IFUNC relocations require executable flag for the load
segment containing .text. When dso has text relocs linker
removes exec which causes crash during ifunc relocations.
This patch fixes this problem by restoring segments protection
for ifunc relocs.
Bug: http://b/22611399
Change-Id: Icbf3be0fec0e42bf805bcad7533e2032a2e11b9c
(cherry picked from commit de0fb393ae)
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.
Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
This patch give the possibility of time vdso support on 32bit kernel.
If the 32bit x86 kernel provides gettimeofday() and clock_gettime()
primitives in vdso. In this case make bionic use them. If the kernel
doesn't provide them, fallback to the legacy system call versions.
Change-Id: I87b772a9486fa356903e1f98f486ab9eb0b6f6f7
Signed-off-by: Robert Jarzmik <robert.jarzmik@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Now we have split CXX_WRAPPER from TARGET_CXX and CXX_BARE isn't needed
any more.
Bug: 22612634
Change-Id: I52c78b0d1b325910e875a786d17f780731778b4b
(cherry-pick from commit 9d11a7087c)
This reverts commit 1946856b1f.
This goes back to the original scheme of PROT_NONEing a page within
libc. Allocating a new page didn't fail safe for cases where these
functions are called from the dynamic linker.
Bug: http://b/22568628
Change-Id: I3e7241c8b54c27ea4a898bc952375c1e9ae38c80
Global, writable function pointers are low-hanging fruit for hijacking
control flow with an overflow from a global buffer or an arbitrary write
vulnerability. This moves the function pointer table into a dedicated
page and makes it read-only at runtime, similar to RELRO.
This increases the memory usage of the library by just under one page.
This could be avoided by having the linker load the vdso by replacing
weak symbols. It's not significant within the Zygote spawning model
though because it's read-only after early init.
Change-Id: Id7a49c96c1b15c2e1926528304b3c54a81e78caf
If a map has a non-zero vaddr then it needs to be added to the
computed relative offset.
Bug: 22532054
Change-Id: If55015165d25ecc4b530f674b481c8c7ef760a23
The __libc_init_tls function in libc_init_common.cpp takes a reference
to a local variable so it ends up being protected. Since this happens
before TLS and the stack guard value are initialized, it breaks.
The libc_init_common code needs to be compiled with -fno-stack-protector
and can then be merged into libc_bionic.
Change-Id: Ie95ea2ff533d4af1cfad1c9bc59e49f20a8e119d
Sorry, I undertested my previous change and these guys somehow sneaked in.
This only affects SANITIZE_TARGET builds.
Change-Id: Id6986d89fa3d4965339f7b6fe973e9db73b380da
Setup a /system/bin/linker_asan as a symlink to "linker".
Read the linker name from PT_INTERP, and if it is linker_asan,
switch default library lookup paths to the ASan set, which
starts with the path to the instrumented libraries
(/data/lib), followed by /system/lib as a fallback.
This ensures that ASan binaries prefer ASan libraries, when
available. This approach is way better then RPATH/RUNPATH and even
better than LD_LIBRARY_PATH:
- RUNPATH is per-DSO, while default paths are global.
- LD_LIBRARY_PATH is overwritten by android_update_LD_LIBRARY_PATH.
- neither RUNPATH nor LD_LIBRARY_PATH appear in
android_get_LD_LIBRARY_PATH which is used to build java.lang.path.
Having ASan libraries in java.lang.path is a good thing.
Bug: 22355945
Change-Id: I1d2791fbf5740618f18f71a3ae3d873714669d3f
There is a deadlock if holding the hash table lock while trying to do
a backtrace. Change the code so that the hash table lock is only held
while actually modifying either g_hash_table, or while modifying an
entry from g_hash_table.
Bug: 22423683
(cherry picked from commit 9fee99b060)
Change-Id: I72173bfe6f824ceaceea625c24e7851b87467135