Please see "man 3 ftw" for a description of the
ftw / nftw functions.
This code is taken directly from netbsd unmodified.
Change-Id: Ia4879ac57212b424adf5281b5e92858e216d0f14
For applications that share resources across users such as
forward-locked applications, print out their group name correctly.
Change-Id: I06ee0b67e4325cfa415ffd7a03e301700399a66d
Also fix problem with multi-user IDs that the home directory was
returned as "/data" instead of "/" unlike all the other uids.
Change-Id: I914d22052e5a86552989f8969b85aadbc748c65d
This release reflects the following change circulated on the tz
mailing list:
* australasia (Pacific/Fiji): Fiji DST is October 21 through January
20 this year. (Thanks to Steffen Thorsen.)
Change-Id: Ie21ea791ff5191264967aff685cbfa5c73f1fa5c
Otherwise libc_malloc_debug_leak.so is failed to load runtime in x86
case
Change-Id: I8207ce06d1ec17b233f4e4fcfdd2b161673b4fa8
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Note that the Linux kernel handed over responsibility for most of the
socket constants to glibc some time ago. Someone had updated our
external/kernel-headers file but not regenerated the bionic headers,
so this change copies the missing stuff from the old bionic <linux/socket.h>
into <sys/socket.h>. This is what glibc does.
I've hacked a few of the other files to #include <sys/socket.h> for
backward compatibility, but even so this requires numerous other
changes to switch people over from direct inclusion of <linux/...> headers.
Change-Id: I0e4af64e631d3cef911a31d90f2f806e058278a0
Add ttydefaults.h bionic. Some userspace programs (e.g. perf) need the
definitions from this file. This header file is copied from NetBSD
(http://netbsd.org/) under the NetBSD Foundation's (TNF) license (“2 clause”
Berkeley-style license).
Change-Id: I9c862415b52b710f25adb1629a699627cd715775
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
first_run is only used with LOCK_AT_FORK, however, care needs to be
taken with the #if to avoid compiler warnings when LOCK_AT_FORK isn't
being used.
Change-Id: I6bcfac2ab8732c91607f4a1bcd7c0019f29c2eec
Several previous changes conspired to make a mess of the thread list
in static binaries. This was most obvious when trying to call
pthread_key_delete(3) on the main thread.
Bug: http://code.google.com/p/android/issues/detail?id=36893
Change-Id: I2a2f553114d8fb40533c481252b410c10656da2e
Add getsid() system call to bionic for
all architectures. This is needed for various tools
(e.g. perf).
Adding the getsid system call was done in 3 steps:
() add getsid system call (function name and syscall
number) to libc/SYSCALLS.TXT
() generate all necessary headers by calling
libc/tools/gensyscalls.py. This patch is adding
the generated files since the build system
does not call gensyscalls.py.
() add the system call signature to libc/include/unistd.h
Change-Id: Id69a257e13ec02e1a44085a6b217a3f19ab025b1
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Expecting the memory in a forked child process to be sane wrt threading
is a bad idea. An example of a problem is when the parent process has
the malloc lock and a child process is forked. The malloc lock in the
child will appear locked by a thread that doesn't exist.
This change aims to make bionic more compatible with glibc by reseting
the malloc lock in the child forked process, as well as holding it
during the fork. This is a feature in dlmalloc 2.8.6 called
LOCK_AT_FORK. In general this feature isn't necessary as a forked
process will then exec. Some bad applications rely on being able to use
features like malloc before the exec and having multiple threads running
in the parent program. This isn't a problem with glibc and this patch
makes it not a problem for bionic.
Unfortunately for use in bionic, LOCK_AT_FORK has an issue as internally
it uses pthread_atfork that in bionic uses malloc. This leads to the
LOCK_AT_FORK initialization deadlocking with pthread_atfork's call to
malloc due to the malloc lock. This change moves the pthread_atfork logic
in LOCK_AT_FORK to be called without the malloc lock held.
Change-Id: Id68175a564a6abb936ee4488b44d9479f7311f69
Clang and _FORTIFY_SOURCE are just plain incompatible with
each other. First of all, clang doesn't understand the
__attribute__((gnu_inline)) header. Second of all,
Clang doesn't have support for __builtin_va_arg_pack()
and __builtin_va_arg_pack_len() (see
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc)
Until we can resolve these issues, don't even try using
_FORTIFY_SOURCE under clang.
Change-Id: I81c2b8073bb3276fa9a4a6b93c427b641038356a
legacy_ion.h is a pre android-3.4 copy of the ion.h header, for backwards
compatibility
Change-Id: Iaf2f1659f19a3b55334df929d9500069bf8acbdd
Signed-off-by: Iliyan Malchev <malchev@google.com>
Legacy ARM shared libraries use this generic version of atexit(),
which queues exit functions for invocation at program exit, at
which time the library may have been dlclose()'d, causing the
program to crash.
Change-Id: I41ae153c23268daa65ede7fb8966fc3e9caec369
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
To properly support legacy ARM shared libraries, libc.so needs
to export the symbols __dso_handle and atexit, even though
these are now supplied by the crt startup code.
This patch reshuffles the existing CRT_LEGACY_WORKAROUND
conditionally compiled code slightly so it works as the
original author likely intended.
Change-Id: Id6c0e94dc65b7928324a5f0bad7eba6eb2f464b9
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
The runtime linker parses the ELF section headers to
discover the size of the init_array and fini_array, so
there is no point in putting NULL terminators at the end.
Change-Id: I3246cd585efce9314155600277dd829e9f37d04f
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
None of the supported ARCHs actually populate these sections,
so there is no point in keeping them in the binaries.
Change-Id: I21a364f510118ac1114e1b49c53ec8c895c6bc6b
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
Useful if you're trying to defeat ASLR, otherwise not
so much ...
Change-Id: I17ebb50bb490a3967db9c3038f049adafe2b8ea7
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
Move dlmalloc code to upstream-dlmalloc to make pulling upstream changes
easier.
Declare pvalloc and malloc_usable_size routines present in malloc.h but with
missing implementations. Remove other functions from malloc.h that have
no implementation nor use in Android.
Change-Id: Ia6472ec6cbebc9ad1ef99f4669de9d33fcc2efb4
Save thread id to *thread_out before new
thread is allowed to run else there's a
risk that the thread has finished and
been deleted when *thread_out is assigned.
Change-Id: I6b84c61a8df06840877d4ab036f26feace3192d8
These preprocessor tricks have caused trouble for -std=gnu99 and -ansi, and
both netbsd's libc and glibc seem to unconditionally define these types.
Change-Id: Ib8dffa341a8ca88f80d275ba2b7f93a4c910ee32
This header is used on bionic build and should be propagated into
sysroot on toolchain rebuild. Discussion re. this header is here:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg00936.html
It is available already in mips NDK platforms:
development/ndk/platforms/android-9/arch-mips/include/link.h
Change-Id: I39ff467cdac9f448e31c11ee3e14a6200e82ab57
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Added a missing call to _resolv_cache_query_failed for another fail
case where it was missing (it doesn't go through the error handling
under the "fail" label). This missing notification caused requests to
have to wait for timeout instead of beeing notified on some failed
requests.
Change-Id: I904d60269c59b926784e3a397d2a860329f55142
In previous commit: 2fd81ef7, .mk file has been modified to
configure MALLOC_ALIGNMENT dynamicly according to board config.
Add the missing macor protection here.
Change-Id: I703cca2ce0504ab3e11aab226b2c61fcc0c6afa1
Author: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
The original kernel header was submitted in this change:
commit 45b515c106161bb3b00d2c097504b9d44505f2d9
Author: Scott Anderson <saa@android.com>
Date: Wed Aug 15 14:52:27 2012 -0700
Add uhid original header.
This header was cherry-picked from the upstream series that ends
with patch adefb69b1b94df29ea2df05cd838c0e032b2c473.
Change-Id: If516e41b6b14754e7feebdf062461dd38a31900a
Signed-off-by: Scott Anderson <saa@android.com>
Change-Id: I088a0df4449df859835f8267d0d2e6cd4ed3c478
Signed-off-by: Scott Anderson <saa@android.com>
Add __bionic_clone function for x86, which will be
used for clone system call.
Change-Id: I889dc9bf4b7ebb4358476e17e6f3233e26491f4d
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 51414
Also make sure we get the whole of any copyright header, in case
there's text before the "Copyright" line.
Change-Id: Iabcc5e0931a39c0107b833539fec7c5a3d134592
Allow naming such as u1_system, u2_radio, u2_media.
Forward and reverse mapping for the above.
(cherry-pick of c60a0027b1ef3bc4929d2023e7083fbce12fafe7.)
Change-Id: I46eeb23fee4f57b2907640570504123d3ce99985
This should help prevent broken builds next time I'm messing with
assembler/compiler/linker flags...
Change-Id: I30f15a3ce3c3f3c60cad7bc59aaba9f42d792224
Add a GNU_STACK marker to crtend* files. This tells the linker
that these files do not require an executable stack.
When linking, a missing GNU_STACK marker in any .o file can prevent
the compiler from automatically marking the final executable as NX
safe (executable stack not required). In Android, we normally work
around this by adding -Wa,--noexecstack / -Wl,-z,noexecstack.
For files like crtend.S / crtend_so.S, which are included in every
executable / shared library, it's better to add the GNU_STACK note
directly to the assembly file. This allows the compiler to
automatically mark the final executable as NX safe without any
special command line options.
References: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
Change-Id: I07bd058f9f60ddd8b146e0fb36ba26ff84c0357d
This reverts commit 8793e7c7d2,
and fixes the build by building upstream NetBSD source as a
separate library that's then swallowed whole into libc_common.
Change-Id: I6c9317d8c48b5ccaf85a7b185bc07fb31176ff97
There were two bugs in our implementation. Intel found one, but another
remainined, and tracking upstream is the way forward for functions where
we add no value.
Change-Id: Ida9bac0293fb2c4cbc942b1e0515ee0477c6538b
Remove the hand-collated ones, and switch to a script that pulls the
copyright headers out of every file and collects the unique ones.
Change-Id: Ied3b98b3f56241df97166c410ff81de4e0157c9d
Also make the errors more readable, since none of us seemed to know
what they actually meant. The new style is still as verbose as the
old, but that's probably necessary in the absence of chained exceptions
in C. Here's what you'd see if you try to boot after removing
libsurfaceflinger.so:
32267 32267 E AndroidRuntime: java.lang.UnsatisfiedLinkError: Cannot load library: (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsystem_server.so" needed by "libandroid_servers.so"; caused by (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsurfaceflinger.so" needed by "libsystem_server.so"; caused by (linker.c:709, pid 32259) load_library: library "libsurfaceflinger.so" not found
This patch also fixes almost all of the compiler warnings.
Change-Id: I64bb59aed6d4e039c15ea45be2367f319ef879f8
At this point, FORTIFY_SOURCE and clang are just plain incompatible.
Need to solve the underlying incompatibility first.
Change-Id: I3366477d19461e1ec93b1c30e0c7e8145b391b9b
Kernel allows to use 6 registers(exclude eax) to pass parameter.
But in syscall's implementation, it only uses five registers.
It will lead to error when 6 parameters passed.
Change-Id: I92d663194e6334c3847f0c0c257ca3b9dee0edef
Author: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 30838
Includes this change:
* australasia (Pacific/Fakaofo): Tokelau is UTC+13, not UTC+14.
(Thanks to Steffen Thorsen.)
Change-Id: I51bfab759f424b90daeb1960c6cfb2b55b78ff46
Recent clang compiler doesn't have gnu_inline working. When frameworks/rs
is compiled with clang instead of gcc, it no longer works. Will be fixed
by this patch.
Change-Id: I8b281a1305151909e18958b73914ea27343cb4cd
Use the system supplied error numbers when mapping error numbers to messages.
Change-Id: I520556fa3e2ff668fdc4eda36ad31491fbb48ea8
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Raghu Gandham <raghu@mips.com>
__cxa_finalize() modifies the access permissions of __atexit
global variable without acquiring _ATEXIT_LOCK(). Fix it prevent
any possible races.
Change-Id: I11939d0ebcbf6f360c14163222d40a449d96948e
This allows debugging tools to know they are working with Android
binaries and adapt accordingly.
Signed-off-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Signed-off-by: Michael Hope <michael.hope@linaro.org>
Change-Id: Ic906992fcad61c028bb765821637a3e1333bf52b
In particular this affects assert(3) and __cxa_pure_virtual, both of
which have managed to confuse people this week by apparently aborting
without reason. (Because stderr goes nowhere, normally.)
Bug: 6852995
Bug: 6840813
Change-Id: I7f5d17d5ddda439e217b7932096702dc013b9142
RETRY macro may retry command if result is -1. In this
case the command was "connect < 0" instead of just
connect. The comparison will not return -1 and thus
retry is never done. This is now corrected so that
interrupts will cause retry instead of fail.
(There was no other negative side effect of the bug.
The result code from RETRY was used in an if-statement
and it would be true for all negative connect results.
This was according to expectations.)
Change-Id: Ie206b39878e9befea4e3be9a4061ee39eb232d80
Move the stackpointer so a captured signal does not corrupt
stack variables needed for __thread_entry.
Change-Id: I3e1e7b94a6d7cd3a07081f849043262743aa8064
The factory file (and Factory time zone) was meant as a way to say
"not configured" that would give a clear error when running date(1).
For us it would just look like UTC, so it is of no value.
Bug: 2997381
Change-Id: I1a4b85dce97d1d9370b22ba79e8fe5dafff56541
This upgrade involved rewriting the script; the data has moved to ftp.iana.org,
where it's slightly less convenient to access, so it's time to use something
that can talk FTP...
As for tzdata2012d, it's just updating Morocco for this weekend's changes, now
they've been decided at the last minute (as usual).
Change-Id: I772df57a6e09b3bf3d9541bfc08930d6f18633b4
This test is designed to detect code such as:
int main() {
char buf[10];
memcpy(buf, "1234567890", sizeof(buf));
size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
printf("%d\n", len);
return 0;
}
or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.
Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
In our previous FORTIFY_SOURCE change, we started using a custom
inline for memcpy(), rather than using GCC's __builtin_memcpy_chk().
This allowed us to delete our copy of __memcpy_chk(), and replace it
by __memcpy_chk2().
Apparently GCC uses __memcpy_chk() outside of __builtin_memcpy_chk().
Specifically, __memcpy_chk() is used by __builtin__memMOVE_chk() under
certain optimization levels.
Keep the old __memcpy_chk() function around, and have it call into
__memcpy_chk2().
Change-Id: I2453930b24b8a492a3b6ed860e18d92a6b762b80
Added va_end() for copied variable arguments lists
in __vfprintf() and __find_arguments().
This is by C standard.
Important for systems which pass arguments in registers.
Change-Id: I7ac42beaa6645bfe856c18132253352dae29ea37
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
memmove() unconditionally calls memcpy() if "dst" < "src". For
example, in the code below, memmove() would end up calling memcpy(),
even though the regions of memory overlap.
int main() {
char buf3[0x800];
char *dst = &buf3[1];
char *src = &buf3[0x400];
memset(buf3, 0, sizeof(buf3));
memmove(dst, src, 0x400);
printf("1: %s\n", buf3);
return 0;
}
Calling memcpy() on overlaping regions only works if you assume
that memcpy() copies from start to finish. On some architectures,
it's more efficient to call memcpy() from finish to start.
This is also triggering a failure in some of my code.
More reading:
* http://lwn.net/Articles/414467/
* https://bugzilla.redhat.com/show_bug.cgi?id=638477#c31 (comment 31)
Change-Id: I65a51ae3a52dd4af335fe5c278056b8c2cbd8948
libc's stack protector initialization routine (__guard_setup)
is in bionic/ssp.c. This code deliberately modifies the stack
canary. This code should never be compiled with -fstack-protector-all
otherwise it will crash (mismatched canary value).
Force bionic/ssp.c to be compiled with -fno-stack-protector
Change-Id: Ib95a5736e4bafe1a460d6b4e522ca660b417d8d6
limits.h relies on PAGE_SIZE being defined without actually including
page.h. Make sure this is included to avoid compilation failures.
Signed-off-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
Add fortify_source support for openat(). This change requires that
an argument be supplied when using O_CREAT.
Fix unnecessary call to __open_2. If, at compile time, we know that
"flags" is constant and DOESN'T contain O_CREAT, the call to __open_2
is useless.
Change-Id: Ifcd29c4fb25e25656961d7552d672e161f0cfdbd
Prefix private functions with underscores, to prevent name
conflicts.
Use __error__ instead of error, since occasionally programs will
create their own "#define error ...".
Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
Add a FORTIFY_SOURCE check which requires that you pass a
"mode" argument when calling open(..., O_CREAT). If a mode isn't
passed, then the file is created with "undefined" permissions.
Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
Update headers for MSM MDP, MSM KGSL and MSM
rotator to match the version in the Linux
3.4 kernel baseline
Change-Id: I37052486be8c8862e65cac1f6934368ecc055a76
Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows
us to do consistency checks on to ensure we don't overflow buffers
when the compiler is able to tell us the size of the buffer we're
dealing with.
Unlike previous changes, this change DOES NOT use the compiler's
builtin support. Instead, we do everything the compiler would
normally do.
Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
According to
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
realloc should NOT be marked with __attribute__((malloc)). Quoting:
realloc-like functions do not have this property as the memory
pointed to does not have undefined content.
For reference, __mallocfunc is defined in sys/cdefs.h as:
#define __mallocfunc __attribute__((malloc))
Change-Id: I56083542ba92e4608dd7c55fb5596a138eb50cc9
sprintf FORTIFY_SOURCE protections are not available
on clang.
Also add various __attribute__s to stdio functions.
Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
Pull in an updated version of filter.h / prctl.h / seccomp.h
from the linux kernel. Pulled from upstream kernel at
94fa83c424321189ca24fb6cb4c0d224cdedc72d
This file was generated using the following command:
cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/seccomp.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/filter.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/prctl.h
Change-Id: I1ca996541d05b0d5927ab828a6ce49c09877ea01
Add _FORTIFY_SOURCE support for snprintf, vsnprintf
At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc
Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
Fix runtime error when snprintf() FORTIFY_SOURCE protections are
applied. The size passed to snprintf() is larger than the tmp
buffer size, which results in a runtime assertion failure.
Even though the size passed to snprintf is larger than the buffer,
there's no danger of overwriting the buffer because of the format
string passed to snprintf.
Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)
Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
Ensure that strcat / strncat check for integer overflows
when computing the length of the resulting string.
Change-Id: Ib806ad33a0d3b50876f384bc17787a28f0dddc37
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.
Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
Add _FORTIFY_SOURCE support for the following functions:
* memset
* bzero
Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.
Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:
* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat
This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.
If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.
If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check
These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.
Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
for additional details on FORTIFY_SOURCE.
Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.
Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc). It provides
the same features as the original (poison freed memory, detect heap overruns
and underruns), except that it provides more debugging information whenever it
detects a problem.
In addition to the original features, the new chk_malloc() implementation
detects multiple frees within a given range of the last N allocations, N being
configurable via the system property libc.debug.malloc.backlog.
Finally, this patch keeps track of all outstanding memory allocations. On
program exit, we walk that list and report each outstanding allocation.
(There is support (not enabled) for a scanner thread periodically walks over
the list of outstanding allocations as well as the backlog of recently-freed
allocations, checking for heap-usage errors.)
Feature overview:
1) memory leaks
2) multiple frees
3) use after free
4) overrun
Implementation:
-- for each allocation, there is a:
1) stack trace at the time the allocation is made
2) if the memory is freed, there is also a stack trace at the point
3) a front and rear guard (fence)
4) the stack traces are kept together with the allocation
-- the following lists and maintained
1) all outstanding memory allocations
3) a backlog of allocations what are freed; when you call free(), instead of
actually freed, the allocation is moved to this backlog;
4) when the backlog of allocations gets full, the oldest entry gets evicted
from it; at that point, the allocation is checked for overruns or
use-after-free errors, and then actually freed.
5) when the program exits, the list of outstanding allocations and the
backlog are inspected for errors, then freed;
To use this, set the following system properties before running the process or
processes you want to inspect:
libc.malloc.debug.backlog # defaults to 100
libc.malloc.debug 10
When a problem is detected, you will see the following on logcat for a multiple
free:
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED!
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 4009647c /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096490 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c6ac /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964a0 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
The following for a heap overrun and underrun:
E/libc ( 7233): +++ REAR GUARD MISMATCH [10, 11)
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096438 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 40096462 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964ba /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
E/libc ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c7d2 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d94 /system/lib/libc.so
E/libc ( 7233): #03 pc 400964e4 /system/bin/malloctest
E/libc ( 7233): #04 pc 00016f24 /system/lib/libc.so
The following for a memory leak:
E/libc ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS
E/libc ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING)
E/libc ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE:
E/libc ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc ( 7233): #00 pc 0000c35a /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #01 pc 0000c658 /system/lib/libc_malloc_debug_leak.so
E/libc ( 7233): #02 pc 00016d80 /system/lib/libc.so
E/libc ( 7233): #03 pc 0001bc94 /system/lib/libc.so
E/libc ( 7233): #04 pc 0001edf6 /system/lib/libc.so
E/libc ( 7233): #05 pc 0001b80a /system/lib/libc.so
E/libc ( 7233): #06 pc 0001c086 /system/lib/libc.so
E/libc ( 7233): #07 pc 40096402 /system/bin/malloctest
E/libc ( 7233): #08 pc 00016f24 /system/lib/libc.so
Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0
Signed-off-by: Iliyan Malchev <malchev@google.com>
Rewrite
crtbegin.S -> crtbegin.c
crtbegin_so.S -> crtbegin_so.c
This change allows us to generate PIC code without relying
on text relocations.
As a consequence of this rewrite, also rewrite
__dso_handle.S -> __dso_handle.c
__dso_handle_so.S -> __dso_handle_so.c
atexit.S -> atexit.c
In crtbegin.c _start, place the __PREINIT_ARRAY__, __INIT_ARRAY__,
__FINI_ARRAY__, and __CTOR_LIST__ variables onto the stack, instead of
passing a pointer to the text section of the binary.
This change appears sorta wonky, as I attempted to preserve,
as much as possible, the structure of the original assembly.
As a result, you have C files including other C files, and other
programming uglyness.
Result: This change reduces the number of files with text-relocations
from 315 to 19 on my Android build.
Before:
$ scanelf -aR $OUT/system | grep TEXTREL | wc -l
315
After:
$ scanelf -aR $OUT/system | grep TEXTREL | wc -l
19
Change-Id: Ib9f98107c0eeabcb606e1ddc7ed7fc4eba01c9c4
libc.debug.malloc.program provides an additional level of control over which
processes to enable libc.debug.malloc functionality for. The string value of
libc.debug.malloc.program is matched against the program name; if the value of
libc.debug.malloc.program is a substring of the program name, then malloc debug
is applied to that program at whatever level libc.debug.malloc specifies.
If lib.debug.malloc.program is not specified, then libc.debug.malloc has the
same effect as before.
For example, to enable libc.deubug.malloc = 10 only to the mediaserver, do the
following:
adb root # necessary for setprop
adb setprop libc.debug.malloc.program mediaserver
adb setprop libc.debug.malloc 10
adb kill -9 $(pid mediaserver)
Change-Id: I6f01c12f033c8e2e015d73025369d7f1685ba200
Signed-off-by: Iliyan Malchev <malchev@google.com>
crtbegin_dynamic and crtbegin_static are essentially identical,
minus a few trivial differences (comments and whitespace).
Eliminate duplicates.
Change-Id: Ic9fae6bc9695004974493b53bfc07cd3bb904480
For example:
@@@ ABORTING: INVALID HEAP ADDRESS IN dlfree addr=0x5c3bfbd0
Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 2942
The addr=0x5c3bfbd0 part is new.
Change-Id: I8670144b2b0a3a6182384150d762c97dfee5452f
Adds new code to function memcmp, optimized for Cortex A9.
Copyright (C) ST-Ericsson SA 2010
Added neon optimization
Change-Id: I8864d277042db40778b33232feddd90a02a27fb0
Author: Henrik Smiding henrik.smiding@stericsson.com for ST-Ericsson.
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
Modify the dynamic linker so that executables can be loaded
at locations other than 0x00000000.
Modify crtbegin* so that non-PIC compilant "thumb interwork
veneers" are not created by the linker.
Bug: 5323301
Change-Id: Iece0272e2b708c79034f302c20160e1fe9029588
Some SoCs that support NEON nevertheless perform better with a non-NEON than a
NEON memcpy(). This patch adds build variable ARCH_ARM_USE_NON_NEON_MEMCPY,
which can be set in BoardConfig.mk. When ARCH_ARM_USE_NON_NEON_MEMCPY is
defined, we compile in the non-NEON optimized memcpy() even if the SoC supports
NEON.
Change-Id: Ia0e5bee6bad5880ffc5ff8f34a1382d567546cf9
Currently the dlmalloc allocates the memory with 8-byte alignment.
According to the com.aurorasoftworks.quadrant.ui.professional benchmark data:
We can get much better memory performance if we change it to be 16-byte aligned.
For example, On Nexus-S:
8-byte aligned :
1378 1070 1142 1665 1765 1163 1179 1263 1404 avg: 1336.555555556
16-byte aligned:
1691 1731 1780 1691 1671 1678 1802 1758 1780 avg: 1731.333333333
gain: 29.53%
That patch provides flexibity to customize the MALLOC_ALIGNMENT from the
board config.The macro MALLOC_ALIGNMENT defaults to 8.
To change it, please define BOARD_MALLOC_ALIGNMENT in the BoardConfig.mk:
BOARD_MALLOC_ALIGNMENT := <whatever>
Change-Id: I8da0376944a0bbcef1d0fc026bfb6d9125db9739
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
A call to pthread_key_delete() after pthread_exit() have unmapped the stack of a thread
but before the ongoing pthread_join() have finished executing will result in an access
to unmapped memory.
Avoid this by invalidating the stack_base and tls pointers during pthread_exit().
This is based on the investigation and proprosed solution by
Srinavasa Nagaraju <srinavasa.x.nagaraju@sonyericsson.com>
Change-Id: I145fb5d57930e91b00f1609d7b2cd16a55d5b3a9
So that we can always get the full stack trace regardless of gcc's handling
of the "noreturn" attribute associated with abort().
(Cherry pick of Id264a5167e7cabbf11515fbc48f5469c527e34d4.)
Bug: 6455193
Conflicts:
libc/Android.mk
Change-Id: I568fc5303fd1d747075ca933355f914122f94dac
So that we can always get the full stack trace regardless of gcc's handling
of the "noreturn" attribute associated with abort().
[cherry-picked from master]
BUG:6455193
Change-Id: I0102355f5bf20e636d3feab9d1424495f38e39e2
So that we can always get the full stack trace regardless of gcc's handling
of the "noreturn" attribute associated with abort().
BUG:6455193
Change-Id: Id264a5167e7cabbf11515fbc48f5469c527e34d4
Signed-off-by: Liubov Dmitrieva <liubov.dmitrieva@intel.com>
Signed-off-by: H.J. Lu <hongjiu.lu@intel.com>
Signed-off-by: Wei A Jin <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Conflicts:
libc/arch-x86/string/ssse3-memcpy5.S
Change-Id: I41e70d1d19d5457e65c89b64da452fbdaf3a00a7
The creation of a thread succeeds even if the requested scheduling
parameters can not be set. This is not POSIX compliant, and even
worse, it leads to a wrong behavior. Let pthread_create() fail in this
case.
Change-Id: Ice66e2a720975c6bde9fe86c2cf8f649533a169c
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
If two or more rapid dns requests for the same server are done
from different threads it turns into separate dns reques, if
the response of the request isn't found in the cache.
This patch avoid multiple request for the same server by
letting subsequents request wait until the first request
has finished.
Change-Id: Ic72ea0e7d3964a4164eddf866feb4357ec4dfe54
The allocation size in chk_malloc(), leak_malloc(), and leak_memalign()
functions may be rounded up to a small value, leading to buffer overflows.
The code only runs in debugging mode.
This patch complements commit 6f04a0f4 (CVE-2009-0607).
Change-Id: Id899bcd2bcd2ea2205e5753c433390710032dc83
Signed-off-by: Xi Wang <xi.wang@gmail.com>
ARM Cortex A8 use 64 bytes and ARM Cortex A9 use 32 bytes cache line
size.
The following patch:
Adds code to adjust memcpy cache line size to match A9 cache line
size.
Adds a flag to select between 32 bytes and 64 bytes cache line
size.
Copyright (C) ST-Ericsson SA 2010
Modified neon implementation to fit Cortex A9 cache line size
Author: Henrik Smiding henrik.smiding@stericsson.com for
ST-Ericsson.
Change-Id: I8a55946bfb074e6ec0a14805ed65f73fcd0984a3
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
The posix_memalign(3) function is very similar to the traditional
memalign(3) function, but with better error reporting and a guarantee
that the memory it allocates can be freed. In bionic, memalign(3)
allocated memory can be freed, so posix_memalign(3) is just a wrapper
around memalign(3).
Change-Id: I62ee908aa5ba6b887d8446a00d8298d080a6a299
By default, Android no longer compiles code using it's custom
linker script /build/core/armelf.xsc. However, this causes
problems for libc. Certain programs linked using older versions
of GOLD expect libc.so to export __exidx_start and __exidx_end.
Removing the custom linker script causes libc.so not to export
those symbols.
For now, continue using the old linker script, until we can
figure out a better solution.
Change-Id: Iaf002afd63a58b848818da24e5a4525620dc4d74
In bionic/libc/SYSCALLS.TXT, the prototype of system call
clock_nanosleep is incorrect.
According to man page:
int clock_nanosleep(clockid_t clock_id, int flags,
const struct timespec *request,
struct timespec *remain);
Change-Id: Ic44c6db3d632293aa17998035554eacd664c2d57
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
In bionic/libc/SYSCALLS.TXT, the prototypes of system call
getresuid/getresgid are incorrect.
According to man page, they should be:
int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
Change-Id: I676098868bb05a9e1fe45419b234cf397626fdad
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
LTP: getcwd01 failed in LTP
Need to check getcwd parameters, otherwise it will lead to
posix test case to fail.
Change-Id: Ieb673b6dd4ca6481da81c5339dbf7ec0a463f263
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
gensyscalls.py run from external/kernel-headers at commit
efab8f3e49f7f36ef0354b0996ecd5f3fa031e52
Change-Id: I959b64280e184655ef8c713aa79f9e23cb1f7df4
Since e19d702b8e, dlsym and friends use recursive mutexes that
require the current thread id, which is not available before the libc
constructor. This prevents us from using dlsym() in .preinit_array.
This change moves TLS initialization from libc constructor to the earliest
possible point - immediately after linker itself is relocated. As a result,
pthread_internal_t for the initial thread is available from the start.
As a bonus, values stored in TLS in .preinit_array are not lost when libc is
initialized.
Change-Id: Iee5a710ee000173bff63e924adeb4a4c600c1e2d
The END macro was put too far down which made the linker complain about
it. Move up to the end of the code.
Change-Id: Ica71a9c6083b437d2213c7cefe34b0083c78f16b
Marking segments read-only was pushing the alignment of __on_dlclose by
2 bytes making it unaligned. This change makes sure the ARM code is
aligned to the 4 byte boundary.
Bug: 6313309
Change-Id: Ic2bf475e120dd61225ec19e5d8a9a8b1d0b7f081
This change fixes a segmentation fault in the libc unwinder when it goes
past __libc_init.
Unwind instructions for __libc_init direct it to grab the return address from
the stack frame. Without this change, the unwinder gets a wild address and
looks up further unwind instructions for the routine at that address. If it's
unlucky enough to hit an existing function, it will try to unwind it. Bad
things happen then.
With this change, the return address always points to the _start function,
which does not have unwind instructions associated with it. This stop the
unwind process.
__libc_init never returns, so this does not affect program execution, other
than adding 4 bytes on the main thread stack.
Change-Id: Id58612172e8825c8729cccd081541a13bff96bd0
From Change I526b5fce: Add NETLINK_IDLETIMER msg type and include the corresponding header file.
Change-Id: I24bffc11394c8664e4d7d7f439b0600545f07536
Signed-off-by: Ashish Sharma <ashishsharma@google.com>
From the release notes:
africa
Summer time changes for Morocco (to start late April 2012)
asia
Changes for 2012 for Gaza & the West Bank (Hebron) and Syria
northamerica
Haiti following US/Canada rules for 2012 (and we're assuming,
for now anyway, for the future).
Also include a change made internally to the 'generate' script as part of
the tzdata2011m update that apparently never made it to AOSP; the original
checkin comment for which was:
Update to tzdata2011m.
Fixes for Europe/Tiraspol (Moldova) and all four Ukrainian zones.
Also show the MD5 of the downloaded data, for comparison against the MD5
given in the announcement mails. (There's a plan to move to proper signing,
but that's not implemented on their end yet.)
(I'm repeating the tzdata change for the convenience of anyone grepping the
log, since the 2012 tzdata releases also contain the 2011m changes; 2011m
is the only missing release I noticed.)
Change-Id: I9a2e530b3a8ea88e3375334a12376e3d8526f267
* commit 'ea76f4147825cc39d9aa91230cd863ed29f28e27':
[MIPS] Clean Kernel headers are generated by running libc/kernel/tools/update_all.py script. This patch ignores any changes to libc/kernel directory not related to MIPS architecture.
* commit '09ce7749d74733b28d4fa7a1d36457cb366cc5da':
[MIPS] Clean Kernel headers are generated by running libc/kernel/tools/update_all.py script. This patch ignores any changes to libc/kernel directory not related to MIPS architecture.
libc/kernel/tools/update_all.py script. This patch ignores
any changes to libc/kernel directory not related to MIPS
architecture.
Change-Id: I2c9e461dccb7c33eb4420be2db1a562f45137c8d
Signed-off-by: Raghu Gandham <raghu@mips.com>
Signed-off-by: Chris Dearman <chris@mips.com>
First commit:
Revert "Revert "am be741d47: am 2f460fbe: am 73b5cad9: Merge "bionic: Fix wrong kernel_id in pthread descriptor after fork()"""
This reverts commit 06823da2f0.
Second commit:
bionic: fix atfork hanlder_mutex deadlock
This cherry-picks commit 34e89c232d
After applying the kernel_id fix, the system refused to boot up and we
got following crash log:
I/DEBUG ( 113): pid: 618, tid: 618 >>> org.simalliance.openmobileapi.service:remote <<<
I/DEBUG ( 113): signal 16 (SIGSTKFLT), code -6 (?), fault addr --------
I/DEBUG ( 113): eax fffffe00 ebx b77de994 ecx 00000080 edx 00724002
I/DEBUG ( 113): esi 00000000 edi 00004000
I/DEBUG ( 113): xcs 00000073 xds 0000007b xes 0000007b xfs 00000000 xss 0000007b
I/DEBUG ( 113): eip b7761351 ebp bfdf3de8 esp bfdf3dc4 flags 00000202
I/DEBUG ( 113): #00 eip: 00015351 /system/lib/libc.so
I/DEBUG ( 113): #01 eip: 0000d13c /system/lib/libc.so (pthread_mutex_lock)
I/DEBUG ( 113): #02 eip: 00077b48 /system/lib/libc.so (__bionic_atfork_run_prepare)
I/DEBUG ( 113): #03 eip: 00052cdb /system/lib/libc.so (fork)
I/DEBUG ( 113): #04 eip: 0009ae91 /system/lib/libdvm.so (_Z18dvmOptimizeDexFileillPKcjjb)
I/DEBUG ( 113): #05 eip: 000819d6 /system/lib/libdvm.so (_Z14dvmJarFileOpenPKcS0_PP7JarFileb)
I/DEBUG ( 113): #06 eip: 000b175e /system/lib/libdvm.so (_ZL40Dalvik_dalvik_system_DexFile_openDexFilePKjP6JValue)
I/DEBUG ( 113): #07 eip: 0011fb94 /system/lib/libdvm.so
Root cause:
The atfork uses the mutex handler_mutex to protect the atfork_head. The
parent will call __bionic_atfork_run_prepare() to lock the handler_mutex,
and need both the parent and child to unlock their own copy of handler_mutex
after fork. At that time, the owner of hanlder_mutex is set as the parent.
If we apply the kernel_id fix, then the child's kernel_id will be set as
child's tid.
The handler_mutex is a recursive lock, and pthread_mutex_unlock(&hander_mutex)
will fail because the mutex owner is the parent, while the current tid
(__get_thread()->kernel_id) is child, not matched with the mutex owner.
At that time, the handler_mutex is left in lock state.If the child wants to
fork other process after than, then it will try to lock handler_mutex, and
then be deadlocked.
Fix:
Since the child has its own copy of vm space from the the parent, the
child space's handler_mutex should be reset to the initialized state.
Change-Id: I3907dd9a153418fb78862f2aa6d0302c375d9e27
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Change-Id: Ic8072f366a877443a60fe215f3c00b3df5a259c8
This patch fixes an issue where 64-bit hreaders are incorrectly included
in kernel headers. For example, file "libc/kernel/arch-x86/asm/io.h"
incorreclty includes "io_64.h" (missing, BTW) instead of "io_32.h".
The reason is because CONFIG_X86_32 isn't considered pre-defined in
"kernel_default_arch_macros" for x86, and clean_header.py doesn't
look at it at all anyway (ie. __i386__ is also ignored, but it's
okay since x86 cross compiler defines it back)
Fixed 2 tools/*py, README.TXT, and refreshed libc/kernel headers
Change-Id: Iac834cc8b3548f055d3f2a214af36072dd679fe8
Currently Renderscript sample code RsBalls crashed on x86 when SSE2
enabled. The root cause is that the stack was not 16-byte aligned
from the beginning when the processes/threads were created, so the
RsBalls crashed when SSE2 instructions tried to access the variables
on the stack.
- For the thread created by fork():
Its stack alignment is determined by crtbegin_{dynamic, static}.S
- For the thread created by pthread_create():
Its stack alignment is determined by clone.S. __thread_entry( ) is
a standard C function. In order to have its stack be aligned with
16 byte properly, __thread_entry() needs the stack with following
layout when it is called:
layout #1 (correct)
--------------
| |
-------------- <--ESP (ECX - 20)
| ret EIP |
-------------- <--ECX - 16
| arg0 |
-------------- <--ECX - 12
| arg1 |
-------------- <--ECX - 8
| arg2 |
-------------- <--ECX - 4
| unused |
-------------- <--ECX (16-byte boundary)
But it has following layout for now:
layout #2: (incorrect)
--------------
| |
-------------- <--ESP (ECX - 16)
| unused |
-------------- <--ECX - 12
| arg0 |
-------------- <--ECX - 8
| arg1 |
-------------- <--ECX - 4
| arg2 |
-------------- <--ECX (16-byte boundary)
Fixed in this patch.
Change-Id: Ibe01f64db14be14033c505d854c73033556ddaa8
Signed-off-by: Michael Liao <michael.liao@intel.com>
Signed-off-by: H.J. Lu <hongjiu.lu@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
These are generated from the matching external/kernel-headers/original
files (from kernel/samsung android-samsung-3.0-wip).
Change-Id: I982ff6a0d522ea250c3a437f5756766fcc6c5c91
Upgrade fnmatch.c from OpenBSD version 1.13 to 1.16.
This is needed primarily to address CVE-2011-0419.
This is a straight copy from upstream's version at
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c and
incorporates the following changes:
Revision 1.16:
New fnmatch(3) implementation which is not recursive.
Written and provided under BSD licence by William A. Rowe Jr.
Originally released in Apache APR-1.4.5.
Merged class matching code from r1.14 and PATH_MAX check from r1.15.
ok miod millert
Revision 1.15:
Put a limit on recursion during matching, and reject input of size greater
or equal PATH_MAX. Based on similar fix made in NetBSD.
ok miod@ millert@
Revision 1.14:
POSIX character class support for fnmatch(3) and glob(3). OK deraadt@
Version 1.14 introduced charclasses.h, which we copy unmodified
from upstream version 1.1.
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/charclass.h
Bug: 3435120
Change-Id: I45133468f0c3d439fd10eb087a1c647799f9d25b
cdefs.h: Introduce the __purefunc attribute, which allows us to mark
certain functions as being "pure".
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
Many functions have no effects except the return value and their
return value depends only on the parameters and/or global variables.
Such a function can be subject to common subexpression elimination
and loop optimization just as an arithmetic operator would be.
string.h: Mark many commently used string functions as "pure", to
allow for additional compiler optimizations.
Change-Id: I42961f90f822b6dbcbc3fd72cdbe774a7adc8785
This change will automatically post-process kernel headers
specified by device, board, and product. This will allow us
to not check in each kernel header twice, at least for the
device specific headers for now.
Change-Id: I3bb144b6535504b7c26b807daa75de495554356d
Signed-off-by: Dima Zavin <dima@android.com>
New functions:
tfind
tsearch
tdelete
twalk
tdestroy (GNU extension)
Bug fix: the current implementation for realpath would crash
if the second argument (resolved_path) is NULL.
New headers:
ar.h
search.h
Change-Id: Ib6c1e42fc186a6d597a6e5a9692b16acaa155804
After applying the kernel_id fix, the system refused to boot up and we
got following crash log:
I/DEBUG ( 113): pid: 618, tid: 618 >>> org.simalliance.openmobileapi.service:remote <<<
I/DEBUG ( 113): signal 16 (SIGSTKFLT), code -6 (?), fault addr --------
I/DEBUG ( 113): eax fffffe00 ebx b77de994 ecx 00000080 edx 00724002
I/DEBUG ( 113): esi 00000000 edi 00004000
I/DEBUG ( 113): xcs 00000073 xds 0000007b xes 0000007b xfs 00000000 xss 0000007b
I/DEBUG ( 113): eip b7761351 ebp bfdf3de8 esp bfdf3dc4 flags 00000202
I/DEBUG ( 113): #00 eip: 00015351 /system/lib/libc.so
I/DEBUG ( 113): #01 eip: 0000d13c /system/lib/libc.so (pthread_mutex_lock)
I/DEBUG ( 113): #02 eip: 00077b48 /system/lib/libc.so (__bionic_atfork_run_prepare)
I/DEBUG ( 113): #03 eip: 00052cdb /system/lib/libc.so (fork)
I/DEBUG ( 113): #04 eip: 0009ae91 /system/lib/libdvm.so (_Z18dvmOptimizeDexFileillPKcjjb)
I/DEBUG ( 113): #05 eip: 000819d6 /system/lib/libdvm.so (_Z14dvmJarFileOpenPKcS0_PP7JarFileb)
I/DEBUG ( 113): #06 eip: 000b175e /system/lib/libdvm.so (_ZL40Dalvik_dalvik_system_DexFile_openDexFilePKjP6JValue)
I/DEBUG ( 113): #07 eip: 0011fb94 /system/lib/libdvm.so
Root cause:
The atfork uses the mutex handler_mutex to protect the atfork_head. The
parent will call __bionic_atfork_run_prepare() to lock the handler_mutex,
and need both the parent and child to unlock their own copy of handler_mutex
after fork. At that time, the owner of hanlder_mutex is set as the parent.
If we apply the kernel_id fix, then the child's kernel_id will be set as
child's tid.
The handler_mutex is a recursive lock, and pthread_mutex_unlock(&hander_mutex)
will fail because the mutex owner is the parent, while the current tid
(__get_thread()->kernel_id) is child, not matched with the mutex owner.
At that time, the handler_mutex is left in lock state.If the child wants to
fork other process after than, then it will try to lock handler_mutex, and
then be deadlocked.
Fix:
Since the child has its own copy of vm space from the the parent, the
child space's handler_mutex should be reset to the initialized state.
Change-Id: I3907dd9a153418fb78862f2aa6d0302c375d9e27
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
After forking, the kernel_id field in the phtread_internal_t returned by pthread_self()
is incorrect --- it's the tid from the parent, not the new tid of the
child.
The root cause is that: currently the kernel_id is set by
_init_thread(), which is called in 2 cases:
(1) called by __libc_init_common(). That happens when the execv( ) is
called after fork( ). But when the zygote tries to fork the android
application, the child application doesn't call execv( ), instread, it
tries to call the Java main method directly.
(2) called by pthread_create(). That happens when a new thread is
created.
For the lead thread which is the thread created by fork(), it should
call execv() but it doesn't, as described in (1) above. So its kernel_id
will inherit the parent's kernel_id.
Fixed it in this patch.
Change-Id: I63513e82af40ec5fe51fbb69456b1843e4bc0fc7
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
This reverts commit 94a85f6636
There is a smoke test failure for Prime but Crespo/Stingray are fine. Will revert the change for now until further investigation is made.
Update wire protocol to return and process error code first.
This will make sure dns proxy operations do not stall when
an internal error happens.
Also fix a compiler warning.
Also fix a potential buffer overflow.
And use correct types (uint32_t) rather than int when reading from network.
Change-Id: I9f99c16d6fd5e9137491a4d1b293a7c78e31b9c3
Add support for PT_GNU_RELRO. This allows the static linker to
indicate that certain regions of memory should be marked as
"read-only" after dynamic linking is complete.
See:
* http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
* http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
Note that this change has no effect on Android right now, because
we don't compile our code with relro enabled.
Change-Id: I6541f8775367e8558b4388f7d105b1ae6e8f046b
Use the same pattern in atexit.S to reference __dso_handle in a way that
doesn't require a TEXTREL flag to be set.
Change-Id: Id69d20863ee203d2b2f7ef0db230f9b548657741
Summer time in Cuba has been delayed 3 weeks (now starts April 1 rather
than March 11). Since March 11 (the old start date, as listed in 2012a)
is just a little over a week away, this change is urgent.
Change-Id: Iadf4dc30072bdac0bcd0ad4b9e076a9ca071efbe
From the notes:
Chile 2011/2012 and 2012/2013 summer time date adjustments.
Falkland Islands onto permanent summer time (we're assuming for the
foreseeable future, though 2012 is all we're fairly certain of.)
Armenia has abolished Summer Time.
Tokelau jumped the International Date Line back last December
(just the same as their near neighbour, Samoa).
America/Creston is a new zone for a small area of British Columbia
There will be a leapsecod 2012-06-30 23:59:60 UTC.
Change-Id: I1d66edf8d33fd1dbcf21178def91844025fd9047
Pull in an updated version of stddef.h from the linux kernel.
Pulled from upstream kernel at 891003abb0db6bfffd61b76ad0ed39bb7c3db8e1
This file was generated using the following command:
cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/stddef.h
Change-Id: I6c29f3fa100c5368da41d0f0da39bc50fa668e9d
include/elf.h contains basically the same values as
linux/auxvec.h. Eliminate dups.
include/sys/exec_elf.h contains basically the same
values as linux/elf.h. Eliminate dups.
Change-Id: I66b8358161bb52223bb657f8f73ba28b324f4fa3
include/elf.h contains basically the same values as
linux/auxvec.h. Eliminate dups.
include/sys/exec_elf.h contains basically the same
values as linux/elf.h. Eliminate dups.
Change-Id: I66b8358161bb52223bb657f8f73ba28b324f4fa3
Pull in an updated version of stddef.h from the linux kernel.
Pulled from upstream kernel at 891003abb0db6bfffd61b76ad0ed39bb7c3db8e1
This file was generated using the following command:
cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/stddef.h
Change-Id: I6c29f3fa100c5368da41d0f0da39bc50fa668e9d
Fix bug:
Currently the mutex lock _tls_desc_lock is not released
when __set_thread_area() fails. That will leads to the deadlock
when __set_tls( ) is called later on.
Change-Id: Iea3267cb0659971cba7766cbc3346f6924274f86
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Some platform libraries built for ICS do not work with master
because of some refactoring in frameworks/base.
Make sure that these libgcc symbols are always present in our libc
Change-Id: Ib8d345878be0ba711f051082a778f5cc1f1b3a19
Signed-off-by: Dima Zavin <dima@android.com>
Prepend a 0 to match the new sequence-number style, though this module
doesn't really need/use it.
bug:5864209
Change-Id: Iacbcddaced6fe8bb01d186596a916e4fb4805fef
This patch defines a few new macros that can be used to control the
visibility of symbols exported by the C library:
- ENTRY_PRIVATE() can be used in assembly sources to indicate
that an assembler function should have "hidden" visibility, i.e.
will never be exported by the C library's shared library.
This is the equivalent of using __LIBC_HIDDEN__ for a C function,
but ENTRY_PRIVATE() works like ENTRY(), and must be used with
END() to tag the end of the function.
- __LIBC_ABI_PUBLIC__ can be used to tag a C functions as being
part of the C library's public ABI. This is important for a
few functions that must be exposed by the NDK to maintain
binary compatibility.
Once a symbol has been tagged with this macro, it shall
*never* be removed from the library, even if it becomes
directly unused due to implementation changes
(e.g. __is_threaded).
- __LIBC_ABI_PRIVATE__ can be used for C functions that should
always be exported by the C library because they are used by
other libraries in the platform, but should not be exposed
by the NDK. It is possible to remove such symbols from the
implementation if all callers are also modified.
+ Add missing END() assembly macro for x86
Change-Id: Ia96236ea0dbec41d57bea634b39d246b30e5e234
We don't have a toolchain anymore, we don't have working original
kernel headers, and nobody is maintaining this so there is really
no point in keeping this here. Details of the patch:
- removed code paths from Android.mk files related to the SuperH
architecture ("sh")
- removed libc/arch-sh, linker/arch-sh, libc/kernel/arch-sh
- simplified libc/SYSCALLS.TXT
- simplified the scripts in libc/tools/ and libc/kernel/tools
Change-Id: I26b0e1422bdc347489e4573e2fbec0e402f75560
Signed-off-by: David 'Digit' Turner <digit@android.com>
This optimization improves the performance of recursive locks
drastically. When running the thread_stress program on a Xoom,
the total time to perform all operations goes from 1500 ms to
500 ms on average after this change is pushed to the device.
Change-Id: I5d9407a9191bdefdaccff7e7edefc096ebba9a9d
32 enteries perhaps was ok for per-process caching with ipv4 only
but adding ipv6 records makes it effectively 16 entries and making
it system wide makes is pretty useless. Increasing to 640 entries.
bug:5841178
Change-Id: I879f8bf4d3c4d8c1708bb46d46a67c1f64b1861f
The x86 asm headers define __u64 regardless of __STRICT_ANSI__.
The linux/videodev2.h header requires __u64 to be defined, thus
this fixes compiling with -std=c99 when including the
linux/videodev2.h header.
In glibc, the asm/types.h header defines __u64 regardless of
__STRICT_ANSI__.
This is the change for the generated arch-arm/asm/types.h
header, as produced by the update_all.py script (without all
the other unrelated changes that the script produces).
FWIW, the same issue also is present in
arch-sh/asm/types.h, but there are no source headers for
arch-sh in external/kernel-headers (and regenerating the
headers simply removes that file).
Change-Id: If05fcc9ed6ff5943602be121c7be140116e361fe
This fixes a bug that was introduced in the latest pthread optimization.
It happens when a recursive lock is contented by several threads. The main
issue was that the atomic counter increment in _recursive_increment() could
be annihilated by a non-conditional write in pthread_mutex_lock() used to
update the value's lower bits to indicate contention.
This patch re-introduces the use of the global recursive lock in
_recursive_increment(). This will hit performance, but a future patch
will be provided to remove it from the source code.
Change-Id: Ie22069d376cebf2e7d613ba00b6871567f333544
The xattr system calls are required for the SE Android userspace in
order to get and set file security contexts. In particular, libselinux
requires these calls.
Change-Id: I78f5eb3d8f3384aed0a5e7c6a6f001781d982017