This is needed when building the linker against a libc that was built
with coverage information.
Bug: 17553780
Change-Id: If131002e067dd7768fc657c30e62c42a45c05ace
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
From the elf-spec: "Symbolically bound shared objects are
identified by the .dynamic entry DT_SYMBOLIC. This tag is
informational only; the runtime linker processes symbol
lookups from these objects in the same manner as any
other object."
Change-Id: I4aae0e502ed9fac096fbf076f4d6b2e055d784f6
Symbols from libraries opened with RTLD_LOCAL (default)
should not be visible via dlsym(RLTD_DEFAULT/RTLD_NEXT, .)
Bug: 17512583
Change-Id: I1758943081a67cf3d49ba5808e061b8251a91964
Expanded test for recursive libs. Fixed bug with unnecessary
soinfo_free of already loaded library.
Change-Id: I2cc19f2650c8b12a35feeac127ef608ebba44d88
There are number of changes in the way IFUNC related relocations are done:
1. IRELATIVE relocations are now supported for x86/x86_64 and arm64.
2. IFUNC relocations are now relying on static linker to generate
them in correct order - this removes necessety of additional
relocation pass for ifuncs.
3. Related to 2: rela?.dyn relocations are preformed before .plt ones.
4. Ifunc are resolved on symbol lookup this approach allowed to avoid
mprotect(PROT_WRITE) call on r-x program segments.
Bug: 17399706
Bug: 17177284
Change-Id: I414dd3e82bd47cc03442c5dfc7c279949aec51ed
Enable the -std=gnu++11 flag for libstdc++ static and
dynamic libs.
ScopeGuard uses DISABLE_ macros instead of '= delete';
Change-Id: I07e21b306f95fffd49345f7fa136cfdac61e0225
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: If1ba5c807322409faa914e27ecb675e2c4541f0d
Attempt: 2
Previously we duplicated code in build/core/executable.mk and it's hard
to maintain. LOCAL_POST_LINK_CMD is a clean solution for this.
Bug: 17403674
Change-Id: I8c054bf782af68cf1f88b8d787a78ca74a7968b5
Clang is still disabled for x86 and x86_64 long double code,
for x86_64 special assembly instruction, and the linker module.
BUG: 17163651
BUG: 17302991
BUG: 17403674
Change-Id: I43c5f5f0ddc0c2a31918f00b57150dadd8f3f26b
This patch fixes the problem with symbol search order
for dlsym(RTLD_DEFAULT/RTLD_NEXT, .) by loading libraries
and ld_preloads in correct order.
Bug: https://code.google.com/p/android/issues/detail?id=74255
Change-Id: I4cf84c70dbaabe99310230dfda12385ae5401859
Change lookup order during relocation so that
ld_preloads always precede caller (unless caller
is main executable).
Asan needs this change in order to intercept libc->libc
calls.
Bug: 15432753
(cherry picked from commit 05e190c093)
Change-Id: I5bfb58e18015b1ec5b77842dbb37fb122fa1fd1a
When enabling debug malloc, the snprintf calls in the linker fails to
update the buffer.
The problem is that snprintf makes a call to pthread_getspecific that
returns a valid pointer, but the data it points to is zero. This should
never happen and causes the snprintf to stop and do nothing.
Temporarily replace snprintf with a different implementation to work
around this issue.
Bug: 16874447
Bug: 17302493
(cherry pick from commit 172955a4e3)
Change-Id: Idca9d417978403d61debfd0434aaa82fd770f33b
This includes:
1. Placing has_ifunc after fields with version = 0
2. Switch to has_min_version(v) function.
3. Minor soinfo initialization refactoring (placement new + ctor)
Change-Id: I1bf5fde4d930914012ce5f3ad5acb48217da9b2d
Do not run symbol lookup on already visited soinfos
Not taking into account already visited libraries
dramatically slows down dlsym in cases when there
are multiple occurrences of a large library in
dependency tree.
Bug: 16977077
Change-Id: I1379f30ed8b06758dd1cc76b80833ac8589afa50
ifuncs now work in i386 and x86_64 when called in the same library as
well as in a different library.
Bug:6657325
Change-Id: Ic0c48b1b0a76cb90f36c20c79f68294cc3fd44a1
dlsym(3) with handle != RTLD_DEFAULT|RTLD_NEXT performs
breadth first search through the dependency tree.
Bug: 16653281
Change-Id: I017a6975d1a62abb0218a7eb59ae4deba458e324
PR_GET_DUMPABLE is used by an application to indicate whether or
not core dumps / PTRACE_ATTACH should work.
Security sensitive applications often set PR_SET_DUMPABLE to 0 to
disable core dumps, to avoid leaking sensitive memory to persistent
storage. Similarly, they also set PR_SET_DUMPABLE to zero to prevent
PTRACE_ATTACH from working, again to avoid leaking the contents
of sensitive memory.
Honor PR_GET_DUMPABLE when connecting to debuggerd. If an application
has said it doesn't want its memory dumped, then we shouldn't
ask debuggerd to dump memory on its behalf.
FORTIFY_SOURCE tests: Modify the fortify_source tests to set
PR_SET_DUMPABLE=0. This reduces the total runtime of
/data/nativetest/bionic-unit-tests/bionic-unit-tests32 from approx
53 seconds to 25 seconds. There's no need to connect to debuggerd
when running these tests.
Bug: 16513137
Change-Id: Idc7857b089f3545758f4d9b436b783d580fb653f
There's no need: __linker_init only takes one argument.
Also remove the arm __CTOR_LIST__; we use .init_array and .fini_array instead
of .ctor and .dtor anyway, and I don't think we've ever supported the latter.
Change-Id: Ifc91a5a90c6aa39d674bf0509a7af2e1ff0beddd
Also fix a few formatting issues in copyright headers that were confusing
the script (though obviously it would be better if the script were smarter).
Change-Id: I7f561bef4f84fdcbd84f375ee226bd65db0e507b
/system/bin/tf_daemon on Nakasi has been updated so it's
a PIE executable. We can now drop non-PIE support.
This reverts commit d81b3b275d.
Bug: 15086752
Bug: 15732002
Bug: 14566672
Change-Id: I832c4de01a8fa050754ea64da317d1639990265e
On Nakasi builds, /system/bin/tf_daemon is a pre-compiled
vendor supplied binary. When support for non-PIE executables
was removed, that daemon failed to start, which induced
a number of bugs.
* keystore is broken
* CTS runs will hang after a certain period of time
Temporarily reenable non-PIE support for 32-bit platforms
until Nakasi is fixed.
This rolls back the following commits:
Cleanup: updated comments
* 6275f20834
Cleanup: remove AARCH/ARM_COPY relocation support
* b906e13c55
And restricts the following patch to 64 bit only:
Remove support for non-PIE executables
* 2aebf5429b
Bug: 14566672
Bug: 15086752
Bug: 15732002
Change-Id: Ia2501aa14bd30feb4a6ce66bdb7c9f066dba0b5f
While introducing RTLD_NOLOAD in b648a8a5 a change in how soinfo structs are
connected was also introduced. When calling dlopen the library that is loaded
is added as a child to the soinfo from which the caller comes - i.e. building a
dependency graph.
Unfortunately this shows issues upon unloading, such as blowing the stack if
there are loops in the graph.
This change reverts that part of b648a8a5, keeping everything as a child of the
root soinfo.
Change-Id: I604ee9210613b19f693a568158e69707620a95db
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
* Removed unnecessary NULL check in dlsym
* Fixed dlsym_failure test to account for
correct RTLD_DEFAULT value
* Added temporary check for legacy RTLD_DEFAULT
value for non-yet-recompiled binaries
Bug: 15146875
Change-Id: I089fa673762629f5724b6e4fbca019d9cfc39905
bionic RTLD_NEXT was changed from 0xffffffff to -1L, which breaks
existing binaries compiled. Temporarily look either until we can
get recompiled binaries.
Bug: 15113039
Change-Id: I1568fa0e4a832c5e6df21da74a33b22bde7f16f6
Linker is now able to resolve symlinked libraries correctly.
soinfo is extended to save the graph of dependencies during
load/unload. Dependencies are used only in CallConstructor.
Bug: 9741592
Change-Id: Id9c48a74c46aa89bcdf3d54ec2f8ba3d398130b1
Freeing block mprotects on the page which it turn
may lead to application crash if linker subsequently
tries to modify another block on the page.
Bug: 14895266
Change-Id: I8ff7f5df467d7be184242de652032b3c84e24b76
Don't support the dynamic linker loading ET_EXEC executables. Only
support ET_DYN executables.
Bug: 14566672
Change-Id: Ia1f2bfffe7ea867c1cd62e67d7fd637c60c0728d
If the file has no relro segment, the generated relro file will have
length 0, which caused mmap to fail. If the relro file has nonzero size,
but is too short (e.g. because it's for the wrong version of the
library), the linker would segfault while comparing the data. Fix both
these issues: don't try to map a zero length file, and don't try to
compare data that would be beyond the end of the file.
Improve test to explicitly generate two versions of the library: one
with -z relro, and one with -z norelro, so we can test both cases; also
explicitly test the case where the relro file has length 0.
Bug: 14299541
Change-Id: Id8b95585edda90e8bb5de452a35b70ed2d224934
Because we re-raise various signals, we corrupt the si_code that debuggerd
sees when it ptraces our siginfo. One possible solution (shown here) is to
pass the original si_code value in the message we send to debuggerd.
Change-Id: I76f9aa2c0442e5cab611d132532409e700383907
Add missing second param to soinfo_link_image in a section that's not
compiled on ARM.
Bug: 13005501
Change-Id: Id0ede8e03da4e05b25c0aeb24a840f868031d4e8
This has been annoying me for a while, because it's often quite misleading.
Today, for example, I saw:
Fatal signal 13 (SIGPIPE) at 0x6573 (code=0), thread 25971 (top)
where the apparent address is actually the pid of the signal source (in this
case the kernel on behalf of the thread itself).
This patch isn't as fancy as strace, but it at least means we never say
anything misleading. We could decode the si_code field like strace and
debuggerd, but I'm reluctant to do that without some way to share the code
between at least bionic and debuggerd.
Examples after:
Fatal signal 13 (SIGPIPE), code 0 in tid 9157 (top)
Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 9142 (crasher64)
Fatal signal 6 (SIGABRT), code -6 in tid 9132 (crasher64)
(Note that the code still shows as 0 for SIGPIPE in the signal handler itself
but as -6 (SI_TKILL) in debuggerd; this is actually correct --- debuggerd is
showing the re-raised signal sent at the end of the signal handler that
initially showed the correct code 0.)
Change-Id: I71cad4ab61f422a4f6687a60ac770371790278e0
Add flags and a file descriptor to android_dlopen_ext() to allow writing
the RELRO section of the loaded library to a file after relocation
processing, and to allow mapping identical pages from the file over the
top of relocated memory in another process. Explicitly comparing the
pages is required in case a page contains a reference to a symbol
defined in another library loaded at a random base address.
Bug: 13005501
Change-Id: Ibb5b2d384edfaa5acf3e97a5f8b6115c10497a1e
Add flags and parameters to android_dlopen_ext() to allow loading a
library at an already-reserved fixed address. If the library to be
loaded will not fit within the space reserved, then the linker will
either fail, or allocate its own address space as usual, according to
which flag has been specified. This behaviour only applies to the
specific library requested; any other libraries loaded as dependencies
will be loaded in the normal fashion.
There is a new gtest included to cover the functionality added.
Bug: 13005501
Change-Id: I5d1810375b20fc51ba6a9b3191a25f9792c687f1
Add a function "android_dlopen_ext()", defined in <android/dlext.h>.
This is an extended version of dlopen() which takes a struct for passing
additional parameters for Android-specific functionality. This will be
used to support RELRO section sharing between separate processes.
Bug: 13005501
Change-Id: I9c99b2f2a02ee329dedaeba09ef3a1113b17b2d6
Use LOCAL_MODULE_STEM_32 and LOCAL_MODULE_STEM_64 to build
linker and linker64. Set LOCAL_MULTILIB := both for consistency
with other rules of this type, although LOCAL_MULTILIB := both is
only consumed by executable.mk which is skipped by
linker_executable.mk. Duplicate the necessary new parts of
executable.mk.
Change-Id: I888e87cf125cfbcfdee6a55b6377d8bc5ce402ea
Our <machine/asm.h> files were modified from upstream, to the extent
that no architecture was actually using the upstream ENTRY or END macros,
assuming that architecture even had such a macro upstream. This patch moves
everyone to the same macros, with just a few tweaks remaining in the
<machine/asm.h> files, which no one should now use directly.
I've removed most of the unused cruft from the <machine/asm.h> files, though
there's still rather a lot in the mips/mips64 ones.
Bug: 12229603
Change-Id: I2fff287dc571ac1087abe9070362fb9420d85d6d
When bionic's dynamic linker processes the .dynamic section of a MIPS ELF binary and encounters the DT_MIPS_RLD_MAP dynamic array tag, it calculates the address of where to write a pointer to the _r_debug structure. The current implementation simply reads the value given in the d_ptr field and writes the pointer address to that location. However, this value has to be adjusted to reflect the real load address of the binary. Otherwise the linker will write to a faulty location possibly resulting in a crash when linking a MIPS binary that includes DT_MIPS_RLD_MAP. This change corrects that problem.
Change-Id: I1a91874f7ab47289001fe72d9016660c14c70362
Signed-off-by: Benjamin Adolphi <b.adolphi@gmail.com>
Remove the linker's reliance on BSD cruft and use the glibc-style
ElfW macro. (Other code too, but the linker contains the majority
of the code that needs to work for Elf32 and Elf64.)
All platforms need dl_iterate_phdr_static, so it doesn't make sense
to have that part of the per-architecture configuration.
Bug: 12476126
Change-Id: I1d7f918f1303a392794a6cd8b3512ff56bd6e487
Also move some of the stuff that should be in <link.h> out of the
private "linker.h", to make it clearer that these are public API
known to gdb that we can't change.
Bug: 12554197
Change-Id: I830e1260d3d8b833ed99bc1518f1c6b6102be8af
Some system functions like munmap expect soinfo's size to be size_t, but currently
it is unsigned. Change it to size_t to fit 64bit's portability.
Change-Id: I0bf6d522b38b0cd9bf1db05b004b5326217412a2
Signed-off-by: Weiwu Chen <weiwu.chen@intel.com>
Signed-off-by: Qiming Shi <qiming.shi@intel.com>
Do not use the magic number 0xFFFFFFFFU to represent the max value of an address
as it's not correct on 64bit platform. We should use UINTPTR_MAX instead.
Change-Id: I1fc6f5864a651b2eddea2333cb0788f9d9223270
Signed-off-by: Qiming Shi <qiming.shi@intel.com>
Signed-off-by: Weiwu Chen <weiwu.chen@intel.com>
We're not going to have init(1) set LD_LIBRARY_PATH globally on 64-bit.
This patch makes it possible for libnativehelper to set LD_LIBRARY_PATH
in each Java VM (to support System.loadLibrary) without also hard-coding
the default search path there.
Change-Id: If13961fae976e06dd80d5ef522f31e8b7eb01154
We don't need this on architectures other than aarch64, and
we're still investigating why we need it on aarch64, but it
doesn't seem unreasonable to have this flag set when linking
the dynamic linker anyway; it's clearly the intended behavior.
Change-Id: I4fa1b4ae543a818979934bf818eabac03bb9154f
If the linker can't resolve its own internal references to symbols,
we currently exit silently (albeit with EXIT_FAILURE). Not very helpful.
Change-Id: I1614fc970dee4560b38832ede1987b65a8e53a1e
Addition of support for AArch64 in the linker64 target.
Change-Id: I8dfd9711278f6706063e91f626b6007ea7a3dd6e
Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
Under valgrind ehdr_vdso is null and causing segfault.
Adding debug info for vdso producing plenty of issues on debugging
through gdbserver, removing it. It doesn't seem it should be here.
Unwinding through vdso test still works.
Change-Id: I1a7e233c493f2268d725fa8d7279822d07decc49
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Integration of kernel VDSO into internal bionic data structures using
common functions.
Fix for dl_iterate_phdr function: the function provides incorrect
address of object in case of nonzero virtual and base addresses.
Location in address space of a particular program header should be
calculated using the formula: addr = base_addr + virtual_addr.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ie2ab4257fd456242aab8afed0bd5bd6b29e81d6d
We don't need our own architecture macros; the standard ones will do.
This patch also fixes some __x86_64__ tests to be USE_RELA tests instead,
because they're not actually x86_64-specific.
I've cleaned up architecture-specific code slightly so where possible
all the code corresponding to a particular architecture is together.
This patch also fixes a bug in LP64 DT_PLTGOT handling, which should be
an error rather than falling through into DT_DEBUG! There was another #ifdef
bug where we'd only report unexpected DT_ entries on MIPS.
Change-Id: Id1d04e372611f641c1aa278a18e379f28af9eaf5
Like the new TODO says, though, do we need this at all? Wouldn't we be better
off just using the regular architecture-specific macros? This is a dynamic
linker, so there's never a possibility of cross-linking.
Change-Id: I7be6b8663f5e585c4024a49aae383430c86a3c1b
Also clean up <signal.h> and revert the hacks that were necessary
for 64-bit in linker/debugger.cpp until now.
Change-Id: I3b0554ca8a49ee1c97cda086ce2c1954ebc11892
The x86_64 build was failing because clone.S had a call to __thread_entry which
was being added to a different intermediate .a on the way to making libc.so,
and the linker couldn't guarantee statically that such a relocation would be
possible.
ld: error: out/target/product/generic_x86_64/obj/STATIC_LIBRARIES/libc_common_intermediates/libc_common.a(clone.o): requires dynamic R_X86_64_PC32 reloc against '__thread_entry' which may overflow at runtime; recompile with -fPIC
This patch addresses that by ensuring that the caller and callee end up in the
same intermediate .a. While I'm here, I've tried to clean up some of the mess
that led to this situation too. In particular, this removes libc/private/ from
the default include path (except for the DNS code), and splits out the DNS
code into its own library (since it's a weird special case of upstream NetBSD
code that's diverged so heavily it's unlikely ever to get back in sync).
There's more cleanup of the DNS situation possible, but this is definitely a
step in the right direction, and it's more than enough to get x86_64 building
cleanly.
Change-Id: I00425a7245b7a2573df16cc38798187d0729e7c4
If __get_tls has the right type, a lot of confusing casting can disappear.
It was probably a mistake that __get_tls was exposed as a function for mips
and x86 (but not arm), so let's (a) ensure that the __get_tls function
always matches the macro, (b) that we have the function for arm too, and
(c) that we don't have the function for any 64-bit architecture.
Change-Id: Ie9cb989b66e2006524ad7733eb6e1a65055463be
This reverts commits eb1b07469f and
d14dc3b87f, and fixes the bug where
we were calling mmap (which might cause errno to be set) before
__set_tls (which is required to implement errno).
Bug: 8557703
Change-Id: I2c36d00240c56e156e1bb430d8c22a73a068b70c
We notify debuggerd of problems by installing signal handlers. That's
fine except for when the signal is caused by us running off the end of
a thread's stack and into the guard page.
Bug: 8557703
Change-Id: I1ef65b4bb3bbca7e9a9743056177094921e60ed3
Kernel provides virtual DSO for stack unwinding/exception handlind info for
signal usage case. Stack unwinding routines use 'dl_iterate_phdr' function
for additional DWARF info gathering from DSOs. Patch enables virtual DSO
enumeration via dl_iterate_phdr function.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ic2882b28f40b456a088bc1e63c50cbfda7e4a102
Text relocations unnecessarily mark pages as dirty, preventing them
from being swapped out, wasting memory. Also, text relocations
prevent the code from running on certain hardened systems.
Print a message in logcat and stderr when we see a text relocation,
to encourage developers to fix their code.
Change-Id: I6051a7463911e090ae5727a355397d539669d5b9
This matches glibc and makes life easier for developers who want to
sometimes preload a library from init (which has no conditionals); they
can simply move/remove the library to disable.
Change-Id: I579b8633f958235af6e46bb53b378b9e363afb1f
* commit '98f7659d7e3a7d75c68a41299f6ee55d7d35c27b':
Don't fail to run DT_INIT and DT_INIT_ARRAY constructors if a shared library has DT_PREINIT_ARRAY constructors.
The GNU dynamic linker silently ignores a DT_PREINIT_ARRAY section
in a shared library. We had ineffectual code that tried to report
an error, which I tried to fix but got wrong --- my version still
wouldn't report the error to the caller, but would prevent us from
continuing to call constructors.
Bug: 8825226
Change-Id: I4fd8450ecc44d8767a1cb808aeecfbfbfc77c070
get_AT_SECURE() was getting called before linker_env_init() had
been called, and returning the default value ("true"). This was
causing us to reopen closed stdin, stdout, and stderr for ALL
processes, not just privileged (setuid) processes.
Calling path:
- __linker_init
- soinfo_link_image
- get_AT_SECURE
- __linker_init_post_relocation
- linker_env_init
This change restores the intended behavior of only re-opening
stdin, stdout, and stderr for privileged processes.
Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0
This adds __libc_fatal, cleans up the internal logging code a bit more,
and switches suitable callers over to __libc_fatal. In addition to logging,
__libc_fatal stashes the message somewhere that the debuggerd signal handler
can find it before calling abort.
In the debuggerd signal handler, we pass this address to debuggerd so that
it can come back with ptrace to read the message and present it to the user.
Bug: 8531731
Change-Id: I416ec1da38a8a1b0d0a582ccd7c8aaa681ed4a29
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.
Also use O_CLOEXEC when opening the /dev/log files.
Move everything logging-related into one header file.
Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
Still chipping away at the situation where every variable in the
linker was of type 'unsigned'. This patch switches counts over to
being size_t and adds an explicit type for init/fini function pointers
and arrays of function pointers.
Also improve logging from CallArray.
Also remove trailing "\n"s from log messages.
Change-Id: Ie036d2622caac50f4d29f0570888bb527661d77e
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
Replace a kernel header file dependency with files from NetBSD.
They're more complete, and ELF is ELF, whether you're on Linux or a BSD.
Bug: 7973611
Change-Id: I83ee719e7efdf432ec2ddbe8be271d05b2f558d7
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
The linker is essentially a shared library, and incorporates
it's own copy of libc. Even though it's unnecessary, currently
/system/bin/linker is exporting various libc symbols (only to
apps which explicitly dlopen /system/bin/linker)
Add --exclude-libs,ALL, which tells the static linker to mark
all of the imported libc symbols as hidden. This reduces the
size of /system/bin/linker from 92K to 67K with no obvious
loss in functionality.
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 92260 2013-01-16 16:52 linker
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 67660 2013-01-16 16:49 linker
Documentation on exclude-libs can be found at
http://sourceware.org/binutils/docs-2.21/ld/Options.html
Change-Id: I4508287770e4b7a845def2e6b4af969f9c866c6a
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.
Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
This is primarily for MIPS exutables that do not have a
DT_MIPS_RLD_MAP entry.
Change-Id: I4c221d92debcfed961eeee2515123f3fb21ec8e6
Signed-off-by: Chris Dearman <chris@mips.com>
This patch replaces .S versions of x86 crtfiles with .c which are much
easier to support. Some of the files are matching .c version of Arm
crtfiles. x86 files required some cleanup anyway and this cleanup actually
led to matching Arm files.
I didn't change anything to share the same crt*.c between x86 and Arm. I
prefer to keep them separate for a while in case any change is required
for one of the arch, but it's good thing to do in the following patches.
Change-Id: Ibcf033f8d15aa5b10c05c879fd4b79a64dfc70f3
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>