Commit graph

130 commits

Author SHA1 Message Date
Ji-Hwan Lee
f186a1819a Support non-zero p_vaddr in first PT_LOAD segment
Before changing mmap() permission to PROT_NONE in alloc_mem_region(),
such libraries once worked with a bug that uses mmap'ed region outside of
memory region allocated by alloc_mem_region().  This possibly incurs
SIGSEGV because it can overwrite memory region of previously loaded
library, but it sometimes worked, depending on loading order.

After PROT_NONE, this caused SIGSEGV earlier during calculation of
si->phdr in load_library(), but this was fixed by:

    75917c84d1  Use mmap to read an ...

Now the behaviour is the same as before applying PROT_NONE in
alloc_mem_region().

This CL fixed the original issue, supporting shared libraries that have
non-zero p_vaddr in first (= with lowest p_vaddr) PT_LOAD segment.

Bug: 6561258
Change-Id: Ib6176dd3e44c4d99a340eb1cbd16fb037586b0bc
2012-06-04 07:44:10 -07:00
Ji-Hwan Lee
75917c84d1 Use mmap to read an initial ELF header of library
Also, fixes SIGSEV during calculation of si->phdr in load_library(),
which is caused by accessing PHDR area, which is not guaranteed to be
loaded.

Note that this usually does not happen because program header area is
covered by immediately following PT_LOAD entry.  But it does not hold
always.

Bug: 6561258
Change-Id: Ie376253c773b5420279ca89044e81b1aad5a5736
2012-05-26 06:15:50 +09:00
Nick Kralevich
94179a509e linker: remove STB_LOCAL hack
The ARM static linker wasn't properly handling __exidx_start
and __exidx_end symbols. Now that the static linker has been fixed,
we don't need the dynamic linker to work around this problem.

Change-Id: I041b94903609fafab33663a7d441a5e70b7ffcdd
2012-04-23 16:50:34 -07:00
Evgeniy Stepanov
1a78fbb5c8 Initialize TLS before any application code is run.
Since e19d702b8e, dlsym and friends use recursive mutexes that
require the current thread id, which is not available before the libc
constructor. This prevents us from using dlsym() in .preinit_array.

This change moves TLS initialization from libc constructor to the earliest
possible point - immediately after linker itself is relocated. As a result,
pthread_internal_t for the initial thread is available from the start.

As a bonus, values stored in TLS in .preinit_array are not lost when libc is
initialized.

Change-Id: Iee5a710ee000173bff63e924adeb4a4c600c1e2d
2012-04-13 00:08:11 +04:00
Nick Kralevich
7f03d2356f Revert "linker: remove STB_LOCAL hack"
This reverts commit 61ff83475c.

This code is harmless, and only applies to the linker, so
there's no harm in keeping it in the tree a little bit longer.
Let's roll this back while we try to figure out the root cause
of bug 6314858.

Bug: 6314858
Change-Id: I9f5ed81d23a7abe273baf792aa8a0a2839ef094c
2012-04-10 13:49:35 -07:00
Nick Kralevich
61ff83475c linker: remove STB_LOCAL hack
The ARM static linker wasn't properly handling __exidx_start
and __exidx_end symbols. Now that the static linker has been fixed,
we don't need the dynamic linker to work around this problem.

Change-Id: Ic567122b6c7746cc016795e2befba2c6bd7c0478
2012-04-09 12:50:17 -07:00
Nick Kralevich
8c4f3ce8d0 linker: surround "debug_verbosity" by "#if LINKER_DEBUG"
Avoid executing useless code when we're not compiled
with debugging support.

Change-Id: Iea1821b241acacdf65d1a91d743356058dfef273
2012-04-04 12:43:32 -07:00
Nick Kralevich
3a7ea52f17 linker: enable -fvisibility=hidden
Compile the linker with -fvisibility=hidden. This reduces the number
of symbols that show up in the .dynsym section of the linker.
These symbols are never exported to other applications.

In particular, this fixes a problem with setting -DLINKER_DEBUG=1
introduced in 468319ce4f.
Because the symbols "debug_verbosity" and "format_log" have not been
resolved before the linker links itself, any attempt to call
PRINT / INFO / TRACE / WARN / ERROR will result in a segfault.
This change allows the static linker to produce a relative reference
to these symbols rather than relying on relocation.

This also has a nice side effect of making the linker slightly smaller
and slightly more optimized.

The following symbols no longer in the .dynsym section of the linker
after this change:

-addr_to_name
-call_constructors_recursi
-calloc
-debugger_init
-debugger_signal_handler
-debug_verbosity
-dladdr
-dlclose
-dlerror
-dl_lock
-dlopen
-dlsym
-dl_unwind_find_exidx
-find_containing_library
-find_containing_symbol
-find_library
-format_buffer
-free
-libdl_info
-linker_env_get
-linker_env_init
-linker_env_secure
-linker_env_unset
-linker_get_error
-__linker_init
-lookup
-lookup_in_library
-malloc
-notify_gdb_of_libraries
-notify_gdb_of_load
-notify_gdb_of_unload
-realloc
-rtld_db_dlactivity
-unload_library
-vsnprintf

Bug: 5827809
Change-Id: I5e8cd7dcf48c1d6831a970a67f63f24916c5e437
2012-04-04 11:13:51 -07:00
Nick Kralevich
aac0dc97a9 Merge "linker: fix off-by-one error in GNU_RELRO handling" 2012-03-20 10:52:42 -07:00
Nick Kralevich
d73b5cafa0 linker: fix off-by-one error in GNU_RELRO handling
Fix a bug where the GNU_RELRO end address could be exactly
the end of the loadable segment.

Change-Id: If6c43acabc06e9aff9217c0f6016e158b28bb41f
2012-03-20 09:24:58 -07:00
Nick Kralevich
6625986f3a linker: initially reserved memory as PROT_NONE
When the dynamic linker loads a shared library into memory, it
initially allocates a chunk of memory. The memory is then carved
into smaller chunks for each LOAD region, and appropriate memory
protections applied.

Modify the initial memory allocation so that the pages are mapped
as PROT_NONE, rather than PROT_READ / PROT_EXEC. This ensures that
gaps between LOAD regions are not inadvertantly readable / executable.

(Long term, we should munmap() these gaps entirely)

Change-Id: If128a203ccc6fe12dcbbd2bfe0cf13a2045675af
2012-03-16 13:06:12 -07:00
Andy McFadden
ca9a0712b8 Re-throw signals
If we catch a fatal signal that won't automatically re-throw when
the thread resumes, re-throw it manually.  (Common examples are
SIGPIPE and the SIGFPE from integer division by zero.)

Change-Id: I329e6d4db907047c555957b42cbd09c50fc808e7
2012-03-08 11:14:37 -08:00
Marco Nelissen
e5cf8166dc Merge "Log the thread id and name for fatal signals." 2012-03-07 13:09:36 -08:00
Marco Nelissen
3df3e672f5 Log the thread id and name for fatal signals.
This adds the thread id and name to the "Fatal signal" logging,
making it easier to track down where in process it actually crashed.

Change-Id: I17a365042b2f10b161debe98bc2e7070af055dfb
2012-03-07 12:32:15 -08:00
Nick Kralevich
9ec0f03a0d Add relro support
Add support for PT_GNU_RELRO. This allows the static linker to
indicate that certain regions of memory should be marked as
"read-only" after dynamic linking is complete.

See:
  * http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
  * http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Note that this change has no effect on Android right now, because
we don't compile our code with relro enabled.

Change-Id: I6541f8775367e8558b4388f7d105b1ae6e8f046b
2012-03-05 16:44:42 -08:00
Jean-Baptiste Queru
76ab561b4d am 49a05c06: am 62daffe1: am f9c5afb1: Merge "Redesign dlopen() locks to be recursive per thread."
* commit '49a05c060acd4d3e17b2819f00a694271bf40977':
  Redesign dlopen() locks to be recursive per thread.
2012-02-23 11:20:49 -08:00
Pavel Chupin
e19d702b8e Redesign dlopen() locks to be recursive per thread.
That is to fix the bug:
dlxxx functions can't be called recursively.
For example, if we use dlopen() to use open one library whose constructor
also calls dlopen() in order to open another library, then the thread is
dead-blocked.

By changing the dl_lock from a non-recursive lock to a recursive lock, we can
prevent the thread from dead-blocked by recursive dlxxx calls in the same
thread context.

Change-Id: I1018b41c82f4641cc009c0a2eda31f5a47a534f9
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
2012-02-21 14:57:26 -08:00
David 'Digit' Turner
9db064a0d3 am 5d7181a7: am 68fc85ff: am 177a7706: linker: fix x86 build
* commit '5d7181a71c0b066fe6c19b9c5906bd694a399a59':
  linker: fix x86 build
2012-02-01 11:24:29 -08:00
David 'Digit' Turner
177a77067b linker: fix x86 build
Change-Id: I47d76a0f50515013c37ccef89accba03cc69529d
2012-02-01 10:47:04 -08:00
Jean-Baptiste Queru
25b7a16a6e Merge c4cb87f3
Change-Id: I4cc14eba43fde75a7702fdc7ad07d3d949e9c092
2012-02-01 09:46:08 -08:00
David 'Digit' Turner
70b1668a76 remove obsolete SuperH support
We don't have a toolchain anymore, we don't have working original
kernel headers, and nobody is maintaining this so there is really
no point in keeping this here. Details of the patch:

- removed code paths from Android.mk files related to the SuperH
  architecture ("sh")

- removed libc/arch-sh, linker/arch-sh, libc/kernel/arch-sh

- simplified libc/SYSCALLS.TXT

- simplified the scripts in libc/tools/ and libc/kernel/tools

Change-Id: I26b0e1422bdc347489e4573e2fbec0e402f75560

Signed-off-by: David 'Digit' Turner <digit@android.com>
2012-01-31 20:28:23 +01:00
Jesse Hall
f5d1693e3c Fix recursive ELF constructor check
The flag to avoid calling ELF constructors recursively (in the case
of recursive .so dependencies) was being set after the dangerous
recursive constructor call had already been made.

This fixes the libc's debug malloc implementation.

Change-Id: I5e601f0ea19ab1df81b8b1ad4df25c3eab0ccda4
2012-01-30 15:39:57 -08:00
Andy McFadden
1fc51769de Log debuggerd connection failures
Write a message to the log file if the signal handler is not able
to connect to debuggerd.  This is especially handy if the failure
was caused by running out of file descriptors, since there's some
chance that the lack of fds relates to the crash.

Sample:

 F libc    : Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
 F libc    : Unable to open connection to debuggerd: Too many open files

Bug 5926330

Change-Id: I0ff210d82ab1db39b08f328bae5e08f67a69e5d7
2012-01-26 13:40:38 -08:00
Jean-Baptiste Queru
f20d59e691 am c83c1da5: am cee8425f: Merge "Move variable declaration on its own line"
* commit 'c83c1da54831ef1c9ff59cf9df8d5c0173893ee5':
  Move variable declaration on its own line
2012-01-20 17:23:52 -08:00
Jean-Baptiste Queru
c3650d6a4b am 5b44655f: am 7e6a5773: Merge "Use the AT_SECURE auxv flag to determine whether to enable secure mode."
* commit '5b44655f22dd05c7cd8afcd218102616a6f5f4da':
  Use the AT_SECURE auxv flag to determine whether to enable secure mode.
2012-01-20 17:23:51 -08:00
Stephen Smalley
bb44055d0a Move variable declaration on its own line
Change-Id: Ied54ffabccdc867ea4e124a0f0324a217270d6e7
2012-01-20 10:59:15 -08:00
Stephen Smalley
861b42a2d8 Use the AT_SECURE auxv flag to determine whether to enable secure mode.
The Linux kernel provides an AT_SECURE auxv flag to inform userspace
whether or not a security transition has occurred.  This is more reliable
than directly checking the uid/gid against the euid/egid, because it covers
not only setuid/setgid but also file capabilities, SELinux, and AppArmor
security transitions.  It is also a more efficient test since it does
not require any additional system calls.

Change-Id: I9752a4f6da452273258d2876d13b05e402fb0409
2012-01-20 13:35:57 -05:00
Evgeniy Stepanov
e83c56dfbb Execute .preinit_array before any shared object initialization functions.
This change makes linker handling of .preinit_array compliant with the
System V ABI:

"These [pre-initialization] functions are executed after the dynamic linker has
built the process image and performed relocations but before any shared object
initialization functions."
http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#init_fini

Change-Id: Iebfee22bb1ebe1d7c7e69cb4686e4ebae0dfc4bb
2012-01-10 13:30:41 +04:00
Nick Kralevich
253b763160 get rid of unused "main" function.
confuses gdb.

Change-Id: I1c64357ce122fe5a2564ee96bb4caa32b733f6ea
2011-12-05 16:09:30 -08:00
Zhenghua Wang
0e0bd58631 am 1ad08626: am 897815a1: bionic: add machine type check
* commit '1ad08626a143dc684e92f56754c7176cc4914ce8':
  bionic: add machine type check
2011-11-30 10:50:57 -08:00
Zhenghua Wang
897815a1fe bionic: add machine type check
android linker doesn't check machine type, it may load some
libraries which it doesn't support sometimes.

Author: Zhenghua Wang <zhenghua.wang@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
2011-11-29 17:01:08 -08:00
Nick Kralevich
7e2daefe6c Merge "Make the linker relocatable." 2011-11-16 10:43:56 -08:00
David 'Digit' Turner
8180b08fb2 linker: Fix the computation of si->base
The computation of si->base assumed that the first entry in the
program header table is a PT_PHDR. This results in the dynamic
linker crashing with a SIGSEGV/MAPERR when trying to load some
of the NDK unit test programs, which happen to have an EXIDX
header first, followed byu a PHDR one.

This patch fixes the computation by parsing the program header
table, looking explicitely for the PHDR entry. This fixes the
load of the NDK unit test programs, and doesn't affect system
libraries.

Change-Id: Id18ea6037dbe950b5abbbce816c2960321f0b81d
2011-11-15 17:17:28 +01:00
Nick Kralevich
468319ce4f Make the linker relocatable.
Previously, the linker always loaded itself into the same
location in memory, which inhibited the effectiveness of Android's
ASLR implementation. Modify the linker code so it can be relocatable
and link itself at runtime.

Change-Id: Ia80273d7a00ff648b4da545f4b69debee6343968
2011-11-11 18:01:53 -08:00
Nick Kralevich
7939908c83 linker: set LOCAL_NO_CRT := true
Use LOCAL_NO_CRT to prevent linking against crtbegin.o, rather than
messing with build rules. This also prevents linking against crtend.o,
which isn't needed for the linker.

Change-Id: I0c5b9999be7e8676560fe145c1c033ffce8db4d1
2011-11-04 10:22:55 -07:00
Nick Kralevich
8e8a7b1f0f Revert "Make the linker relocatable."
This reverts commit 994e9a5ed1.

Broke x86 build.
2011-11-03 09:25:06 -07:00
Nick Kralevich
994e9a5ed1 Make the linker relocatable.
Previously, the linker always loaded itself into the same
location in memory, which inhibited the effectiveness of Android's
ASLR implementation. Modify the linker code so it can be relocatable
and link itself at runtime.

Change-Id: I90d064743abdd29450ac0482ed28752b2196286c
2011-11-02 16:20:06 -07:00
Nick Kralevich
d9ad62343c Add linker support for PIE
Modify the dynamic linker so that executables can be loaded
at locations other than 0x00000000.

Modify crtbegin* so that non-PIC compilant "thumb interwork
veneers" are not created by the linker.

Bug: 5323301
Change-Id: Iece0272e2b708c79034f302c20160e1fe9029588
2011-10-22 13:19:23 -07:00
Mathias Agopian
bda5da074e fix prototype of dladdr
this breaks C++ source code in particular.

Change-Id: Ie06b5d31d23b5455e6950c470adc64dd5e7784df
2011-09-28 12:17:34 -07:00
David 'Digit' Turner
96e5faccdc am 91966c30: am 0acdbe08: am 89ea107d: Merge "linker: allow debugging of constructors"
* commit '91966c30efbdc7feecd6c45a46ab488e715c0a35':
  linker: allow debugging of constructors
2011-08-30 09:50:54 -07:00
David 'Digit' Turner
91966c30ef am 0acdbe08: am 89ea107d: Merge "linker: allow debugging of constructors"
* commit '0acdbe0892105d01a38de9baf4e34eef22b8259c':
  linker: allow debugging of constructors
2011-08-29 18:01:05 -07:00
Nick Kralevich
38bccb271f linker.h: don't change the soinfo structure
In 48527c3f74, we modified the soinfo
structure to remove an unnecessary variable. However, third party
programs seem to be relying on the structure not changing.
Add a dummy variable back into place to preserve structure.

Bug: 5064106

Change-Id: I3014dda1a46e624644b09e156c3e9381ba3729bd
2011-08-29 13:52:18 -07:00
David 'Digit' Turner
e5ea45547e linker: allow debugging of constructors
This patch allows the debugging of constructors in shared
libraries and executables. It does so by ensuring that the
corresponding binary is visible to gdb before running the
constructors.

Change-Id: I0a3df726a04ad109944c834dcbba672b85d3991e
2011-08-27 10:21:01 +02:00
Andy McFadden
ec92af8fe5 Log signal info at time of receipt
When a fatal signal is received, we now write a message to the log
that looks like this:

  F/libc    ( 1540): Fatal signal 11 (SIGSEGV) at 0xdeadd00d (code=1)

This is useful for debugging fatal signals that turn out not to be
fatal.  This also changes the signal reset from SIG_IGN to SIG_DFL,
so that future non-fatal fatal signals are fatal.

The code that blocked SIGUSR1 to avoid being interrupted by the GC
has been removed.

Also, fix minor issues in format_buffer().

Bug 5035703

Change-Id: I8940af47297b5dcf3cf33537e3483ca5334ed565
2011-08-04 14:48:15 -07:00
Shih-wei Liao
48527c3f74 Revert "Revert "linker: get rid of the buddy allocator""
This reverts commit f9a9cda23a.
This revert is promised once b/5039224, b/5036755, b/5036610 are resolved.
2011-07-17 12:32:43 -07:00
Nick Kralevich
f9a9cda23a Revert "linker: get rid of the buddy allocator"
This reverts commit 7059b1f02e.
Bug: 5036610
2011-07-15 16:12:45 -07:00
Nick Kralevich
7059b1f02e linker: get rid of the buddy allocator
Currently, the Android linker is placing shared libraries into
a well-known spot in memory.  This is interfering with the kernel's
ASLR support.

This change stops forcing non-prelinked libraries into a particular
address space.

Also, get rid of FLAG_PRELINKED.  As best I can tell, this flag
is never used.

Change-Id: I527af12fb54f821c2b5ca7693dbf63d022f8f4ae
2011-07-14 13:48:13 -07:00
Martijn Coenen
a903811819 Revert "x86: Enable -fstack-protector"
This reverts commit e0b4844a20,
causes netd to crash.
2011-06-07 17:19:12 +02:00
David Turner
65fb884d28 am 204d1f65: am b2c7e0c1: Merge "x86: Enable -fstack-protector"
* commit '204d1f65dbfc6d5a14a90627d9d1efcfce8261ee':
  x86: Enable -fstack-protector
2011-06-06 12:57:08 -07:00
David Turner
204d1f65db am b2c7e0c1: Merge "x86: Enable -fstack-protector"
* commit 'b2c7e0c18b7ab04cfe306277c79165de0612a2d1':
  x86: Enable -fstack-protector
2011-06-06 11:32:49 -07:00