Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
Static libraries are painful. Details are in the comment. I'll try to
get prebuilts in to the tree so I can fix this on Monday. Until then,
this isn't actually a regression because we've not had coverage
available for this library until now anyway.
Bug: 17574078
Change-Id: I7505c8a94007203e15a6cf192caa06004849d7d9
We know we can safely statically link `libm`, since it doesn't have
any dependencies on the OS or the layout of a data type that has
changed between releases (like `pthread_t`).
We can safely statically link `libc_syscalls` because the user can
check for and handle `ENOSYS`.
Update `ndk_missing_symbols.py` to account for symbols that are in the
compatibility library.
Improve `symbols.py` to be able to pull symbols from a static library.
Change-Id: Ifb0ede1e8b4a8f0f33865d9fed72fb8b4d443fbc
This is correctness rather than performance, but found while investigating
performance.
Bug: 18593728
Change-Id: Idbdfed89d1931fcfae65db29d662108d4bbd9b65
change to behaviour the same as glibc for the check about buflen
Change-Id: I98265a8fe441df6fed2527686f89b087364ca53d
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Strictly speaking, this only implements the _l variants of the functions
we actually have. We're still missing nl_langinfo_l, for example, but we
don't have nl_langinfo either.
Change-Id: Ie711c7b04e7b9100932a13f5a5d5b28847eb4c12
Unless we completely redo how we build bionic (so that the object
files for libc.so get built separately from libc.a), we can't enable
ASAN here, as libc.a gets linked into static executables.
Change-Id: I2ce4f51248bd51c4213a555ff481b6faabbf53f8
All we're actually interested in is the unwinder. Since that's now a
separate library, just use that.
Change-Id: If86071a0d850da961336a58147b70369ace7bd12
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.
Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
This means all our stdio implementation is now the OpenBSD implementation.
The only thing we lose is the STDIO_THREAD_LOCK calls but they were no-ops
anyway.
We should probably talk to upstream about this. Either fix the locking or,
preferably, encourage them to move away from this pooling (especially since
there's no eviction policy).
Bug: 17154680
Change-Id: Ie2523e444a7d0965b8d141d57e3e11f6432d5b9a
fpathconf(3) and pathconf(3) can share code. There's no such
header file as <pathconf.h>. glibc/POSIX and BSD disagree about where
the _POSIX_* definitions should go.
Change-Id: I4a67f1595c9f5fbb26700a131178eedebd6bf712
A lot of third-party code calls the private __get_thread symbol,
often as part of a backport of bionic's pthread_rwlock implementation.
Hopefully this will go away for LP64 (since you're guaranteed the
real implementation there), but there are still APIs that take a tid
and no way to convert between a pthread_t and a tid. pthread_gettid_np
is a public API for that. To aid the transition, make __get_thread
available again for LP32.
(cherry-pick of 27efc48814b8153c55cbcd0af5d9add824816e69.)
Bug: 14079438
Change-Id: I43fabc7f1918250d31d4665ffa4ca352d0dbeac1
Enable the -std=gnu++11 flag for libstdc++ static and
dynamic libs.
ScopeGuard uses DISABLE_ macros instead of '= delete';
Change-Id: I07e21b306f95fffd49345f7fa136cfdac61e0225
Clang is still disabled for x86 and x86_64 long double code,
for x86_64 special assembly instruction, and the linker module.
BUG: 17163651
BUG: 17302991
BUG: 17403674
Change-Id: I43c5f5f0ddc0c2a31918f00b57150dadd8f3f26b
This speeds up the debug malloc code by using the original unwinding code.
The only catch is that it has to link in the libc++ arm unwind code or
there will be crashes when attempting to unwind through libc++ compiled
code.
Bug: 16874447
(cherry picked from commit 3f7635f490)
Change-Id: If8a3821cdd95ed481bb496bf2daab449d13790f8
Create a method of disabling the debug allocation code paths so that
it's possible to use the libunwindbacktrace library without any
modifications.
Use this path to create and destroy the maps for the process. It's not
stricly necessary in the init code since the symbols are not modified
until after the initialize calls.
Also, remove the debug_XXX source files that doesn't need to be in libc.so.
Fix the maps reading code since it was completely broken for 64 bit.
Bug: 16408686
Change-Id: I6b02ef6ce26fdb7a59ad1029e7cbba9accceb704
Also clean up the implementation of all the pty functions, add tests,
and fix the stub implementations of ttyname(3) and ttyname_r(3).
Bug: https://code.google.com/p/android/issues/detail?id=58888
Change-Id: I0fb36438cd1abf8d4e87c29415f03db9ba13c3c2
bionic_systrace.h contains an implementation of tracing that
can be used with systrace.py and its associated viewer. pthread_mutex
now uses this tracing to track pthread_mutex contention, which can be
enabled by using the "bionic" command line option to systrace.
Bug: 15116468
Change-Id: I30ed5b377c91ca4c36568a0e647ddf95d4e4a61a
I've also added insque(3) and remque(3) (from NetBSD because the OpenBSD
ones are currently broken for non-circular lists).
I've not added the three hash table functions that should be in this header
because they operate on a single global hash table and thus aren't likely
to be useful.
Bug: https://code.google.com/p/android/issues/detail?id=73719
Change-Id: I97397a7b921e2e860fd9c8032cafd9097380498a
The getentropy_linux.c is lightly modified to build on Android, but we're now
completely in sync with upstream OpenBSD's arc4random implementation.
Change-Id: If32229fc28aba908035fb38703190d41ddcabc95
Since we don't have syslogd on Android and you can't run one on a non-rooted
device, it's more useful if syslog output just goes to the regular Android
logging system.
Bug: 14292866
Change-Id: Icee7f088b97f88ccbdaf471b98cbac7f19f9210a
Also remove __bionic_name_mem which has exactly one caller, and is only
ever expected to be used in this one place.
Change-Id: I833744f91e887639f5b2d1269f966ee9032af207
Code developed for glibc or older versions of bionic might expect more
randomness than the BSD implementation provides.
Bug: 15829381
Change-Id: Ia5a908a816e0a5f0639f514107a6384a51ec157e
The inclusion of the static libc_common library in the malloc_debug_XXX.so
shared libraries causes constructors to be called twice. This doesn't seem
to have caused any issues when setting the libc.debug.malloc property.
However, jemalloc crashes because there are two jemalloc implementations,
one in the static libc_common library and one in the shared library. Each
implementation has created overlapping thread keys that are not the same.
The crash comes because one of the jemalloc keys is actually used by the
locale setting code. Thus if someone sets the locale, the jemalloc code
crashes trying to access the same key.
Change-Id: Iaac650a82d69064db148a6333e9403744f68b4a4
The res_init.c changes bring us a bit closer to upstream too, though
there's still work to be done there. Some of the remaining differences
look like bugs we'd want to fix, so we should definitely try to come
back to that.
Change-Id: I50baa148e967c90d55d711e9904ad54c7d724d4d
Almost all of our stdio is actually OpenBSD, so although this isn't
really a core part of stdio (it doesn't touch struct FILE, for example)
it probably makes sense for it to come from the same upstream. My
actual motivation though is that it's the only FreeBSD file we have
compiler warnings from.
This patch moves us over to -Werror by default, with only the DNS code
having -Wno-error.
Change-Id: Id244a5b445cba41b0a1ca30298ca7b1ed177810c
These symbols should be public (and Firefox uses them), and we'd also probably
rather have the upstream thread-safe implementation.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1030899
Change-Id: I2a5888fbb3198546848398f576fd2195ff3fe00c
This is actually revision 1.33, which is no longer the latest, but it's
as close to head as we can currently reasonably get. I've also switched
to the OpenBSD getentropy_linux.c implementation of getentropy, lightly
modified to try to report an error on failure.
Bug: 14499627
Change-Id: Ia7c561184b1f366c9bf66f248aa60f0d53535fcb
Since this was not done earlier, there are binary compatibility concerns
that prevent us from being able to apply this to LP32.
Bug: 11156955
Change-Id: Ie717c3ae4b81c749548a45a993c834e109700b27
In practice, with this implementation we never need to make a system call.
We get the main thread's tid (which is the same as our pid) back from
the set_tid_address system call we have to make during initialization.
A new pthread will have the same pid as its parent, and a fork child's
main (and only) thread will have a pid equal to its tid, which we get for
free from the kernel before clone returns.
The only time we'd actually have to make a getpid system call now is if
we take a signal during fork and the signal handler calls getpid. (That,
or we call getpid in the dynamic linker while it's still dealing with its
own relocations and hasn't even set up the main thread yet.)
Bug: 15387103
Change-Id: I6d4718ed0a5c912fc75b5f738c49a023dbed5189
Parts of this are just getting us in sync with upstream, but the
'const' stuff is our own mess. We should kill the *_tz functions
and lose this difference from upstream.
Change-Id: I17d26534ed3f54667143d78147a8c53be56d7b33
Rename jemalloc.cpp to jemalloc_wrapper.cpp to avoid problems with
the libc library having two jemalloc.o files that clobber each other.
Change-Id: I9a2d966dbf414b1367ee0ef1f0d73fca6f25b518
getdtablesize(3) was removed fro POSIX 2004. Keep the symbol around in LP32 for
binary compatibility, but remove the declaration from unistd.h.
Bug: 13935372
Change-Id: I1f96cd290bf9176f922dad58bd5a7ab2cae7ef0f
These were both removed from POSIX 2004, and we don't define an
implementation for getw(3). Keep the definition of put(3) on LP32 for
binary compatibility.
Bug: 13935372
Change-Id: Iba384b45093ac6d2d7c2d81f7980cd7701dd6f56
vfork() was removed from POSIX 2008, so this replaces its implementation
with a call to fork().
Bug: 13935372
Change-Id: I6d99ac9e52a2efc5ee9bda1cab908774b830cedc
This shouldn't be public API, isn't supported on x86/x86_64, and it's
unlikely anyone would have actually seen the message before anyway.
Using __libc_fatal makes it much more likely to be seen.
Bug: 11156955
Change-Id: Icf7f654b22a7dacd89668b60c11e5705c7215c08
revision 1.11
date: 2014/06/04 07:45:25; author: stsp; state: Exp; lines: +1 -7; commitid:
zJPRH5RUO224FmQu;
Remove assigned but unused local variables and macro from vfwprintf().
Found by Elliott @ google
ok mpi@
Change-Id: I716edc0c4d736a484a5317942de8e87bd8c6fd26
mbrtoc32 and c32rtomb get their implementations from mbrtowc and wcrtomb. The
wc functions now simply call the c32 functions.
Bug: 14646575
Change-Id: I49d4b95fed0f9d790260c996c4d0f8bfd1686324
We need to leave dlmalloc_trim and dlmalloc_inspect_all exposed for
the VM, but if we're seriously looking at other malloc implementations,
that's something we're going to have to fix.
Bug: 11156955
Change-Id: If85156c280044f1616c09a3c50ba674aaf0e8d3a
System calls can be pretty slow. This is mako, which has one of our
lowest latencies:
iterations ns/op
BM_unistd_getpid 10000000 209
BM_unistd_gettid 200000000 8
Bug: 15297299 (kernel panic from too many gettid calls)
Bug: 15315766 (excessive gettid overhead in liblogd)
Change-Id: I49656c0fc5b5d092390264a59e4f2c0d8a8b1aeb
Add optimized versions of bcopy and wmemmove for AArch64 based on the
memmove implementation
Change-Id: I82fbe8a7221ce224c567ffcfed7a94a53640fca8
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
This reverts commit 8167dd7cb9.
For some reason I thought the bcopy change was bzero. The bcopy code doesn't pass our tests, so reverting until I can figure out what's wrong.
Change-Id: Id89fe959ea5105cd58dff6bba8d91a30cc4bcb07
Add optimized versions of bcopy and wmemmove for AArch64 based on the
memmove implementation
Change-Id: Ie43d0ff4f8ec4edba5b4fb5ccacd941f81ac6557
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
To use jemalloc, add MALLOC_IMPL = jemalloc in a board config file
and you get the new version automatically.
Update the pthread_create_key tests since jemalloc uses a few keys.
Add a new test to verify memalign works as expected.
Bug: 981363
Change-Id: I16eb152b291a95bd2499e90492fc6b4bd7053836
Our type_info stub implementation is incompatible with the libc++ headers. Since
we don't need this support internally and anyone that wants RTTI support will
have to use libc++ anyway, this can be safely removed.
Change-Id: Ied8b67a0d86a4eb0e31191a50cceba0e39a16a6d
I cleaned up most of our warnings last week but forgot to turn on -Werror,
so of course we're getting new warnings already. I've left -Werror commented
out in those places where we still have warnings to deal with before we can
turn on -Werror.
Change-Id: Ia58ff8b8c1ada4bf81eec6f19ec1d34e133cf4b1
* Register cleanup function with atexit
instead of calling it explicitly on
exit()
* abort() no longer calls _cleanup:
Flushing stdio buffers on abort is no
longer required by POSIX.
* dlmalloc no longer need to reset cleanup
(see above)
* Upstream findfp.c makebuf.c setvbuf.cexit.c
to openbsd versions.
Bug: 14415367
Change-Id: I277058852485a9d3dbb13e5c232db5f9948d78ac
The Android build system always links against libstdc++.so anyway. Having
operator new and operator delete in a separate library means we can't use
constructors and destructors on heap-allocated objects inside the C library,
which is quite an unfortunate limitation.
This will be cheaper too; on LP64 we can stop linking against the [now empty]
libstdc++.so giving the dynamic linker one less library to worry about for
every process.
There's precedent too --- we already have no libpthread or librt.
For now I'm leaving the include files where they are, and I'm generating a
dummy libstdc++.so and libstdc++.a. We can come back and clean that up later
if all goes well.
Bug: 13367666
Change-Id: I6f3e27ea7c30d03d6394965d0400c9dc87fa83db
This hasn't built in over one release cycle and no one even noticed.
art does this the right way and other projects should do the same.
Change-Id: I7d1fb84c4080e008f329ee73e209ce85a36e6d55
Stupidly I found this bug by accident when writing the existing
tests, but I didn't think any real code would hit it. It turns
out that libcore always uses an INET6_ADDRSTRLEN-sized buffer
even when working with AF_INET addresses.
Change-Id: Ieffc8e4bbe9b66b49b033e3e7101c896e097e6f8
Use the upstream OpenBSD implementations of these functions.
Also ensure we have symbols for htonl, htons, ntohl, and ntohs.
gtest doesn't like us using the macro versions in ASSERT_EQ.
Bug: 14840760
Change-Id: I68720e9aca14838df457d2bb27b999d5818ac2b5
Make sure __netdClientDispatch is defined in the same set of libraries that
refer to it (e.g.: with connect.cpp).
Change-Id: I86d7bf2df5bde09f75a35b204eac0e1361747e22
The library exists outside bionic. It is dynamically loaded, to replace selected
standard socket syscalls with versions that talk to netd.
Change connect() to use the library if available.
(cherry picked from commit 3a6b627a14df8111b03e452f2df4b5f4938e0e49)
Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
Add following functions:
bcopy, memcpy, memmove, memset, bzero, memcmp, wmemcmp, strlen,
strcpy, strncpy, stpcpy, stpncpy.
Create new directories inside arch-x86 to specify architecture: atom,
silvermont and generic (non atom or silvermont architectures are treated like generic).
Due to introducing optimized versions of stpcpy and stpncpy,
c-implementations of these functions are moved from
common for architectures makefile to arm and mips specific makefiles.
Change-Id: I990f8061c3e9bca1f154119303da9e781c5d086e
Signed-off-by: Varvara Rainchik <varvara.rainchik@intel.com>
I've reported the wcsftime bug upstream, but we really just want to use -D
to ensure the buggy code isn't built. (I've also brought our strftime a bit
closer to upstream now we have the right define.)
I don't think upstream is likely to fix all their sign-compare and
uninitialized warnings, so let's just silence them.
As for libm, again upstream isn't likely to fix all their warnings, and
silencing those made the ones that were our fault stand out. I've fixed
our <math.h> to fix the warnings caused by our lack of definitions for
the non-imprecise long-double functions. I checked the C99 standard, and
all these functions are there.
Change-Id: Iee8e1182c1db375058fb2c451eceb212bab47a37
Although glibc gets by with an 8-byte mbstate_t, OpenBSD uses 12 bytes (of
the 128 bytes it reserves!).
We can actually implement UTF-8 encoding/decoding with a 0-byte mbstate_t
which means we can make things work on LP32 too, as long as we accept the
limitation that the caller needs to present us with a complete sequence
before we'll process it.
Our behavior is fine when going from characters to bytes; we just
update the source wchar_t** to say how far through the input we got.
I'll come back and use the 4 bytes we do have to cope with byte sequences
split across multiple input buffers. The fact that we don't support
UTF-8 sequences longer than 4 bytes plus the fact that the first byte of
a UTF-8 sequence encodes the length means we shouldn't need the other
fields OpenBSD used (at the cost of some recomputation in cases where a
sequence is split across buffers).
This patch also makes the minimal changes necessary to setlocale(3) to
make us behave like glibc when an app requests UTF-8. (The difference
being that our "C" locale is the same as our "C.UTF-8" locale.)
Change-Id: Ied327a8c4643744b3611bf6bb005a9b389ba4c2f
__SIGRTMIN will continue to tell the truth. This matches glibc's
behavior (as evidenced by the fact that we don't need a special case
in the strsignal test now).
Change-Id: I1abe1681d516577afa8cd39c837ef12467f68dd2
This also gets us the C99 wcstoimax and wcstoumax, and a working fgetwc and
ungetwc, all of which are needed in the implementation.
This also brings several other files closer to upstream.
Change-Id: I23b025a8237a6dbb9aa50d2a96765ea729a85579
This replaces a partial set of non-functional functions with a complete
set of functions, all of which actually work.
This requires us to implement mbsnrtowcs and wcsnrtombs which completes
the set of what we need for libc++.
The mbsnrtowcs is basically a copy & paste of wcsnrtombs, but I'm going
to go straight to looking at using the OpenBSD UTF-8 implementation rather
than keep polishing our home-grown turd.
(This patch also opportunistically switches us over to upstream btowc,
mbrlen, and wctob, since they're all trivially expressed in terms of
other functions.)
Change-Id: I0f81443840de0f1aa73b96f0b51988976793a323
Note that the kernel returns the current break on error or if the requested
break is smaller than the minimum break, or the new break. I don't know where
we got the idea that the kernel could return -1.
Also optimizes the query case.
Also hides an accidentally-exported symbol for LP64.
Change-Id: I0fd6b8b14ddf1ae82935c0c3fc610da5cc74932e
This patch includes just enough to keep external/chromium_org building
until they switch 64-bit Android over to using the regular non-Android code.
Change-Id: Iecaf274efa46ae18a42d5e3439c5aa4f909177c1
Taking into account possibility that external symbol
could have been an OBJECT instead of function.
b/14090368
Change-Id: Iac173d2dd1309ed53024306578137c26b1dbbf15
Adding the perfunctory <ctype.h> tests showed that we'd accidentally
dropped several symbols. This puts everything back in its proper place
and switches us to upstream head at the same time.
Change-Id: Ib527ad280c9baded81e667fa598698526d93e66f
Also move isinf and isnan into libc like everyone else.
Also move fpclassify to libc like the BSDs (but unlike glibc). We need
this to be able to upgrade our float/double/long double parsing to gdtoa.
Also add some missing aliases. We now have all of:
isnan, __isnan, isnanf, __isnanf, isnanl, __isnanl,
isinf, __isinf, isinff, __isinff, isinfl, __isinfl,
__fpclassify, __fpclassifyd, __fpclassifyf, __fpclassifyl.
Bug: 13469877
Change-Id: I407ffbac06c765a6c5fffda8106c37d7db04f27d
The OpenBSD doesn't support C99, and the extent to which we support
locales is trivial, so just do it ourselves.
Change-Id: If0a06e627ecc593f7b8ea3e9389365782e49b00e
Add tests for the above.
Add the fortify implementations of __stpcpy_chk and __stpncpy_chk.
Modify the strncpy test to cover more cases and use this template for
stpncpy.
Add all of the fortify test cases.
Bug: 13746695
Change-Id: I8c0f0d4991a878b8e8734fff12c8b73b07fdd344
In order to allow the unwinder code to have meaningful names for
libc functions, leave the symbol table. This results in the libc.so
getting to be about ~130K larger on all arm platforms and about ~70K
larger on mips/x86 platforms.
Bug: 12958251
Change-Id: I6b3a97e4824142faf5de46aeabf7c1dfb98a8cc6
The DNS copy of reentrant.h was unused, so remove it.
The strtod implementation can use the upstream-netbsd reentrant.h and
get a little closer to what was then upstream. (It's since been replaced
by gdtoa, and we'll have to follow at some point, but for now this doesn't
make anything any worse.)
ANDROID_CHANGES is (now) only used in the DNS code, so push the -D
down.
The <locale.h> change prevents an LP32 hack from leaking into LP64.
Change-Id: Idf30b98a59d7ca8f7c6cd6d07020b512057911ef
Also neuter __isthreaded.
We should come back to try to hide struct FILE's internals for LP64.
Bug: 3453512
Bug: 3453550
Change-Id: I7e115329fb4579246a72fea367b9fc8cb6055d18
We'll need a better implementation of strtold for LP64, but all our
long double functions are currently broken for LP64 anyway so this
isn't a regression.
Change-Id: I2bdebac11245d31521d5fa09a16331c03dc4339c
