| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| | |
Android 13.0.0 Release 16 (TQ1A.221205.011)
Change-Id: Ia6fdd3c05b816b90857703aeaf42bfd3b0f20cbe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds persistent sysprops for test infra usage, and adds the tests for
the sysprops.
The test does some fancy flocking in order to restore any existing
GWP-ASan sysprop usage in the test cleanup.
Bug: 236738714
Test: atest bionic-unit-tests
Ignore-AOSP-First: cherry-pick to internal branch
Change-Id: I8956296d39c98ce8c7dd0a703b240530d8ad48db
Merged-In: I8956296d39c98ce8c7dd0a703b240530d8ad48db
|
| | |
| |
| |
| | |
Change-Id: Ide51c086d2570aa5ecf28868e13f4f1672a4ff8a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Scudo seems to have issues with camera blobs,
which also the case with google devices.
https://android-review.googlesource.com/q/topic:%22disable-camera24-memory-mitigations%22+(status:open%20OR%20status:merged)
These changes are applied upstream and needed much more
commits in various components which makes it difficult to backport.
Therefore add option to disable scudo only for 32 bit components,
like camera modules.
Change-Id: Ie4e62477b0801413827007c511e547b12ea2f46d
|
| | |
| |
| |
| |
| |
| |
| | |
A lot of blobs still link this even on 8.1, so allow
devices to build a vendor copy of it.
Change-Id: I2349478ec0507e3a5136fe89f15e7dc4bfc1a03e
|
| |/
|
|
| |
Change-Id: Iad92c39fb729538cf51bf9d9037b15515104b453
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've had complaints about ubsan issues for years, but never got to the
bottom of them, or saw them ourselves in testing. For some reason (still
not understood) we've started to see this ourselves in T and downstream
branches. So for now, let's just punch that extra hole.
Longer term, ubsan should stop needing any of this, so once
https://reviews.llvm.org/D124212 is in an LTS NDK, we should be able to
get rid of this _and_ the existing sanitizer-related holes.
Bug: https://github.com/android/ndk/issues/1298
Bug: http://b/229989971
Test: treehugger
Change-Id: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8
(cherry picked from commit a0745cea5f8510c6bb53dfda16dcba9cca0905d1)
Merged-In: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux kernel's close_range() system call (currently) allows:
close() unshare() fcntl(F_SETFD, FD_CLOEXEC)
to be performed on ranges of fds.
All 3 of these are already allowed by seccomp bpf:
as such this doesn't allow you to do anything you can't already do.
We can't add close_range() properly to bionic because we'd need to
fiddle about with ltp and it's too late to add new T API anyway,
so let's just make the direct syscall() call.
We'll add proper support in U.
See also:
https://man7.org/linux/man-pages/man2/close_range.2.html
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I85586d544fc23bed6aee59f00bdb79ee7a8150d1
Merged-In: I85586d544fc23bed6aee59f00bdb79ee7a8150d1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new posix_spawn attribute flag marks all file descriptors
(except stdin/out/err) as close-on-exec before executing any user
registered file actions (posix_spawn_file_actions_addopen/adddup2).
Test: TreeHugger
Bug: 229913920
Original change: https://android-review.googlesource.com/c/platform/bionic/+/1955269
Merged-In: If458100d6a253a9b0348d4e93a9a610225f89615
Change-Id: If458100d6a253a9b0348d4e93a9a610225f89615
Signed-off-by: Maciej Żenczykowski <maze@google.com>
(cherry picked from commit fb66c0c345f17d740b6a2ef7755f768dd5bd96ee)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This value was changed from 64 to 32, but it really should not
have gone down. So fixing back to 64 manually, and then the
next kernel header update should remove the comment but leave
the value unchanged.
Bug: 228783882
Test: Compiles.
(cherry picked from commit 880308daa00c0412a2cfc598fc46ecdbbead8ff1)
Change-Id: I2d81d7bc76fcaa905dce0abb094d61d02c481a5e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:
1. "Torture testing" the system, i.e. running it under an extremely
high sampling rate under GWP-ASan.
2. Increasing sampling remotely to allow further crash report
collection of rare issues.
There are three sets of system properites:
1. libc.debug.gwp_asan.*.system_default: Default values for native
executables and system apps.
2. libc.debug.gwp_asan.*.app_default: Default values for non-system
apps, and
3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
individual app or native process.
There are three variables that can be changed:
1. The allocation sampling rate (default: 2500) - using the environment
variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
system property.
2. The process sampling rate (default: 128 for system apps/processes, 1
for opted-in apps) - using the environment variable
GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
system property,
3. The number of slots available (default: 32) - using the environment
variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
system property.
If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Test: m ndk
Bug: http://b/190554910
Change-Id: Ideb0c6d8ac5428c2ebe211393929f1d5c891dfba
|
| | | |
| | |
| | |
| | | |
Change-Id: I83681d2191bf4184e52d84d1107d61065927bb24
|
| | | |
| | |
| | |
| | |
| | | |
Bug: 227801493
Change-Id: I85630fe11b42d8d45ce63f279bb0fbcc635f8afb
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If a process is failing due to out of memory, some code calls
android_set_abort_message with a nullptr. Specifically, the libc++
library std::terminate can call do this. In this case, put a
null in the abort message.
Test: Call with nullptr and verify the code does not crash.
Test: Modified crasher to set an abort message and set a null abort
Test: message. Ran both, verified the abort message displays in
Test: first case, and doesn't display in the second case.
Change-Id: Ia9250f47e4537853ce93bbb20b35915a78caa502
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Two edge cases were found in aosp/2038947:
1. realloc(p, 0) == free() and returns nullptr. Previously, we just
returned a new pointer.
2. If the malloc() part of realloc() fails (e.g. when the size of the
allocation is 1 << 56), then the old memory shouldn't be destroyed.
Bug: N/A
Test: Covered using atest bionic-unit-tests using aosp/2038947.
Change-Id: Ibafc752787129922a1e0323ffa14221d6a14f108
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is required because virtualization_service use
libtombstoned_client_rust which has transitive dependency on
libasync_safe
Test: atest MicrodroidHostTestCases
Bug: 202153827
Change-Id: I9e670d02995f9ed9e67791aaecb300b6bfdbdb03
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Those aren't implemented.
Test: passes on forrest.
Change-Id: I1a00f5e8ff1aba8f0e25ce589281ed3bfa9d0a5c
|
| |/ /
| |
| |
| |
| | |
Bug: 227801493
Change-Id: I98b0c2d1a9dc450b97d2de5c02c68bcfd38088bf
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clang has its own limits.h which is ahead of ours on the inclusion
path. This header uses include_next to include our header, but only
in hosted mode. This means that in freestanding mode we don't get our
limits.h macro definitions, including LONG_BIT. This ends up causing
our signal.h to produce errors when included in freestanding mode on
32-bit platforms.
Fix the errors by replacing usage of LONG_BIT with (8 * sizeof(long))
in the signal headers.
Change-Id: I18ec7b6876d5f862beae09f0c011128eef97c869
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Kernel headers coming from:
Git: https://android.googlesource.com/kernel/common/
Branch: android-mainline
Tag: android-mainline-5.17
Test: Boots on a flame and all bionic unit tests pass.
Change-Id: I7057d7308241f3acfa600597d287994c39ababbc
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Revert submission 1954983-master-I3030c47be9d02a27505bd4775c1982a20755758c
Reason for revert: PAC has shipped with S, and we're going with app compat outreach rather than regressing security.
Reverted Changes:
I3030c47be:Disable pointer authentication in app processes.
I3030c47be:Disable pointer authentication in app processes.
Change-Id: I8761f08ddbd9077ff98b1a9a0c323de968792778
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The clang prebuilts now provide a single module with per-architecture
variants instead of a module per architecture.
Bug: 220019988
Test: m checkbuild
Ignore-AOSP-First: topic contains vendor projects
Change-Id: I079f36f94b13e06d59a16cf665b65db76084021a
Merged-In: I079f36f94b13e06d59a16cf665b65db76084021a
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Modify libfdtrack to use the normal Unwinder object. In addition,
update the libfdtrack so that it doesn't record frames in
libfdtrack.so rather than skipping frames it thinks will be in
the library.
Modify the malloc debug code to use the normal Unwinder object.
Bug: 120606663
Test: All unit tests pass.
Change-Id: I3c9612dd10e62389e6219e68045ee87f7b2625f5
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The wrap.<APP> property was broken in Android 12, so provide documentation
about how to workaround it.
Test: NA
Change-Id: I98fdc5801997492442802e1295fb6969f9190e1c
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
I removed the bionic/scudo directory a while ago, but I must have
missed removing the subdirs from the Android.bp file.
Test: Builds.
Change-Id: I3e2a1f42b91273a566e587e923c7c3889a71ed17
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the bionic NOTICE file to cover the headers included in the
musl sysroot.
Bug: 190084016
Test: examine libc_musl_sysroot.zip
Change-Id: I2b5e1b89e997ac370983e5959a83f09cdcc240e8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug: http://b/197147102
versioner in aosp/1997532 is built with clang-r445002 and understands
the new attribute.
Test: mmma bionic
Change-Id: Ia3e3c3840e6013446d2679587b72011aff8c50eb
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
dup2(2) is a no-op if the new and old fds are equal, but it's pretty
clear that any useful caller in the posix_spawn(3) context wants us to
clear O_CLOEXEC even if we don't actually "move" the fd.
Bug: https://www.austingroupbugs.net/view.php?id=411
Test: treehugger
Change-Id: I5ce1a1f9216df5afd295cc9e35b84527873e9541
|
| |/ /
| |
| |
| |
| |
| | |
Bugs: None
Test: None
Change-Id: I889015b89b85e222e26f8aa20e35d46a86a0cb7c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For the perf profiling signal handler to succeed in opening
/proc/self/mem, the process needs to be marked as dumpable in posix
terms. This patch addresses a scenario since Android S where the process
is considered profileable, but is not dumpable on "user" builds. The
solution is to mark the process as dumpable while opening the procfs
descriptors, restoring the original value afterwards. This is the same
approach as the heapprofd heap profiler, which performs the override
within the loaded client library [1].
The particular scenario being addressed is:
* user build
* app does not explicitly opt into being profiled by shell
* app does not explicitly opt out of all profiling
In this case, the app is considered profileable by the platform (but NOT
shell). Therefore ActivityThread marks the process as profileable [2],
but the zygote keeps the process as undumpable as it considers the
profileability from the shell domain [3]. We could change the logic in
the zygote to leave such processes in the dumpable state, but the
override within the signal handler is considered to be more contained as
the dumpability is only needed temporarily.
This override would also apply for any non-dumpable native services that
are signalled for profiling, which is also desireable for profiling
coverage.
This change does not elide any of the existing profileability
checks by the signal handler's preamble and the profiler itself.
[1]
https://cs.android.com/android/platform/superproject/+/master:external/perfetto/src/profiling/memory/client.cc;l=184;drc=78cd82ba31233ce810618e07d349fd34efdb861d
[2]
https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/app/ActivityThread.java;l=6610;drc=de9cf3392d7872c2bee69b65a614e77bb166b26e
[3]
https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/jni/com_android_internal_os_Zygote.cpp;l=1680;drc=master
Tested: clock app on barbet-user succeeds in opening the procfs
descriptors within the signal handler.
Tested: systemwide profiling on sargo-userdebug works as before.
Bug: 196810669
BYPASS_INCLUSIVE_LANGUAGE_REASON=referencing the name of a cmdline utility
Change-Id: Id621d4312418ff0736c97065e9ee577ff67f40da
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, the ELF note parsing in the loader is not permissive. This
patch relaxes the restrictions on the bits of the ELF note that could be
extended in the future.
This may allow more MTE options in apexes. If we add some extra metadata
bit (say, in bit 5) in the future, and then build MTE into every apex,
we don't want it to crash on Android 13 devices (we'd much rather it
just be a no-op).
Remove the (unused anywhere) NT_MEMTAG_DEFAULT and call it
NT_MEMTAG_NONE.
And finally, make the tests work on bionic-unit-tests-static. We
previously didn't deploy the test binaries, so add them as a data
dependency.
Bug: N/A
Test: atest bionic-unit-tests-static
Change-Id: I13530faad55c719c6eb848297f8ce378e18afbfc
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The bp2build build is failing with:
ERROR: /buildbot/src/android/master/out/soong/workspace/bionic/libc/BUILD.bazel:3187:8: Label '//bionic/libc:execinfo/include/execinfo.h' is duplicated in the 'srcs' attribute of rule 'libc_musl_sysroot_bionic_headers'
ERROR: /buildbot/src/android/master/out/soong/workspace/bionic/libc/BUILD.bazel:3187:8: Label '//bionic/libc:kernel/android/uapi/linux/compiler.h' is duplicated in the 'srcs' attribute of rule 'libc_musl_sysroot_bionic_headers'
ERROR: /buildbot/src/android/master/out/soong/workspace/bionic/libc/BUILD.bazel:3187:8: Label '//bionic/libc:b64/include/bionic/b64.h' is duplicated in the 'srcs' attribute of rule 'libc_musl_sysroot_bionic_headers'
ERROR: /buildbot/src/android/master/out/soong/workspace/bionic/libc/BUILD.bazel:3187:8: Label '//bionic/libc:kernel/uapi/linux/capability.h' is duplicated in the 'srcs' attribute of rule 'libc_musl_sysroot_bionic_headers'
ERROR: /buildbot/src/android/master/out/soong/workspace/bionic/libc/BUILD.bazel:3187:8: Label '//bionic/libc:kernel/android/scsi/scsi/scsi.h' is duplicated in the 'srcs' attribute of rule 'libc_musl_sysroot_bionic_headers'
Rewrite the genrule to avoid referring to the same header twice by
using the NOTICE file as a known location in the bionic/libc directory.
Bug: 190084016
Bug: 218405924
Test: libc_musl_sysroot.zip has same contents
Change-Id: Id1a0484a3ed623bcc03b015d02eef19bbb31c06a
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
this can be used to run CTS w/ maximum MTE coverage on normal builds.
Change-Id: I527b8549f30fd4bd9511d94ca142ea08b72d1a78
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* changes:
Disable fortify tests for musl
Export kernel uapi, execinfo and b64 headers to musl sysroot
Export bionic's resolv base64 functions to musl
Export bionic's execinfo functions to musl
Enable mallinfo tests for musl
Fix bionic benchmarks and header tests for musl
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The musl sysroot needs kernel uapi headers, export them as a zip
file. Also include the execinfo and b64 headers for libexecinfo
and libb64 that are embedded in musl libc.
Bug: 190084016
Test: m USE_HOST_MUSL=true libc_musl_sysroot
Change-Id: Ie862934f6dabd3fc6cbb9f5be01e21549bce51c2
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Musl doesn't provide the resolv b64_* functions, but adb uses them.
Export them from bionic.
Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I37837e6179a15754d4cbd89e67649df9dea9d9f1
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Musl doesn't provide the execinfo function. Export the from bionic.
Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I0361b84b0160d419cd857f5bb1314a58d0a69234
|
