This has been annoying me for a while, because it's often quite misleading.
Today, for example, I saw:
Fatal signal 13 (SIGPIPE) at 0x6573 (code=0), thread 25971 (top)
where the apparent address is actually the pid of the signal source (in this
case the kernel on behalf of the thread itself).
This patch isn't as fancy as strace, but it at least means we never say
anything misleading. We could decode the si_code field like strace and
debuggerd, but I'm reluctant to do that without some way to share the code
between at least bionic and debuggerd.
Examples after:
Fatal signal 13 (SIGPIPE), code 0 in tid 9157 (top)
Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 9142 (crasher64)
Fatal signal 6 (SIGABRT), code -6 in tid 9132 (crasher64)
(Note that the code still shows as 0 for SIGPIPE in the signal handler itself
but as -6 (SI_TKILL) in debuggerd; this is actually correct --- debuggerd is
showing the re-raised signal sent at the end of the signal handler that
initially showed the correct code 0.)
Change-Id: I71cad4ab61f422a4f6687a60ac770371790278e0
Add flags and a file descriptor to android_dlopen_ext() to allow writing
the RELRO section of the loaded library to a file after relocation
processing, and to allow mapping identical pages from the file over the
top of relocated memory in another process. Explicitly comparing the
pages is required in case a page contains a reference to a symbol
defined in another library loaded at a random base address.
Bug: 13005501
Change-Id: Ibb5b2d384edfaa5acf3e97a5f8b6115c10497a1e
Add flags and parameters to android_dlopen_ext() to allow loading a
library at an already-reserved fixed address. If the library to be
loaded will not fit within the space reserved, then the linker will
either fail, or allocate its own address space as usual, according to
which flag has been specified. This behaviour only applies to the
specific library requested; any other libraries loaded as dependencies
will be loaded in the normal fashion.
There is a new gtest included to cover the functionality added.
Bug: 13005501
Change-Id: I5d1810375b20fc51ba6a9b3191a25f9792c687f1
Add a function "android_dlopen_ext()", defined in <android/dlext.h>.
This is an extended version of dlopen() which takes a struct for passing
additional parameters for Android-specific functionality. This will be
used to support RELRO section sharing between separate processes.
Bug: 13005501
Change-Id: I9c99b2f2a02ee329dedaeba09ef3a1113b17b2d6
Use LOCAL_MODULE_STEM_32 and LOCAL_MODULE_STEM_64 to build
linker and linker64. Set LOCAL_MULTILIB := both for consistency
with other rules of this type, although LOCAL_MULTILIB := both is
only consumed by executable.mk which is skipped by
linker_executable.mk. Duplicate the necessary new parts of
executable.mk.
Change-Id: I888e87cf125cfbcfdee6a55b6377d8bc5ce402ea
Our <machine/asm.h> files were modified from upstream, to the extent
that no architecture was actually using the upstream ENTRY or END macros,
assuming that architecture even had such a macro upstream. This patch moves
everyone to the same macros, with just a few tweaks remaining in the
<machine/asm.h> files, which no one should now use directly.
I've removed most of the unused cruft from the <machine/asm.h> files, though
there's still rather a lot in the mips/mips64 ones.
Bug: 12229603
Change-Id: I2fff287dc571ac1087abe9070362fb9420d85d6d
When bionic's dynamic linker processes the .dynamic section of a MIPS ELF binary and encounters the DT_MIPS_RLD_MAP dynamic array tag, it calculates the address of where to write a pointer to the _r_debug structure. The current implementation simply reads the value given in the d_ptr field and writes the pointer address to that location. However, this value has to be adjusted to reflect the real load address of the binary. Otherwise the linker will write to a faulty location possibly resulting in a crash when linking a MIPS binary that includes DT_MIPS_RLD_MAP. This change corrects that problem.
Change-Id: I1a91874f7ab47289001fe72d9016660c14c70362
Signed-off-by: Benjamin Adolphi <b.adolphi@gmail.com>
Remove the linker's reliance on BSD cruft and use the glibc-style
ElfW macro. (Other code too, but the linker contains the majority
of the code that needs to work for Elf32 and Elf64.)
All platforms need dl_iterate_phdr_static, so it doesn't make sense
to have that part of the per-architecture configuration.
Bug: 12476126
Change-Id: I1d7f918f1303a392794a6cd8b3512ff56bd6e487
Also move some of the stuff that should be in <link.h> out of the
private "linker.h", to make it clearer that these are public API
known to gdb that we can't change.
Bug: 12554197
Change-Id: I830e1260d3d8b833ed99bc1518f1c6b6102be8af
Some system functions like munmap expect soinfo's size to be size_t, but currently
it is unsigned. Change it to size_t to fit 64bit's portability.
Change-Id: I0bf6d522b38b0cd9bf1db05b004b5326217412a2
Signed-off-by: Weiwu Chen <weiwu.chen@intel.com>
Signed-off-by: Qiming Shi <qiming.shi@intel.com>
Do not use the magic number 0xFFFFFFFFU to represent the max value of an address
as it's not correct on 64bit platform. We should use UINTPTR_MAX instead.
Change-Id: I1fc6f5864a651b2eddea2333cb0788f9d9223270
Signed-off-by: Qiming Shi <qiming.shi@intel.com>
Signed-off-by: Weiwu Chen <weiwu.chen@intel.com>
We're not going to have init(1) set LD_LIBRARY_PATH globally on 64-bit.
This patch makes it possible for libnativehelper to set LD_LIBRARY_PATH
in each Java VM (to support System.loadLibrary) without also hard-coding
the default search path there.
Change-Id: If13961fae976e06dd80d5ef522f31e8b7eb01154
We don't need this on architectures other than aarch64, and
we're still investigating why we need it on aarch64, but it
doesn't seem unreasonable to have this flag set when linking
the dynamic linker anyway; it's clearly the intended behavior.
Change-Id: I4fa1b4ae543a818979934bf818eabac03bb9154f
If the linker can't resolve its own internal references to symbols,
we currently exit silently (albeit with EXIT_FAILURE). Not very helpful.
Change-Id: I1614fc970dee4560b38832ede1987b65a8e53a1e
Addition of support for AArch64 in the linker64 target.
Change-Id: I8dfd9711278f6706063e91f626b6007ea7a3dd6e
Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
Under valgrind ehdr_vdso is null and causing segfault.
Adding debug info for vdso producing plenty of issues on debugging
through gdbserver, removing it. It doesn't seem it should be here.
Unwinding through vdso test still works.
Change-Id: I1a7e233c493f2268d725fa8d7279822d07decc49
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Integration of kernel VDSO into internal bionic data structures using
common functions.
Fix for dl_iterate_phdr function: the function provides incorrect
address of object in case of nonzero virtual and base addresses.
Location in address space of a particular program header should be
calculated using the formula: addr = base_addr + virtual_addr.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ie2ab4257fd456242aab8afed0bd5bd6b29e81d6d
We don't need our own architecture macros; the standard ones will do.
This patch also fixes some __x86_64__ tests to be USE_RELA tests instead,
because they're not actually x86_64-specific.
I've cleaned up architecture-specific code slightly so where possible
all the code corresponding to a particular architecture is together.
This patch also fixes a bug in LP64 DT_PLTGOT handling, which should be
an error rather than falling through into DT_DEBUG! There was another #ifdef
bug where we'd only report unexpected DT_ entries on MIPS.
Change-Id: Id1d04e372611f641c1aa278a18e379f28af9eaf5
Like the new TODO says, though, do we need this at all? Wouldn't we be better
off just using the regular architecture-specific macros? This is a dynamic
linker, so there's never a possibility of cross-linking.
Change-Id: I7be6b8663f5e585c4024a49aae383430c86a3c1b
Also clean up <signal.h> and revert the hacks that were necessary
for 64-bit in linker/debugger.cpp until now.
Change-Id: I3b0554ca8a49ee1c97cda086ce2c1954ebc11892
The x86_64 build was failing because clone.S had a call to __thread_entry which
was being added to a different intermediate .a on the way to making libc.so,
and the linker couldn't guarantee statically that such a relocation would be
possible.
ld: error: out/target/product/generic_x86_64/obj/STATIC_LIBRARIES/libc_common_intermediates/libc_common.a(clone.o): requires dynamic R_X86_64_PC32 reloc against '__thread_entry' which may overflow at runtime; recompile with -fPIC
This patch addresses that by ensuring that the caller and callee end up in the
same intermediate .a. While I'm here, I've tried to clean up some of the mess
that led to this situation too. In particular, this removes libc/private/ from
the default include path (except for the DNS code), and splits out the DNS
code into its own library (since it's a weird special case of upstream NetBSD
code that's diverged so heavily it's unlikely ever to get back in sync).
There's more cleanup of the DNS situation possible, but this is definitely a
step in the right direction, and it's more than enough to get x86_64 building
cleanly.
Change-Id: I00425a7245b7a2573df16cc38798187d0729e7c4
If __get_tls has the right type, a lot of confusing casting can disappear.
It was probably a mistake that __get_tls was exposed as a function for mips
and x86 (but not arm), so let's (a) ensure that the __get_tls function
always matches the macro, (b) that we have the function for arm too, and
(c) that we don't have the function for any 64-bit architecture.
Change-Id: Ie9cb989b66e2006524ad7733eb6e1a65055463be
This reverts commits eb1b07469f and
d14dc3b87f, and fixes the bug where
we were calling mmap (which might cause errno to be set) before
__set_tls (which is required to implement errno).
Bug: 8557703
Change-Id: I2c36d00240c56e156e1bb430d8c22a73a068b70c
We notify debuggerd of problems by installing signal handlers. That's
fine except for when the signal is caused by us running off the end of
a thread's stack and into the guard page.
Bug: 8557703
Change-Id: I1ef65b4bb3bbca7e9a9743056177094921e60ed3
Kernel provides virtual DSO for stack unwinding/exception handlind info for
signal usage case. Stack unwinding routines use 'dl_iterate_phdr' function
for additional DWARF info gathering from DSOs. Patch enables virtual DSO
enumeration via dl_iterate_phdr function.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Ic2882b28f40b456a088bc1e63c50cbfda7e4a102
Text relocations unnecessarily mark pages as dirty, preventing them
from being swapped out, wasting memory. Also, text relocations
prevent the code from running on certain hardened systems.
Print a message in logcat and stderr when we see a text relocation,
to encourage developers to fix their code.
Change-Id: I6051a7463911e090ae5727a355397d539669d5b9
This matches glibc and makes life easier for developers who want to
sometimes preload a library from init (which has no conditionals); they
can simply move/remove the library to disable.
Change-Id: I579b8633f958235af6e46bb53b378b9e363afb1f
* commit '98f7659d7e3a7d75c68a41299f6ee55d7d35c27b':
Don't fail to run DT_INIT and DT_INIT_ARRAY constructors if a shared library has DT_PREINIT_ARRAY constructors.
The GNU dynamic linker silently ignores a DT_PREINIT_ARRAY section
in a shared library. We had ineffectual code that tried to report
an error, which I tried to fix but got wrong --- my version still
wouldn't report the error to the caller, but would prevent us from
continuing to call constructors.
Bug: 8825226
Change-Id: I4fd8450ecc44d8767a1cb808aeecfbfbfc77c070
get_AT_SECURE() was getting called before linker_env_init() had
been called, and returning the default value ("true"). This was
causing us to reopen closed stdin, stdout, and stderr for ALL
processes, not just privileged (setuid) processes.
Calling path:
- __linker_init
- soinfo_link_image
- get_AT_SECURE
- __linker_init_post_relocation
- linker_env_init
This change restores the intended behavior of only re-opening
stdin, stdout, and stderr for privileged processes.
Change-Id: I8b085ea6597710ac4c1a3c93f1bf8b81eecb08c0
This adds __libc_fatal, cleans up the internal logging code a bit more,
and switches suitable callers over to __libc_fatal. In addition to logging,
__libc_fatal stashes the message somewhere that the debuggerd signal handler
can find it before calling abort.
In the debuggerd signal handler, we pass this address to debuggerd so that
it can come back with ptrace to read the message and present it to the user.
Bug: 8531731
Change-Id: I416ec1da38a8a1b0d0a582ccd7c8aaa681ed4a29
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.
Also use O_CLOEXEC when opening the /dev/log files.
Move everything logging-related into one header file.
Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
Still chipping away at the situation where every variable in the
linker was of type 'unsigned'. This patch switches counts over to
being size_t and adds an explicit type for init/fini function pointers
and arrays of function pointers.
Also improve logging from CallArray.
Also remove trailing "\n"s from log messages.
Change-Id: Ie036d2622caac50f4d29f0570888bb527661d77e
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
Replace a kernel header file dependency with files from NetBSD.
They're more complete, and ELF is ELF, whether you're on Linux or a BSD.
Bug: 7973611
Change-Id: I83ee719e7efdf432ec2ddbe8be271d05b2f558d7
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
The linker is essentially a shared library, and incorporates
it's own copy of libc. Even though it's unnecessary, currently
/system/bin/linker is exporting various libc symbols (only to
apps which explicitly dlopen /system/bin/linker)
Add --exclude-libs,ALL, which tells the static linker to mark
all of the imported libc symbols as hidden. This reduces the
size of /system/bin/linker from 92K to 67K with no obvious
loss in functionality.
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 92260 2013-01-16 16:52 linker
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 67660 2013-01-16 16:49 linker
Documentation on exclude-libs can be found at
http://sourceware.org/binutils/docs-2.21/ld/Options.html
Change-Id: I4508287770e4b7a845def2e6b4af969f9c866c6a
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.
Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
This is primarily for MIPS exutables that do not have a
DT_MIPS_RLD_MAP entry.
Change-Id: I4c221d92debcfed961eeee2515123f3fb21ec8e6
Signed-off-by: Chris Dearman <chris@mips.com>
This patch replaces .S versions of x86 crtfiles with .c which are much
easier to support. Some of the files are matching .c version of Arm
crtfiles. x86 files required some cleanup anyway and this cleanup actually
led to matching Arm files.
I didn't change anything to share the same crt*.c between x86 and Arm. I
prefer to keep them separate for a while in case any change is required
for one of the arch, but it's good thing to do in the following patches.
Change-Id: Ibcf033f8d15aa5b10c05c879fd4b79a64dfc70f3
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
If you need to build your own linker to get debugging, the debugging
is never available when you need it.
Change-Id: I5ff7e55753459d49a2990f25d9aa155e0b8602e0
According ELF spec re. DT_SYMBOLIC:
This element's presence in a shared object library alters the dynamic
linker's symbol resolution algorithm for references within the library.
Instead of starting a symbol search with the executable file, the
dynamic linker starts from the shared object itself. If the shared
object fails to supply the referenced symbol, the dynamic linker then
searches the executable file and other shared objects as usual.
This change implements the last part.
Change-Id: Iae95d53d455313a4306f11733941bcd3596ac85f
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
NVIDIA binary blobs construct strings to pass to dlopen(3) that
contain '/' but require that we fall back to LD_LIBRARY_PATH.
Change-Id: Iad831899986baace6962f4b335eeb288250a1e22
We'll need a lot more refactoring of this code before we can reduce
the granularity, but this is a step forward.
Change-Id: I07061720e734b571a8399c1d5b4f2f35cd681307
Request memory from the system when needed instead of having a fixed
array for soinfo structs. Note that malloc() et al can't be used in
linker, so use mmap() instead.
Change-Id: I4b495995931d7752b0e8c944e64d1fe41b9f7144
Also ensure that dlopen(3) errors always include the name of the library we
failed to open.
Also fix a bug where we'd fall back to searching LD_LIBRARY_PATH and the
built-in paths for names that include slashes.
Bug: http://code.google.com/p/android/issues/detail?id=38479
Change-Id: Ib2c009ed083344a7a012749d58f8679db2f26c78
If an executable contain copy relocations, other references
to the symbol it points to should be preempted and made to
point to the copy instead.
Also, the linker should make sure the target area has
sufficient space to contain the copy. It also checks
whether the library that supplies the symbol is built
with -Bsymbolic, and errors out if this is the case.
Change-Id: If135c83590092741cfd8f82f54816f363a4a4a3b
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
I still want to break linker_format out into its own library so we can reuse
it for malloc debugging and so forth. (There are many similar pieces of code
in bionic, but the linker's one seems to be the most complete/functional.)
Change-Id: If3721853d28937c8e821ca1d23cf200e228a409a
error: C99 designator 'name' outside aggregate initializer
G++ 4.7+ can't handle some of C99 designated initializers.
Most likely it's just not implemented yet. Other possible workarounds is
to compile this as C not C++ or define name as char* instead of char[SIZE].
Appeared after this change https://android-review.googlesource.com/#/c/44470
Change-Id: Ib28157848ce759b8bb5dbb2ac0d9a768fa4e5107
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
I gave up trying to use the usual thread-local buffer idiom; calls to
calloc(3) and free(3) from any of the "dl" functions -- which live in
the dynamic linker -- end up resolving to the dynamic linker's stubs.
I tried to work around that, but was just making things more complicated.
This alternative costs us a well-known TLS slot (instead of the
dynamically-allocated TLS slot we'd have used otherwise, so no difference
there), plus an extra buffer inside every pthread_internal_t.
Bug: 5404023
Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
Add unit tests for dlerror(3) in various situations. I think We're at least
as good as glibc now.
Also factor out the ScopedPthreadMutexLock and use it here too.
Bug: http://code.google.com/p/android/issues/detail?id=38398
Change-Id: I040938b4366ab836e3df46d1d8055b92f4ea6ed8
Now we use private variables in transform-o-to-executable to support
build executables against the NDK.
Bug: 7170098
Change-Id: I6e505b33001b76f4b11fcbbb1d35392c4ddf4c70
Our debugger signal catcher expects to receive three args, but if
somebody cleared SA_SIGINFO we only get one, and bad things happen
when we try to use the second one. Test to see if SA_SIGINFO is
still set before we try to use the argument.
(cherry-pick of f84bc8d6f6368f1c846124a8168761ee8cc589c0.)
Bug: 7272866
Change-Id: I69a65c25e833aea70acb78f9ba40ed93308583e6
Our debugger signal catcher expects to receive three args, but if
somebody cleared SA_SIGINFO we only get one, and bad things happen
when we try to use the second one. Test to see if SA_SIGINFO is
still set before we try to use the argument.
Bug: 7272866
Change-Id: If682a2262fe8a575f3802fb0c60a53eea3082456
Now we use private variables in transform-o-to-executable to support
build executables against the NDK.
Bug: 7170098
Change-Id: I6e505b33001b76f4b11fcbbb1d35392c4ddf4c70
Currently, linker doesn't update the map->l_addr for execution.
Which could break the Unwind_Backtrace with PT_GNU_EH_FRAME enabled
in new toolchain.
Change-Id: Ifbd853134da64a962f7e4c4105e56a3f20def1b2
Author: Fengwei Yin <fengwei.yin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 57077
Lose the pid, only show the name of the function (not its whole signature),
and include the name of the library we failed to load. (I hadn't noticed
that the library name was missing before because in Java we add that into
the UnsatisfiedLinkError detail message.)
The new output looks like this:
Cannot load library: soinfo_relocate(linker.cpp:968): cannot locate symbol "__libc_malloc_default_dispatch" referenced by "libc_malloc_debug_leak.so"...
Change-Id: I3bb5c9780d9aaf3a9e4418ea55bc98122a81f80f
Per http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf
Section 4.7.1.10, ARM_R_COPY relocations are only suppose to reference shared
libraries, not the executable itself. When resolving an R_ARM_COPY symbol,
ensure we don't look in our own symbol.
This partially addresses
http://code.google.com/p/android/issues/detail?id=28598 . After this
patch, the printfs generated by the test program are:
global = 0x42 (0x401c7000)
global = 0x42 (0x11000)
before, the output was:
global = 0x42 (0x40071000)
global = 0x0 (0x11000)
I'm still not very happy with this patch, but I think it's an improvement
over where we were at before.
This change was modeled after https://android-review.googlesource.com/38871
Change-Id: Id7ad921e58395e76a36875bcc742ec5eeba53f08
This header is used on bionic build and should be propagated into
sysroot on toolchain rebuild. Discussion re. this header is here:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg00936.html
It is available already in mips NDK platforms:
development/ndk/platforms/android-9/arch-mips/include/link.h
Change-Id: I39ff467cdac9f448e31c11ee3e14a6200e82ab57
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
This patch removes the DT_NEEDED hack which stores pointers
to soinfo structs in the .dynamic section of the library
being loaded.
Instead, it caches the soinfo struct pointers on the stack
during relocation time. After relocation time, i.e. when
calling constructors and destructors of the shared library
and its dependencies, uncached access is used instead,
doing lookups using the string table entries pointed to by
the DT_NEEDED entries.
By removing this hack, it is no longer needed to undo the
PT_GNURELRO protection, i.e., all non-writable mappings
can remain non-writable during their entire lifespan.
Even though, strictly speaking, the algorithmic complexity
has increased somewhat, the real-world adverse effect
is negligible on the systems I have tested.
Change-Id: I2361502560b96b5878f7f94a8e8a215350d70d64
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@gmail.com>
This should help prevent broken builds next time I'm messing with
assembler/compiler/linker flags...
Change-Id: I30f15a3ce3c3f3c60cad7bc59aaba9f42d792224
The linker only needs to mark the text segment as
writable iff the file has text relocations. Unnecessarily
calling mprotect when it isn't necessary is slow, and some
security enhanced kernels don't like it. Pages which are
simultaneously writable and executable are considered a no-no.
The vast majority of executables / shared libraries on Android
do NOT have text relocations.
Change-Id: Ic38ce30a99b7e33ecf21efd9c108547a58eafa35
Otherwise gdb will print a spurious warning each time gdb is used:
warning: .dynamic section for "/system/bin/linker" is not at the expected
address (wrong library or version mismatch?)
BUG:6946614
Change-Id: Ib21b8db0615751189c1601140deb43bc089289b6
Remove the hand-collated ones, and switch to a script that pulls the
copyright headers out of every file and collects the unique ones.
Change-Id: Ied3b98b3f56241df97166c410ff81de4e0157c9d
Also make the errors more readable, since none of us seemed to know
what they actually meant. The new style is still as verbose as the
old, but that's probably necessary in the absence of chained exceptions
in C. Here's what you'd see if you try to boot after removing
libsurfaceflinger.so:
32267 32267 E AndroidRuntime: java.lang.UnsatisfiedLinkError: Cannot load library: (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsystem_server.so" needed by "libandroid_servers.so"; caused by (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsurfaceflinger.so" needed by "libsystem_server.so"; caused by (linker.c:709, pid 32259) load_library: library "libsurfaceflinger.so" not found
This patch also fixes almost all of the compiler warnings.
Change-Id: I64bb59aed6d4e039c15ea45be2367f319ef879f8
Given that _elf_lookup (and thus, _do_lookup) cannot possibly return an
undefined symbol (due to the check for SHN_UNDEF in _elf_lookup), there's
no need for spurious checks for SHN_UNDEF on its return value.
Conflicts:
linker/linker.c
Change-Id: Ic73cf439924b45f72d4d9ba3f64a888c96cbbd9b
GDB needs the runtime linker's base address in order to
locate the latter's ".text" and ".plt" sections, for the
purpose of detecting solib trampolines. It also can
potentially use this to calculate the relocated address
of rtld_db_dlactivity.
Bug: http://code.google.com/p/android/issues/detail?id=34856
Change-Id: I63d3e7ae4e20a684ceb25967f2241e7d58dd685d
Signed-off-by: Ryan V. Bissell <ryan@bissell.org>
Since linker is built with -fvisibility=hidden rtld_db_dlactivity()
if hidden from gdb. Unhide it otherwise gdb may not know linker
activity and rescan solib
Change-Id: Ia8cd8d9738c6ea5696ba2ef0ebf2cf783f9ca70a
Use the functions in linker_phdr.c to load the PT_LOAD segments
in memory, and toggle their mapping's writable protection bit
as needed. In particular:
- when loading a library, load the segments then unprotected
them to allow relocations to work.
- when relocating the linker of the executable, unprotect
the segments loaded by the kernel to make relocations work
too.
- after all relocations are done, re-protect the segments,
and apply GNU RELRO protection if needed.
- just before calling the destructors, undo the GNU RELRO
protection.
Change-Id: I50e709f03958204b8d6140c0f51ebe24fe089a1b
This moves the code that determines where the .dynamic and .ARM.exidx
sections are to a single place in soinfo_link_image().
Change-Id: I98adcb440577bed86442349f03f3c629c945efec
This patch changes the definition of the 'load_offset' field
in struct soinfo. The field is renamed because it is not the
basic load bias to add to every p_vaddr value read from the ELF
file to get the corresponding memory address.
This also slightly simplifies the relocation code.
+ Fix for proper load_bias computation for relocatable executables.
Change-Id: I72502c75a70751cba324deee7d313ae61f96609e
This patch changes the load_library() function in the
dynamic linker to avoid reserving a huge read-only
address-space range just to read the ELF header and
program header (which are typically very small and easily
fit in the first page).
Instead, we use the functions in linker_phdr.c to only
load the data that we need in a temporary mmap-allocated
page of memory, which we release when the function exits.
This avoids issues when loading very large libraries, or
simply debug versions that only need to load a tiny percentage
of their overall file content in RAM.
Change-Id: Id3a189fad2119a870a1b3d43dd81380c54ea6044
This patch introduces two new source files containing a set of functions
to manage the program header table in an ELF binary, including the ability
to load PT_LOAD segments, and apply PT_GNU_RELRO protection.
Note: the files are not used currently, this will appear in a series
of future patches that will gradually modify linker.c to use
the phdr_table_xxx functions properly.
Change-Id: Ia3d4c1ff5fc3e265d8258b64b492f4e643f51bdc
With -fstack-protector, x86 -m32 needs __stack_chk_fail_local
defined in crtbegin_*.o.
Include __stack_chk_fail_local.S in begin.S otherwise linker
(which is built w/o crt*) may not link.
Change-Id: Id242fcf3eff157264afe3b04f27288ab7991220a
This patch adds a trivial implementation of snprintf() that calls
our internal vsnprintf().
Inspection of the generated machine code showed that the linker
contained a full implementation of stdio's vfprintf. It was pulled
in because the pthread implementation uses snprintf() somewhere.
ProTip: It's possible to see why specific objects files are included
in a final binary by adding the following to your Android.mk, then
looking at the content of /tmp/MAP.TXT:
LOCAL_LDFLAGS += -Wl,-Map=/tmp/MAP.TXT
Change-Id: I325e71b0cad1d01116a2e00c09e30a80cb716aa3
This patch adds to make the linker a little bit easier to understand
by making all functions that acts on a sofino object with a soinfo_
prefix.
This is to more easily distinguish functions that operate on global
state, and those that operate on individual libraries.
This should be purely stylistic, i.e. no feature/behaviour change.
Change-Id: Ie510d13d743aa4317644caefa9910b8af7e84f44
Before changing mmap() permission to PROT_NONE in alloc_mem_region(),
such libraries once worked with a bug that uses mmap'ed region outside of
memory region allocated by alloc_mem_region(). This possibly incurs
SIGSEGV because it can overwrite memory region of previously loaded
library, but it sometimes worked, depending on loading order.
After PROT_NONE, this caused SIGSEGV earlier during calculation of
si->phdr in load_library(), but this was fixed by:
75917c84d1 Use mmap to read an ...
Now the behaviour is the same as before applying PROT_NONE in
alloc_mem_region().
This CL fixed the original issue, supporting shared libraries that have
non-zero p_vaddr in first (= with lowest p_vaddr) PT_LOAD segment.
Bug: 6561258
Change-Id: Ib6176dd3e44c4d99a340eb1cbd16fb037586b0bc
Also, fixes SIGSEV during calculation of si->phdr in load_library(),
which is caused by accessing PHDR area, which is not guaranteed to be
loaded.
Note that this usually does not happen because program header area is
covered by immediately following PT_LOAD entry. But it does not hold
always.
Bug: 6561258
Change-Id: Ie376253c773b5420279ca89044e81b1aad5a5736
Previously, the linker always loaded itself into the same
location in memory, which inhibited the effectiveness of Android's
ASLR implementation. Modify the linker code so it can be relocatable
and link itself at runtime.
Change-Id: Ia80273d7a00ff648b4da545f4b69debee6343968
Use LOCAL_NO_CRT to prevent linking against crtbegin.o, rather than
messing with build rules. This also prevents linking against crtend.o,
which isn't needed for the linker.
Change-Id: I0c5b9999be7e8676560fe145c1c033ffce8db4d1
The computation of si->base assumed that the first entry in the
program header table is a PT_PHDR. This results in the dynamic
linker crashing with a SIGSEGV/MAPERR when trying to load some
of the NDK unit test programs, which happen to have an EXIDX
header first, followed byu a PHDR one.
This patch fixes the computation by parsing the program header
table, looking explicitely for the PHDR entry. This fixes the
load of the NDK unit test programs, and doesn't affect system
libraries.
Change-Id: Id18ea6037dbe950b5abbbce816c2960321f0b81d
Modify the dynamic linker so that executables can be loaded
at locations other than 0x00000000.
Modify crtbegin* so that non-PIC compilant "thumb interwork
veneers" are not created by the linker.
Bug: 5323301
Change-Id: Iece0272e2b708c79034f302c20160e1fe9029588
The ARM static linker wasn't properly handling __exidx_start
and __exidx_end symbols. Now that the static linker has been fixed,
we don't need the dynamic linker to work around this problem.
Change-Id: I041b94903609fafab33663a7d441a5e70b7ffcdd
Since e19d702b8e, dlsym and friends use recursive mutexes that
require the current thread id, which is not available before the libc
constructor. This prevents us from using dlsym() in .preinit_array.
This change moves TLS initialization from libc constructor to the earliest
possible point - immediately after linker itself is relocated. As a result,
pthread_internal_t for the initial thread is available from the start.
As a bonus, values stored in TLS in .preinit_array are not lost when libc is
initialized.
Change-Id: Iee5a710ee000173bff63e924adeb4a4c600c1e2d
This reverts commit 61ff83475c.
This code is harmless, and only applies to the linker, so
there's no harm in keeping it in the tree a little bit longer.
Let's roll this back while we try to figure out the root cause
of bug 6314858.
Bug: 6314858
Change-Id: I9f5ed81d23a7abe273baf792aa8a0a2839ef094c
The ARM static linker wasn't properly handling __exidx_start
and __exidx_end symbols. Now that the static linker has been fixed,
we don't need the dynamic linker to work around this problem.
Change-Id: Ic567122b6c7746cc016795e2befba2c6bd7c0478
Compile the linker with -fvisibility=hidden. This reduces the number
of symbols that show up in the .dynsym section of the linker.
These symbols are never exported to other applications.
In particular, this fixes a problem with setting -DLINKER_DEBUG=1
introduced in 468319ce4f.
Because the symbols "debug_verbosity" and "format_log" have not been
resolved before the linker links itself, any attempt to call
PRINT / INFO / TRACE / WARN / ERROR will result in a segfault.
This change allows the static linker to produce a relative reference
to these symbols rather than relying on relocation.
This also has a nice side effect of making the linker slightly smaller
and slightly more optimized.
The following symbols no longer in the .dynsym section of the linker
after this change:
-addr_to_name
-call_constructors_recursi
-calloc
-debugger_init
-debugger_signal_handler
-debug_verbosity
-dladdr
-dlclose
-dlerror
-dl_lock
-dlopen
-dlsym
-dl_unwind_find_exidx
-find_containing_library
-find_containing_symbol
-find_library
-format_buffer
-free
-libdl_info
-linker_env_get
-linker_env_init
-linker_env_secure
-linker_env_unset
-linker_get_error
-__linker_init
-lookup
-lookup_in_library
-malloc
-notify_gdb_of_libraries
-notify_gdb_of_load
-notify_gdb_of_unload
-realloc
-rtld_db_dlactivity
-unload_library
-vsnprintf
Bug: 5827809
Change-Id: I5e8cd7dcf48c1d6831a970a67f63f24916c5e437
When the dynamic linker loads a shared library into memory, it
initially allocates a chunk of memory. The memory is then carved
into smaller chunks for each LOAD region, and appropriate memory
protections applied.
Modify the initial memory allocation so that the pages are mapped
as PROT_NONE, rather than PROT_READ / PROT_EXEC. This ensures that
gaps between LOAD regions are not inadvertantly readable / executable.
(Long term, we should munmap() these gaps entirely)
Change-Id: If128a203ccc6fe12dcbbd2bfe0cf13a2045675af
If we catch a fatal signal that won't automatically re-throw when
the thread resumes, re-throw it manually. (Common examples are
SIGPIPE and the SIGFPE from integer division by zero.)
Change-Id: I329e6d4db907047c555957b42cbd09c50fc808e7
This adds the thread id and name to the "Fatal signal" logging,
making it easier to track down where in process it actually crashed.
Change-Id: I17a365042b2f10b161debe98bc2e7070af055dfb
Add support for PT_GNU_RELRO. This allows the static linker to
indicate that certain regions of memory should be marked as
"read-only" after dynamic linking is complete.
See:
* http://www.akkadia.org/drepper/nonselsec.pdf (section 6)
* http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html
Note that this change has no effect on Android right now, because
we don't compile our code with relro enabled.
Change-Id: I6541f8775367e8558b4388f7d105b1ae6e8f046b
That is to fix the bug:
dlxxx functions can't be called recursively.
For example, if we use dlopen() to use open one library whose constructor
also calls dlopen() in order to open another library, then the thread is
dead-blocked.
By changing the dl_lock from a non-recursive lock to a recursive lock, we can
prevent the thread from dead-blocked by recursive dlxxx calls in the same
thread context.
Change-Id: I1018b41c82f4641cc009c0a2eda31f5a47a534f9
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
We don't have a toolchain anymore, we don't have working original
kernel headers, and nobody is maintaining this so there is really
no point in keeping this here. Details of the patch:
- removed code paths from Android.mk files related to the SuperH
architecture ("sh")
- removed libc/arch-sh, linker/arch-sh, libc/kernel/arch-sh
- simplified libc/SYSCALLS.TXT
- simplified the scripts in libc/tools/ and libc/kernel/tools
Change-Id: I26b0e1422bdc347489e4573e2fbec0e402f75560
Signed-off-by: David 'Digit' Turner <digit@android.com>
The flag to avoid calling ELF constructors recursively (in the case
of recursive .so dependencies) was being set after the dangerous
recursive constructor call had already been made.
This fixes the libc's debug malloc implementation.
Change-Id: I5e601f0ea19ab1df81b8b1ad4df25c3eab0ccda4
Write a message to the log file if the signal handler is not able
to connect to debuggerd. This is especially handy if the failure
was caused by running out of file descriptors, since there's some
chance that the lack of fds relates to the crash.
Sample:
F libc : Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
F libc : Unable to open connection to debuggerd: Too many open files
Bug 5926330
Change-Id: I0ff210d82ab1db39b08f328bae5e08f67a69e5d7
The Linux kernel provides an AT_SECURE auxv flag to inform userspace
whether or not a security transition has occurred. This is more reliable
than directly checking the uid/gid against the euid/egid, because it covers
not only setuid/setgid but also file capabilities, SELinux, and AppArmor
security transitions. It is also a more efficient test since it does
not require any additional system calls.
Change-Id: I9752a4f6da452273258d2876d13b05e402fb0409
This change makes linker handling of .preinit_array compliant with the
System V ABI:
"These [pre-initialization] functions are executed after the dynamic linker has
built the process image and performed relocations but before any shared object
initialization functions."
http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#init_fini
Change-Id: Iebfee22bb1ebe1d7c7e69cb4686e4ebae0dfc4bb
android linker doesn't check machine type, it may load some
libraries which it doesn't support sometimes.
Author: Zhenghua Wang <zhenghua.wang@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
The computation of si->base assumed that the first entry in the
program header table is a PT_PHDR. This results in the dynamic
linker crashing with a SIGSEGV/MAPERR when trying to load some
of the NDK unit test programs, which happen to have an EXIDX
header first, followed byu a PHDR one.
This patch fixes the computation by parsing the program header
table, looking explicitely for the PHDR entry. This fixes the
load of the NDK unit test programs, and doesn't affect system
libraries.
Change-Id: Id18ea6037dbe950b5abbbce816c2960321f0b81d
Previously, the linker always loaded itself into the same
location in memory, which inhibited the effectiveness of Android's
ASLR implementation. Modify the linker code so it can be relocatable
and link itself at runtime.
Change-Id: Ia80273d7a00ff648b4da545f4b69debee6343968
Use LOCAL_NO_CRT to prevent linking against crtbegin.o, rather than
messing with build rules. This also prevents linking against crtend.o,
which isn't needed for the linker.
Change-Id: I0c5b9999be7e8676560fe145c1c033ffce8db4d1
Previously, the linker always loaded itself into the same
location in memory, which inhibited the effectiveness of Android's
ASLR implementation. Modify the linker code so it can be relocatable
and link itself at runtime.
Change-Id: I90d064743abdd29450ac0482ed28752b2196286c
Modify the dynamic linker so that executables can be loaded
at locations other than 0x00000000.
Modify crtbegin* so that non-PIC compilant "thumb interwork
veneers" are not created by the linker.
Bug: 5323301
Change-Id: Iece0272e2b708c79034f302c20160e1fe9029588
In 48527c3f74, we modified the soinfo
structure to remove an unnecessary variable. However, third party
programs seem to be relying on the structure not changing.
Add a dummy variable back into place to preserve structure.
Bug: 5064106
Change-Id: I3014dda1a46e624644b09e156c3e9381ba3729bd
This patch allows the debugging of constructors in shared
libraries and executables. It does so by ensuring that the
corresponding binary is visible to gdb before running the
constructors.
Change-Id: I0a3df726a04ad109944c834dcbba672b85d3991e
When a fatal signal is received, we now write a message to the log
that looks like this:
F/libc ( 1540): Fatal signal 11 (SIGSEGV) at 0xdeadd00d (code=1)
This is useful for debugging fatal signals that turn out not to be
fatal. This also changes the signal reset from SIG_IGN to SIG_DFL,
so that future non-fatal fatal signals are fatal.
The code that blocked SIGUSR1 to avoid being interrupted by the GC
has been removed.
Also, fix minor issues in format_buffer().
Bug 5035703
Change-Id: I8940af47297b5dcf3cf33537e3483ca5334ed565
Currently, the Android linker is placing shared libraries into
a well-known spot in memory. This is interfering with the kernel's
ASLR support.
This change stops forcing non-prelinked libraries into a particular
address space.
Also, get rid of FLAG_PRELINKED. As best I can tell, this flag
is never used.
Change-Id: I527af12fb54f821c2b5ca7693dbf63d022f8f4ae
Prelinked libraries must be mapped to a fixed address. MAP_FIXED is ignored
for non-prelinked libraries (si->base==0)
Signed-off-by: Raghu Gandham <raghu@mips.com>
* commit '962dcb22218a1a6d4ebd05e4fc4a69875d037234':
libc: Fix PTHREAD_RWLOCK_INITIALIZER
Proxy getnameinfo through netd
Updated gcc 4.4.3 IA toolchain doesn't require the .ctors list
Convert cname lenght before use
system_server loads up 87 shared libraries upon start. Running under
valgrind pushes this just over the edge of 96. Increase SO_MAX to 128 to
give us some more headroom.
Change-Id: Iadceb14ab6d9621bdccd292570d50867828057d9
The linker_env_get() method that is used to match an environment
variable was failing due to an incorrect equality check.
This was introduced in git change
be5755969d.
The bug was causing the linker to ignore environment variables such
as LD_LIBRARY_PATH. This issue also affects the linker_env_secure()
path that removes unsafe environment variables, since it would
not match any in the unsecure variable list.
Change-Id: I14228df9252010e9fb4c1862bed5735f23e97aec
The linker_env_get() method that is used to match an environment
variable was failing due to an incorrect equality check.
This was introduced in git change
be5755969d.
The bug was causing the linker to ignore environment variables such
as LD_LIBRARY_PATH. This issue also affects the linker_env_secure()
path that removes unsafe environment variables, since it would
not match any in the unsecure variable list.
Change-Id: I169024de4a005321e768accd38246fc1d717271b
This removes several unsecure environment variables from the
environment block when the program being loaded is setuid. The
list of env. variables is the same than what GLibc uses at this
point.
Change-Id: I456d3ea0880fe0d4de0d3c5dd51871dd36e87fd6
The LD_PRELOAD environment variable allows the user to specify a list of
libraries which should be unconditionally loaded before any others. This
makes possible some useful tricks, such as library interposers.
Change-Id: I433d775ab08ef63a5fbe7b21f87a5642954fc32f
The previous implementation of this flag was broken--it behaved identically
to RTLD_DEFAULT. This adds a proper implementation, which examines the address
of the calling function, and uses it to determine which library to use to begin
the symbol search process.
Change-Id: I2ad2b46363f68932af63a3828a22f9c7987eea67
dladdr() is a GNU extension function, which allows the caller to retrieve
symbol information for a specified memory address. It is useful for things
like generating backtrace information at runtime.
Change-Id: I3a1def1a6c9c666d93e1e97b7d260dfa5b9b79a9