These were only available internally via android_mallopt(), but they're
likely to be needed by more code in future, so move them into mallopt().
This change leaves the android_mallopt() options for now, but I plan on
coming back to remove them after I've switched the handful of callers
over to mallopt() instead.
Bug: http://b/135772972
Test: treehugger
Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
These two options allow for ARM MTE to be enabled dynamically (instead
of at compile time via the ELF note). They are settable from a non-root
shell to allow device owners to test system binaries with MTE.
The following values may be set:
1. 'off' -> No MTE, uses TBI on compatible devices.
2. 'sync' -> SYNC MTE.
3. 'async' -> ASYNC MTE.
The following methods can be used to launch a process (sanitizer-status)
with configurable values:
1. adb shell MEMTAG_OPTIONS=async sanitizer-status
2. adb shell setprop arm64.memtag.process.sanitizer-status async && \
adb shell sanitizer-status
Note: The system server will require some special handing in the zygote
pre-fork to check the sysprops. The zygote should always have the ELF
note. TODO in a subsequent patch.
Bug: 135772972
Bug: 172365548
Test: Launching sanitizer-status above using both the settings.
Change-Id: Ic1dbf3985a3f23521ec86725ec482c8f6739c182
Android S devices must support eBPF.
Test: builds, atest, TreeHugger
Bug: 167500195
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I84a8d00f786fca8113dd3d555af279a1029f66f2
Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.
Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
I realize that we can probably clean up more of our half-forked code by
reusing the same *-compat.h headers we use for the clean upstream code,
but I'll come back and do that later.
Bug: http://b/177003648
Test: treehugger
Change-Id: I081255aaafd62718b85956c5502911a1cc80225d
Technically, std::atomic does not have an operator(). Previously, this
code was relying on an implicit behavior of our C++ standard library in
order to compile. When compiling this code against a different C++
standard library, I encountered a compiler error on these lines.
This CL makes the std::atomic load() operation explicit, makes it
clearer what this code is actually doing and makes it conform better to
the C++ standard library spec rather than a particular implmentation.
Change-Id: I7f255dffc0a3d8e07c973c18e9ba4098c4b5843e
Technically, C requires that all source files end with a newline. In
practice, most compilers will accept source files without a newline, but
it does trigger the -Wnewline-eof warning.
Change-Id: I64a92b82f4d5724cd8b45821cfd59eb3de39514b
Use a note in executables to specify
(none|sync|async) heap tagging level. To be extended with (heap x stack x
globals) in the future. A missing note disables all tagging.
Bug: b/135772972
Test: bionic-unit-tests (in a future change)
Change-Id: Iab145a922c7abe24cdce17323f9e0c1063cc1321
Test: source build/envsetup.sh && lunch 16 && source
build/soong/bazel/bazelenv.sh && m, then verify ninja
file was based on intermediates from bazel-out
Change-Id: I89f320dd58083710012ea1f8e3902e723602ea37
Soft-limits apps from calling bind() on NETLINK_ROUTE sockets, and
getting link info through getifaddrs(), while still allowing apps on the
allowlist to temporarily perform these actions.
This is different from existing behavior, where apps targeting an API
level < 30 were exempted from this restriction.
Actual enforcement will happen through SELinux (as is currently the
case for apps targeting API >= 30). This temporary change will then be
reverted.
If you arrived at this change due to an app showing unexpected behavior,
please file a bug at go/netlink-bug.
Bug: 170188668
Bug: 170214442
Test: Call bind() on NETLINK_ROUTE for an app on the allowlist.
Test: Call bind() on NETLINK_ROUTE for an app not on the allowlist.
Test: Call getifaddrs() for an app on the allowlist.
Test: Call getifaddrs() for an app not on the allowlist.
Test: Call bind() on a AF_UNIX socket with its protocol set to
NETLINK_ROUTE, confirm it can succeed.
Test: Verify that previously broken apps are no longer broken.
Change-Id: I8738f7912fdc816e0d30205557728ff9e84bf7e6
Kernel headers coming from:
Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.10
Test: Built cuttlefish and flame images. Ran bionic unit tests on both.
Change-Id: I37ffc850970adcce1febbe2269c202632fce763a
Revert "Updates CTS tests for MAC address restrictions."
Revert submission 1518603-soft-restrict-mac
Reason for revert: Missing type check
Reverted Changes:
I0488932de:Soft-enable MAC address restrictions with allowlis...
Idb9d940e4:Updates CTS tests for MAC address restrictions.
I9461f287e:Return anonymized MAC for apps targeting SDK < 30
Change-Id: I7e8e593518088ff5c8f6083b34e6966852475b9b
This was a little confusing because a quick glance suggested that
'err' was getting the value of getsockopt(), when actually it was
getting the result of the '<' operation. Since 'err' wasn't
being used, we clarify by just removing it altogether.
Test: TreeHugger
Change-Id: I1ff80812b460973e9d512a558623e0c44c2ecf09
Soft-limits apps from calling bind() on NETLINK_ROUTE sockets, and
getting link info through getifaddrs(), while still allowing apps on the
allowlist to temporarily perform these actions.
This is different from existing behavior, where apps targeting an API
level < 30 were exempted from this restriction.
Actual enforcement will happen through SELinux (as is currently the
case for apps targeting API >= 30). This temporary change will then be
reverted.
If you arrived at this change due to an app showing unexpected behavior,
please file a bug at go/netlink-bug.
Bug: 170188668
Bug: 170214442
Test: Call bind() on NETLINK_ROUTE for an app on the allowlist.
Test: Call bind() on NETLINK_ROUTE for an app not on the allowlist.
Test: Call getifaddrs() for an app on the allowlist.
Test: Call getifaddrs() for an app not on the allowlist.
Change-Id: I0488932deea2a7211e55a24bc33bfa3cfb16fba2
They're both obsolescent in POSIX.1-2008, and you really shouldn't be
using them, but since we can't actually delete them...
This change makes them both obey $TMPDIR if set, and fall back to
/data/local/tmp otherwise. That's as good as we've managed for anything
else such as tmpfile(3).
Also add some tests.
Bug: http://b/174682340
Test: treehugger
Change-Id: Ieef99dcc2062f84b2b7cbae046787fdfe975e772
We can sometimes fail to link a static executable because of
duplicate definitions of std::nothrow in bionic/libc/bionic/new.cpp
and external/libcxx/src/new.cpp. Fix it by making our definition
weak since it doesn't matter which one ends up being chosen.
Change-Id: Iec02ae89f4a3d2ffe298817240f404e54b109a52
Add a make distclean for each supported arch before generating headers
and at the end so these files are not left hanging around in the
kernel directory.
Bug: 174795055
Test: Verified all generated files are deleted after running.
Test: Verified this generates the exact same files as before this change.
Change-Id: I0f66f580af2ea50c190eb532032017e782d7cae6
aosp/1484976 introduced a breaking change where
DisableMemoryMitigations() now indiscriminately turns tagged pointers
off. When android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) is called, the
correct behaviour is:
- In SYNC/ASYNC MTE mode -> disable all tagged pointers.
- If all tagged pointers are already disabled -> nop.
- If we're in TBI mode -> nop (keep the TBI mode as-is).
In order to do that we have to allow probing of the current heap tagging
mode. In order to prevent TOCTOU between GetHeapTaggingLevel() and
SetHeapTaggingLevel(), we expose a global mutex that should be held when
calling these functions.
Bug: 174263432
Test: atest CtsTaggingHostTestCases on Flame
Change-Id: Ia96f7269d542c9041270458806aee36766d2fbbb
Unnecessary include, and the file was deleted with upstream changes.
Bug: N/A
Test: cd external/gwp_asan && atest
Change-Id: Id8facff0c5e382aa639ce158b7b5862ce157aa25
- Make it apply to every thread, and thus remove the restriction
that it must be called while the program is single threaded.
- Make it change TCF0 itself (on all threads), instead of requiring
callers to do it themselves, which can be error prone.
And update all of the call sites.
Change the implementation of
android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) to call
android_mallopt(M_SET_HEAP_TAGGING_LEVEL) internally. This avoids
crashes during startup that were observed when the two mallopts
updated TCF0 unaware of each other.
I wouldn't expect there to be any out-of-tree callers at this point,
but it's worth noting that the new interface is backwards compatible
with the old one because it strictly expands the set of situations in
which the API can be used (i.e. situations where there are multiple
threads running or where TCF0 hadn't been updated beforehand).
Bug: 135772972
Change-Id: I7746707898ff31ef2e0af01c4f55ba90b72bef51
259776d8ff
The original change was reverted due to InterfaceParamsTest failing.
This test has now been fixed in r.android.com/1498525.
The original change message is below.
Updates getifaddrs() to behave as if RTM_GETLINK requests are not
allowed for non-system apps. This is different from previous behavior,
where apps targeting an API level < 30 were exempted from this
restriction.
Actual enforcement happens in SELinux. This change:
- Soft-enables the behavior until SELinux changes are in place
- Prevents logspam from SELinux denials after they are in place
Bug: 170188668
Test: atest bionic-unit-tests-static
Test: atest NetworkInterfaceTest
Test: Connect to Wi-Fi network
Test: Call getifaddrs() directly from within an app.
Test: Call NetworkInterface#getNetworkInterfaces() from within an app.
Change-Id: Ia9f61819f8fdf878c0e67e57de7e893fb3b1c233
Revert "Enforce RTM_GETLINK restrictions on all 3p apps"
Revert "Updates tests for untrusted app MAC address restrictions"
Revert submission 1450615-mac-address-restrictions
Reason for revert: DroidMonitor: Potential culprit for Bug 173243616 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted
Reverted Changes:
I08c709b2b:Enforce RTM_GETLINK restrictions on all 3p apps
I95d124ae8:Soft-enables new MAC address restrictions.
I5392f8339:Updates tests for untrusted app MAC address restri...
I9d214c5d0:Return anonymized MAC for apps targeting SDK < 30
Change-Id: If09920b24370077d647d60cfda7fc0a110b77851
"vendor_available" modules were available to product modules.
However, not all "vendor_available" modules are required to be
available to product modules. Some modules want to be available only
to product modules but not vendor modules.
To cover the requirement, we separate "product_available" from
"vendor_available".
"vendor_available" will not provide product available module.
Bug: 150902910
Test: build
Change-Id: I13b8222e191333c6c2cb7794ef3344fdcc6ebe98
A constructor or destructor function with an integral priority is
placed in an .init_array or .fini_array section with the priority
suffixed to the section name:
- __attribute__((constructor)) ==> .init_array
- __attribute__((constructor(42))) ==> .init_array.42
The suffixed init/fini sections appear before the unsuffixed sections,
so the prioritized functions appeared before the __{INIT,FINI}_ARRAY__
symbols and were dropped when the symbols were used.
The (static) linker doesn't recognize priority suffixes on
.preinit_array.
This bug affected .init_array and .fini_array for static executables.
For dynamic executables, only .fini_array was affected, because
.init_array is handled by the dynamic loader instead, which uses
DT_INIT_ARRAY[SZ]. For DSOs, neither is affected, because the two
sections are only handled by the dynamic loader.
This patch also fixes a minor inconsistency where dynamic init/preinit
were passed argc/argv/envp, but static were not.
Bug: http://b/170983066
Test: bionic-unit-tests
Change-Id: I0fffa776e5d9bdb6f8af06b4c1af148236742fef
The functions now read /etc/group and /etc/passwd on host machines.
Android-specific IDs are not recognized in the host.
getpwent and getgrent are still not working though. They require a
bigger refactoring to sequentially advance in the database files.
Bug: 171718702
Test: run assemble_cvd in aosp_cf_arm64_phone
Change-Id: Ie8da382a467bbd0bffac7b4b8592cd871db80181
/system/bin/sh exists only on Android. When Bionic is built for the
host, use the standard /bin/sh.
Bug: 159685774
Test: run aosp_cf_arm64_phone on rockpi4
Change-Id: Idf4028c134abc128f203fc4d3be591f06b8fe8ff
When an array element is added or removed, make only the relevant page
writable, rather than the entire array. The entire array is still made
writable during recompaction and expansion.
This change fixes most of a large regression in __cxa_atexit runtime
(blueline, taskset 10, performance governor, 100000 registrations,
times are in seconds)
- Q: _Exit=0.292380, exit=0.626801
- R: _Exit=28.435082, exit=95.785110
- new: _Exit=0.352285, exit=0.713893
Test: bionic unit tests
Test: adb shell taskset 10 \
/data/benchmarktest64/bionic-spawn-benchmarks/bionic-spawn-benchmarks \
--benchmark_filter='atexit' \
--benchmark_display_aggregates_only=true \
--benchmark_repetitions=10
Bug: http://b/168043760
Change-Id: I88cc15c29c9890b422b7f621f29f98a03ca1f886
Instead of assuming a module with the .llndk suffix exists, add an
llndk_stubs property to every cc_library module that has a
corresponding llndk_library. Also rename the llndk_library to have
an explicit .llndk suffix.
Bug: 170784825
Test: no changes to build.ninja (excluding comments) or Android-${TARGET_PRODUCT}.mk
Change-Id: Ib5453472a09ebc64818ceb69bcbe1184720ce86a
pthread_cond_pulse would unconditionally call futex, which meant that
a number of processes were spending a significant amount of time in
pthread_cond_broadcast and pthread_cond_signal when there were no
threads waiting on that pthread_cond_t.
This change adds a counter to the 64-bit pthread_cond_t struct and
only calls futex() in cases where there is a nonzero waiter count. The
32-bit pthread_cond_t is unchanged due to compatibility reasons.
Test: no pthread_cond_broadcast/signal stacks without try_to_wake_up
in SurfaceFlinger
bug: 168831708
Change-Id: I105e1345cd2a3a75f98cd0acf316e790ba1716f0
In order to disable memory initialization for a process, the following
command can be used:
android_mallopt(M_DISABLE_MEMORY_MITIGATIONS, nullptr, 0);
Since this is needed in vendor processes, this is exposing this
functionality to llndk. For convenience (and adding standard logging),
a helper function is being added into libcutils in order to use this,
w/o having to get into so many details.
Bug: 166675194
Test: use function from libcutils
Change-Id: Ia816089a9f3469c50c70afaa7244abeac5a51dcd
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.
Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).
It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().
Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
Updates getifaddrs() to behave as if RTM_GETLINK requests are not
allowed for non-system apps. This is different from previous behavior,
where apps targeting an API level < 30 were exempted from this
restriction.
Actual enforcement happens in SELinux. This change:
- Soft-enables the behavior until SELinux changes are in place
- Prevents logspam from SELinux denials after they are in place
Bug: 170188668
Test: atest bionic-unit-tests-static
Test: atest NetworkInterfaceTest
Test: Connect to Wi-Fi network
Test: Call getifaddrs() directly from within an app.
Test: Call NetworkInterface#getNetworkInterfaces() from within an app.
Change-Id: I95d124ae81bcb26583db5ad01d95d441d52f973c
There are multiple build breakages with bionic when we enable ThinLTO
globally. Opt bionic out of ThinLTO for now.
#global-thinlto-opt-out
Test: TreeHugger
Bug: 169004486
Change-Id: I546a8074f9c3e0ddbd01d3b7cd730e215e3c0c49
In native build of libc it would be inlined and in native bridge mode
it's noinline, extern "C" and thus could be easily intercepted.
Test: m (without weak symbols in native bridge mode x86+arm build would be broken)
Change-Id: I67759858a5bc2174dce1db9732fdbd89ba7689cc
Now, when we can detect native bridge mode is sources we can do that.
Test: m (without weak symbols in native bridge mode x86+arm build would be broken)
Change-Id: I360e7df8211d03636bbe716dc14655ee8d765493
malloc_debug can use libunwind and libunwindstck to unwind backtrace,
if libc.debug.malloc.options contains the string of "backtrace_full",
malloc_debug will use libunwindstck, and if libc.debug.malloc.options
contains the string of "backtrace=*", malloc_debug will use libunwind.
The result of libunwindstck is normal, but the result of libuniwnd
is abnormal, there is a offset between the rel_cp and the correct value,
so addr2line can't decode the right line number.
Libunwind and libunbiwndpack calculate load_bias is different, so malloc_debug
get load_bias alignment with libunwindstack.
Bug: 169539402
Change-Id: I640fb5db39af622a0bb52abf2c107984065a89d5
Let the assembler handle the low-level details of generating .eh_frame,
and use .cfi_escape to output the DWARF3 DW_CFA_def_cfa_expression and
DW_CFA_expression instructions.
Explicitly output a nop instruction between the FDE start
(.cfi_startproc) and the trampoline symbol.
x86_64: remove the rsp instruction, which is redundant with the CFA
itself.
Bug: http://b/169383888
Test: compare `objdump -Wf` output before and after
Test: bionic-unit-tests
Change-Id: Ie2a6d111cb473596be8c9f4fd64534e91d88f2a1
* changes:
libc: Add Armv8.3-A PAuth and Armv8.5-A BTI compatibility to *.S
Update crtbegin.c and crt*.S to support Armv8.5-A BTI
libm: Add Armv8.3-A PAuth and Armv8.5-A BTI support to assembly files
libc: Prepare support for Armv8.3-A PAuth and Armv8.5-A BTI in *.S
Every architecture that uses .eh_frame needs a terminator at the end to
ensure that an unwinder library doesn't read past the end of the
section. This can happen when the unwinder looks up a PC that doesn't
have a matching FDE. Both LLVM libunwind and libgcc fall back to an
.eh_frame scan if the .eh_frame_hdr search table scan fails.
By convention, this terminator section is aligned to 4, even on 64-bit
targets. e.g. Both libgcc and compiler-rt have a crtend with 4-byte
.eh_frame alignment on arm64 and x86_64.
In practice, lld strips off the terminator from input object files and
adds one unconditionally to the output, but bfd/gold still require a
crtend with a terminator.
References:
- https://reviews.llvm.org/D86256
- https://reviews.llvm.org/D87750
- https://sourceware.org/bugzilla/show_bug.cgi?id=2655
Test: examine crtend.o and crtend_so.o with `readelf -SW` and \
`objdump -Wf`
Change-Id: Ib8478ee446ad806898aa7147a6208d384c7516d5
The latest LLVM update to r399163 has exposed an issue with optimization
of `aligned_alloc()` at -O2. Invalid inputs are treated as valid, which
results in assertions being hit. This WAR is to make sure that the test
keeps running while we fix the issue upstream.
Bug: http://b/169206016
Bug: http://b/155835175
Test: atest malloc_hooks_system_tests:malloc_hooks_system_tests.MallocHooksTest#aligned_alloc_hook_error -- --abi x86
Change-Id: I74b290b73826481c62db3a99ac1a690c8a8a8db3
This patch adds support to load BTI-enabled objects.
According to the ABI, BTI is recorded in the .note.gnu.property section.
The new parser evaluates the property section, if exists.
It searches for .note section with NT_GNU_PROPERTY_TYPE_0.
Once found it tries to find GNU_PROPERTY_AARCH64_FEATURE_1_AND.
The results are cached.
The main change in linker is when protection of loaded ranges gets
applied. When BTI is requested and the platform also supports it
the prot flags have to be amended with PROT_BTI for executable ranges.
Failing to add PROT_BTI flag would disable BTI protection.
Moreover, adding the new PROT flag for shared objects without BTI
compatibility would break applications.
Kernel does not add PROT_BTI to a loaded ELF which has interpreter.
Linker handles this case too.
Test: 1. Flame boots
2. Tested on FVP with BTI enabled
Change-Id: Iafdf223b74c6e75d9f17ca90500e6fe42c4c1218
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
In bionic, libcutils_headers header library cannot be used due to
cyclic dependencies, so it gets the actual include path instead, which
is less bad than depending on the build system injecting the for all
modules.
Bug: 165825252
Test: build
Change-Id: Id43bdea9553b1174ceb3efc2a3ed505888619c62
It was originally based on fdlibm, but it's been through two different
projects since then, and `git blame` shows basically nothing remaining
from those days. Seems worth leaving something to explain the unusual
copyright header though!
Test: treehugger
Change-Id: I8e7252a755704b866e7f36c8e97adc021fa3cdad
This value indicates whether memory tagging is enabled on a thread,
the mode (sync or async) and the set of excluded tags. This information
can sometimes be important for understanding an MTE related crash,
so include it in the per-thread tombstone output.
Bug: 135772972
Change-Id: I25a16e10ac7fbb2b1ab2a961a5279f787039000b
This is already covered by the existing test by virtue of being used for
all threads.
Bug: http://b/168258494
Test: treehugger
Change-Id: I5c872fd7f30a4c79de1d70e7702f4b12d4e94cd3
An upcoming change to Scudo will change how we use the TLS slot
in tsd_shared.h, which will be a little easier to deal with if
we can remove the code path that calls pthread_getspecific and
pthread_setspecific. The only known user of this code path is Fuchsia.
We can't eliminate this code path by making Fuchsia use ELF TLS
because although Fuchsia supports ELF TLS, it is not supported within
libc itself. To address this, Roland McGrath on the Fuchsia team has
proposed that Scudo will optionally call a platform-provided function
to access a TLS slot reserved for Scudo. Android also has a reserved
TLS slot, but the code that accesses the TLS slot lives in Scudo.
We can eliminate some complexity and duplicated code by having Android
implement the same mechanism that was proposed for Fuchsia, which is
what this change does. A separate change to Scudo will make use of it.
Bug: 163630045
Change-Id: I4678105c9c47a23feb5a5e80a314416de4556d9c
Except they are the same on arm32/arm64, so we hadn't really noticed. x86
and x86-64 are quite different though, presumably by historical accident.
Fix the definitions and add some static asserts.
Bug: https://github.com/android/ndk/issues/1347
Test: treehugger
Change-Id: Ic27b172066cf3443749463b9b73c912d204f9516
The most notable change is in sigsetjmp/siglongjmp. The former
stores LR signed with the current SP into jmp_buf. Calling siglongjmp
reads a signed LR and the corresponding SP from jmp_buf. This way not
only the checksum provides some means of integrity protection but
Pointer Authentication too.
Test: Tested on FVP with BTI enabled.
Change-Id: I9d720239775f8d2829a677901f546c4b14b5cbe5
These files are linked to all ELF files therefore they must support BTI.
Test: Tested on FVP with BTI enabled using a patched clang.
Co-authored-by: Gabor Kertesz <gabor.kertesz@arm.com>
Co-authored-by: Daniel Kiss <daniel.kiss@arm.com>
Co-authored-by: Tamas Petz <tamas.petz@arm.com>
Change-Id: If5df0722e649bcdb8c4afb0531831dff42103c9c
The instruction "bti c" is added through ENTRY*() macro,
using __bionic_asm_custom_entry(f).
The .note.gnu.property section is added with the new macro
NOTE_GNU_PROPERTY(). BTI and PAuth features are automatically
selected based on the presence of __ARM_FEATURE_* macros.
Furthermore, gensyscalls.py got updated to append the new
macro to the generated syscalls-arm64.S.
Test: Tested on FVP with BTI enabled.
Change-Id: I40ffe294b8426421125fffd0a9758567d919a09d
This benchmarks mapping property prefixes to property contexts with
two algorithms: the 'Legacy' method used before Android P and the
'Trie' used afterwards (the code in this directory).
It uses input mappings from both Oreo and the latest in AOSP ('S').
Note that there is nearly a 10x increase in the number of mappings in
S as there was in Oreo, which was predicted when the trie was
designed.
Results on cuttlefish:
-----------------------------------------------------------
Benchmark Time CPU Iterations
-----------------------------------------------------------
LegacyLookupOreo 683576 ns 673538 ns 1060
LegacyLookupS 5683109 ns 5596982 ns 124
TrieLookupOreo 299851 ns 295696 ns 2378
TrieLookupS 584831 ns 576801 ns 1204
The results show that the legacy look up uses 8.3x more CPU time to
handle the number of mappings added through S, whereas the Trie lookup
uses less than 2x more CPU time, showing that the trie scales better
with added mappings.
Test: run this benchmark
Change-Id: I35c3aa4429f049e327a891f9cbe1901d8855d7ba
I made toybox use strptime %Z recently (so that it can parse the default
POSIX date(1) output), forgetting that bionic's strptime(3) doesn't
support %Z. Neither does glibc, for that matter; the toybox change works
on glibc effectively by accident --- glibc just ignores the next word
when parsing %Z and assumes that the current time zone ($TZ) is
appropriate. Which it is for the only obvious use case of "round trip
date(1) output".
The related %z is potentially quite a bit more useful in general (parsing
any valid RFC822 time zone), though sadly not useful for the toybox case
that prompted.
Every time I touch this file I promise that I'll actually get us back in
sync with upstream, and every time I fail to get round to it. Maybe
2020 or 2021 will finally be the year...
Also add corresponding tests.
Bug: https://b/167455975
Test: treehugger
Change-Id: I13a7fb7e3ad01ae855750b9314d2eec661fe034f
Some global static variables are only used within a single function,
so moving them inside the function which requires them. This also
ensures those static variables of class types are initialized before
they are being used.
For example, this is needed for CachedProperty(), as some of the
member method, e.g., CachedProperty().Get(), might be invoked,
e.g., in __libc_preinit(), before the constructor is invoked.
This happens after we added property trace points in commit
Id2b93acb2ce02b308c0e4889f836159151af3b46.
For g_lock, we don't move them because it can be initialized by setting
its memory to 0. And it's used in two functions.
https://android.googlesource.com/platform/bionic/+/refs/heads/master/libc/private/bionic_lock.h
Bug: 147275573
Test: atest CtsBionicTestCases
Test: adb shell perfetto -o /data/misc/perfetto-traces/test_trace -t 10s bionic sysprop
Change-Id: I99565ce2442d34f33830778915c737eed834f8b3
Like with close, socket is no longer a simple syscall, so we can get
recursive calls that deadlock.
Bug: http://b/165206592
Test: bionic-unit-tests on cuttlefish
Test: treehugger
Change-Id: I2ba77d733d1ebf08a91afd6ca179e7ae6ae3866e
Introducing a new systrace tag, TRACE_TAG_SYSPROP, for use with
system property.
For property set, the tracing is added in __system_property_set() instead of
__system_property_update() / __system_property_add() so we can record
control properties like ctl.*, sys.powerctl.*, etc.., which won't be
updated via the latter two functions.
Bug: 147275573
Test: atest CtsBionicTestCases
Test: adb shell perfetto -o /data/misc/perfetto-traces/test_trace -t 10s bionic
Test: adb shell perfetto -o /data/misc/perfetto-traces/test_trace -t 10s sysprop
Test: adb shell /data/benchmarktest64/bionic-benchmarks/bionic-benchmarks \
--benchmark_filter=BM_property --bionic_cpu=4, then compares the results
of property benchmarks before and after the change, didn't see
significant difference.
Change-Id: Id2b93acb2ce02b308c0e4889f836159151af3b46
Merged-In: Id2b93acb2ce02b308c0e4889f836159151af3b46
(cherry picked from commit 26970c3493)
We can't have HWASAN enabled in these resolvers because they
may be called before HWASAN is initialized.
We were previously getting away with HWASAN being enabled on these
functions because ANDROID_EXPERIMENTAL_MTE was not defined, which
let the compiler simplify away any HWASAN instrumentation in the
resolvers. But with this build flag enabled (which is currently the
case in FVP, and eventually everywhere once the MTE kernel patches
land) the resolvers end up containing an HWASAN instrumented load of
the _hwcap2 field.
Bug: 135772972
Change-Id: Iac79d02ddc81630c955e107eb7f78389aeb33879
Mostly from extra test cases, but also:
* Move the fgets size < 0 assertion into fgets.
* Use ELF aliases for strtoq/strtouq rather than duplicating code.
* Don't check uname() succeeded, since it can't fail.
Test: treehugger
Change-Id: I2e6b3b88b0a3eb16bd68be68b9bc9f40d8043291
We don't list most of bionic on dac since it would be overwhelming for
the current layout, but this file in particular seems useful,
especially __ANDROID_API__. Unfortunately, c2devsite doesn't include
macro documentation. Until then, it's still useful to include the
functions defined in this header.
I've also elaborated a bit in the __ANDROID_API__ documentation, since
the existing phrasing led to confusion over whether it was closer to
minSdkVersion or compileSdkVersion. In practice these are identical
for the NDK, but if we switch to weakly-linked APIs via the
availability attribute that would change.
Test: built docs, looked at them
Bug: None
Change-Id: I5cf78a6143b5c15790c369bdf888611e4c1189db
(Based on proposal at https://sourceware.org/glibc/wiki/ThreadPropertiesAPI)
This includes API to:
- locate static and dynamic TLS
- register thread-exit and dynamic TLS creation/destruction callbacks
Change-Id: Icd9d29a5b2f47495395645e19d3b2c96826f19c8
Now we're being marked down for our poor coverage, we may as well remove
more broken cruft. Despite the amount of effort that seems to have gone
into pututline(), it wasn't working with the other utmp.h functions (in
particular, utmpname()), and wasn't declared in the header file!
Test: treehugger
Change-Id: I1a583984189c751168c11c01431433f96f8c548b
The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.
The fix ensures that the length of send_vc return does not exceed the
buffer size.
Bug: 161362564
Test: build, flash, boot
Test: atest netd_integration_test
Merged-In: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Similar to the musl strstr. This patch also increases test coverage for
memmem, again similar to the strstr tests.
Test: treehugger
Change-Id: I7f4a2ab93a610cb692994d06d2512976e657ae9f
Bug: http://b/157081822
- Disable coverage for libtest_check_rtld_next_from_library to make
dlfcn.rtld_next_from_library to pass.
- The coverage runtime sets an environment variable to prevent
clobbering of the coverage data on disk. Include that variable as well
when checking `printenv` output. This is done at runtime by checking
for LLVM_PROFILE_FILE environment variable.
- dl.preinit_system_calls still fails after this change.
Test: bionic tests with libc coverage turned on.
Change-Id: I3ea2b0800886d8c0984969a4ee8bfb0da03c33b0
We'll be enabling system tracing in libsystemproperties, which requires
using bionic_systrace.cpp from libc_bionic_ndk. However, libc_bionic_ndk
already depends on libsystemproperties.
Introducing a new library libc_bionic_systrace for bionic_systrace.cpp,
which can be used by both libc_bionic_ndk and libsystemproperties.
Bug: 147275573
Test: atest CtsBionicTestCases
Test: adb shell perfetto -o /data/misc/perfetto-traces/test_trace -t 10s bionic
Change-Id: I7306f922f212fa1c911583e1922e33612bfeada6
For vanity reasons, this CL should be reverted after b/158870657, since
we want to make sure zero/pattern fill always happen when they are
requested.
Bug: 131355925
Bug: 158870657
Test: check build on normal devices hits USE_SCUDO branch with #error
Change-Id: I22d19dbc75004c8f7437e1247226bc3275cd4df5
This was initially just to try on "pty" and "tty" for size, while
discussing with other projects to try to align on vocabulary, but -- in
the implemention and tests at least -- but these work out so well that
I'm tempted to go with them anyway if we can't come to a concensus. We
can always come back and change them again later.
What I really like is that you pass the pty to functions like ptsname()
and grantpt() with a 'p' in the name, and the tty to functions like
ttyname() and tcsetattr() with just 't's.
The use of "parent" and "child" in forkpty() seems helpful too.
Also fix the documentation of forkpty(), which wasn't quite right.
Test: treehugger
Change-Id: Ic010c4b669f6528591c653e3701f4e41e0d0df9e
Considering none of the files in this directory are pylint clean I
don't think this is being used. They also seem to use a mix of styles
so we need to either unify or split things into subdirectories if we
want to use pylint here.
Test: None
Bug: http://b/161896447
Change-Id: I5bc298bd64d44cc10d3d28121666e7893222ea96
Normally, getifaddrs() gets its information about interface flags from
RTM_NEWLINK messages. With the ability for non-system apps to send
RTM_GETLINK messages going away, resolve these flags by performing a
SIOCGIFFLAGS ioctl call instead.
This fixes a bug where the flags were erroneously copied over from an
ifaddrmsg's ifa_flags.
Bug: 141455849
Bug: 161869825
Test: atest bionic-unit-tests-static
Test: Connect to wireless network.
Test: Call getifaddrs() from a non-system app targeting API R+, verify
that the interface flags are correct.
Change-Id: I552f3b9d21072f59ee6f0890f47cb1bdf3cfcf20
Normally, getifaddrs() gets its information about interface flags from
RTM_NEWLINK messages. With the ability for non-system apps to send
RTM_GETLINK messages going away, resolve these flags by performing a
SIOCGIFFLAGS ioctl call instead.
This fixes a bug where the flags were erroneously copied over from an
ifaddrmsg's ifa_flags.
Bug: 141455849
Test: atest bionic-unit-tests-static
Test: Connect to wireless network.
Test: Call getifaddrs() from a non-system app targeting API R+, verify
that the interface flags are correct.
Change-Id: I552f3b9d21072f59ee6f0890f47cb1bdf3cfcf20
This reverts commit 3d1bd8efbe.
Reason for revert: http://b/159712722
The original test (`atest --test-mapping packages/providers/MediaProvider`) passed in AOSP, but there's a new use of vmsplice() in rvc-dev.
Bug: http://b/157591659
Bug: http://b/159712722
Change-Id: Icc9b752ca4fa21f7e18c409b55f3977b7460bfbe
Test: treehugger
As scudo is now the default native allocator, there is no need to
keep this library around.
Test: Builds and walleye boots.
Change-Id: Id2918544651348854956d1348d2a634f6425b952
Merged-In: Id2918544651348854956d1348d2a634f6425b952
(cherry picked from commit 941ad56299)
It's a historical accident that we try all the other files even if a
higher-priority file doesn't contain the sought-for olson id. Stop
doing that.
Also remove a TODO that has never been warranted, and add one that it
will be many years before anyone can do anything about it, but by that
time the historical knowledge may have been lost.
Bug: http://b/159613340
Test: treehugger
Change-Id: I873579268753c84b0bb721ea56f71ba64506d45a
Also be quiet about public domain files unless asked to be verbose.
Test: ./libc/tools/generate-NOTICE.py
Change-Id: Ia7e4d42870b2ef4b0b77a11093eefa4f117bebaf
One turns out not to be used at all, and the pylintrc even uses the more
intention-revealing term in the machine readable part, just not the
comment!
Test: treehugger
Change-Id: I4db7f1cf4fa1aa8ee601857e4e4c400e2119887c
blacklist and whitelist are replaced with blocklist and allowlist
respectively.
Test: CtsSeccompHostTestCases
Change-Id: I39d9eda89038d1addbdaed59284a254a34cea1c6
ARM has released the remaining MTE string routines, so let's start
using them. The strnlen implementation is now compatible with MTE,
so it no longer needs to be an ifunc.
Bug: 135772972
Change-Id: I9de7fb44447aa1b878f4ad3f62cb0129857b43ad
In particular, add the strerror() output if mprotect() fails.
Fix the CHECK macro so that you can make assertions involving operator%
without that being confused for a printf format specifier.
Bug: https://issuetracker.google.com/158645318
Test: treehugger
Change-Id: I6817f8ca5f094c52dc2c9067bfac90385a8743f5
When glancing at libc.so, I noticed we had five copies of
`__fortify_fatal` sitting around. LLVM can't inline variadic functions;
allowing everything to reference the same one seems best to me. This
saves us a few hundred bytes. Whoopee.
Bug: None
Test: TreeHugger
Change-Id: I99188d49cd46d792e3167cb961f13b3c1b65bd61
We are removing native bridge copy of fork.cpp, but need to
replace call to clone() when it's done for bionic's fork.
The code here will run all pre-/post-clone routines for *guest*,
while native bridge implementation will need to run the
corresponding *host* routines.
Bug: 145028007
Test: bionic-unit-tests
Merged-In: Ic5524e743caa287d7aaa8dc7e5d34acd1c7e1170
Change-Id: Ic5524e743caa287d7aaa8dc7e5d34acd1c7e1170
(cherry picked from commit 41127dca3d)
Partly to buff our coverage numbers, but also for improved consistency
in error reporting.
Test: treehugger
Change-Id: Iffc32833a35f9e9535c1bc3e0f7cb3c4bbba5f7f
The arm kvm.h file has been deprecated, so nobody should be including it.
Therefore, remove the hack to copy the file out of the tools directory.
Also, update to remove the arm kvm.h file.
Test: Ran generate and update script and verified only the arm kvm.h
Test: was deleted.
Test: Builds and boots on a walleye.
Change-Id: I95dcc8877bdb2da2858b0b9d0aa95d1d2072cf9a
This means that execle() doesn't have to drag in all the path code and
shell script special case code from its relatives, for branches that
will never be taken. Specifically, it means that they disappear from the
monstrously large linker binary after this change.
A drop in the ocean of bloat, yes, but you have to start somewhere.
Bug: http://b/25200716
Test: treehugger, objdump
Change-Id: I21126823d869cee07bf7320bc0a65ea2aaee65a1
We are removing native bridge copy of fork.cpp, but need to
replace call to clone() when it's done for bionic's fork.
The code here will run all pre-/post-clone routines for *guest*,
while native bridge implementation will need to run the
corresponding *host* routines.
Bug: 145028007
Test: bionic-unit-tests
Change-Id: Ic5524e743caa287d7aaa8dc7e5d34acd1c7e1170
If an alternate signal stack is set and the frame record is in bounds of
that stack, we need to use the top of the alternate signal stack for bounds
checking rather than the normal stack.
Bug: 150215618
Change-Id: I78b760d61b27da44f8e0cfee3fe94a791011fe58
Merged-In: I78b760d61b27da44f8e0cfee3fe94a791011fe58
Kernel headers coming from:
Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.7
Update the generate_uapi_headers.sh where the types.h file is now in
the right place, but kvm.h is not.
Test: Booted cuttlefish/bonito.
Test: Ran bionic-unit-tests on cuttlefish/bonito.
Change-Id: Ice9ce370a658e320b80f564b34a4431927fcf100
clock_gettime() with known arguments can't fail (and we ignore its
return value in most other places already).
Test: treehugger
Change-Id: I2374ae5ba1598a01d4c4f689b9c75c4e7dc926b6
Add SCUDO_OPTIONS to the list of the environment variables that should
not be preserved across a security boundary.
Bug: 157484128
Test: Builds and boots.
Change-Id: Id8644608114ad2fd49baedbdbbe1c899768bd54d
(cherry picked from commit ad3be7e649)
Add SCUDO_OPTIONS to the list of the environment variables that should
not be preserved across a security boundary.
Bug: 157484128
Test: Builds and boots.
Change-Id: Id8644608114ad2fd49baedbdbbe1c899768bd54d
When malloc debug is enabled, using libbacktrace to unwind can
result in a deadlock. This happens when an unwind of a thread
is occuring which triggers a signal to be sent to that thread. If
that thread is interrupted while a malloc debug function is
executing and owns a lock, that thread is then stuck in the signal
handler. Then the original unwinding thread attempts to do an
allocation and gets stuck waiting for the same malloc debug lock.
This is not a complete deadlock since the unwinder has timeouts,
but it results in truncated unwinds that take at least five
seconds to complete.
Only the backtrace signals needs to be blocked because it is the only
known signal that will result in a thread being paused in a signal
handler.
Also, added a named signal in the reserved signal list for the
special bionic backtrace signal.
Bug: 150833265
Test: New unit tests pass with fix, fail without fix.
Change-Id: If3e41f092ebd40ce62a59ef51d636a91bc31ed80
(cherry picked from commit 9bf7817dd2)
The tzdata format has changed:
Firstly, there is now a "final_offset", which serves as a pointer to the
beginning of the section after the last known section. The pointer means
that file size is no longer a factor when reading the last section and
new sections could be added to the end of the file in future in a
backwards compatible way.
Secondly, since nothing uses zone.tab on Android it is being removed and
the zonetab_offset is replaced by final_offset.
The net effect for bionic is zero besides some comment / name changes.
Test: build only
Change-Id: Ia315083879c891f2d3fc84cf48e304c323ca89f2
When malloc debug is enabled, using libbacktrace to unwind can
result in a deadlock. This happens when an unwind of a thread
is occuring which triggers a signal to be sent to that thread. If
that thread is interrupted while a malloc debug function is
executing and owns a lock, that thread is then stuck in the signal
handler. Then the original unwinding thread attempts to do an
allocation and gets stuck waiting for the same malloc debug lock.
This is not a complete deadlock since the unwinder has timeouts,
but it results in truncated unwinds that take at least five
seconds to complete.
Only the backtrace signals needs to be blocked because it is the only
known signal that will result in a thread being paused in a signal
handler.
Also, added a named signal in the reserved signal list for the
special bionic backtrace signal.
Bug: 150833265
Test: New unit tests pass with fix, fail without fix.
Change-Id: If3e41f092ebd40ce62a59ef51d636a91bc31ed80
Ensure we don't call sigchain's sigaction64 from bionic's sigaction by
extracting sigaction64 to a static function.
Test: treehugger
Change-Id: I16226c6ac580ece7000c335beb1d3b76429d2a06
Allow to provide a list of prioritized syscalls (e.g., syscalls that we
know occur often) which are checked before other syscalls in seccomp.
When constructing the bpf seccomp filter, traverse prioritized syscalls
in a linear list before checking all other syscalls in a binary tree.
Bug: 156732794
Test: make, inspect generated *_system_policy.cpp files
Test: simpleperf on futex/ioctl-heavy app seems to show 5-10% less time
spent in seccomp call
Change-Id: I509343bcd32ada90c0591785ab5cb12d2a38c31e
(cherry picked from commit ce84677733)
Allow to provide a list of prioritized syscalls (e.g., syscalls that we
know occur often) which are checked before other syscalls in seccomp.
When constructing the bpf seccomp filter, traverse prioritized syscalls
in a linear list before checking all other syscalls in a binary tree.
Bug: 156732794
Test: make, inspect generated *_system_policy.cpp files
Test: simpleperf on futex/ioctl-heavy app seems to show 5-10% less time
spent in seccomp call
Change-Id: I509343bcd32ada90c0591785ab5cb12d2a38c31e
Switched min_sdk_version from 29(hard-coded) to "apex_inherit".
From the build system perspective, nothing changes.
This change is to sync with internal code because it's been changed
while cherry-picking.
Bug: 145796956
Test: m
Change-Id: I567ddad0bd54087cdf9a30cbe42e239977a028dd
To enforce all modules included in mainline modules(apex/apk),
modules should set min_sdk_version which is the minimum sdk versions
that compiled artifacts run against.
Setting this doesn't change build output.
(While cherry-picking s/29/apex_inherit)
Bug: 145796956
Test: m
Merged-In: Ibbe3771592677d729c81343fe00859c0afa81918
Change-Id: Ibbe3771592677d729c81343fe00859c0afa81918
(cherry picked from commit 15c32a8e1a)
It turns out that we need this on non-aarch64 more than I thought
we would, so let's start defining it everywhere.
Also expose platform headers to sanitizer-status.
Bug: 135772972
Change-Id: Ia7fd8a9bca0c123c4ca2ecd5f250f3a628a5513b
Our various fd debugging facilities get extremely confused by a vforked
process closing file descriptors in preparation to exec: fdsan can
abort, and fdtrack will delete backtraces for any file descriptors that
get closed. Keep track of whether we're in a vforked child in order to
be able to detect this.
Bug: http://b/153926671
Test: 32/64-bit bionic-unit-tests on blueline, x86_64 emulator
Change-Id: I8a082fd06bfdfef0e2a88dbce350b6f667f7df9f
(cherry picked from commit 2303283740)
The marked library(ies) were available to the APEXes via the
hand-written whitelist in build/soong/apex/apex.go. Trying to remove the
whitelist by adding apex_available property to the Android.bp of the
libraries.
Exempt-From-Owner-Approval: cherry-pick from internal
Bug: 150999716
Test: m
Merged-In: If64eff62b9e93af95089e5010c30eb586673b92e
(cherry picked from commit 693a7214d6)
Change-Id: If64eff62b9e93af95089e5010c30eb586673b92e
It turns out that we weren't actually enabling stack traces due
to a typo in one of the if statements. Fix it.
Bug: 135772972
Change-Id: Ic19352280f65acd621b9d88c361c55680b3327f0
Our various fd debugging facilities get extremely confused by a vforked
process closing file descriptors in preparation to exec: fdsan can
abort, and fdtrack will delete backtraces for any file descriptors that
get closed. Keep track of whether we're in a vforked child in order to
be able to detect this.
Bug: http://b/153926671
Test: 32/64-bit bionic-unit-tests on blueline, x86_64 emulator
Change-Id: I8a082fd06bfdfef0e2a88dbce350b6f667f7df9f
We need __get_tls and TLS_SLOT_OPENGL for our
OpenGL implementation. We currently use .mk files
and this restriction does not apply, since we are
migrating to .bp we need to address restriction.
Bug: 154151802
Test: presubmit
Signed-off-by: Roman Kiryanov <rkir@google.com>
Merged-In: I007664d919204cd4f6a623f9695a56e94bab7ae6
Change-Id: I6616331b03649eb19ceeb8121d56e55a9270548a
We need __get_tls and TLS_SLOT_OPENGL for our
OpenGL implementation. We currently use .mk files
and this restriction does not apply, since we are
migrating to .bp we need to address restriction.
Bug: 154151802
Test: presubmit
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I007664d919204cd4f6a623f9695a56e94bab7ae6
The SYNC tagging level enables stack trace collection for allocations and
deallocations, which allows allocation and deallocation stack traces to
appear in tombstones when encountering a tag check fault in synchronous tag
checking mode.
Bug: 135772972
Change-Id: Ibda9f51b29d2c8e2c993fc74425dea7bfa23ab1e
Before this Soong added hardcoded system include paths to
bionic/libc/{include,kernel}, which won't work when Bionic libs are
packaged up as prebuilts in an SDK module snapshot.
Test: Build and boot
Test: Check in out/verbose.log.gz that a C file doesn't get any bionic
include path for linux_glibc.
Bug: 153590472
Change-Id: I13c8eb3dd7150d6e0fee001b290b53fcebebcfea
To enforce all modules included in mainline modules(apex/apk),
modules should set min_sdk_version which is the minimum sdk versions
that compiled artifacts run against.
Setting this doesn't change build output.
Bug: 145796956
Test: m
Change-Id: Ibbe3771592677d729c81343fe00859c0afa81918
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Relanding unchanged - the build problem was due to a split topic.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Iaf49597ea265e6f2a042de5ee873238073b2e545
Reason for revert: Breaks rvc-d1-dev-plus-aosp: http://ab/6443190
Reverted Changes:
Ide447b89a:bionic_libc_platform_headers is only available whe...
Ia93cd3ec8:bionic_libc_platform_headers is only available whe...
Icdc495588:Make bionic_platform_headers available only for Bi...
Idfd7c87dc:bionic_libc_platform_headers is only available whe...
Bug: 152255951
Bug: 155269399
Change-Id: I214f1165bb0a7e59d3b35a13b3cceb1965be922b
The marked library(ies) were available to the APEXes via the
hand-written whitelist in build/soong/apex/apex.go. Trying to remove the
whitelist by adding apex_available property to the Android.bp of the
libraries.
Bug: 150999716
Test: m
Change-Id: If64eff62b9e93af95089e5010c30eb586673b92e
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Icdc49558893c5355860f78d23275c49ba0119900
When a thread calls pthread_exit(3), ScopedSignalBlocker blocks all
user-visible signals, but leaves internal-use signals 33/34/36/36/37.
Signal 33 is used to unwind a thread for a backtrace, which can cause us
to access the stack after it's been unmapped. (Avoiding this was the
reason why we have the ScopedSignalBlocker in pthread_exit(3)!)
Fix this (and other potential issues) by changing ScopedSignalBlocker to
call __rt_sigprocmask(2) directly, so we don't mask out the internal-use
signals.
Bug: https://issuetracker.google.com/153624226
Test: not trivially reproducible
Change-Id: I9b125ed41ddee4c5d33b45920f1d142e52db47cb
Merged-In: I9b125ed41ddee4c5d33b45920f1d142e52db47cb
When a thread calls pthread_exit(3), ScopedSignalBlocker blocks all
user-visible signals, but leaves internal-use signals 33/34/36/36/37.
Signal 33 is used to unwind a thread for a backtrace, which can cause us
to access the stack after it's been unmapped. (Avoiding this was the
reason why we have the ScopedSignalBlocker in pthread_exit(3)!)
Fix this (and other potential issues) by changing ScopedSignalBlocker to
call __rt_sigprocmask(2) directly, so we don't mask out the internal-use
signals.
Bug: https://issuetracker.google.com/153624226
Test: not trivially reproducible
Change-Id: I9b125ed41ddee4c5d33b45920f1d142e52db47cb
Switch the __x86.get_pc_thunk.{bx,cx} functions from .gnu.linkonce to
comdat section groups. lld doesn't implement .gnu.linkonce and will
instead discard the input sections. Currently, it might produce a
faulty binary that has no get_pc_thunk function in it, which would
crash.
Normally, these functions are generated by GCC and are present in many
object files compiled with PIC. Clang doesn't use them, and instead
initializes the PIC base register with a "call 1f; 1: pop %ebx" pair.
Bug: http://b/154376560
Bug: https://bugs.llvm.org/show_bug.cgi?id=45594
Test: bionic-unit-tests
Change-Id: I3e4857aecdc281b32232270bff4880433e5b6afa
Some applications may incorrectly assume that a "negative" pointer
indicates error. By setting the top bit in TBI mode, we catch these
cases as well. Although they don't directly indicate incompatibility
with MTE (as MTE uses the 2nd-highest nibble) - this ensures we catch
HWASan errors as well as reserve the bits for future MTE expansion.
Bug: 154272452
Test: Boot flame, device boots successfully.
Change-Id: I94a6821a82ce7ead59e6ca2dd113a5a50ee9e56b
Merged-In: I94a6821a82ce7ead59e6ca2dd113a5a50ee9e56b
The header library is used by some libraries, such as libunwind_llvm,
which are automatically added as dependencies when stl is set to
libc++_static. Since such dependencies are not specificy to any APEX,
let's mark the header library be available (can be directly or
indirectly be part of an APEX) to any APEX. At the same time, limit the
visibility of the header library so that its uses are strictly limited
to the certain places that we acknowledge. (the places would be reduced
further when we will be successful in dropping the dependency to
libc_headers.)
Exempt-From-Owner-Approval: cherry-pick from AOSP
Bug: 152668052
Test: m
Merged-In: I85ee900947df2c9ce076e2f3aa3145645da77d2b
(cherry picked from commit ad9946c09a)
Change-Id: I85ee900947df2c9ce076e2f3aa3145645da77d2b
The marked library(ies) were available to the APEXes via the
hand-written whitelist in build/soong/apex/apex.go. Trying to remove the
whitelist by adding apex_available property to the Android.bp of the
libraries.
Exempt-From-Owner-Approval: cherry-pick from AOSP
Bug: 150999716
Test: m
Merged-In: I6ea7fee2a135298085d3965d3578d9ecd53ee405
(cherry picked from commit 2aa19dcb59)
Change-Id: I6ea7fee2a135298085d3965d3578d9ecd53ee405
