Commit Graph

2091 Commits

Author SHA1 Message Date
Nick Kralevich
c2f1d215b1 Merge "FORTIFY_SOURCE: add snprintf, vsnprintf" 2012-06-12 08:50:57 -07:00
Elliott Hughes
f525fb525b am 20afd4e7: am e0961445: Merge "Remove the meaningless on Linux if_dl.h header."
* commit '20afd4e70c2f346d7cd03a7a3049f8de2d176d5c':
  Remove the meaningless on Linux if_dl.h header.
2012-06-11 17:42:44 -07:00
Elliott Hughes
c9142d4d8e am 571da80c: am c75491e2: Merge "Remove an obsolete jamfile."
* commit '571da80c58e13eac4d4fb29d38342879e5dede13':
  Remove an obsolete jamfile.
2012-06-11 17:42:43 -07:00
Elliott Hughes
20afd4e70c am e0961445: Merge "Remove the meaningless on Linux if_dl.h header."
* commit 'e0961445124b5ff39412da32578e14e0d1f6afd6':
  Remove the meaningless on Linux if_dl.h header.
2012-06-11 17:41:10 -07:00
Elliott Hughes
571da80c58 am c75491e2: Merge "Remove an obsolete jamfile."
* commit 'c75491e291586540c213ae088fc75b71fc4d3752':
  Remove an obsolete jamfile.
2012-06-11 17:41:04 -07:00
Elliott Hughes
e096144512 Merge "Remove the meaningless on Linux if_dl.h header." 2012-06-11 16:49:57 -07:00
Nick Kralevich
cffdf6693f FORTIFY_SOURCE: add snprintf, vsnprintf
Add _FORTIFY_SOURCE support for snprintf, vsnprintf

At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().

http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc

Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
2012-06-11 16:46:16 -07:00
Elliott Hughes
c75491e291 Merge "Remove an obsolete jamfile." 2012-06-11 16:29:46 -07:00
Elliott Hughes
4c19e4f64f Remove an obsolete jamfile.
Was bionic ever built with jam? Weird!

Change-Id: Iea9a7af8bf46ee8319963e642da48e3bb49f6c60
2012-06-11 16:17:45 -07:00
Nick Kralevich
0f5b48ce28 Merge "inet_ntop: pass the size of tmp to snprintf()" 2012-06-11 16:11:20 -07:00
Nick Kralevich
85b06f9365 inet_ntop: pass the size of tmp to snprintf()
Fix runtime error when snprintf() FORTIFY_SOURCE protections are
applied. The size passed to snprintf() is larger than the tmp
buffer size, which results in a runtime assertion failure.

Even though the size passed to snprintf is larger than the buffer,
there's no danger of overwriting the buffer because of the format
string passed to snprintf.

Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a
2012-06-11 16:00:52 -07:00
Elliott Hughes
c3d45b822c Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)

Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
2012-06-11 15:13:37 -07:00
Elliott Hughes
7c5c68f5c7 Merge "Remove the meaningless on Linux if_dl.h header." 2012-06-11 15:09:57 -07:00
Elliott Hughes
5056f1fad1 Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
2012-06-11 15:01:10 -07:00
Geremy Condra
631498de43 Merge "Added event logging for some spoofed DNS queries." 2012-06-11 12:17:12 -07:00
Geremy Condra
fd49579f3a Merge "Added actual event logging calls to the FORTIFY_SOURCE methods." 2012-06-11 11:50:03 -07:00
Geremy Condra
524c87c61c Added event logging for some spoofed DNS queries.
Change-Id: I40909306e8cf922f1dd5a5685db89f732a709794
2012-06-11 11:44:48 -07:00
Geremy Condra
009f38478e Added actual event logging calls to the FORTIFY_SOURCE methods.
Change-Id: I3bf4fa8678c33187cb8ce4b75e666ddcd24403ab
2012-06-11 11:30:56 -07:00
The Android Open Source Project
8f2887be93 am 5ff025a5: Reconcile with jb-release
* commit '5ff025a50ccd7d30ea39c989d9ed8b1084ded47f':
2012-06-11 09:23:11 -07:00
The Android Open Source Project
5ff025a50c Reconcile with jb-release
Change-Id: I7cbfbab55783f245c0854543843c2052c4c2e932
2012-06-11 09:20:36 -07:00
The Android Automerger
ff7eae7b08 merge in jb-release history after reset to jb-dev 2012-06-11 06:59:25 -07:00
Nick Kralevich
76656afc6d _FORTIFY_SOURCE: check for integer overflows
Ensure that strcat / strncat check for integer overflows
when computing the length of the resulting string.

Change-Id: Ib806ad33a0d3b50876f384bc17787a28f0dddc37
2012-06-08 20:18:19 -07:00
Jeff Brown
f41855949d am e4db460a: am b7630f01: Use new debuggerd protocol.
* commit 'e4db460a54e4f024b83a7df9a3f9920d695da9f3':
  Use new debuggerd protocol.
2012-06-08 15:33:31 -07:00
Jeff Brown
e4db460a54 am b7630f01: Use new debuggerd protocol.
* commit 'b7630f018abc83261acf78e8cf9a88c1df72f7f5':
  Use new debuggerd protocol.
2012-06-08 15:30:39 -07:00
Geremy Condra
ec8addcc8a Merge "Adding event logging to libc." 2012-06-08 12:17:11 -07:00
Geremy Condra
8b11c4cec2 Adding event logging to libc.
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.

Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
2012-06-08 12:14:48 -07:00
Nick Kralevich
7e5993bec7 Merge "_FORTIFY_SOURCE: add memset / bzero support" 2012-06-07 14:30:20 -07:00
Nick Kralevich
71a18dd435 _FORTIFY_SOURCE: add memset / bzero support
Add _FORTIFY_SOURCE support for the following functions:

* memset
* bzero

Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.

Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
2012-06-07 14:19:52 -07:00
Elliott Hughes
1a6b0bb3a6 Merge "Support non-zero p_vaddr in first PT_LOAD segment" 2012-06-07 11:43:47 -07:00
The Android Open Source Project
7d11009a97 am d06a73bc: Reconcile with jb-release
* commit 'd06a73bcb330e1a560373158be9009daef10a046':
2012-06-07 07:51:59 -07:00
The Android Open Source Project
d06a73bcb3 Reconcile with jb-release
Change-Id: I2c8264a9a4e3299bca7fc01d67063993b6b1b886
2012-06-07 07:48:47 -07:00
Jeff Brown
b7630f018a Use new debuggerd protocol.
Bug: 6615693
Change-Id: Ibfddc0de3fa2a882f7d0238ab797e5b29296b54b
2012-06-06 18:37:48 -07:00
Elliott Hughes
459049719c am d0c25027: am 2b89f1e3: Merge "Fix sysconf(_SC_NPROCESSORS_CONF) on ARM."
* commit 'd0c250271c983c3de282ff02bd2528e74ad8b5f1':
  Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
2012-06-06 13:50:29 -07:00
Elliott Hughes
d0c250271c am 2b89f1e3: Merge "Fix sysconf(_SC_NPROCESSORS_CONF) on ARM."
* commit '2b89f1e37df838e466d382fc602728930bad4c68':
  Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
2012-06-06 13:48:07 -07:00
Elliott Hughes
2b89f1e37d Merge "Fix sysconf(_SC_NPROCESSORS_CONF) on ARM." 2012-06-06 13:32:19 -07:00
Elliott Hughes
a985076bfe Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
Bug: http://code.google.com/p/enh/issues/detail?id=33
Change-Id: I679b4cd888d362031042284e8edf01c5273a92aa
2012-06-06 12:04:38 -07:00
Elliott Hughes
158ad015c2 am 3069270d: am c2bba24d: Merge "Give the timer_create SIGEV_THREAD helper threads sensible names."
* commit '3069270d8641c7bb57aa308d8f90b4d2dcbf66fc':
  Give the timer_create SIGEV_THREAD helper threads sensible names.
2012-06-06 11:37:25 -07:00
Elliott Hughes
3069270d86 am c2bba24d: Merge "Give the timer_create SIGEV_THREAD helper threads sensible names."
* commit 'c2bba24d0a6b906f00d7b9f20ac9d32d63bb2e9d':
  Give the timer_create SIGEV_THREAD helper threads sensible names.
2012-06-06 11:35:32 -07:00
Elliott Hughes
c2bba24d0a Merge "Give the timer_create SIGEV_THREAD helper threads sensible names." 2012-06-06 10:44:32 -07:00
Elliott Hughes
470631ed79 Give the timer_create SIGEV_THREAD helper threads sensible names.
Bug: 6609676
Change-Id: I286b197c75beee4d9930b0973f2d7dd47c14e91c
2012-06-06 10:32:56 -07:00
Nick Kralevich
204c6e5ff3 Merge "arm: rewrite crtbegin* as C files." 2012-06-06 08:54:22 -07:00
Nick Kralevich
0a2301598c libc: implement some FORTIFY_SOURCE functions
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:

* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat

This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.

If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.

If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check

These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.

Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

for additional details on FORTIFY_SOURCE.

Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.

Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
2012-06-05 15:44:31 -07:00
Ji-Hwan Lee
f186a1819a Support non-zero p_vaddr in first PT_LOAD segment
Before changing mmap() permission to PROT_NONE in alloc_mem_region(),
such libraries once worked with a bug that uses mmap'ed region outside of
memory region allocated by alloc_mem_region().  This possibly incurs
SIGSEGV because it can overwrite memory region of previously loaded
library, but it sometimes worked, depending on loading order.

After PROT_NONE, this caused SIGSEGV earlier during calculation of
si->phdr in load_library(), but this was fixed by:

    75917c84d1  Use mmap to read an ...

Now the behaviour is the same as before applying PROT_NONE in
alloc_mem_region().

This CL fixed the original issue, supporting shared libraries that have
non-zero p_vaddr in first (= with lowest p_vaddr) PT_LOAD segment.

Bug: 6561258
Change-Id: Ib6176dd3e44c4d99a340eb1cbd16fb037586b0bc
2012-06-04 07:44:10 -07:00
The Android Automerger
db2e7a4cb6 merge in jb-release history after reset to jb-dev 2012-06-03 05:59:30 -07:00
Iliyan Malchev
31431f454a am 252a5c85: resolved conflicts for merge of e1dd3c28 to jb-dev-plus-aosp
* commit '252a5c854a08e89fc7337ea679220161fe4ea98f':
  bionic: import heaptracker as chk_malloc
2012-06-02 08:35:07 -07:00
Iliyan Malchev
143ad4cf31 am f0ddaa2f: am 7d2e24eb: bionic: introduce libc.debug.malloc.program
* commit 'f0ddaa2fac00ac20059c0b2c142da9de2838a7b6':
  bionic: introduce libc.debug.malloc.program
2012-06-02 08:20:09 -07:00
Iliyan Malchev
252a5c854a resolved conflicts for merge of e1dd3c28 to jb-dev-plus-aosp
Change-Id: I58b9c13d20771aa39b703ec05cbff8aeaad38fe8
2012-06-02 08:14:36 -07:00
Iliyan Malchev
f0ddaa2fac am 7d2e24eb: bionic: introduce libc.debug.malloc.program
* commit '7d2e24eb167b6257f7935c7bd2023a708704ca1a':
  bionic: introduce libc.debug.malloc.program
2012-06-01 19:03:06 -07:00
Iliyan Malchev
e1dd3c287b bionic: import heaptracker as chk_malloc
This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc).  It provides
the same features as the original (poison freed memory, detect heap overruns
and underruns), except that it provides more debugging information whenever it
detects a problem.

In addition to the original features, the new chk_malloc() implementation
detects multiple frees within a given range of the last N allocations, N being
configurable via the system property libc.debug.malloc.backlog.

Finally, this patch keeps track of all outstanding memory allocations.  On
program exit, we walk that list and report each outstanding allocation.

(There is support (not enabled) for a scanner thread periodically walks over
the list of outstanding allocations as well as the backlog of recently-freed
allocations, checking for heap-usage errors.)

Feature overview:

  1) memory leaks
  2) multiple frees
  3) use after free
  4) overrun

Implementation:

-- for each allocation, there is a:
  1) stack trace at the time the allocation is made
  2) if the memory is freed, there is also a stack trace at the point
  3) a front and rear guard (fence)
  4) the stack traces are kept together with the allocation

-- the following lists and maintained

  1) all outstanding memory allocations
  3) a backlog of allocations what are freed; when you call free(), instead of
     actually freed, the allocation is moved to this backlog;
  4) when the backlog of allocations gets full, the oldest entry gets evicted
     from it; at that point, the allocation is checked for overruns or
     use-after-free errors, and then actually freed.
  5) when the program exits, the list of outstanding allocations and the
     backlog are inspected for errors, then freed;

To use this, set the following system properties before running the process or
processes you want to inspect:

libc.malloc.debug.backlog # defaults to 100
libc.malloc.debug 10

When a problem is detected, you will see the following on logcat for a multiple
free:

E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED!
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 4009647c  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096490  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c6ac  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964a0  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so

The following for a heap overrun and underrun:

E/libc    ( 7233): +++ REAR GUARD MISMATCH [10, 11)
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096438  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096462  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964ba  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964e4  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so

The following for a memory leak:

E/libc    ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS
E/libc    ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING)
E/libc    ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 0001bc94  /system/lib/libc.so
E/libc    ( 7233):      #04  pc 0001edf6  /system/lib/libc.so
E/libc    ( 7233):      #05  pc 0001b80a  /system/lib/libc.so
E/libc    ( 7233):      #06  pc 0001c086  /system/lib/libc.so
E/libc    ( 7233):      #07  pc 40096402  /system/bin/malloctest
E/libc    ( 7233):      #08  pc 00016f24  /system/lib/libc.so

Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0
Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-06-01 15:54:34 -07:00
Nick Kralevich
9d40326830 arm: rewrite crtbegin* as C files.
Rewrite
 crtbegin.S     -> crtbegin.c
 crtbegin_so.S  -> crtbegin_so.c

This change allows us to generate PIC code without relying
on text relocations.

As a consequence of this rewrite, also rewrite
  __dso_handle.S    -> __dso_handle.c
  __dso_handle_so.S -> __dso_handle_so.c
  atexit.S          -> atexit.c

In crtbegin.c _start, place the __PREINIT_ARRAY__, __INIT_ARRAY__,
__FINI_ARRAY__, and __CTOR_LIST__ variables onto the stack, instead of
passing a pointer to the text section of the binary.

This change appears sorta wonky, as I attempted to preserve,
as much as possible, the structure of the original assembly.
As a result, you have C files including other C files, and other
programming uglyness.

Result: This change reduces the number of files with text-relocations
from 315 to 19 on my Android build.

Before:
  $ scanelf -aR $OUT/system | grep TEXTREL | wc -l
  315

After:
  $ scanelf -aR $OUT/system | grep TEXTREL | wc -l
  19

Change-Id: Ib9f98107c0eeabcb606e1ddc7ed7fc4eba01c9c4
2012-06-01 14:41:27 -07:00