change-Id: Iba402514d1735fdc2ae4bc95b65396d816be46c0
When each shell leaks ~240 allocations, you can't see the leaks from
the program you ran with "adb shell".
Bug: 7291287
Change-Id: Ib8780db72ba0114ebdb24768537da74bbb61f354
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
The dynamic linker applies relro before the preinit and init
arrays are executed, so we should be consistent for statically
linked executables.
Change-Id: Ia0a49d0e981a6e8791f74eed00280edf576ba139
Add signalfd() call to bionic.
Adding the signalfd call was done in 3 steps:
- add signalfd4 system call (function name and syscall
number) to libc/SYSCALLS.TXT
- generate all necessary headers by calling
libc/tools/gensyscalls.py. This patch is adding
the generated files since the build system
does not call gensyscalls.py.
- create the signalfd wrapper in signalfd.cpp and add
the function prototype to sys/signalfd.h
(cherry-pick of 0c11611c11, modified to
work with older versions of GCC still in use on some branches.)
Change-Id: I4c6c3f12199559af8be63f93a5336851b7e63355
raise() should use pthread_kill() in a pthreads environment.
For bionic this means it should always be used.
Change-Id: Ic679272b664d2b8a7068b628fb83a9f7395c441f
In 9ec0f03a0d, we added dynamic
linker support for GNU_RELRO protections. These protections
make certain regions of memory read-only, helping protect certain
data structures from accidental or deliberate modifications.
This change adds GNU_RELRO support to STATIC executables. We can
determine if we're compiled with relro protections by examining
our own program headers, which is passed to us by the kernel
in the AT_PHDR and AT_PHNUM auxiliary vectors.
Parts of this code were stolen from the dynamic linker.
Change-Id: Ic17eb5f932218538ec25347ece314d4dc7549de1
...and don't pass a non-heap pointer to free(3), either.
This patch replaces the "node** prev" with the clearer "node* prev"
style and fixes the null pointer dereference in the old code. That's
not sufficient to fix the reporter's bug, though. The pthread_internal_t*
for the main thread isn't heap-allocated --- __libc_init_tls causes a
pointer to a statically-allocated pthread_internal_t to be added to
the thread list.
Bug: http://code.google.com/p/android/issues/detail?id=37410
Change-Id: I112b7f22782fc789d58f9c783f7b323bda8fb8b7
Most of these tests were in system/extras, but I've added more to cover other
cases explicitly mentioned by POSIX.
Change-Id: I5e8d77e4179028d77306935cceadbb505515dcde
pthread_no_op_detach_after_join test from bionic-unit-tests hangs
on x86 emulator. There is a race in the pthread_join, pthread_exit,
pthread_detach functions:
- pthread_join waits for the non-detached thread
- pthread_detach sets the detached flag on that thread
- the thread executes pthread_exit which just kills the now-detached
thread, without sending the join notification.
This patch improves the test so it fails on ARM too, and modifies
pthread_detach to behave more like glibc, not setting the detach state if
called on a thread that's already being joined (but not returning an error).
Change-Id: I87dc688221ce979ef5178753dd63d01ac0b108e6
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
The first NULL pointer check against `attr' suggests that `attr' can
be NULL. Then later `attr' is directly dereferenced, suggesting the
opposite.
if (attr == NULL) {
...
} else {
...
}
...
if (attr->stack_base == ...) { ... }
The public API pthread_create(3) allows NULL, and interprets it as "default".
Our implementation actually swaps in a pointer to the global default
pthread_attr_t, so we don't need any NULL checks in _init_thread. (The other
internal caller passes its own pthread_attr_t.)
Change-Id: I0a4e79b83f5989249556a07eed1f2887e96c915e
Signed-off-by: Xi Wang <xi.wang@gmail.com>
The declaration for alphasort() in <dirent.h> used the deprecated:
int alphasort(const void*, const void*);
while both Posix and GLibc use instead:
int alphasort(const struct dirent** a, const struct dirent** b);
See: http://pubs.opengroup.org/onlinepubs/9699919799/functions/alphasort.html
This patch does the following:
- Update the declaration to match Posix/GLibc
- Get rid of the upstream BSD code which isn't compatible with the new
signature.
- Implement a new trivial alphasort() with the right signature, and
ensure that it uses strcoll() instead of strcmp().
- Remove Bionic-specific #ifdef .. #else .. #endif block in
dirent_test.cpp which uses alphasort().
Even through strcoll() currently uses strcmp(), this does the right
thing in the case where we decide to update strcoll() to properly
implement locale-specific ordered comparison.
Change-Id: I4fd45604d8a940aaf2eb0ecd7d73e2f11c9bca96
Based on a pair of patches from Intel:
https://android-review.googlesource.com/#/c/43909/https://android-review.googlesource.com/#/c/44903/
For x86, this patch supports _both_ the global that ARM/MIPS use
and the per-thread TLS entry (%gs:20) that GCC uses by default. This
lets us support binaries built with any x86 toolchain (right now,
the NDK is emitting x86 code that uses the global).
I've also extended the original tests to cover ARM/MIPS too, and
be a little more thorough for x86.
Change-Id: I02f279a80c6b626aecad449771dec91df235ad01
Also separate out the C++ files so we can use -Werror on them. I'd
rather wait for LOCAL_CPPFLAGS to be in AOSP, but this also lets us
see which files still need to be sorted into one bucket or the other.
Change-Id: I6acc1f7c043935c70a3b089f705d218b9aaaba0a
I gave up trying to use the usual thread-local buffer idiom; calls to
calloc(3) and free(3) from any of the "dl" functions -- which live in
the dynamic linker -- end up resolving to the dynamic linker's stubs.
I tried to work around that, but was just making things more complicated.
This alternative costs us a well-known TLS slot (instead of the
dynamically-allocated TLS slot we'd have used otherwise, so no difference
there), plus an extra buffer inside every pthread_internal_t.
Bug: 5404023
Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
The tests for a NULL pointer and size 0 were the wrong way round.
From Intel's patch 9cae4f2ffc4778ed82be04711d8775a84092d4e2.
Change-Id: I118aff3358aa5f34126d74bfaa43f6e2f1a89055
Add unit tests for dlerror(3) in various situations. I think We're at least
as good as glibc now.
Also factor out the ScopedPthreadMutexLock and use it here too.
Bug: http://code.google.com/p/android/issues/detail?id=38398
Change-Id: I040938b4366ab836e3df46d1d8055b92f4ea6ed8
I'll need at least one more pass, because there's some upstream code
lurking in libc/bionic, but this is still a step in the right direction.
Change-Id: I55927315972da8327ae01c5240ed587db17e8462
For applications that share resources across users such as
forward-locked applications, print out their group name correctly.
Change-Id: I06ee0b67e4325cfa415ffd7a03e301700399a66d
Also fix problem with multi-user IDs that the home directory was
returned as "/data" instead of "/" unlike all the other uids.
Change-Id: I914d22052e5a86552989f8969b85aadbc748c65d
Several previous changes conspired to make a mess of the thread list
in static binaries. This was most obvious when trying to call
pthread_key_delete(3) on the main thread.
Bug: http://code.google.com/p/android/issues/detail?id=36893
Change-Id: I2a2f553114d8fb40533c481252b410c10656da2e
Expecting the memory in a forked child process to be sane wrt threading
is a bad idea. An example of a problem is when the parent process has
the malloc lock and a child process is forked. The malloc lock in the
child will appear locked by a thread that doesn't exist.
This change aims to make bionic more compatible with glibc by reseting
the malloc lock in the child forked process, as well as holding it
during the fork. This is a feature in dlmalloc 2.8.6 called
LOCK_AT_FORK. In general this feature isn't necessary as a forked
process will then exec. Some bad applications rely on being able to use
features like malloc before the exec and having multiple threads running
in the parent program. This isn't a problem with glibc and this patch
makes it not a problem for bionic.
Unfortunately for use in bionic, LOCK_AT_FORK has an issue as internally
it uses pthread_atfork that in bionic uses malloc. This leads to the
LOCK_AT_FORK initialization deadlocking with pthread_atfork's call to
malloc due to the malloc lock. This change moves the pthread_atfork logic
in LOCK_AT_FORK to be called without the malloc lock held.
Change-Id: Id68175a564a6abb936ee4488b44d9479f7311f69
None of the supported ARCHs actually populate these sections,
so there is no point in keeping them in the binaries.
Change-Id: I21a364f510118ac1114e1b49c53ec8c895c6bc6b
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
Move dlmalloc code to upstream-dlmalloc to make pulling upstream changes
easier.
Declare pvalloc and malloc_usable_size routines present in malloc.h but with
missing implementations. Remove other functions from malloc.h that have
no implementation nor use in Android.
Change-Id: Ia6472ec6cbebc9ad1ef99f4669de9d33fcc2efb4
Save thread id to *thread_out before new
thread is allowed to run else there's a
risk that the thread has finished and
been deleted when *thread_out is assigned.
Change-Id: I6b84c61a8df06840877d4ab036f26feace3192d8
This header is used on bionic build and should be propagated into
sysroot on toolchain rebuild. Discussion re. this header is here:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg00936.html
It is available already in mips NDK platforms:
development/ndk/platforms/android-9/arch-mips/include/link.h
Change-Id: I39ff467cdac9f448e31c11ee3e14a6200e82ab57
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
In previous commit: 2fd81ef7, .mk file has been modified to
configure MALLOC_ALIGNMENT dynamicly according to board config.
Add the missing macor protection here.
Change-Id: I703cca2ce0504ab3e11aab226b2c61fcc0c6afa1
Author: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Add __bionic_clone function for x86, which will be
used for clone system call.
Change-Id: I889dc9bf4b7ebb4358476e17e6f3233e26491f4d
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 51414
Allow naming such as u1_system, u2_radio, u2_media.
Forward and reverse mapping for the above.
(cherry-pick of c60a0027b1ef3bc4929d2023e7083fbce12fafe7.)
Change-Id: I46eeb23fee4f57b2907640570504123d3ce99985
This allows debugging tools to know they are working with Android
binaries and adapt accordingly.
Signed-off-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Signed-off-by: Michael Hope <michael.hope@linaro.org>
Change-Id: Ic906992fcad61c028bb765821637a3e1333bf52b
In particular this affects assert(3) and __cxa_pure_virtual, both of
which have managed to confuse people this week by apparently aborting
without reason. (Because stderr goes nowhere, normally.)
Bug: 6852995
Bug: 6840813
Change-Id: I7f5d17d5ddda439e217b7932096702dc013b9142
RETRY macro may retry command if result is -1. In this
case the command was "connect < 0" instead of just
connect. The comparison will not return -1 and thus
retry is never done. This is now corrected so that
interrupts will cause retry instead of fail.
(There was no other negative side effect of the bug.
The result code from RETRY was used in an if-statement
and it would be true for all negative connect results.
This was according to expectations.)
Change-Id: Ie206b39878e9befea4e3be9a4061ee39eb232d80
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.
Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides
the same features as the original (poison freed memory, detect heap overruns
and underruns), except that it provides more debugging information whenever it
detects a problem.
In addition to the original features, the new chk_malloc() implementation
detects multiple frees within a given range of the last N allocations, N being
configurable via the system property libc.debug.malloc.backlog.
Finally, this patch keeps track of all outstanding memory allocations. On
program exit, we walk that list and report each outstanding allocation.
(There is support (not enabled) for a scanner thread periodically walks over
the list of outstanding allocations as well as the backlog of recently-freed
allocations, checking for heap-usage errors.)
Feature overview:
1) memory leaks
2) multiple frees
3) use after free
4) overrun
Implementation:
-- for each allocation, there is a:
1) stack trace at the time the allocation is made
2) if the memory is freed, there is also a stack trace at the point
3) a front and rear guard (fence)
4) the stack traces are kept together with the allocation
-- the following lists and maintained
1) all outstanding memory allocations
3) a backlog of allocations what are freed; when you call free(), instead of
actually freed, the allocation is moved to this backlog;
4) when the backlog of allocations gets full, the oldest entry gets evicted
from it; at that point, the allocation is checked for overruns or
use-after-free errors, and then actually freed.
5) when the program exits, the list of outstanding allocations and the
backlog are inspected for errors, then freed;
To use this, set the following system properties before running the process or
processes you want to inspect:
libc.malloc.debug.backlog # defaults to 100
libc.malloc.debug 10
When a problem is detected, you will see the following on logcat for a multiple
free:
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED!
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
The following for a heap overrun and underrun:
E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11)
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
The following for a memory leak:
E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS
E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING)
E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so
E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so
E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so
E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so
E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest
E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so
Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0
Signed-off-by: Iliyan Malchev <malchev@google.com>
libc.debug.malloc.program provides an additional level of control over which
processes to enable libc.debug.malloc functionality for. The string value of
libc.debug.malloc.program is matched against the program name; if the value of
libc.debug.malloc.program is a substring of the program name, then malloc debug
is applied to that program at whatever level libc.debug.malloc specifies.
If lib.debug.malloc.program is not specified, then libc.debug.malloc has the
same effect as before.
For example, to enable libc.deubug.malloc = 10 only to the mediaserver, do the
following:
adb root # necessary for setprop
adb setprop libc.debug.malloc.program mediaserver
adb setprop libc.debug.malloc 10
adb kill -9 $(pid mediaserver)
Change-Id: I6f01c12f033c8e2e015d73025369d7f1685ba200
Signed-off-by: Iliyan Malchev <malchev@google.com>
For example:
@@@ ABORTING: INVALID HEAP ADDRESS IN dlfree addr=0x5c3bfbd0
Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 2942
The addr=0x5c3bfbd0 part is new.
Change-Id: I8670144b2b0a3a6182384150d762c97dfee5452f
A call to pthread_key_delete() after pthread_exit() have unmapped the stack of a thread
but before the ongoing pthread_join() have finished executing will result in an access
to unmapped memory.
Avoid this by invalidating the stack_base and tls pointers during pthread_exit().
This is based on the investigation and proprosed solution by
Srinavasa Nagaraju <srinavasa.x.nagaraju@sonyericsson.com>
Change-Id: I145fb5d57930e91b00f1609d7b2cd16a55d5b3a9
The creation of a thread succeeds even if the requested scheduling
parameters can not be set. This is not POSIX compliant, and even
worse, it leads to a wrong behavior. Let pthread_create() fail in this
case.
Change-Id: Ice66e2a720975c6bde9fe86c2cf8f649533a169c
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
The allocation size in chk_malloc(), leak_malloc(), and leak_memalign()
functions may be rounded up to a small value, leading to buffer overflows.
The code only runs in debugging mode.
This patch complements commit 6f04a0f4 (CVE-2009-0607).
Change-Id: Id899bcd2bcd2ea2205e5753c433390710032dc83
Signed-off-by: Xi Wang <xi.wang@gmail.com>
The posix_memalign(3) function is very similar to the traditional
memalign(3) function, but with better error reporting and a guarantee
that the memory it allocates can be freed. In bionic, memalign(3)
allocated memory can be freed, so posix_memalign(3) is just a wrapper
around memalign(3).
Change-Id: I62ee908aa5ba6b887d8446a00d8298d080a6a299
Since e19d702b8e, dlsym and friends use recursive mutexes that
require the current thread id, which is not available before the libc
constructor. This prevents us from using dlsym() in .preinit_array.
This change moves TLS initialization from libc constructor to the earliest
possible point - immediately after linker itself is relocated. As a result,
pthread_internal_t for the initial thread is available from the start.
As a bonus, values stored in TLS in .preinit_array are not lost when libc is
initialized.
Change-Id: Iee5a710ee000173bff63e924adeb4a4c600c1e2d
First commit:
Revert "Revert "am be741d47: am 2f460fbe: am 73b5cad9: Merge "bionic: Fix wrong kernel_id in pthread descriptor after fork()"""
This reverts commit 06823da2f0.
Second commit:
bionic: fix atfork hanlder_mutex deadlock
This cherry-picks commit 34e89c232d
After applying the kernel_id fix, the system refused to boot up and we
got following crash log:
I/DEBUG ( 113): pid: 618, tid: 618 >>> org.simalliance.openmobileapi.service:remote <<<
I/DEBUG ( 113): signal 16 (SIGSTKFLT), code -6 (?), fault addr --------
I/DEBUG ( 113): eax fffffe00 ebx b77de994 ecx 00000080 edx 00724002
I/DEBUG ( 113): esi 00000000 edi 00004000
I/DEBUG ( 113): xcs 00000073 xds 0000007b xes 0000007b xfs 00000000 xss 0000007b
I/DEBUG ( 113): eip b7761351 ebp bfdf3de8 esp bfdf3dc4 flags 00000202
I/DEBUG ( 113): #00 eip: 00015351 /system/lib/libc.so
I/DEBUG ( 113): #01 eip: 0000d13c /system/lib/libc.so (pthread_mutex_lock)
I/DEBUG ( 113): #02 eip: 00077b48 /system/lib/libc.so (__bionic_atfork_run_prepare)
I/DEBUG ( 113): #03 eip: 00052cdb /system/lib/libc.so (fork)
I/DEBUG ( 113): #04 eip: 0009ae91 /system/lib/libdvm.so (_Z18dvmOptimizeDexFileillPKcjjb)
I/DEBUG ( 113): #05 eip: 000819d6 /system/lib/libdvm.so (_Z14dvmJarFileOpenPKcS0_PP7JarFileb)
I/DEBUG ( 113): #06 eip: 000b175e /system/lib/libdvm.so (_ZL40Dalvik_dalvik_system_DexFile_openDexFilePKjP6JValue)
I/DEBUG ( 113): #07 eip: 0011fb94 /system/lib/libdvm.so
Root cause:
The atfork uses the mutex handler_mutex to protect the atfork_head. The
parent will call __bionic_atfork_run_prepare() to lock the handler_mutex,
and need both the parent and child to unlock their own copy of handler_mutex
after fork. At that time, the owner of hanlder_mutex is set as the parent.
If we apply the kernel_id fix, then the child's kernel_id will be set as
child's tid.
The handler_mutex is a recursive lock, and pthread_mutex_unlock(&hander_mutex)
will fail because the mutex owner is the parent, while the current tid
(__get_thread()->kernel_id) is child, not matched with the mutex owner.
At that time, the handler_mutex is left in lock state.If the child wants to
fork other process after than, then it will try to lock handler_mutex, and
then be deadlocked.
Fix:
Since the child has its own copy of vm space from the the parent, the
child space's handler_mutex should be reset to the initialized state.
Change-Id: I3907dd9a153418fb78862f2aa6d0302c375d9e27
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Change-Id: Ic8072f366a877443a60fe215f3c00b3df5a259c8
New functions:
tfind
tsearch
tdelete
twalk
tdestroy (GNU extension)
Bug fix: the current implementation for realpath would crash
if the second argument (resolved_path) is NULL.
New headers:
ar.h
search.h
Change-Id: Ib6c1e42fc186a6d597a6e5a9692b16acaa155804
After applying the kernel_id fix, the system refused to boot up and we
got following crash log:
I/DEBUG ( 113): pid: 618, tid: 618 >>> org.simalliance.openmobileapi.service:remote <<<
I/DEBUG ( 113): signal 16 (SIGSTKFLT), code -6 (?), fault addr --------
I/DEBUG ( 113): eax fffffe00 ebx b77de994 ecx 00000080 edx 00724002
I/DEBUG ( 113): esi 00000000 edi 00004000
I/DEBUG ( 113): xcs 00000073 xds 0000007b xes 0000007b xfs 00000000 xss 0000007b
I/DEBUG ( 113): eip b7761351 ebp bfdf3de8 esp bfdf3dc4 flags 00000202
I/DEBUG ( 113): #00 eip: 00015351 /system/lib/libc.so
I/DEBUG ( 113): #01 eip: 0000d13c /system/lib/libc.so (pthread_mutex_lock)
I/DEBUG ( 113): #02 eip: 00077b48 /system/lib/libc.so (__bionic_atfork_run_prepare)
I/DEBUG ( 113): #03 eip: 00052cdb /system/lib/libc.so (fork)
I/DEBUG ( 113): #04 eip: 0009ae91 /system/lib/libdvm.so (_Z18dvmOptimizeDexFileillPKcjjb)
I/DEBUG ( 113): #05 eip: 000819d6 /system/lib/libdvm.so (_Z14dvmJarFileOpenPKcS0_PP7JarFileb)
I/DEBUG ( 113): #06 eip: 000b175e /system/lib/libdvm.so (_ZL40Dalvik_dalvik_system_DexFile_openDexFilePKjP6JValue)
I/DEBUG ( 113): #07 eip: 0011fb94 /system/lib/libdvm.so
Root cause:
The atfork uses the mutex handler_mutex to protect the atfork_head. The
parent will call __bionic_atfork_run_prepare() to lock the handler_mutex,
and need both the parent and child to unlock their own copy of handler_mutex
after fork. At that time, the owner of hanlder_mutex is set as the parent.
If we apply the kernel_id fix, then the child's kernel_id will be set as
child's tid.
The handler_mutex is a recursive lock, and pthread_mutex_unlock(&hander_mutex)
will fail because the mutex owner is the parent, while the current tid
(__get_thread()->kernel_id) is child, not matched with the mutex owner.
At that time, the handler_mutex is left in lock state.If the child wants to
fork other process after than, then it will try to lock handler_mutex, and
then be deadlocked.
Fix:
Since the child has its own copy of vm space from the the parent, the
child space's handler_mutex should be reset to the initialized state.
Change-Id: I3907dd9a153418fb78862f2aa6d0302c375d9e27
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
After forking, the kernel_id field in the phtread_internal_t returned by pthread_self()
is incorrect --- it's the tid from the parent, not the new tid of the
child.
The root cause is that: currently the kernel_id is set by
_init_thread(), which is called in 2 cases:
(1) called by __libc_init_common(). That happens when the execv( ) is
called after fork( ). But when the zygote tries to fork the android
application, the child application doesn't call execv( ), instread, it
tries to call the Java main method directly.
(2) called by pthread_create(). That happens when a new thread is
created.
For the lead thread which is the thread created by fork(), it should
call execv() but it doesn't, as described in (1) above. So its kernel_id
will inherit the parent's kernel_id.
Fixed it in this patch.
Change-Id: I63513e82af40ec5fe51fbb69456b1843e4bc0fc7
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
