# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit '9a9bb243b50be5e3910b8edad72327bc216e72d0':
Switch to using AT_RANDOM for the stack guards.
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit 'd4187efd7f9c30ffaff4738862e3d08be27a52e9':
Switch x86 syscall stubs over to the ENTER/END style of the ARM stubs.
Also update the x86 asm.h to support this; we need it for libm assembler
anyway.
Also clean up the _FBSDID hack in <sys/cdefs.h>.
Change-Id: Iababd977b8110ec022bf7c93f4d62ece47630e7c
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit '3dc6b57cf54b15a756551deeda33df5715e519bb':
Don't claim there were no leaks if we weren't even checking.
This brings us up to date with FreeBSD HEAD, fixes various bugs, unifies
the set of functions we support on ARM, MIPS, and x86, fixes "long double",
adds ISO C99 support, and adds basic unit tests.
It turns out that our "long double" functions have always been broken
for non-normal numbers. This patch fixes that by not using the upstream
implementations and just forwarding to the regular "double" implementation
instead (since "long double" on Android is just "double" anyway, which is
what BSD doesn't support).
All the tests pass on ARM, MIPS, and x86, plus glibc on x86-64.
Bug: 3169850
Bug: 8012787
Bug: https://code.google.com/p/android/issues/detail?id=6697
Change-Id: If0c343030959c24bfc50d4d21c9530052c581837
Otherwise people trying to use this are left wondering "did I not leak, or did
the leak checking code not get called when I exited?".
Change-Id: If79b225f8a2e24dd69aba1fb836bf9e81bb00efe
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit 'a990cf5b3392c5aef767aee1e67b4d7ef651afc6':
Clean up trailing whitespace in the kernel headers.
Replace a kernel header file dependency with files from NetBSD.
They're more complete, and ELF is ELF, whether you're on Linux or a BSD.
Bug: 7973611
Change-Id: I83ee719e7efdf432ec2ddbe8be271d05b2f558d7
# Via Android Git Automerger (1) and others
* commit '3f20ecc20486ae8fe8d9332102b503135f83c62d':
Don't collect useless stack frames; do demangle C++ symbols.
Previously, we'd collect every stack frame and then throw some away
when we came to log them. This meant that stack traces were effectively
shorter than the buffers that had been allocated for them. This patch
only stores frames we'll actually output.
Also dynamically call the C++ demangler so we don't have to try to
read mangled names. Because no one knows the mangling of operator new[]
for int arrays off the top of their head.
Bug: 7291287
Change-Id: I42b022fd7cd61675d05171de4c3b2704d058ef2a
Include the leaky executable's name in the log output. Fix the "sh" test.
Use uintptr_t instead of intptr_t.
Also fix debug formatting of NULL with %s.
Bug: 7291287
Change-Id: I015bf341cd48d43a247173612e6ccb1bf1243d53
# By Matthieu Castet
# Via Android Git Automerger (1) and others
* commit '7ae998456c2564aff4ecbe6a6df214821f6e26cc':
arm syscall : for eabi call_default don't use stack
# By Matthieu Castet
# Via Gerrit Code Review (1) and Matthieu Castet (1)
* commit '6a94cb748bf63278c3271b0ab610061b0dc6f04a':
arm syscall : for eabi call_default don't use stack
Check that the permissions on the properties file
are exactly as we expect them to be.
Make sure we close the fd if fstat fails.
Refactor the code slightly.
Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
prctl.h uses __BEGIN_DECLS but fails to include sys/cdefs.h
(where it's defined). Code which includes prctl.h without
previously including sys/cdefs.h will fail to compile.
Fixed.
Change-Id: If4c9f3308f08b93596dcd00e351ae786807e9320
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable. Fall back to the environment variable
if the file doesn't exist.
Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a
We don't know that they're not going to be cleaned up by a
C++ global destructor that runs after us. This is the case with
bootanimation, for example.
Bug: 7291287
Change-Id: Iba402514d1735fdc2ae4bc95b65396d816be46c0
When each shell leaks ~240 allocations, you can't see the leaks from
the program you ran with "adb shell".
Bug: 7291287
Change-Id: Ib8780db72ba0114ebdb24768537da74bbb61f354
Both libc/include/sys/auxv.h and libc/private/bionic_auxv.h
use _SYS_AUXV_H_ to see if a header file has already been included.
This prevents both of these files from being included at the same
time.
Fix this name conflict.
Change-Id: Ifaec88aa9779d784b95f8e75145117acf3d5cfc5
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.
This avoids silliness like calling fortify source on things like:
size_t len = strlen("asdf");
printf("%d\n", len);
and allows the compiler to optimize this code to:
printf("%d\n", 4);
Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.
Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
In the default case, we don't need to use the stack, we can save r7 with
ip register (that what does eglibc).
This allow to fix vfork data corruption
(see 3884bfe966), because vfork now don't
use the stack.
This reverts commit f4b34b6c39.
The revert was only meant to apply to the jb-mr1 branch, but accidentally
leaked out into AOSP. This revert-revert gets AOSP master and internal
master back in sync.
If the platform code is compiled with -mcpu=cortex-a15, then without this
change prebuilt libraries built against -march=armv7 cannot resolve the
dependency on __aeabi_idiv (provided by libgcc.a).
Bug: 7961327
cherry-picked from internal master.
Change-Id: I8fe59a98eb53d641518b882523c1d6a724fb7e55
Pull a new version of auxvec.h from the upstream Linux
kernel at commit b719f43059903820c31edb30f4663a2818836e7f
These files were generated using the following commands:
cd bionic/libc/kernel
./tools/clean_header.py -u ../../../external/kernel-headers/original/uapi/linux/auxvec.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/auxvec.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/asm-x86/auxvec.h
This change is needed to get AT_RANDOM defined.
Change-Id: Ib064649684b17af6ff4b1a31d501a05f78bb81d0
The dynamic linker applies relro before the preinit and init
arrays are executed, so we should be consistent for statically
linked executables.
Change-Id: Ia0a49d0e981a6e8791f74eed00280edf576ba139
This property file is used for properties which are set at device
provisioning time or in the factory. They are never touched by
a software update or factory data reset and typically contain
data specific to the particular unit.
Change-Id: I2e7c2fe62cb684cb2449eea917c42b19462e89a5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add signalfd() call to bionic.
Adding the signalfd call was done in 3 steps:
- add signalfd4 system call (function name and syscall
number) to libc/SYSCALLS.TXT
- generate all necessary headers by calling
libc/tools/gensyscalls.py. This patch is adding
the generated files since the build system
does not call gensyscalls.py.
- create the signalfd wrapper in signalfd.cpp and add
the function prototype to sys/signalfd.h
(cherry-pick of 0c11611c11, modified to
work with older versions of GCC still in use on some branches.)
Change-Id: I4c6c3f12199559af8be63f93a5336851b7e63355
Spotted while running the tests on MIPS, where sigset_t is
actually large enough. The bits in sigset_t are used such that
signal 1 is represented by bit 0, so the range of signals is
actually [1, 8*sizeof(sigset_t)]; it seems clearer to reword
the code in terms of valid bit offsets [0, 8*sizeof(sigset_t)),
which leads to the usual bounds checking idiom.
Change-Id: Id899c288e15ff71c85dd2fd33c47f8e97aa1956f