The permitted_when_isolated_path is a way to white-list
directories not present in search-path. It is ignored for
not isolated namespaces.
Bug: http://b/25853516
Bug: http://b/22548808
Change-Id: Ib1538037268eea69323ea49968a34a4a1d1938a5
dlopen on isolated namespaces should be able to open
public libraries using absolute path not only soname.
Bug: http://b/25853820
Change-Id: If574a67853dc51226f0f376e9e2d108316002f84
1. Read unit test's output while the test is running. Previously
we only read output when the test finishes, which has trouble
when the test outputs too many stuff.
2. Report failed unit test's exit code. It is useful when the
test doesn't fail in ASSERT_xxx, but in somewhere else.
Bug: 25392375
Change-Id: Ie90823337f7c2ee25fa489a5534801d991258f95
The purpose of this change is to add read access control to the property
space.
In the current design, a process either has access to the single
/dev/__properties__ file and therefore all properties that it contains
or it has access to no properties. This change separates properties
into multiple property files based on their selabel, which allows
creation of sepolicies that allow read access of only specific sets of
properties to specific domains.
Bug 21852512
Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
* bionic-unit-tests{32,64} are compiled with clang/llvm.
* Skip one single test in __cxa_thread_atexit_test.cpp
when compiled with aarch64 clang/llvm.
Aarch64 clang/llvm generates relocation references to
"thread_local" symbols not supported by Android linker.
BUG: 25642296
Change-Id: Ia0497b79c4b335228afeb48a26e0592217909953
The anonymous namespace is introduced to
handle cases when linker can not find the
caller. This usually happens when caller
code was not loaded by dynamic linker;
for example mono-generated code.
Bug: http://b/25844435
Bug: http://b/22548808
Change-Id: I9e5b1d23c1c75bc78548d68e79216a6a943a33cf
It is reported by tsan that funlockfile() can unlock an unlocked mutex.
It happens when printf() is called before fopen() or other stdio stuff.
As FLOCKFILE(fp) is called before __sinit(), _stdio_handles_locking is false,
and _FLOCK(fp) will not be locked. But then cantwrite(fp) in __vfprintf()
calls__sinit(), which makes _stdio_handles_locking become true, and
FUNLOCKFILE(fp) unlocks _FLOCK(fp).
Change _stdio_handles_locking into _caller_handles_locking,
so __sinit() won't change its value. Add test due to my previous fault.
Bug: 25392375
Change-Id: I483e3c3cdb28da65e62f1fd9615bf58c5403b4dd
This removes another way to obtain objects larger than PTRDIFF_MAX. The
only known remaining hole is now jemalloc's merging of virtual memory
spans.
Technically this could be wrapped in an __LP64__ ifndef since it can't
occur on 64-bit due to the 1:1 split. It doesn't really matter either
way.
Change-Id: Iab2af242b775bc98a59421994d87aca0433215bd
In order to run tsan unit tests, we need to support pthread spin APIs.
Bug: 18623621
Bug: 25392375
Change-Id: Icbb4a74e72e467824b3715982a01600031868e29
This fixes the bug with using the libraries loaded
prior to android_set_target_sdk_version call.
Bug: http://b/22548808
Change-Id: I3ca2d367b0fa930a437bbb65f780834803d2ef0a
1. Fix leak threads and data races related to spin_flag.
2. Increase stack size to run under tsan.
This doesn't pass all pthread tests, as some tests are used
to run intentionally in race situations.
Bug: 25392375
Change-Id: Icfba3e141e7170abd890809586e89b99adc8bd02
* Disable optimization only in gtest.h of atexit_test.c for arm/aarch64
to keep VTT for std::__1::basic_stringstream<char, std::__1::char_traits<char>,
std::__1::allocator<char> > to link with g++ compiled modules.
* bionic-unit-tests source files are not affected by clang x86_64 fp128 bug
so they can be compiled with clang.
BUG: 25643775
Change-Id: I3da2a0de61edcdca07b7fcd73a16de9da4a1f7d6
Upstream tzcode said "On platforms with tm_zone, strftime.c now assumes it
is not NULL". Which is fine for any struct tm generated by tzcode, but not
necessarily true of a struct tm constructed by arbitrary code. In particular,
Netflix on Nexus Player was failing to start because they format "%Z" with
a struct tm whose tm_zone is null (the other fields are valid, but, yeah,
that's probably not intentional).
glibc takes a null tm_zone to mean "the current time zone", so let's do that
too. (Historically Android would use the empty string, and POSIX doesn't
clarify which of this is the appropriate behavior when tm_zone is null.)
Bug: http://b/25170306
Change-Id: Idbf68bfe90d143aca7dada8607742905188b1d33
New 3.8 clang/llvm can compile TLS code now.
* For x86_64, still disable clang due to f128 bug.
* For b/25643775, arm and arm64, disable clang in unit tests.
* Fix thread_local_test.cpp to compile with clang and
limit gcc workaround only to arm and aarch64.
BUG: 25643775
Change-Id: Iecd006bf1fc417dbcce2c63343a59c4bf1fa77ea
Root cause:
If start_routine thread exits before pthread_gettid_np is invokded, the "tid" field
will be cleared so that pthread_gettid_np will get "0" (which is cleared by kernel,
due to the flag "CLONE_CHILD_CLEARTID" is set while calling clone system call inside
pthread_create).
Proposed patch:
Use a mutex to guarantee pthread_gettid_np will be invoked and returned before the
start_routine exits
Signed-off-by: Junjie Hu <junjie.hu@mediatek.com>
Change-Id: I22411f1b0f7446d76a0373cef4ccec858fac7018
(cherry picked from commit 4f80102935)
The mremap definition was incorrect (unsigned long instead of int) and
it was missing the optional new_address parameter.
Change-Id: Ib9d0675aaa098c21617cedc9b2b8cf267be3aec4
Including glibc's <libgen.h> will result in the user getting the POSIX
version of basename always, regardless of when it is included relative
to <string.h>. Prior to this patch, our implementation would result in
the one that's included first winning.
Bug: http://b/25459151
Change-Id: Id4aaf1670dad317d6bbc05763a84ee87596e8e59
If we're going to keep this useless header -- and I think it's too late to
remove it -- it may as well be correct.
Bug: http://b/17700469
Change-Id: Ifec4f8f1a984483d7fa7d81d47786f75b70ff4ba
Rewrite inet_addr and inet_network in terms of inet_aton, and reimplement
that to include all the missing error checks.
Bug: http://b/24754503
Change-Id: I5dfa971c87201968985a0894df419f0fbf54768a
This patch also fixes realpath for libraries opened directly
from apks.
Bug: http://b/21960914
Bug: http://b/21961857
Change-Id: I35ade661c87f1d448191f385811f6e9fd3cacf11
This change makes dynamic linker reuse ZipArchiveHandles in
ld_library_path on dlopen to optimize the lookup of dt_needed
libraries.
Bug: http://b/21960534
Change-Id: I65f897910d46dd2ffabdcb0b7842db2f127eee30
Read /proc/stat to count online cpus is not correct for all android
kernels. Change to reading /sys/devices/system/cpu/online instead.
Bug: 24376925
Change-Id: I3785a6c7aa15a467022a9a261b457194d688fb38
Pass -q to zip for dlext_testzip to avoid printing:
adding: empty_file.txt (stored 0%)
on every compile.
Bug: 24409581
Change-Id: I2320f31182a9a332b3ef8b32a22561092ab5aceb
If the OVERRIDE_C_DATE_TIME environment variable is set, the build
system will add a macro to the global cflags that contains a static
quoted date, like:
-D__DATE__="\"Sep 28 2015\""
file-check-cxx needs to properly pass that through as a single, still
quoted argument. So use the quoted "$@" instead of turning each word
into an argument.
Change-Id: I6929d712c280d0452062640e0cba8a176d045c97
Turning on color output will break the bionic compilation tests that
check for expected warnings, as they will be matching color output
against non-color expected values. Turn off color locally.
Bug: 24273983
Change-Id: Ia3b3262ccece121217f0dc0997734b3ad65b928b
This bug will happen when these circumstances are met:
- Destination address & 0x7 == 1, strlen of src is 11, 12, 13.
- Destination address & 0x7 == 2, strlen of src is 10, 11, 12.
- Destination address & 0x7 == 3, strlen of src is 9, 10, 11.
- Destination address & 0x7 == 4, strlen of src is 8, 9, 10.
In these cases, the dest alignment code does a ldr which reads 4 bytes,
and it will read past the end of the source. In most cases, this is
probably benign, but if this crosses into a new page it could cause a
crash.
Fix the labels in the cortex-a9 strcat.
Modify the overread test to vary the dst alignment to expost this bug.
Also, shrink the strcat/strlcat overread cases since the dst alignment
variation increases the runtime too much.
Bug: 24345899
Change-Id: Ib34a559bfcebd89861985b29cae6c1e47b5b5855
Until we implement full support for passwd/group files, add a simple
way to use the new OEM UID/GID range (5000-5999).
oem_XXX -> 5000 + XXX iff 0 <= XXX < 1000.
Bug: 23225475
Change-Id: If48b88135d5df538313414f747d6c4c63bf0a103
The comment about "other stuff" referred to pre-uapi headers. Everything
in the current <linux/udp.h> should be exposed to userspace. The only
problem is that BSD and Linux use different names for the members of
struct udphdr. We can move the Linux udphdr out of the way and use an
anonymous union to get the best of both worlds. (Though unfortunately
this means that code that includes <linux/udp.h> directly instead of
using <netinet/udp.h> now won't have any definition of struct udphdr.
We've taken the stance in the past that you shouldn't include a linux/
header if there's a standard equivalent --- you should rely on us
transitively including it for you.)
Change-Id: Ie625892441b0edd8df3b76d3fcf2cbe299077bc4
Reuse the top bits of _JB_SIGFLAG field previously used to store a
boolean to store a cookie that's validated by [sig]longjmp to make it
harder to use as a ROP gadget. Additionally, encrypt saved registers
with the cookie so that an attacker can't modify a register's value to
a specific value without knowing the cookie.
Bug: http://b/23942752
Change-Id: Id0eb8d06916e89d5d776bfcaa9458f8826717ba3
For previous way to get the stack using the [stack] string from
/proc/self/task/<pid>/maps is not enough. On x86/x86_64, if an
alternative signal stack is used while a task switch happens,
the [stack] indicator may no longer be correct.
Instead, stack_start from /proc/self/stat which is always inside
the main stack, is used to find the main stack in /proc/self/maps.
Change-Id: Ieb010e71518b57560d541cd3b3563e5aa9660750
Signed-off-by: Nitzan Mor-sarid <nitzan.mor-sarid@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Don't pass the parent load's dlextinfo to dependent loads, since this
causes the linker to try to load the dependencies using the same
addresses/relro/fds/etc as the main library, which is never going to
work. This was how it worked before ae69a95 which broke this.
Bug: http://b/23742664
Bug: http://b/20948231
Bug: http://b/20841817
Change-Id: I340ebae1127666d5c6c6f9c6521b89fb93f15bdd
bionic is built without _FILE_OFFSET_BITS=64, so internally regoff_t
was 32-bit on LP32, but code compiled with _FILE_OFFSET_BITS would
expect rm_so and rm_eo in struct regmatch_t to be 64-bit, leading to
confusion.
Bug: http://b/23566443
Change-Id: Iae92fa545104068e4f64ce1977f5ec616859638c
These are just based on the read/pread{,64} implementations with the
function calls and error messages adjusted as appropriate. The only
difference is that the buffer parameters are const.
Change-Id: Ida1597a903807f583f230d74bcedffdb7b24fcf6
This test should pass with gcc and fail with clang,
until clang/llvm supports emutls or Android linker supports
ELF TLS models.
BUG: 21082792
Change-Id: Id8c97da52c68ec230c7d26af703f6ed32d53a4fe
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.
Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
Now we have split CXX_WRAPPER from TARGET_CXX and CXX_BARE isn't needed
any more.
Bug: 22612634
Change-Id: I52c78b0d1b325910e875a786d17f780731778b4b
(cherry-pick from commit 9d11a7087c)
Upstream clang has a new diagnostic, '-Wmismatched-new-delete' to
generate a warning (that becomes an error with -Werror) when delete is
used to deallocate pointers created with 'new[]'. This patch fixes
'delete's that trigger this warning/error.
Change-Id: Id7b6f6c2df3e860e576de55e2f61f3d2be3a3986
When dlopen-ing a library, add the caller's DT_RUNPATH to the directory search
list. This fixes dlfcn.dt_runpath in bionic-unit-tests-glibc(32|64).
Bug: 21899363
Change-Id: Ife6a7e192939292cf4dc291b7e6b95945761cde3
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
Clang/llvm x86_64 configuration of long double is still
incompatible with gcc.
https://llvm.org/bugs/show_bug.cgi?id=23897
BUG: 21899249
Change-Id: I47fd6d0ce2daa84ae0035e7885a4d90e4c3056f7
This makes bionic-unit-test-glibc64 behave consistently
when testing dlopen from a library with dt_runpath.
Bug: http://b/21899363
Change-Id: I9d446eb6852876975874d6b7761f6f81cc4e9916
If TIMER_ABSTIME is used in timer_settime(), the timer is always fired
immediately, which is not the intent of the tests.
Change-Id: I76047dbeb2bdded272ee6d028630b53bfd7d8514
The pthread_mutex_lock and pthread_mutex_unlock were allowed to
fail silently on L 32 bit devices when passed a NULL. We changed
this to a crash on 32 bit devices, but there are still games that make
these calls and are not likely to be updated. Therefore, once again
allow NULL to be passed in on 32 bit devices.
Bug: 19995172
(cherry picked from commit 511cfd9dc8)
Change-Id: I159a99a941cff94297ef3fffda7075f8ef1ae252
The pthread_mutex_lock and pthread_mutex_unlock were allowed to
fail silently on L 32 bit devices when passed a NULL. We changed
this to a crash on 32 bit devices, but there are still games that make
these calls and are not likely to be updated. Therefore, once again
allow NULL to be passed in on 32 bit devices.
Bug: 19995172
Change-Id: If7e8860075ecd63c0064d80f64e226fad7bd3c26
A continuation of commit 2825f10b7f.
Add O_PATH compatibility support for flistxattr(). This allows
a process to list out all the extended attributes associated with
O_PATH file descriptors.
Change-Id: Ie2285ac7ad2e4eac427ddba6c2d182d41b130f75