| blob | c378da16c025f82523214984b04059a6ae9cc753 |
1 /* Load a shared object at runtime, relocate it, and run its initializer.
2 Copyright (C) 1996-2024 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
19 #include <assert.h>
20 #include <dlfcn.h>
21 #include <errno.h>
22 #include <libintl.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
28 #include <sys/param.h>
29 #include <libc-lock.h>
30 #include <ldsodefs.h>
31 #include <sysdep-cancel.h>
32 #include <tls.h>
33 #include <stap-probe.h>
34 #include <atomic.h>
35 #include <libc-internal.h>
36 #include <array_length.h>
37 #include <libc-early-init.h>
38 #include <gnu/lib-names.h>
39 #include <dl-find_object.h>
41 #include <dl-dst.h>
42 #include <dl-prop.h>
45 /* We must be careful not to leave us in an inconsistent state. Thus we
46 catch any error and re-raise it after cleaning up. */
48 struct dl_open_args
49 {
52 /* This is the caller of the dlopen() function. */
55 /* Namespace ID. */
56 Lmid_t nsid;
58 /* Original value of _ns_global_scope_pending_adds. Set by
59 dl_open_worker. Only valid if nsid is a real namespace
60 (non-negative). */
63 /* Set to true by dl_open_worker if libc.so was already loaded into
64 the namespace at the time dl_open_worker was called. This is
65 used to determine whether libc.so early initialization has
66 already been done before, and whether to roll back the cached
67 libc_map value in the namespace in case of a dlopen failure. */
70 /* Set to true if the end of dl_open_worker_begin was reached. */
73 /* Original parameters to the program and the current environment. */
77 };
79 /* Called in case the global scope cannot be extended. */
82 {
85 }
87 /* Grow the global scope array for the namespace, so that all the new
88 global objects can be added later in add_to_global_update, without
89 risk of memory allocation failure. add_to_global_resize raises
90 exceptions for memory allocation errors. */
91 static void
93 {
96 /* Count the objects we have to put in the global scope. */
102 /* The symbols of the new objects and its dependencies are to be
103 introduced into the global scope that will be used to resolve
104 references from other dynamically-loaded objects.
106 The global scope is the searchlist in the main link map. We
107 extend this list if necessary. There is one problem though:
108 since this structure was allocated very early (before the libc
109 is loaded) the memory it uses is allocated by the malloc()-stub
110 in the ld.so. When we come here these functions are not used
111 anymore. Instead the malloc() implementation of the libc is
112 used. But this means the block from the main map cannot be used
113 in an realloc() call. Therefore we allocate a completely new
114 array the first time we have to add something to the locale scope. */
123 /* Minimum required element count for resizing. Adjusted below for
124 an exponential resizing policy. */
132 {
135 }
137 {
141 /* The old array was allocated with our malloc, not the minimal
142 malloc. */
144 }
147 {
156 /* Copy over the old entries. */
167 }
168 }
170 /* Actually add the new global objects to the global scope. Must be
171 called after add_to_global_resize. This function cannot fail. */
172 static void
174 {
177 /* Now add the new entries. */
180 {
184 {
187 /* The array has been resized by add_to_global_resize. */
192 /* We modify the global scope. Report this. */
196 }
197 }
199 /* Some of the pending adds have been performed by the loop above.
200 Adjust the counter accordingly. */
207 }
209 /* Search link maps in all namespaces for the DSO that contains the object at
210 address ADDR. Returns the pointer to the link map of the matching DSO, or
211 NULL if a match is not found. */
214 {
217 /* Find the highest-addressed object that ADDR is not below. */
223 {
226 }
228 }
231 /* Return true if NEW is found in the scope for MAP. */
232 static size_t
234 {
240 }
242 /* Return the length of the scope for MAP. */
243 static size_t
245 {
250 }
252 /* Resize the scopes of depended-upon objects, so that the new object
253 can be added later without further allocation of memory. This
254 function can raise an exceptions due to malloc failure. */
255 static void
257 {
258 /* If the file is not loaded now as a dependency, add the search
259 list of the newly loaded object to the scope. */
261 {
264 /* If the initializer has been called already, the object has
265 not been loaded here and now. */
267 {
269 /* Avoid duplicates. */
274 {
275 /* The l_scope array is too small. Allocate a new one
276 dynamically. */
282 {
283 /* If the current l_scope memory is not pointing to
284 the static memory in the structure, but the
285 static memory in the structure is large enough to
286 use for cnt + 1 scope entries, then switch to
287 using the static memory. */
290 }
291 else
292 {
299 }
301 /* Copy the array and the terminating NULL. */
312 }
313 }
314 }
315 }
317 /* Second stage of resize_scopes: Add NEW to the scopes. Also print
318 debugging information about scopes if requested.
320 This function cannot raise an exception because all required memory
321 has been allocated by a previous call to resize_scopes. */
322 static void
324 {
326 {
331 {
333 /* Avoid duplicates. */
337 /* Assert that resize_scopes has sufficiently enlarged the
338 array. */
341 /* First terminate the extended list. Otherwise a thread
342 might use the new last element and then use the garbage
343 at offset IDX+1. */
349 }
351 /* Print scope information. */
354 }
355 }
357 /* Call _dl_add_to_slotinfo with DO_ADD set to false, to allocate
358 space in GL (dl_tls_dtv_slotinfo_list). This can raise an
359 exception. The return value is true if any of the new objects use
360 TLS. */
361 static bool
363 {
366 {
369 /* Only add TLS memory if this object is loaded now and
370 therefore is not yet initialized. */
372 {
375 }
376 }
378 }
380 /* Second stage of TLS update, after resize_tls_slotinfo. This
381 function does not raise any exception. It should only be called if
382 resize_tls_slotinfo returned true. */
383 static void
385 {
388 {
391 /* Only add TLS memory if this object is loaded now and
392 therefore is not yet initialized. */
394 {
400 }
401 }
407 /* Can be read concurrently. */
410 /* We need a second pass for static tls data, because
411 _dl_update_slotinfo must not be run while calls to
412 _dl_add_to_slotinfo are still pending. */
414 {
420 {
421 /* For static TLS we have to allocate the memory here and
422 now, but we can delay updating the DTV. */
424 #ifdef SHARED
425 /* Update the slot information data for the current
426 generation. */
428 /* FIXME: This can terminate the process on memory
429 allocation failure. It is not possible to raise
430 exceptions from this context; to fix this bug,
431 _dl_update_slotinfo would have to be split into two
432 operations, similar to resize_scopes and update_scopes
433 above. This is related to bug 16134. */
435 #endif
439 }
440 }
441 }
443 /* Mark the objects as NODELETE if required. This is delayed until
444 after dlopen failure is not possible, so that _dl_close can clean
445 up objects if necessary. */
446 static void
448 {
449 /* It is necessary to traverse the entire namespace. References to
450 objects in the global scope and unique symbol bindings can force
451 NODELETE status for objects outside the local scope. */
455 {
460 /* The flag can already be true at this point, e.g. a signal
461 handler may have triggered lazy binding and set NODELETE
462 status immediately. */
465 /* This is just a debugging aid, to indicate that
466 activate_nodelete has run for this map. */
468 }
469 }
471 /* Relocate the object L. *RELOCATION_IN_PROGRESS controls whether
472 the debugger is notified of the start of relocation processing. */
473 static void
477 {
482 {
483 /* Notify the debugger that relocations are about to happen. */
486 }
488 #ifdef SHARED
490 {
491 /* If this here is the shared object which we want to profile
492 make sure the profile is started. We can find out whether
493 this is necessary or not by observing the `_dl_profile_map'
494 variable. If it was NULL but is not NULL afterwards we must
495 start the profiling. */
501 {
502 /* We must prepare the profiling. */
505 /* Prevent unloading the object. */
507 }
508 }
509 else
510 #endif
512 }
515 /* struct dl_init_args and call_dl_init are used to call _dl_init with
516 exception handling disabled. */
517 struct dl_init_args
518 {
523 };
525 static void
527 {
530 }
532 static void
534 {
540 /* Determine the caller's map if necessary. This is needed in case
541 we have a DST, when we don't know the namespace ID we have to put
542 the new object in, or when the file name has no path in which
543 case we need to look along the RUNPATH/RPATH of the caller. */
547 {
550 /* We have to find out from which object the caller is calling.
551 By default we assume this is the main application. */
561 }
563 /* The namespace ID is now known. Keep track of whether libc.so was
564 already loaded, to determine whether it is necessary to call the
565 early initialization routine (or clear libc_map on error). */
568 /* Retain the old value, so that it can be restored. */
569 args->original_global_scope_pending_adds
572 /* One might be tempted to assert that we are RT_CONSISTENT at this point, but that
573 may not be true if this is a recursive call to dlopen. */
576 /* Load the named object. */
581 /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
582 set and the object is not already loaded. */
584 {
587 }
590 /* This happens only if we load a DSO for 'sprof'. */
593 /* This object is directly loaded. */
596 /* It was already open. */
598 {
599 /* Let the user know about the opencount. */
604 /* If the user requested the object to be in the global
605 namespace but it is not so far, prepare to add it now. This
606 can raise an exception to do a malloc failure. */
610 /* Mark the object as not deletable if the RTLD_NODELETE flags
611 was passed. */
613 {
619 }
621 /* Finalize the addition to the global scope. */
630 }
632 /* Schedule NODELETE marking for the directly loaded object if
633 requested. */
637 /* Load that object's dependencies. */
641 /* So far, so good. Now check the versions. */
644 {
647 #ifndef SHARED
648 /* During static dlopen, check if ld.so has been loaded.
649 Perform partial initialization in this case. This must
650 come after the symbol versioning initialization in
651 _dl_check_map_versions. */
656 #endif
657 }
659 #ifdef SHARED
660 /* Auditing checkpoint: we have added all objects. */
662 #endif
664 /* Notify the debugger all new objects are now ready to go. */
672 /* Print scope information. */
676 /* Only do lazy relocation if `LD_BIND_NOW' is not set. */
681 /* Objects must be sorted by dependency for the relocation process.
682 This allows IFUNC relocations to work and it also means copy
683 relocation of dependencies are if necessary overwritten.
684 __dl_map_object_deps has already sorted l_initfini for us. */
689 do
690 {
692 {
696 }
698 }
703 /* Perform relocation. This can trigger lazy binding in IFUNC
704 resolvers. For NODELETE mappings, these dependencies are not
705 recorded because the flag has not been applied to the newly
706 loaded objects. This means that upon dlopen failure, these
707 NODELETE objects can be unloaded despite existing references to
708 them. However, such relocation dependencies in IFUNC resolvers
709 are undefined anyway, so this is not a problem. */
711 /* Ensure that libc is relocated first. This helps with the
712 execution of IFUNC resolvers in libc, and matters only to newly
713 created dlmopen namespaces. Do not do this for static dlopen
714 because libc has relocations against ld.so, which may not have
715 been relocated at this point. */
716 #ifdef SHARED
720 #endif
726 /* This only performs the memory allocations. The actual update of
727 the scopes happens below, after failure is impossible. */
730 /* Increase the size of the GL (dl_tls_dtv_slotinfo_list) data
731 structure. */
734 /* Perform the necessary allocations for adding new global objects
735 to the global scope below. */
739 /* Demarcation point: After this, no recoverable errors are allowed.
740 All memory allocations for new objects must have happened
741 before. */
743 /* Finalize the NODELETE status first. This comes before
744 update_scopes, so that lazy binding will not see pending NODELETE
745 state for newly loaded objects. There is a compiler barrier in
746 update_scopes which ensures that the changes from
747 activate_nodelete are visible before new objects show up in the
748 local scope. */
751 /* Second stage after resize_scopes: Actually perform the scope
752 update. After this, dlsym and lazy binding can bind to new
753 objects. */
760 /* FIXME: It is unclear whether the order here is correct.
761 Shouldn't new objects be made available for binding (and thus
762 execution) only after there TLS data has been set up fully?
763 Fixing bug 16134 will likely make this distinction less
764 important. */
766 /* Second stage after resize_tls_slotinfo: Update the slotinfo data
767 structures. */
769 /* FIXME: This calls _dl_update_slotinfo, which aborts the process
770 on memory allocation failure. See bug 16134. */
773 /* Notify the debugger all new objects have been relocated. */
777 /* If libc.so was not there before, attempt to call its early
778 initialization routine. Indicate to the initialization routine
779 whether the libc being initialized is the one in the base
780 namespace. */
782 {
783 /* dlopen cannot be used to load an initial libc by design. */
786 }
789 }
791 static void
793 {
798 {
799 /* Protects global and module specific TLS state. */
808 /* Reraise the error. */
810 }
818 /* Run the initializer functions of new objects. Temporarily
819 disable the exception handler, so that lazy binding failures are
820 fatal. */
821 {
823 {
828 };
830 }
832 /* Now we can make the new map available in the global scope. */
836 /* Let the user know about the opencount. */
840 }
845 {
847 /* One of the flags must be set. */
850 /* Make sure we are alone. */
854 {
855 /* Find a new namespace. */
861 {
862 /* No more namespace available. */
867 }
869 {
872 }
876 }
877 /* Never allow loading a DSO in a namespace which is empty. Such
878 direct placements is only causing problems. Also don't allow
879 loading into a namespace used for auditing. */
882 /* This prevents the [NSID] index expressions from being
883 evaluated, so the compiler won't think that we are
884 accessing an invalid index here in the !SHARED case where
885 DL_NNS is 1 and so any NSID != 0 is invalid. */
898 /* args.libc_already_loaded is always assigned by dl_open_worker
899 (before any explicit/non-local returns). */
907 #if defined USE_LDCONFIG && !defined MAP_COPY
908 /* We must unmap the cache file. */
910 #endif
912 /* Do this for both the error and success cases. The old value has
913 only been determined if the namespace ID was assigned (i.e., it
914 is not __LM_ID_CALLER). In the success case, we actually may
915 have consumed more pending adds than planned (because the local
916 scopes overlap in case of a recursive dlopen, the inner dlopen
917 doing some of the globalization work of the outer dlopen), so the
918 old pending adds value is larger than absolutely necessary.
919 Since it is just a conservative upper bound, this is harmless.
920 The top-level dlopen call will restore the field to zero. */
925 /* See if an error occurred during loading. */
927 {
928 /* Avoid keeping around a dangling reference to the libc.so link
929 map in case it has been cached in libc_map. */
933 /* Remove the object from memory. It may be in an inconsistent
934 state if relocation failed, for example. */
936 {
939 /* All l_nodelete_pending objects should have been deleted
940 at this point, which is why it is not necessary to reset
941 the flag here. */
942 }
944 /* Release the lock. */
947 /* Reraise the error. */
949 }
955 /* Release the lock. */
959 }
962 void
964 {
969 {
976 else
980 }
981 else
984 }