Google Git
Sign in
fuchsia / third_party / android.googlesource.com / platform / bionic / refs/heads/upstream/android13-frc-resolv-release^1..refs/heads/upstream/android13-frc-resolv-release / .
commit624727914891b9bfc09cecfe129a86de3a00ff8a[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Mon May 09 06:14:24 2022 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Mon May 09 06:14:24 2022 +0000
tree0425e2528abca3f7f9af7b664013837d0dd37320
parent0d8e67d091662fa740d5ae0331b79f90cbaea103 [diff]
parentbbe7c690f1fbe714fe06c2107cb3e4d25bc791f2 [diff]
Snap for 8558685 from bbe7c690f1fbe714fe06c2107cb3e4d25bc791f2 to tm-frc-resolv-release

Change-Id: I215d41e61e9b15310d653ecc4e1a2df009fa6d4b

diff --git a/libc/SECCOMP_ALLOWLIST_COMMON.TXT b/libc/SECCOMP_ALLOWLIST_COMMON.TXT
index 6650d7e..0366fdf 100644
--- a/libc/SECCOMP_ALLOWLIST_COMMON.TXT
+++ b/libc/SECCOMP_ALLOWLIST_COMMON.TXT

@@ -31,6 +31,8 @@
 int open:open(const char*, int, ...)  arm,x86,x86_64
 int stat64:stat64(const char*, struct stat64*)  arm,x86
 ssize_t readlink:readlink(const char*, char*, size_t)  arm,x86,x86_64
+# Needed by ubsan in T? (http://b/229989971)
+int stat(const char*, struct stat*)  arm,x86,x86_64
 
 #
 # Useful new syscalls which we don't yet use in bionic.
@@ -74,3 +76,5 @@
 int sched_rr_get_interval_time64(pid_t, timespec64*) lp32
 # Since Linux 5.4, not in glibc. Probed for and conditionally used by ART.
 int userfaultfd(int) all
+# Since Linux 5.9, used by POSIX_SPAWN_CLOEXEC_DEFAULT
+int close_range(unsigned int, unsigned int, int) all

diff --git a/libc/bionic/spawn.cpp b/libc/bionic/spawn.cpp
index 314a056..59f7631 100644
--- a/libc/bionic/spawn.cpp
+++ b/libc/bionic/spawn.cpp

@@ -30,10 +30,12 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <linux/close_range.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/resource.h>
+#include <sys/syscall.h>
 #include <unistd.h>
 
 #include <android/fdsan.h>
@@ -49,6 +51,9 @@
 
 // mark all open fds except stdin/out/err as close-on-exec
 static int cloexec_except_stdioe() {
+  // requires 5.11+ or ACK 5.10-T kernel, otherwise returns ENOSYS or EINVAL
+  if (!syscall(SYS_close_range, 3, ~0U, CLOSE_RANGE_CLOEXEC)) return 0;
+
   // unfortunately getrlimit can lie:
   // - both soft and hard limits can be lowered to 0, with fds still open, so it can underestimate
   // - in practice it usually is some really large value (like 32K or more)

diff --git a/tests/gwp_asan_test.cpp b/tests/gwp_asan_test.cpp
index b442f51..b2c7780 100644
--- a/tests/gwp_asan_test.cpp
+++ b/tests/gwp_asan_test.cpp

@@ -43,7 +43,7 @@
   std::string filter_arg = "--gtest_filter=";
   filter_arg += test_name;
   std::string exec(testing::internal::GetArgvs()[0]);
-  eh.SetArgs({exec.c_str(), "--gtest_also_run_disabled_tests", filter_arg.c_str()});
+  eh.SetArgs({exec.c_str(), "--gtest_also_run_disabled_tests", filter_arg.c_str(), nullptr});
   eh.Run([&]() { execve(exec.c_str(), eh.GetArgs(), eh.GetEnv()); },
          /* expected_exit_status */ 0,
          // |expected_output_regex|, ensure at least one test ran: