Commit Graph

277 Commits

Author SHA1 Message Date
Elliott Hughes
d504eee9fa Merge "MIPS support to sys/ headers" 2012-08-08 16:32:55 -07:00
Shih-wei Liao
e2731d98c1 Merge "When compiling with clang, don't "fortify_source" the strlcpy and strlcat." 2012-08-06 11:02:19 -07:00
Shih-wei Liao
d600617645 When compiling with clang, don't "fortify_source" the strlcpy and
strlcat.

Change-Id: I91f58322f28e425ab9d22b51c23fcd6b772ede97
2012-08-06 10:57:37 -07:00
Shih-wei Liao
8173d76740 Merge "Revert "Fix the clang build: this compiler doesn't support the gnu_inline function attribute"" 2012-08-06 10:05:15 -07:00
Shih-wei Liao
9a3d53fad0 When compiling with clang, don't "fortify_source" the strlen.
At this point, FORTIFY_SOURCE and clang are just plain incompatible.
Need to solve the underlying incompatibility first.

Change-Id: I3366477d19461e1ec93b1c30e0c7e8145b391b9b
2012-08-06 09:50:56 -07:00
Shih-wei Liao
2b7f68c03d Revert "Fix the clang build: this compiler doesn't support the gnu_inline function attribute"
This reverts commit 4f1f149c37.
2012-08-03 17:44:08 -07:00
Shih-wei Liao
4f1f149c37 Fix the clang build: this compiler doesn't support the gnu_inline function attribute
Recent clang compiler doesn't have gnu_inline working. When frameworks/rs
is compiled with clang instead of gcc, it no longer works. Will be fixed
by this patch.

Change-Id: I8b281a1305151909e18958b73914ea27343cb4cd
2012-08-03 04:38:15 -07:00
Raghu Gandham
6437eac15a MIPS support to sys/ headers
Change-Id: I32207a1d918e4842da341f6b242ae39c69a83b03
2012-08-02 18:03:54 -07:00
Raghu Gandham
405b8029a6 MIPS support for libc.
Change-Id: I2864dea04b3faf2d919165dcaa600af5b16c41c8
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Raghu Gandham <raghu@mips.com>
2012-08-02 16:07:26 -07:00
Elliott Hughes
ecb53eab4b Fix a ENOTUP/ENOTSUP typo.
Change-Id: Ifa347a09a2aa1f505965ae7c1383fd0caf95793c
2012-08-02 15:45:04 -07:00
Chris Dearman
da2611084f Error numbers are target specific.
Use the system supplied error numbers when mapping error numbers to messages.

Change-Id: I520556fa3e2ff668fdc4eda36ad31491fbb48ea8
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Raghu Gandham <raghu@mips.com>
2012-08-01 17:53:07 -07:00
Chris Dearman
958dad705a Fix implementation of generic atomic operations
Change-Id: Ie1ea5aacc561e2d6d40125d2952ed0e9116b7b0d
2012-07-24 13:56:38 -07:00
Nick Pelly
0351955a68 Update time.h for CLOCK_BOOTTIME.
(cherry-pick of 8958a38329)

Change-Id: Ie8de6b32fa81566db53ad7e9fd4b197f4cede628
2012-07-19 17:10:14 -07:00
Elliott Hughes
fabddfe833 Merge "limits.h: Include page.h when relying on PAGE_SIZE" 2012-07-16 09:39:24 -07:00
Nick Kralevich
c37fc1ab6a FORTIFY_SOURCE: revert memcpy changes.
Performance regressions.  Hopefully this is a temporary
rollback.

Bug: 6821003
Change-Id: I84abbb89e1739d506b583f2f1668f31534127764
2012-07-13 17:58:37 -07:00
Nick Kralevich
9b6cc223a3 FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro
Replace all occurances of "(size_t) -1" with a
__BIONIC_FORTIFY_UNKNOWN_SIZE macro.

Change-Id: I0b188f6cf31417d2dbef0e1bd759de3f9782873a
2012-07-13 14:49:33 -07:00
Nick Kralevich
260bf8cfe0 FORTIFY_SOURCE: strlen check.
This test is designed to detect code such as:

int main() {
  char buf[10];
  memcpy(buf, "1234567890", sizeof(buf));
  size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
  printf("%d\n", len);
  return 0;
}

or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.

Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
2012-07-13 13:49:59 -07:00
Nick Kralevich
f3913b5b68 FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:

1) Detect memory read overruns.

For example:

int main() {
  char buf[10];
  memcpy(buf, "abcde", sizeof(buf));
  sprintf("%s\n", buf);
}

because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time.  Other similar
bugs may be detected at runtime.

2) Detect overlapping buffers on memcpy()

It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:

  char buf3[0x800];
  char *first_half  = &buf3[0x400];
  char *second_half = &buf3[1];
  memset(buf3, 0, sizeof(buf3));
  memcpy(first_half, second_half, 0x400);
  printf("1: %s\n", buf3);

We now detect this at compile and run time.

Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-12 15:38:15 -07:00
Arun Raghavan
6331db3fd2 limits.h: Include page.h when relying on PAGE_SIZE
limits.h relies on PAGE_SIZE being defined without actually including
page.h. Make sure this is included to avoid compilation failures.

Signed-off-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
2012-07-10 10:36:37 +05:30
Nick Kralevich
8f08e1c902 Merge "FORTIFY_SOURCE: Add openat, fix bug" 2012-07-09 12:55:32 -07:00
Nick Kralevich
a3e230d1fa FORTIFY_SOURCE: Add openat, fix bug
Add fortify_source support for openat(). This change requires that
an argument be supplied when using O_CREAT.

Fix unnecessary call to __open_2. If, at compile time, we know that
"flags" is constant and DOESN'T contain O_CREAT, the call to __open_2
is useless.

Change-Id: Ifcd29c4fb25e25656961d7552d672e161f0cfdbd
2012-07-09 12:30:40 -07:00
Nick Kralevich
965dbc6405 FORTIFY_SOURCE: add fgets support.
Change-Id: I8c3410a90c71a3336c4ac8581618fa9330edf5e3
2012-07-09 09:57:18 -07:00
Nick Kralevich
bd73eede46 Merge "FORTIFY_SOURCE: add open() checks" 2012-06-27 12:56:52 -07:00
Nick Kralevich
cb228fb4a9 libc: cleanups
Prefix private functions with underscores, to prevent name
conflicts.

Use __error__ instead of error, since occasionally programs will
create their own "#define error ...".

Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
2012-06-26 16:05:19 -07:00
Nick Kralevich
8118f62a7d FORTIFY_SOURCE: add open() checks
Add a FORTIFY_SOURCE check which requires that you pass a
"mode" argument when calling open(..., O_CREAT). If a mode isn't
passed, then the file is created with "undefined" permissions.

Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
2012-06-26 15:19:12 -07:00
Nick Kralevich
70f6901c3d libc: make atoi, atol, and atoll pure functions
Change-Id: Ib831c079c865929b6c91d42f35e117f2e974808f
2012-06-14 13:57:43 -07:00
Nick Kralevich
8df49ad246 FORTIFY_SOURCE: add strlcpy / strlcat support
Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows
us to do consistency checks on to ensure we don't overflow buffers
when the compiler is able to tell us the size of the buffer we're
dealing with.

Unlike previous changes, this change DOES NOT use the compiler's
builtin support. Instead, we do everything the compiler would
normally do.

Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
2012-06-14 12:52:42 -07:00
Nick Kralevich
a5eaa02f62 Merge "Don't mark realloc with __attribute__((malloc))" 2012-06-13 16:13:32 -07:00
Nick Kralevich
b27631b9ae Don't mark realloc with __attribute__((malloc))
According to
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

realloc should NOT be marked with __attribute__((malloc)). Quoting:

   realloc-like functions do not have this property as the memory
   pointed to does not have undefined content.

For reference, __mallocfunc is defined in sys/cdefs.h as:

    #define __mallocfunc  __attribute__((malloc))

Change-Id: I56083542ba92e4608dd7c55fb5596a138eb50cc9
2012-06-13 15:43:14 -07:00
Nick Kralevich
9b549c39c9 FORTIFY_SOURCE: add sprintf / vsprintf support
sprintf FORTIFY_SOURCE protections are not available
on clang.

Also add various __attribute__s to stdio functions.

Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
2012-06-13 09:14:30 -07:00
Nick Kralevich
c2f1d215b1 Merge "FORTIFY_SOURCE: add snprintf, vsnprintf" 2012-06-12 08:50:57 -07:00
Elliott Hughes
20afd4e70c am e0961445: Merge "Remove the meaningless on Linux if_dl.h header."
* commit 'e0961445124b5ff39412da32578e14e0d1f6afd6':
  Remove the meaningless on Linux if_dl.h header.
2012-06-11 17:41:10 -07:00
Nick Kralevich
cffdf6693f FORTIFY_SOURCE: add snprintf, vsnprintf
Add _FORTIFY_SOURCE support for snprintf, vsnprintf

At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().

http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc

Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
2012-06-11 16:46:16 -07:00
Elliott Hughes
c3d45b822c Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)

Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
2012-06-11 15:13:37 -07:00
Elliott Hughes
5056f1fad1 Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
2012-06-11 15:01:10 -07:00
Nick Kralevich
71a18dd435 _FORTIFY_SOURCE: add memset / bzero support
Add _FORTIFY_SOURCE support for the following functions:

* memset
* bzero

Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.

Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
2012-06-07 14:19:52 -07:00
Nick Kralevich
0a2301598c libc: implement some FORTIFY_SOURCE functions
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:

* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat

This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.

If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.

If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check

These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.

Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

for additional details on FORTIFY_SOURCE.

Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.

Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
2012-06-05 15:44:31 -07:00
Elliott Hughes
804147cb7d am edb7cad9: Merge "Actually set the header guard in "linux-syscalls.h"."
* commit 'edb7cad9b764f029c5faac2750f749d3d84bd86a':
  Actually set the header guard in "linux-syscalls.h".
2012-05-09 20:10:14 -07:00
Elliott Hughes
1928523c87 Actually set the header guard in "linux-syscalls.h".
Spotted while merging a MIPS change.

Change-Id: I36fb5a07d0bba0c117e9fe9733957bd37ca4b4c0
2012-05-09 16:34:11 -07:00
Elliott Hughes
dbd5ecad26 resolved conflicts for merge of e5408907 to jb-dev-plus-aosp
Change-Id: If4c3f51bf87b28da8074be2e46ae772a374b266f
2012-05-09 13:53:37 -07:00
Raghu Gandham
1fa0d84957 [MIPS] Add support for MIPS syscalls
Change-Id: I4deba67e15c865c4c2db03064c04098a09828ea6
Signed-off-by: Raghu Gandham <raghu@mips.com>
Signed-off-by: Chris Dearman <chris@mips.com>
2012-05-09 11:46:28 -07:00
Ken Sumrall
6baffed252 Add the posix_memalign(3) function to bionic
The posix_memalign(3) function is very similar to the traditional
memalign(3) function, but with better error reporting and a guarantee
that the memory it allocates can be freed.  In bionic, memalign(3)
allocated memory can be freed, so posix_memalign(3) is just a wrapper
around memalign(3).

Change-Id: I62ee908aa5ba6b887d8446a00d8298d080a6a299
2012-04-27 09:34:53 -07:00
Elliott Hughes
4994deaef5 Merge "Bionic: Fix wrong prototype of system call clock_nanosleep" 2012-04-16 09:09:05 -07:00
Jack Ren
d515ce465b Bionic: Fix wrong prototype of system call clock_nanosleep
In bionic/libc/SYSCALLS.TXT, the prototype of system call
clock_nanosleep is incorrect.

According to man page:
int clock_nanosleep(clockid_t clock_id, int flags,
                    const struct timespec *request,
                    struct timespec *remain);

Change-Id: Ic44c6db3d632293aa17998035554eacd664c2d57
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
2012-04-16 23:53:05 +08:00
Jack Ren
41070dd15f bionic: Fix wrong prototype of system call getresuid/getresgid
In bionic/libc/SYSCALLS.TXT, the prototypes of system call
getresuid/getresgid are incorrect.

According to man page, they should be:
    int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
    int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);

Change-Id: I676098868bb05a9e1fe45419b234cf397626fdad
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
2012-04-16 23:45:36 +08:00
Kenny Root
f0ec06ba60 Add faccessat to syscall list
Change-Id: I427a18811089cb280769ac8da3ed8adc00a65a10
2012-04-13 15:45:42 -07:00
Nick Kralevich
891966d020 Merge "string.h: add __attribute__ ((pure)) to string functions" 2012-03-21 14:40:41 -07:00
Nick Kralevich
a677907ee8 string.h: add __attribute__ ((pure)) to string functions
cdefs.h: Introduce the __purefunc attribute, which allows us to mark
certain functions as being "pure".

http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

  Many functions have no effects except the return value and their
  return value depends only on the parameters and/or global variables.
  Such a function can be subject to common subexpression elimination
  and loop optimization just as an arithmetic operator would be.

string.h: Mark many commently used string functions as "pure", to
allow for additional compiler optimizations.

Change-Id: I42961f90f822b6dbcbc3fd72cdbe774a7adc8785
2012-03-21 08:54:54 -07:00
Ben Cheng
21eab513e7 New additions/bug fixes required/found when porting perf.
New functions:
	tfind
	tsearch
	tdelete
	twalk
	tdestroy (GNU extension)

Bug fix: the current implementation for realpath would crash
	if the second argument (resolved_path) is NULL.

New headers:
	ar.h
	search.h

Change-Id: Ib6c1e42fc186a6d597a6e5a9692b16acaa155804
2012-03-20 12:54:55 -07:00
Ben Cheng
1a823691a2 Update kernel headers and add syscall "perf_event_open"
Change-Id: I43f12b727881df002a8524f2738586c043833bae
2012-03-13 12:28:40 -07:00