Commit Graph

199 Commits

Author SHA1 Message Date
Nick Kralevich
7943df62f7 Check memory size on FD_* functions
Make sure the buffer we're dealing with has enough room.
Might as well check for memory issues while we're here,
even though I don't imagine they'll happen in practice.

Change-Id: I0ae1f0f06aca9ceb91e58c70183bb14e275b92b5
2013-10-03 15:45:10 -07:00
Nick Kralevich
90201d5eca FORTIFY_SOURCE: Add __FD_* checks
Add FORTIFY_SOURCE checks for the following macros:

* FD_CLR
* FD_ISSET
* FD_SET

Bug: 11047121
Change-Id: I3c5952136aec9eff3288b91b1318677ff971525c
2013-10-02 16:11:30 -07:00
Elliott Hughes
e4ffd9f234 Regenerate the system call stubs (to get x86_64).
This touches the x86 stubs too because arm, x86, and x86_64 now
all share the same header (at a source level), which causes a
reordering of the #include lines.

Change-Id: If9a1e2b2718bd41d8399fea748bce672c513ef84
2013-10-01 13:29:43 -07:00
Elliott Hughes
01a700e5d2 Better statfs/fstatfs glibc compatibility.
Change-Id: I069d169c96cd71b75a045ec911fb4bd484c6b2c9
2013-09-30 21:57:07 -07:00
Elliott Hughes
d3e64a3f40 Add x86_64 to the bionic headers.
Manual changes:

  cpp.py: cope with macros that refer to other macros.

  defaults.py: x86 no longer always implies __i386__; use __i386__ to replace
  the kernel CONFIG_X86_32 flag.

  asm/page.h: the upstream page.h isn't a uapi header and no longer includes
  the stuff we were using it for. Let's just have our own static file, since
  it's the same for all our architectures (both 32- and 64-bit).

  sys/select.h: we used to use the various FD_SET-related macros from the
  kernel header files, but they've gone. Adjust by adding trivial equivalent
  definitions.

Automated changes:

  libc/kernel/arch-x86, libc/kernel/common: regenerated from
  external/kernel-headers.

Change-Id: I84fc0ed52dc742e043b4ae300fd3b58ee99b7fcd
2013-09-30 18:42:13 -07:00
Nick Kralevich
60f4f9a5b9 libc: fortify recvfrom()
Fortify calls to recv() and recvfrom().

We use __bos0 to match glibc's behavior, and because I haven't
tested using __bos.

Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
2013-09-24 16:45:01 -07:00
Elliott Hughes
b4f7616fd6 Ensure we have the off64_t variant of every function that takes an off_t.
Change-Id: Ib2eee0cf13162be3b62559b84e90c6dcf5aab1c3
2013-09-19 16:27:24 -07:00
Daniel Leung
afcc0cccda Add mmap64()
This adds mmap64() to bionic so that it is possible to have
large offset passed to kernel. However, the syscall mechanism
only passes 32-bit number to kernel. So effectively, the
largest offset that can be passed is about 43 bits (since
offset is signed, and the number passed to kernel is number
of pages (page size == 4K => 12 bits)).

Change-Id: Ib54f4e9b54acb6ef8b0324f3b89c9bc810b07281
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2013-09-19 14:11:26 -07:00
Nick Kralevich
bd8e6749b7 cdefs.h: introduce __bos0
Introduce __bos0 as a #define for __builtin_object_size((s), 0).
This macro is intended to be used for places where the standard
__bos macro isn't appropriate.

memcpy, memmove, and memset deliberately use __bos0. This is done
for two reasons:

1) I haven't yet tested to see if __bos is safe to use.
2) glibc uses __bos0 for these methods.

Change-Id: Ifbe02efdb10a72fe3529dbcc47ff647bde6feeca
2013-08-28 14:27:14 -07:00
Elliott Hughes
d0be7c8f9a Add futimens.
Bug: 10239370
Change-Id: I518340084103dc339ef8a065d4837d6258a1381d
2013-08-08 17:13:33 -07:00
Elliott Hughes
c03e1e7439 Define PTHREAD_KEYS_MAX and _POSIX_THREAD_KEYS_MAX in a POSIX-compliant way.
Also make sysconf use PTHREAD_STACK_MIN rather than redefining its
own, different, constant.

Bug: 9997352
Change-Id: I9a8e7d2b18e691439abfb45533e82c36eee9e81d
2013-07-29 17:09:36 -07:00
Elliott Hughes
06040fd75c Add <sys/statvfs.h>.
Bug: 2512019
Change-Id: I6e7fd3fa281977cc4bc270481a95416b5b2dc351
2013-07-09 13:25:03 -07:00
Elliott Hughes
e42e51d563 Clean up <sys/mount.h>/<linux/fs.h> duplication.
Roll on uapi...

Bug: 6340120
Change-Id: Ic9521905683946e836574e4d768e34853ea777fa
2013-07-03 14:58:04 -07:00
Lorenzo Colitti
f936ef1a9f Include linux/termios.h from sys/ioctl.h.
On NetBSD and glibc, including sys/ioctl.h provides some
terminal ioctl data structures such as struct winsize. For
compatibility, provide these via sys/ioctl.h in bionic as well.
bionic does not have its own definitions for these structures, so
get them from the Linux kernel definitions.

Change-Id: I01345c23c0bebd60b0a80fc33668e7c0ad7356c3
2013-07-03 13:35:18 -07:00
Nick Kralevich
a6cde39276 More FORTIFY_SOURCE functions under clang
* bzero
* umask
* strlcat

Change-Id: I65065208e0b8b37e10f6a266d5305de8fa9e59fc
2013-06-29 08:16:22 -07:00
Colin Cross
5e9a086145 bionic: add compatibility mode for properties
Allow a new bionic to work with an old init property area by supporting
the old format.

(cherry picked from commit ad76c85b9c)

Change-Id: Ib496e818a62a5834d40c71eb4745783d998be893
2013-06-25 16:52:40 -07:00
Rom Lemarchand
d206b560e7 libc: add swapon and swapoff syscalls
Change-Id: Ie79dc8e3f2ff1cd427dd6d95e3850920c4b407b0
Signed-off-by: Rom Lemarchand <romlem@google.com>
2013-06-25 13:18:03 -07:00
Greg Hackmann
1540f601be bionic: revert to a single (larger) property area
d329697 is too complicated.  Change the multiple property pages back to
a single 128K property area that's mapped in entirely at initialization
(the memory will not get allocated until the pages are touched).

d329697 has other changes useful for testing (moving property area
initialization inside bionic and adding __system_property_set_filename)
so undo the change manually rather than with git revert.

Signed-off-by: Greg Hackmann <ghackmann@google.com>

(cherry picked from commit 5f05348c18)

Change-Id: I690704552afc07a4dd410277893ca9c40bc13e5f
2013-06-24 16:35:37 -07:00
Greg Hackmann
996cdc4b1a bionic: reimplement property area as hybrid trie/binary tree
See the comments for an explanation of how properties are stored.

The trie structure is designed to scale better than the previous
array-based implementation.  Searching an array with n properties
required average O(n) string compares of the entire key; searching the
trie requires average O(log n) string compares of each token (substrings
between '.' characters).

Signed-off-by: Greg Hackmann <ghackmann@google.com>

(cherry picked from commit 6ac8e6a46d)

Change-Id: Icbe31908572f33b4d9b85d5b62ac837cbd0f85e0
2013-06-24 16:35:32 -07:00
Greg Hackmann
cb215a7e9e bionic: make property area expandable
The property area is initially one 4K region, automatically expanding as
needed up to 64 regions.

To avoid duplicating code, __system_property_area_init() now allocates
and initializes the first region (previously it was allocated in init's
init_property_area() and initialized in bionic).  For testing purposes,
__system_property_set_filename() may be used to override the file used
to map in regions.

Signed-off-by: Greg Hackmann <ghackmann@google.com>

(cherry picked from commit d32969701b)

Change-Id: I038d451fe8849b0c4863663eec6f57f6521bf4a7
2013-06-24 16:35:15 -07:00
Greg Hackmann
c6ff844d75 bionic: add __system_property_foreach
find_nth() will be inefficient on a trie.  Since find_nth() is only used
internally and only for enumerating properties, we can add a foreach()
function to do this directly.

Signed-off-by: Greg Hackmann <ghackmann@google.com>

(cherry picked from commit 577418403d)

Change-Id: Iaca97d1182ce2c28863ba85241cbb5cf6185eb2f
2013-06-18 19:24:29 -07:00
Nick Kralevich
a641c18f0c libc: Rename fortify error functions.
__umask_error -> __umask_invalid_mode
__creat_error -> __creat_missing_mode
__too_many_args_error -> __creat_too_many_args

Change-Id: I4036f344a3a93628e70f2e948ad73cfed3a967ea
2013-06-18 13:07:18 -07:00
Nick Kralevich
16d1af167f libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.

This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:

* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)

It may be possible, in the future, to enable other functions. However,
I need to write unittests first.

For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.

I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.

I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.

Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-18 12:14:20 -07:00
Nick Kralevich
b24c0637d0 libc: Introduce __errordecl()
Define __errordecl and replace __attribute__((__error__("foo")))
with __errordecl. Make sure __errordecl is a no-op on clang, as it
generates a compile time warning.

Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
2013-06-18 12:13:52 -07:00
Colin Cross
5cf32de7a0 bionic: move system property writing from init to bionic
Move the implementation of writing to the system property area
from init to bionic, next to the reader implementation.  This
will allow full property testing to be added to bionic tests.

Add new accessor and waiting functions to hide the implementation
from watchprops and various bionic users.

Also hide some of the implementation details of the property area
from init by moving them into _system_properties.h, and other details
from everybody by moving them into system_properties.h.

(cherry picked from commit dc1038b790)

Change-Id: I192d3825ee276c5047bc751039fe6cfe226a7cca
2013-06-17 16:58:43 -07:00
Elliott Hughes
36fa67bcdd Ensure header files using __BEGIN_DECLS include sys/cdefs.h.
We keep fixing these one-by-one; let's fix them all at once.

Found thus:

  find . -name *.h | xargs grep -L sys/cdefs.h | xargs grep -l BEGIN_DECL | xargs grep -L sys/types

Change-Id: I188842aa2484dc6176e96556d57c38a0f785b59b
2013-06-05 17:58:08 -07:00
Kito Cheng
328223230b sys/personality.h: include <sys/cdefs.h>
Change-Id: Ia3fa558a38e0cffe5287bc454e85d5d3bdaa6ba1
2013-06-05 11:30:17 +08:00
Elliott Hughes
d04c183979 Add more __restricts, clean up __format__ attributes.
Change-Id: I7e2d270cc722d339d221eaea92747eaff3b51403
2013-05-14 16:08:43 -07:00
Todd Poynor
b0a2fc35d6 epoll: add EPOLLRDHUP, EPOLLWAKEUP, and EPOLLONESHOT events
(cherry-pick of d1ad4f6dab06189d4d3dcfa19ae4bc301481eb3f.)

Change-Id: I4a8476bff068951533d4188de94097c8b84bc489
2013-05-14 14:48:43 -07:00
Todd Poynor
4200e6203a libc: add timerfd calls
(cherry-pick of 04c0ac14a49e0969333008a9522b64046d58fbdc.)

Change-Id: I06d0b6c2a8781602362b81f48faf1cca76b9ec05
2013-05-14 14:45:02 -07:00
Nick Kralevich
78d6d9888c libc: upgrade sprintf to _FORTIFY_SOURCE=2
Upgrade sprintf to fortify_source level 2, to catch
additional security bugs.

Change-Id: Ibc957d65e4cb96152de84b3745a04e00fa22659e
2013-04-29 16:41:54 -07:00
Nick Kralevich
1aae9bd170 strncpy: implement _FORTIFY_SOURCE=2
Add support for fortify source level 2 to strncpy.
This will enable detection of more areas where strncpy
is used inappropriately. For example, this would have detected
bug 8727221.

Move the fortify_source tests out of string_test.cpp, and
put it into fortify1_test.cpp.

Create a new fortify2_test.cpp file, which copies all
the tests in fortify1_test.cpp, and adds fortify_source level
2 specific tests.

Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
2013-04-29 15:22:10 -07:00
Kito Cheng
8baa929d5d Prevent name conflict for eventfd.cpp and eventfd.s when building libc.a
- eventfd.cpp and eventfd.s will output to the same file when building libc.a
   out/target/product/*/obj/STATIC_LIBRARIES/libc_intermediates/WHOLE/libc_common_objs/eventfd.o
 - And then `eventfd` will undefined when statically linked to libc.

Also add a unit test.

Change-Id: Ib310ade3256712ca617a90539e8eb07459c98505
2013-04-03 11:10:37 -07:00
Elliott Hughes
1b91c6c11f Stop generating <sys/linux-syscalls.h>.
The <asm/unistd.h> files contain the canonical data, and
<sys/glibc-syscalls.h> contain new glibc-compatible names,
and if you #include the standard <sys/syscall.h> you get
both sets of names.

Change-Id: I9919c080931c0ba1660f5e37c6a6265ea716d603
2013-03-22 18:56:24 -07:00
Elliott Hughes
cda62094ef Use the correct names for the __ARM_NR_* syscalls.
This lets us move all the ARM syscall stubs over to the kernel <asm/unistd.h>.
Our generated <sys/linux-syscalls.h> is now unused, but I'll remove that in a
later change.

Change-Id: Ie5ff2cc4abce1938576af7cbaef615a79c7f310d
2013-03-22 13:53:43 -07:00
Elliott Hughes
890c8ed6ef Fix builds where _FORTIFY_SOURCE is off.
Also add a more intention-revealing guard so we don't have loads of
places checking whether our inlining macro is defined.

Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
2013-03-22 10:58:55 -07:00
Elliott Hughes
5c2772f59d The SYS_ constants should cover all __NR_ values.
<sys/linux-syscalls.h> only contains constants for the syscalls
we're generating stubs for. We want all the syscalls available
on the architecture in question.

Keep using <sys/linux-syscalls.h> on ARM for now because the
__NR_ARM_set_tls and __NR_ARM_cacheflush values aren't in <asm/unistd.h>.

Change-Id: I66683950d87d9b18d6107d0acc0ed238a4496f44
2013-03-21 22:26:20 -07:00
Elliott Hughes
9724ce3a09 Don't #define SYS_ constants unless they make sense for the current architecture.
Fixes the MIPS and x86 builds. strace tests whether syscalls
are supported using #ifdef of the appropriate SYS_ constant.

Change-Id: I90be118dc42abfdaf5b0f9b1e676e8601f55106e
2013-03-21 19:44:36 -07:00
Elliott Hughes
8ecf225827 Provide glibc-compatible SYS_* aliases for the __NR_* constants.
This helps us remove another external/strace bionic hack.

Change-Id: I3e82c0d2fd27e479be98f096e05b666fd16f8eb3
2013-03-21 18:06:55 -07:00
Elliott Hughes
b6e22482d4 Let bionic use the correct definition of ssize_t.
Bug: 8253769
Change-Id: I50c7cc20828fc089b83580e039ce9153a6c5a8cc
2013-03-08 15:28:52 -08:00
Elliott Hughes
e255642dc1 Avoid changing the C++ ABI with ssize_t.
Bug: 8253769
Change-Id: Ia325003ed6e59da553e2bdde7c43515bc191b8ba
2013-02-28 10:51:31 -08:00
Nick Kralevich
7c0dd555c0 libc: create sys/capability.h
Per "man capset", sys/capability.h is the appropriate header file
for the capget / capset definition, not unistd.h. Fixed.

As a short term hack, continue to include sys/capability.h in
unistd.h, until we can fix all the code which uses capget / capset.

Change-Id: I6e7cf55955d761ca785a14c5e4b7a44125d8fc15
2013-02-26 13:27:15 -08:00
Elliott Hughes
f6bb5bf498 Merge "Add the glibc-compatible names to <sys/endian.h>." 2013-02-22 21:46:59 +00:00
Elliott Hughes
cf820d7e96 Add the glibc-compatible names to <sys/endian.h>.
Also remove declarations for functions that don't exist; these
are all macros.

Bug: http://code.google.com/p/android/issues/detail?id=41769
Change-Id: Ia3774ab2ff7d3c535f83774eac61068f9b11e194
2013-02-22 11:04:27 -08:00
Nick Kralevich
b22a684990 libc: add sys/signal.h for compatibility
Some applications look for sys/signal.h instead of signal.h.
Work around those apps.

Change-Id: I76ac7744ebc56d196b5f0cb9ed381d32817436b9
2013-02-22 10:38:28 -08:00
Thorsten Glaser
c641cafbc3 use architecture-specific ssize_t definition
after change 32822 was rejected, this is the more light-weight
version of the fix: libc/include/sys/types.h already - via
libc/kernel/common/linux/posix_types.h - includes a definition
of __kernel_ssize_t from libc/kernel/arch-*/asm/posix_types.h
which is architecture-specific, toolchain-agnostic and also
gets rid of the gcc -Wformat warning (which it issues correctly,
since this i̲s̲ indeed a bug in bionic)

Change-Id: Ie4503ab16628bc25815a836d07556f665e9795c7
2013-02-19 14:12:55 -08:00
Dima Zavin
3fa6746536 Merge "add factory property file definition" 2013-02-12 18:33:26 +00:00
Elliott Hughes
44b53ad681 Revert "Revert "Pull the pthread_key_t functions out of pthread.c.""
This reverts commit 6260553d48

(Removing the accidental libm/Android.mk change.)

Change-Id: I6cddd9857c31facc05636e8221505b3d2344cb75
2013-02-11 12:20:33 -08:00
Elliott Hughes
6260553d48 Revert "Pull the pthread_key_t functions out of pthread.c."
This reverts commit ad59322ae4

somehow my unfinished libm/Android.mk change got into here.

Change-Id: I46be626c5269d60fb1ced9862f2ebaa380b4e0af
2013-02-11 20:18:16 +00:00
Elliott Hughes
ad59322ae4 Pull the pthread_key_t functions out of pthread.c.
This was originally motivated by noticing that we were setting the
wrong bits for the well-known tls entries. That was a harmless bug
because none of the well-known tls entries has a destructor, but
it's best not to leave land mines lying around.

Also add some missing POSIX constants, a new test, and fix
pthread_key_create's return value when we hit the limit.

Change-Id: Ife26ea2f4b40865308e8410ec803b20bcc3e0ed1
2013-02-11 12:00:48 -08:00