Merge "sysconf()/getpagesize() documentation." into main
diff --git a/android-changes-for-ndk-developers.md b/android-changes-for-ndk-developers.md
index 6ac79cf..ad8462a 100644
--- a/android-changes-for-ndk-developers.md
+++ b/android-changes-for-ndk-developers.md
@@ -478,6 +478,16 @@
 OS private use constants for RELR, nor for ELF files using packed
 relocations.
 
+Prior to API level 35, there was a bug that caused RELR relocations to
+be applied after packed relocations. This meant that ifunc resolvers
+referenced by `R_*_IRELATIVE` relocations in the packed relocation
+section would have been able to read globals with RELR relocations
+before they were relocated. The version of `lld` in the NDK has never
+produced binaries affected by this bug, but third-party toolchains
+should make sure not to store `R_*_IRELATIVE` relocations in packed
+relocation sections in order to maintain compatibility with API levels
+below 35.
+
 You can read more about relative relocations
 and their long and complicated history at
 https://maskray.me/blog/2021-10-31-relative-relocations-and-relr.
diff --git a/docs/status.md b/docs/status.md
index a9afe55..2919471 100644
--- a/docs/status.md
+++ b/docs/status.md
@@ -56,7 +56,11 @@
 Current libc symbols: https://android.googlesource.com/platform/bionic/+/main/libc/libc.map.txt
 
 New libc functions in V (API level 35):
-  * `tcgetwinsize`, `tcsetwinsize` (POSIX Issue 8 additions).
+  * New `android_crash_detail_register`, `android_crash_detail_unregister`,
+    `android_crash_detail_replace_name`, and `android_crash_detail_replace_data`
+    functionality for adding arbitrary data to tombstones
+    (see `<android/crash_detail.h>` for full documentation).
+  * `tcgetwinsize`, `tcsetwinsize`, `_Fork` (POSIX Issue 8 additions).
   * `timespec_getres` (C23 addition).
   * `localtime_rz`, `mktime_z`, `tzalloc`, and `tzfree` (NetBSD
     extensions implemented in tzcode, and the "least non-standard"
@@ -321,17 +325,25 @@
 ## Target API level behavioral differences
 
 Most bionic bug fixes and improvements have been made without checks for
-the app's `targetSdkVersion`. As of O there were exactly two exceptions,
-but there are likely to be more in future because of Project Treble.
+the app's `targetSdkVersion`. There are a handful of exceptions. (If in
+doubt, search the source for `android_get_application_target_sdk_version()`.)
 
-### Invalid `pthread_t` handling (targetSdkVersion >= O)
+### Destroyed mutex checking (targetSdkVersion >= 28)
+
+If a destroyed `pthread_mutex_t` is passed to any of the mutex functions, apps
+targeting API level 28 or higher will see a
+"<function> called on a destroyed mutex" fortify failure. Apps targeting older
+API levels will just have the function fail with EBUSY (matching the likely
+behavior before we added the check).
+
+### Invalid `pthread_t` handling (targetSdkVersion >= 26)
 
 As part of a long-term goal to remove the global thread list,
 and in an attempt to flush out racy code, we changed how an invalid
 `pthread_t` is handled. For `pthread_detach`, `pthread_getcpuclockid`,
 `pthread_getschedparam`/`pthread_setschedparam`, `pthread_join`, and
 `pthread_kill`, instead of returning ESRCH when passed an invalid
-`pthread_t`, if you're targeting O or above, they'll abort with the
+`pthread_t`, if you're targeting API level 26 or above, they'll abort with the
 message "attempt to use invalid pthread\_t".
 
 Note that this doesn't change behavior as much as you might think: the
@@ -369,13 +381,13 @@
     the tid may have been reused, but your code is inherently unsafe without
     a redesign anyway.
 
-### Interruptable `sem_wait` (targetSdkVersion >= N)
+### Interruptable `sem_wait` (targetSdkVersion >= 24)
 
 POSIX says that `sem_wait` can be interrupted by delivery of a
 signal. This wasn't historically true in Android, and when we fixed this
 bug we found that existing code relied on the old behavior. To preserve
 compatibility, `sem_wait` can only return EINTR on Android if the app
-targets N or later.
+targets API level 24 or later.
 
 
 ## FORTIFY
diff --git a/libc/include/dlfcn.h b/libc/include/dlfcn.h
index a506dc1..a90c4f8 100644
--- a/libc/include/dlfcn.h
+++ b/libc/include/dlfcn.h
@@ -99,7 +99,8 @@
 /**
  * [dlsym(3)](http://man7.org/linux/man-pages/man3/dlsym.3.html)
  * returns a pointer to the symbol with the given name in the shared
- * library represented by the given handle.
+ * library represented by the given handle. The handle may have been
+ * returned from dlopen(), or can be RTLD_DEFAULT or RTLD_NEXT.
  *
  * Returns the address of the symbol on success, and returns NULL on failure,
  * in which case dlerror() can be used to retrieve the specific error.
@@ -109,7 +110,8 @@
 /**
  * [dlvsym(3)](http://man7.org/linux/man-pages/man3/dlvsym.3.html)
  * returns a pointer to the symbol with the given name and version in the shared
- * library represented by the given handle.
+ * library represented by the given handle. The handle may have been
+ * returned from dlopen(), or can be RTLD_DEFAULT or RTLD_NEXT.
  *
  * Returns the address of the symbol on success, and returns NULL on failure,
  * in which case dlerror() can be used to retrieve the specific error.
diff --git a/libc/include/elf.h b/libc/include/elf.h
index bb3c61a..1275f2e 100644
--- a/libc/include/elf.h
+++ b/libc/include/elf.h
@@ -254,7 +254,7 @@
 #define DT_ANDROID_RELA 0x60000011 // DT_LOOS + 4
 #define DT_ANDROID_RELASZ 0x60000012 // DT_LOOS + 5
 
-/* TODO: upstream these to FreeBSD? */
+/* TODO: upstreamed to FreeBSD as https://github.com/freebsd/freebsd-src/pull/1141/. */
 #define DT_AARCH64_MEMTAG_MODE 0x70000009
 #define DT_AARCH64_MEMTAG_HEAP 0x7000000b
 #define DT_AARCH64_MEMTAG_STACK 0x7000000c
@@ -270,8 +270,10 @@
 #define R_ARM_TLS_DESC 13
 #define R_ARM_IRELATIVE 160
 
-/* https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#relocations */
-/* TODO: upstream these to FreeBSD? */
+/* FreeBSD is missing these, found in
+ * https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#relocations
+ * so I've sent https://github.com/freebsd/freebsd-src/pull/1141 upstream.
+ */
 #define R_RISCV_TLSDESC 12
 #define R_RISCV_PLT32 59
 #define R_RISCV_SET_ULEB128 60
@@ -281,5 +283,11 @@
 #define R_RISCV_TLSDESC_ADD_LO12 64
 #define R_RISCV_TLSDESC_CALL 65
 
-/* BSD spells this slightly differently to Linux. */
+/* FreeBSD spells this slightly differently to Linux. Linux is correct according to
+ * https://github.com/riscv-non-isa/riscv-elf-psabi-doc/blob/master/riscv-elf.adoc#file-header
+ * so I've sent https://github.com/freebsd/freebsd-src/pull/1148 upstream.
+ */
+#define EF_RISCV_FLOAT_ABI EF_RISCV_FLOAT_ABI_MASK
+
+/* FreeBSD spells this slightly differently to Linux. */
 #define R_X86_64_JUMP_SLOT R_X86_64_JMP_SLOT
diff --git a/linker/linker_relocate.cpp b/linker/linker_relocate.cpp
index 080570d..40299e9 100644
--- a/linker/linker_relocate.cpp
+++ b/linker/linker_relocate.cpp
@@ -609,6 +609,13 @@
   relocator.tlsdesc_args = &tlsdesc_args_;
   relocator.tls_tp_base = __libc_shared_globals()->static_tls_layout.offset_thread_pointer();
 
+  if (relr_ != nullptr) {
+    DEBUG("[ relocating %s relr ]", get_realpath());
+    if (!relocate_relr()) {
+      return false;
+    }
+  }
+
   if (android_relocs_ != nullptr) {
     // check signature
     if (android_relocs_size_ > 3 &&
@@ -630,13 +637,6 @@
     }
   }
 
-  if (relr_ != nullptr) {
-    DEBUG("[ relocating %s relr ]", get_realpath());
-    if (!relocate_relr()) {
-      return false;
-    }
-  }
-
 #if defined(USE_RELA)
   if (rela_ != nullptr) {
     DEBUG("[ relocating %s rela ]", get_realpath());