I don't think we're getting any value from more dupes of the same dodgy
middleware, and I worry that we're hiding other, more subtle, compatibility
issues behind this one.
Test: bionic tests
Change-Id: I556cf36eac96c90976bae32621d1c133bbb8fcc7
Generate a single NOTICE file rather than one per library. All the
headers come from libc these days anyway.
Test: tools/update_notice.sh
Bug: None
Change-Id: I127da185fdabc2815042e19aea74c507ec108f46
Android N restrict which libraries C/C++ code
can link against at runtime.
If device has a vendor partition
then /system/vendor symlink to /vendor.
Otherwise /vendor symlink to /system/vendor.
But is_system_library() is only checking /vendor/lib.
It will return false for /system/vendor/lib path.
It is need to add a real path to default library path.
Similarily, default ld library path is already checking.
parse_LD_LIBRARY_PATH()->parse_path()->resolve_paths()
Test: build bionic and run bionic-unit-tests
Bug: http://b/31919547
Change-Id: Ie6777e2b02729948ce77a94de32343d40358bf2c
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
Extract linker executable specific code to linker_main.cpp;
this part of code does not have a place in libdl.a/so.
Bug: http://b/14998480
Bug: http://b/30706810
Test: mm && run bionic-unit-tests
Change-Id: I90f7475e93a919b0f9525da22928089ad35b8f6c
resolve_paths function used to print a warning if an input path
was empty. This commit fixes this by explicitly skipping
empty paths during path resolution.
Test: Run adb shell LD_LIBRARY_PATH=: /system/bin/ping
Test: make sure there are no warnings
Bug: http://b/31346121
Change-Id: Ifd79040943dc62fc6e07d9828ff91d1050572809
The absolute path to an executable may no longer be valid for
example when the file is unlinked immediately after exec.
Using /proc/self/exe instead of absolute path solves this problem.
Bug: http://b/31084669
Test: Run the app from http://b/31084669 make sure executable starts
Test: by checking ps and /proc/<pid>/exe
Change-Id: I5c819f39ef0fc4fc71b05de71e8af9ede611f04c
(cherry picked from commit 7da4bbbe87)
DF_1_PIE is set in PIE code built with gcc 6.x. The flag is purely
informational and the linker doesn't need to do anything about it,
so Bionic handles it correctly - no need to warn.
Change-Id: If99c1742fe22f8842a84818909ed961716ef5ca5
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
No mapped segment from the elf file can be writable and
executable at the same time. This commit adds a check
for malformed PT_LOAD segments in the elf-files.
Bug: http://b/30146890
Test: run bionic-unit-tests --gtest_filter=dlfcn.*
Change-Id: Ia23acbe5a48780b65d7e4a50bbe024cd528079f4
open(2) can be used to open directories; use stat to
check that the file exists and is a regular file.
Addresses review comments for 5aa67675f8
Bug: http://b/30320104
Change-Id: Ia944db2f2f779a87ea01dd41dcd171e59c9bef01
This patch enables absolute path translation to instrumented library
when linker_asan is in use.
Test: adb shell cat /proc/<rlid pid>/maps | grep libril-qc-qmi-1.so
check that it is mapped from /data/vendor/lib64 and not /vendor/lib64
Bug: http://b/30320104
Change-Id: I3bc24754b192afc0a72d6f3801f7b42141ce715b
(cherry picked from commit 5aa67675f8)
Improve sanity-checks of elf-file by adding alignment check
of mapped sections and section headers.
Bug: http://b/30687964
Change-Id: I7f06ddaa56a13989ce7be847b3a73c352e32c008
(cherry picked from commit 7e2d49ae3e)
Move soinfo and globals out of linker.cpp to
separate files.
Breaking up huge linker.cpp into smaller peaces
in order to make it easier to extract part of the
code that belongs to libdl.so and remove parts of
the code that do not belong to linker
(refactoring part 2 of many)
Change-Id: I868417f4b8d2b84d0e8265e354bc7977161497e2
Breaking up huge linker.cpp into smaller peaces
in order to make it easier to extract part of the
code that belongs to libdl.so and remove parts of
the code that do not belong to linker
(refactoring part 1 of many)
Change-Id: I57ac36677a815800dc127c8c45c3ea806c37e247
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
This change includes dlwarning implementation and
the compatibility greylist for apps targeting pre-N.
Change-Id: Ibf02a07cc58cbbb1a5aef4ac34558c5d43e4305f
Test: Run bionic-unit-tests --gtest_filter=dl*:Dl*
Make linker_allocator independent of the order of global constructors.
Bug: http://b/30483811
Change-Id: I18a323175661b8e1c9e398f2d6112f7a08d2cceb
Test: boot the device with I3ac91758a1a043146c65f2ae0f36fcfbe372c30f
This helps us avoid situations when malformed elf-files
are mistakenly loaded, - which might result in unexpected
behavior.
Bug: http://b/30166532
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: Idd6b4fa20e1d69a9f8d8391ba69c724d930fee51
The glibc implementation of the loader passes argc/argv/envp
to all elf constructors. This change makes bionic linker
behave in the same way.
Bug: http://b/30145768
Change-Id: I1c65c42aa5305a5b133c64b5748205bbde869e0e
Test: run bionic-unit-tests --gtest_filter=dl*:Dl*
This change implements the following property:
Any 2**N aligned memory region on size 2**N contains no more than one DSO.
The value N can be configured, with 16 or 18 looking like a good choice.
Additionally, DSOs are loaded at random page-aligned address inside these large
regions.
This change has dual purpose:
1. Larger values of N allow a lot more compact CFI shadow implementation.
See change I14dfea630de468eb5620e7f55f92b1397ba06217.
For example, CFI shadow for the system_server process has the following size (RSS, KB):
152 for N = 12, 32 for N = 16, 16 for N = 18.
2. Extra randomization is good for security.
This change does not result in extra RAM usage, because everything is still page-aligned.
It does result in a bit more VM fragmentation because of the gaps between shared libraries.
As it turns out, this fragmentation is barely noticeable because the kernel creates new mapping
at the highest possible address, and we do enough small mappings to almost completely fill the
gaps (ex. in the Zygote the gaps are filled with .ttf file mappings and thread stacks).
I've measured VM fragmentation as the sum of all VM gaps (unmapped regions) that are larger
than 1MB according to /proc/$PID/maps. On aosp_angler-userdebug, the numbers are (in GB):
| N = 12 | N = 18
system_server | 521.9 | 521.1
zygote64 | 522.1 | 521.3
zygote32 | 2.55 | 2.55
mediaserver | 4.00 | 4.00
Change-Id: Ia6df840dd409c82837efd1f263be420d9723c84a
1. Make sure that the .dynamic section offset and size matches
PT_DYNAMIC segment offset and filesz
2. No section offset can be 0
Bug: http://b/16548758
Bug: http://b/29637134
Change-Id: I11bc2567b0cff89f48699ec74015991fee5b137b
Test: Install and start the app from http://b/29637134
To avoid initialization ordering problem avoid constructing
non-trivial global objects for linker_logger.
This patch also adds explicit check for bloc_size_ on alloc
Change-Id: I2cb3b13a10b7fac1f52a20038af77266d3e1da96
This patch lets developers tune logging of dlopen/dlerror with
setting system property.
Note that for security purposes this option is disabled on user build
for non-debuggable apps.
For starters there are 3 debug options:
dlerror - enables logging of all dlerrors
dlopen - traces dlopen calls
To enable system-wide logging (works only for userdebug/eng builds)
use debug.ld.all property.
To enable logging for particular app use debug.ld.app.<appname> property.
Example: Running "adb shell setprop debug.ld.all dlerror,dlopen" will log all
dlerror message as well as trace all calls to dlopen.
Bug: http://b/29458203
Change-Id: I2392c80a795509e16fe5689d0500d18b99772a64
If a public library is missing, make it clear that there is no
library with that soname that is missing. This can help diagnose
problems if a library exists, but the library doesn't have the right
soname.
Bug: 29400363
(cherry picked from commit 9a84d90c75)
Change-Id: Ie2306a2e28aff779d07441dc8af078256b184f8a
Add parentheses around macro arguments used beside operators,
or use constexpr for simple constants.
Bug: 28705665
Change-Id: I378c8aad92d3ec8e8c4b0440b5c2c99dfe01ce79
create_namespace resolves caller namespace only
when caller did not explicitly specify parent namespace.
This saves about 25 microseconds for the case when
parent_namepsace is not null (for example when creating
second classloader for the app).
Bug: http://b/28801010
Change-Id: I50ded272c931db701e5a1d8c88ed5ffb13416539
This operation is the most expensive one and since it is
unlikely that the zip-entry name is invalid (given that it
is constructed by the platform) - it can removed.
The worst case scenario is dlopen() of non-existing libraries
taking more time. And this use-case is not on the critical path.
Bug: http://b/28801010
Change-Id: I10a6b0bf342404ab72f0f5102ebf19f6c06ee6bf
(cherry picked from commit a5c1c8e820)
This CL adds initialization of inode for the main executable
which enables linker to resolve the correct soinfo when
application calls dlopen with absolute path to the
main executable.
Bug: http://b/28420266
Change-Id: I102e07bde454bd44c6e46075e3faeeb5092830d8
This change enables apps to share libraries opened
with RTLD_GLOBAL between different classloader namespaces.
The new parameter to create_namespace allows native_loader
to instruct the linker to share libraries belonging to
global group from a specified namespace instead of
using the caller_ns.
Bug: http://b/28560538
Bug: https://code.google.com/p/android/issues/detail?id=208458
Change-Id: I5d0c62730bbed19cdeb16c7559c74aa262a2475f
Also clean up some near-miss copyright headers in libm, and remove
some cruft in <grp.h>/<pwd.h> that the script can't automatically
ignore since we stripped all the tabs in those files.
Change-Id: I10796c54dda1ceba87822ae0de26b5d71b54972b
They are intended for platform use only and we shouldn't have them
in the public header file.
Bug: http://b/28174921
Change-Id: Ib9b3d0fa9442cfa2e784a693ad567d1444d774e5
Linker crashed if linking of the main executable fails
instead of aborting with readable error message.
This patch modifies unload to soinfo_unload it all at once
in this particular case. This helps avoid situations when
one of the libraries on the DT_NEEDED list of main executable
has gotten unloaded by previous library unload because it
DT_NEEDED it too.
Example (consider following dependency tree):
main_executable
|-> liba.so
|-> libb.so
|-> libb.so
The list of the libraries need to be unloaded in this case
is [liba.so, libb.so], but if linker does unload one by one
by the time it gets to libb.so - the soinfo for the library
is already unloaded (and the segments were unmapped).
Passing everything as an array helps soinfo_unload to check
if a library was already unloaded by looking into local_unload_list.
Bug: http://b/28565608
Change-Id: I7199290e10a186057dcf3b7b68dbce954af7dba1
linker didn't remove link to the soinfo from shared
namespaces on soinfo_unload, because it didn't keep
record of all namespaces the library is added to.
This change adds test for this and also fixes the
problem by introducing list of secondary namespaces
to soinfo, which is used to remove soinfo in
soinfo::remove_all_links().
Bug: http://b/28115950
Change-Id: Ifbf6e54f92fa6e88f86b6a8dd6dc22d4553afd22
linker doesn't call d-tors for RTLD_NODELETE libraries. There is
no need in reseting this flag in call_destructors (which is called
from soinfo_unload).
Change-Id: I3ed03fa7207b7acf598067276fbb8874e29b5e53
Linker was not unloading libraries marked with RTLD_NODELETE
even when there was a error on load. For example when one of
dt_needed libraries was not found.
Bug: http://b/27911891
Change-Id: Ibc0bf110aa41fbfdc9f327ad8c364f2e3600af71
(cherry picked from commit 79abce4214)
Add missing test for sleb128_decoder. Also remove
dependency to static library because it exposes malloc/free
which interfere with libc.so malloc/free causing test to crash.
Change-Id: Iedd3268011df9f67ed58c0b58c71f34e30370b23
Handle no longer is a pointer to soinfo of
a corresponding library. This is done to
prevent access to linker internal fields.
Bug: http://b/25593965
Change-Id: I62bff0d0e5b2dc842e6bf0babb30fcc4c000be24
This patch uses __kernel_vsyscall instead of "int 0x80"
as the syscall entry point. AT_SYSINFO points to
an adapter to mask the arch specific difference and gives a
performance boost on i386 architecture.
Change-ID: Ib340c604d02c6c25714a95793737e3cfdc3fc5d7
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
This reverts commit 0acb15ead6.
This workaround is not needed any more. Now ART generates
.MIPS.abiflags segments in its files. This is done in
Ie06a3c4e384a23a77db7d04a2508edbf3a6d3933.
Change-Id: I746289eed443a0fdbe8fd0b1199bcc5cd4d024e1
The previous code assumed that returning would be sufficient to rethrow
signals like SIGSEGV. This is not true, for example, in the case where a
SIGSEGV is sent via kill(2). We were previously only sending the signal
to ourselves in some cases, because using kill(2) would lose information
in the siginfo_t argument. Use rt_tgsigqueueinfo(2) instead to preserve
its contents.
Bug: http://b/27367422
Change-Id: I1be822818d5905461979c7e12dc4e9c25049273b
Print properties of the namespace on "library is not accessible"
error to better diagnose problems with native library accessiblity
Bug: http://b/27406143
Change-Id: Icf3d6c604f09dfa015de863fdb1267d343930d2a
(cherry picked from commit 350bdad61c)
This field is used only once and only for main executable;
no need to carry it around in soinfo structure.
Change-Id: I7f80c64e0939e28966b6fed858891f9ce2a9e26b
Small modifications needed to allow compilation with the new headers:
- Manually modify bionic/libc/kernel/uapi/asm-mips/asm/siginfo.h to
remove the uapi from the include.
- PR_XXX defines are now available for mips, so remove the definition
from linker_mips.cpp.
Bug: 23789423
Change-Id: I6dc8a03b012426d3a937db15cb24d3a50fab5a8c
Look into "/system/lib" before "/vendor/lib", this way
we can ensure that in case of name conflict /system libraries
take precedence.
Change-Id: Ifacdc9dc7a4e175853f499ed09782b2257f09e5a
dlclose used to unmap the part of the reserved region
for ANDROID_DLEXT_RESERVED_ADDRESS that was neccessary
to map PT_LOAD segments. With this change dlclose
replaces mapped PT_LOAD segments with a PROT_NONE,
MAP_ANONYMOUS | MAP_NORESERVE.
Previously caller was unmapping the reserved region after
the failed dlclose which led to race condition when someone
else reused the region freed by dlclose but before the unmap
by the chromium code.
Bug: http://code.google.com/p/chromium/issues/detail?id=568880
Change-Id: I0f5eaa2bf6641f83dde469b631c518482acc59a2
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.
Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
Also, we're not a debugger.
Also include LD_LIBRARY_PATH and LD_PRELOAD because they would have helped
diagnose a recent issue.
Change-Id: I7237a7236b7140ab49483c02efa705317d07bd3f
Shared namespaces clone the list of loaded native
libraries from the caller namespace. This allows
classloaders for bundled apps to share already loaded
libraries with default namespace.
Bug: http://b/22548808
Bug: http://b/26165097
Change-Id: I8949d45937fdb38e1f586ff0679003adac0d9dad
(cherry picked from commit e78deef364)
The permitted_when_isolated_path is a way to white-list
directories not present in search-path. It is ignored for
not isolated namespaces.
Bug: http://b/25853516
Bug: http://b/22548808
Change-Id: Ib1538037268eea69323ea49968a34a4a1d1938a5
dlopen on isolated namespaces should be able to open
public libraries using absolute path not only soname.
Bug: http://b/25853820
Change-Id: If574a67853dc51226f0f376e9e2d108316002f84
The anonymous namespace is introduced to
handle cases when linker can not find the
caller. This usually happens when caller
code was not loaded by dynamic linker;
for example mono-generated code.
Bug: http://b/25844435
Bug: http://b/22548808
Change-Id: I9e5b1d23c1c75bc78548d68e79216a6a943a33cf
The linker crashes if native library has invalid section
headers. This change adds boundary checks on target offsets
and generates dlerror instead of crash.
Bug: http://b/25800330
Change-Id: Ibe282029997302b9b557637c3aad064d7d0febc5
