Merge "Update to v5.9 kernel headers."
diff --git a/apex/Android.bp b/apex/Android.bp
index c6c4cbf..5bf078a 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -80,9 +80,8 @@
     },
 }
 
-prebuilt_etc {
+linker_config {
     name: "bionic-linker-config",
-    src: "linker.config.txt",
-    filename: "linker.config.txt",
+    src: "linker.config.json",
     installable: false,
 }
diff --git a/apex/linker.config.json b/apex/linker.config.json
new file mode 100644
index 0000000..67c076e
--- /dev/null
+++ b/apex/linker.config.json
@@ -0,0 +1,3 @@
+{
+    "visible": true
+}
diff --git a/apex/linker.config.txt b/apex/linker.config.txt
deleted file mode 100644
index 7bac3d6..0000000
--- a/apex/linker.config.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-# Extra linker configurations for bionic APEX
-# See https://android.googlesource.com/platform/system/linkerconfig/+/master/README.md#apex_etc_linker_config_txt
-
-[properties]
-# Set bionic APEX as force visible so bionic APEX namespace is accessible via android_get_exported_namespace
-visible = true
diff --git a/benchmarks/README.md b/benchmarks/README.md
index fe447d1..1fd17a1 100644
--- a/benchmarks/README.md
+++ b/benchmarks/README.md
@@ -184,5 +184,5 @@
 Some devices have a `perf-setup.sh` script that locks CPU and GPU frequencies. Some TradeFed
 benchmarks appear to be using the script. For more information:
  * run `get_build_var BOARD_PERFSETUP_SCRIPT`
- * run `m perf-setup.sh` to install the script into `${OUT}/data/local/tmp/perf-setup.sh`
+ * run `m perf-setup` to install the script into `${OUT}/data/local/tmp/perf-setup.sh`
  * see: https://android.googlesource.com/platform/platform_testing/+/refs/heads/master/scripts/perf-setup/
diff --git a/benchmarks/spawn/Android.bp b/benchmarks/spawn/Android.bp
index 2276d2e..689e7c9 100644
--- a/benchmarks/spawn/Android.bp
+++ b/benchmarks/spawn/Android.bp
@@ -68,6 +68,7 @@
 
     // Install these binaries in the same directory as the main benchmark binary.
     data: [
+        ":bench_cxa_atexit",
         ":bench_noop",
         ":bench_noop_nostl",
         ":bench_noop_static",
@@ -75,7 +76,7 @@
 }
 
 cc_defaults {
-    name: "noop_binary_defaults",
+    name: "bionic_spawn_benchmark_binary",
     defaults: ["bionic_spawn_benchmark_targets"],
 
     compile_multilib: "both",
@@ -87,16 +88,11 @@
             suffix: "64",
         },
     },
-}
-
-cc_binary {
-    defaults: ["noop_binary_defaults"],
-    name: "bench_noop",
-    srcs: ["noop.cpp"],
 
     // When this binary is installed to host/linux-x86/bin, its runpath is ${ORIGIN}/../lib64, which
     // is fine for finding host/linux-x86/lib64/libc++.so. When it's installed to
-    // host/linux-x86/benchmarktest64/bionic-spawn-benchmarks, the runpath needs an extra "..".
+    // host/linux-x86/benchmarktest64/bionic-spawn-benchmarks, the runpath needs an extra "..". This
+    // argument has no effect when a static executable is produced.
     target: {
         linux_glibc_x86_64: {
             ldflags: [
@@ -107,14 +103,26 @@
 }
 
 cc_binary {
-    defaults: ["noop_binary_defaults"],
+    defaults: ["bionic_spawn_benchmark_binary"],
+    name: "bench_cxa_atexit",
+    srcs: ["bench_cxa_atexit.cpp"],
+}
+
+cc_binary {
+    defaults: ["bionic_spawn_benchmark_binary"],
+    name: "bench_noop",
+    srcs: ["noop.cpp"],
+}
+
+cc_binary {
+    defaults: ["bionic_spawn_benchmark_binary"],
     name: "bench_noop_nostl",
     srcs: ["noop.cpp"],
     stl: "none",
 }
 
 cc_binary {
-    defaults: ["noop_binary_defaults"],
+    defaults: ["bionic_spawn_benchmark_binary"],
     name: "bench_noop_static",
     srcs: ["noop.cpp"],
     static_executable: true,
diff --git a/benchmarks/spawn/bench_cxa_atexit.cpp b/benchmarks/spawn/bench_cxa_atexit.cpp
new file mode 100644
index 0000000..95849f4
--- /dev/null
+++ b/benchmarks/spawn/bench_cxa_atexit.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string>
+
+extern "C" int __cxa_atexit(void (*func)(void*), void* arg, void* dso);
+
+extern void* __dso_handle;
+
+static void dtor_func(void*) {}
+
+// Prevent the compiler from optimizing out the __cxa_atexit call.
+void (*volatile g_pdtor_func)(void*) = dtor_func;
+
+int main(int argc, char* argv[]) {
+  auto usage = [&argv]() {
+    fprintf(stderr, "usage: %s COUNT MODE\n", argv[0]);
+    fprintf(stderr, "MODE is one of '_Exit' or 'exit'.\n");
+    exit(1);
+  };
+
+  if (argc != 3) usage();
+
+  int count = atoi(argv[1]);
+
+  // Two modes: "_Exit" ==> exit early w/o calling dtors, "exit" ==> call dtors on exit.
+  std::string mode = argv[2];
+  if (mode != "_Exit" && mode != "exit") usage();
+
+  for (int i = 0; i < count; ++i) {
+    __cxa_atexit(g_pdtor_func, nullptr, &__dso_handle);
+  }
+
+  if (mode == "_Exit") {
+    _Exit(0);
+  } else {
+    exit(0);
+  }
+}
diff --git a/benchmarks/spawn/spawn_benchmarks.cpp b/benchmarks/spawn/spawn_benchmarks.cpp
index 931a8be..18dacf9 100644
--- a/benchmarks/spawn/spawn_benchmarks.cpp
+++ b/benchmarks/spawn/spawn_benchmarks.cpp
@@ -31,6 +31,8 @@
 SPAWN_BENCHMARK(noop, test_program("bench_noop").c_str());
 SPAWN_BENCHMARK(noop_nostl, test_program("bench_noop_nostl").c_str());
 SPAWN_BENCHMARK(noop_static, test_program("bench_noop_static").c_str());
+SPAWN_BENCHMARK(bench_cxa_atexit, test_program("bench_cxa_atexit").c_str(), "100000", "_Exit");
+SPAWN_BENCHMARK(bench_cxa_atexit_full, test_program("bench_cxa_atexit").c_str(), "100000", "exit");
 
 // Android has a /bin -> /system/bin symlink, but use /system/bin explicitly so we can more easily
 // compare Bionic-vs-glibc on a Linux desktop machine.
diff --git a/libc/bionic/atexit.cpp b/libc/bionic/atexit.cpp
index df306af..5dbf322 100644
--- a/libc/bionic/atexit.cpp
+++ b/libc/bionic/atexit.cpp
@@ -73,50 +73,42 @@
   // restart concurrent __cxa_finalize passes.
   uint64_t total_appends_;
 
-  static size_t round_up_to_page_bytes(size_t capacity) {
-    return PAGE_END(capacity * sizeof(AtexitEntry));
-  }
-
-  static size_t next_capacity(size_t capacity) {
-    // Double the capacity each time.
-    size_t result = round_up_to_page_bytes(MAX(1, capacity * 2)) / sizeof(AtexitEntry);
-    CHECK(result > capacity);
-    return result;
-  }
+  static size_t page_start_of_index(size_t idx) { return PAGE_START(idx * sizeof(AtexitEntry)); }
+  static size_t page_end_of_index(size_t idx) { return PAGE_END(idx * sizeof(AtexitEntry)); }
 
   // Recompact the array if it will save at least one page of memory at the end.
-  bool needs_recompaction() {
-    return round_up_to_page_bytes(size_ - extracted_count_) < round_up_to_page_bytes(size_);
+  bool needs_recompaction() const {
+    return page_end_of_index(size_ - extracted_count_) < page_end_of_index(size_);
   }
 
-  void set_writable(bool writable);
+  void set_writable(bool writable, size_t start_idx, size_t num_entries);
+  static bool next_capacity(size_t capacity, size_t* result);
   bool expand_capacity();
 };
 
 }  // anonymous namespace
 
 bool AtexitArray::append_entry(const AtexitEntry& entry) {
-  bool result = false;
+  if (size_ >= capacity_ && !expand_capacity()) return false;
 
-  set_writable(true);
-  if (size_ < capacity_ || expand_capacity()) {
-    array_[size_++] = entry;
-    ++total_appends_;
-    result = true;
-  }
-  set_writable(false);
+  size_t idx = size_++;
 
-  return result;
+  set_writable(true, idx, 1);
+  array_[idx] = entry;
+  ++total_appends_;
+  set_writable(false, idx, 1);
+
+  return true;
 }
 
 // Extract an entry and return it.
 AtexitEntry AtexitArray::extract_entry(size_t idx) {
   AtexitEntry result = array_[idx];
 
-  set_writable(true);
+  set_writable(true, idx, 1);
   array_[idx] = {};
   ++extracted_count_;
-  set_writable(false);
+  set_writable(false, idx, 1);
 
   return result;
 }
@@ -124,7 +116,7 @@
 void AtexitArray::recompact() {
   if (!needs_recompaction()) return;
 
-  set_writable(true);
+  set_writable(true, 0, size_);
 
   // Optimization: quickly skip over the initial non-null entries.
   size_t src = 0, dst = 0;
@@ -143,51 +135,79 @@
   }
 
   // If the table uses fewer pages, clean the pages at the end.
-  size_t old_bytes = round_up_to_page_bytes(size_);
-  size_t new_bytes = round_up_to_page_bytes(dst);
+  size_t old_bytes = page_end_of_index(size_);
+  size_t new_bytes = page_end_of_index(dst);
   if (new_bytes < old_bytes) {
     madvise(reinterpret_cast<char*>(array_) + new_bytes, old_bytes - new_bytes, MADV_DONTNEED);
   }
 
+  set_writable(false, 0, size_);
+
   size_ = dst;
   extracted_count_ = 0;
-
-  set_writable(false);
 }
 
 // Use mprotect to make the array writable or read-only. Returns true on success. Making the array
 // read-only could protect against either unintentional or malicious corruption of the array.
-void AtexitArray::set_writable(bool writable) {
+void AtexitArray::set_writable(bool writable, size_t start_idx, size_t num_entries) {
   if (array_ == nullptr) return;
+
+  const size_t start_byte = page_start_of_index(start_idx);
+  const size_t stop_byte = page_end_of_index(start_idx + num_entries);
+  const size_t byte_len = stop_byte - start_byte;
+
   const int prot = PROT_READ | (writable ? PROT_WRITE : 0);
-  if (mprotect(array_, round_up_to_page_bytes(capacity_), prot) != 0) {
+  if (mprotect(reinterpret_cast<char*>(array_) + start_byte, byte_len, prot) != 0) {
     async_safe_fatal("mprotect failed on atexit array: %s", strerror(errno));
   }
 }
 
-bool AtexitArray::expand_capacity() {
-  const size_t new_capacity = next_capacity(capacity_);
-  const size_t new_capacity_bytes = round_up_to_page_bytes(new_capacity);
+// Approximately double the capacity. Returns true if successful (no overflow). AtexitEntry is
+// smaller than a page, but this function should still be correct even if AtexitEntry were larger
+// than one.
+bool AtexitArray::next_capacity(size_t capacity, size_t* result) {
+  if (capacity == 0) {
+    *result = PAGE_END(sizeof(AtexitEntry)) / sizeof(AtexitEntry);
+    return true;
+  }
+  size_t num_bytes;
+  if (__builtin_mul_overflow(page_end_of_index(capacity), 2, &num_bytes)) {
+    async_safe_format_log(ANDROID_LOG_WARN, "libc", "__cxa_atexit: capacity calculation overflow");
+    return false;
+  }
+  *result = num_bytes / sizeof(AtexitEntry);
+  return true;
+}
 
+bool AtexitArray::expand_capacity() {
+  size_t new_capacity;
+  if (!next_capacity(capacity_, &new_capacity)) return false;
+  const size_t new_capacity_bytes = page_end_of_index(new_capacity);
+
+  set_writable(true, 0, capacity_);
+
+  bool result = false;
   void* new_pages;
   if (array_ == nullptr) {
     new_pages = mmap(nullptr, new_capacity_bytes, PROT_READ | PROT_WRITE,
                      MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
   } else {
-    new_pages =
-        mremap(array_, round_up_to_page_bytes(capacity_), new_capacity_bytes, MREMAP_MAYMOVE);
+    // mremap fails if the source buffer crosses a boundary between two VMAs. When a single array
+    // element is modified, the kernel should split then rejoin the buffer's VMA.
+    new_pages = mremap(array_, page_end_of_index(capacity_), new_capacity_bytes, MREMAP_MAYMOVE);
   }
   if (new_pages == MAP_FAILED) {
     async_safe_format_log(ANDROID_LOG_WARN, "libc",
                           "__cxa_atexit: mmap/mremap failed to allocate %zu bytes: %s",
                           new_capacity_bytes, strerror(errno));
-    return false;
+  } else {
+    result = true;
+    prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, new_pages, new_capacity_bytes, "atexit handlers");
+    array_ = static_cast<AtexitEntry*>(new_pages);
+    capacity_ = new_capacity;
   }
-
-  prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, new_pages, new_capacity_bytes, "atexit handlers");
-  array_ = static_cast<AtexitEntry*>(new_pages);
-  capacity_ = new_capacity;
-  return true;
+  set_writable(false, 0, capacity_);
+  return result;
 }
 
 static AtexitArray g_array;
diff --git a/libc/bionic/icu.cpp b/libc/bionic/icu.cpp
index 72dac9b..c11b9d6 100644
--- a/libc/bionic/icu.cpp
+++ b/libc/bionic/icu.cpp
@@ -36,12 +36,12 @@
 
 #include <async_safe/log.h>
 
-static void* g_libicuuc_handle = nullptr;
+static void* g_libicu_handle = nullptr;
 
 static bool __find_icu() {
-  g_libicuuc_handle = dlopen("libandroidicu.so", RTLD_LOCAL);
-  if (g_libicuuc_handle == nullptr) {
-    async_safe_format_log(ANDROID_LOG_ERROR, "bionic-icu", "couldn't open libandroidicu.so: %s",
+  g_libicu_handle = dlopen("libicu.so", RTLD_LOCAL);
+  if (g_libicu_handle == nullptr) {
+    async_safe_format_log(ANDROID_LOG_ERROR, "bionic-icu", "couldn't open libicu.so: %s",
                           dlerror());
     return false;
   }
@@ -53,14 +53,9 @@
   static bool found_icu = __find_icu();
   if (!found_icu) return nullptr;
 
-  char versioned_symbol_name[strlen(symbol_name) + strlen("_android") + 1];
-  snprintf(versioned_symbol_name, sizeof(versioned_symbol_name), "%s_android",
-           symbol_name);
-
-  void* symbol = dlsym(g_libicuuc_handle, versioned_symbol_name);
+  void* symbol = dlsym(g_libicu_handle, symbol_name);
   if (symbol == nullptr) {
-    async_safe_format_log(ANDROID_LOG_ERROR, "bionic-icu", "couldn't find %s",
-                          versioned_symbol_name);
+    async_safe_format_log(ANDROID_LOG_ERROR, "bionic-icu", "couldn't find %s", symbol_name);
   }
   return symbol;
 }