diff options
| -rw-r--r-- | OWNERS | 4 | ||||
| -rw-r--r-- | README.md | 55 | ||||
| -rw-r--r-- | libc/async_safe/Android.bp | 1 | ||||
| -rw-r--r-- | libc/bionic/android_set_abort_message.cpp | 4 | ||||
| -rw-r--r-- | libc/bionic/gwp_asan_wrappers.cpp | 15 | ||||
| -rw-r--r-- | libc/malloc_debug/Android.bp | 1 | ||||
| -rw-r--r-- | libc/malloc_debug/tests/malloc_debug_unit_tests.cpp | 3 | ||||
| -rw-r--r-- | libc/malloc_hooks/tests/malloc_hooks_tests.cpp | 1 | ||||
| -rw-r--r-- | linker/linker.cpp | 7 | ||||
| -rw-r--r-- | tests/Android.bp | 1 | ||||
| -rw-r--r-- | tests/NOTICE | 28 | ||||
| -rw-r--r-- | tests/android_set_abort_message_test.cpp | 43 |
12 files changed, 141 insertions, 22 deletions
@@ -2,9 +2,5 @@ enh@google.com cferris@google.com danalbert@google.com -hhb@google.com rprichard@google.com yabinc@google.com - -# Still the best reviewer for changes related to the dynamic linker. -dimitry@google.com @@ -147,11 +147,11 @@ this system call?". The answer is usually "no". The answer is "yes" if the system call is part of the POSIX standard. The answer is probably "yes" if the system call has a wrapper in at -least one other C library. +least one other C library (typically glibc/musl or Apple's libc). The answer may be "yes" if the system call has three/four distinct -users in different projects, and there isn't a more specific library -that would make more sense as the place to add the wrapper. +users in different projects, and there isn't a more specific higher-level +library that would make more sense as the place to add the wrapper. In all other cases, you should use [syscall(3)](http://man7.org/linux/man-pages/man2/syscall.2.html) instead. @@ -166,14 +166,47 @@ Adding a system call usually involves: the appropriate POSIX header file in libc/include/ includes the relevant file or files. 3. Add function declarations to the appropriate header file. Don't forget - to include the appropriate `__INTRODUCED_IN()`. - 4. Add the function name to the correct section in libc/libc.map.txt. - 5. Add at least basic tests. Even a test that deliberately supplies - an invalid argument helps check that we're generating the right symbol - and have the right declaration in the header file, and that you correctly - updated the maps in step 5. (You can use strace(1) to confirm that the - correct system call is being made.) - + to include the appropriate `__INTRODUCED_IN()`. If you need to create a new + header file, libc/include/sys/sysinfo.h is a good short example to copy and + paste from. + 4. Add basic documentation to the header file. libc/include/sys/sysinfo.h is a + good short example that shows the expected style. Most of the detail + should actually be left to the man7.org page, with only a brief + one-sentence explanation in our documentation. Alway include the return + value/error reporting details. Explicitly say which version of Android the + function was added to. Explicitly call out any Android-specific + changes/additions/limitations because they won't be on the man7.org page. + 5. Add the function name to the correct section in libc/libc.map.txt. + 6. Add a basic test. Don't try to test everything; concentrate on just testing + the code that's actually in *bionic*, not all the functionality that's + implemented in the kernel. For simple syscalls, that's just the + auto-generated argument and return value marshalling. + + A trivial test that deliberately supplies an invalid argument helps check + that we're generating the right symbol and have the right declaration in + the header file, and that the change to libc.map.txt from step 5 is + correct. (You can use strace(1) manually to confirm that the correct + system call is being made.) + + For testing the *kernel* side of things, we should prefer to rely on + https://github.com/linux-test-project/ltp for kernel testing, but you'll + want to check that external/ltp does contain tests for the syscall you're + adding. Also check that external/ltp is using the libc wrapper for the + syscall rather than calling it "directly" via syscall(3)! + +Some system calls are harder than others. The most common problem is a 64-bit +argument such as `off64_t` (a *pointer* to a 64-bit argument is fine, since +pointers are always the "natural" size for the architecture regardless of the +size of the thing they point to). Whenever you have a function that takes +`off_t` or `off64_t`, you'll need to consider whether you actually need a foo() +and a foo64(), and whether they will use the same underlying system call or are +implemented as two different system calls. It's usually easiest to find a +similar system call and copy and paste from that. You'll definitely need to test +both on 32-bit and 64-bit. (These special cases warrant more testing than the +easy cases, even if only manual testing with strace. Sadly it isn't always +feasible to write a working test for the interesting cases -- offsets larger +than 2GiB, say -- so you may end up just writing a "meaningless" program whose +only purpose is to give you patterns to look for when run under strace(1).) ## Updating kernel header files diff --git a/libc/async_safe/Android.bp b/libc/async_safe/Android.bp index e4a583774..531317d15 100644 --- a/libc/async_safe/Android.bp +++ b/libc/async_safe/Android.bp @@ -36,6 +36,7 @@ cc_library_static { "com.android.art.debug", "com.android.media", "com.android.media.swcodec", + "com.android.virt", ], min_sdk_version: "apex_inherit", } diff --git a/libc/bionic/android_set_abort_message.cpp b/libc/bionic/android_set_abort_message.cpp index 2ea12ee54..d5f8cb97f 100644 --- a/libc/bionic/android_set_abort_message.cpp +++ b/libc/bionic/android_set_abort_message.cpp @@ -77,6 +77,10 @@ void android_set_abort_message(const char* msg) { return; } + if (msg == nullptr) { + msg = "(null)"; + } + size_t size = sizeof(magic_abort_msg_t) + strlen(msg) + 1; void* map = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0); if (map == MAP_FAILED) { diff --git a/libc/bionic/gwp_asan_wrappers.cpp b/libc/bionic/gwp_asan_wrappers.cpp index 8c513475d..79b4b69c7 100644 --- a/libc/bionic/gwp_asan_wrappers.cpp +++ b/libc/bionic/gwp_asan_wrappers.cpp @@ -144,10 +144,21 @@ size_t gwp_asan_malloc_usable_size(const void* mem) { } void* gwp_asan_realloc(void* old_mem, size_t bytes) { + // GPA::pointerIsMine(p) always returns false where `p == nullptr` (and thus + // malloc(bytes) is requested). We always fall back to the backing allocator, + // technically missing some coverage, but reducing an extra conditional + // branch. if (__predict_false(GuardedAlloc.pointerIsMine(old_mem))) { - size_t old_size = GuardedAlloc.getSize(old_mem); + if (__predict_false(bytes == 0)) { + GuardedAlloc.deallocate(old_mem); + return nullptr; + } void* new_ptr = gwp_asan_malloc(bytes); - if (new_ptr) memcpy(new_ptr, old_mem, (bytes < old_size) ? bytes : old_size); + // If malloc() fails, then don't destroy the old memory. + if (__predict_false(new_ptr == nullptr)) return nullptr; + + size_t old_size = GuardedAlloc.getSize(old_mem); + memcpy(new_ptr, old_mem, (bytes < old_size) ? bytes : old_size); GuardedAlloc.deallocate(old_mem); return new_ptr; } diff --git a/libc/malloc_debug/Android.bp b/libc/malloc_debug/Android.bp index f779b73a1..c7c88e13c 100644 --- a/libc/malloc_debug/Android.bp +++ b/libc/malloc_debug/Android.bp @@ -133,6 +133,7 @@ cc_test { include_dirs: [ "bionic/libc", "bionic/libc/async_safe/include", + "bionic", // For SKIP_WITH_HWASAN. ], header_libs: [ diff --git a/libc/malloc_debug/tests/malloc_debug_unit_tests.cpp b/libc/malloc_debug/tests/malloc_debug_unit_tests.cpp index 46de3e93e..84f0645b2 100644 --- a/libc/malloc_debug/tests/malloc_debug_unit_tests.cpp +++ b/libc/malloc_debug/tests/malloc_debug_unit_tests.cpp @@ -43,6 +43,7 @@ #include <platform/bionic/macros.h> #include <private/bionic_malloc_dispatch.h> +#include <tests/utils.h> #include <unwindstack/Unwinder.h> @@ -2063,6 +2064,7 @@ TEST_F(MallocDebugTest, max_size) { } TEST_F(MallocDebugTest, debug_mallinfo) { + SKIP_WITH_HWASAN; Init("guard"); void* pointer = debug_malloc(150); @@ -2475,6 +2477,7 @@ TEST_F(MallocDebugTest, abort_on_error_header_tag_corrupted) { } TEST_F(MallocDebugTest, malloc_info_no_pointer_tracking) { + SKIP_WITH_HWASAN; Init("fill"); TemporaryFile tf; diff --git a/libc/malloc_hooks/tests/malloc_hooks_tests.cpp b/libc/malloc_hooks/tests/malloc_hooks_tests.cpp index ca064c2fe..d16270fc6 100644 --- a/libc/malloc_hooks/tests/malloc_hooks_tests.cpp +++ b/libc/malloc_hooks/tests/malloc_hooks_tests.cpp @@ -178,6 +178,7 @@ void MallocHooksTest::test_free_hook(void* ptr, const void* arg) { } TEST_F(MallocHooksTest, other_malloc_functions) { + SKIP_WITH_HWASAN; // HWASan does not implement mallinfo. RunTest("*.DISABLED_other_malloc_functions"); } diff --git a/linker/linker.cpp b/linker/linker.cpp index 3488f5cc7..c6588d2cd 100644 --- a/linker/linker.cpp +++ b/linker/linker.cpp @@ -3351,18 +3351,15 @@ static std::vector<android_namespace_t*> init_default_namespace_no_config(bool i } // Given an `executable_path` starting with "/apex/<name>/bin/, return -// "/linkerconfig/<name>/ld.config.txt" (or "/apex/<name>/etc/ld.config.txt", if -// the former does not exist). +// "/linkerconfig/<name>/ld.config.txt", which is the auto-generated config file for the APEX by the +// linkerconfig tool. static std::string get_ld_config_file_apex_path(const char* executable_path) { std::vector<std::string> paths = android::base::Split(executable_path, "/"); if (paths.size() >= 5 && paths[1] == "apex" && paths[3] == "bin") { - // Check auto-generated ld.config.txt first std::string generated_apex_config = "/linkerconfig/" + paths[2] + "/ld.config.txt"; if (file_exists(generated_apex_config.c_str())) { return generated_apex_config; } - - return std::string("/apex/") + paths[2] + "/etc/ld.config.txt"; } return ""; } diff --git a/tests/Android.bp b/tests/Android.bp index 48149c7aa..2ea6087c3 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -343,6 +343,7 @@ cc_test_library { "__cxa_demangle_test.cpp", "alloca_test.cpp", "android_get_device_api_level.cpp", + "android_set_abort_message_test.cpp", "arpa_inet_test.cpp", "async_safe_test.cpp", "assert_test.cpp", diff --git a/tests/NOTICE b/tests/NOTICE index c9b65d07b..8c3483c3b 100644 --- a/tests/NOTICE +++ b/tests/NOTICE @@ -382,3 +382,31 @@ SUCH DAMAGE. ------------------------------------------------------------------- +Copyright (C) 2022 The Android Open Source Project +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +------------------------------------------------------------------- + diff --git a/tests/android_set_abort_message_test.cpp b/tests/android_set_abort_message_test.cpp new file mode 100644 index 000000000..d6553dedd --- /dev/null +++ b/tests/android_set_abort_message_test.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> + +#include <gtest/gtest.h> + +#if defined(__BIONIC__) +extern "C" void android_set_abort_message(const char* msg); +#endif + +TEST(android_set_abort_message_test, nullptr_check) { +#if defined(__BIONIC__) + android_set_abort_message(nullptr); +#else + GTEST_SKIP() << "This test is only supported on bionic."; +#endif +} |