OSDN Git Service
Victor Khimenko [Wed, 1 Mar 2017 19:36:13 +0000 (20:36 +0100)]
Stop using __system_property_area__
Apparently that "backdoor" is no longer needed - the proper way is
to reinitialize properties:
https://android-review.googlesource.com/#/c/181794/24/tests/system_properties_test.cpp
Also removes mentions of libnativehelper test (it no longer uses
__system_property_area__) and removes useless "extern" declaration
(actual use was removed long ago).
Test: refactoring CL, existsing tests still pass
BUG=
21852512
BUG=
34114501
Change-Id: I2223cab2fcb671ea180ad4470a7aba5c9cd20bd8
Dimitry Ivanov [Wed, 1 Mar 2017 00:39:05 +0000 (00:39 +0000)]
Merge "Revert "Revert "Revert "Make libc.so global""""
Dimitry Ivanov [Tue, 28 Feb 2017 21:04:30 +0000 (21:04 +0000)]
Revert "Revert "Revert "Make libc.so global"""
This reverts commit
2a4d892c7f14d849b5f349528ed2b921b19f5645.
Bug: http://b/
35417197
Bug: http://b/
35338922
Bug: http://b/
35700074
Test: manual
Change-Id: Ib99d23d46664f3efa5be70213aa093b505e38775
Treehugger Robot [Tue, 28 Feb 2017 15:36:07 +0000 (15:36 +0000)]
Merge "Move seccomp policy to bionic"
Treehugger Robot [Tue, 28 Feb 2017 00:42:54 +0000 (00:42 +0000)]
Merge "Fix greylist exception to account for linked namespaces"
Treehugger Robot [Mon, 27 Feb 2017 22:22:26 +0000 (22:22 +0000)]
Merge "Fix pre-L MB_CUR_MAX."
Dimitry Ivanov [Mon, 27 Feb 2017 20:17:47 +0000 (12:17 -0800)]
Fix greylist exception to account for linked namespaces
Do not load second copy of libraries that are supposed to
be provided by linked namespaces. Also do not print
error in the log if caller tries to open shared library
using absolute path for apps targeting N+.
Bug: http://b/
35454141
Bug: http://b/
26833548
Bug: http://b/
35338922
Test: run bionic-unit-tests --gtest_filter=dl*
Change-Id: Icf3aeedff18d287d2ba0b3df3808b100f3ef5f7a
Paul Lawrence [Thu, 16 Feb 2017 17:24:39 +0000 (09:24 -0800)]
Move seccomp policy to bionic
Test: Built and checked booted
Change-Id: Iaec1265fe5a55c4df90ab9e45b010ef36faf6bba
Christopher Ferris [Mon, 27 Feb 2017 20:09:54 +0000 (20:09 +0000)]
Merge "Update to kernel headers v4.10."
Paul Lawrence [Mon, 27 Feb 2017 16:39:11 +0000 (16:39 +0000)]
Merge "Revert "Move seccomp policy to bionic""
Paul Lawrence [Mon, 27 Feb 2017 16:32:37 +0000 (16:32 +0000)]
Revert "Move seccomp policy to bionic"
This reverts commit
06a32206c5430321dd3fc02b70acbf99383786c1.
Reverting build-breaking change
Change-Id: Ib3698bca8f905033a9c7f22bc2fa9f7e7bf75873
Paul Lawrence [Mon, 27 Feb 2017 16:09:39 +0000 (16:09 +0000)]
Merge "Move seccomp policy to bionic"
Treehugger Robot [Sat, 25 Feb 2017 03:10:18 +0000 (03:10 +0000)]
Merge "Add tests for <endian.h>."
Treehugger Robot [Sat, 25 Feb 2017 02:24:28 +0000 (02:24 +0000)]
Merge "loader: set PT_INTERP to itself"
Treehugger Robot [Sat, 25 Feb 2017 02:06:19 +0000 (02:06 +0000)]
Merge "libc: __system_property_set uses writev to write atomically"
Treehugger Robot [Sat, 25 Feb 2017 02:02:02 +0000 (02:02 +0000)]
Merge "Move __system_property_*_serial back to LIBC"
Dimitry Ivanov [Thu, 23 Feb 2017 19:53:43 +0000 (11:53 -0800)]
loader: set PT_INTERP to itself
Some versions of kernel set AT_BASE to 0
if dynamic loader does not have PT_INTERP
set.
Bug: http://b/
30739481
Test: run /system/bin/linker64 and /system/bin/linker
Change-Id: I1b67777166fe917d3ee1a97277045ca6f5db0084
Elliott Hughes [Sat, 25 Feb 2017 00:19:53 +0000 (16:19 -0800)]
Add tests for <endian.h>.
Also, for the stuff that's also in <netinet/in.h> as real functions,
check that they're there too (and as functions rather than macros,
since that was historically not true).
Bug: http://b/
28432448
Test: ran tests
Change-Id: I7e4ae926f7e02de3b6dd38d1953e5b3b43d44f74
Dimitry Ivanov [Fri, 24 Feb 2017 23:36:17 +0000 (15:36 -0800)]
Move __system_property_*_serial back to LIBC
Bug: http://b/
35764972
Bug: http://b/
34114501
Test: make
Change-Id: Ibbda0107d07c432110a0633de03259e39480fde4
Dimitry Ivanov [Fri, 24 Feb 2017 01:57:14 +0000 (17:57 -0800)]
libc: __system_property_set uses writev to write atomically
__system_property_set sometimes produces broken_pipe error
when trying to write a property.
This change improves error messages and uses writev() instead
of sequence of send() calls.
Bug: http://b/
35381074
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I7a5b169c015db4e6b720370e58662de8206d1086
Paul Lawrence [Thu, 16 Feb 2017 17:24:39 +0000 (09:24 -0800)]
Move seccomp policy to bionic
Test: Built and checked booted
Change-Id: If777eed75d5280c7a390399261e97125c04767b2
Dimitry Ivanov [Fri, 24 Feb 2017 19:11:12 +0000 (19:11 +0000)]
Merge "Hide internal __system_property_* functions"
Hans Boehm [Fri, 24 Feb 2017 18:50:34 +0000 (18:50 +0000)]
Merge "Replace cxa_guard fences with acquire loads"
Elliott Hughes [Fri, 24 Feb 2017 16:55:25 +0000 (16:55 +0000)]
Merge "Use <linux/eventpoll.h> to implement <sys/epoll.h>."
Pavel Labath [Fri, 24 Feb 2017 10:22:40 +0000 (10:22 +0000)]
Merge "Silence a compiler warning due to unused variable on mips"
Pavel Labath [Fri, 24 Feb 2017 10:14:13 +0000 (10:14 +0000)]
Silence a compiler warning due to unused variable on mips
oops, I did it again.
Test: lunch mips && cd bionic && mma
Change-Id: I1fe2cb847d0698b34766869f9626398dbcf81960
Pavel Labath [Fri, 24 Feb 2017 09:16:19 +0000 (09:16 +0000)]
Merge "Add "imprecise" watchpoint ptrace test"
Pavel Labath [Wed, 22 Feb 2017 18:22:46 +0000 (18:22 +0000)]
Add "imprecise" watchpoint ptrace test
This tests for the presence of a kernel bug that meant that the kernel
would sometimes fail to report the watchpoint hit if the hardware
reported a address which did not exactly match the address range being
watched (which it is allowed to do per ARM spec if the instruction
accesses a larger block of memory than the region being watched). This
bug was fixed in linux kernel 4.9, and has been backported to older
android kernels.
Bug:
30802222
Bug:
30919905
Test: bionic-unit-tests --gtest_filter="sys_ptrace.*"
Change-Id: I80c35b29eaf28e2dbacb9e8ee5317fdea653fc87
Elliott Hughes [Thu, 23 Feb 2017 07:22:51 +0000 (23:22 -0800)]
Use <linux/eventpoll.h> to implement <sys/epoll.h>.
Bug: https://github.com/android-ndk/ndk/issues/302
Test: builds
Change-Id: Ia3074326a128c38f2488e342c028cc030801cfd9
Treehugger Robot [Thu, 23 Feb 2017 23:54:34 +0000 (23:54 +0000)]
Merge "Expand whitelist"
Treehugger Robot [Thu, 23 Feb 2017 23:51:14 +0000 (23:51 +0000)]
Merge "versioner: fix darwin build."
Dimitry Ivanov [Thu, 16 Feb 2017 23:34:21 +0000 (15:34 -0800)]
Hide internal __system_property_* functions
Bug: http://b/
34114501
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I1fc57b4ced6aaf841aad64e12e7696d25c2e027b
Treehugger Robot [Thu, 23 Feb 2017 22:01:10 +0000 (22:01 +0000)]
Merge "Add legacy inlines for more termios stuff."
Josh Gao [Thu, 23 Feb 2017 21:52:49 +0000 (13:52 -0800)]
versioner: fix darwin build.
Use struct stat::st_mtime instead of the underlying st_mtim, which is
called something different on Darwin.
Test: mma on linux, darwin
Change-Id: I2695a6c83ebb7d08ec56b1355e0f4bc0993a0acb
Dan Albert [Thu, 23 Feb 2017 21:36:48 +0000 (21:36 +0000)]
Merge "Revert "Run the versioner as part of the build.""
Dan Albert [Thu, 23 Feb 2017 21:30:35 +0000 (21:30 +0000)]
Revert "Run the versioner as part of the build."
This reverts commit
45715b2a88c8daf5a721ce9b28391120f5507764.
Reason for revert: Darwin sucks
Change-Id: I004dd7fa5e14a43ffe04ace2f5a06341df61b8cd
Dan Albert [Thu, 23 Feb 2017 21:06:47 +0000 (21:06 +0000)]
Merge "Run the versioner as part of the build."
Paul Lawrence [Wed, 15 Feb 2017 21:40:22 +0000 (13:40 -0800)]
Expand whitelist
Bug:
35217603
Test: App no longer triggers seccomp exceptions when launched
Change-Id: I8ea904640a2f14c67a075e593067327407766220
Treehugger Robot [Thu, 23 Feb 2017 20:27:45 +0000 (20:27 +0000)]
Merge "Autogenerate single policy from syscalls and whitelist"
Hans Boehm [Wed, 22 Feb 2017 23:34:29 +0000 (15:34 -0800)]
Replace cxa_guard fences with acquire loads
This seemed to be the only place in bionic where a fence on a
performance-critical path could be easily replaced by a stronger
load/store order constraint. Do so.
On x86 this should generate the same code either way. Based on
microbenchmarks of the relevant ARM instructions, this is currently
performance-neutral in this kind of context. But in the future, the
newly generated acquire loads should give us a performance benefit.
Test: Booted AOSP
Change-Id: I7823e11d6ae4fd58e0425244c293262e2320fd81
Dan Albert [Thu, 23 Feb 2017 19:09:32 +0000 (11:09 -0800)]
Add legacy inlines for more termios stuff.
Test: make checkbuild # with my versioner-in-build patches
Bug: https://github.com/android-ndk/ndk/issues/302
Change-Id: Ib00b5dadf23592d101486b4f2188285ec03c9e2a
Dan Albert [Thu, 16 Feb 2017 01:18:01 +0000 (17:18 -0800)]
Run the versioner as part of the build.
Running this periodically and checking in the results is not working
out, since the result is just that I'm having to spend a lot of time
cleaning up the headers every time I need to update them in the NDK.
Run the versioner as part of the build instead. This way bionic
header changes behave like the rest of the NDK headers and will
affect NDK builds in the platform *immediately*.
Remove the preupload hook for the versioner since it's part of the
normal build now.
The versioner's dependencies directory needs to be moved because
soong won't let us try to do things outside our module's directory
(in this case libc).
Unfortunately this means we need to build the versioner for Darwin,
because we now need it to perform a platform build.
Test: make checkbuild
Bug: None
Change-Id: Icdab8a962354d9e945072dc3f806baea376c8db4
Paul Lawrence [Tue, 14 Feb 2017 21:32:23 +0000 (13:32 -0800)]
Autogenerate single policy from syscalls and whitelist
Bug:
35392119
Bug:
34465958
Test: Check boots and same syscalls are blocked as before
Change-Id: I9efa97032c59aebbbfd32e6f0d2d491f6254f0a2
Dimitry Ivanov [Thu, 23 Feb 2017 17:11:18 +0000 (17:11 +0000)]
Merge "Add test for a greylisted library"
Dimitry Ivanov [Tue, 21 Feb 2017 21:41:08 +0000 (13:41 -0800)]
Add test for a greylisted library
Test: bionic-unit-tests --gtest_filter=dlext.ns*
Bug: http://b/
35338922
Change-Id: I2f4895cb1ec458c2f565a7e4d06f7a1f6200e7aa
Treehugger Robot [Thu, 23 Feb 2017 03:29:42 +0000 (03:29 +0000)]
Merge "Cope with argv[0] being null in the dynamic linker."
Josh Gao [Thu, 23 Feb 2017 03:24:44 +0000 (03:24 +0000)]
Merge "Allocate thread local buffers in __init_tls."
Elliott Hughes [Thu, 23 Feb 2017 01:31:41 +0000 (17:31 -0800)]
Cope with argv[0] being null in the dynamic linker.
Somewhat unsurprisingly, very few commands are happy to be run like this,
in particular multiplexed commands like toybox. But that's no reason for
the linker to get in the way too.
Bug: http://b/
33276926
Test: new test
Change-Id: I6dd71ea0183f4da83571039c2198ebb6ed38520e
Josh Gao [Wed, 22 Feb 2017 20:19:05 +0000 (12:19 -0800)]
Allocate thread local buffers in __init_tls.
Thread local buffers were using pthread_setspecific for storage with
lazy initialization. pthread_setspecific shares TLS slots between the
linker and libc.so, so thread local buffers being initialized in a
different order between libc.so and the linker meant that bad things
would happen (manifesting as snprintf not working because the
locale was mangled)
Bug: http://b/
20464031
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
everything passes
Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests
thread_local tests are failing both before and after (KUSER_HELPERS?)
Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
no additional failures
Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
Treehugger Robot [Wed, 22 Feb 2017 01:43:30 +0000 (01:43 +0000)]
Merge "Add timeout support to __system_property_wait."
Treehugger Robot [Wed, 22 Feb 2017 00:37:08 +0000 (00:37 +0000)]
Merge "Downgrade the special case of pthread_t(0) to a warning."
Dan Albert [Tue, 21 Feb 2017 23:54:58 +0000 (15:54 -0800)]
Fix pre-L MB_CUR_MAX.
The default locale is POSIX, not C.UTF-8. POSIX explicitly states
that MB_CUR_MAX is 1 for the POSIX locale:
http://pubs.opengroup.org/onlinepubs/
9699919799/basedefs/stdlib.h.html
Test: Made change in the NDK, built libc++ against it, ran NDK libc++
tests.
Bug: None
Change-Id: Ic2f6f96aa4a7f20d619030f41323831d01002715
Christopher Ferris [Tue, 21 Feb 2017 20:35:09 +0000 (12:35 -0800)]
Update to kernel headers v4.10.
Test: Built angler, booted on angler, ran bionic unit tests.
Change-Id: Ia24511e74106116ea84b44ab724865ec492de8f9
Elliott Hughes [Fri, 17 Feb 2017 01:13:04 +0000 (17:13 -0800)]
Add timeout support to __system_property_wait.
Bug: http://b/
35201172
Test: ran tests
Change-Id: I3a78813bf3cd50d1b308ecb3c742f923606c0cc4
Elliott Hughes [Tue, 21 Feb 2017 21:15:20 +0000 (13:15 -0800)]
Downgrade the special case of pthread_t(0) to a warning.
So far this is the only issue we've hit in vendor code, and we've hit
it several times already. Rather than try to fix bullhead (the current
problem), let's just admit that the special case of 0 is a lot less
worrying.
Also fix the test expectations to correspond to the new abort message.
Bug: http://b/
35455349 (crashes on 0)
Bug: http://b/
35622944 (tests)
Test: ran tests
Change-Id: Iec57011fa699a954ebeaec151db2193e36d1ef35
Treehugger Robot [Sun, 19 Feb 2017 05:19:54 +0000 (05:19 +0000)]
Merge "Fix a comment in the pthread_cond_t implementation."
Elliott Hughes [Sun, 19 Feb 2017 00:35:36 +0000 (16:35 -0800)]
Fix a comment in the pthread_cond_t implementation.
Bug: http://b/
34592766
Test: N/A
Change-Id: I341f837dca52865ae5f8fe9ff50ba8999e297179
Treehugger Robot [Sat, 18 Feb 2017 00:50:47 +0000 (00:50 +0000)]
Merge "Fix debug.ld for apps with long names and services"
Treehugger Robot [Sat, 18 Feb 2017 00:18:26 +0000 (00:18 +0000)]
Merge "Revert "Revert "Make libc.so global"""
Dimitry Ivanov [Fri, 17 Feb 2017 22:41:30 +0000 (14:41 -0800)]
Fix debug.ld for apps with long names and services
1. There is no longer limit on property names - remove
the trimming the name of the property.
2. Make debug.ld work for processes with names ending with ":something"
This is naming convention for services:
https://developer.android.com/guide/components/services.html
Bug: http://b/
35338922
Bug: http://b/
33926793
Test: manual - set ld.debug.app property for the app
Test: from http://b/
35338922 and see that it works
Test: for the service as well.
Change-Id: Ic7c6d4edce4a5a22f144496d5c0a3e458217c6e4
Dimitry Ivanov [Thu, 16 Feb 2017 20:03:21 +0000 (12:03 -0800)]
Revert "Revert "Make libc.so global""
This reverts commit
65236d43e8e8ea2155c0d64e35f00b3c30b21147.
Bug: http://b/
35417197
Bug: http://b/
35338922
Test: vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jack --mode=device --variant=X32 dalvik.system.JniTest#testGetSuperclass
Change-Id: Ibf3bb7396e7d11ebe95e2f9267d0fc4af3fbe8c5
Treehugger Robot [Fri, 17 Feb 2017 21:11:26 +0000 (21:11 +0000)]
Merge "Cleanup now that we don't need __NDK_FPABI__."
Treehugger Robot [Fri, 17 Feb 2017 20:44:43 +0000 (20:44 +0000)]
Merge "Include the pthread_t in the "bad pthread_t" fatal abort."
Josh Gao [Fri, 17 Feb 2017 19:35:58 +0000 (19:35 +0000)]
Merge "Add tests for ptrace resumption behavior."
Dan Albert [Fri, 17 Feb 2017 19:08:53 +0000 (11:08 -0800)]
Cleanup now that we don't need __NDK_FPABI__.
Test: tools/update_headers.sh && make checkbuild
Bug: None
Change-Id: I1b9986c4d7d5da349a8ad394e8fcf64b87c89fdf
Elliott Hughes [Fri, 17 Feb 2017 18:27:45 +0000 (10:27 -0800)]
Include the pthread_t in the "bad pthread_t" fatal abort.
Also reword the message to be stronger.
Bug: http://b/
35455349
Test: manual
Change-Id: I8f34fd42f3b635c95a7b921645a016fb303ce3ad
Josh Gao [Thu, 16 Feb 2017 23:11:51 +0000 (23:11 +0000)]
Merge changes from topic 'debuggerd_inproc'
* changes:
linker: use fallback crash handler dumping.
linker: add android_use_fallback_allocator.
Josh Gao [Thu, 16 Feb 2017 22:12:41 +0000 (14:12 -0800)]
Add tests for ptrace resumption behavior.
Add tests that ensure that the kernel behaves properly w.r.t.
resumption of ptraced processes when the tracer dies.
Bug: http://b/
34516140
Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests --gtest_filter="PtraceResumption*"
Change-Id: Id35e069a7e5edd6964637dd3f6358ad59db19792
Josh Gao [Thu, 16 Feb 2017 03:42:50 +0000 (03:42 +0000)]
Merge "Add __libc_format_buffer_va_list."
Treehugger Robot [Thu, 16 Feb 2017 02:15:54 +0000 (02:15 +0000)]
Merge "Unify linker files under one license (BSD)"
Josh Gao [Thu, 9 Feb 2017 01:27:20 +0000 (17:27 -0800)]
linker: use fallback crash handler dumping.
Bug: http://b/
34684590
Test: mma
Change-Id: I0801a83768f172308339ab2118e492b5df96acd0
Josh Gao [Thu, 9 Feb 2017 18:54:44 +0000 (10:54 -0800)]
linker: add android_use_fallback_allocator.
Add a function to enable a fallback allocator to use for crash handling
in a signal handler.
Bug: http://b/
34684590
Test: crasher PR_SET_NO_NEW_PRIVS
Change-Id: Ifa5de636164f34b8cb2fdec4471c20f8516b6dbe
Josh Gao [Wed, 15 Feb 2017 19:46:55 +0000 (11:46 -0800)]
Add __libc_format_buffer_va_list.
Bug: http://b/
35367169
Test: m
Change-Id: I133f231d3b93bdef56d06497679320a89c7188a9
Dimitry Ivanov [Wed, 15 Feb 2017 23:31:13 +0000 (15:31 -0800)]
Unify linker files under one license (BSD)
Historically we had part of the linker licensed under BSD and
another part under Apache 2 license. This commit makes all the
linker code licensed under BSD license.
Test: m
Change-Id: I11b8163ae75966b5768d3fe992679de376106515
Treehugger Robot [Wed, 15 Feb 2017 19:14:49 +0000 (19:14 +0000)]
Merge changes I9d06ea8a,I2d157024
* changes:
Fixup API level guards for new fortify functions.
Guard the GNU strerror_r with an API check.
Treehugger Robot [Wed, 15 Feb 2017 18:26:49 +0000 (18:26 +0000)]
Merge "add fortified implementations of send/sendto"
Dan Albert [Wed, 15 Feb 2017 03:28:18 +0000 (19:28 -0800)]
Fixup API level guards for new fortify functions.
Test: tools/update_headers.sh && make checkbuild
Bug: None
Change-Id: I9d06ea8a5ee9dc27d957f59e6e84150651ed1c76
Dan Albert [Wed, 15 Feb 2017 00:33:06 +0000 (16:33 -0800)]
Guard the GNU strerror_r with an API check.
The deprecated headers have always had only the POSIX definition
available (and it's always been available). With the unified headers
as they are now, we actually make it unavailable for C++ users (C++
implies _GNU_SOURCE) targeting below M. Adding this guard means that
pre-M users will still at least get the POSIX one.
It's not great that moving to M as your target API will actually
change the signature of your strerror_r, but I don't see a better
option here (not until we have the compatibility library, anyway).
Test: make checkbuild
Bug: None
Change-Id: I2d15702467533a826c4ec10fd973ee929d2b562a
Daniel Micay [Tue, 14 Feb 2017 01:27:59 +0000 (17:27 -0800)]
add fortified implementations of send/sendto
Bug: None
Test: Bullhead builds+boots; CtsBionicTestCases passes.
Change-Id: I2f137a100f679f7f2145d84b2f29ddd3e96a36ae
Treehugger Robot [Tue, 14 Feb 2017 23:08:12 +0000 (23:08 +0000)]
Merge "Add details on why AT_SYMLINK_NOFOLLOW is dangerous"
Treehugger Robot [Tue, 14 Feb 2017 22:40:58 +0000 (22:40 +0000)]
Merge "Revert "Make libc.so global""
Nick Kralevich [Tue, 14 Feb 2017 17:49:30 +0000 (09:49 -0800)]
Add details on why AT_SYMLINK_NOFOLLOW is dangerous
The comment isn't helpful as-is. Provide some clarifying information.
Test: code compiles. No functional changes.
Change-Id: I5267e0bc68857fdc8a4b3384a2a1b0d37693ee6e
Dimitry Ivanov [Tue, 14 Feb 2017 19:03:26 +0000 (19:03 +0000)]
Revert "Make libc.so global"
This reverts commit
879177c9e12df4efe9f17ff3536005c258f625e8.
Bug: http://b/
26833548
Change-Id: I23e0b34777d18e369063185da14c57994807da29
Elliott Hughes [Tue, 14 Feb 2017 18:32:18 +0000 (18:32 +0000)]
Merge "Be more strict about using invalid `pthread_t`s."
Treehugger Robot [Tue, 14 Feb 2017 03:48:23 +0000 (03:48 +0000)]
Merge "Add __system_property_wait and return the serial in __system_property_read_callback."
Elliott Hughes [Tue, 14 Feb 2017 01:59:29 +0000 (17:59 -0800)]
Be more strict about using invalid `pthread_t`s.
Another release, another attempt to remove the global thread list.
But this time, let's admit that it's not going away. We can switch to using
a read/write lock for the global thread list, and to aborting rather than
quietly returning ESRCH if we're given an invalid pthread_t.
This change affects pthread_detach, pthread_getcpuclockid,
pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill:
instead of returning ESRCH when passed an invalid pthread_t, if you're
targeting O or above, they'll abort with the message "attempt to use
invalid pthread_t".
Note that this doesn't change behavior as much as you might think: the old
lookup only held the global thread list lock for the duration of the lookup,
so there was still a race between that and the dereference in the caller,
given that callers actually need the tid to pass to some syscall or other,
and sometimes update fields in the pthread_internal_t struct too.
(This patch replaces such users with calls to pthread_gettid_np, which
at least makes the TOCTOU window smaller.)
We can't check thread->tid against 0 to see whether a pthread_t is still
valid because a dead thread gets its thread struct unmapped along with its
stack, so the dereference isn't safe.
Taking the affected functions one by one:
* pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam
should be fine. Unsafe calls to those seem highly unlikely.
* Unsafe pthread_detach callers probably want to switch to
pthread_attr_setdetachstate instead, or using
pthread_detach(pthread_self()) from the new thread's start routine
rather than doing the detach in the parent.
* pthread_join calls should be safe anyway, because a joinable thread
won't actually exit and unmap until it's joined. If you're joining an
unjoinable thread, the fix is to stop marking it detached. If you're
joining an already-joined thread, you need to rethink your design.
* Unsafe pthread_kill calls aren't portably fixable. (And are obviously
inherently non-portable as-is.) The best alternative on Android is to
use pthread_gettid_np at some point that you know the thread to be
alive, and then call kill/tgkill directly.
That's still not completely safe because if you're too late, the tid
may have been reused, but then your code is inherently unsafe anyway.
Bug: http://b/
19636317
Test: ran tests
Change-Id: I0372c4428e8a7f1c3af5c9334f5d9c25f2c73f21
Treehugger Robot [Mon, 13 Feb 2017 21:43:48 +0000 (21:43 +0000)]
Merge "Do not use std::vector in android_namespace_t::is_accessible"
Elliott Hughes [Sat, 11 Feb 2017 02:13:46 +0000 (18:13 -0800)]
Add __system_property_wait and return the serial in __system_property_read_callback.
In order to implement android::base::WaitForProperty well, we need a way to
wait not for *any* property to change (__system_property_wait_any), but to
specifically wait for the property represented by a given `prop_info` to
change.
The android::base::WaitForProperty implementation, like attempts to cache
system properties in the past, also needs a way to keep serials and values
in sync, but the existing functions don't provide a cheap way to get a
consistent snapshot. Change the __system_property_read_callback callback's
type to include the serial corresponding to the given value.
Add a test, slightly clean up some of the existing tests (and name them to
include the names of the functions they're testing, in our usual style).
Bug: http://b/
35201172
Test: ran tests
Change-Id: Ibc8ebe2e88eef1e333a1bd3dd7f68135f1ba7fb5
Treehugger Robot [Mon, 13 Feb 2017 20:29:51 +0000 (20:29 +0000)]
Merge "Make libc.so global"
Treehugger Robot [Mon, 13 Feb 2017 19:39:28 +0000 (19:39 +0000)]
Merge "Match __bos0 to __pass_object_size0 in FORTIFY"
Dimitry Ivanov [Mon, 13 Feb 2017 18:49:40 +0000 (10:49 -0800)]
Do not use std::vector in android_namespace_t::is_accessible
Avoid constructing vector and walking all the parents of a soinfo
to check if it is accessible. The most likely scenario that the
very first check returns true.
Bug: http://b/
35313368
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I06c65cf61ed1c30e5e454a169de4c41038863587
Dimitry Ivanov [Mon, 13 Feb 2017 17:17:21 +0000 (09:17 -0800)]
Make libc.so global
This is a way to avoid loading multiple libc.so
when non-default namespace search path includes
/system/lib. This is used by some art tests.
Bug: http://b/
26833548
Test: m -j32 test-art-target-run-test-004-JniTest
Change-Id: I919d3a0560bd3c9ac19df21a235641a667f0f017
Dimitry Ivanov [Sat, 11 Feb 2017 19:26:48 +0000 (19:26 +0000)]
Merge "Replace public library list with shared lib sonames (part 2/2)"
Dimitry Ivanov [Sat, 11 Feb 2017 05:50:53 +0000 (05:50 +0000)]
Merge "loader: fix d-tor call order"
George Burgess IV [Fri, 10 Feb 2017 21:56:22 +0000 (13:56 -0800)]
Match __bos0 to __pass_object_size0 in FORTIFY
pass_object_size(N) forwards the result of __builtin_object_size(param,
N) to a function. So, a function that looks like:
size_t foo(void *const p __pass_object_size) { return __bos0(p); }
int bar = foo(baz);
would effectively be turned into
size_t foo(void *const p, size_t sz) { return sz; }
int bar = foo(baz, __bos(baz)); // note that this is not __bos0
This is bad, since if we're using __bos0, we want more relaxed
objectsize checks.
__bos0 should be more permissive than __bos in all cases, so this
change Should Be Fineā¢.
This change also makes GCC and clang share another function's
implementation (recv). I just realized we need to add special
diagnostic-related overloads bits for clang to it, but I can do that in
another patch.
Bug: None
Test: Bullhead builds and boots; CtsBionicTestCases passes.
Change-Id: I6818d0041328ab5fd0946a1e57321a977c1e1250
Dimitry Ivanov [Fri, 10 Feb 2017 19:04:20 +0000 (11:04 -0800)]
loader: fix d-tor call order
In the case when there are multiple dependencies on
the same library in the local_group the unload may
in some situations (covered now by tests) result
calling d-tors for some libraries prematurely.
In order to have correct call order loader checks if this
is last dependency in local group before adding it to BFS
queue.
Bug: http://b/
35201832
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Test: bionic-unit-tests-glibc --gtest_filter=dl*
Change-Id: I4c6955b9032acc7147a51d9f09b61d9e0818700c
Treehugger Robot [Fri, 10 Feb 2017 19:01:18 +0000 (19:01 +0000)]
Merge "Replace public library list with shared lib sonames (part 1/2)"
Dimitry Ivanov [Fri, 3 Feb 2017 22:07:34 +0000 (14:07 -0800)]
Replace public library list with shared lib sonames (part 2/2)
This commit updates interface of libdl.c.
1. android_init_namespaces is replaces with android_init_anonymous_namespace
2. added 2 arguments to android_create_namespace to specify linked namespace
and the list of shared libraries sonames.
3. symbol lookup does not get past boundary libraries (added check and test for it).
Bug: http://b/
26833548
Bug: http://b/
21879602
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I32921da487a02e5bd0d2fc528904d1228394bfb9
Dimitry Ivanov [Wed, 1 Feb 2017 23:28:52 +0000 (15:28 -0800)]
Replace public library list with shared lib sonames (part 1/2)
Replace public library list with shared lib sonames
which are property of a link between namespaces
This change does not touch any external interfaces
so from outside it behaves almost as it was before
One significant difference is that there is no longer
need to preload public libraries.
Bug: http://b/
26833548
Test: bionic-unit-tests --gtest_filter=dl*:Dl*
Change-Id: I57e44e18a9b4f07dcd6556436346be52f52b79d7
Treehugger Robot [Fri, 10 Feb 2017 06:24:31 +0000 (06:24 +0000)]
Merge "Removing the kuser_helper elf note from building"