Hiding our legacy cruft seemed like a good idea, but in practice it will only
mean worse interoperability.
Plus we got it wrong, as the recent `putw` example showed.
Change-Id: I167c7168eff133889028089c22a7a0dfb8d6d0cf
This change implements the following property:
Any 2**N aligned memory region on size 2**N contains no more than one DSO.
The value N can be configured, with 16 or 18 looking like a good choice.
Additionally, DSOs are loaded at random page-aligned address inside these large
regions.
This change has dual purpose:
1. Larger values of N allow a lot more compact CFI shadow implementation.
See change I14dfea630de468eb5620e7f55f92b1397ba06217.
For example, CFI shadow for the system_server process has the following size (RSS, KB):
152 for N = 12, 32 for N = 16, 16 for N = 18.
2. Extra randomization is good for security.
This change does not result in extra RAM usage, because everything is still page-aligned.
It does result in a bit more VM fragmentation because of the gaps between shared libraries.
As it turns out, this fragmentation is barely noticeable because the kernel creates new mapping
at the highest possible address, and we do enough small mappings to almost completely fill the
gaps (ex. in the Zygote the gaps are filled with .ttf file mappings and thread stacks).
I've measured VM fragmentation as the sum of all VM gaps (unmapped regions) that are larger
than 1MB according to /proc/$PID/maps. On aosp_angler-userdebug, the numbers are (in GB):
| N = 12 | N = 18
system_server | 521.9 | 521.1
zygote64 | 522.1 | 521.3
zygote32 | 2.55 | 2.55
mediaserver | 4.00 | 4.00
Change-Id: Ia6df840dd409c82837efd1f263be420d9723c84a
Not efficient to iterate through given the large number of Android
ids (AID). Compile warning will result if you use these functions,
telling you as much. Not for general consumption, however for
example, some filesystem tests would like to see these to perform
all corners.
About 1/4 second for getpwent, and 1/8 second for getgrent to iterate
through all reserved Android aids.
Bug: 27999086
Change-Id: I7784273b7875c38e4954ae21d314f35e4bf8c2fc
This change removes endpwent, dlmalloc_inspect_all, dlmalloc_trim
from lp64 libc.so. It also removed necessety of having brillo
version scripts for lp64 platforms.
Bug: http://b/26164862
Change-Id: I4e9b38907bb1dc410f0eb6d2f5d5944fe713da51
POSIX defined bcopy to handle overlapping memory akin to memmove and
bionic appears to have always done so.
Change-Id: I2599113411e3532913270ba1c1b49e35cbc5f106
This reverts commit c8bae05f3f.
We were breaking init (ueventd) because we initialize system properties
before we initialize stdio. The new system property implementation uses
stdio to read from /property_contexts, so we end up touching stdio data
structures before they've been initialized.
This second attempt takes things further by removing the stdio initialization
function altogether. The data structures for stdin/stdout/stderr can be
statically initialized as data, and -- since we already had to give the
atexit implementation a backdoor for stdio -- we can just admit that we
need to clean up stdio, and that we always do so last.
This patch also removes the 17 statically pre-allocated file structures,
so the first fopen will now allocate a block of 10 (the usual overflow
behavior). I did this just to make my life simpler, but it's not actually
necessary to remove it if we want it back.
Change-Id: I936b2eb5e88e4ebaf5516121872b71fc88e5609c
This reverts commit 4371961e00.
This broke booting; ueventd crashes with a null pointer dereference
somewhere in __sfp (but the kernel doesn't unwind, so I don't know
what was calling __sfp).
Change-Id: I65375fdfdf1d339a06558b4057b580cacd6324e2
These don't work, aren't thread-safe, aren't in POSIX (or our header
files), and are only used by one app (whose developers I've contacted).
But the presence of these symbols causes configure to be confused, which
is a pain for Brillo.
Bug: http://b/24812426
Change-Id: I7fa6ef82864d5563929d9b8a7f8fcacb30b26d45
The functions dlmalloc_inspect_all and dlmalloc_trim get
exported on devices that use dlmalloc, so be consistent and
export them everywhere.
Bug: 21640784
Change-Id: I5b8796cd03c8f401d37d9c22823144f766f9c4c7
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
It turns out that appportable has a version that calls dlmalloc directly.
Re-add the dlmalloc symbol for 32 bit only as a compatibility shim that
calls malloc.
Bug: 17881362
(cherry pick commit from c9734d24d9)
Change-Id: Iee9a777f66a1edb407d7563a60792b767ac4f83a
This was in <stdlib.h> in older releases. It's no longer used, but we can
preserve backwards compatibility by making it a no-op.
(cherry-pick of 51c8355d5cf4b83ccd2ad250ca4c61a616356c2b.)
Bug: 16205834
Change-Id: Idde7b46df4f253e39675600bcf82352879a716e7
The current arc4random implementation stirs itself as needed, but we
need to keep an arc4random_stir symbol around for binary compatibility.
(cherry-pick of 1e010d60397db706cd3d1c4d5701a2bced441aa8.)
Bug: 17291075
Change-Id: Iaf6171c3ec65c39c1868364d5b35ea280e29a363
The C library didn't export the 'index' symbol, but its C++ name-mangling
instead, which broke the ABI and prevented some applications from loading
properly.
The main reason was that the implementation under bionic/index.cpp relied
on the declaration to specify that the function has C linkage.
However, the declaration for index() was removed from both <string.h>
and <strings.h> in a recent patch, which made the compiler think it was
ok to compile the function with C++ linkage instead!
This patch does the following:
- Move index() definition to bionic/ndk_cruft.cpp and ensure it uses
C linkage.
Note that this removes index() from the 64-bit library entirely, this
is intentional and will break source compatibility. Simply replacing
an index() call with the equivalent strchr() should be enough to fix
this in third-party code.
- Remove bionic/index.cpp from the tree and build files.
- Remove x86 assembly implementation from arch-x86/ to avoid conflict
with the one in ndk_cruft.cpp
BUG=15606653
Change-Id: I816b589f69c8f8a6511f6be6195d20cf1c4e8123
getdtablesize(3) was removed fro POSIX 2004. Keep the symbol around in LP32 for
binary compatibility, but remove the declaration from unistd.h.
Bug: 13935372
Change-Id: I1f96cd290bf9176f922dad58bd5a7ab2cae7ef0f
wait3(2) was removed from POSIX 2004. Keep the symbol around in LP32 for binary
compatibility, but remove the declaration in sys/wait.h.
Bug: 13935372
Change-Id: Ic715fce6781aae43b4ac6d745dc6d1e6b9914e71
The problem with the original patch was that using syscall(3) means that
errno can be set, but pthread_create(3) was abusing the TLS errno slot as
a pthread_mutex_t for the thread startup handshake.
There was also a mistake in the check for syscall failures --- it should
have checked against -1 instead of 0 (not just because that's the default
idiom, but also here because futex(2) can legitimately return values > 0).
This patch stops abusing the TLS errno slot and adds a pthread_mutex_t to
pthread_internal_t instead. (Note that for LP64 sizeof(pthread_mutex_t) >
sizeof(uintptr_t), so we could potentially clobber other TLS slots too.)
I've also rewritten the LP32 compatibility stubs to directly reuse the
code from the .h file.
This reverts commit 75c55ff84e.
Bug: 15195455
Change-Id: I6ffb13e5cf6a35d8f59f692d94192aae9ab4593d
libmono from Unity still requires tkill(2).
Change-Id: I37a1994b08086c7fedb5c78ea0dadf2d72bc1463
Signed-off-by: Anthony King <anthonydking@slimroms.net>
