| Age | Commit message (Collapse) | Author |
|---|
|
This is a copy of the upstream scudo test for CTS:
https://reviews.llvm.org/rG913d78c40c37c9c3428285d868ce454b058e40f3
Bug: 206701345
Test: CtsBionicTestCases
Merged-In: I76b6b33c0665d7ad3bdd8c07d39a39d0d24d94df
Change-Id: I76b6b33c0665d7ad3bdd8c07d39a39d0d24d94df
(cherry picked from commit f0d7a34e257494c7a0248e399849bb714bb9fcc4)
|
|
This works around buggy applications that read a few bytes past the
end of their allocation, which would otherwise cause a segfault with
the concurrent Scudo change that aligns large allocations to the right.
Because the implementation of
android_set_application_target_sdk_version() lives in the linker,
we need to introduce a hook so that libc is notified when the target
SDK version changes.
Bug: 181344545
Change-Id: Id4be6645b94fad3f64ae48afd16c0154f1de448f
|
|
Introduces new heap-zero-init API. We've realised that it's better to be
able to individually control MTE and heap zero-init. Having
heap-zero-init not be controllable without affecting MTE affects our
ability to turn off heap-zero-init in zygote-forked applications.
Bug: 135772972
Test: On FVP: atest -s localhost:5555 malloc#zero_init \
Test: malloc#disable_mte heap_tagging_level
Change-Id: I8c6722502733259934c699f4f1269eaf1641a09f
|
|
These were only available internally via android_mallopt(), but they're
likely to be needed by more code in future, so move them into mallopt().
This change leaves the android_mallopt() options for now, but I plan on
coming back to remove them after I've switched the handful of callers
over to mallopt() instead.
Bug: http://b/135772972
Test: treehugger
Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
|
|
Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.
Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
|
|
Bug: http://b/148307629
Test: treehugger
Change-Id: I3b1726ae55116f6553ea38fe163abdde179c21f0
|
|
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.
Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).
It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().
Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
|
|
This will allow platform and application developers to use it.
Bug: 163630045
Change-Id: If9a361cb97aaf62d3fa124b60f64d51d609af48d
|
|
Bug: 162092537
Test: Ran new unit tests.
Change-Id: I4b7d17a9e98166c03cd153eb9e9d847693914ea3
|
|
The SYNC tagging level enables stack trace collection for allocations and
deallocations, which allows allocation and deallocation stack traces to
appear in tombstones when encountering a tag check fault in synchronous tag
checking mode.
Bug: 135772972
Change-Id: Ibda9f51b29d2c8e2c993fc74425dea7bfa23ab1e
|
|
Test: treehugger
Change-Id: I5efc31f82a979fcd8d3051c72ed8e6201b3b0d1b
|
|
The tag level may now be async, which is now the default. When the tag level
is set to none, memory tagging is disabled in the allocator using the new
API proposed in https://reviews.llvm.org/D70762 .
Bug: 135772972
Change-Id: I847f5822a70913c446ed9ffa13792177bbfc96af
|
|
Scudo implemented malloc_info for the primary allocator, so add some
small amount of validation.
Test: Ran the malloc_info tests and verified they pass.
Change-Id: Ib7c609e46cc1ed73fa5c042df92fa9b568880f21
|
|
The alloc after fork is a test that should pass, but jemalloc
doesn't right now. Leave the test disabled until the native
allocator can pass this.
Test: Ran the test 1000 times on glibc to verify it passes.
Test: On device, verified it does not run.
Change-Id: I482af4db2fee81c947ac081c7a6f25a2aff80350
|
|
Test: Compiles and test passes.
Change-Id: I8d19431ded97f5a8e7baa0c85b9496eddd36a25a
|
|
|
|
This patch refactors heapprofd_malloc to make it easier to reuse the
reserved signal for multiple purposes. We define a new generic signal
handler for profilers, which dispatches to more specific logic based on
the signal's payload (si_value).
The profiler signal handler is installed during libc preinit, after
malloc initialization (so races against synchronous heapprofd
initialization need not be considered). In terms of code organization, I
copied the existing approach with a loosely referenced function in
bionic_globals.h. Do tell if you'd rather a different approach here.
The profileability of a process is quite tied to the malloc
files/interfaces in bionic - in particular, it's set through
android_mallopt. I do not change that, but instead introduce a new
android_mallopt option to be able to query profileability of the
process (which is now used by the new profiler signal handler). As part
of that, gZygoteChildProfileable is moved from heapprofd_malloc to
common (alongside gZygoteChild).
I've removed the masking and reraising of the heapprofd signal when
racing against malloc_limit init. We're ok with taking a simpler
approach and dropping the heapprofd signal in such an unlikely race.
Note: this requires a corresponding change in heapprofd to use sigqueue()
instead of kill(), as the latter leaves the si_value uninitialized(?) on
the receiving side.
Bug: 144281346
Change-Id: I93bb2e82cff5870e5ca499cf86439860aca9dfa5
|
|
Bug: 146576216
Test: Ran the test on jemalloc and glibc.
Test: Ran the test on scudo and verified that failed without the align
Test: change.
Change-Id: I31a96f8672c6bce2423210300288a13df1eda42a
|
|
When using a FILE object for some malloc debug functions, calling
fprintf will trigger an allocation to be put in the object. The problem
is that these allocations were not allocated by the malloc debug
wrapper and they get freed during the fclose as if they are malloc
debug allocation. In most cases, the code will detect the bad pointer
and leak the memory, but it might also cause a crash.
The fix is to avoid using fprintf so that no allocations are made
in the object that survive and need to be freed in the fclose call.
Change the MallocXmlElem.h to use a file decsriptor not a FILE object.
Add new unit and system tests to detect this case.
Bug: 143742907
Test: Ran unit and system tests.
Test: Ran bionic unit tests.
Change-Id: I524392de822a29483aa5be8f14c680e70033eba2
|
|
As the first pass, the malloc_info for scudo doesn't return anything.
This feature is hardly ever used, so this seems fine for the first
revision.
Bug: 137795072
Test: Ran unit tests on a taimen using scudo and a taimen using jemalloc.
Change-Id: I675386ae17ba5505c27bd9da12c60242d795464a
|
|
Instead of having platform directories directly include the
private header, create a platform header directory and export it.
Bug: 130763340
Test: Builds.
Change-Id: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
Merged-In: Ie0f092b3fe077a3de8b90266c0b28bfbc20d0dfa
(cherry picked from commit 8f582ef2f8a77d953d0e9f33387f592d20f852e2)
|
|
In order for cts to enumerate tests, even tests that are not supported
need to run and be skipped. Make this true for pvalloc/valloc
tests.
Change-Id: I863a179ee6810824a7117f44cc9aa3f86d01eb5b
Test: Ran tests in 32 bit and 64 bit and verified tests are skipped in
Test: 64 bit and run properly in 32 bit.
|
|
Found by kostyak, the call should have been valloc, not pvalloc.
Test: Ran unit tests on taimen.
Change-Id: I676b8f3f8051be6768e2ad87b579844560b4f619
|
|
Also change the names of some of the functions to make it very obvious
that the functions being called are in je code.
Write new test to make sure mallinfo and malloc_info match.
Bug: 131864803
Test: New unit tests pass (along with all other bionic unit tests).
Change-Id: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
Merged-In: I26eda7e64f57a8c56cc8d70e3ed6a29dcb87f630
(cherry picked from commit 125d32cb469d8e31f656543c3ad7b82154bc1689)
|
|
These went in while we were waiting for the infrastructure to catch up.
Test: treehugger
Change-Id: I1179d1aba8f1369d320f82705958b36c6930babf
|
|
|
|
HWASan does not implement malloc_info.
Test: bionic-unit-tests with SANITIZE_TARGET=hwaddress
Change-Id: I61d50d9110fbca1784ed39950ed6c5540ca0c9a7
|
|
Introduce an M_SET_ALLOCATION_LIMIT enumerator for android_mallopt(),
which can be used to set an upper bound on the total size of all
allocations made using the memory allocation APIs.
This is useful for programs such as audioextractor and mediaserver
which need to set such a limit as a security mitigation. Currently
these programs are using setrlimit(RLIMIT_AS) which isn't exactly
what these programs want to control. RLIMIT_AS is also problematic
under sanitizers which allocate large amounts of address space as
shadow memory, and is especially problematic under shadow call stack,
which requires 16MB of address space per thread.
Add new unit tests for bionic.
Add new unit tests for malloc debug that verify that when the limit
is enabled, malloc debug still functions for nearly every allocation
function.
Bug: 118642754
Test: Ran bionic-unit-tests/bionic-unit-tests-static.
Test: Ran malloc debug tests and perfetto integration tests.
Change-Id: I735403c4d2c87f00fb2cdef81d00af0af446b2bb
|
|
Also be a bit more to the point in our messages, focusing on "why" not
"what".
Test: ran tests
Change-Id: I297806c7a102bd52602dcd2fcf7a2cd34aba3a11
|
|
malloc_info needs to be per native allocator, but the code treated it
like a global function that doesn't depend on the native memory allocator.
Update malloc debug to dump the actual pointers that it has been tracking.
Test: bionic-unit-tests pass.
Test: malloc debug tests pass.
Test: malloc hook tests pass.
Change-Id: I3b0d4d748489dd84c16d16933479dc8b8d79013e
Merged-In: I3b0d4d748489dd84c16d16933479dc8b8d79013e
(cherry picked from commit a3656a98b10d2a4a6194a5d9705ad9c2cc5877b0)
|
|
The pieces:
- The malloc common shared by static and dynamic code (malloc_common.cpp).
- The code for shared libraries that includes any dlopen'ing
(malloc_common_dynamic.cpp).
- The implementation of perfetto's heapprofd (malloc_heapprofd.cpp).
This makes it easier to see what's going on in the many different areas.
It should also make it easier to add the allocation capping option.
Other related changes:
- Update the unit tests for android_mallopt. All of the current options
don't work on static binaries, so make sure that is reflected in the test.
- A few names changes to make sure that all code is consistent.
Test: Ran tests (malloc hooks/malloc debug/perfetto/bionic unit tests).
Change-Id: I0893bfbc0f83d82506fac5d1f37cf92fbdef6f59
|
|
The test was really only supposed to verify that mallinfo eventually
increase after allocations of certain sizes. Sometimes the mallinfo
returned decreases due to some compaction event, so don't fail in that
case.
Bug: 124060188
Test: Ran the test 2000 times (32 bit and 64 bit). It would fail within about
Test: 200 test iterations before.
Change-Id: Ie019107be163dcf275cedf4d1bc5759278def483
|
|
|
|
The tests were patched earlier to run with tagging heap allocator.
This change enables hwasan code instrumentation in the tests themselves,
and fixes the issues that arise, mainly in the code that:
* compares addresses of unrelated stack variables
* compares address of a stack variable with stack limits as found in
/proc/self/maps
* writes address of a stack variable to a hardware watchpoint register
etc.
Note that static tests are broken at the moment, like all static
binaries. Dynamic tests pass 100% with this change.
Bug: 114279110, 124007027
Test: SANITIZE_TARGET=hwaddress; run dynamic bionic tests
Change-Id: I68b8df9dd3e30b47734ddc083811a75a7f27deaa
|
|
On user builds, heapprofd should only be allowed to profile apps that
are either debuggable, or profileable (according to the manifest). This
change exposes extra zygote-specific knowledge to bionic, and makes the
dedicated signal handler check for the special case of being in a zygote child.
With this & the corresponding framework change, we should now be
handling the 4 combinations of:
{java, native} x {profile_at_runtime, profile_at_startup}.
See internal go/heapprofd-java-trigger for further context.
Test: on-device unit tests (shared & static) on blueline-userdebug.
Test: flashed blueline-userdebug, confirmed that java profiling activates from startup and at runtime.
Bug: 120409382
Change-Id: Ic251afeca4324dc650ac1d4f46976b526eae692a
(cherry picked from commit 998792e2b6e1b84222b5d124f13ecdcb446cb22f)
Merged-In: Ic251afeca4324dc650ac1d4f46976b526eae692a
|
|
Bug: 119580449
Test: Test passes.
Change-Id: Ib605e550b7d6d8fd2336ad61b678a7e63f8ecffb
|
|
Test: Unit tests pass.
Change-Id: If213f4338078011ff12996c1b2a6f6858b51d824
|
|
* HWASan report invalid use of the allocator api (like alignment not
being power of two, or allocation size too large) in a way tests do not
expect.
* Code in .preinit_array runs before HWASan shadow is initialized and
needs to be excluded from instrumentation.
* It looks that mm system calls (mmap/mprotect/etc) will not allow
tagged pointers. In fact, the use of mprotect on malloc()ed memory is
doubtful - one can imagine some kind of speculative load from such
memory, as compiler knows that it is addressable.
Bug: 114279110
Test: bionic-unit-tests with hwasan
Change-Id: I6ba4b46a0d554de77c923ad134cf156ce4ddba1b
|
|
Originally a BSD extension, now in glibc too. We've used it internally
for a while.
(cherry-pick of e4b13f7e3ca68edfcc5faedc5e7d4e13c4e8edb9.)
Bug: http://b/112163459
Test: ran tests
Change-Id: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
Merged-In: I813c3a62b13ddb91ba41e32a5a853d09207ea6bc
|
|
Fixes -Wzero-as-null-pointer-constant warning.
Test: m
Bug: 68236239
Change-Id: I5b4123bc6709641315120a191e36cc57541349b2
|
|
Move all tests into stdlib_test.cpp since that's where the definition lives
in bionic.
Add a sweep test and a various size test.
Test: Run new unit tests on glibc and angler.
Change-Id: Ief1301f402bea82ce90240500dd6a01636dbdbae
|
|
Add the mallopt function, and only a single option so far.
Bug: 36401135
Test: Built and booted bullhead.
Test: Ran jemalloc unit tests.
Test: Ran bionic unit tests.
Test: Ran a test that allocated and free'd a large piece of memory,
Test: and verified that after changing the parameter, the PSS
Test: sticks around (decay timer set to 1), the PSS is purged (decay
Test: timer set to 0).
Change-Id: I6927929b0c539c1023d34772d9e26bb6a8a45877
|
|
In order to enforce this constraint:
The pointer returned if the allocation succeeds shall be suitably
aligned so that it may be assigned to a pointer to any type of object
and then used to access such an object in the space allocated.
Force all allocations on 32 bit systems to have 8 byte alignment,
and all allocations on 64 bit systems to have 16 byte alignment.
Add a test to verify that the allocator returns the correct alignments.
Bug: 26739265
Change-Id: I9af53279617408676b94e4ec6481b3ed7ffafc6a
|
|
POSIX lets us return null and set errno, but that would be annoying and
surprising.
Bug: http://b/27101951
Change-Id: I320a8a14884abb806a8d30e3e6cf1ede28b49335
|
|
Under some circumstances, doing a calloc will make sure that the memory
returned will be zero up to the size of the requested size. However, if
there is more usable size than the requested size, that extra part
of the allocation will not be zeroed. This change fixes it so that the
entire usable memory is always zeroed.
Change-Id: I8a66d6767c074023c4ba3568bf2705e1886740fc
|
|
Expose jemalloc stats through the malloc_info(3) interface.
Bug: 16874689
Change-Id: I4358ac283002e60ff161107028d1a3fb1e9afb0a
|
|
This allows an easier way to share config parameters between unit tests
and the bionic code.
It also fixes a problem where the 32 bit bionic tests based on glibc, or
the cts list executable did not have the pvalloc,valloc tests.
Change-Id: Ib47942cb8a278252faa7498a6ef23e9578db544f
|
|
This reverts commit a04d2bc28e7d7fcaf34ad71e4a6608a13cf84197.
Change-Id: I1b49165ca5d4bafdba7948818256a6167a363aca
|
|
This reverts commit 5ee320dd35fafc11eaf90c62198e08c6670e35b4.
Change-Id: I1a9c6b06c3aca595f01c629f7649be743dc48e77
|
|
These were removed from POSIX 2004. Hides the header declarations for all
targets, and hides the symbols for LP64.
Bug: 13935372
Change-Id: Id592f67e9b7051517a05f536e1373b30162e669c
|
