These cause great confusion, so explicitly point out that apps can't use
one, and probably want the other.
Bug: https://github.com/android/ndk/issues/1255
Test: N/A
Change-Id: I287e820dc45a8446e3c72c9a2e4007db76828e3b
These are system calls where the "good" names are camped by
implementations that only work for 16-bit ids, and you need to say "32"
on LP32 to get sensible behavior.
Noticed when disabling CONFIG_UID16 in the kernel.
Bug: http://b/266732373
Test: llvm-objdump -d
Change-Id: Ib1b5822b030c4f86df755b129ec7b435a7f77cd3
This mode allows an android_mallopt(M_INITIALIZE_GWP_ASAN, ...) to turn
on the recoverable, sampled mode. This is the intended mode for
non-system apps that don't specify the gwpAsanMode in Android U.
Bug: 247012630
Test: Patch the zygote to use this option, launch an app with
gwpAsanMode unspecified, trigger a use-after-free, assert the app uses
the recoverable mode.
Change-Id: I701e10f44b2e2694789cc5ec6f0af4bc0c55b9e4
GWP-ASan's recoverable mode was landed upstream in
https://reviews.llvm.org/D140173.
This mode allows for a use-after-free or a buffer-overflow bug to be
detected by GWP-ASan, a crash report dumped, but then GWP-ASan (through
the preCrashReport() and postCrashReportRecoverableOnly() hooks) will
patch up the memory so that the process can continue, in spite of the
memory safety bug.
This is desirable, as it allows us to consider migrating non-system apps
from opt-in GWP-ASan to opt-out GWP-ASan. The major concern was "if we
make it opt-out, then bad apps will start crashing". If we don't crash,
problem solved :). Obviously, we'll need to do this with an amount of
process sampling to mitigate against the 70KiB memory overhead.
The biggest problem is that the debuggerd signal handler isn't the first
signal handler for apps, it's the sigchain handler inside of libart.
Clearly, the sigchain handler needs to ask us whether the crash is
GWP-ASan's fault, and if so, please patch up the allocator. Because of
linker namespace restrictions, libart can't directly ask the linker
(which is where debuggerd lies), so we provide a proxy function in libc.
Test: Build the platform, run sanitizer-status and various test apps
with recoverable gwp-asan. Assert that it doesn't crash, and we get a
debuggerd report.
Bug: 247012630
Change-Id: I86d5e27a9ca5531c8942e62647fd377c3cd36dfd
In some cases, the nullability of the pointer argument is too
complicated. Developers have better check relevant manuals or
code before annotating.
Bugs: b/245972273
Test: None
Change-Id: I3589a5080b267d1766cc8ed99868129ac16e4012
Some operations wind up allocating then freeing a significant
amount of memory. So after those operations, do a purge so that
the RSS of the process is not artificially inflated.
Bug: 262321164
Test: Ran unit tests.
Test: Verified after this change, the RSS does not go up after running
Test: am dumpheap -n <PID>.
Change-Id: I08477f8ce12c06fd2a068f536a81f4a577d619e2
This patch doesn't *enable* the SVE optimized routines, but it does let
us see if switching them to ifuncs will cause any app compat issues, so
that we can more easily use the optimized routines in future.
Test: treehugger
Change-Id: Ic5fe570bd21687da397b48127bf688f7ec68dd0c
The MTE-compatible routines are now faster than the incompatible ones,
so they merged them upstream.
I've left the ifunc boilerplate on the assumption that I'll be back
later to enable the new SVE variants.
Test: treehugger
Change-Id: Ic894bfb350b9aa70e307bca1c4978624b3e5f4fd
It makes sense that callers to getauxval() should have to pay for a
search --- that's exactly what they're asking for. But it seems silly
and unfair for the same to be true of sysconf() --- that's just an
implementation detail. Call getpagesize() directly instead.
Test: treehugger
Change-Id: I327adc55ace73bc6da68c4b34bf829d377bcbd1a
Using the long option names might not fit in the malloc debug option
property since properties have a 92 character limit.
This patch creates new aliases for the original options.
Bug: 264504531
Test: set new options pass
Test: Config unit tests pass.
Change-Id: Id985720f36a2bf0da7b35ff444c2c80eb1fb4363
The clang-analyzer-unix.Malloc and other warnings in these
unit tests are either false positive or in
negative tests that can be ignored.
Bug: 259995529
Test: presubmits; make tidy-bionic-libc_subset
Change-Id: Iddabe613d21d3717ba34f9e4d5bb97436279649f
We swap the 2nd and 3rd arguments to the CallocEntry constructor
to match the order in the cpp file, and match the C calloc convention.
We also fix an invocation of this constructor.
Change-Id: Iebe16d82a74459e5e957c1d9e2cc1aebb15150d0
Test: TreeHugger
This is a no-op but will be used in upcoming scudo changes that allow to
change the buffer size at process startup time, and as such we will no
longer be able to call __scudo_get_ring_buffer_size in debuggerd.
Bug: 263287052
Change-Id: I18f166fc136ac8314d748eb80a806defcc25c9fd
With timestamps, we are able to tell the details of allocator
performance such as the average time for malloc() in different size
class, the potential contention time by examing the overlap between
operations, .etc.
Not all malloc et al. operations are recorded with timestamp. Only
operations relates to memory usage change will have them.
Test: All unit tests pass.
Change-Id: I5c2016246a6f10b221387001bb44778969bb26ae
Add strtol (required by libfdt), which only depends on libc functions
the library already provides or requires.
Bug: 232900974
Test: m pvmfw_bin # with aosp/2314779
Change-Id: I460571b64369c6bf45fef213252f305e978c694d
Add __memcpy_chk (used by BoringSSL) and start documenting the
dependencies that the baremetal environment needs to provide to
successfully link the library.
Bug: 256148034
Bug: 256827715
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I0d61f4efc5cc26a95b74870be7cd7eebeeb0bd3a
Linux uapi headers use __packed as an abbreviation for
__attribute__((__packed__)). In the upstream kernel headers this
is defined in linux/compiler_attributes.h, but it is not defined
in the uapi headers. Bionic defines it in sys/cdefs.h, which will
almost always provide the needed definition, but there are uapi
headers that use __packed and do not include any system headers
that would include sys/cdefs.h. Musl's sys/cdefs.h does not
define __packed, which leads to linker errors when __packed is
treated as a variable name.
Replace __packed with __attribute__((__packed__)) when importing
uapi headers to break the dependency on sys/cdefs.h.
Test: m USE_HOST_MUSL=true on oriole-userdebug in internal master
Change-Id: I45f80f4e5aec868b80ce8eb9d757a3e08ae3e1a9
This reverts commit fa0e022b06.
Reason for revert: Appears to be causing crash_dump crashes in Go and/or 32-bit
Bug: 262391724
Change-Id: I3964aa9d6c7005313e6bf95b7e87d6a2ab08b52d
Test: Local revert on wembley
LLVM/rustc compiling no_std code expects a few libc symbols to be
defined (memcpy, memset, memcmp). Previously, we used the arm64 library
directly; instead, make the dependency arch-agnostic by exporting it
from Bionic, making it easier to add more libc functions (that might not
be implemented by the optimized routines), as necessary.
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I1d2cc69a25bbb7eddc67357a028b7b79d4909e79
* changes:
Expose unwinder APIs in NDK stubs for R and up.
Use abi::__cxa_demangle declared in cxxabi.h
__cxa_atexit_test: declare __cxa_atexit and __cxa_finalize
We still have local differences, but this minimizes (and documents) them.
Bug: http://b/167569813
Test: treehugger
Change-Id: Ib90e6ccc5ec1224e7ee89224a51b87fc48c9931f
These APIs are exposed in the on-device libc.so's .dynsym table from R
and up (e.g. _Unwind_xxx@@LIBC_R), but they were only available in the
APEX and LLNDK stubs. Expose the symbols from the NDK stubs too so that
the LLVM toolchain build can build a libc++.so that imports the
unwinder from libc.so. (The platform/APEX libc++.so will become a
toolchain prebuilt.)
Eventually this change will also allows apps to use the unwinder from
libc.so rather than linking libunwind.a statically.
Bug: http://b/175635923
Test: treehugger
Change-Id: I7ba9cef9a4727b49dd717e25a0321bf2889694de
We shouldn't need to poke these holes in seccomp now we're building the
sanitizers correctly.
Bug: http://b/229989971
Test: cuttlefish still boots with nothing untoward in the log
Change-Id: I2f9a050a86e670f000f44ad266ffdf404f3a1d1a
Remove copy_file_range(2), preadv2(2), and pwritev2(2), all of which are
now in SYSCALLS.TXT.
Remove semtimedop_time64(2) since it doesn't make any sense to have an
exception for just the 64-bit-time_t-on-LP32 variant of a syscall we
don't even use --- this is the least likely variant of that syscall
to need an exception!
Also clean up the unnecessary foo:foo syntax (you only need the : if you
want the generated stub to have a different name, and here the names
were all identical _and_ the whole point of this file is to list
syscalls that we're not generating stubs for, this was doubly useless),
simplify the signatures to just the types (which is all we need), and
improve some of the commentary.
Test: treehugger
Change-Id: I691b5758a2165be9bbeafdd83f0c64d7eea987e5
Treehugger didn't test 32-bit (and neither, of course, had I), so we
didn't notice until the next day that I'd only added the new check to
the 64-bit codepath. Let's just unify the two, since there's only one
line of meaningful difference.
Bug: http://b/261092827
Test: treehugger
Change-Id: I5178257a76fe24a340b3659c85ad29ed0a7b8b50
This one's a bit simpler, because there is only one upstream memset()
implementation.
Test: treehugger
Change-Id: I2536d0eb72adaacfa6a0e40d2bd29fc833988c16
Outsource this to them, and choose the best of the two options available
based on the hardware we're running on.
Test: treehugger
Change-Id: I2fa7555c971b64a6decca132210e901ffa248efa
These two will stay behind when we move memcpy()/memmove()/memset() over
to arm-optimized-routines (which leaves fortify to us).
Test: treehugger
Change-Id: Ie683f71a5a141263ce3f4e8811df9eaf667584f4
Just to make it clear that there's nothing interesting going on here ---
there's just one user, and the only symbol here is __memcpy().
Test: treehugger
Change-Id: I62d72c43c4c6d30442f05c1e08a0cb1a1ec42a8a
The compiler turns our C wmemmove() into one shift instruction and a
branch, which is plenty for a function no-one uses anyway.
Why don't I just leave this alone, since we already have it? Because I'm
looking at finishing the project of "switch to arm-optimized-routines"
and getting rid of our assembler here, and Arm agrees that this isn't
worth having optimized assembler for in their optimized assembler
project, judging by its absence.
Test: treehugger
Change-Id: I985801241a8cbd7dbda51a447946affb1402effb
I can't find this documented anywhere, other than people observing that
RISC-V appears to behave in this way. See the LLVM commit making a
similar change to similar code, for example: https://reviews.llvm.org/D87579.
Unsatisfying, but it works, and I suspect we're all too far down this
copy & paste hole to get back out now. See also psabi bug
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/issues/18 for
more discussion.
Change-Id: I9e9d60bf859715895370861b2024deeb1d330577
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
It's hard to find the start of the previous instruction for riscv64
(given the C extension), and discussion with the ART folks cast doubt
on the comment's claim that we do this correctly for arm32 anyway.
So, rather than add complexity for riscv64, let's simplify this routine
for everyone. I suspect we could probably get away with just `--ip` for
all architectures, but since it's trivial to at least maintain plausible
alignment, I've stuck with the correct "at least" byte counts instead.
(See the discussion on
https://lists.riscv.org/g/sig-android/topic/detecting_16_bit_vs_32_bit/94813787
for more about riscv64 specifically.)
Test: treehugger
Change-Id: Ie43451d329470b3ece8779d11eb705d24d01c3d7
We don't need this (any more than arm64 does), because riscv64 is too
new to have had a too-small sigset_t, but it's useful for source code
compatibility with code that needs to build on arm32/x86 too.
Test: treehugger
Change-Id: Ied5f64d9094bc7d31c059f82f9e4ffe9b8ca4061
These have been aliases for strtoll() and strtoull() since L, by
accident. We've never exposed them in the headers, and they're unused by
any apps. Let's fix the inconsistency between libc.so and its headers by
removing the aliases.
Bug: https://github.com/android/ndk/issues/1803
Test: treehugger
Change-Id: I87de7831c04b3e450a44e9f0386cacb73793e393
Previously we'd output a diagnostic but just blindly carry on.
Test: ran locally without my previous fix
Change-Id: I99a2411eae5bd72d97b6a4335c699d1e44d7b55a
I don't think we need or want to do this. Most other architectures
don't.
Test: bionic-unit-tests-static
Change-Id: I3ad31926909caf0a37e73ac6cbac1fecd02ea6de
This was allowed implicitly until we moved bionic over to renameat2(2)
because that's all riscv64 has. This restores the status quo for the
other architectures (while keeping everyone using renameat2(2) if they
go via bionic, for consistency).
Bug: http://b/254179267
Test: treehugger
Change-Id: Ib7ebfbf043e1be3eca4b64fdf04ee55d6eb31aed
Due to commit 594844244237091347b62e8fbbc8a2851258db50 (update
stable to r468909b) the path for python3-clang support was moved from
prebuilts/clang/host/linux-x86/clang-stable/lib64/python3/site-packages
to:
prebuilts/clang/host/linux-x86/clang-stable/lib/python3/site-packages
Change the imports to point to the correct place.
Without the change:
Traceback (most recent call last):
File "bionic/libc/kernel/tools/./clean_header.py", line 72, in <module>
import sys, cpp, kernel, glob, os, re, getopt
File "bionic/libc/kernel/tools/cpp.py", line 19, in <module>
import clang.cindex
ModuleNotFoundError: No module named 'clang'
Bug: 254401594
Test: execute clean_headers.py
Signed-off-by: Pat Tjin <pattjin@google.com>
Change-Id: Ibf1423fbe78ee009366e26905c4a09e68ac8ff9b
The ndk sysroot does not include the crt*.o objects, package them
separately for use in the llvm toolchain build.
Test: lunch aosp_riscv64-userdebug && m bionic_sysroot_crt_objects
Change-Id: I0bda12b7979a026441bb67387709ee94b3249b6b
Add riscv64 kernel headers to the ndk sysroot for use by the LLVM
toolchain build. They will not be shipped in the real NDK.
Test: lunch aosp_riscv64-userdebug && m ndk_sysroot
Change-Id: I804e66b56919b84fa5dc03d432ae673ea4f31615
The arch variant of genrule.out will be soon disallowed in soong.
Bug: 253645813
Test: Manually build.
Change-Id: I2d5daa67b4e10f4abddebc98775df18df485843f
The arch variant of genrule.out will be soon disallowed in soong.
Bug: 253645813
Test: Manually build.
Change-Id: Ia07d45195de8c22f18487aef34795279d2962c4c
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: m
Change-Id: I02cf117f67bda74516e4de8cd6f4c05efdb9a85b
Pull the portable C string functions from FreeBSD, and do fairly literal
translations of our existing .S files for the bionic-specific stuff.
Test: treehugger
Change-Id: Id42e5b8a51ed73155be020d74edd7011a2103574
These are sufficiently intertwined that they need to be done together.
riscv64 is our first primary-only architecture, so that required some
changes. The .bp changes are to support this --- we need to only show
the python scripts the architectures they'll actually be using, rather
than showing them everything and ignoring some of the results.
riscv64 is also the first architecture that post-dates the kernel's
64-bit time work, so there's a bit of extra fiddling needed to handle
the __NR3264_ indirection in the uapi headers.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: local builds for x86-64 and riscv64
Change-Id: I74044744e80b312088f805c44fbd667c9bfcdc69
Actually, we don't want to reuse the kernel struct ucontext because its
uc_mcontext has the wrong type, which means the fields within that end
up with the wrong names. Add the call site that made that evident, and
update <sys/ucontext.h> appropriately.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: If1d079afef0d5953aa22d9b0e049cfb0119c7718
Empty, at least for now. The other libcs seem not to have invented types
here, so let's see whether there's really a call for them before we do.
Test: treehugger
Change-Id: Icbace2c02abc011388edc8e3e238bb64c640feb7
In particular, it contains all the riscv64 definitions we need, and lets
us clear up a lot of our existing ELF headers.
The other two BSDs seem to have errors and/or gaps in their riscv64
constants.
Test: treehugger
Change-Id: I92e48ef56c52c271ff6ed341b82169aa91f11d98
I was going to add riscv64 and define __riscv_xlen to 64 here, but our
"preprocessor" in python can't simpify `MACRO_NAME == 123` expressions
anyway. Rather than add another empty map, remove the other unused maps
and explain why this functionality is still useful as long as the legacy
32-bit ABIs are still with us.
Test: treehugger
Change-Id: I553059942920e7d323a0ca8a6fd5f39bc2d35063
We added this symbol somewhat inconsistently, with arm and x86-64 in one
release and arm64 in another. It doesn't really matter where we add
riscv64 (since there was no riscv64 at either of these now-historical
API levels), so arbitrarily go with the majority.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: I1ef1e0ebdbece728aaef52c08ee57cca1197cb95
(And all other new architectures.)
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: Iceb2dd16c738302624980179788c4a2e68b797ed
The alternative would be to define an "lp64" shorthand like we have for
SYSCALLS.TXT, but since this functionality is only used by bionic and
old frameworks code to document historical oddities, it's unclear that
it's worth implementing. We shouldn't ever need architecture-specific
annotations again in future.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: Id64b1746e7490b2d7ad3e4627e9908c28f8f23ba
Looks like we're not using this any more, so rather than add risc-v,
let's just remove this list.
Test: treehugger
Change-Id: I24bb22235c55d48c7dcbae94514ce8dcd03521c3
risc-v doesn't have renameat(2), only renameat2(2). Similar to other
architectures, let's make sure everyone's on the same code path by
having all implementations of renameat() go via renameat2().
I've also moved the existing rename()-in-terms-of-renameat() to be in
terms of renameat2() to cut out the middleman!
Test: treehugger
Change-Id: Ibe5e69aca5b39ea014001540bcd4fd3003e665cb
When I followed these instructions for risc-v, I mistakenly thought
that the auto-download option was a convenience that would get the
currently-approved headers, not the absolute latest. Make it clearer in
the documentation that this is for experts only, not for production.
Test: N/A
Change-Id: Iedce8ca0403b83e13bbe339cf343f85a37e99334
In particular, explain why we don't have process_mremove(), and why
adding this was probably a mistake (lest it be used as precedent for
similar bad decisions in future).
Also add the missing __INTRODUCED_IN().
Test: treehugger
Change-Id: Ic2d7ef32f6e288353b5be2bffd000ad2f501bf39
At the time I added <stdio_ext.h>, I just added what was on the man
page (which matched glibc), not realizing that musl and glibc had
slightly different functionality in their headers.
The toybox maintainer came up with a legitimate use case for this, for
which there is no portable workaround, so I'm adding it here. I'm not
adding the other functions that are in musl but not glibc for lack of a
motivating use case.
Bug: http://lists.landley.net/htdig.cgi/toybox-landley.net/2022-April/020864.html
Test: treehugger
Change-Id: I073baa86ff0271064d4e2f20a584d38787ead6b0
There are many cases where there are no more allocations
when a dump of the record allocs might occur. Move the entries
being written to file in the interrupt handler.
Update the unit tests for this new functionality and add a new
unit test that verifies no allocations occur while the entries
are being written.
Fix the unit tests so that the record allocs files get deleted
properly.
Test: All unit tests pass.
Test: Ran 1000 iterations of unit tests to verify no flakes.
Change-Id: I20941596c1dda5a761522050dc155b06f3f3e735
This creates a dependency edge between the ndk_library and its headers,
which should be a no-op in regular Soong builds. This dependency edge
will be used in the Multi-tree project to export the relevant .h files into a well
known location
Test: m nothing
Bug: 239044713
Change-Id: I3f38edfbb8ce6b47dd4e73de4e1e0ad7a371799c
This turns out to over-export GWP-ASan headers to apexes. This is
unnecessary, GWP-ASan headers should only be referenced by libc
internally and debuggerd.
Test: m
Bug: N/A
Change-Id: I04bb8ceb094e681366a4931185906e67ce420c17
setjmp() and _setjmp() were already correct, but we'd missed
sigsetjmp(). Found while investigating a toybox timeout(1) failure on
macOS, which doesn't annotate _any_ of these functions.
Also add all the missing doc comments while I'm here.
Test: treehugger
Change-Id: I69dc2587d140916d172237173c2bd56547a4ed8a
Coming to C23 via WG14 N2630.
This one is a little interesting, because it actually changes existing
behavior. Previously "0b101" would be parsed as "0", "b", "101" by these
functions. I'm led to believe that glibc plans to actually have separate
versions of these functions for C23 and pre-C23, so callers can have the
behavior they (implicitly) specify by virtue of which -std= they compile
with. Android has never really done anything like that, and I'm pretty
sure app developers have more than enough to worry about with API levels
without having to deal with the cartesian product of API level and C
standard.
Therefore, my plan A is "if you're running on Android >= U, you get C23
behavior". My plan B in the (I think unlikely) event that that actually
causes trouble for anyone is "if you're _targeting_ Android >= U, you
get C23 behavior". I don't think we'd actually want to have two versions
of each of these functions under any circumstances --- that seems by far
the most confusing option.
Test: treehugger
Change-Id: I0bbb30315d3fabd306905ad1484361f5d8745935
Kernel headers coming from:
Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.19
Test: Builds on coral.
Test: All bionic unit tests pass on a coral device.
Test: Able to log in to wembley system.
Change-Id: I6fa6f6edb59f2cef990a7ba96877d9f2d3974c62
The latest kernel has a struct that needs to be removed,
but the struct crosses blocks. Add support for removing a
struct that does cross blocks. This support is very primitive,
and will not parse any really complicated struct that uses
defines in complicated ways.
Combine the kernel_structs_to_remove and kernel_struct_replacements
structure into a single map. This allows marking a structure
to be removed as replaced with an #include <bits/STRUCT.h>.
The new support for the remove of structures is all in the
removeStructs function.
Raise an exception if the struct parsing does not work properly.
Add new unit tests for all of the new code.
In addition, fix the algorithm for deleting the uapi directory
before it gets updated. A new file BUILD was checking in that
directory, so delete everything in the directory except that
BUILD file.
Test: Unit tests pass.
Test: Running update_all.py results in the no unexpected changes.
Change-Id: I9a8cef0321beaf71d03b5b874327747a7edb6119
The map function returns a list in python2, but not in python3.
Force the test in cpp.py get_blocks() function to return a list.
Test: All cpp.py unit tests pass.
Change-Id: I1a63b92ac6cdb785830846fbd7e726eca7520e96
Coming to C23 via WG14 N2630, and already in glibc.
We're still missing clang support for %b and %B in format string checking,
but it's probably easier to fix this first. (Apparently GCC already has
support because of glibc.)
Test: treehugger
Change-Id: Ie8bfe4630d00c50e1d047d6756a7f799205356db
Noticed by "NRK": https://www.openwall.com/lists/musl/2022/07/29/5
We don't have this problem elsewhere in bionic because it's so rare to
call getline() without a loop, and the free() is always outside the loop
because that's a handy optimization.
Test: treehugger
Change-Id: Iff8845aa226d87357b38cf4a285fc1be3cac5659
The FILE::_read function pointer takes an int rather than a size_t, so
we need to be careful to break large reads up for it.
fwrite() hasn't (yet) been optimized in this way, so it's immune for
now, but add the corresponding write test anyway.
Seeking already uses a off64_t function pointer where possible, so I
don't think there's anything more to be done there.
No other function pointers in FILE are relevant.
Bug: https://issuetracker.google.com/240139009
Test: treehugger
Change-Id: Ife2537e10f178bb0d980719592539f4b00b67031
It came up on the musl mailing list that there's not actually any need
to iterate over the directory entries:
https://www.openwall.com/lists/musl/2022/07/27/1
This lets us reuse the code for "online" processors in the
implementation of "configured" processors. The question of whether
"configured" should correspond to Linux's "possible" or "present" isn't
obvious to me, but the distinction seems unlikely to matter on mobile
devices anyway, and that's a trivial change should it ever be needed.
Plus the motivating argument from the person who brought this up was
that callers asking for "configured" processors are probably asking for
an upper bound, which sounds convincing to me.
Test: treehugger
Change-Id: I0d4e13538dc6b09a6dba520d9ac24f436906f7c0
Get rid of the bad precedent of having the architecture variant in the
file name *and* directory name.
Test: treehugger
Change-Id: I78582c12b4390578c51d52d4dd86f57470129abf
For correct %z output tzcode requires tm struct to be modified by
mktime call or be output of localtime. But as TM_ZONE is null, we
are comparing against +0000.
See https://mm.icann.org/pipermail/tz/2022-July/031674.html
Europe/Lisbon test is added to confirm that current implementation
deviates from libc specification and uses more than just tm_isdst
to find out a time zone's offset.
Bug: 239128167
Test: adb shell /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
Test: adb shell /data/nativetest/bionic-unit-tests-static/bionic-unit-tests-static
Change-Id: Ic27775c840467c4e9ef55bc730a313709372314b
Note that this is only a partial update; some other files have changes
upstream that aren't here, but they're changes that seem to require a
bit more thought, whereas these seem easy (and the base64.c and fputws.c
C2x compatibility changes were the motivation to sync right now).
Test: treehugger
Change-Id: I2f86708e25bcb9e779ecb6f9643b769cd4f83240
This reverts commit 4e013233b8.
Issue was in unexpected returned fd and errno value combination.
See comments in bionic.cpp and time_test.cpp.
Bug: 236967833
Fix: 236967833
Test: atest CtsBionicTestCases
Test: atest toybox-tests
Change-Id: I51b3e1527ff16b2a6ea4d6fedf8102019f7fd896
As part of go/multitree-design, build dependencies between API domains
must be via stable API surfaces. The contributions to the API surfaces
will be declared in BUILD files so that we can skip the
migration from Soong->Bazel entirely for this (go/multi-tree-api-export)
libc is one such component of the system API domain that contributes to
the public API surface. This CL declares libc's contributions (its
headers/.map.txt/other_metadata). These BUILD files were generated
manually by looking at existing Android.bp files.
Test: STANDALONE_BAZEL=1 tools/bazel cquery
//bionic/libc:libc_contributions --output=starlark
--starlark:expr="providers(target).get(\"//build/bazel/rules/apis:cc_api_contribution.bzl%CcApiContributionInfo\")"
2>/dev/null | less
Change-Id: If2a429b782651872fd6d8bf8c291439fdf838d85
Adds persistent sysprops for test infra usage, and adds the tests for
the sysprops.
The test does some fancy flocking in order to restore any existing
GWP-ASan sysprop usage in the test cleanup.
Bug: 236738714
Test: atest bionic-unit-tests
Change-Id: I8956296d39c98ce8c7dd0a703b240530d8ad48db
That was place where APK update mechanism placed tzdata file. Now
the mechanism is removed, so no need to look for tzdata there.
Bug: 148144561
Test: atest CtsBionicTestCases
Test: atest BionicTzdbConsistencyTest
Change-Id: I584400a75651cf24a25df74c7007fcd584838395
This file is included in libandroid_support.a, where using new/delete
breaks libc++ tests that assume that libc++ makes no extraneous
new/delete calls.
This CL changes newlocale/duplocale to return NULL on out-of-memory.
Previously, the behavior varied:
- libc.so: aborted using async_safe_fatal
- libandroid_support.a: throws std::bad_alloc
Bug: none
Test: std/input.output/filesystems/class.path/path.member/path.assign/move.pass.cpp
Test: libcxx/localization/locales/locale/locale.types/locale.facet/no_allocation.pass.cpp
Test: std/input.output/filesystems/class.path/path.member/path.construct/move.pass.cpp
Change-Id: I38c772f249f32322afb9402ebeeb4bb65a908b59
Kernel headers coming from:
Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.18
The file bionic/libc/kernel/uapi/linux/android/binder.h had a bug
in the original 5.18 kernel headers. This was fixed upstream, so
add a comment to the structure but leave the incorrect field the
same as the 5.17 kernel headers.
Bug: 234125620
Test: Builds.
Test: All bionic unit tests pass on a coral device.
Test: Able to log in to wembley system.
Change-Id: Ia72cafbe71fd894c599e15aa5334d7bbcbe74778
TZDEFAULT not applicable to bionic as there is no file per time
zone mapping.
Bug: 25413083
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
Test: CtsBionicTestCases
Change-Id: Ie489b5b2cda6c6f623f32e5413da77ec5eaa823f
Upstream has renamed tzsetlcl to tzset_unlocked. As bionic's
implementation of tzset_unlock differs from upstream, these changes were
skipped.
Also, upstream has removed constants (SECSPERMIN, etc) from tzfile.h. As
they are used in strptime.c, I've decided to leave them in tzfile.h and
to not bring them into strptime.c.
HAVE_TZNAME and USG_COMPAT flags semantics were updated, thus setting
their values to 2 in Android.bp file. See
1a27ec76bc
* 4742526b7e
and 0e8f0b06ac
were picked up, which are not part of 2022a.
Changes were applied using following commands:
1) Checkout tzcode repo
2) Prepare patches for all tzcode file using
git diff 2016g 2021e -- <file-name> > <file-name-patch>
3) Apply these patches to files in bionic using
patch -p1 <file-name> <file-name-patch>
Bug: 25413083
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
Test: CtsBionicTestCases
Change-Id: I9aba4cbeab30171a32f94d20c8e4057804a4c01f
With memtag_stack, each function is responsible for cleaning up
allocation tags for its stack frame. Allocation tags for anything below
SP must match the address tag in SP.
Both vfork and longjmp implement non-local control transfer which
abandons part of the stack without proper cleanup. Update allocation
tags:
* For longjmp, we know both source and destination values of SP.
* For vfork, save the value of SP before exit() or exec*() - the only
valid ways of ending the child process according to POSIX - and reset
tags from there to SP-in-parent.
This is not 100% solid and can be confused by a number of hopefully
uncommon conditions:
* Segmented stacks.
* Longjmp from sigaltstack into the main stack.
* Some kind of userspace thread implementation using longjmp (that's UB,
longjmp can only return to the caller on the current stack).
* and other strange things.
This change adds a sanity limit on the size of the tag cleanup. Also,
this logic is only activated in the binaries that carry the
NT_MEMTAG_STACK note (set by -fsanitize=memtag-stack) which is meant as
a debugging configuration, is not compatible with pre-armv9 CPUs, and
should not be set on production code.
Bug: b/174878242
Test: fvp_mini with ToT LLVM (more test in a separate change)
Change-Id: Ibef8b2fc5a6ce85c8e562dead1019964d9f6b80b
Map all stacks (primary, thread, and sigaltstack) as PROT_MTE when the
binary requests it through the ELF note.
For the reference, the note is produced by the following toolchain changes:
https://reviews.llvm.org/D118948https://reviews.llvm.org/D119384https://reviews.llvm.org/D119381
Bug: b/174878242
Test: fvp_mini with ToT LLVM (more tests in a separate change)
Change-Id: I04a4e21c966e7309b47b1f549a2919958d93a872
Add backtrace_size for only backtracing a single size.
Add backtrace_min_size to set the minimum value of size to backtrace.
Add backtrace_max_size to set the maximum value of size to backtrace.
Documented the new options.
Test: New unit test pass.
Change-Id: I1a773737910cd4bc2af9546547b3a2740bbcb22b
Modify the tests that require a single filename, to use a filename
that has the pid as part of the name. This allows multiple different
versions of the test to run on the same machine, and allows
each test to be run at the same time.
Test: Ran unit tests on device.
Test: Ran the unit tests 100 times, no failures.
Change-Id: Ia38483049e7b66bd3da824bcd484c03e46f85280
The new object incorporates all Android specific knowledge into
a single place and makes everything simpler.
Fixed a bug where if backtrace_full was enabled, the AddBacktrace
function would always set the size to the maximum number
of frames instead of the actual number of frames.
Added a new smoke system tests for backtrace_full.
Modified the smoke test to do a malloc/free, so it's really
a smoke test.
Bug: 232575330
Test: Unit tests pass on device.
Test: Verify the full backtrace actually produces valid backtraces.
Test: Run bionic-unit-tests with backtrace_full enabled.
Test: Run bionic-benchmarks --benchmark_filter=stdlib_malloc_free_decay1/512
Change-Id: I23128a73a8691007e1c7f69e0c99bb4dcd713db8
The new option is named check_unreachable_on_signal. It is meant
to duplicate dumpsys meminfo --unreachable <PID> for non-java
processes. When enabled, a user can send a signal to a process
which will trigger the unreachable check on the next allocation
call.
Added new unit tests.
Test: New unit tests pass.
Test: Enabled for the entire system, then dumped on the netd
Test: process and also system_server.
Change-Id: I73561b408a947a11ce21a211b065d59fcc39097b
See:
https://man7.org/linux/man-pages/man2/close_range.2.html
Note: 'man close_range' documents 'flags' as unsigned int,
while glibc unistd.h as just 'int'. Picking 'int' to match glibc,
though it probably doesn't matter.
BYPASS_INCLUSIVE_LANGUAGE_REASON=man is a cli command
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1e2d1c8edc2ea28922d60f3ce3e534a784622cd1
The libmemunreachable library looks through memory to determine
if pointers are leaked. Unfortunately, the malloc debug code
stores the original pointer in data structures, so it looks like
pointers are still in use. The fix is to mangle the pointers
stored in memory so that it doesn't trick the library into thinking
they are live.
Test: All unit/system tests pass.
Test: Ran libmemunreachable and verified leaks show up.
Change-Id: Ic40a0a5ae73857cde936fd76895d88829686a643
We've had complaints about ubsan issues for years, but never got to the
bottom of them, or saw them ourselves in testing. For some reason (still
not understood) we've started to see this ourselves in T and downstream
branches. So for now, let's just punch that extra hole.
Longer term, ubsan should stop needing any of this, so once
https://reviews.llvm.org/D124212 is in an LTS NDK, we should be able to
get rid of this _and_ the existing sanitizer-related holes.
Bug: https://github.com/android/ndk/issues/1298
Bug: http://b/229989971
Test: treehugger
Change-Id: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8
Linux kernel's close_range() system call (currently) allows:
close() unshare() fcntl(F_SETFD, FD_CLOEXEC)
to be performed on ranges of fds.
All 3 of these are already allowed by seccomp bpf:
as such this doesn't allow you to do anything you can't already do.
We can't add close_range() properly to bionic because we'd need to
fiddle about with ltp and it's too late to add new T API anyway,
so let's just make the direct syscall() call.
We'll add proper support in U.
See also:
https://man7.org/linux/man-pages/man2/close_range.2.html
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I85586d544fc23bed6aee59f00bdb79ee7a8150d1
This value was changed from 64 to 32, but it really should not
have gone down. So fixing back to 64 manually, and then the
next kernel header update should remove the comment but leave
the value unchanged.
Bug: 228783882
Test: Compiles.
Change-Id: I2d81d7bc76fcaa905dce0abb094d61d02c481a5e
This new posix_spawn attribute flag marks all file descriptors
(except stdin/out/err) as close-on-exec before executing any user
registered file actions (posix_spawn_file_actions_addopen/adddup2).
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If458100d6a253a9b0348d4e93a9a610225f89615
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:
1. "Torture testing" the system, i.e. running it under an extremely
high sampling rate under GWP-ASan.
2. Increasing sampling remotely to allow further crash report
collection of rare issues.
There are three sets of system properites:
1. libc.debug.gwp_asan.*.system_default: Default values for native
executables and system apps.
2. libc.debug.gwp_asan.*.app_default: Default values for non-system
apps, and
3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
individual app or native process.
There are three variables that can be changed:
1. The allocation sampling rate (default: 2500) - using the environment
variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
system property.
2. The process sampling rate (default: 128 for system apps/processes, 1
for opted-in apps) - using the environment variable
GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
system property,
3. The number of slots available (default: 32) - using the environment
variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
system property.
If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
