Global, writable function pointers are low-hanging fruit for hijacking
control flow with an overflow from a global buffer or an arbitrary write
vulnerability. This moves the function pointer table into a dedicated
page and makes it read-only at runtime, similar to RELRO.
This increases the memory usage of the library by just under one page.
This could be avoided by having the linker load the vdso by replacing
weak symbols. It's not significant within the Zygote spawning model
though because it's read-only after early init.
Change-Id: Id7a49c96c1b15c2e1926528304b3c54a81e78caf
If a map has a non-zero vaddr then it needs to be added to the
computed relative offset.
Bug: 22532054
Change-Id: If55015165d25ecc4b530f674b481c8c7ef760a23
The __libc_init_tls function in libc_init_common.cpp takes a reference
to a local variable so it ends up being protected. Since this happens
before TLS and the stack guard value are initialized, it breaks.
The libc_init_common code needs to be compiled with -fno-stack-protector
and can then be merged into libc_bionic.
Change-Id: Ie95ea2ff533d4af1cfad1c9bc59e49f20a8e119d
There is a deadlock if holding the hash table lock while trying to do
a backtrace. Change the code so that the hash table lock is only held
while actually modifying either g_hash_table, or while modifying an
entry from g_hash_table.
Bug: 22423683
(cherry picked from commit 9fee99b060)
Change-Id: I72173bfe6f824ceaceea625c24e7851b87467135
LP64 is immune because basename_r is hidden there, but on LP32 a basename_r
defined in the executable breaks basename because its call to basename_r
will resolve to that one rather than the one in libc.
Bug: http://b/22415484
Change-Id: Ied3ca7ad3fb0e744eb705fc924743f893b4ad490
When there is arm assembler of this format:
ldmxx sp!, {..., lr} or pop {..., lr}
bx lr
It can be replaced with:
ldmxx sp!, {..., pc} or pop {..., pc}
Change-Id: Ic27048c52f90ac4360ad525daf0361a830dc22a3
libchrome uses __USE_XOPEN2K8 to decide whether futimens is
available. That's perhaps not the best idea, but there are other
cases where we defined the same feature macros as glibc to aid
portability.
Change-Id: Ie6e04cb181d88698d618e7dbd26cd347a6bf076c
In the serialized output from netd, the strings come first. Some code
assumes -- reasonably enough -- that it can do unaligned reads of pointers,
so we need to ensure alignment after all the strings.
(cherrypick of 65dd858239c4e32a5a1afbc14ac30dbcdd2a50a3.)
Bug: http://b/21192318
Change-Id: I456639127db9a2583f7f738e6b8103375d9387fd
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
Changes affecting future time stamps
Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00,
not 06-13 and 07-18 as we had guessed. (Thanks to Milamber.)
Assume Cayman Islands will observe DST starting next year, using US rules.
Although it isn't guaranteed, it is the most likely.
Bug: 21836574
Change-Id: I6eda60c220d5c55d2aa0934544866ec0f1ce62ab
The NDK self-test issue64679-prctl failed to build because by default
clang3.6 builds in C11 mode, but the ifdef in the file 'uchar.h' hid the
required char16_t and char32_t declarations based on the GCC version,
which is declared as 4 by clang.
The ifdef is changed so that it is based on C version rather than a
compiler version. This way it is compatible with gcc 4, gcc 5 and clang
which are actually the only used toolchains.
See also: b.android.com/177609
Change-Id: I78c4bdc681c6f8a31b92dbe8ffe35e84ef2eda36
Signed-off-by: Egor Kochetov <egor.kochetov@intel.com>
Group network context elements in to a single struct and
add a version of android_getaddrinfofornet() that accepts it.
The introduction of UID-based routing means that the UID is an
integral part of the network context when evaluating connectivity,
sorting addresses, etc.
Also, introduce a distinction between DNS netids/marks and those
expected to be used by the application. This can be important
when the network an application is using is not the same as the
network on which DNS queries will be issued.
Additionally, de-duplicate the UDP connect logic (collapse both
_test_connect() and _find_src_addr() into just the latter).
Bug: 19470192
Bug: 20733156
Bug: 21832279
Change-Id: If16c2f4744695f507993afdac078ca105eb5d3e4
Add the x86-only elf_fpxregset_t to <sys/procfs.h>, and rename
user_fxsr_struct (the kernel's name) to user_fpxregs_struct (the
userspace name).
Bug: http://b/22068064
Change-Id: Id466096bf02baf6bd49b193f49d9036848d33548
Clang/llvm x86_64 configuration of long double is still
incompatible with gcc.
https://llvm.org/bugs/show_bug.cgi?id=23897
BUG: 21899249
Change-Id: I47fd6d0ce2daa84ae0035e7885a4d90e4c3056f7
We don't want to use <asm/ptrace.h> because (a) it'll drag in a bunch of
namespace pollution and (b) the registers should be "long double" for
userspace, not the kernel's uint128s. So just use a slightly different
name for our struct (which matches the traditional names for these structs
anyway).
Bug: http://b/21695943
Bug: https://code.google.com/p/android/issues/detail?id=86712
Change-Id: I8812ca98cfe6b649dbd31f7d6aea41928ba2acbd
The pthread_mutex_lock and pthread_mutex_unlock were allowed to
fail silently on L 32 bit devices when passed a NULL. We changed
this to a crash on 32 bit devices, but there are still games that make
these calls and are not likely to be updated. Therefore, once again
allow NULL to be passed in on 32 bit devices.
Bug: 19995172
(cherry picked from commit 511cfd9dc8)
Change-Id: I159a99a941cff94297ef3fffda7075f8ef1ae252
A continuation of commit 2825f10b7f.
Add O_PATH compatibility support for flistxattr(). This allows
a process to list out all the extended attributes associated with
O_PATH file descriptors.
Change-Id: Ie2285ac7ad2e4eac427ddba6c2d182d41b130f75
The functions dlmalloc_inspect_all and dlmalloc_trim get
exported on devices that use dlmalloc, so be consistent and
export them everywhere.
Bug: 21640784
Change-Id: I5b8796cd03c8f401d37d9c22823144f766f9c4c7
These are the problems fixed in this CL:
- The ndk_cruft.cpp file was not compiled for 64 bit.
- Some files where not compiled for libc_bionic.a due to a missing
patch-up-arch-specific-flags call.
- The libc_bionic_ndk.a patch up call was using bionic src, not
the bionic_ndk_src_files.
- Move mmap.cpp to the ndk src list where it was before because of
the above errors.
Bug: 21640784
Change-Id: I31e97bc8bf347c8e584cc17aa4b984a7d122b298
It turns out that apportable apps expect that the DIR structure is
the same as in L and below. Modify the structure to have the same
order, and move the new variable to the end of the structure.
Bug: 21037208
(cherry picked from commit 5edb0f40f6)
Change-Id: I0c1ab5e295ec8bef638daa4cfea5830aeea602e6
Support O_PATH file descriptors when handling fgetxattr and fsetxattr.
This avoids requiring file read access to pull extended attributes.
This is needed to support O_PATH file descriptors when calling
SELinux's fgetfilecon() call. In particular, this allows the querying
and setting of SELinux file context by using something like the following
code:
int dirfd = open("/path/to/dir", O_DIRECTORY);
int fd = openat(dirfd, "file", O_PATH | O_NOFOLLOW);
char *context;
fgetfilecon(fd, &context);
This change was motivated by a comment in
https://android-review.googlesource.com/#/c/152680/1/toys/posix/ls.c
Change-Id: Ic0cdf9f9dd0e35a63b44a4c4a08400020041eddf
According to the comments in Posix_close(), TEMP_FAILURE_RETRY() should
not be used with close():
462bdac45c%5E%21/#F12
Kill ScopedFd by simplifying the single caller.
Change-Id: I248c40b8c2fc95f1938a6edfc245c81847fc44af
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
There's no reason to have multiple years in our own copyright headers,
and given the stupidity of our NOTICE file generation, it just creates
more junk.
Change-Id: I065a3811c2e2584e3b649a18ad9460286bc72b92
All arch-arm and arch-arm64 .S files were compiled
by gcc with and without this patch. The output object files
were identical. When compiled with llvm and this patch,
the output files were also identical to gcc's output.
BUG: 18061004
Change-Id: I458914d512ddf5496e4eb3d288bf032cd526d32b
With a different memcpy, __memcpy_base_aligned ceased to exist.
Instead, point to the name defined by whatever includes memcpy_base.S
Change-Id: I242cf49cbada35337ba155d7f170e86a905ff55f
Changes affecting future time stamps
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Changes affecting past time stamps
America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not
1966-07-01. Also, Yukon's time zone history is documented better.
(Thanks to Brian Inglis and Dennis Ferguson.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
Bug: 20551453
Change-Id: I02364f15ca4ae20ed1a3b327f8517214bee938e5
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.
Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
Spencer Low points out that we never actually set a name because the constant
part of the string was longer than the kernel's maximum, and the kernel
rejects long names rather than truncate.
Shorten the fixed part of the string while still keeping it meaningful. 9999
POSIX timers should be enough for any process...
Bug: https://code.google.com/p/android/issues/detail?id=170089
Change-Id: Ic05f07584c1eac160743519091a540ebbf8d7eb1
gcc 5.1 doesn't define char16_t and char32_t (unless in C++ mode),
causing compile failures.
Change-Id: I08dcd13cdf8cd59a4a2f191864bedf4c0d1bb313
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
Changes affecting future time stamps
Egypt's spring-forward transition is at 24:00 on April's last Thursday,
not 00:00 on April's last Friday. 2015's transition will therefore be on
Thursday, April 30 at 24:00, not Friday, April 24 at 00:00. Similar fixes
apply to 2026, 2037, 2043, etc. (Thanks to Steffen Thorsen.)
Changes affecting past time stamps
The following changes affect some pre-1991 Chile-related time stamps
in America/Santiago, Antarctica/Palmer, and Pacific/Easter.
The 1910 transition was January 10, not January 1.
The 1918 transition was September 10, not September 1.
The UTC-4 time observed from 1932 to 1942 is now considered to be
standard time, not year-round DST.
Santiago observed DST (UTC-3) from 1946-07-15 through 1946-08-31,
then reverted to standard time, then switched its time zone to
UTC-5 on 1947-04-01.
Assume transitions before 1968 were at 00:00, since we have no data
saying otherwise.
The spring 1988 transition was 1988-10-09, not 1988-10-02.
The fall 1990 transition was 1990-03-11, not 1990-03-18.
Assume no UTC offset change for Pacific/Easter on 1890-01-01,
and omit all transitions on Pacific/Easter from 1942 through 1946
since we have no data suggesting that they existed.
One more zone has been turned into a link, as it differed
from an existing zone only for older time stamps. As usual,
this change affects UTC offsets in pre-1970 time stamps only.
The zone's old contents have been moved to the 'backzone' file.
The affected zone is America/Montreal.
Bug: 20287125
Change-Id: I8512c4e9ab09725395b256aba59ca34a23d1c995
The visibility control in pthread_atfork.h is incorrect.
It breaks 64bit libc.so by hiding pthread_atfork.
This reverts commit 6df122f852.
Change-Id: I21e4b344d500c6f6de0ccb7420b916c4e233dd34
This doesn't affect code like Chrome that correctly ignores EINTR on
close, makes code that tries TEMP_FAILURE_RETRY work (where before it might
have closed a different fd and appeared to succeed, or had a bogus EBADF),
and makes "goto fail" code work (instead of mistakenly assuming that EINTR
means that the close failed).
Who loses? Anyone actively trying to detect that they caught a signal while
in close(2). I don't think those people exist, and I think they have better
alternatives available.
Bug: https://code.google.com/p/chromium/issues/detail?id=269623
Bug: http://b/20501816
Change-Id: I11e2f66532fe5d1b0082b2433212e24bdda8219b
Prebuilt shared libraries (libclang.so, libLLVM.so and etc) have been
moved to prebuilts/sdk/tools/linux/lib64. Update the search path in
cpp.py to match the change.
Bug: 20485471
Change-Id: Ib7784db4d5529d16a1e2bfc07cb0237929bc5a64
1. Don't prevent calling callback when SIGEV_THREAD timers are disarmed by timer_settime.
As in POSIX standard: The effect of disarming or resetting a timer with pending
expiration notifications is unspecified. And glibc didn't prevent in this situation, so I
think it is fine to remove the support.
2. Still prevent calling callback when SIGEV_THREAD timers are deleted by timer_delete.
As in POSIX standard: The disposition of pending signals for the deleted timer is unspecified.
However, glibc handles this (although that is not perfect). And some of our tests in
time_test.cpp depend on this feature as described in b/18039727. so I retain the support.
3. Fix some flaky test in time_test.cpp, and make "time*" test pass on bionic-unit-tests-glibcxx.
Bug: 18263854
Change-Id: I8ced184eacdbfcf433fd81b0c69c38824beb8ebc
Changes affecting future time stamps
Mongolia will start observing DST again this year, from the last
Saturday in March at 02:00 to the last Saturday in September at 00:00.
(Thanks to Ganbold Tsagaankhuu.)
Palestine will start DST on March 28, not March 27. Also,
correct the fall 2014 transition from September 26 to October 24.
Adjust future predictions accordingly. (Thanks to Steffen Thorsen.)
Changes affecting past time stamps
The 1982 zone shift in Pacific/Easter has been corrected, fixing a 2015a
regression. (Thanks to Stuart Bishop for reporting the problem.)
Some more zones have been turned into links, when they differed
from existing zones only for older time stamps. As usual,
these changes affect UTC offsets in pre-1970 time stamps only.
Their old contents have been moved to the 'backzone' file.
The affected zones are: America/Antigua, America/Cayman,
Pacific/Midway, and Pacific/Saipan.
Changes affecting time zone abbreviations
Correct the 1992-2010 DST abbreviation in Volgograd from "MSK" to "MSD".
(Thanks to Hank W.)
Bug: 19887183
Change-Id: I1b4bdc5ae5cf778908a77893d7f8db8a4117e1e1
The ICU4J changes are not necessary for use on Android (since
we use the ICU4C .dat file), but updating them ensures that
the .jars in sync with everything else and the jars are currently
required for host tests.
Change-Id: Ie56b31af87e8fbd27a6489af8287e4b6a7be6b8f
Previous implementation of rwlock contains four atomic variables, which
is hard to maintain and change. So I make following changes in this CL:
1. Add pending flags in rwlock.state, so we don't need to synchronize
between different atomic variables. Using compare_and_swap operations
on rwlock.state is enough for all state change.
2. Add pending_lock to protect readers/writers waiting and wake up
operations. As waiting/wakeup is not performance critical, using a
lock is easier to maintain.
3. Add writer preference option.
4. Add unit tests for rwlock.
Bug: 19109156
Change-Id: Idcaa58d695ea401d64445610b465ac5cff23ec7c
This makes unwind symbols 'protected',
which should prevent them from relocating
against libc++.so/libcutls.so.
This is temporary file and it is going
to be removed once libc.so stops exporting
them.
Bug: http://b/19958712
Change-Id: I96a765afe47e68d2e2ceb288870e63a25ca52081
Apparently clang really doesn't want you to take the address of a builtin.
Since this is only a temporary hack, let's just shrug and accept that
clang-built volantis images won't work until we have new NVIDIA blobs.
Bug: http://b/20065774
Change-Id: I4c8e893b15a1af8f9c54d3f89bfef112b63d09b4
NVIDIA binary blobs are assuming that __cache_clear, _Unwind_Backtrace,
and _Unwind_GetIP are all in some library that they link, but now we've
cleaned up this leakage, they're no longer getting it. Deliberately leak
the symbols from libc.so until we get new blobs.
Bug: http://b/20065774
Change-Id: I92ef07b2bce8d1ad719bf40dab41d745cd6904d4
This flag allows to force loading of the library
in the case when for some reason multiple ELF files
share the same filename (because the already-loaded
library has been removed and overwritten, for example).
Change-Id: I798d44409ee13d63eaa75d685e99c4d028d2b0c1
This used to be handled by -fvisibility=hidden on libc_cxa, but that
was broken by the resolution of https://llvm.org/PR22419 (introduced
to Android in today's clang update).
Now we just use a version script that prevents these from being
re-exported from our shared libraries.
Change-Id: Ib290e1d0d7426e09ad17a91178162fff6dbdcfa9
stubs.cpp gets string.h inherited from private/android_filesystem_config.h
it should not rely on this in the future. The intent is to move fs_config
function into libcutils and thus deprecate any need for string.h in this
include file.
Change-Id: I946ec1979ef5bbb34fbcb4a99bf2cd79280bb2a3
These macros are also not used in glibc. And we should use
PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP
and PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP instead.
Change-Id: I35195e2f499712dcde9305bbb93622d0f7ca874b
This is initial implementations; does not yet handle
dlclose - undefined behavior, needs linker support to
handle it right.
Bug: 19800080
Bug: 16696563
Change-Id: I7a3e21ed7f7ec01e62ea1b7cb2ab253590ea0686
It is due to a previous change "Let g_thread_list_lock only protect g_thread_list".
We need to add the newly created thread to thread_list even if
__init_thread fails, so the thread can exit successfully.
Change-Id: I0332df11acfdd181350bcc092b12d90d679057a4
This is a patch testing whether we can use abort() instead of
returning ESRCH for invalid pthread ids. It is an intermediate
step to remove g_thread_list/g_thread_list_lock.
Bug: 19636317
Change-Id: Idd8e4a346c7ce91e1be0c2ebcb78ce51c0d0a31d
For DeathTests, we are testing the output of stderr to check if it is the
death we are expecting. To collect the output, Gtest redirects stderr to
a temporary file. But in __libc_write_stderr in libc_logging.cpp, we are
writing to stderr without a O_APPEND flag, so a new message will overwrite
a previous message.
The above situation makes almost all the DeathTests fail on host. Because
the expected message are always overwritten in host DeathTests. So I add
O_APPEND flag in __libc_write_stderr, which makes all host DeathTests pass.
Change-Id: Ic2f6044fdb181eebe132a6f170b57db43c5c3289
As glibc/netbsd don't protect access to thread struct members by a global
lock, we don't want to do it either. This change reduces the
responsibility of g_thread_list_lock to only protect g_thread_list.
Bug: 19636317
Change-Id: I897890710653dac165d8fa4452c7ecf74abdbf2b
aligned attribute can only control compiler's behavior, but we
are manually allocating pthread_internal_t. So we need to make
sure of alignment manually.
Change-Id: Iea4c46eadf10dfd15dc955c5f41cf6063cfd8536
The errors are introduced in "Make pthread join_state not protected by g_thread_list_lock".
Bug: 19636317
Change-Id: I58ae9711da94bfbac809abfd81311eeb70301a4b
This is currently set in init.rc, but I plan on making init
set PATH to _PATH_DEFPATH and removing the line from init.rc...
Bug: 19564110
Change-Id: Ifa7226a3a5a90d141a788d7d6b1ae86245674218
Bionic's getauxval(...) implementation returns zero when entries are
missing. Zero can be a valid value, so there is no unambiguous way of
detecting an error. Since glibc 2.19, errno is set to ENOENT when an
entry is missing to make it possible to detect this. Bionic should match
this behavior as code in the Linux ecosystem will start relying on it to
check for the presence of newly added entries.
Change-Id: Ic1efe29bc45fc87489274c96c4d2193f3a7b8854
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
