If we switch from x18 to gp for shadow call stack, we're going to need
another slot in jmp_buf. We'll need this even for hardware shadow call
stacks too.
While I'm here, and because this is likely my last chance, let's just
round this up to 32 for safety. musl and glibc only have the minimum
needed (which I think means they'll need an ABI break to support SCS
unless they just use a callee-saved general purpose register), but since
we can't do ABI breaks after we ship, let's play it safe.
Bug: https://github.com/google/android-riscv64/issues/72
Test: treehugger
Change-Id: I60661fb7a308c900bfd08c9361f51919b798c005
The recent header nullability additions and the corresponding source
cleanup made me notice that we're missing a couple of actions that most
of the other implementations have. They've also been added to the _next_
revision of POSIX, unchanged except for the removal of the `_np` suffix.
They're trivial to implement, the testing is quite simple too, and
if they're going to be in POSIX soon, having them accessible in older
versions of Android via __RENAME() seems useful. (No-one else has shipped
the POSIX names yet.)
Bug: http://b/152414297
Test: treehugger
Change-Id: I0d2a1e47fbd2e826cff9c45038928aa1b6fcce59
Now <utmpx.h> isn't any more useful on Android than <utmp.h> is, but it
is POSIX, and -- importantly -- we can implement it with just a header
file, so code can use it on every existing API level.
macOS does indeed only have the <utmpx.h> functions (although it does
still have the <utmp.h> header!), so potentially portable code might
want <utmpx.h> on Android. (glibc/musl both have both headers.)
Bug: https://github.com/landley/toybox/pull/213
Test: treehugger
Change-Id: Iaa88167708182009a63e2e1a15f11186b251ed02
All the other architectures are already polluting the namespace with
`struct ucontext`, so make riscv64 match for source compatibility with
other Android code. (Code _should_ be using the POSIX `ucontext_t`, but
ART in particular had a lot of `struct ucontext`, and although I'll
clean that up separately, if there's some in our tree, there's probably
a lot more out there in the wild.)
Test: treehugger
Change-Id: Id0e4e97e660d7d60e792cd2462ddb9788d4772d7
We're going to dereference a null pointer if you pass one instead of a
pointer to a path, but at the moment (because of implementation sharing
between the different file actions) we won't do it until the last
minute, in the child itself. Let's crash as soon as you make the mistake
instead, to make debugging a lot easier.
Test: treehugger
Change-Id: I987d2700ba05b9867a936ebe770224259376633f
We don't really need <linux/compiler.h> and <linux/compiler_types.h>. We
already have a mechanism to remove unused macros, so let's do that. We
don't currently have a way to remove unused #includes, so we still need
<linux/compiler.h> and <linux/compiler_types.h> files (but I've clarified
the comments in them).
I've kept the empty definitions of `__user` and `__force` for source
compatibility. (We had one security test at least that was assuming
a kernel struct definition will "just work".)
Bug: http://b/262917450
Test: treehugger
Change-Id: Iacbbbc1aeef9a4fac52dabd7811ab875cc267d4f
Move the "is there a comparator?" check into the sole caller, to match
the "is there a filter?" check. Remove the unnecessary (and unlikely)
pre-sort "is the array empty?" check.
Test: treehugger
Change-Id: I8bd461380420dce4a8bc05ef5fe3511b26347d7c
No idea if this will be the actual API level or not, but that's all
the more reason to abstract it away early...
Bug: None
Test: None
Change-Id: I8a17bb42dbb08a6e760427514af8331e7dc9b549
Since it doesn't matter if these calls take a little longer than
before, use the more thorough but slightly longer purge mechanism.
Test: Unit tests pass.
Change-Id: Ifab7166a9682a13231746b78717d52673d13be1b
The strerror_buf is way too large, so instead of using a separate
buffer for just this string, reuse the already existing buffer.
Increase the buffer size to cover the maximum errno string.
Add a unit test to verify that none of the errno values are cut off
in the async_safe_format_buffer function when passing %m.
Bug: 274474681
Test: New unit test passes.
Test: Changing the buffer to a small value and verify that the test fails.
Change-Id: I4cb4652709582a8a6b958e12de5d923ec950e6b6
Use __memcpy_chk assembly to replace the implementation of c functions, which can reduce the use of instructions
Test: llvm-objdump
Change-Id: I5d75601626dc997626f6173d53af301183a64004
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
As of https://reviews.llvm.org/D143769, binaries (with -fsanitize=memtag-*)
have DT_AARCH64_MEMTAG_* dynamic entries, as per the AArch64 MemtagABI.
Android uses an OS-specific ELF note for MTE config, but we should
migrate to the new thing (while preserving backwards compatibility).
Without actually doing the migration right now, just handle these new
entries. Otherwise, you get a whole bunch of logspam about the
unrecognised dynamic entries.
Bug: 274032544
Test: Build android, don't get logspam.
Change-Id: I5c8b59f77a0058e5b93335e269d558a5014f2260
The buffer filled in by strerror_r needs to stay in scope while
it is pointed to by str.
Bug: 273807460
Change-Id: I494ca8b8aca2b28ec2f0f3da72d845db99633553
This is a new mallopt option that will force purge absolutely
everything no matter how long it takes to purge.
Wrote a unit test for the new mallopt, and added a test to help
verify that new mallopt parameters do not conflict with each other.
Modified some benchmarks to use this new parameter so that we can
get better RSS data.
Added a new M_PURGE_ALL benchmark.
Bug: 243851006
Test: All unit tests pass.
Test: Ran changed benchmarks.
Change-Id: I1b46a5e6253538108e052d11ee46fd513568adec
clang-r487747 added stack protector capability to check noreturn calls.
This caused the system to boot loop. Turn off the new capabilities as a
temporary workaround.
Test: build and boot
Change-Id: I62c912619dfdd2384672d504ce5d52330bf2a102
If the 'j' command is used here,it cannot always be called.
The 'tail' command is used here, let the compiler decide
which instruction to use,when the call distance is less
than 1M, it will be compiled into 'j' command, and when
the distance is greater than 1M, it will be compiled
into 'aupic' and 'jr' command.
Test: llvm-objdump -d
Change-Id: I53d8aa7f54b9c4c96fce491487dcba7b63348219
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Don't assume that a `j` will always be in range. Let the toolchain
come up with the shortest sequence that will actually work.
Test: llvm-objdump -d
Change-Id: I497a68ecae434aad173c2b1c8024aed3756b8440
the "tail" command is used here, let the compiler decide
which instruction to use. when the call distance is less
than 1M, it will be compiled into "jr" command, and when
the distance is greater than 1M, it will be compiled
into "aupic" and "jr" command.
Test: make libc
Change-Id: I80d099d25c7cc2439a297d8afc65abeb5a7a360c
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Guarding the definitions of registers with `#if definded(__USE_GNU)`.
This resolves a name conflict with the mesa3d library when
Virgl is enabled.
Test: launch_cvd -console=true -guest_enforce_security=false\
--gpu_mode=drm_virgl
Change-Id: I4402500eff74e26343700c099dd397b8a19a5ee3
Upstream made a change similar to our %s change, so we don't need that
difference any more. (But they didn't seem interested in our GNU
extensions, even though they're sensible ones that just ensure symmetry
between strftime() and strptime().)
Bug: http://b/167569813
Test: treehugger
Change-Id: I1d86d69c87b51719f0583341fafa7802869cd37e
Writing an assembly file can reduce several
assembly instructions, and compare it through
the disassembly of this file
Test: make libc
Change-Id: Ifdcc9c76742cc95b2ad9e3c14fac4796c36e12e6
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Using %m is slightly less code, and means that perror() wouldn't touch
the strerror buffer in TLS. Doesn't matter, but noticed while I was
looking at this for another reason, and since it's _less_ code...
Test: treehugger
Change-Id: I99d31a5c326962958ad843ec4da2c3cc3b93b048
These are just one-liners, and the _FLOCK() macro seemed to me more
obscure than just inlining it (especially because there are only four
call sites total, so it's not like anyone's going to see that macro very
often).
Also add the missing CHECK_FP() calls. I don't expect this to break
anything, but if it does we can add a target API level check.
Test: treehugger
Change-Id: Ifa1a39d5d9eee46cca783acbe9ec3b3a1e6283d9
There's negative value to explicitly calling out Linux and ELF here,
when Android -- and especially this project -- is always both anyway.
No functional change.
Test: treehugger
Change-Id: Ic7514d74a5b5f6f06e64c46486c12773995076cd
The next NDK to take these headers only supports API 21 and later.
Note that this change leaves the _implementation_ of these functions
behind, so that any old apps calling these APIs should continue to work,
you just can't (without declaring the functions yourself) write new ones
that do (and declaring the functions yourself would only work on LP32
anyway, so that's not going to get you very far in 2023).
Test: treehugger
Change-Id: Ie03514e4215b40f6e9feaa6e4bf5df5b16dc8d59