Commit Graph

51 Commits

Author SHA1 Message Date
Sergey Melnikov
c45087bffa Kernel dso support for 'dl_iterate_phdr' function
Kernel provides virtual DSO for stack unwinding/exception handlind info for
signal usage case. Stack unwinding routines use 'dl_iterate_phdr' function
for additional DWARF info gathering from DSOs. Patch enables virtual DSO
enumeration via dl_iterate_phdr function.

Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ic2882b28f40b456a088bc1e63c50cbfda7e4a102
2013-06-25 13:12:39 -07:00
Nick Kralevich
c9084427aa linker: Emit a warning on text relocations
Text relocations unnecessarily mark pages as dirty, preventing them
from being swapped out, wasting memory. Also, text relocations
prevent the code from running on certain hardened systems.

Print a message in logcat and stderr when we see a text relocation,
to encourage developers to fix their code.

Change-Id: I6051a7463911e090ae5727a355397d539669d5b9
2013-06-21 15:33:15 -07:00
Elliott Hughes
7e5a8cc523 Make LD_PRELOAD failures just warnings.
This matches glibc and makes life easier for developers who want to
sometimes preload a library from init (which has no conditionals); they
can simply move/remove the library to disable.

Change-Id: I579b8633f958235af6e46bb53b378b9e363afb1f
2013-06-18 13:15:00 -07:00
Christopher Ferris
6bec5b792a Small cleanup of soinfo_elf_lookup.
- Remove unnecessary line.
- Move declarations to first use.

Change-Id: I1d8398d6c13f7cb86bffe0b68af849e35a4b234d
2013-06-03 20:15:14 -07:00
Elliott Hughes
8147d3c284 Don't fail to run DT_INIT and DT_INIT_ARRAY constructors if a shared library has DT_PREINIT_ARRAY constructors.
The GNU dynamic linker silently ignores a DT_PREINIT_ARRAY section
in a shared library. We had ineffectual code that tried to report
an error, which I tried to fix but got wrong --- my version still
wouldn't report the error to the caller, but would prevent us from
continuing to call constructors.

Bug: 8825226
Change-Id: I4fd8450ecc44d8767a1cb808aeecfbfbfc77c070
2013-05-09 15:29:54 -07:00
Nick Kralevich
8d3e91d4f8 linker: only re-open std* for setuid programs.
get_AT_SECURE() was getting called before linker_env_init() had
been called, and returning the default value ("true"). This was
causing us to reopen closed stdin, stdout, and stderr for ALL
processes, not just privileged (setuid) processes.

Calling path:
  - __linker_init
    - soinfo_link_image
      - get_AT_SECURE
    - __linker_init_post_relocation
      - linker_env_init

This change restores the intended behavior of only re-opening
stdin, stdout, and stderr for privileged processes.

Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0
2013-04-25 13:15:24 -07:00
Elliott Hughes
0d787c1fa1 Make abort messages available to debuggerd.
This adds __libc_fatal, cleans up the internal logging code a bit more,
and switches suitable callers over to __libc_fatal. In addition to logging,
__libc_fatal stashes the message somewhere that the debuggerd signal handler
can find it before calling abort.

In the debuggerd signal handler, we pass this address to debuggerd so that
it can come back with ptrace to read the message and present it to the user.

Bug: 8531731
Change-Id: I416ec1da38a8a1b0d0a582ccd7c8aaa681ed4a29
2013-04-05 11:24:19 -07:00
Kito Cheng
8f7120bbac Drop unnecessary execution permission for .cpp/.c/.h
Change-Id: I9ac2b9d8f6bdb4fab8962210c5ec8f9c3e8c0ebf
2013-03-22 10:28:15 +08:00
Elliott Hughes
8f2a5a0b40 Clean up internal libc logging.
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.

Also use O_CLOEXEC when opening the /dev/log files.

Move everything logging-related into one header file.

Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
2013-03-15 16:12:58 -07:00
Elliott Hughes
ca0c11bd82 Use more types than just 'unsigned' in the linker.
Still chipping away at the situation where every variable in the
linker was of type 'unsigned'. This patch switches counts over to
being size_t and adds an explicit type for init/fini function pointers
and arrays of function pointers.

Also improve logging from CallArray.

Also remove trailing "\n"s from log messages.

Change-Id: Ie036d2622caac50f4d29f0570888bb527661d77e
2013-03-12 11:26:56 -07:00
Kito Cheng
fa8c05dc00 Use Elf32_Addr instead of unsigned in linker
Change-Id: I52dcbb4b0ff0a4052e0ad7a9bbeb2df65c9d2f66
2013-03-12 10:19:14 -07:00
Brian Carlstrom
2d4b9b7cff Fix typo of DT_NEEDED for DT_NULL
(cherry-pick of 138b205ea9efc117fe522c2d7191378023a6e2cd)

Change-Id: Ia895cb3018df55554627f1f61dcdfdada4a961ce
2013-03-06 15:50:30 -08:00
Kito Cheng
5e2492eb89 Fix TIMING/STATS/COUNT_PAGES dynamic linker build
Change-Id: I6432ac378816da253b83d1c7fb1d3fb64647b89e
2013-03-06 23:58:48 +08:00
Brian Carlstrom
43cc7f795b Fix MIPS linker build
(cherry-picked from 8c7d8c2057e303985f78eab96da747ddaa013c78)

Change-Id: Idcf62ab95f8fccbc2d7c3e771a4cfbe768a1555e
2013-03-06 01:05:08 -08:00
Elliott Hughes
650be4e584 More linker cleanup.
Change-Id: I9fb3c7c0d4b4ffef0eeaf092d4e30ffe63a08671
2013-03-05 22:24:34 -08:00
Brian Carlstrom
d4ee82dfa3 Minor linker cleanup, primarily to use Elf32_Dyn
Change-Id: Ifa9408e9859c6f79444715bed4808b7c13fdced5
2013-03-05 15:27:21 -08:00
Elliott Hughes
d3920b3a99 Switch to using AT_RANDOM for the stack guards.
Bug: 7959813
Change-Id: I8db4b8912ba649bfe668c6f22aa44690ddd401a2
2013-02-08 11:16:13 -08:00
Elliott Hughes
42b2c6a5ee Clean up the argc/argv/envp/auxv handling.
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.

Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
2013-02-07 11:44:21 -08:00
Elliott Hughes
d2b1a7311f Remove partial implementation of MIPS non-PIC support.
Change-Id: I3c287e52aae10559508174e73113367aea40e5c2
2013-02-06 11:02:28 -08:00
Elliott Hughes
1e980b6bc8 Fix the duplication in the debugging code.
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.

We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.

This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).

This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.

Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
2013-01-18 22:20:06 -08:00
Nick Kralevich
36bd371e26 Revert "stack protector: use AT_RANDOM"
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.

Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.

This reverts commit e3a49a8661.

Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
2013-01-16 13:16:42 -08:00
Nick Kralevich
e3a49a8661 stack protector: use AT_RANDOM
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.

Bug: 7959813

Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
2013-01-16 10:09:52 -08:00
Elliott Hughes
99c32055cb Fix my git mistake.
This was the formatting change that was supposed to be in
cf23905a4b.

Change-Id: Ib79fa031b68f6f541f532507eb589afeaedb831f
2013-01-14 09:56:21 -08:00
Chris Dearman
cf23905a4b [MIPS] Set DT_DEBUG dyntab entry if it is writable
This is primarily for MIPS exutables that do not have a
DT_MIPS_RLD_MAP entry.

Change-Id: I4c221d92debcfed961eeee2515123f3fb21ec8e6
Signed-off-by: Chris Dearman <chris@mips.com>
2013-01-14 09:30:25 -08:00
Elliott Hughes
db492b3ca7 Fix debug malloc.
...which has been broken since the linker data structures went read-only.

Bug: 7941716
Change-Id: If28f6bac0fcb13e371e4d85b064544f561c8d692
2013-01-03 15:44:03 -08:00
Elliott Hughes
cade4c36e7 Support System.loadLibrary for libraries with transitive dependencies.
Also fix the FLAG_ERROR annoyance --- it's not helpful to cache failures.

Bug: 7896159
Bug: http://code.google.com/p/android/issues/detail?id=34416
Bug: http://code.google.com/p/android/issues/detail?id=22143
Change-Id: I60f235edb4ea4756e1f7ce56f7739f18e8a50789
2012-12-20 14:42:14 -08:00
Elliott Hughes
e66190d2a9 Check for unknown flags passed to dlopen(3).
Change-Id: I56f4aab0e5a1487bc32d2c4d231e8bd15c4ac8da
2012-12-18 15:57:55 -08:00
Chris Dearman
20a24403bc Do not include '\0' when writing error messages to stderr
Change-Id: I6adc806c3920e5a4ae61ca55c40613fcf338b18c
Signed-off-by: Chris Dearman <chris@mips.com>
2012-11-26 15:43:17 -08:00
Chao-Ying Fu
c5db969aa4 We should use load_bias. This patch fixes MIPS NDK device exception test failures.
Change-Id: I4b718c36666e66062c1f13e4deea1ec7a7951c54
2012-11-19 10:30:15 -08:00
Elliott Hughes
9c94fc9fbe Tone down some of the overly-verbose linker logging.
We don't need to see every dlopen(3)/dlsym(3) failure unless LD_DEBUG is on.

Change-Id: I1edfe8b72f32ff54dd30e1acf32e20d470d5e9f7
2012-11-05 09:11:43 -08:00
Elliott Hughes
61a9ccb41e Make dynamic linker debugging always available.
If you need to build your own linker to get debugging, the debugging
is never available when you need it.

Change-Id: I5ff7e55753459d49a2990f25d9aa155e0b8602e0
2012-11-02 13:46:23 -07:00
Elliott Hughes
ed537239a9 Merge "Adjust symbol lookup for DT_SYMBOLIC case" 2012-11-02 11:25:49 -07:00
Pavel Chupin
c77c434149 Adjust symbol lookup for DT_SYMBOLIC case
According ELF spec re. DT_SYMBOLIC:
This element's presence in a shared object library alters the dynamic
linker's symbol resolution algorithm for references within the library.
Instead of starting a symbol search with the executable file, the
dynamic linker starts from the shared object itself. If the shared
object fails to supply the referenced symbol, the dynamic linker then
searches the executable file and other shared objects as usual.

This change implements the last part.

Change-Id: Iae95d53d455313a4306f11733941bcd3596ac85f
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
2012-11-02 18:34:22 +04:00
Elliott Hughes
6971fe4ca5 Allow dlopen("egl/blah.so").
NVIDIA binary blobs construct strings to pass to dlopen(3) that
contain '/' but require that we fall back to LD_LIBRARY_PATH.

Change-Id: Iad831899986baace6962f4b335eeb288250a1e22
2012-11-01 22:59:19 -07:00
Elliott Hughes
d23736e4f2 Keep the dynamic linker's soinfo pools mostly read-only.
We'll need a lot more refactoring of this code before we can reduce
the granularity, but this is a step forward.

Change-Id: I07061720e734b571a8399c1d5b4f2f35cd681307
2012-11-01 16:48:14 -07:00
Elliott Hughes
1a6961650c Stop defining our own PAGE_SIZE and PAGE_MASK, and test dlclose(3) too.
Also remove an unnecessary #include and a now-obsolete TODO.

Change-Id: I36d923721e349a286934b9534090a67ce0786e7b
2012-11-01 13:53:26 -07:00
Magnus Malmborn
ba98d9237b Dynamically allocate soinfo-structs in linker
Request memory from the system when needed instead of having a fixed
array for soinfo structs. Note that malloc() et al can't be used in
linker, so use mmap() instead.

Change-Id: I4b495995931d7752b0e8c944e64d1fe41b9f7144
2012-11-01 11:31:39 -07:00
Elliott Hughes
124fae9eab Reject .so files with no sysv hash table.
Also ensure that dlopen(3) errors always include the name of the library we
failed to open.

Also fix a bug where we'd fall back to searching LD_LIBRARY_PATH and the
built-in paths for names that include slashes.

Bug: http://code.google.com/p/android/issues/detail?id=38479
Change-Id: Ib2c009ed083344a7a012749d58f8679db2f26c78
2012-10-31 14:30:50 -07:00
Ard Biesheuvel
5ae44f302b linker: handle R_ARM_COPY relocations in a proper way
If an executable contain copy relocations, other references
to the symbol it points to should be preempted and made to
point to the copy instead.

Also, the linker should make sure the target area has
sufficient space to contain the copy. It also checks
whether the library that supplies the symbol is built
with -Bsymbolic, and errors out if this is the case.

Change-Id: If135c83590092741cfd8f82f54816f363a4a4a3b
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
2012-10-30 17:09:21 -07:00
Elliott Hughes
18a206c81d More dynamic linker cleanup.
I still want to break linker_format out into its own library so we can reuse
it for malloc debugging and so forth. (There are many similar pieces of code
in bionic, but the linker's one seems to be the most complete/functional.)

Change-Id: If3721853d28937c8e821ca1d23cf200e228a409a
2012-10-30 16:35:38 -07:00
Elliott Hughes
5419b94747 Make dlerror(3) thread-safe.
I gave up trying to use the usual thread-local buffer idiom; calls to
calloc(3) and free(3) from any of the "dl" functions -- which live in
the dynamic linker -- end up resolving to the dynamic linker's stubs.
I tried to work around that, but was just making things more complicated.
This alternative costs us a well-known TLS slot (instead of the
dynamically-allocated TLS slot we'd have used otherwise, so no difference
there), plus an extra buffer inside every pthread_internal_t.

Bug: 5404023
Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
2012-10-16 17:58:17 -07:00
Elliott Hughes
3b297c4079 Fix dlerror(3).
Add unit tests for dlerror(3) in various situations. I think We're at least
as good as glibc now.

Also factor out the ScopedPthreadMutexLock and use it here too.

Bug: http://code.google.com/p/android/issues/detail?id=38398
Change-Id: I040938b4366ab836e3df46d1d8055b92f4ea6ed8
2012-10-11 16:08:51 -07:00
Xiaokang Qin
9c3449ecd9 bionic: linker: Need update the map->l_addr for execution.
Currently, linker doesn't update the map->l_addr for execution.
Which could break the Unwind_Backtrace with PT_GNU_EH_FRAME enabled
in new toolchain.

Change-Id: Ifbd853134da64a962f7e4c4105e56a3f20def1b2
Author: Fengwei Yin <fengwei.yin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 57077
2012-09-13 18:09:20 +08:00
Elliott Hughes
e9b6fc6f82 Improve the dynamic linker diagnostics.
Lose the pid, only show the name of the function (not its whole signature),
and include the name of the library we failed to load. (I hadn't noticed
that the library name was missing before because in Java we add that into
the UnsatisfiedLinkError detail message.)

The new output looks like this:

  Cannot load library: soinfo_relocate(linker.cpp:968): cannot locate symbol "__libc_malloc_default_dispatch" referenced by "libc_malloc_debug_leak.so"...

Change-Id: I3bb5c9780d9aaf3a9e4418ea55bc98122a81f80f
2012-08-29 13:10:54 -07:00
Nick Kralevich
d39c3abd5a linker: Fix ARM_R_COPY relocations
Per http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf
Section 4.7.1.10, ARM_R_COPY relocations are only suppose to reference shared
libraries, not the executable itself.  When resolving an R_ARM_COPY symbol,
ensure we don't look in our own symbol.

This partially addresses
http://code.google.com/p/android/issues/detail?id=28598 .  After this
patch, the printfs generated by the test program are:

global = 0x42 (0x401c7000)
global = 0x42 (0x11000)

before, the output was:

global = 0x42 (0x40071000)
global = 0x0 (0x11000)

I'm still not very happy with this patch, but I think it's an improvement
over where we were at before.

This change was modeled after https://android-review.googlesource.com/38871

Change-Id: Id7ad921e58395e76a36875bcc742ec5eeba53f08
2012-08-28 11:48:32 -07:00
Elliott Hughes
bedfe38b8b More cleanup.
Make more stuff static, remove some dead code, and fix a few typos.

Change-Id: I010b0eadeaf61e2899c37014ad1e7082c70bd510
2012-08-14 14:07:59 -07:00
Ard Biesheuvel
12c78bbded linker: avoid clobbering the .dynamic section of shared libs
This patch removes the DT_NEEDED hack which stores pointers
to soinfo structs in the .dynamic section of the library
being loaded.

Instead, it caches the soinfo struct pointers on the stack
during relocation time. After relocation time, i.e. when
calling constructors and destructors of the shared library
and its dependencies, uncached access is used instead,
doing lookups using the string table entries pointed to by
the DT_NEEDED entries.

By removing this hack, it is no longer needed to undo the
PT_GNURELRO protection, i.e., all non-writable mappings
can remain non-writable during their entire lifespan.

Even though, strictly speaking, the algorithmic complexity
has increased somewhat, the real-world adverse effect
is negligible on the systems I have tested.

Change-Id: I2361502560b96b5878f7f94a8e8a215350d70d64
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
2012-08-14 19:38:28 +02:00
Evgeniy Stepanov
9181a5dcfe Fix module constructor order.
.preinit_array goes before the constructors of LD_PRELOAD-ed libraries.

Change-Id: I1af32ce29eaf3ca4351ae8a0f7f5da5165853216
2012-08-13 11:05:47 -07:00
Nick Kralevich
5135b3ae6e linker: don't perform unnecessary mprotects
The linker only needs to mark the text segment as
writable iff the file has text relocations. Unnecessarily
calling mprotect when it isn't necessary is slow, and some
security enhanced kernels don't like it. Pages which are
simultaneously writable and executable are considered a no-no.

The vast majority of executables / shared libraries on Android
do NOT have text relocations.

Change-Id: Ic38ce30a99b7e33ecf21efd9c108547a58eafa35
2012-08-13 08:50:11 -07:00
Ben Cheng
06f0e74a2b Set the dynamic field in the link map for the linker itself.
Otherwise gdb will print a spurious warning each time gdb is used:

warning: .dynamic section for "/system/bin/linker" is not at the expected
address (wrong library or version mismatch?)

BUG:6946614
Change-Id: Ib21b8db0615751189c1601140deb43bc089289b6
2012-08-10 16:07:02 -07:00