Commit Graph

299 Commits

Author SHA1 Message Date
Elliott Hughes
929be68849 Hide accidentally-exposed __clock_nanosleep.
Bug: http://b/21858067
Change-Id: Iaa83a5e17cfff796aed4f641d0d14427614d9399
(cherry picked from commit b1304935b6)
2015-06-16 10:44:24 -07:00
Elliott Hughes
25ac753f47 Add process_vm_readv and process_vm_writev.
Bug: http://b/21761353
Change-Id: Ic8ef3f241d62d2a4271fbc783c8af50257bac498
(cherry picked from commit be57a40d29)
2015-06-10 18:55:06 -07:00
Nick Kralevich
c92f9f8069 libc: Add O_PATH support for fgetxattr / fsetxattr
Support O_PATH file descriptors when handling fgetxattr and fsetxattr.
This avoids requiring file read access to pull extended attributes.

This is needed to support O_PATH file descriptors when calling
SELinux's fgetfilecon() call. In particular, this allows the querying
and setting of SELinux file context by using something like the following
code:

  int dirfd = open("/path/to/dir", O_DIRECTORY);
  int fd = openat(dirfd, "file", O_PATH | O_NOFOLLOW);
  char *context;
  fgetfilecon(fd, &context);

This change was motivated by a comment in
https://android-review.googlesource.com/#/c/152680/1/toys/posix/ls.c

(cherrypicked from commit 2825f10b7f)

Change-Id: Ic0cdf9f9dd0e35a63b44a4c4a08400020041eddf
2015-06-02 10:08:05 -07:00
Dan Albert
5f3e19dbbe Fix error handling for negative size in ftruncate.
Bug: 21309901
Change-Id: I54692ab8105dd09db6af7a2c0894a17bdd118aa0
(cherry picked from commit c05554ec5c)
2015-06-01 11:28:13 -07:00
Yabin Cui
7490c5c594 Hide rt_sigqueueinfo.
Bug: 19358804
Change-Id: I38a53ad64c81d0eefdd1d24599e769fd8a477a56
(cherry picked from commit 40a8f214a5)
2015-05-18 13:34:51 -07:00
Elliott Hughes
3391a9ff13 Simplify close(2) EINTR handling.
This doesn't affect code like Chrome that correctly ignores EINTR on
close, makes code that tries TEMP_FAILURE_RETRY work (where before it might
have closed a different fd and appeared to succeed, or had a bogus EBADF),
and makes "goto fail" code work (instead of mistakenly assuming that EINTR
means that the close failed).

Who loses? Anyone actively trying to detect that they caught a signal while
in close(2). I don't think those people exist, and I think they have better
alternatives available.

Bug: https://code.google.com/p/chromium/issues/detail?id=269623
Bug: http://b/20501816
Change-Id: I11e2f66532fe5d1b0082b2433212e24bdda8219b
2015-04-23 08:41:45 -07:00
Christopher Ferris
940d3122c9 Fix addition of extra arg to cfi_restore.
Change-Id: I8fdcc1ae3e91b69ccbcec756a89e1ccb4fa1be53
2015-04-14 17:02:31 -07:00
Christopher Ferris
605ee81b06 Add missing cfi directives for x86 assembler.
Change-Id: I80d3e33a71bbaeab5f39b667ebe61e865fd54b80
2015-04-14 16:42:10 -07:00
Christopher Ferris
24958514b9 Use ALIAS_SYMBOL for assembler aliasing.
Change-Id: I8d04d2da0a1ac440cc9044fc819c9a8eda5ff17d
2015-03-25 09:12:00 -07:00
Christopher Ferris
fa5faa0ce6 Make gensyscalls.py use the ALIAS_SYMBOL macro.
Change-Id: Ib94c0abb6fc85126ecc5ed3f1962b2b8b90b9952
2015-03-24 21:08:26 -07:00
Nick Kralevich
35778253a5 Fix "faccessat ignores flags"
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.

Fix the kernel system call so that no flags argument is passed in.

Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.

For example, consider the following code:

  symlink("foo.is.dangling", "foo");
  if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
    int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
  }

The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.

Some further discussions of this are at:

  * http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
  * http://permalink.gmane.org/gmane.linux.lib.musl.general/6952

AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.

Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.

Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
2015-02-24 13:40:43 -08:00
Colin Cross
da2c0a708e Merge changes Ib87855e8,I4b46ae20,I66364a5c,Id3fcf680
* changes:
  Use LOCAL_LDFLAGS_64 instead of enumerating 64-bit architectures
  Fix typo in cpu variant makefile depenendency for arm64
  Remove libc_static_common_src_files
  Share LP32 makefile settings between arches
2015-02-05 01:57:28 +00:00
Colin Cross
1742a32aea Share LP32 makefile settings between arches
Add <var>_32 to patch-up-arch-specific-flags, and move the LP32
cruft varaibles from the 32-bit arch specific makefiles into the
top level Android.mk.

Change-Id: Id3fcf6805d4af048c2524c94b1295416ebe7d057
2015-02-04 17:35:49 -08:00
Nick Kralevich
00490ae3f3 Ensure raw fchmod/fchmodat syscalls are hidden.
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:

  for LP64 these will be hidden. for LP32 we were cowards and left
  them all public for compatibility (though i don't think we ever
  dremeled to see whether it was needed). we don't have an easy
  way to recognize additions, though, so we can't prevent adding
  new turds.

Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.

Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
2015-02-03 12:10:30 -08:00
Nick Kralevich
3cbc6c627f Add fchmodat(AT_SYMLINK_NOFOLLOW) and fchmod O_PATH support
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.

There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.

Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".

Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.

This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.

As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.

The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.

Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
2015-02-02 13:17:17 -08:00
Yabin Cui
94926f8cfa Merge "support _POSIX_REALTIME_SIGNALS" 2014-12-09 20:10:19 +00:00
Yabin Cui
634816055f support _POSIX_REALTIME_SIGNALS
Bug: 18489947
Change-Id: I2e834d68bc10ca5fc7ebde047b517a3074179475
2014-12-08 21:52:43 -08:00
Elliott Hughes
56e017306e Simplify our endian.h implementation.
We can rely on the compiler's builtins. Tested on arm, arm64, mips, x86,
and x86-64.

Change-Id: I0f774ed7e85b3c791a3178d8ef17c6500e6a9ace
2014-12-08 20:35:08 -08:00
Elliott Hughes
8d4c55cc74 Clean up the x86-64 and x86 setjmp families.
Bug: 16918359
Change-Id: Ic8ca0af9ea99636bc71f19d46071f1cea6eef982
2014-12-05 22:20:08 -08:00
Elliott Hughes
12f35ada43 Switch x86 and x86-64 to __builtin_bswap*.
Bug: 18597513
Change-Id: I0781208efb3b560d7c6fa48f41be7bc6fc83521e
2014-12-02 20:16:05 -08:00
Elliott Hughes
b514026eb2 Kill <machine/exec.h>.
Bug: 18546535
Change-Id: I479e003deab21e31eb5caa5393067ed1dc558387
2014-12-02 16:16:29 -08:00
Elliott Hughes
b86a4c7f65 Add sethostname(2).
Not very useful, but helps building stuff like toybox out of the box.

Change-Id: I110e39030452bd093a84278e019c5752d293718d
2014-11-07 16:48:27 -08:00
Pavel Chupin
50321e2e66 [x86,x86_64] Fix libgcc unwinding through signal
This change provides __restore/__restore_rt on x86 and __restore_rt on
x86_64 with unwinding information to be able to unwind through signal
frame via libgcc provided unwinding interface. See comments inlined for
more details.

Also remove the test that had a dependency on
__attribute__((cleanup(foo_cleanup))). It doesn't provide us with any
better test coverage than we have from the newer tests, and it doesn't
work well across a variety architectures (presumably because no one uses
this attribute in the real world).

Tested this on host via bionic-unit-tests-run-on-host on both x86 and
x86-64.

Bug: 17436734
Change-Id: I2f06814e82c8faa732cb4f5648868dc0fd2e5fe4
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
2014-10-27 16:14:55 -07:00
Chih-Hung Hsieh
c89ee272fb Replace ambiguous cmp operator with cmpl.
Clang assembler rejects ambiguous cmp instruction.

BUG: 17302482
Change-Id: Ie8dca7e4f46e0906c47076bba21c1941482ba6b3
2014-10-21 16:25:35 -07:00
Haruki Hasegawa
1816025684 Add clock_settime and clock_nanosleep.
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.

Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
2014-10-13 17:04:10 -07:00
Christopher Ferris
6869d26ad9 Force export symbols on all x86 variants in libc.
For silvermont, the __popcountsi2 symbol does not get exported by libc.
But for atom, this symbol is exported. Since we already exported this symbol
for previous releases, it's better to just follow through and force
the export, but only for 32 bit. x86 64 bit will not export this symbol.

Bug: 17681440

(cherry picked from commit d11eac3455)

Change-Id: I93704c721d98d569922f606f214069bda24872ba
2014-10-06 16:41:46 -07:00
Elliott Hughes
7c02d9428c Clean up the architecture-specific makefiles.
Group things appropriately and name each group.

Change-Id: I0da45eb0ccde19c31d5e984d0e6eb3dad26630dc
2014-09-16 19:06:31 -07:00
Elliott Hughes
36f451a6d9 Fix signal trampolines.
* LP32 should use sa_restorer too. gdb expects this, and future (>= 3.15) x86
  kernels will apparently stop supporting the case where SA_RESTORER isn't
  set.

* gdb and libunwind care about the exact instruction sequences, so we need to
  modify the code slightly in a few cases to match what they're looking for.

* gdb also cares about the exact function names (for some architectures),
  so we need to use __restore and __restore_rt rather than __sigreturn and
  __rt_sigreturn.

* It's possible that we don't have a VDSO; dl_iterate_phdr shouldn't assume
  that getauxval(AT_SYSINFO_EHDR) will return a non-null pointer.

This fixes unwinding through a signal handler in gdb for all architectures.
It doesn't fix libunwind for arm and arm64. I'll keep investigating that...

Bug: 17436734
Change-Id: Ic1ea1184db6655c5d96180dc07bcc09628e647cb
2014-09-15 15:04:14 -07:00
Dmitriy Ivanov
6487f0d834 Merge "Add IFUNC support for arm64 and IRELATIVE reloc" 2014-09-12 00:40:12 +00:00
Dmitriy Ivanov
9aea164457 Add IFUNC support for arm64 and IRELATIVE reloc
There are number of changes in the way IFUNC related relocations are done:
 1. IRELATIVE relocations are now supported for x86/x86_64 and arm64.
 2. IFUNC relocations are now relying on static linker to generate
    them in correct order - this removes necessety of additional
    relocation pass for ifuncs.
 3. Related to 2: rela?.dyn relocations are preformed before .plt ones.
 4. Ifunc are resolved on symbol lookup this approach allowed to avoid
    mprotect(PROT_WRITE) call on r-x program segments.

Bug: 17399706
Bug: 17177284
Change-Id: I414dd3e82bd47cc03442c5dfc7c279949aec51ed
2014-09-11 16:30:45 -07:00
Elliott Hughes
b587f339db Add posix_fadvise(3).
(cherry-pick of 00008263782e484020420c606f7d145fe7d0a4d8.)

Bug: 12449798
Change-Id: I07cbf3f670a0d1304b68148325a774f266b5c433
2014-09-11 08:45:46 -07:00
Elliott Hughes
011e111d29 Ensure __set_errno is still visible on LP32.
The use of the .hidden directive to avoid going via the PLT for
__set_errno had the side-effect of actually making __set_errno
hidden (which is odd because assembler directives don't usually
affect symbols defined in a different file --- you can't even
create a weak reference to a symbol that's defined in a different
file).

This change switches the system call stubs over to a new always-hidden
__set_errno_internal and has a visible __set_errno on LP32 just for
binary compatibility with old NDK apps.

(cherry-pick of 7efad83d430f4d824f2aaa75edea5106f6ff8aae.)

Bug: 17423135
Change-Id: I6b6d7a05dda85f923d22e5ffd169a91e23499b7b
2014-09-08 16:46:50 -07:00
Chih-Hung Hsieh
4f8268e38f Merge "Replace ambiguous cmp instruction with cmpl." 2014-08-27 22:46:07 +00:00
Chih-Hung Hsieh
857fa6b2a3 Replace ambiguous cmp instruction with cmpl.
Clang assembler rejects ambiguous cmp instruction.

BUG: 17302482
Change-Id: I74f49de87464541f9fe6fa288e4093a9fbf37120
2014-08-27 15:04:23 -07:00
Elliott Hughes
57b7a6110e Fix pthread_getattr_np for the main thread.
On most architectures the kernel subtracts a random offset to the stack
pointer in create_elf_tables by calling arch_align_stack before writing
the auxval table and so on. On all but x86 this doesn't cause a problem
because the random offset is less than a page, but on x86 it's up to two
pages. This means that our old technique of rounding the stack pointer
doesn't work. (Our old implementation of that technique was wrong too.)

It's also incorrect to assume that the main thread's stack base and size
are constant. Likewise to assume that the main thread has a guard page.
The main thread is not like other threads.

This patch switches to reading /proc/self/maps (and checking RLIMIT_STACK)
whenever we're asked.

Bug: 17111575
Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Change-Id: I1d4dbffe7bc7bda1d353c3a295dbf68d29f63158
2014-08-26 10:36:38 -07:00
Elliott Hughes
0e7f8a9e52 Simplify _ALIGN_TEXT.
Bug: 16872067
Change-Id: I2b622f252c21ce1b344c040f828ab3f4bf9b6c0a
2014-08-20 13:11:58 -07:00
Elliott Hughes
ca5b6a74a7 Fix our x86 PIC_PROLOGUE.
The old definition only worked for functions that didn't use numbered
local labels. Upstream uses '666' not only as some kind of BSD in-joke,
but also because there's little likelihood of any function having
labels that high.

There's a wider question about whether we actually want to go via the
PLT at all in this code, but that's a question for another day.

(cherry-pick of 72d7e667c7e926cb120c4edb53cbf74c652ab915.)

Bug: 16906712
Change-Id: I3cd8ecc448b33f942bb6e783931808ef39091489
2014-08-09 22:18:33 -07:00
Dan Albert
bc9f9f25bf Make __set_errno hidden in asm.
This fixes the build after the -Bsymbolic change.

Bug: 16853291
Change-Id: I989c9fec3c32e0289ea257a3bd2b7fd2709b6ce2
2014-08-08 15:35:47 -07:00
Dan Albert
3726f9c38b Revert "Fix incorrect relocations for x86."
Bug: 16853291
This reverts commit 512bc52326.
2014-08-08 22:26:47 +00:00
Dan Albert
512bc52326 Fix incorrect relocations for x86.
These calls were not going through the PLT like they should have been.

Bug: 16853291
Change-Id: Id70488b077256a70137c4417f21be2c2d1d4341c
2014-08-07 16:21:47 -07:00
Elliott Hughes
d994622ebf Merge "Android is all-PIC/PIE." 2014-08-07 14:59:23 +00:00
Elliott Hughes
6b6364a7fc Android is all-PIC/PIE.
Clean up the x86/x86_64 assembler. The motivator (other than reducing
confusion) was that asm.h incorrectly checked PIC rather than __PIC__.

Bug: 16823325
Change-Id: Iaa9d45009e93a4b31b719021c93ac221e336479b
2014-08-07 10:54:54 -07:00
Dan Albert
6a918870ba Revert "Replaces vfork() implementation with fork()"
We're getting cold feet on this one... let's put it back.

This reverts commit 210331d976.

Change-Id: I6b0d3c2b1dbf7f1dc9566979a91b7504c2189269
2014-08-05 14:11:38 -07:00
Elliott Hughes
79310994d2 Implement <sys/fsuid.h>.
Change-Id: I1e5e50444a1b5a430ba5b5d9b8b1d91219af5e92
2014-07-30 15:19:29 -07:00
Elliott Hughes
ca70453e84 Remove the unused swab.S.
Change-Id: Id30eac5a21b649d6a039a0d7ca0496177fbfb571
2014-07-22 20:21:31 -07:00
Elliott Hughes
1558138315 Regenerate the bionic NOTICE files.
Also fix a few formatting issues in copyright headers that were confusing
the script (though obviously it would be better if the script were smarter).

Change-Id: I7f561bef4f84fdcbd84f375ee226bd65db0e507b
2014-07-07 15:42:06 -07:00
Elliott Hughes
3f525d41c2 Add splice, tee, and vmsplice.
Change-Id: I5f43380b88d776a8bb607b47dbbc5db5a2fe6163
2014-06-24 19:03:31 -07:00
Dan Albert
0d7415fb22 Merge "Remove SHA1 from LP64 in favor of libcrypto." 2014-06-20 20:43:43 +00:00
Elliott Hughes
7086ad6919 Cache getpid.
In practice, with this implementation we never need to make a system call.
We get the main thread's tid (which is the same as our pid) back from
the set_tid_address system call we have to make during initialization.
A new pthread will have the same pid as its parent, and a fork child's
main (and only) thread will have a pid equal to its tid, which we get for
free from the kernel before clone returns.

The only time we'd actually have to make a getpid system call now is if
we take a signal during fork and the signal handler calls getpid. (That,
or we call getpid in the dynamic linker while it's still dealing with its
own relocations and hasn't even set up the main thread yet.)

Bug: 15387103
Change-Id: I6d4718ed0a5c912fc75b5f738c49a023dbed5189
2014-06-20 09:06:57 -07:00
Dan Albert
c82c0b7e07 Remove SHA1 from LP64 in favor of libcrypto.
Keep the symbols around on LP32 for binary compatibility.

Bug: 11156955
Change-Id: I379a7e0fa3092e9a70daeafcbcb2aacfc314031a
2014-06-16 16:52:27 -07:00