The strerror_buf is way too large, so instead of using a separate
buffer for just this string, reuse the already existing buffer.
Increase the buffer size to cover the maximum errno string.
Add a unit test to verify that none of the errno values are cut off
in the async_safe_format_buffer function when passing %m.
Bug: 274474681
Test: New unit test passes.
Test: Changing the buffer to a small value and verify that the test fails.
Change-Id: I4cb4652709582a8a6b958e12de5d923ec950e6b6
Use __memcpy_chk assembly to replace the implementation of c functions, which can reduce the use of instructions
Test: llvm-objdump
Change-Id: I5d75601626dc997626f6173d53af301183a64004
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
As of https://reviews.llvm.org/D143769, binaries (with -fsanitize=memtag-*)
have DT_AARCH64_MEMTAG_* dynamic entries, as per the AArch64 MemtagABI.
Android uses an OS-specific ELF note for MTE config, but we should
migrate to the new thing (while preserving backwards compatibility).
Without actually doing the migration right now, just handle these new
entries. Otherwise, you get a whole bunch of logspam about the
unrecognised dynamic entries.
Bug: 274032544
Test: Build android, don't get logspam.
Change-Id: I5c8b59f77a0058e5b93335e269d558a5014f2260
The buffer filled in by strerror_r needs to stay in scope while
it is pointed to by str.
Bug: 273807460
Change-Id: I494ca8b8aca2b28ec2f0f3da72d845db99633553
This is a new mallopt option that will force purge absolutely
everything no matter how long it takes to purge.
Wrote a unit test for the new mallopt, and added a test to help
verify that new mallopt parameters do not conflict with each other.
Modified some benchmarks to use this new parameter so that we can
get better RSS data.
Added a new M_PURGE_ALL benchmark.
Bug: 243851006
Test: All unit tests pass.
Test: Ran changed benchmarks.
Change-Id: I1b46a5e6253538108e052d11ee46fd513568adec
clang-r487747 added stack protector capability to check noreturn calls.
This caused the system to boot loop. Turn off the new capabilities as a
temporary workaround.
Test: build and boot
Change-Id: I62c912619dfdd2384672d504ce5d52330bf2a102
If the 'j' command is used here,it cannot always be called.
The 'tail' command is used here, let the compiler decide
which instruction to use,when the call distance is less
than 1M, it will be compiled into 'j' command, and when
the distance is greater than 1M, it will be compiled
into 'aupic' and 'jr' command.
Test: llvm-objdump -d
Change-Id: I53d8aa7f54b9c4c96fce491487dcba7b63348219
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Don't assume that a `j` will always be in range. Let the toolchain
come up with the shortest sequence that will actually work.
Test: llvm-objdump -d
Change-Id: I497a68ecae434aad173c2b1c8024aed3756b8440
the "tail" command is used here, let the compiler decide
which instruction to use. when the call distance is less
than 1M, it will be compiled into "jr" command, and when
the distance is greater than 1M, it will be compiled
into "aupic" and "jr" command.
Test: make libc
Change-Id: I80d099d25c7cc2439a297d8afc65abeb5a7a360c
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Guarding the definitions of registers with `#if definded(__USE_GNU)`.
This resolves a name conflict with the mesa3d library when
Virgl is enabled.
Test: launch_cvd -console=true -guest_enforce_security=false\
--gpu_mode=drm_virgl
Change-Id: I4402500eff74e26343700c099dd397b8a19a5ee3
Upstream made a change similar to our %s change, so we don't need that
difference any more. (But they didn't seem interested in our GNU
extensions, even though they're sensible ones that just ensure symmetry
between strftime() and strptime().)
Bug: http://b/167569813
Test: treehugger
Change-Id: I1d86d69c87b51719f0583341fafa7802869cd37e
Writing an assembly file can reduce several
assembly instructions, and compare it through
the disassembly of this file
Test: make libc
Change-Id: Ifdcc9c76742cc95b2ad9e3c14fac4796c36e12e6
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Using %m is slightly less code, and means that perror() wouldn't touch
the strerror buffer in TLS. Doesn't matter, but noticed while I was
looking at this for another reason, and since it's _less_ code...
Test: treehugger
Change-Id: I99d31a5c326962958ad843ec4da2c3cc3b93b048
These are just one-liners, and the _FLOCK() macro seemed to me more
obscure than just inlining it (especially because there are only four
call sites total, so it's not like anyone's going to see that macro very
often).
Also add the missing CHECK_FP() calls. I don't expect this to break
anything, but if it does we can add a target API level check.
Test: treehugger
Change-Id: Ifa1a39d5d9eee46cca783acbe9ec3b3a1e6283d9
There's negative value to explicitly calling out Linux and ELF here,
when Android -- and especially this project -- is always both anyway.
No functional change.
Test: treehugger
Change-Id: Ic7514d74a5b5f6f06e64c46486c12773995076cd
The next NDK to take these headers only supports API 21 and later.
Note that this change leaves the _implementation_ of these functions
behind, so that any old apps calling these APIs should continue to work,
you just can't (without declaring the functions yourself) write new ones
that do (and declaring the functions yourself would only work on LP32
anyway, so that's not going to get you very far in 2023).
Test: treehugger
Change-Id: Ie03514e4215b40f6e9feaa6e4bf5df5b16dc8d59
The next NDK to take these headers only supports API 21 and later, but
even if it didn't --- there is no inline!
Test: treehugger
Change-Id: Ibb194e1cbf0a8551bff863d940d92c35ed06a1e1
The next NDK to take these headers only supports API 21 and later, so
clean up some of the trivial cruft.
Test: treehugger
Change-Id: Ib735a776d244cc82858f2ed629dd63a54dbaf650
The next NDK to take these headers only supports API 21 and later, so
clean up some of the trivial cruft.
This doesn't include the remaining "legacy inlines", since they're a bit
more complicated. I'll remove those in later changes.
Test: treehugger
Change-Id: I94c32f6393dd3ae831165917303ea591222baa0d
API level 19 is no longer supported by the NDK.
While I'm here, let's remove the duplicated structure defintion (as
we've already done for `struct stat`).
Test: treehugger
Change-Id: I9d8286f9e7ba803f3131b6dcb0486ff1b0f9d5d1
Get bsearch and other baremetal-compatible functions from NetBSD.
Bug: 249723852
Bug: 262344886
Test: -
Change-Id: Idd90188ae13c84ed35af8f1475370cec0fe8cdbb
These cause great confusion, so explicitly point out that apps can't use
one, and probably want the other.
Bug: https://github.com/android/ndk/issues/1255
Test: N/A
Change-Id: I287e820dc45a8446e3c72c9a2e4007db76828e3b
These are system calls where the "good" names are camped by
implementations that only work for 16-bit ids, and you need to say "32"
on LP32 to get sensible behavior.
Noticed when disabling CONFIG_UID16 in the kernel.
Bug: http://b/266732373
Test: llvm-objdump -d
Change-Id: Ib1b5822b030c4f86df755b129ec7b435a7f77cd3
This mode allows an android_mallopt(M_INITIALIZE_GWP_ASAN, ...) to turn
on the recoverable, sampled mode. This is the intended mode for
non-system apps that don't specify the gwpAsanMode in Android U.
Bug: 247012630
Test: Patch the zygote to use this option, launch an app with
gwpAsanMode unspecified, trigger a use-after-free, assert the app uses
the recoverable mode.
Change-Id: I701e10f44b2e2694789cc5ec6f0af4bc0c55b9e4
GWP-ASan's recoverable mode was landed upstream in
https://reviews.llvm.org/D140173.
This mode allows for a use-after-free or a buffer-overflow bug to be
detected by GWP-ASan, a crash report dumped, but then GWP-ASan (through
the preCrashReport() and postCrashReportRecoverableOnly() hooks) will
patch up the memory so that the process can continue, in spite of the
memory safety bug.
This is desirable, as it allows us to consider migrating non-system apps
from opt-in GWP-ASan to opt-out GWP-ASan. The major concern was "if we
make it opt-out, then bad apps will start crashing". If we don't crash,
problem solved :). Obviously, we'll need to do this with an amount of
process sampling to mitigate against the 70KiB memory overhead.
The biggest problem is that the debuggerd signal handler isn't the first
signal handler for apps, it's the sigchain handler inside of libart.
Clearly, the sigchain handler needs to ask us whether the crash is
GWP-ASan's fault, and if so, please patch up the allocator. Because of
linker namespace restrictions, libart can't directly ask the linker
(which is where debuggerd lies), so we provide a proxy function in libc.
Test: Build the platform, run sanitizer-status and various test apps
with recoverable gwp-asan. Assert that it doesn't crash, and we get a
debuggerd report.
Bug: 247012630
Change-Id: I86d5e27a9ca5531c8942e62647fd377c3cd36dfd
In some cases, the nullability of the pointer argument is too
complicated. Developers have better check relevant manuals or
code before annotating.
Bugs: b/245972273
Test: None
Change-Id: I3589a5080b267d1766cc8ed99868129ac16e4012
Some operations wind up allocating then freeing a significant
amount of memory. So after those operations, do a purge so that
the RSS of the process is not artificially inflated.
Bug: 262321164
Test: Ran unit tests.
Test: Verified after this change, the RSS does not go up after running
Test: am dumpheap -n <PID>.
Change-Id: I08477f8ce12c06fd2a068f536a81f4a577d619e2
This patch doesn't *enable* the SVE optimized routines, but it does let
us see if switching them to ifuncs will cause any app compat issues, so
that we can more easily use the optimized routines in future.
Test: treehugger
Change-Id: Ic5fe570bd21687da397b48127bf688f7ec68dd0c
The MTE-compatible routines are now faster than the incompatible ones,
so they merged them upstream.
I've left the ifunc boilerplate on the assumption that I'll be back
later to enable the new SVE variants.
Test: treehugger
Change-Id: Ic894bfb350b9aa70e307bca1c4978624b3e5f4fd
It makes sense that callers to getauxval() should have to pay for a
search --- that's exactly what they're asking for. But it seems silly
and unfair for the same to be true of sysconf() --- that's just an
implementation detail. Call getpagesize() directly instead.
Test: treehugger
Change-Id: I327adc55ace73bc6da68c4b34bf829d377bcbd1a
Using the long option names might not fit in the malloc debug option
property since properties have a 92 character limit.
This patch creates new aliases for the original options.
Bug: 264504531
Test: set new options pass
Test: Config unit tests pass.
Change-Id: Id985720f36a2bf0da7b35ff444c2c80eb1fb4363
The clang-analyzer-unix.Malloc and other warnings in these
unit tests are either false positive or in
negative tests that can be ignored.
Bug: 259995529
Test: presubmits; make tidy-bionic-libc_subset
Change-Id: Iddabe613d21d3717ba34f9e4d5bb97436279649f
We swap the 2nd and 3rd arguments to the CallocEntry constructor
to match the order in the cpp file, and match the C calloc convention.
We also fix an invocation of this constructor.
Change-Id: Iebe16d82a74459e5e957c1d9e2cc1aebb15150d0
Test: TreeHugger
This is a no-op but will be used in upcoming scudo changes that allow to
change the buffer size at process startup time, and as such we will no
longer be able to call __scudo_get_ring_buffer_size in debuggerd.
Bug: 263287052
Change-Id: I18f166fc136ac8314d748eb80a806defcc25c9fd
With timestamps, we are able to tell the details of allocator
performance such as the average time for malloc() in different size
class, the potential contention time by examing the overlap between
operations, .etc.
Not all malloc et al. operations are recorded with timestamp. Only
operations relates to memory usage change will have them.
Test: All unit tests pass.
Change-Id: I5c2016246a6f10b221387001bb44778969bb26ae
Add strtol (required by libfdt), which only depends on libc functions
the library already provides or requires.
Bug: 232900974
Test: m pvmfw_bin # with aosp/2314779
Change-Id: I460571b64369c6bf45fef213252f305e978c694d
Add __memcpy_chk (used by BoringSSL) and start documenting the
dependencies that the baremetal environment needs to provide to
successfully link the library.
Bug: 256148034
Bug: 256827715
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I0d61f4efc5cc26a95b74870be7cd7eebeeb0bd3a
Linux uapi headers use __packed as an abbreviation for
__attribute__((__packed__)). In the upstream kernel headers this
is defined in linux/compiler_attributes.h, but it is not defined
in the uapi headers. Bionic defines it in sys/cdefs.h, which will
almost always provide the needed definition, but there are uapi
headers that use __packed and do not include any system headers
that would include sys/cdefs.h. Musl's sys/cdefs.h does not
define __packed, which leads to linker errors when __packed is
treated as a variable name.
Replace __packed with __attribute__((__packed__)) when importing
uapi headers to break the dependency on sys/cdefs.h.
Test: m USE_HOST_MUSL=true on oriole-userdebug in internal master
Change-Id: I45f80f4e5aec868b80ce8eb9d757a3e08ae3e1a9
This reverts commit fa0e022b06.
Reason for revert: Appears to be causing crash_dump crashes in Go and/or 32-bit
Bug: 262391724
Change-Id: I3964aa9d6c7005313e6bf95b7e87d6a2ab08b52d
Test: Local revert on wembley
LLVM/rustc compiling no_std code expects a few libc symbols to be
defined (memcpy, memset, memcmp). Previously, we used the arm64 library
directly; instead, make the dependency arch-agnostic by exporting it
from Bionic, making it easier to add more libc functions (that might not
be implemented by the optimized routines), as necessary.
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I1d2cc69a25bbb7eddc67357a028b7b79d4909e79
* changes:
Expose unwinder APIs in NDK stubs for R and up.
Use abi::__cxa_demangle declared in cxxabi.h
__cxa_atexit_test: declare __cxa_atexit and __cxa_finalize
We still have local differences, but this minimizes (and documents) them.
Bug: http://b/167569813
Test: treehugger
Change-Id: Ib90e6ccc5ec1224e7ee89224a51b87fc48c9931f
These APIs are exposed in the on-device libc.so's .dynsym table from R
and up (e.g. _Unwind_xxx@@LIBC_R), but they were only available in the
APEX and LLNDK stubs. Expose the symbols from the NDK stubs too so that
the LLVM toolchain build can build a libc++.so that imports the
unwinder from libc.so. (The platform/APEX libc++.so will become a
toolchain prebuilt.)
Eventually this change will also allows apps to use the unwinder from
libc.so rather than linking libunwind.a statically.
Bug: http://b/175635923
Test: treehugger
Change-Id: I7ba9cef9a4727b49dd717e25a0321bf2889694de
We shouldn't need to poke these holes in seccomp now we're building the
sanitizers correctly.
Bug: http://b/229989971
Test: cuttlefish still boots with nothing untoward in the log
Change-Id: I2f9a050a86e670f000f44ad266ffdf404f3a1d1a
Remove copy_file_range(2), preadv2(2), and pwritev2(2), all of which are
now in SYSCALLS.TXT.
Remove semtimedop_time64(2) since it doesn't make any sense to have an
exception for just the 64-bit-time_t-on-LP32 variant of a syscall we
don't even use --- this is the least likely variant of that syscall
to need an exception!
Also clean up the unnecessary foo:foo syntax (you only need the : if you
want the generated stub to have a different name, and here the names
were all identical _and_ the whole point of this file is to list
syscalls that we're not generating stubs for, this was doubly useless),
simplify the signatures to just the types (which is all we need), and
improve some of the commentary.
Test: treehugger
Change-Id: I691b5758a2165be9bbeafdd83f0c64d7eea987e5
Treehugger didn't test 32-bit (and neither, of course, had I), so we
didn't notice until the next day that I'd only added the new check to
the 64-bit codepath. Let's just unify the two, since there's only one
line of meaningful difference.
Bug: http://b/261092827
Test: treehugger
Change-Id: I5178257a76fe24a340b3659c85ad29ed0a7b8b50
This one's a bit simpler, because there is only one upstream memset()
implementation.
Test: treehugger
Change-Id: I2536d0eb72adaacfa6a0e40d2bd29fc833988c16
