Stubs of version 29 should be provided to those APEX modules targeting
previous SDK release.
Bug: 145796956
Test: m
Change-Id: I9454fbf81377aba25e75a6fdfc77cbb070eaadde
This includes optimized strrchr and strchrnul routines, and an MTE-compatible
strlen routine.
Bug: 135772972
Change-Id: I48499f757cdc6d3e77e5649123d45b17dfa3c6b0
Scudo still isn't quite at the same RSS as jemalloc for the svelte config
so only enable this for normal config.
Bug: 137795072
Test: Built svelte config and verified it is still jemalloc.
Test: Ran performance tests on normal config (bionic benchmarks).
Test: Ran trace tests (system/extras/memory_replay).
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Test: Ran libmemunreachable tests.
Test: Ran atest CtsRsBlasTestCases on cuttlefish.
Test: Ran atest AslrMallocTest.
Test: Ran atest CtsHiddenApiKillswitchWildcardTestCases and verified it has
Test: the same runtime as the jemalloc.
Change-Id: I241165feb8fe9ea814b7b166e3aaa6563d18524a
This patch introduces GWP-ASan - a sampled allocator framework that
finds use-after-free and heap-buffer-overflow bugs in production
environments.
GWP-ASan is being introduced in an always-disabled mode. This means that
GWP-ASan will be permanently disabled until a further patch turns on
support. As such, there should be no visible functional change for the
time being.
GWP-ASan requires -fno-emulated-tls wherever it's linked from. We
intentionally link GWP-ASan into libc so that it's part of the initial
set of libraries, and thus has static TLS storage (so we can use
Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces
overhead for a sampled process.
GWP-ASan is always initialised via. a call to
mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is
multithreaded).
More information about GWP-ASan can be found in the upstream
documentation: http://llvm.org/docs/GwpAsan.html
Bug: 135634846
Test: atest bionic
Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
These just cause confusion because they often have different
values/layouts, but they're never actually used.
Test: treehugger
Change-Id: I424034088e017c919f62fcefa7d6d3f903f31cfb
This function will be used by Scudo and GWP-ASan to efficiently collect
stack traces for frames built with frame pointers.
Bug: 135634846
Bug: 135772972
Change-Id: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Merged-In: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Add a hook that's called upon file descriptor creation to libc, and a
library that uses it to capture backtraces for file descriptor creation,
to make it easier to hunt down file descriptor leaks.
Currently, this doesn't capture all of the ways of creating a file
descriptor, but completeness isn't required for this to be useful as
long as leaked file descriptors are created with a function that is
tracked. The primary unhandled case is binder, which receives file
descriptors as a payload in a not-trivially-parsable byte blob, but
there's a chance that the leak we're currently trying to track down
isn't of a file descriptor received over binder, so leave that for
later.
Bug: http://b/140703823
Test: manual
Change-Id: I308a14c2e234cdba4207157b634ab6b8bc539dd9
(cherry picked from commit b7eccd4b15)
In order to support scudo for non-svelte malloc and jemalloc5 for
svelte malloc, do not include jemalloc_new directly. Move that to
the export_include_dirs for libjemalloc5.
Also, change the way to enable scudo so that it only enables it
for the non-svelte config for now.
Bug: 137795072
Test: Builds
Change-Id: I3d68b443fe4d6b21729795649d0dcf66b7e95e03
Use O_PATH like musl to let the kernel do the hard work, rather than the
traditional BSD manual scheme.
Also add the most obvious missing tests from reading the man page, plus
a non-obvious test for deleted files.
Bug: http://b/131435126
Test: treehugger
Change-Id: Ie8a8986fea55f045952a81afee377ce8288a49d5
This patch refactors heapprofd_malloc to make it easier to reuse the
reserved signal for multiple purposes. We define a new generic signal
handler for profilers, which dispatches to more specific logic based on
the signal's payload (si_value).
The profiler signal handler is installed during libc preinit, after
malloc initialization (so races against synchronous heapprofd
initialization need not be considered). In terms of code organization, I
copied the existing approach with a loosely referenced function in
bionic_globals.h. Do tell if you'd rather a different approach here.
The profileability of a process is quite tied to the malloc
files/interfaces in bionic - in particular, it's set through
android_mallopt. I do not change that, but instead introduce a new
android_mallopt option to be able to query profileability of the
process (which is now used by the new profiler signal handler). As part
of that, gZygoteChildProfileable is moved from heapprofd_malloc to
common (alongside gZygoteChild).
I've removed the masking and reraising of the heapprofd signal when
racing against malloc_limit init. We're ok with taking a simpler
approach and dropping the heapprofd signal in such an unlikely race.
Note: this requires a corresponding change in heapprofd to use sigqueue()
instead of kill(), as the latter leaves the si_value uninitialized(?) on
the receiving side.
Bug: 144281346
Change-Id: I93bb2e82cff5870e5ca499cf86439860aca9dfa5
This is attempt number two, all known failures and issues have
been fixed.
Bug: 137795072
Test: Built both svelte and non-svelte versions. Ran enormous numbers
Test: of performance testing.
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Test: Ran libmemunreachable tests.
Test: Ran atest CtsRsBlasTestCases on cuttlefish instance.
Change-Id: Ib0c6ef38b63b7a1f39f4431ed8414afe3a92f9b5
This supports the soong commit which causes most platform binaries to stop
statically linking against the unwinder implementation. The soong commit
message has more motivation for this change.
ARM32 uses LLVM libunwind, while all other platforms use libgcc as the
unwinder implementation. This matches the current choices of unwinders on
the various architectures, but means that apps which were directly linking
against the libc.so unwinder symbols on ARM32 are now using LLVM libunwind
instead of libgcc.
Set libc_headers sdk_version to 1 so that libunwind_llvm can depend on it,
and stop statically linking libunwind into libc_malloc_debug.
Bug: 144430859
Change-Id: I52c7f7893d93f500383aeb0b76086c3b6f1935a5
This doesn't add any functionality for now, but there are
a couple of changes in flight that will want to add enumerators
to the mallopt, so let's give them a place to add them.
Bug: 135772972
Bug: 135754954
Change-Id: I6e810020f66070e844500c6fa99b703963365659
This reverts commit 6ffbe97859.
Reason for revert: Droidcop-triggered revert due to breakage b/146543543
Change-Id: Ie9a5b2f6ca5dbc8d3c6cafe70e34838d74e45c56
Bug: 146543543
Bug: 137795072
Test: Built both svelte and non-svelte versions. Ran enormous numbers
Test: of performance testing.
Test: Ran scudo unit tests.
Test: Ran bionic unit tests.
Change-Id: Iec6c98f2bdf6e0d5a6d18dff0c0883fac391c6d5
This CL exports bionic/libc/kernel/android/scsi directory
to enable the usage of header files (e.g. sg.h) on that directory.
Test: Build AOSP 1187028
Change-Id: If580fcbc67378fab42d4f14cca1de337b603b673
We are about to introduce code into ndk_cruft that uses dlfcn.h, which isn't
available in static executables. Besides, none of the users of libc.a ought
to be depending on ndk_cruft anyway.
Bug: 144430859
Change-Id: Ic1f2e554e1fdbfee768c859acac032c1306d71fc
This library was previously being statically linked into both libraries as a
consequence of the relocation to __aeabi_unwind_cpp_prX present in most object
files. However, after LLVM commit 1549b469, we no longer emit these relocations
on Android, so we need to link the library explicitly with --whole-archive. The
intent is to eventually stop linking libgcc into these libraries altogether,
but for now, we need to keep linking them in order to avoid breaking the build.
Change-Id: I275109527b7cbd6c4247b3fe348975d720626273
aosp/144287300 set it to a global cppflag.
The compiler upgrade can now check for this warning in C code.
This patch should be reverted once the BSD sources with instances of
-Wimplicit-fallthrough have been fixed.
Remove it from cflags, so that it's not re-enabled for C code until
fixed.
Bug: 139945549
Bug: 144287300
Test: mm
Change-Id: Ieca0d5b41634636477392e5209a41807f9b44bd4
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Using ifuncs allows the linker to select faster versions of libc functions
like strcmp, making linking faster.
The linker continues to first initialize TLS, then call the ifunc
resolvers. There are small amounts of code in Bionic that need to avoid
calling functions selected using ifuncs (generally string.h APIs). I've
tried to compile those pieces with -ffreestanding. Maybe it's unnecessary,
but maybe it could help avoid compiler-inserted memset calls, and maybe
it will be useful later on.
The ifuncs are called in a special early pass using special
__rel[a]_iplt_start / __rel[a]_iplt_end symbols. The linker will encounter
the ifuncs again as R_*_IRELATIVE dynamic relocations, so they're skipped
on the second pass.
Break linker_main.cpp into its own liblinker_main library so it can be
compiled with -ffreestanding.
On walleye, this change fixes a recent 2.3% linker64 start-up time
regression (156.6ms -> 160.2ms), but it also helps the 32-bit time by
about 1.9% on the same benchmark. I'm measuring the run-time using a
synthetic benchmark based on loading libandroid_servers.so.
Test: bionic unit tests, manual benchmarking
Bug: none
Merged-In: Ieb9446c2df13a66fc0d377596756becad0af6995
Change-Id: Ieb9446c2df13a66fc0d377596756becad0af6995
(cherry picked from commit 772bcbb0c2)
This will activate code in bionic that uses the experimental MTE
userspace interface.
Bug: 135772972
Change-Id: I9ac641b9528de5376cdb920bee0e900a1b1fa9c2
This flag prevents the compiler from inserting calls to libc functions in
the ifunc resolver code, which will definitely cause problems if the libc
function is itself an ifunc, but other calls that use the PLT may also be
affected, since libc may not have been fully resolved yet. As it turns out,
newer versions of clang will insert calls to memcmp in the body of the
init_cpu_variant() function in arch-arm/dynamic_function_dispatch.cpp.
Change-Id: I91f18d450835adc4b74565e9f48d5834f594a0c4
As it turns out, our "generic" arm64 implementations of certain string.h
functions are not actually generic, since they will eagerly read memory
possibly outside of the bounds of an MTE granule, which may lead to a segfault
on MTE-enabled hardware. Therefore, move the implementations into a "default"
directory and use ifuncs to select between them and a new set of "mte"
implementations, conditional on whether the hardware and kernel support MTE.
The MTE implementations are currently naive implementations written in C
but will later be replaced with a set of optimized assembly implementations.
Bug: 135772972
Change-Id: Ife37c4e0e6fd60ff20a34594cc09c541af4d1dd7
Upstream keeps rearranging the deckchairs for these, so let's just
switch to the [roughly] one-liners rather than track that...
Test: treehugger
Change-Id: If655cf7a7f316657de44d41fadd43a8c55ee6f23
In order for an ifunc resolver to detect the presence of certain CPU features,
access to getauxval(AT_HWCAP) or getauxval(AT_HWCAP2) may be required. In order
for getauxval() to work, it needs to access the pointer to the auxiliary vector
stored by the linker in the libc shared globals data structure. Accessing the
shared globals requires libc to call the __libc_shared_globals() function
exported by the linker. However, in order to call this function, libc must
be fully relocated, which is not guaranteed to be the case at the point when
ifunc resolvers are called.
glibc solves this problem by passing the values of getauxval(AT_HWCAP)
(and getauxval(AT_HWCAP2) on aarch64) as arguments to the ifunc resolver.
Since this seems to be not only the most straightforward way to solve the
problem but also improves our compatibility with glibc, we adopt their
calling convention.
This change is ABI compatible with old resolvers because the arguments are
passed in registers, so the old resolvers will simply ignore the new arguments.
Bug: 135772972
Change-Id: Ie65bd6e7067f0c878df3d348c815fda61dc12de2
arm32 has two special APIs to find exidx exception handling info,
dl_unwind_find_exidx and __gnu_Unwind_Find_exdix. The two functions have
identical behavior and function prototypes. libgcc's arm32 unwinder calls
__gnu_Unwind_Find_exdix, whereas LLVM's libunwind previously called
__gnu_Unwind_Find_exdix, but switched to dl_unwind_find_exidx as a result
of three patches (D30306, D30681, D39468).
In Bionic, for dynamic linking, __gnu_Unwind_Find_exdix in libc.so calls
dl_unwind_find_exidx in libdl.so.
For static executables, though, __gnu_Unwind_Find_exdix in libc.a used the
__exidx_* symbols, while dl_unwind_find_exidx in libdl.a(libdl_static.o)
was a return-0 no-op.
To fix the LLVM unwinder, replace the no-op dl_unwind_find_exidx in
libdl.a with a real function in libc.a(exidx_static.o), and have the GNU
function call the dl function for more consistency with dynamic linking.
dl_iterate_phdr follows a similar pattern, where the function exists in
libc.a and libdl.so (not libc.so or libdl.a).
This change makes unwinding work with an updated libunwind_llvm on arm32,
and it helps to allow unwinding in static executables without libdl.a.
Bug: https://github.com/android/ndk/issues/1094
Bug: http://b/141485154
Test: NDK tests, bionic unit tests
Change-Id: Ieeeb9b39a0e28544e21f9afe6fe51ef10d7c828c
The bionic libs are now restricted to be in the runtime APEX and the
platform (for bootstrapping). It can still be referenced from other
APEXes but can't be included there.
Bug: 139870423
Test: m
Change-Id: I7f99eef27ccf75844ca5c9a7ea866496841b738f
Refactor some of the definitions to separate out all of the native
allocator pieces into one place that can be changed easily. This
should fix a few static libraries that appear to have accidentally
included jemalloc wrapper functions. For example, I verified that
libc_nomalloc.a no longer has references to any je_XXX functions.
Modify the bionic_libc_platform_headers to not include any libraries.
If this isn't updated, soong thinks there are cycles when used by
libscudo.
To enable scudo, change the libc_native_allocator_defaults defaults
from libc_jemalloc5_defaults to libc_scudo_defaults and comment out
the defaults: ["libc_scudo_wrapper_defaults"], line for the shared
library libc_scudo.
To do a final switch to scudo, it will be necessary to clean up
some code in other parts of the tree, but this allows a single cl
to enable or disable.
Bug: 137795072
Test: Builds with jemalloc or scudo with a small change.
Test: Ran bionic unit tests.
Change-Id: I07bb5432a0d2b2f405f92412e8d04fb9c9e51b31
Merged-In: I07bb5432a0d2b2f405f92412e8d04fb9c9e51b31
(cherry picked from commit ccff1b19ef)
The tables in the BSD tolower/toupper are slower for ASCII than just
doing the bit twiddling.
We can't actually remove the tables on LP32, so move them into the
"cruft" we keep around for backwards compatibility (but remove them for
LP64 where they were never exposed).
I noticed that the new bit-twiddling tolower(3) was performing better
on arm64 than toupper(3). The 0xdf constant was requiring an extra MOV,
and there isn't a BIC that takes an immediate value. Since we've already
done the comparison to check that we're in the right range (where the
bit is always set), though, we can EOR 0x20 to get the same result as
the missing BIC 0x20 in just one instruction.
I've applied that same optimization to towupper(3) too.
Before:
BM_ctype_tolower_n 3.30 ns 3.30 ns 212353035
BM_ctype_tolower_y 3.31 ns 3.30 ns 211234204
BM_ctype_toupper_n 3.30 ns 3.29 ns 214161246
BM_ctype_toupper_y 3.29 ns 3.28 ns 207643473
BM_wctype_towupper_ascii_n 3.53 ns 3.53 ns 195944444
BM_wctype_towupper_ascii_y 3.48 ns 3.48 ns 199233248
After:
BM_ctype_tolower_n 2.93 ns 2.92 ns 242373703
BM_ctype_tolower_y 2.88 ns 2.87 ns 245365309
BM_ctype_toupper_n 2.93 ns 2.93 ns 243049353
BM_ctype_toupper_y 2.89 ns 2.89 ns 245072521
BM_wctype_towupper_ascii_n 3.34 ns 3.33 ns 212951912
BM_wctype_towupper_ascii_y 3.29 ns 3.29 ns 214651254
(Why do both the "y" and "n" variants speed up with the EOR
change? Because the compiler transforms the code so that we
unconditionally do the bit twiddling and then use CSEL to decide whether
or not to actually use the result.)
We also save 1028 bytes of data in the LP64 libc.so.
Test: ran the bionic benchmarks and tests
Change-Id: I7829339f8cb89a58efe539c2a01c51807413aa2d
There are places in frameworks and art code that directly included
private bionic header files. Move these files to the new platform
include files.
This change also moves the __get_tls.h header file to tls.h and includes
the tls defines header so that there is a single header that platform
code can use to get __get_tls and the defines.
Also, simplify the visibility rules for platform includes.
Bug: 141560639
Test: Builds and bionic unit tests pass.
Change-Id: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
Merged-In: I9e5e9c33fe8a85260f69823468bc9d340ab7a1f9
(cherry picked from commit 44631c919a)
The accompanying soong change causes sanitize attributes to be allowed on
cc_object targets and propagates sanitize attributes into dependencies. This
is problematic for the crt objects in sanitizer builds because everything
depends on them including the sanitizer runtime, so a circular dependency
would otherwise be created. Furthermore, some of the code in these objects
runs before sanitizer initialization so it is unlikely that sanitizing them
would work anyway. Therefore, disable sanitization on these objects.
Change-Id: I25380dfc8eed5db34b034ba127a9d6b5674032fa
Instead of having platform directories directly include the
private header, create a platform header directory and export it.
Bug: 130763340
Test: Builds.
Change-Id: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
Merged-In: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
(cherry picked from commit 8f582ef2f8)
Split statfs and statvfs. The former has been available forever, and the
latter is implemented in terms of the former. The implementation has
been moved into headers so that it can be used at low API levels.
There's no reason for any Android or Linux code to use statvfs rather
than statfs, but code that needs to build on Darwin too will want to use
statvfs because Darwin's statfs is very spartan.
Bug: https://github.com/android-ndk/ndk/issues/609
Test: treehugger
Change-Id: Icf3d5723a260099fddb2d9f902e3047b0f041647
Instead of maintaining a symbol ordering file, using the new
sort_bss_symbols_by_size property allows for symbol sorting at build
time.
Bug: 135754984
Test: Build and check the resulting libc.so has its bss symbols sorted.
Change-Id: I4a1cd6774dfe61b73f454bdf95b535db1f9fb1ac
This avoids art having a direct reference to bionic directories which
would prevent the bionic module from being unbundled from the runtime
module.
Bug: 134379140
Test: m droid
Change-Id: I9545767b76341fd01166b675bdd156f620d4f262
We're not going to change this code, ARM's not going to break it.
Silence the warnings.
Bug: http://b/114120867
Test: treehugger
Change-Id: Ie25ef44706c952efc5d54012391bee19af095818
Cleanup of references to 'coverage' in build files. Part of a larger
cleanup to make fuzzing work again in the Android build tree.
Also fixed a test issue with emulated TLS with the new changes, and
removed libc.so fuzzer support until a linked bug is fixed
(b/132640749).
Bug: 121042685
Test: With all patches in the bug merged: mmma bionic
Change-Id: I592352fe9210ff811a2660a88cbbfe48d70a1e57
Merged-In: I592352fe9210ff811a2660a88cbbfe48d70a1e57
The arm exidx unwind information can be sparse and clang is producing
functions that cannot be properly represented. The .debug_frame includes
extra unwind information that covers the cases that are not complete, so
do not remove it. For example, the __strchr_chk function has a push
in the middle of the function, so any crash before that instruction will
not unwind properly.
This does increase the size of libc.so, but only by about 80,000 bytes.
Bug: 132992102
Test: Verified the .debug_frame exists in libc.so only for arm32.
Test: Used the unwind_reg_info to verify that __str_chk gets proper
Test: unwind info. Also use unwind_reg_info on some assembler functions
Test: to make sure that there is no overlapping information.
Change-Id: If9a6de15b3adf08a93c4563da8c89846e4dd059b
Enable native bridge support for bionic libraries.
Makes it possible to use them in binaries for translated
architectures.
Bug: http://b/77159578
Test: make
Change-Id: Iccd4ad7aecfa5260cc15f09ca975d2e18987278a
Move /system dependency on tz_version to bionic from core-libart.
The file is not used by code but is useful on device to identify
the format / version / origin of the tzdata file. The
tz_version file identifies the Android release (e.g. 3.1 == Q), which
implies the version of zic used to generate tzdata, and any Android
revision of the tzdata (e.g. 2019a v2) that may have taken place. The
file was previously used by by the tzdatacheck binary but it has since
switched to using the copy in the runtime module.
The bionic README.md is also updated here to reflect latest locations of
scripts.
Bug: 131239046
Test: make installclean / make droid / inspect /system
Change-Id: Ib142f98aa30c8c9d5eda33df55d4191478570ced
FreeBSD, glibc, and musl have all implemented C11 threads at this
point. POSIX is looking at how to align with it. Probably time to jump
on the bandwagon ourselves...
Implemented in the same style as <termios.h> so we can provide this
functionality even on older API levels. This does mean that this is
strictly more expensive than calling pthread functions directly.
Although this isn't in POSIX yet, assume that it's going to be basically
the same as C11 and add the header test anyway. We should revisit this
when POSIX actually adds <threads.h>.
Test: new tests
Change-Id: I8602d67ce71ca7f8ed1529daa0a8ea1feb083dd6
These symbols were previously provided by Android's out-dated libgcc,
but they're removed/deprecated in upstream libgcc, and also won't be
available in libclang_rt.builtins. We need to provide these methods in
libc itself for compatiblity.
Test: build with these symbols stripped in libgcc
Bug: 29275768
Change-Id: I04a05258c6c06b5a22ead41e148b02792ffbc941
This reverts commit e4788d4c7e,
which undid this change during the Q betas.
Bug: http://b/120989619
Change-Id: Iea589fd0e56426971adf9f7c19c2aedf0d7a7a60
...all the better to switch to a genrule rather than checking in
generated source.
This also removes all the code in the script to deal with git,
rather than fix it. We won't need that where we're going.
Test: boots
Change-Id: I468ce019d4232a7ef27e5cb5cfd89f4c2fe4ecbd
/system/lib/libc.so is a symlink to libc.so in the runtime APEX.
libc_malloc_* libraries are bundled with libc.so because they share
implementation details.
However, since libc.so is loaded in the default namespace where the
runtime APEX path (/apex/com.android.runtime/lib) is not accessible,
libc.so has been using libc_malloc_* from /system/lib. This is
wrong because libc.so (from the runtime APEX) and libc_malloc_* (from
the platform) may not be in-sync.
libc.so now uses android_dlopen_ext to load libc_malloc_* libraries
correctly from the "runtime" linker namespace.
Bug: 122566199
Test: bionic-unit-tests
Merged-In: I46980fbe89e93ea79a7760c9b8eb007af0ada8d8
Change-Id: I46980fbe89e93ea79a7760c9b8eb007af0ada8d8
(cherry picked from commit 4e46ac69c2)
The media processes already use scudo as their allocator. However, it
doesn't really correctly replace the normal allocation functions, so create
a set of wrappers that allow us to use scudo closer to how jemalloc is used.
This is only a temporary change, and should be removed for the next
release of Android. In that version, we will be using standalone
scudo which won't require this wrapper code.
Bug: 123689570
Test: Ran new bionic unit tests. There are failures, but only with
Test: extensions that scudo does not support.
Change-Id: I0516c23d654a9b6c69b157c5501245d2e0b3d264
With __cpu_model visibility issue fixed in libcrt, we can move x86 and
x86_64 libc to use libcrt as well.
Test: emulator boots
Bug: 122993569
Change-Id: If71c324180010a57e3e9598d758a4d6ab1a3c369
Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(),
which can be used to set an upper bound on the total size of all
allocations made using the memory allocation APIs.
This is useful for programs such as audioextractor and mediaserver
which need to set such a limit as a security mitigation. Currently
these programs are using setrlimit(RLIMIT_AS) which isn't exactly
what these programs want to control. RLIMIT_AS is also problematic
under sanitizers which allocate large amounts of address space as
shadow memory, and is especially problematic under shadow call stack,
which requires 16MB of address space per thread.
Add new unit tests for bionic.
Add new unit tests for malloc debug that verify that when the limit
is enabled, malloc debug still functions for nearly every allocation
function.
Bug: 118642754
Test: Ran bionic-unit-tests/bionic-unit-tests-static.
Test: Ran malloc debug tests and perfetto integration tests.
Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
The *.mountpoint targets that installs /bionic/lib/lib*.so and
/bionic/bin/linker* are no longer needed.
Now, /system/lib/lib*.so and /system/bin/linker* are simply symlinks to
the corresponding files in the runtime apex. For example,
/system/lib/libc.so -> /apex/com.android.runtime/lib/bionic/libc.so
This is made possible because we now activate APEXes even before the
data partition is mounted. Before the data partition mounting, the
APEXes from the system partition are ativated. After the data partition
is mounted, updated APEXes in the partition (if any) are activated. As a
result, the symlink always points to the valid path regardless of
whether /data is mounted or not.
Bug: 125549215
Test: device boots
Change-Id: Ie7d83686abe00b3c436f9f9db75d4244200a0fc9
malloc_info needs to be per native allocator, but the code treated it
like a global function that doesn't depend on the native memory allocator.
Update malloc debug to dump the actual pointers that it has been tracking.
Test: bionic-unit-tests pass.
Test: malloc debug tests pass.
Test: malloc hook tests pass.
Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e
Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e
(cherry picked from commit a3656a98b1)
After switching libm from libgcc to libcrt.builtins, some of the symbols
are no longer getting included in libm, causing the compiler to complain
about missing symbols from the version script. Explicitly export them in
libc (since libm depends on libc).
Bug: 122993571
Test: m checkbuild
Test: bionic-unit-tests
Change-Id: Ie91765874d20df605f557b1a8c4236619553c549
With the switch to libcrt.builtins, some symbols no longer becomes
exported. Add dummy references to them to force them to be exported.
This is to maintain backwards binary compatibility with ancient Android
versions.
x86 and x86_64 crashes with libcrt, keep using libgcc for now.
Test: bionic-unit-tests
Bug: 29275768
Bug: 122993569
Change-Id: Ieab5af354e3924af4a03d888b28c6e75090cb613
The pieces:
- The malloc common shared by static and dynamic code (malloc_common.cpp).
- The code for shared libraries that includes any dlopen'ing
(malloc_common_dynamic.cpp).
- The implementation of perfetto's heapprofd (malloc_heapprofd.cpp).
This makes it easier to see what's going on in the many different areas.
It should also make it easier to add the allocation capping option.
Other related changes:
- Update the unit tests for android_mallopt. All of the current options
don't work on static binaries, so make sure that is reflected in the test.
- A few names changes to make sure that all code is consistent.
Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests).
Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
NetBSD seems to be the least well maintained of our three BSD upstreams,
and it's already the one we use the least. Let's push a little further
in that direction...
Test: new smoke tests
Change-Id: Idfebd11794445fe14cbfa07177a7392a7b36a5e4
This change adds following files and symlinks:
Files:
/bionic/lib[64]/lib{c|dl|m}.so
/bionic/bin/linker[64]
Symlinks:
/system/lib[64]/lib{c|dl|m}.so -> /bionic/lib[64]/lib{c|dl|m}.so
/system/bin/linker[64] -> /bionic/bin/linker[64]
/system/bin/linker_asan[64] -> /bionic/bin/linker[64]
The files serve as mount points for either the bootstrap Bionic or the
default Bionic from the runtime APEX. init does the bind-mounting during
booting.
The symlinks are there to not change the ordinary paths to the bionic
files; there are many places that the paths are implied or hard-coded,
e.g., dlopen("/system/lib/libc.so") or DT_INTERP pointing to
/system/bin/linker in the vendor prebuilts.
Bug: 120266448
Test: m blueline, cf_x86, aosp_arm
The aforementioned files and symlinks are found
Change-Id: I97e38c29409ac0610dde285db8df6e94a7930094
Rename LinkerMemoryAllocator -> BionicAllocator
Rename LinkerSmallObjectAllocator -> BionicSmallObjectAllocator
libc and the linker need to share an instance of the allocator for
allocating and freeing dynamic ELF TLS memory (DTVs and segments). The
linker also continues to use this allocator.
Bug: http://b/78026329
Test: /data/nativetest/bionic-unit-tests-static
Test: /data/nativetest64/bionic-unit-tests-static
Test: /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: /data/nativetest64/linker-unit-tests/linker-unit-tests64
Change-Id: I2da037006ddf8041a75f3eba2071a8fcdcc223ce
Add a new function that installs a seccomp filter that checks
all setresuid/setresgid syscalls to fall within the passed in
uid/gid range. It allows all other syscalls through. Therefore,
this filter is meant to be used in addition to one of the
regular whitelist syscall filters. (If multiple seccomp filters
are installed a in process, all filters are run, and the most
restrictive result is used).
Since the regular app and app_zygote seccomp filters block all
other calls to change uid/gid (setuid, setgid, setgroups,
setreuid, setregid, setfsuid), combining these filters prevents
the process from using any other uid/gid than the one passed as
arguments to the new function.
Bug: 111434506
Test: atest CtsSeccompHostTestCases
Change-Id: If330efdafbedd8e7d38ca81896a4dbb0bc49f431
The APP_ZYGOTE seccomp policy is identical to the APP seccomp policy,
with the exception of allowing setresgid(32), which the app zygote
needs to be able to do (within a certain range).
Bug: 111434506
Test: manual
Change-Id: I34864837c981d201225e3e2e5501c0415a9a7dc8
Bionic maps typical C functions like setresuid() to a syscall,
depending on the architecture used. This tool generates a .h
file that maps all bionic functions in SYSCALLS.txt to the
syscall number used on a particular architecture. It can then
be used to generate correct seccomp policy at runtime.
Example output in func_to_syscall_nrs.h:
Bug: 111434506
Test: manually inspect func_to_syscall_nrs.h
Change-Id: I8bc5c1cb17a2e7b5c534b2e0496411f2d419ad86
This commit extracts `libc_headers` for `libasync_safe` and
`libpropertyinfoparser` (in the `system/core` repository).
Before this change, `libasync_safe` expects that `libc` is automatically
added to `system_shared_libs` of the libasync_safe vendor variant even
if `libc_defaults` explicitly declines any `system_shared_libs`.
This commit defines `libc_headers` for `libasync_safe` and
`libpropertyinfoparser` so that they can find the headers from libc
without causing circular dependencies.
Bug: 123006819
Test: make checkbuild
Change-Id: I2435ab61d36ff79ca2b4ef70bd898b795159c725
By sorting symbols by size, small symbols are grouped together and we
usually have less dirty pages at runtime. On cuttlefish, this results
in 20KB less dirty pages just after libc is loaded.
Bug: 112073665
Test: Build libc and check symbol ordering.
Test: Compare runtime private dirty memory usage on cuttlefish.
Change-Id: Ic8fa996f81adb5a8cbc4b97817d2b94ef0697a2a
For ELF TLS "local-exec" accesses, the static linker assumes that an
executable's TLS segment is located at a statically-known offset from the
thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86).
Because these layouts are incompatible, Bionic generally needs to allocate
its TLS slots differently between different architectures.
To allow per-architecture TLS slots:
- Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are
generally negative, while new x86 slots are generally positive.
- Define a bionic_tcb struct that provides two things:
- a void* raw_slots_storage[BIONIC_TLS_SLOTS] field
- an inline accessor function: void*& tls_slot(size_t tpindex);
For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots),
because the runtime linker doesn't know how large the static TLS area is
until after it has loaded all of the initial solibs.
To accommodate Golang, it's necessary to allocate the pthread keys at a
fixed, small, positive offset from the thread pointer.
This CL moves the pthread keys into bionic_tls, then allocates a single
mapping per thread that looks like so:
- stack guard
- stack [omitted for main thread and with pthread_attr_setstack]
- static TLS:
- bionic_tcb [exec TLS will either precede or succeed the TCB]
- bionic_tls [prefixed by the pthread keys]
- [solib TLS segments will be placed here]
- guard page
As before, if the new mapping includes a stack, the pthread_internal_t
is allocated on it.
At startup, Bionic allocates a temporary bionic_tcb object on the stack,
then allocates a temporary bionic_tls object using mmap. This mmap is
delayed because the linker can't currently call async_safe_fatal() before
relocating itself.
Later, Bionic allocates a stack-less thread mapping for the main thread,
and copies slots from the temporary TCB to the new TCB.
(See *::copy_from_bootstrap methods.)
Bug: http://b/78026329
Test: bionic unit tests
Test: verify that a Golang app still works
Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped
Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
(cherry picked from commit 1e660b70da)
By default, Clang uses this arm32 function to read the thread pointer,
either for ELF TLS or via __builtin_thread_pointer(). It's probably better
to inline the cp15 access using -mtp=cp15, but that's not the default yet.
See https://reviews.llvm.org/D34878?id=114573.
Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I93b8926075f0b2cea8df9ef518d54f2820a8ff5b
Bionic libs are part of the runtime APEX (com.android.runtime). In order
to be able to update the runtime APEX independetly from the platform, we
have to prevent things outside of the APEX from using bionic symbols
that are not guaranteed to be stable. Otherwise, platform could break
when a symbol is removed from the libs via the APEX update.
To achive this goal, this change adds stubs variant to the bionic libs.
With this, things outside of the runtime APEX (i.e. other APEXes and the
platform) are built with the stubs variants that provide only the
symbols that are guaranteed to be stable.
The set of symbols are basically the same as the symbols available to
NDK clients. However, there are a few additional symbols that are not
available for NDK but should be made available for platform components.
They are marked with "# apex" tag. Symbols with that tag are not exposed
to apps (via NDK stubs) or vendors (via LLNDK stubs).
Note that the stubs is a build-time only artifact. It is used just to
break the build when private symbols are used outside of the runtime
APEX. At runtime, the real library in the APEX is used.
Bug: 120266448
Test: m
Test: m bionic-unit-tests
Change-Id: I7b8d75830c81d7d7d54e2fca21a85b3417531b47
Add filegroups for libc sources not included in component static
libraries.
Bug: http://b/120406045
Bug: http://b/114470065
Test: make
Change-Id: I2045f14d6636e0da4eb741bfd2de3312475e20e3
It was discovered that we were building some objects inconsistently due
to an optimization in cc_library to only build objects once and use them
for both the static and shared libraries. But static libraries didn't
get system_shared_libs set automatically, and we didn't notice that we
would have built the objects differently.
So static libraries now get the default system_shared_libs, we allow
adjusting that for static vs shared in a cc_library, and we disable the
optimization if the linked libraries are configured differently between
static and shared in a single cc_library.
This triggers dependency cycles for static libraries that libc/libdl
use, so fix those cycles here.
Test: treehugger
Change-Id: I3cf7fda161a05ec32e0c1e871999720d12a4d38e
These modules have issues running with execute-only memory. Disable it
in them until we can resolve the issues.
Bug: 77958880
Test: No more XOM-related crashes in these binaries
Change-Id: Ie6c957731155566c2bbe7dbb7a91b9583d9aff93
Previous change was reverted in 9690b121e3.
This change added .arch directive to kryo/ to avoid invalid instruction error.
Test: Run bionic unit test.
Test: Use gdb to make sure the right function is selected.
Test: Build previously failed target: make PRODUCT-sdk_phone_arm64-sdk
Change-Id: I14de41851121fc1a0b38c98fda5eb844b6a9695c
This reverts commit ce4ff9c44d.
Reason for revert: broke master in ab/5138164 target sdk_phone_armv7-sdk
Change-Id: Ia4b0c7e6117a37df694509078116963f41d7865e
Adds libc_common_static and libc_common_shared targets. So that static
and shared objects can use different libraries.
In following changes I'll add dynamic dispatch code to
libc_common_shared.
Test: compile and run bionic unit test.
Change-Id: I056742fdf8af76ed7deb274c515951656b176fcb
This commit adds "include" (full path: "bionic/libc/include") to
exported_include_dirs for libc. Without this change,
header-abi-checker will strip all functions from ABI dumps.
Bug: 117963950
Test: libc.so.lsdump has a non-empty functions array
Change-Id: I192a4ec0251f1320ced56c6201818076ebd2a2da
A76 still uses A55 as little core. It should be ok to use the same
setting as A75 for now.
Bug: 117125298
Test: run bionic tests
Change-Id: Idfd15424c20ae60becb6539f6ae855f3e7c264cd
cc_objects are getting support for STL headers, disable them for
crt objects to avoid a circular dependency through libc++.
Test: m checkbuild
Change-Id: I4e0f4a2193ce98ec4b8802492add9014ec0dba98
Originally a BSD extension, now in glibc too. We've used it internally
for a while.
(cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.)
Bug: http://b/112163459
Test: ran tests
Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
I stumbled across this because I was looking at the various locks in libc.
Bug: N/A
Test: ran tests
Change-Id: I77c9954f49aaae7519ea7f4917bbe6f138b841ad
* Allow sanitization of libc (excluding existing global sanitizers)
and disallow sanitization of linker. The latter has not been
necessary before because HWASan is the first sanitizer to support
static binaries (with the exception of CFI, which is not used
globally).
* Static binary startup: initialize HWASan shadow very early so that
almost entire libc can be sanitized. The rest of initialization is
done in a global constructor; until that is done sanitized code can
run but can't report errors (will simply crash with SIGTRAP).
* Switch malloc_common from je_* to __sanitizer_*.
* Call hwasan functions when entering and leaving threads. We can not
intercept pthread_create when libc depends on libclang_rt.hwasan.
An alternative to this would be a callback interface like requested
here:
https://sourceware.org/glibc/wiki/ThreadPropertiesAPI
All of the above is behind a compile-time check
__has_feature(hwaddress_sanitizer). This means that HWASan actually
requires libc to be instrumented, and would not work otherwise. It's
an implementation choice that greatly reduces complexity of the tool.
Instrumented libc also guarantees that hwasan is present and
initialized in every process, which allows piecemeal sanitization
(i.e. library w/o main executable, or even individual static
libraries), unlike ASan.
Change-Id: If44c46b79b15049d1745ba46ec910ae4f355d19c
libc had some -Wimplicit-fallthrough warnings. They all seem to be
benign. We're trying to enable this flag globally, so we need to
annotate these breaks here.
Bug: 112564944
Test: Builds
Change-Id: I5afae694cc4cf26ad1a61e2c8ae91f00cda7c733
This change avoids having to run the genseccomp.py script every time a
policy file is edited, and instead generates these files at
compile-time.
Bug: None
Test: m
Test: find out/soong/ -name x86_64_global_policy.cpp # Shows files
Test: generated policies are equivalent to original policies
Change-Id: I12461fe0c5fb02c008c1b2503fbb994b8aa2f56b
Add two functions to allow objects that own a file descriptor to
enforce that only they can close their file descriptor.
Use them in FILE* and DIR*.
Bug: http://b/110100358
Test: bionic_unit_tests
Test: aosp/master boots without errors
Test: treehugger
Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45
pclose(3) is now an alias for fclose(3). We could add a FORTIFY check
that you use pclose(3) if and only if you used popen(3), but there seems
little value to that when we can just do the right thing.
This patch also adds the missing locking to _fwalk --- we need to lock
both the global list of FILE*s and also each FILE* we touch. POSIX says
that "The popen() function shall ensure that any streams from previous
popen() calls that remain open in the parent process are closed in the
new child process", which we implement via _fwalk(fclose) in the child,
but we might want to just make *all* popen(3) file descriptors O_CLOEXEC
in all cases.
Ignore fewer errors in popen(3) failure cases.
Improve popen(3) test coverage.
Bug: http://b/72470344
Test: ran tests
Change-Id: Ic937594bf28ec88b375f7e5825b9c05f500af438
__libc_sysinfo is hidden, so accessing it doesn't require a relocated GOT.
It is important not to have a relocatable initializer on __libc_sysinfo,
because if it did have one, and if we initialized it before relocating the
linker, then on 32-bit x86 (which uses REL rather than RELA), the
relocation step would calculate the wrong addend and overwrite
__libc_sysinfo with garbage.
Asides:
* It'd be simpler to keep the __libc_sysinfo initializer for static
executables, but the loader pulls in libc_init_static (even though it
uses almost none of the code in that file, like __libc_init).
* The loader has called __libc_init_sysinfo three times by the time it
has relocated itself. A static executable calls it twice, while libc.so
calls it only once.
Bug: none
Test: lunch aosp_x86-userdebug ; emulator
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: adb shell /data/nativetest/bionic-unit-tests-static/bionic-unit-tests-static
Change-Id: I5944f57847db7191608f4f83dde22b49e279e6cb
Global flag --pack-dyn-relocs=android is used with clang lld.
For b/24465209, we need to override that with --pack-dyn-relocs=none.
Bug: 80093890
Bug: 24465209
Test: build with USE_CLANG_LLD=true and run dlext.compat_elf_hash_and_relocation_tables
Change-Id: Ic3837446ff0deccf4e66425b39d3b062abcacc5e
See longer explanation in b/80093890.
Clang lld does not generate expected DT_REL and DT_RELA tags
with --hash-style=both and --pack-dyn-relocs=android.
I am not sure about the extent of b/24465209, so
I would rather not to use lld for these .so files for now.
Bug: 80093890
Bug: 24465209
Test: build with USE_CLANG_LLD=true and run dlext.compat_elf_hash_and_relocation_tables
Change-Id: I94e9fe8d687daeadb0182ae26596ca11d3f8bd9b
Libraries that are direct or indirect dependencies of modules installed
to recovery partition (e.g. toybox) are marked as recovery_available:
true. This allows a recovery variant of the lib is created when it is
depended by other recovery or recovery_available modules.
Bug: 67916654
Bug: 64960723
Bug: 63673171
Bug: 29921292
Test: m -j
Change-Id: I59bf859a10a218af6591025a0fe7d1853e328405
Bug: 78133793
Bug: 78242072
Test: Builds and ran to verify best libc routines.
Change-Id: I2299b8f0f6379c9003072764978ea917b74aee4f
Merged-In: I2299b8f0f6379c9003072764978ea917b74aee4f
(cherry picked from commit 3162eb3b81)
This reverts commit 2e7145c048.
When src is at the end page, the sse2 strlcpy SSE2 optimized version
can issue a movdqu instruction that can cross the page boundary. If
the next page is not allocated to that process, it leads to
segmentation fault. This is a rare but has be caught multiple times
during robustness testing.
We isolated a way to reproduce that issue outside of an Android device
and we have been able to resolve this particular case. However, we
ran some additional compliance and robustness tests and found several
other similar page crossing issues with this implementation.
In conclusion, this optimization needs to be re-written from scratch
because its design is at cause. In the meantime, it is better to
remove it.
Change-Id: If90450de430ba9b7cd9282a422783beabd701f3d
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
We saw crashes from pthread_exit+debuggerd on LP32
(https://issuetracker.google.com/72291624), and it seems like the
equivalent problem should exist with system(3). I fixed posix_spawn(3)
as part of that bug, so the easiest fix is probably to reuse that.
Bug: http://b/72470344
Test: ran tests
Change-Id: I05f838706f2b4a14ac3ee21292833e6c8579b0d4
Otherwise clang inlines it into pthread_sigmask(3), which breaks libsigchain.
Bug: http://b/73344857
Test: ran tests, plus the app this broke
Change-Id: Ie4a1dc8f9c6ba58d1a2fa69aeff961c70b74767d
Caused problems for some Google source switching to unified headers
because the legacy headers just used #define instead.
Bug: http://b/73210428
Test: builds
Change-Id: If8a36f284031e57af419903610029a8c34a23d91
Add the capability to read /etc/passwd and /etc/group for getpw* and
getgr* functions.
Bug: 27999086
Test: pwd, grp, grp_pwd_file unit tests
Test: Read in custom users/groups from /etc/{passwd,group}
Change-Id: Idc1f054af8a7ca34743a90493495f0ccc775a0d8
The error handling was a mess, resulting in an infinite loop
(and a test timeout) if you actually took the /dev/urandom
fallback. I'm also unconvinced that the getrandom(2) path was correct
because of the various reasons why we might get a short count back
(http://man7.org/linux/man-pages/man2/getrandom.2.html). In this version,
the two paths look very similar except for the getrandom(2) failure case,
where it's now much clearer that we just give up so that we can boot
(http://b/33059407).
Bug: http://b/33059407
Bug: http://b/67015565
Test: ran tests on hikey and a ICS Galaxy Nexus
Change-Id: Ie715d59b46f7a70bae66943c316168838787b40d
This doesn't address `struct sigaction` and `sigaction`. That will
come later.
Bug: http://b/72493232
Test: ran tests
Change-Id: I4134346757ce3a4dac6feae413361cec16223386
Makes no difference to the benchmarks, but does make the code a bit
more readable.
Bug: http://b/68672236
Test: ran tests, benchmarks
Change-Id: I63fa5f78d077c86e4f4f194f2c76ab5510c29109
This is a squash revert of a4a4854 and 1b0f2b4
Revert "Remove a test for backwards compatibility we no longer support."
This reverts commit a4a485454a.
# This is the commit message #2:
Revert "Remove obsolete workaround."
This reverts commit 1b0f2b49d5.
Bug: 72143978
Bug: 24465209
Test: Tested failing case on sailfish, reverted back all CL's since
Test: 3471433 for b/24465209 and apps open
This is also slightly faster for the no VDSO case (56ns vs 66ns).
Bug: N/A
Test: ran tests, benchmarks
Change-Id: I2b0edd06ee6942eb57c32678279278a53ca5ee9b
Introduce new flag to mark soinfo as TLS_NODELETE when
there are thread_local dtors associated with dso_handle
belonging to it.
Test: bionic-unit-tests --gtest_filter=dl*
Test: bionic-unit-tests-glibc --gtest_filter=dl*
Bug: https://github.com/android-ndk/ndk/issues/360
Change-Id: I724ef89fc899788f95c47e6372c38b3313f18fed
Toolbox is moving to Android.bp, and its genrule needs access to these
kernel headers.
Test: mmma system/core/toolbox
Change-Id: I213a36e1f4bb5d4e3e3e105ed7ab01ec945014a2
There are no meaningful changes here, just a minimal conversion to two
C++ templates to make further changes easier.
Bug: N/A
Test: ran tests, benchmarks
Change-Id: I958fbf17a85f19dd8f17bfb4bbb9314d220daa3b
Reinitializing system properties can result in crashes later in the
program, and is generally not recommended or even supported. This
change moves the actual logic for system properties into a class that
can be tested in isolation, without reinitializing the actual system
property area used in libc.
Bug: 62197783
Test: boot devices, ensure properties work
Test: system property unit tests and benchmarks
Change-Id: I9ae6e1b56c62f51a4d3fdb5b62b8926cef545649
This adds support for reading a serialized
/dev/__properties__/property_info file, which contains a
serialized trie that maps property names to the SELinux context to
which they belong.
Performance wise on walleye, this change reduces the start up cost in
libc from ~3000us to ~430us. On a benchmark that calls
__system_property_find() for each property set on the system, it
reduces the time per iteration from ~650us to ~292us.
Bug: 36001741
Test: Boot bullhead, walleye, run unit tests
Test: Benchmark initialization and lookup performance
Change-Id: I0887a3a7da88eb51b6d1bd494fa5bce593423599
system_properties.cpp is a little bit unmanageable in its current
form, and is overdue for a refactoring into more clearly defined
components.
Of particular interest, is creating of a Contexts interface that
handles mapping of system property name -> SEContext and its
associated prop_area, and creating two classes that implement the
current and legacy functionality. This is needed as there will likely
be a third even newer way to do this mapping.
Bug: 36001741
Test: boot bullhead, system property unit tests
Change-Id: Ie75ec6fea1a95f90813918f54669d533e51327c6
Make crt_so_defaults inherit from crt_defaults, remove duplicates
from crt_so_defaults, and make the users of crt_so_defaults not
directly use crt_defaults.
Test: m checkbuild
Change-Id: I1448a5a4c86521b994fd4d79120e0b7d3a9c5ba9
no_default_compiler_flags is unnecessary and causes problems when
necessary flags like -no-canonical-prefixes are not passed.
Bug: 68719465
Test: m checkbuild
Change-Id: Ifdc68067eb3208b151b0a96820aa9a57b82db057
This patch switches to C++ (in anticipation of needing it later), removes
a little duplication (via a macro for now), and ensures uniform support
for %C/%lc and %S/%ls between regular and wide (with new tests).
Since it's so hard to debug problems in printf (as the time I've wasted
already today will testify), that's all I want to do in this change. The
other 500 lines of diff can wait...
(Also merge "floatio.h" into "local.h" now all the users are in forked
code.)
Bug: http://b/67371539
Test: ran tests
Change-Id: I083353d89c32b9302d759ca6967cc6d8a62cd8a5
Also simplify trivial one-liners like perror/puts/fputs, and clean up
fread/fwrite slightly.
Fix perror to match POSIX.
Add basic perror and *_unlocked tests.
Bug: N/A
Test: ran tests
Change-Id: I63f83c8e0c15c3c4096509d17421ac331b6fc23d
Move all the new checks over to the existing __fortify_fatal.
Bug: http://b/67455242
Test: ran tests
Change-Id: Idb899c58c32d52d3b423caf1a91feb7defcba9b3
Surprisingly to me, there are actual uses of `swab` in the codebases
I have available to search, including one with a #ifndef __ANDROID__
around it.
Bug: N/A
Test: ran tests
Change-Id: Ic91b78ae22bb65c346cb46dd38916f48d979abe0
Add a static library containing the non-pthread dependent parts of
libc.
Bug: http://b/64400027
Test: sailfish boots
Test: bionic-unit-tests32/64, no new failures
Test: bionic-unit-tests-static32/64, no new failures
Change-Id: I93dc3811acddad7936d11b369b98cefd945ee2d5
<machine/asm.h> was internal use only.
<machine/fenv.h> is quite large, but can live in <bits/...>.
<machine/regdef.h> is trivially replaced by saying $x instead of x in
our assembler.
<machine/setjmp.h> is trivially inlined into <setjmp.h>.
<sgidefs.h> is unused.
Bug: N/A
Test: builds
Change-Id: Id05dbab43a2f9537486efb8f27a5ef167b055815
If (2nd) arch is "arm", (2nd) arch variant is "armv7-a-neon" or
"armv8-a", and (2nd) cpu variant is "generic", current Android.bp only
uses generic ARM assmebly or C code, even though they all have NEON.
This change use functions optimized for cortex-a15 (for these generic
cores), which are a reasonable balance for most ARM cores with Neon.
Also build script for specific armv7/armv8 cores are refactored to
take advantage of the common part (mostly cortex-a15 code), so more
than 150 repeated lines are removed.
Bug: 66064745
Test: For armv7-a-neon/armv8-a "generic" core
- boot with GSI on sailfish
- related cortex-a15 function are built and linked.
All libc.a/libc.so built are identical for the following cores:
- cortex-a7, cortex-a8, cortex-a9, cortex-a15, krait
- cortex-a53, cortex-a53.a57, cortex-a73, denver, kryo
$ lunch aosp_arm64 # with TARGET_2ND_CPU_VARIANT unset
# For each $core listed above
$ TARGET_2ND_CPU_VARIANT=$core m -e -j libc
Change-Id: Ia565d3ea09e034adcd014e7467a5b791cff908cb
On aarch64/x86/x86_64 add a macro that inserts a cfi directive that will
stop unwinding.
For arm, clang doesn't allow emitting .cantunwind, so add a comment and
leave it the same as it current is.
Add this macro to __libc_init and __start_thread.
Also, remove duplicate compilation of libc_init_static.cpp that already
includes the static library that includes that file.
Bug: 15469122
Test: Did unwinds using new unwinder tool (unwind) and debuggerd -b
Test: and verified new unwinder works on aarch64/x86/x86_64.
Test: Verified that it works on old unwinder for aarch64/x86, but
Test: x86_64 doesn't work properly, but as well as before.
Change-Id: I77302e8f6c7ba1549d98a4a164106ee82c9ecadc
This is the FreeBSD implementation, plus some tests. The FreeBSD
implementation includes the GNU extensions and seems to be what
iOS is using too, which should provide bug compatibility for app
developers.
The code unfortunately uses a lot of stack, and uses FreeBSD locale
implementation that we don't have, but it does seem better maintained
than the other BSDs.
Bug: http://b/29251134
Test: ran tests
Change-Id: Ie477b45e42a6df1319b25712098519d2b33adf67
The linux kernel requires that the ELF interpreter (runtime linker)
that's referenced by PT_INTERP be either an absolute path, or a relative
path from the current working directory. We'd prefer a relative path
from the binary, similarly to how we handle looking up shared libraries,
but that's not supported.
Instead, extract the LOAD segments from the runtime linker ELF binary
and embed them into each host bionic binary, omitting the PT_INTERP
declaration. The kernel will treat it as a static binary, and we'll use
a special entry point (linker_wrapper) to fix up the arguments passed by
the kernel before jumping to the embedded linker. From the linker's
point of view, it looks like the kernel loaded the linker like normal.
Bug: 31559095
Test: Enable host bionic, build and run libdemangle_test
Change-Id: I1753401ef91eecbf0ae3376faca31eec1c53842b
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: Id8b5361d18c1b2febb2dc6cc44502feaa08f605c
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
For treble enabled devices, still return the appropriate shell depending
on whether the process is a vendor process or a system one.
Test: Manual testing: on a bullhead device, ran test programs from
/vendor/bin which used popen() and system(). The calls succeeded.
Bug: 65054230
Bug: 64516799
Merged-In: I15dfdbb107cfca7c0f92f337c9bb46b9876eb38e
Change-Id: I15dfdbb107cfca7c0f92f337c9bb46b9876eb38e
(cherry picked from commit 1e52871773)
I'm unable to find a bug, but we've had requests for this internally
once or twice (though I pointed those folks at the STL), and there's
code we build for the host or in our bootloaders that would use this,
and there's reasonable-looking FreeBSD implementation ready and waiting.
Bug: N/A
Test: ran tests
Change-Id: I6ddee4b71bea4c22ed015debd31d3eaac4fcdd35
Library calls like system() and popen() invoke the shell executable
pointed to by '_PATH_BSHELL' in order to run the command passed into the
function. The _PATH_BSHELL points to /system/bin/sh by default and thus
breaks any vendor process trying to use system() / popen(), as they are
denied access to system shell by selinux.
This CL make necessary changes, so the implmentations of system() and popen()
can use the appropriate shell (e.g. /vendor/bin/sh for processes running
out of /vendor partition). Also, changes the implementation of system()
and popen().
Bug: 64832610
Test: Manual, Using a test program running from /system/bin and
/vendor/bin to ensure correct shell is being used.
Change-Id: Ie7168d69decb1ae98284446ae7db34dec930dc33
Merged-In: Ie7168d69decb1ae98284446ae7db34dec930dc33
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit aa3e32422c)
pthread's and semaphore's default behavior is to use CLOCK_REALTIME,
however this behavior is essentially never intended, as that clock is
prone to change discontinuously.
What users really intend is to use CLOCK_MONOTONIC, however only
pthread_cond_timedwait() provides this as an option and even there, a
large amount of existing code does not opt into CLOCK_MONOTONIC.
We have seen numerous bugs directly attributable to this difference.
Therefore, we provide this general workaround to always use
CLOCK_MONOTONIC for waiting, regardless of what the input timespec
is.
Specifically this impacts the below APIs:
pthread_mutex_timedlock()
pthread_cond_timedwait()
pthread_rwlock_timedrdlock()
pthread_rwlock_timedwrlock()
sem_timedwait()
Test: boot bullhead, boot sailfish
Test: bionic pthread/semaphore unit tests
Test: check that pthread_cond_timedwait() timeouts are uneffected by
CLOCK_REALTIME time changes
Bug: 64694413
Bug: 64623895
Bug: 35756266
Bug: 35678943
Change-Id: Ibba98f5d88be1c306d14e9b9366302ecbef6d534
This patch cleans up our standard headers by moving most of the FORTIFY
cruft out in to its own sandbox. In order to include the *_chk and
*_real declarations, you can either enable FORTIFY, or `#define
__BIONIC_DECLARE_FORTIFY_HELPERS`.
Both sys/select.h and strings.h are explicitly ignored by this patch.
Both of these files have very small __BIONIC_FORTIFY blocks, and don't
define any actual FORTIFY'ed functions (just macros, and 3 *_chk
functions).
This patch also makes the versioner ignore the FORTIFY implementation
headers, since we're guaranteed to pick the FORTIFY'ed headers up when
looking at the regular headers. (...Not to mention that making the
FORTIFY'ed headers freestanding would be annoying to do and maintain for
~no benefit).
We bake the knowledge of where FORTIFY headers live directly into the
versioner. We could go with a more general approach (e.g. adding an -X
IGNORED_FILE flag that tells the versioner to ignore
$HEADER_PATH/$IGNORED_FILE), but we'd then have to repeat that for every
test, every manual invocation of the versioner, etc. for no benefit
that's obvious to me.
Bug: 12231437
Test: m checkbuild on bullhead internal master + CtsBionicTestCases. no
new errors.
Change-Id: Iffc0cc609009b33d989cdaddde0a809282131a5b
And then -Wno-gcc-compat in the right place this time. (But leaving the
other one because I don't care in the non-crtbegin code either.)
Bug: N/A
Test: builds without warnings now
Change-Id: Id2cfa3392ee80c045644ebfdf92c6d341db90964
This addresses post-commit feedback from
I88c39ca166bacde0b692aa3063e743bb046a5d2f. With this, our FORTIFY impl
now sits in one file.
Bug: 12231437
Test: mma; no new CtsBionicTestCases failures on bullhead internal
master.
Change-Id: I6f9ff81c3e86cf9d6a0efa650eb5765f1e2fa09c
If _start_main is static, clang optimizes it out and then generates an
undefined reference from the inline assembler, so let's explicitly tell
the compiler it's used.
Bug: N/A
Test: ran tests
Change-Id: Iba3d9c63abae9a0dc32f236b01783515f0190956
As requested in the bug. This also rips __memcpy_chk out of memcpy.S,
which lets us cut down on copypasta (all of the implementations look
identical).
Bug: 12231437
Test: mma on aosp_{arm,arm64,mips,x86,x86_64} internal master;
checkbuild on bullhead internal master; CtsBionicTestCases on bullhead.
No new failures.
Change-Id: I88c39ca166bacde0b692aa3063e743bb046a5d2f
...by inlining them.
Also fix a couple of harmless bugs in passing. I've added tests, but in
both cases I don't think it was actually possible to hit the bad behavior:
we'd hit another test and fail immediately after in an externally
indistinguishable way.
Bug: N/A
Test: readelf
Change-Id: I8466050b0bfe2b7b94c76b383cf10c1d9d28debd
Almost all of our w* functions come from FreeBSD already. The one downside is
that we can't take all our w* functions from FreeBSD because FreeBSD handles
locales very differently from us.
Bug: N/A
Test: ran tests
Change-Id: I177b4332499992babd5d5afe5b3f469f8c4345a5
Upstream's killpg is diverging further from glibc behavior, so let's just fork.
Bug: N/A
Test: ran tests
Change-Id: I70a3543018bc0a5c0bbf019ac527043b90568fda
__libc_preinit sets up the stack protector global cookie value, and thus
cannot intialize a stack protector cookie for itself in the function
prologue. LTO compilation can inline functions requiring a stack
protector into __libc_preinit. This patch disables stack protection for
__libc_preinit and forces all potentially inlined functions into a
helper that can have a stack protector.
Test: run bionic-unit-tests
Change-Id: I45911611190f216c91eb6feff722967214c5f99f
Callers are supposed to #include <scsi/sg.h> but if we tell soong to add
bionic/libc/kernel/android/ to the include path, the uapi headers in there
would be (unintentionally) accessible as either <linux/name.h> or
<uapi/linux/name.h>.
Bug: N/A (hit while upgrading strace to 4.17)
Test: builds
Change-Id: I8d47dd51da688c38f747a255d401dfb2c209c805
Using __builtin_frame_address was clever, but didn't work for arm64 (for
reasons which were never investigated) and the ChromeOS folks claim it
causes trouble for x86 with ARC++ (though without a reproduceable test case).
Naked functions turn out to be quite unevenly supported: some architectures
do the right thing, others don't; some architectures warn, others don't (and
the warnings don't always match the platforms that _actually_ have problems).
Inline assembler also removes the guessing games: everyone knows what the
couple of instructions _ought_ to be, and now we don't have to reason about
what the compiler will actually do (yet still keep the majority of the code
in C).
Bug: N/A
Test: builds, boots
Change-Id: I14207ef50ca46b6eca273c3cb7509c311146a3ca
Bug: 37647380
Test: Built target with cortex-a73 for both 32 bit/64 bit.
Test: Built target with cortex-a53.cortex-a57 for both 32 bit/64 bit.
Test: Ran bionic unit tests, ran art target tests.
(cherry picked from commit 6fca047b53)
Change-Id: I2c48e1bc7f4a3c4548d1c66f87eab19c8618a0b8
This library is used by a number of different libraries in the system.
Make it easy for platform libraries to use this library and create
an actual exported include file.
Change the names of the functions to reflect the new name of the library.
Run clang_format on the async_safe_log.cpp file since the formatting is
all over the place.
Bug: 31919199
Test: Compiled for angler/bullhead, and booted.
Test: Ran bionic unit tests.
Test: Ran the malloc debug tests.
Change-Id: I8071bf690c17b0ea3bc8dc5749cdd5b6ad58478a
We have some non-upstream (but Android common kernel) scsi headers to include
in the NDK.
Bug: N/A
Test: checked out/soong/ndk/sysroot
Change-Id: If7611e1e554ada63f266ec99d95dfedb99562ae9
This will build separate copies of the CRT for vendor vs system when
BOARD_VNDK_VERSION is set. We'll be able to change crtbrand / etc as
needed with #ifdef __ANDROID_VNDK__ and similar.
Bug: 36426473
Bug: 36079834
Test: Put #ifdef __ANDROID_VNDK__ into crtbrand.S, see changes
Change-Id: I7db0cccfe94d144f072e7cef23832884f3c066f0
Since localtime.c is C, this entails pulling our code out into its own
C++ file, which we should probably have done years ago anyway.
Bug: N/A
Test: ran tests, and manually tested via Settings
Change-Id: Ifc787a553e8f739a87641a2d35321aca40a47286
Soong handles these automatically now.
Bug: 33241851
Test: Android-aosp_arm.mk is the same before/after
Test: build.ninja is the same before/after
Test: build-aosp_arm.ninja is the same before/after
Merged-In: Ibfe4cf5db732d9007b1cc12dbc523c427de1b23d
Change-Id: Ibfe4cf5db732d9007b1cc12dbc523c427de1b23d
The stub libraries are the same as the (equivalent version) NDK, but
they also contain symbols tagged with 'vndk'. Except there are none of
those in Bionic currently.
For headers, the LLNDK/VNDK isn't using a sysroot like the NDK. Nor is
it hardcoding an explicit source path list like the platform. Instead it
runs the bionic/libc/include directory through versioner like the NDK,
then exports those generated headers and the kernel headers from the
stub library like any other exported header. Except it uses -isystem
instead of -I due to export_headers_as_system.
Test: aosp_arm; m -j
Test: Enable BOARD_VNDK_VERSION on aosp_arm; m -j
Test: Inspect out/soong/build.ninja before/after (w/o vndk)
Change-Id: Ief58a73907a83053b408b1d4b62999cba470d61c
