The locking can fail in a couple of ways:
- A concurrent fread from an unbuffered or line-buffered file flushes
the output of other line-buffered files, and if _fwalk locks every
file, then the fread blocks until other file reads have completed.
- __sfp can initialize a file lock while _fwalk is locking/unlocking it.
For now, revert to the behavior Bionic had in previous releases. This
commit reverts the file locking parts of commit
468efc80da.
Bug: http://b/131251441
Bug: http://b/130189834
Test: bionic unit tests
Change-Id: I9e20b9cd8ccd14e7962f7308e174f08af72b56c6
(cherry picked from commit c485cdb024)
Clang uses this for its own diagnostic tests. The nice feature it adds
here is that it fails if clang emits a diagnostic that we don't expect
(and we get to drop a dependency on FileCheck).
This also tweaks and renames file-check-cxx to reflect its new job.
Bug: 131861088
Test: mma
Change-Id: I77f7ce77869edaa23e2401e622ad7007d2fee06c
The locking can fail in a couple of ways:
- A concurrent fread from an unbuffered or line-buffered file flushes
the output of other line-buffered files, and if _fwalk locks every
file, then the fread blocks until other file reads have completed.
- __sfp can initialize a file lock while _fwalk is locking/unlocking it.
For now, revert to the behavior Bionic had in previous releases. This
commit reverts the file locking parts of commit
468efc80da.
Bug: http://b/131251441
Bug: http://b/130189834
Test: bionic unit tests
Change-Id: I9e20b9cd8ccd14e7962f7308e174f08af72b56c6
Also change the names of some of the functions to make it very obvious
that the functions being called are in je code.
Write new test to make sure mallinfo and malloc_info match.
Bug: 131864803
Test: New unit tests pass (along with all other bionic unit tests).
Change-Id: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
Merged-In: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
(cherry picked from commit 125d32cb46)
Also change the names of some of the functions to make it very obvious
that the functions being called are in je code.
Write new test to make sure mallinfo and malloc_info match.
Bug: 131864803
Test: New unit tests pass (along with all other bionic unit tests).
Change-Id: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
This was broken by all the mainline modules stuff. It's quite a bit
hairier to set up now, given that we don't have an apexd on the host.
An alternative might be to actually set up a fake /apex that points to
the bootstrap directories?
Test: ./benchmarks/run-on-host.sh 64
Test: ./tests/run-on-host.sh 64
Change-Id: If2c277ba492c7c443cdf51526ea42f56568e2ea6
FreeBSD, glibc, and musl have all implemented C11 threads at this
point. POSIX is looking at how to align with it. Probably time to jump
on the bandwagon ourselves...
Implemented in the same style as <termios.h> so we can provide this
functionality even on older API levels. This does mean that this is
strictly more expensive than calling pthread functions directly.
Although this isn't in POSIX yet, assume that it's going to be basically
the same as C11 and add the header test anyway. We should revisit this
when POSIX actually adds <threads.h>.
Test: new tests
Change-Id: I8602d67ce71ca7f8ed1529daa0a8ea1feb083dd6
ANDROID_DLEXT_WRITE_RELRO was inadvertently writing out the RELRO
section of all libraries loaded during a given dlopen() call instead of
only the main library; since the other libraries are loaded at
unpredictable addresses this additional data is rarely useful.
Fix this to only happen when the
ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE flag is being used.
Bug: 128623590
Test: DlExtRelroSharingTest.CheckRelroSizes
Change-Id: I05e8651d06ce2de77b8c85fe2b6238f9c09691ad
(cherry picked from commit 5d10374947)
For a recursive or errorcheck PI mutex, the old_owner variable wasn't
being initialized. As a result, unlocking a doubly-locked recursive
mutex owned by another thread decremented the mutex counter. Instead, the
unlock call should fail with EPERM.
Bug: http://b/130841532
Test: bionic-unit-tests
Test: bionic-unit-tests-glibc --gtest_filter='pthread.pthread_mutex_lock*'
Change-Id: I37adb094cb2ce8d51df7b4f48e8d6bc144436418
(cherry picked from commit 4b6c0f5dce)
For a recursive or errorcheck PI mutex, the old_owner variable wasn't
being initialized. As a result, unlocking a doubly-locked recursive
mutex owned by another thread decremented the mutex counter. Instead, the
unlock call should fail with EPERM.
Bug: http://b/130841532
Test: bionic-unit-tests
Test: bionic-unit-tests-glibc --gtest_filter='pthread.pthread_mutex_lock*'
Change-Id: I37adb094cb2ce8d51df7b4f48e8d6bc144436418
ANDROID_DLEXT_WRITE_RELRO was inadvertently writing out the RELRO
section of all libraries loaded during a given dlopen() call instead of
only the main library; since the other libraries are loaded at
unpredictable addresses this additional data is rarely useful.
Fix this to only happen when the
ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE flag is being used.
Bug: 128623590
Test: DlExtRelroSharingTest.CheckRelroSizes
Change-Id: I05e8651d06ce2de77b8c85fe2b6238f9c09691ad
Bug: http://b/129728267
Bug: http://b/117167374
This test is now built with XOM (because libm now uses XOM) but it
should also use libclang_rt.builtins since libgcc is not built with XOM.
Test: bionic-unit-tests-static passes (but used to segfault with XOM
exceptions without this change).
Change-Id: I0b1dfe52e48db5f5e9386c7722ecd91e155be56f
ANDROID_DLEXT_WRITE_RELRO was causing the GNU RELRO sections of
libraries to become corrupted if more than one library was being loaded
at once (i.e. if the root library has DT_NEEDED entries for libraries
that weren't already loaded). The file offset was not being correctly
propagated between calls, so after writing out the (correct) RELRO data
to the file, it was mapping the data at file offset 0 for all libraries,
which corrupted the data for all but one of the libraries.
Fix this by passing file_offset as a pointer the same way that
phdr_table_map_gnu_relro does.
Bug: 128623590
Test: tbd
Change-Id: I196cd336bd5a67454e89fd85487356b1c7856871
The media processes already use scudo as their allocator. However, it
doesn't really correctly replace the normal allocation functions, so create
a set of wrappers that allow us to use scudo closer to how jemalloc is used.
This is only a temporary change, and should be removed for the next
release of Android. In that version, we will be using standalone
scudo which won't require this wrapper code.
Bug: 123689570
Test: Ran new bionic unit tests. There are failures, but only with
Test: extensions that scudo does not support.
Change-Id: I0516c23d654a9b6c69b157c5501245d2e0b3d264
Symbols not intended to be accessible from apps are moved to libdl_android.so
Test: bionic-unit-tests
Bug: http://b/129387775
Change-Id: Ib8ba6147a20cf56550c9a008f66570a2d419565a
(cherry picked from commit 2d6be9a751)
64bit libraries should be located in /system/lib64 directory
instead of /system/lib for platforms with emulated arhitecture.
This patch updated ALTERNATE_PATH_TO_SYSTEM_LIB for 64bit values
Test: run cts -m CtsBionicTestCases -t dlfcn.dladdr_libc
Change-Id: I29d6d36d15d7e61818c7ed1cfd0786745d9ae6a2
Signed-off-by: Dmytro Chystiakov <dmytro.chystiakov@intel.com>
Our strptime was missing `%F`, `%G`, `%g`, `%P`, `%u`, `%V`, and
`%v`. Most of these are already supported upstream (and I've just pulled
their current implementation), but some aren't. We're horribly out of
sync anyway, so I'll upstream the missing pieces and then try to get us
back in sync later.
Test: new tests, but originally found by toybox trying to use %F
Change-Id: Ib1a10801a7a3b9c9189440c3b300109bde535fd9
Subtracting one from the smallest value expressable by the provided
variable could cause an underflow operation. In particular, this is
problematic when code similar to:
uint64_t foo = 0;
if (powerof2(foo)) {
...;
}
is run with integer sanitization enabled. The macro would subtract one
from zero, underflowing and triggering the sanitizer.
Make the powerof2() macro ubsan safe, by explicitly handling underflows.
Note: This change DOES NOT make powerof2() accurate. We continue to
falsely return "true" for 0 and negative numbers (see attached tests).
Found while investigating Bug: 122975762
Test: see added testcase
Test: atest ziparchive-tests
Change-Id: I5408ce5c18868d797bcae8f115ddb7c4c1ced81e
Symbols not intended to be accessible from apps are moved to libdl_android.so
Test: bionic-unit-tests
Change-Id: Ib8ba6147a20cf56550c9a008f66570a2d419565a
Call a hwasan hook in the parent return path for vfork() to let hwasan
update its shadow. See https://github.com/google/sanitizers/issues/925
for more details.
Bug: 112438058
Test: bionic-unit-tests
Change-Id: I9a06800962913e822bd66e072012d0a2c5be453d
Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(),
which can be used to set an upper bound on the total size of all
allocations made using the memory allocation APIs.
This is useful for programs such as audioextractor and mediaserver
which need to set such a limit as a security mitigation. Currently
these programs are using setrlimit(RLIMIT_AS) which isn't exactly
what these programs want to control. RLIMIT_AS is also problematic
under sanitizers which allocate large amounts of address space as
shadow memory, and is especially problematic under shadow call stack,
which requires 16MB of address space per thread.
Add new unit tests for bionic.
Add new unit tests for malloc debug that verify that when the limit
is enabled, malloc debug still functions for nearly every allocation
function.
Bug: 118642754
Test: Ran bionic-unit-tests/bionic-unit-tests-static.
Test: Ran malloc debug tests and perfetto integration tests.
Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
When built with clang-r353983, the ReservedRecursiveTooSmall test fail
due to the reserved memory is now large enough for android_dlopen_ext.
Reduce the reserved memory size to agree with ReservedTooSmall test.
Test: bionic-unit-tests
Bug: 126457671
Change-Id: I3e311a3f35b0de5d028fa1b9b3681d5ec32faee8
This hasn't been particularly useful, we haven't used it consistently,
and it has caused trouble.
Test: builds
Change-Id: Ic5b5b5124af98aa8301e602fd75b0eb72a5fc7f6
It's possible and sometimes beneficial for a library to have disjoint mappings
and for other libraries to be mapped into the gap between the mappings using
ANDROID_DLEXT_RESERVED_ADDRESS. See for example the proposal for partitioning
in lld [1].
Because the find_containing_library and do_dl_unwind_find_exidx functions use
a simple bounds check to figure out whether a pointer belongs to a library
they will, given a pointer into a library mapped into the gap of a library
with disjoint mappings, return a pointer to the soinfo for the outer library
instead of the inner one, because the outer library will appear before the
inner one in the solist.
From a user perspective this means that we won't be able to unwind the inner
library's frames on 32-bit ARM with libgcc, dladdr() will return information
for the outer library given a pointer to the inner one and dlopen() et al will
use the linker namespace of the outer library when called from the inner one
(although they will usually be the same).
To make this work correctly, make it so that once find_containing_library
sees a match for the bounds check, it examines the library's PT_LOADs to
make sure that there is a mapping for the given address. This is similar
to how libgcc and libunwind_llvm already handle finding the PT_GNU_EH_FRAME
on non-ARM32 platforms [2,3]. do_dl_unwind_find_exidx is reimplemented in
terms of find_containing_library.
[1] http://lists.llvm.org/pipermail/llvm-dev/2019-February/130583.html
[2] e739ac0e25/libunwind/src/AddressSpace.hpp (L523)
[3] https://android.googlesource.com/toolchain/gcc/+/master/gcc-4.9/libgcc/unwind-dw2-fde-dip.c#294
Test: /data/nativetest{,64}/bionic-unit-tests/bionic-unit-tests on walleye-userdebug
Change-Id: I368fe6ad3c470b3dff80f7d9b04253566d63a7d2
malloc_info needs to be per native allocator, but the code treated it
like a global function that doesn't depend on the native memory allocator.
Update malloc debug to dump the actual pointers that it has been tracking.
Test: bionic-unit-tests pass.
Test: malloc debug tests pass.
Test: malloc hook tests pass.
Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e
Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e
(cherry picked from commit a3656a98b1)
bionic has been moved to use libandroidicu instead of libicuuc.
This CL updates the unit test
Bug: 120659668
Test: m bionic-unit-tests && adb push out/target/product/walleye/data/nativetest/* /data/nativetest && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Change-Id: I59a0589d18bfd6753215dc07874f3c472bd64cca
malloc_info needs to be per native allocator, but the code treated it
like a global function that doesn't depend on the native memory allocator.
Update malloc debug to dump the actual pointers that it has been tracking.
Test: bionic-unit-tests pass.
Test: malloc debug tests pass.
Test: malloc hook tests pass.
Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e
Jemalloc does not verify that the size parameter is a multiple of
alignment. Fix this since it only went into P.
Fix the unit tests, and fix malloc debug/malloc hooks to handle this
new restrictive behavior.
Bug: 126944692
Test: Ran bionic unit tests.
Test: Ran bionic unit tests with malloc hooks enabled (no new tests fail).
Test: Ran bionic unit tests with malloc debug enabled (no new tests fail).
Test: Ran malloc debug unit tests.
Change-Id: I4d50785928815679c781ca729f998454d76b9192
Introduce a new flag ANDROID_DLEXT_RESERVED_ADDRESS_RECURSIVE which
instructs the linker to use the reserved address space to load all of
the newly-loaded libraries required by a dlopen() call instead of only
the main library. They will be loaded consecutively into that region if
they fit. The RELRO sections of all the loaded libraries will also be
considered for reading/writing shared RELRO data.
This will allow the WebView implementation to potentially consist of
more than one .so file while still benefiting from the RELRO sharing
optimisation, which would otherwise only apply to the "root" .so file.
Test: bionic-unit-tests (existing and newly added)
Bug: 110790153
Change-Id: I61da775c29fd5017d9a1e2b6b3757c3d20a355b3
We still don't have a good way to create vendor AIDs in the system or
other non-vendor partitions, therefore we keep this check disabled.
Bug: 73062966
Test: treehugger
Change-Id: I7aed425899d6ec11a22702ccec82476eacdbc790
The pieces:
- The malloc common shared by static and dynamic code (malloc_common.cpp).
- The code for shared libraries that includes any dlopen'ing
(malloc_common_dynamic.cpp).
- The implementation of perfetto's heapprofd (malloc_heapprofd.cpp).
This makes it easier to see what's going on in the many different areas.
It should also make it easier to add the allocation capping option.
Other related changes:
- Update the unit tests for android_mallopt. All of the current options
don't work on static binaries, so make sure that is reflected in the test.
- A few names changes to make sure that all code is consistent.
Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests).
Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
Rename a test to be less confusing when this file tests unresolved weaks
with both TPREL and TLSDESC relocations.
Bug: http://b/123635978
Test: bionic unit tests
Change-Id: Id17d76a41159d134d16e84a699cc284662eb99bb
The test was really only supposed to verify that mallinfo eventually
increase after allocations of certain sizes. Sometimes the mallinfo
returned decreases due to some compaction event, so don't fail in that
case.
Bug: 124060188
Test: Ran the test 2000 times (32 bit and 64 bit). It would fail within about
Test: 200 test iterations before.
Change-Id: Ie019107be163dcf275cedf4d1bc5759278def483
This reverts commit 1906e77665
and fixes dlopen(nullptr)
It's enabled for the following .so libraries
libicuuc.so
libicui18n.so
This CL does not move the .so files into a APEX.
Thus, no visible effect before moving .so files.
Bug: 121248172
Test: dlfcn#dlopen_from_nullptr
Test: Perform the following test after moving libicuuc to /apex
dlopen("/system/lib64/libicuuc.so") for targetSdkVersion < Q
Change-Id: Ia310ea566485fe00ca28e2203f4bffbd92243638
The tests were patched earlier to run with tagging heap allocator.
This change enables hwasan code instrumentation in the tests themselves,
and fixes the issues that arise, mainly in the code that:
* compares addresses of unrelated stack variables
* compares address of a stack variable with stack limits as found in
/proc/self/maps
* writes address of a stack variable to a hardware watchpoint register
etc.
Note that static tests are broken at the moment, like all static
binaries. Dynamic tests pass 100% with this change.
Bug: 114279110, 124007027
Test: SANITIZE_TARGET=hwaddress; run dynamic bionic tests
Change-Id: I68b8df9dd3e30b47734ddc083811a75a7f27deaa
HWASan reports access to a local variable after the owning thread has
called pthread_exit.
Bug: 114279110
Test: enable hwasan in tests/Android.bp; run pthread_DeathTest.pthread_bug_37410
Change-Id: Ic04a2b3dce092d7ab3cbefab1da64731e0c7afb9
NetBSD seems to be the least well maintained of our three BSD upstreams,
and it's already the one we use the least. Let's push a little further
in that direction...
Test: new smoke tests
Change-Id: Idfebd11794445fe14cbfa07177a7392a7b36a5e4
On http://b/122082295 we had this abort:
12-27 15:29:31.237 10222 10814 10848 F libc : invalid pthread_t 0xb1907960 passed to libc
This wasn't super helpful. We can do better. Now you get something like
this instead:
03-27 02:34:58.754 25329 25329 W libc : invalid pthread_t (0) passed to pthread_join
Test: adb shell crasher
Bug: http://b/123255692
Change-Id: I1d545665a233308480cc3747ec3120e2b6de0453
LIB is now expanded to either lib or lib64. Add a new lib
libtest_dt_runpath_y which is under lib or lib64 directory to the tests.
Test: run bionic-unit-tests
Merged-In: Ib051d8cae4d50b452759d594c87126b45bc9e959
Change-Id: Ib051d8cae4d50b452759d594c87126b45bc9e959
LIB is now expanded to either lib or lib64. Add a new lib
libtest_dt_runpath_y which is under lib or lib64 directory to the tests.
Test: run bionic-unit-tests
Change-Id: Ib051d8cae4d50b452759d594c87126b45bc9e959
* changes:
Implement dynamic TLS accesses and allocation
Implement TLS_DTPMOD and TLS_DTPREL relocations
Ignore DT_TLSDESC_GOT / DT_TLSDESC_PLT
Disable the dlfcn.dlopen_library_with_ELF_TLS test
Add BionicAllocator::memalign
Move the linker allocator into libc
Replace some of linker_allocator's header includes
This test is verifying that an ELF TLS solib can't be loaded, but once
ELF TLS is implemented, it *can* be loaded. Removing the test requires
coordinated changes with internal test suites.
I could modify the test to verify that the solib was successfully loaded,
but support for dynamic ELF TLS appears across a few different CLs.
Bug: http://b/78026329
Test: bionic unit tests
Change-Id: If8cd798f456568a5c76310b754cea48ca8edaa82
A static executable is almost entirely statically relocated by the
linker, with the exception of IRELATIVE relocations, which must be
resolved by libc by enumerating the relocations using the special
linker-defined symbols __rela?_iplt_{start,end}. This patch implements
ifunc support by enumerating the relocations in this way.
Bug: 112482891
Test: /data/nativetest{,64}/bionic-unit-tests-static/bionic-unit-tests-static on walleye_hwasan-userdebug
Change-Id: Ia5522a190da0b86e095b141d5d4e68dd7dd4b695
Bionic needs this functionality to allocate a TLS segment with greater
than 16-byte alignment. For simplicity, this allocator only supports up
to one page of alignment.
The memory layout changes slightly when allocating an object of exactly
PAGE_SIZE alignment. Instead of allocating the page_info header at the
start of the page containing the pointer, it is allocated at the start
of the preceding page.
Bug: http://b/78026329
Test: linker-unit-tests{32,64}
Change-Id: I1c8d1cd7ca72d113bced5ee15ba8d831426b0081
Rename LinkerMemoryAllocator -> BionicAllocator
Rename LinkerSmallObjectAllocator -> BionicSmallObjectAllocator
libc and the linker need to share an instance of the allocator for
allocating and freeing dynamic ELF TLS memory (DTVs and segments). The
linker also continues to use this allocator.
Bug: http://b/78026329
Test: /data/nativetest/bionic-unit-tests-static
Test: /data/nativetest64/bionic-unit-tests-static
Test: /data/nativetest/linker-unit-tests/linker-unit-tests32
Test: /data/nativetest64/linker-unit-tests/linker-unit-tests64
Change-Id: I2da037006ddf8041a75f3eba2071a8fcdcc223ce
If a signal handler is blocking all of their signals, we should
probably respect that and not silently unblock bionic's reserved
signals for them. Otherwise, user code can deadlock, run out of stack,
etc. through no fault of their own, if one of the reserved signals
comes in while they've pivoted onto their signal stack.
Bug: http://b/122939726
Test: treehugger
Change-Id: I6425a3e7413edc16157b35dffe632e1ab1d76618
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.
With this & the corresponding framework change, we should now be
handling the 4 combinations of:
{java, native} x {profile_at_runtime, profile_at_startup}.
See internal go/heapprofd-java-trigger for further context.
Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
(cherry picked from commit 998792e2b6)
Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.
With this & the corresponding framework change, we should now be
handling the 4 combinations of:
{java, native} x {profile_at_runtime, profile_at_startup}.
See internal go/heapprofd-java-trigger for further context.
Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
The dlext.ns_anonymous test copies the loaded segments of this shared
object into a new mapping, so every segment must be readable. Turn off
eXecute-Only-Memory.
Bug: http://b/123034666
Test: bionic-unit-tests --gtest_filter=dlext.ns_anonymous
Change-Id: I2d427feb81d353e0403c7ef251a55afb4d8729b4
* changes:
Handle R_GENERIC_TLS_TPREL relocations
Avoid a dlopen abort on an invalid TLS alignment
Initialize static TLS memory using module list
Record TLS modules and layout static TLS memory
StaticTlsLayout: add exe/tcb and solib layout
The UID range [90000..98999] is used for isolated processes that are
spawned from an application zygote. Otherwise they are identical to
regular isolated processes in the [99000..99999] range. Fix the tests to
match the new range.
Bug: 111434506
Test: atest bionic-unit-tests-static
Change-Id: Id0352f2cf0d21edb04d95f01ea2548e95b62317a
This relocation is used for static TLS's initial-exec (IE) accesses.
A TLS symbol's value is its offset from the start of the ELF module's
TLS segment. It doesn't make sense to add the load_bias to this value,
so skip the call to soinfo::resolve_symbol_address.
Allow TLS relocations to refer to an unresolved weak symbol. In that case,
sym will be non-zero, but lsi will be nullptr. The dynamic linker resolves
the TPREL relocation to 0, making &missing_weak_symbol equal the thread
pointer.
Recognize Gold-style relocations to STB_LOCAL TLS symbols/sections and
issue an error.
Remove the "case R_AARCH64_TLS_TPREL64", because the R_GENERIC_TLS_TPREL
case handles it.
Remove the no-op R_AARCH64_TLSDESC handler. It's better to issue an error.
dlopen_library_with_ELF_TLS now fails with a consistent error about an
unimplemented dynamic TLS relocation.
Bug: http://b/78026329
Test: bionic unit tests (elftls tests are added in a later CL)
Change-Id: Ia08e1b5c8098117e12143d3b4ebb4dfaa5ca46ec
Using "#if defined(...)" inside the test body seems to be the convention.
Bug: none
Test: bionic-unit-tests
Change-Id: Icb348a1184e630c5e199129bbe2090fd1e490fa5
Coming soon to a source tree near you.
Bug: 111358231
Test: `m checkbuild`. x86 emulator boots cleanly.
Change-Id: I9e3e2f7d3f8b7c36798fad27ca776f3490d834d2
For ELF TLS "local-exec" accesses, the static linker assumes that an
executable's TLS segment is located at a statically-known offset from the
thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86).
Because these layouts are incompatible, Bionic generally needs to allocate
its TLS slots differently between different architectures.
To allow per-architecture TLS slots:
- Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are
generally negative, while new x86 slots are generally positive.
- Define a bionic_tcb struct that provides two things:
- a void* raw_slots_storage[BIONIC_TLS_SLOTS] field
- an inline accessor function: void*& tls_slot(size_t tpindex);
For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots),
because the runtime linker doesn't know how large the static TLS area is
until after it has loaded all of the initial solibs.
To accommodate Golang, it's necessary to allocate the pthread keys at a
fixed, small, positive offset from the thread pointer.
This CL moves the pthread keys into bionic_tls, then allocates a single
mapping per thread that looks like so:
- stack guard
- stack [omitted for main thread and with pthread_attr_setstack]
- static TLS:
- bionic_tcb [exec TLS will either precede or succeed the TCB]
- bionic_tls [prefixed by the pthread keys]
- [solib TLS segments will be placed here]
- guard page
As before, if the new mapping includes a stack, the pthread_internal_t
is allocated on it.
At startup, Bionic allocates a temporary bionic_tcb object on the stack,
then allocates a temporary bionic_tls object using mmap. This mmap is
delayed because the linker can't currently call async_safe_fatal() before
relocating itself.
Later, Bionic allocates a stack-less thread mapping for the main thread,
and copies slots from the temporary TCB to the new TCB.
(See *::copy_from_bootstrap methods.)
Bug: http://b/78026329
Test: bionic unit tests
Test: verify that a Golang app still works
Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped
Merged-In: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
(cherry picked from commit 1e660b70da)
For ELF TLS "local-exec" accesses, the static linker assumes that an
executable's TLS segment is located at a statically-known offset from the
thread pointer (i.e. "variant 1" for ARM and "variant 2" for x86).
Because these layouts are incompatible, Bionic generally needs to allocate
its TLS slots differently between different architectures.
To allow per-architecture TLS slots:
- Replace the TLS_SLOT_xxx enumerators with macros. New ARM slots are
generally negative, while new x86 slots are generally positive.
- Define a bionic_tcb struct that provides two things:
- a void* raw_slots_storage[BIONIC_TLS_SLOTS] field
- an inline accessor function: void*& tls_slot(size_t tpindex);
For ELF TLS, it's necessary to allocate a temporary TCB (i.e. TLS slots),
because the runtime linker doesn't know how large the static TLS area is
until after it has loaded all of the initial solibs.
To accommodate Golang, it's necessary to allocate the pthread keys at a
fixed, small, positive offset from the thread pointer.
This CL moves the pthread keys into bionic_tls, then allocates a single
mapping per thread that looks like so:
- stack guard
- stack [omitted for main thread and with pthread_attr_setstack]
- static TLS:
- bionic_tcb [exec TLS will either precede or succeed the TCB]
- bionic_tls [prefixed by the pthread keys]
- [solib TLS segments will be placed here]
- guard page
As before, if the new mapping includes a stack, the pthread_internal_t
is allocated on it.
At startup, Bionic allocates a temporary bionic_tcb object on the stack,
then allocates a temporary bionic_tls object using mmap. This mmap is
delayed because the linker can't currently call async_safe_fatal() before
relocating itself.
Later, Bionic allocates a stack-less thread mapping for the main thread,
and copies slots from the temporary TCB to the new TCB.
(See *::copy_from_bootstrap methods.)
Bug: http://b/78026329
Test: bionic unit tests
Test: verify that a Golang app still works
Test: verify that a Golang app crashes if bionic_{tls,tcb} are swapped
Change-Id: I6543063752f4ec8ef6dc9c7f2a06ce2a18fc5af3
By default, Clang uses this arm32 function to read the thread pointer,
either for ELF TLS or via __builtin_thread_pointer(). It's probably better
to inline the cp15 access using -mtp=cp15, but that's not the default yet.
See https://reviews.llvm.org/D34878?id=114573.
Bug: http://b/78026329
Test: bionic unit tests
Change-Id: I93b8926075f0b2cea8df9ef518d54f2820a8ff5b
Bionic libs are part of the runtime APEX (com.android.runtime). In order
to be able to update the runtime APEX independetly from the platform, we
have to prevent things outside of the APEX from using bionic symbols
that are not guaranteed to be stable. Otherwise, platform could break
when a symbol is removed from the libs via the APEX update.
To achive this goal, this change adds stubs variant to the bionic libs.
With this, things outside of the runtime APEX (i.e. other APEXes and the
platform) are built with the stubs variants that provide only the
symbols that are guaranteed to be stable.
The set of symbols are basically the same as the symbols available to
NDK clients. However, there are a few additional symbols that are not
available for NDK but should be made available for platform components.
They are marked with "# apex" tag. Symbols with that tag are not exposed
to apps (via NDK stubs) or vendors (via LLNDK stubs).
Note that the stubs is a build-time only artifact. It is used just to
break the build when private symbols are used outside of the runtime
APEX. At runtime, the real library in the APEX is used.
Bug: 120266448
Test: m
Test: m bionic-unit-tests
Change-Id: I7b8d75830c81d7d7d54e2fca21a85b3417531b47
* Add explicit to conversion constructors/operators
Bug: 28341362
Test: make with WITH_TIDY=1 DEFAULT_GLOBAL_TIDY_CHECKS=-*,google-explicit-constructor
Change-Id: Id1ad0327c1b8c6f094bcbb3ae599bc1f716b3f2f
The previous test would fail to crash if the first byte of the canary was
already NUL (1 of 256 runs assuming uniform canary distribution).
Bug: http://b/121156651
Test: bionic unit tests
This test didn't clear errno before testing it, so was sensitive to
whatever code had run before. Since I'd already added the code to dump
the exact kernel version before realizing the actual bug, I've left that
in too.
Bug: http://b/121156651
Test: ran tests
Change-Id: I38482036cb6f035c0c98c27eb64d17829f29b09a
Using rint(3) gave us a step where if one side was 1.4 and the other
was 1.5, that would be 1 and 2 respectively. So instead use a simple
difference. Also log more detail in case this doesn't fix the flakiness.
Bug: http://b/121156651
Test: ran tests
Change-Id: Ib5b2eb05d2b1eb8c4a10b182a8703510a3ef0cea
Make getauxval() work in .preinit_array. It still won't be usable for
ifuncs unless we can guarantee that the __loader_shared_globals relocation
is resolved before the ifunc calls [__bionic_]getauxval.
Define __bionic_getauxval for use in replacing calls to
KernelArgumentBlock::getauxval, which doesn't (and sometimes isn't allowed
to) access TLS variables like errno.
Bug: http://b/25751302
Test: bionic unit tests
Change-Id: I461feeaed7f43cfa2a2b6c34147194f0df82b516
Merged-In: I461feeaed7f43cfa2a2b6c34147194f0df82b516
(cherry picked from commit bdab4a2b97)
* changes:
Replace TLS_SLOT_BIONIC_PREINIT w/ shared globals
Use shared globals so getauxval works earlier
Split main thread init into early+late functions
Make getauxval() work in .preinit_array. It still won't be usable for
ifuncs unless we can guarantee that the __loader_shared_globals relocation
is resolved before the ifunc calls [__bionic_]getauxval.
Define __bionic_getauxval for use in replacing calls to
KernelArgumentBlock::getauxval, which doesn't (and sometimes isn't allowed
to) access TLS variables like errno.
Bug: http://b/25751302
Test: bionic unit tests
Change-Id: I461feeaed7f43cfa2a2b6c34147194f0df82b516
Initialize the __progname and environ global variables using
libc_shared_globals rather than KernelArgumentBlock.
Also: suppose the linker is invoked on an executable:
linker prog [args...]
The first argument passed to main() and constructor functions is "prog"
rather than "linker". For consistency, this CL changes the BSD
__progname global from "linker" to "prog".
Bug: none
Test: bionic unit tests
Change-Id: I376d76953c9436706dbc53911ef6585c1acc1c31
This lets us do two things:
1) Make setjmp and longjmp compatible with shadow call stack.
To avoid leaking the shadow call stack address into memory, only the
lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires
allocating an additional guard page so that we're guaranteed to be
able to allocate a sufficiently aligned SCS.
2) SCS overflow detection. Overflows now result in a SIGSEGV instead
of corrupting the allocation that comes after it.
Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1
Test: bionic-unit-tests
Also move this and android_get_device_api_level into <android/api-level.h>
so that they're always available.
This involves cleaning up <sys/cdefs.h> slightly.
Bug: N/A
Test: builds
Change-Id: I25435c55f3549cd0d827a7581bee75ea8228028b
For the moment this is an internal-only change until the AOSP kernels
can be fixed to not clobber x18.
Bug: 112907825
Change-Id: I4442ad424539e5054a3489451d1b8ab522af0a3e
libcrt_builtins does not work with libm, which is statically linked in
bionic-unit-tests-static. Opt it out of libcrt_builtins for now.
Bug: 119207651
Bug: 117167374
Test: run bionic-unit-test-static
Change-Id: I20067c9841beb9de2b73342847aaa945dbadbff8
* HWASan report invalid use of the allocator api (like alignment not
being power of two, or allocation size too large) in a way tests do not
expect.
* Code in .preinit_array runs before HWASan shadow is initialized and
needs to be excluded from instrumentation.
* It looks that mm system calls (mmap/mprotect/etc) will not allow
tagged pointers. In fact, the use of mprotect on malloc()ed memory is
doubtful - one can imagine some kind of speculative load from such
memory, as compiler knows that it is addressable.
Bug: 114279110
Test: bionic-unit-tests with hwasan
Change-Id: I6ba4b46a0d554de77c923ad134cf156ce4ddba1b
According to posix, this test invokes undefined behavior by deleting
a timer twice.
According to hwasan, the second call to timer_delete loads
kernel_timer_id from previously deallocated PosixTimer (i.e.
heap-use-after-free).
Bug: 114279110
Test: bionic-unit-tests with hwasan
Change-Id: Ic54579e3bb41d3f38282b8822dafaba51efd003a
This reverts commit 8e462d411a.
Reason for revert: this lld bug has been fixed upstream and in AOSP prebuilts
Bug: 80109858
Change-Id: Ied600324201e1a014a1d4e6742767e2ddd94999a
This reverts commit da1bc79f93.
Reason for revert: Caused OOM in media process
Bug: 112907825
Bug: 118593766
Change-Id: I545663871d75889b209b9fd2131cdaa97166478f
Use <android-base/macros.h> instead where possible, and move the bionic
macros out of the way of the libbase ones. Yes, there are folks who manage
to end up with both included at once (thanks OpenGL!), and cleaning that
up doesn't seem nearly as practical as just making this change.
Bug: N/A
Test: builds
Change-Id: I23fc544f39d5addf81dc61471771a5438778895b
Some vendors may have been using the AIDs outside the oem ranges
for long that those aids need continue to be maitained for the
existing devices. We allow them countinue to use the old AID names
and values on device launch with P and before, to give them the
period of time to adopt the new AID scheme.
Bug: 116405200
Change-Id: I0453ed14df4c0855575ef1404c596ddc6ded681b
Previously, we were callign tgkill(pid, 0, signal) instead, which would
fail with EINVAL instead.
Test: bionic-unit-tests
Change-Id: I25b127dcf347e0223274502b0516a950b6c2093e
We added a check in P that ensures all vendor provided AIDs only
appear in the carved out ranges for vendors to use. However,
upgrading devices may be using AIDs outside of this range and it is
very difficult to change these AIDs, so we waive this test for them.
Bug: 116830906
Test: test succeeds on upgrading devices
Change-Id: Iddcacb1dce77a150d5138e7b3115abf25bf60a6e
The executable can be inside a zip file using the same syntax used for
shared objects: path.zip!/libentry.so.
The linker currently requires an absolute path. This restriction could be
loosened, but it didn't seem important? If it allowed non-absolute paths,
we'd need to decide how to handle:
- foo/bar (relative to CWD?)
- foo (search PATH / LD_LIBRARY_PATH, or also relative to CWD?)
- foo.zip!/bar (normalize_path() requires an absolute path)
The linker adjusts the argc/argv passed to main() and to constructor
functions to hide the initial linker argument, but doesn't adjust the auxv
vector or files like /proc/self/{exe,cmdline,auxv,stat}. Those files will
report that the kernel loaded the linker as an executable.
I think the linker_logger.cpp change guarding against (g_argv == NULL)
isn't actually necessary, but it seemed like a good idea given that I'm
delaying initialization of g_argv until after C++ constructors have run.
Bug: http://b/112050209
Test: bionic unit tests
Change-Id: I846faf98b16fd34218946f6167e8b451897debe5
Previously, we were zeroing out the reserved signals, when we actually
wanted to have TIMER_SIGNAL always be blocked, and the other signals
always be unblocked. This resulted in process termination when a
SIGEV_THREAD timer callback calls sigprocmask(SIG_SETMASK, ...) with
any signal mask value, and then subsequently fails to complete its
callback and reach the sigtimedwait in bionic before the next timer
iteration triggers.
Add a how argument to filter_reserved_signals to appropriately
block/unblock our reserved signals.
Bug: http://b/116783733
Test: bionic-unit-tests32/64
Change-Id: Ie5339682cdeb914711cd4089cd26ee395704d0df
glibc and musl both have these as synonyms for one another, so we may
as well do the same and get backwards compatibility on old OS releases.
Bug: N/A
Test: ran tests
Change-Id: I6bf38ea446560e1b11022ff539f07eb67c157049
Use a global gtest isolation runner rather than the custom one in
bionic.
Test: Ran all unit tests and verified same behavior before and after.
Change-Id: I24a7cf17cf8e018d0f51969c64b53ce9059cc779
During the review of the script that generates /vendor/etc/passwd, it
was suggested that the shell be /vendor/bin/sh instead of the typical
/system/bin/sh. This has subsequently caused bionic unit tests to
fail, since they always check that the shell is set to /system/bin/sh.
In the spirit of that review, libc is modified to return
/vendor/bin/sh for the OEM AID ranges and the test is updated to
expect this.
Test: bionic unit tests
Change-Id: Ie7c1c48fde8a71b3df1aa0ef112d42ab7bd3baec
Originally a BSD extension, now in glibc too. We've used it internally
for a while.
(cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.)
Bug: http://b/112163459
Test: ran tests
Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Disable -Wmemset-transposed-args to ensure that FORTIFY still works
without it. Also, we can finally enable checking for
FLT_HAS_SUBNORM/DBL_HAS_SUBNORM/LDBL_HAS_SUBNORM now that those are
available in Clang.
Bug: http://b/110779387
Test: build and run bionic unit tests
Change-Id: I4bf19b870c44d981ecbd1089d0ae6a2496be5441
