# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit '9a9bb243b50be5e3910b8edad72327bc216e72d0':
Switch to using AT_RANDOM for the stack guards.
There's now only one place where we deal with this stuff, it only needs to
be parsed once by the dynamic linker (rather than by each recipient), and it's
now easier for us to get hold of auxv data early on.
Change-Id: I6314224257c736547aac2e2a650e66f2ea53bef5
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit 'd4187efd7f9c30ffaff4738862e3d08be27a52e9':
Switch x86 syscall stubs over to the ENTER/END style of the ARM stubs.
Also update the x86 asm.h to support this; we need it for libm assembler
anyway.
Also clean up the _FBSDID hack in <sys/cdefs.h>.
Change-Id: Iababd977b8110ec022bf7c93f4d62ece47630e7c
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit '3dc6b57cf54b15a756551deeda33df5715e519bb':
Don't claim there were no leaks if we weren't even checking.
This brings us up to date with FreeBSD HEAD, fixes various bugs, unifies
the set of functions we support on ARM, MIPS, and x86, fixes "long double",
adds ISO C99 support, and adds basic unit tests.
It turns out that our "long double" functions have always been broken
for non-normal numbers. This patch fixes that by not using the upstream
implementations and just forwarding to the regular "double" implementation
instead (since "long double" on Android is just "double" anyway, which is
what BSD doesn't support).
All the tests pass on ARM, MIPS, and x86, plus glibc on x86-64.
Bug: 3169850
Bug: 8012787
Bug: https://code.google.com/p/android/issues/detail?id=6697
Change-Id: If0c343030959c24bfc50d4d21c9530052c581837
Otherwise people trying to use this are left wondering "did I not leak, or did
the leak checking code not get called when I exited?".
Change-Id: If79b225f8a2e24dd69aba1fb836bf9e81bb00efe
# Via Elliott Hughes (1) and Gerrit Code Review (1)
* commit 'a990cf5b3392c5aef767aee1e67b4d7ef651afc6':
Clean up trailing whitespace in the kernel headers.
Replace a kernel header file dependency with files from NetBSD.
They're more complete, and ELF is ELF, whether you're on Linux or a BSD.
Bug: 7973611
Change-Id: I83ee719e7efdf432ec2ddbe8be271d05b2f558d7
# Via Android Git Automerger (1) and others
* commit '3f20ecc20486ae8fe8d9332102b503135f83c62d':
Don't collect useless stack frames; do demangle C++ symbols.
Previously, we'd collect every stack frame and then throw some away
when we came to log them. This meant that stack traces were effectively
shorter than the buffers that had been allocated for them. This patch
only stores frames we'll actually output.
Also dynamically call the C++ demangler so we don't have to try to
read mangled names. Because no one knows the mangling of operator new[]
for int arrays off the top of their head.
Bug: 7291287
Change-Id: I42b022fd7cd61675d05171de4c3b2704d058ef2a
Include the leaky executable's name in the log output. Fix the "sh" test.
Use uintptr_t instead of intptr_t.
Also fix debug formatting of NULL with %s.
Bug: 7291287
Change-Id: I015bf341cd48d43a247173612e6ccb1bf1243d53
# By Matthieu Castet
# Via Android Git Automerger (1) and others
* commit '7ae998456c2564aff4ecbe6a6df214821f6e26cc':
arm syscall : for eabi call_default don't use stack
# By Matthieu Castet
# Via Gerrit Code Review (1) and Matthieu Castet (1)
* commit '6a94cb748bf63278c3271b0ab610061b0dc6f04a':
arm syscall : for eabi call_default don't use stack
Check that the permissions on the properties file
are exactly as we expect them to be.
Make sure we close the fd if fstat fails.
Refactor the code slightly.
Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
prctl.h uses __BEGIN_DECLS but fails to include sys/cdefs.h
(where it's defined). Code which includes prctl.h without
previously including sys/cdefs.h will fail to compile.
Fixed.
Change-Id: If4c9f3308f08b93596dcd00e351ae786807e9320
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable. Fall back to the environment variable
if the file doesn't exist.
Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a
We don't know that they're not going to be cleaned up by a
C++ global destructor that runs after us. This is the case with
bootanimation, for example.
Bug: 7291287
Change-Id: Iba402514d1735fdc2ae4bc95b65396d816be46c0
When each shell leaks ~240 allocations, you can't see the leaks from
the program you ran with "adb shell".
Bug: 7291287
Change-Id: Ib8780db72ba0114ebdb24768537da74bbb61f354
Both libc/include/sys/auxv.h and libc/private/bionic_auxv.h
use _SYS_AUXV_H_ to see if a header file has already been included.
This prevents both of these files from being included at the same
time.
Fix this name conflict.
Change-Id: Ifaec88aa9779d784b95f8e75145117acf3d5cfc5
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.
This avoids silliness like calling fortify source on things like:
size_t len = strlen("asdf");
printf("%d\n", len);
and allows the compiler to optimize this code to:
printf("%d\n", 4);
Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.
Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
In the default case, we don't need to use the stack, we can save r7 with
ip register (that what does eglibc).
This allow to fix vfork data corruption
(see 3884bfe966), because vfork now don't
use the stack.
This reverts commit f4b34b6c39.
The revert was only meant to apply to the jb-mr1 branch, but accidentally
leaked out into AOSP. This revert-revert gets AOSP master and internal
master back in sync.
If the platform code is compiled with -mcpu=cortex-a15, then without this
change prebuilt libraries built against -march=armv7 cannot resolve the
dependency on __aeabi_idiv (provided by libgcc.a).
Bug: 7961327
cherry-picked from internal master.
Change-Id: I8fe59a98eb53d641518b882523c1d6a724fb7e55
Pull a new version of auxvec.h from the upstream Linux
kernel at commit b719f43059903820c31edb30f4663a2818836e7f
These files were generated using the following commands:
cd bionic/libc/kernel
./tools/clean_header.py -u ../../../external/kernel-headers/original/uapi/linux/auxvec.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/auxvec.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/asm-x86/auxvec.h
This change is needed to get AT_RANDOM defined.
Change-Id: Ib064649684b17af6ff4b1a31d501a05f78bb81d0
The dynamic linker applies relro before the preinit and init
arrays are executed, so we should be consistent for statically
linked executables.
Change-Id: Ia0a49d0e981a6e8791f74eed00280edf576ba139
This property file is used for properties which are set at device
provisioning time or in the factory. They are never touched by
a software update or factory data reset and typically contain
data specific to the particular unit.
Change-Id: I2e7c2fe62cb684cb2449eea917c42b19462e89a5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add signalfd() call to bionic.
Adding the signalfd call was done in 3 steps:
- add signalfd4 system call (function name and syscall
number) to libc/SYSCALLS.TXT
- generate all necessary headers by calling
libc/tools/gensyscalls.py. This patch is adding
the generated files since the build system
does not call gensyscalls.py.
- create the signalfd wrapper in signalfd.cpp and add
the function prototype to sys/signalfd.h
(cherry-pick of 0c11611c11, modified to
work with older versions of GCC still in use on some branches.)
Change-Id: I4c6c3f12199559af8be63f93a5336851b7e63355
Spotted while running the tests on MIPS, where sigset_t is
actually large enough. The bits in sigset_t are used such that
signal 1 is represented by bit 0, so the range of signals is
actually [1, 8*sizeof(sigset_t)]; it seems clearer to reword
the code in terms of valid bit offsets [0, 8*sizeof(sigset_t)),
which leads to the usual bounds checking idiom.
Change-Id: Id899c288e15ff71c85dd2fd33c47f8e97aa1956f
Previously we'd been relying on getting the machine-specific <endian.h>
instead of the top-level <endian.h>, and <sys/endian.h> was basically broken.
Now, with this patch and the previous patch we should have <endian.h>
and <sys/endian.h> behaving the same. This is basically how NetBSD's endian.h
works, and was probably how ours was originally intended to work.
Bug: http://code.google.com/p/android/issues/detail?id=39824
Change-Id: I71de5a507e633de166013a658b5764df9e1aa09c
raise() should use pthread_kill() in a pthreads environment.
For bionic this means it should always be used.
Change-Id: Ic679272b664d2b8a7068b628fb83a9f7395c441f
These checks haven't been as useful as I hoped, and it's
causing a false positive finding. Remove the overlap
compile time checks.
Change-Id: I5d45dde10ae4663d728230d41fa904adf20acaea
You could argue that this is hurting people smart enough to have manually
allocated a large-enough sigset_t, but those people are smart enough to
implement their own sigset functions too.
I wonder whether our least unpleasant way out of our self-inflicted 32-bit
cesspool is to have equivalents of _FILE_OFFSET_BITS such as _SIGSET_T_BITS,
so calling code could opt in? You'd have to be careful passing sigset_t
arguments between code compiled with different options.
Bug: 5828899
Change-Id: I0ae60ee8544835b069a2b20568f38ec142e0737b
This patch replaces .S versions of x86 crtfiles with .c which are much
easier to support. Some of the files are matching .c version of Arm
crtfiles. x86 files required some cleanup anyway and this cleanup actually
led to matching Arm files.
I didn't change anything to share the same crt*.c between x86 and Arm. I
prefer to keep them separate for a while in case any change is required
for one of the arch, but it's good thing to do in the following patches.
Change-Id: Ibcf033f8d15aa5b10c05c879fd4b79a64dfc70f3
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
The near duplicates upset fussier compilers that insist that
typedefs be exactly the same, but the fix isn't to make all
copies identical...
Change-Id: Icfdace41726f36ec33c9ae919dbb5a54d3529cc9
Define the macros ACCESSPERMS, ALLPERMS and DEFFILEMODE.
These macros originates from BSD but has been available in glibc
for quite some time.
Change-Id: I429cd30aa4e73f53b153ee7740070cebba166c57
We'd manually hacked _BYTE_ORDER into the arm and mips "_types.h" headers,
but not into the x86 one. Judging by upstream, _BYTE_ORDER should be in
the "endian.h" headers instead, so let's uniformly do that.
I've also ironed out some of the other differences between the different
architectures' header files too.
Bug: http://code.google.com/p/android/issues/detail?id=39824
Change-Id: I19d3af7ffd74e1c02b1b6886aec0f0d11f44ab8d
This reflects the following changes recently circulated on the tz mailing list:
Libya moved to CET [2012-11-11], but with DST planned [2013].
(Thanks to Even Scharning, Steffen Thorsen, and Tim Parenti.)
I also had to change the script to cope with:
Signatures now have the extension .asc, not .sign, as that's more
standard. (Thanks to Phil Pennock.)
Change-Id: Ie9711c5c796b3c122daea9690929edcc3ddd32da
__WINT_TYPE__ type provided by gcc. It references to unsigned int
type for android and linux. Patch corrects wint_t typedef to
__WINT_TYPE__.
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
Change-Id: Iabeb9fcb0b7bb303a8b220043e339126f125dd68
In 9ec0f03a0d, we added dynamic
linker support for GNU_RELRO protections. These protections
make certain regions of memory read-only, helping protect certain
data structures from accidental or deliberate modifications.
This change adds GNU_RELRO support to STATIC executables. We can
determine if we're compiled with relro protections by examining
our own program headers, which is passed to us by the kernel
in the AT_PHDR and AT_PHNUM auxiliary vectors.
Parts of this code were stolen from the dynamic linker.
Change-Id: Ic17eb5f932218538ec25347ece314d4dc7549de1
Adds new code to function memset, optimized for Cortex A9.
Copyright (C) ST-Ericsson SA 2010
Added neon implementation
Author: Henrik Smiding henrik.smiding@stericsson.com for ST-Ericsson.
Change-Id: Id3c87767953439269040e15bd30a27aba709aef6
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
Adds new code to memcpy function, optimized for Cortex A9.
Adds new ARM-only loop, for operations where source and
destination are aligned.
Copyright (C) ST-Ericsson SA 2010
Modified neon implementation to fit Cortex A9 cache line size,
for those running 32 bytes L2 cache line size.
Also split the implementation in aligned and unaligned access,
for those that allows unaligned memory access with Neon.
For totally aligned operations, arm-only code is used.
Change-Id: I95ebf6164cd6486b12a7e3e98e369db21e7e18d2
Author: Henrik Smiding henrik.smiding@stericsson.com for ST-Ericsson.
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
Also support GPG signature verification of updates, and fix remaining
pylint complaints.
The 2012i release of the tz data reflects the following changes recently
circulated on the tz mailing list:
* Cuba switches from DST [2012-11-04] at 01:00. (Thanks to Steffen Thorsen.)
Change-Id: Ie81d395afa40aa217a0196aad8ca1f9a870bbc31
...and don't pass a non-heap pointer to free(3), either.
This patch replaces the "node** prev" with the clearer "node* prev"
style and fixes the null pointer dereference in the old code. That's
not sufficient to fix the reporter's bug, though. The pthread_internal_t*
for the main thread isn't heap-allocated --- __libc_init_tls causes a
pointer to a statically-allocated pthread_internal_t to be added to
the thread list.
Bug: http://code.google.com/p/android/issues/detail?id=37410
Change-Id: I112b7f22782fc789d58f9c783f7b323bda8fb8b7
Most of these tests were in system/extras, but I've added more to cover other
cases explicitly mentioned by POSIX.
Change-Id: I5e8d77e4179028d77306935cceadbb505515dcde
pthread_no_op_detach_after_join test from bionic-unit-tests hangs
on x86 emulator. There is a race in the pthread_join, pthread_exit,
pthread_detach functions:
- pthread_join waits for the non-detached thread
- pthread_detach sets the detached flag on that thread
- the thread executes pthread_exit which just kills the now-detached
thread, without sending the join notification.
This patch improves the test so it fails on ARM too, and modifies
pthread_detach to behave more like glibc, not setting the detach state if
called on a thread that's already being joined (but not returning an error).
Change-Id: I87dc688221ce979ef5178753dd63d01ac0b108e6
Signed-off-by: Sergey Melnikov <sergey.melnikov@intel.com>
The first NULL pointer check against `attr' suggests that `attr' can
be NULL. Then later `attr' is directly dereferenced, suggesting the
opposite.
if (attr == NULL) {
...
} else {
...
}
...
if (attr->stack_base == ...) { ... }
The public API pthread_create(3) allows NULL, and interprets it as "default".
Our implementation actually swaps in a pointer to the global default
pthread_attr_t, so we don't need any NULL checks in _init_thread. (The other
internal caller passes its own pthread_attr_t.)
Change-Id: I0a4e79b83f5989249556a07eed1f2887e96c915e
Signed-off-by: Xi Wang <xi.wang@gmail.com>
The declaration for alphasort() in <dirent.h> used the deprecated:
int alphasort(const void*, const void*);
while both Posix and GLibc use instead:
int alphasort(const struct dirent** a, const struct dirent** b);
See: http://pubs.opengroup.org/onlinepubs/9699919799/functions/alphasort.html
This patch does the following:
- Update the declaration to match Posix/GLibc
- Get rid of the upstream BSD code which isn't compatible with the new
signature.
- Implement a new trivial alphasort() with the right signature, and
ensure that it uses strcoll() instead of strcmp().
- Remove Bionic-specific #ifdef .. #else .. #endif block in
dirent_test.cpp which uses alphasort().
Even through strcoll() currently uses strcmp(), this does the right
thing in the case where we decide to update strcoll() to properly
implement locale-specific ordered comparison.
Change-Id: I4fd45604d8a940aaf2eb0ecd7d73e2f11c9bca96
The 2012h release reflects the following changes recently circulated
on the tz mailing list:
[Brazil] Bahia no longer has DST. (Thanks to Kelley Cook.)
[Brazil] Tocantins has DST. (Thanks to Rodrigo Severo.)
[Israel] Israel has new DST rules next year. (Thanks to Ephraim Silverberg.)
[Jordan] Jordan stays on DST this winter. (Thanks to Steffen Thorsen.)
Bug: 7429010
Change-Id: I0ec5fb72343e42f3f79490dfdea5f7f1946ae76f
The 2012h release reflects the following changes recently circulated
on the tz mailing list:
[Brazil] Bahia no longer has DST. (Thanks to Kelley Cook.)
[Brazil] Tocantins has DST. (Thanks to Rodrigo Severo.)
[Israel] Israel has new DST rules next year. (Thanks to Ephraim Silverberg.)
[Jordan] Jordan stays on DST this winter. (Thanks to Steffen Thorsen.)
Bug: 7429010
Change-Id: I82f19ce49f944f928b6dd8dc5a893786266e5cb9
Based on a pair of patches from Intel:
https://android-review.googlesource.com/#/c/43909/https://android-review.googlesource.com/#/c/44903/
For x86, this patch supports _both_ the global that ARM/MIPS use
and the per-thread TLS entry (%gs:20) that GCC uses by default. This
lets us support binaries built with any x86 toolchain (right now,
the NDK is emitting x86 code that uses the global).
I've also extended the original tests to cover ARM/MIPS too, and
be a little more thorough for x86.
Change-Id: I02f279a80c6b626aecad449771dec91df235ad01
Also separate out the C++ files so we can use -Werror on them. I'd
rather wait for LOCAL_CPPFLAGS to be in AOSP, but this also lets us
see which files still need to be sorted into one bucket or the other.
Change-Id: I6acc1f7c043935c70a3b089f705d218b9aaaba0a
Also remove the obsolete individual files, and the temporary script
that converted between the formats.
Bug: 7012465
Change-Id: I5a4030098e4d53e747fd6d395df2679d1567ee1f
