search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x86_64: Fix missing wcsncat function definition without multiarch (x86-64-v4)
[glibc.git] / elf / dl-load.c
bloba34cb3559c766f60a3aa778ce6a53ca0f63d9b2b
1 /* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2024 Free Software Foundation, Inc.
3 Copyright The GNU Toolchain Authors.
4 This file is part of the GNU C Library.
5
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
10
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, see
18 <https://www.gnu.org/licenses/>. */
19
20 #include <elf.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <libintl.h>
24 #include <stdbool.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28 #include <ldsodefs.h>
29 #include <bits/wordsize.h>
30 #include <sys/mman.h>
31 #include <sys/param.h>
32 #include <sys/stat.h>
33 #include <sys/types.h>
34 #include <gnu/lib-names.h>
35
36 /* Type for the buffer we put the ELF header and hopefully the program
37 header. This buffer does not really have to be too large. In most
38 cases the program header follows the ELF header directly. If this
39 is not the case all bets are off and we can make the header
40 arbitrarily large and still won't get it read. This means the only
41 question is how large are the ELF and program header combined. The
42 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
43 bytes long. Each program header entry is again 32 and 56 bytes
44 long respectively. I.e., even with a file which has 10 program
45 header entries we only have to read 372B/624B respectively. Add to
46 this a bit of margin for program notes and reading 512B and 832B
47 for 32-bit and 64-bit files respectively is enough. If this
48 heuristic should really fail for some file the code in
49 `_dl_map_object_from_fd' knows how to recover. */
50 struct filebuf
51 {
52 ssize_t len;
53 #if __WORDSIZE == 32
54 # define FILEBUF_SIZE 512
55 #else
56 # define FILEBUF_SIZE 832
57 #endif
58 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
59 };
60
61 #include "dynamic-link.h"
62 #include "get-dynamic-info.h"
63 #include <abi-tag.h>
64 #include <stackinfo.h>
65 #include <sysdep.h>
66 #include <stap-probe.h>
67 #include <libc-pointer-arith.h>
68 #include <array_length.h>
69
70 #include <dl-dst.h>
71 #include <dl-load.h>
72 #include <dl-map-segments.h>
73 #include <dl-unmap-segments.h>
74 #include <dl-machine-reject-phdr.h>
75 #include <dl-prop.h>
76 #include <not-cancel.h>
77
78 #include <endian.h>
79 #if BYTE_ORDER == BIG_ENDIAN
80 # define byteorder ELFDATA2MSB
81 #elif BYTE_ORDER == LITTLE_ENDIAN
82 # define byteorder ELFDATA2LSB
83 #else
84 # error "Unknown BYTE_ORDER " BYTE_ORDER
85 # define byteorder ELFDATANONE
86 #endif
87
88 #define STRING(x) __STRING (x)
89
90
91 int __stack_prot attribute_hidden attribute_relro
92 #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
93 = PROT_GROWSDOWN;
94 #elif _STACK_GROWS_UP && defined PROT_GROWSUP
95 = PROT_GROWSUP;
96 #else
97 = 0;
98 #endif
99
100
101 /* This is the decomposed LD_LIBRARY_PATH search path. */
102 struct r_search_path_struct __rtld_env_path_list attribute_relro;
103
104 /* List of the hardware capabilities we might end up using. */
105 #ifdef SHARED
106 static const struct r_strlenpair *capstr attribute_relro;
107 static size_t ncapstr attribute_relro;
108 static size_t max_capstrlen attribute_relro;
109 #else
110 enum { ncapstr = 1, max_capstrlen = 0 };
111 #endif
112
113
114 /* Get the generated information about the trusted directories. Use
115 an array of concatenated strings to avoid relocations. See
116 gen-trusted-dirs.awk. */
117 #include "trusted-dirs.h"
118
119 static const char system_dirs[] = SYSTEM_DIRS;
120 static const size_t system_dirs_len[] =
121 {
122 SYSTEM_DIRS_LEN
123 };
124 #define nsystem_dirs_len array_length (system_dirs_len)
125
126 static bool
127 is_trusted_path_normalize (const char *path, size_t len)
128 {
129 if (len == 0)
130 return false;
131
132 char *npath = (char *) alloca (len + 2);
133 char *wnp = npath;
134 while (*path != '\0')
135 {
136 if (path[0] == '/')
137 {
138 if (path[1] == '.')
139 {
140 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
141 {
142 while (wnp > npath && *--wnp != '/')
143 ;
144 path += 3;
145 continue;
146 }
147 else if (path[2] == '/' || path[2] == '\0')
148 {
149 path += 2;
150 continue;
151 }
152 }
153
154 if (wnp > npath && wnp[-1] == '/')
155 {
156 ++path;
157 continue;
158 }
159 }
160
161 *wnp++ = *path++;
162 }
163
164 if (wnp == npath || wnp[-1] != '/')
165 *wnp++ = '/';
166
167 const char *trun = system_dirs;
168
169 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
170 {
171 if (wnp - npath >= system_dirs_len[idx]
172 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
173 /* Found it. */
174 return true;
175
176 trun += system_dirs_len[idx] + 1;
177 }
178
179 return false;
180 }
181
182 /* Given a substring starting at INPUT, just after the DST '$' start
183 token, determine if INPUT contains DST token REF, following the
184 ELF gABI rules for DSTs:
185
186 * Longest possible sequence using the rules (greedy).
187
188 * Must start with a $ (enforced by caller).
189
190 * Must follow $ with one underscore or ASCII [A-Za-z] (caller
191 follows these rules for REF) or '{' (start curly quoted name).
192
193 * Must follow first two characters with zero or more [A-Za-z0-9_]
194 (enforced by caller) or '}' (end curly quoted name).
195
196 If the sequence is a DST matching REF then the length of the DST
197 (excluding the $ sign but including curly braces, if any) is
198 returned, otherwise 0. */
199 static size_t
200 is_dst (const char *input, const char *ref)
201 {
202 bool is_curly = false;
203
204 /* Is a ${...} input sequence? */
205 if (input[0] == '{')
206 {
207 is_curly = true;
208 ++input;
209 }
210
211 /* Check for matching name, following closing curly brace (if
212 required), or trailing characters which are part of an
213 identifier. */
214 size_t rlen = strlen (ref);
215 if (strncmp (input, ref, rlen) != 0
216 || (is_curly && input[rlen] != '}')
217 || ((input[rlen] >= 'A' && input[rlen] <= 'Z')
218 || (input[rlen] >= 'a' && input[rlen] <= 'z')
219 || (input[rlen] >= '0' && input[rlen] <= '9')
220 || (input[rlen] == '_')))
221 return 0;
222
223 if (is_curly)
224 /* Count the two curly braces. */
225 return rlen + 2;
226 else
227 return rlen;
228 }
229
230 /* INPUT should be the start of a path e.g DT_RPATH or name e.g.
231 DT_NEEDED. The return value is the number of known DSTs found. We
232 count all known DSTs regardless of __libc_enable_secure; the caller
233 is responsible for enforcing the security of the substitution rules
234 (usually _dl_dst_substitute). */
235 size_t
236 _dl_dst_count (const char *input)
237 {
238 size_t cnt = 0;
239
240 input = strchr (input, '$');
241
242 /* Most likely there is no DST. */
243 if (__glibc_likely (input == NULL))
244 return 0;
245
246 do
247 {
248 size_t len;
249
250 ++input;
251 /* All DSTs must follow ELF gABI rules, see is_dst (). */
252 if ((len = is_dst (input, "ORIGIN")) != 0
253 || (len = is_dst (input, "PLATFORM")) != 0
254 || (len = is_dst (input, "LIB")) != 0)
255 ++cnt;
256
257 /* There may be more than one DST in the input. */
258 input = strchr (input + len, '$');
259 }
260 while (input != NULL);
261
262 return cnt;
263 }
264
265 /* Process INPUT for DSTs and store in RESULT using the information
266 from link map L to resolve the DSTs. This function only handles one
267 path at a time and does not handle colon-separated path lists (see
268 fillin_rpath ()). Lastly the size of result in bytes should be at
269 least equal to the value returned by DL_DST_REQUIRED. Note that it
270 is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to
271 have colons, but we treat those as literal colons here, not as path
272 list delimiters. */
273 char *
274 _dl_dst_substitute (struct link_map *l, const char *input, char *result)
275 {
276 /* Copy character-by-character from input into the working pointer
277 looking for any DSTs. We track the start of input and if we are
278 going to check for trusted paths, all of which are part of $ORIGIN
279 handling in SUID/SGID cases (see below). In some cases, like when
280 a DST cannot be replaced, we may set result to an empty string and
281 return. */
282 char *wp = result;
283 const char *start = input;
284 bool check_for_trusted = false;
285
286 do
287 {
288 if (__glibc_unlikely (*input == '$'))
289 {
290 const char *repl = NULL;
291 size_t len;
292
293 ++input;
294 if ((len = is_dst (input, "ORIGIN")) != 0)
295 {
296 /* For SUID/GUID programs we normally ignore the path with
297 $ORIGIN in DT_RUNPATH, or DT_RPATH. However, there is
298 one exception to this rule, and it is:
299
300 * $ORIGIN appears as the first path element, and is
301 the only string in the path or is immediately
302 followed by a path separator and the rest of the
303 path,
304
305 and ...
306
307 * The path is rooted in a trusted directory.
308
309 This exception allows such programs to reference
310 shared libraries in subdirectories of trusted
311 directories. The use case is one of general
312 organization and deployment flexibility.
313 Trusted directories are usually such paths as "/lib64"
314 or "/usr/lib64", and the usual RPATHs take the form of
315 [$ORIGIN/../$LIB/somedir]. */
316 if (__glibc_unlikely (__libc_enable_secure)
317 && !(input == start + 1
318 && (input[len] == '\0' || input[len] == '/')))
319 repl = (const char *) -1;
320 else
321 repl = l->l_origin;
322
323 check_for_trusted = (__libc_enable_secure
324 && l->l_type == lt_executable);
325 }
326 else if ((len = is_dst (input, "PLATFORM")) != 0)
327 repl = GLRO(dl_platform);
328 else if ((len = is_dst (input, "LIB")) != 0)
329 repl = DL_DST_LIB;
330
331 if (repl != NULL && repl != (const char *) -1)
332 {
333 wp = __stpcpy (wp, repl);
334 input += len;
335 }
336 else if (len != 0)
337 {
338 /* We found a valid DST that we know about, but we could
339 not find a replacement value for it, therefore we
340 cannot use this path and discard it. */
341 *result = '\0';
342 return result;
343 }
344 else
345 /* No DST we recognize. */
346 *wp++ = '$';
347 }
348 else
349 {
350 *wp++ = *input++;
351 }
352 }
353 while (*input != '\0');
354
355 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
356 path must be rooted in one of the trusted directories. The $LIB
357 and $PLATFORM DST cannot in any way be manipulated by the caller
358 because they are fixed values that are set by the dynamic loader
359 and therefore any paths using just $LIB or $PLATFORM need not be
360 checked for trust, the authors of the binaries themselves are
361 trusted to have designed this correctly. Only $ORIGIN is tested in
362 this way because it may be manipulated in some ways with hard
363 links. */
364 if (__glibc_unlikely (check_for_trusted)
365 && !is_trusted_path_normalize (result, wp - result))
366 {
367 *result = '\0';
368 return result;
369 }
370
371 *wp = '\0';
372
373 return result;
374 }
375
376
377 /* Return a malloc allocated copy of INPUT with all recognized DSTs
378 replaced. On some platforms it might not be possible to determine the
379 path from which the object belonging to the map is loaded. In this
380 case the path containing the DST is left out. On error NULL
381 is returned. */
382 static char *
383 expand_dynamic_string_token (struct link_map *l, const char *input)
384 {
385 /* We make two runs over the string. First we determine how large the
386 resulting string is and then we copy it over. Since this is no
387 frequently executed operation we are looking here not for performance
388 but rather for code size. */
389 size_t cnt;
390 size_t total;
391 char *result;
392
393 /* Determine the number of DSTs. */
394 cnt = _dl_dst_count (input);
395
396 /* If we do not have to replace anything simply copy the string. */
397 if (__glibc_likely (cnt == 0))
398 return __strdup (input);
399
400 /* Determine the length of the substituted string. */
401 total = DL_DST_REQUIRED (l, input, strlen (input), cnt);
402
403 /* Allocate the necessary memory. */
404 result = (char *) malloc (total + 1);
405 if (result == NULL)
406 return NULL;
407
408 return _dl_dst_substitute (l, input, result);
409 }
410
411
412 /* Add `name' to the list of names for a particular shared object.
413 `name' is expected to have been allocated with malloc and will
414 be freed if the shared object already has this name.
415 Returns false if the object already had this name. */
416 static void
417 add_name_to_object (struct link_map *l, const char *name)
418 {
419 struct libname_list *lnp, *lastp;
420 struct libname_list *newname;
421 size_t name_len;
422
423 lastp = NULL;
424 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
425 if (strcmp (name, lnp->name) == 0)
426 return;
427
428 name_len = strlen (name) + 1;
429 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
430 if (newname == NULL)
431 {
432 /* No more memory. */
433 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
434 return;
435 }
436 /* The object should have a libname set from _dl_new_object. */
437 assert (lastp != NULL);
438
439 newname->name = memcpy (newname + 1, name, name_len);
440 newname->next = NULL;
441 newname->dont_free = 0;
442 /* CONCURRENCY NOTES:
443
444 Make sure the initialization of newname happens before its address is
445 read from the lastp->next store below.
446
447 GL(dl_load_lock) is held here (and by other writers, e.g. dlclose), so
448 readers of libname_list->next (e.g. _dl_check_caller or the reads above)
449 can use that for synchronization, however the read in _dl_name_match_p
450 may be executed without holding the lock during _dl_runtime_resolve
451 (i.e. lazy symbol resolution when a function of library l is called).
452
453 The release MO store below synchronizes with the acquire MO load in
454 _dl_name_match_p. Other writes need to synchronize with that load too,
455 however those happen either early when the process is single threaded
456 (dl_main) or when the library is unloaded (dlclose) and the user has to
457 synchronize library calls with unloading. */
458 atomic_store_release (&lastp->next, newname);
459 }
460
461 /* Standard search directories. */
462 struct r_search_path_struct __rtld_search_dirs attribute_relro;
463
464 static size_t max_dirnamelen;
465
466 static struct r_search_path_elem **
467 fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
468 const char *what, const char *where, struct link_map *l)
469 {
470 char *cp;
471 size_t nelems = 0;
472
473 while ((cp = __strsep (&rpath, sep)) != NULL)
474 {
475 struct r_search_path_elem *dirp;
476 char *to_free = NULL;
477 size_t len = 0;
478
479 /* `strsep' can pass an empty string. */
480 if (*cp != '\0')
481 {
482 to_free = cp = expand_dynamic_string_token (l, cp);
483
484 /* expand_dynamic_string_token can return NULL in case of empty
485 path or memory allocation failure. */
486 if (cp == NULL)
487 continue;
488
489 /* Compute the length after dynamic string token expansion and
490 ignore empty paths. */
491 len = strlen (cp);
492 if (len == 0)
493 {
494 free (to_free);
495 continue;
496 }
497
498 /* Remove trailing slashes (except for "/"). */
499 while (len > 1 && cp[len - 1] == '/')
500 --len;
501
502 /* Now add one if there is none so far. */
503 if (len > 0 && cp[len - 1] != '/')
504 cp[len++] = '/';
505 }
506
507 /* See if this directory is already known. */
508 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
509 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
510 break;
511
512 if (dirp != NULL)
513 {
514 /* It is available, see whether it's on our own list. */
515 size_t cnt;
516 for (cnt = 0; cnt < nelems; ++cnt)
517 if (result[cnt] == dirp)
518 break;
519
520 if (cnt == nelems)
521 result[nelems++] = dirp;
522 }
523 else
524 {
525 size_t cnt;
526 enum r_dir_status init_val;
527 size_t where_len = where ? strlen (where) + 1 : 0;
528
529 /* It's a new directory. Create an entry and add it. */
530 dirp = (struct r_search_path_elem *)
531 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
532 + where_len + len + 1);
533 if (dirp == NULL)
534 _dl_signal_error (ENOMEM, NULL, NULL,
535 N_("cannot create cache for search path"));
536
537 dirp->dirname = ((char *) dirp + sizeof (*dirp)
538 + ncapstr * sizeof (enum r_dir_status));
539 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
540 dirp->dirnamelen = len;
541
542 if (len > max_dirnamelen)
543 max_dirnamelen = len;
544
545 /* We have to make sure all the relative directories are
546 never ignored. The current directory might change and
547 all our saved information would be void. */
548 init_val = cp[0] != '/' ? existing : unknown;
549 for (cnt = 0; cnt < ncapstr; ++cnt)
550 dirp->status[cnt] = init_val;
551
552 dirp->what = what;
553 if (__glibc_likely (where != NULL))
554 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
555 + (ncapstr * sizeof (enum r_dir_status)),
556 where, where_len);
557 else
558 dirp->where = NULL;
559
560 dirp->next = GL(dl_all_dirs);
561 GL(dl_all_dirs) = dirp;
562
563 /* Put it in the result array. */
564 result[nelems++] = dirp;
565 }
566 free (to_free);
567 }
568
569 /* Terminate the array. */
570 result[nelems] = NULL;
571
572 return result;
573 }
574
575
576 static bool
577 decompose_rpath (struct r_search_path_struct *sps,
578 const char *rpath, struct link_map *l, const char *what)
579 {
580 /* Make a copy we can work with. */
581 const char *where = l->l_name;
582 char *cp;
583 struct r_search_path_elem **result;
584 size_t nelems;
585 /* Initialize to please the compiler. */
586 const char *errstring = NULL;
587
588 /* First see whether we must forget the RUNPATH and RPATH from this
589 object. */
590 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
591 && !__libc_enable_secure)
592 {
593 const char *inhp = GLRO(dl_inhibit_rpath);
594
595 do
596 {
597 const char *wp = where;
598
599 while (*inhp == *wp && *wp != '\0')
600 {
601 ++inhp;
602 ++wp;
603 }
604
605 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
606 {
607 /* This object is on the list of objects for which the
608 RUNPATH and RPATH must not be used. */
609 sps->dirs = (void *) -1;
610 return false;
611 }
612
613 while (*inhp != '\0')
614 if (*inhp++ == ':')
615 break;
616 }
617 while (*inhp != '\0');
618 }
619
620 /* Ignore empty rpaths. */
621 if (*rpath == '\0')
622 {
623 sps->dirs = (struct r_search_path_elem **) -1;
624 return false;
625 }
626
627 /* Make a writable copy. */
628 char *copy = __strdup (rpath);
629 if (copy == NULL)
630 {
631 errstring = N_("cannot create RUNPATH/RPATH copy");
632 goto signal_error;
633 }
634
635 /* Count the number of necessary elements in the result array. */
636 nelems = 0;
637 for (cp = copy; *cp != '\0'; ++cp)
638 if (*cp == ':')
639 ++nelems;
640
641 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
642 number of necessary entries. */
643 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
644 * sizeof (*result));
645 if (result == NULL)
646 {
647 free (copy);
648 errstring = N_("cannot create cache for search path");
649 signal_error:
650 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
651 }
652
653 fillin_rpath (copy, result, ":", what, where, l);
654
655 /* Free the copied RPATH string. `fillin_rpath' make own copies if
656 necessary. */
657 free (copy);
658
659 /* There is no path after expansion. */
660 if (result[0] == NULL)
661 {
662 free (result);
663 sps->dirs = (struct r_search_path_elem **) -1;
664 return false;
665 }
666
667 sps->dirs = result;
668 /* The caller will change this value if we haven't used a real malloc. */
669 sps->malloced = 1;
670 return true;
671 }
672
673 /* Make sure cached path information is stored in *SP
674 and return true if there are any paths to search there. */
675 static bool
676 cache_rpath (struct link_map *l,
677 struct r_search_path_struct *sp,
678 int tag,
679 const char *what)
680 {
681 if (sp->dirs == (void *) -1)
682 return false;
683
684 if (sp->dirs != NULL)
685 return true;
686
687 if (l->l_info[tag] == NULL)
688 {
689 /* There is no path. */
690 sp->dirs = (void *) -1;
691 return false;
692 }
693
694 /* Make sure the cache information is available. */
695 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
696 + l->l_info[tag]->d_un.d_val),
697 l, what);
698 }
699
700
701 void
702 _dl_init_paths (const char *llp, const char *source,
703 const char *glibc_hwcaps_prepend,
704 const char *glibc_hwcaps_mask)
705 {
706 size_t idx;
707 const char *strp;
708 struct r_search_path_elem *pelem, **aelem;
709 size_t round_size;
710 struct link_map __attribute__ ((unused)) *l = NULL;
711 /* Initialize to please the compiler. */
712 const char *errstring = NULL;
713
714 /* Fill in the information about the application's RPATH and the
715 directories addressed by the LD_LIBRARY_PATH environment variable. */
716
717 #ifdef SHARED
718 /* Get the capabilities. */
719 capstr = _dl_important_hwcaps (glibc_hwcaps_prepend, glibc_hwcaps_mask,
720 &ncapstr, &max_capstrlen);
721 #endif
722
723 /* First set up the rest of the default search directory entries. */
724 aelem = __rtld_search_dirs.dirs = (struct r_search_path_elem **)
725 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
726 if (__rtld_search_dirs.dirs == NULL)
727 {
728 errstring = N_("cannot create search path array");
729 signal_error:
730 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
731 }
732
733 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
734 + ncapstr * sizeof (enum r_dir_status))
735 / sizeof (struct r_search_path_elem));
736
737 __rtld_search_dirs.dirs[0]
738 = malloc (nsystem_dirs_len * round_size
739 * sizeof (*__rtld_search_dirs.dirs[0]));
740 if (__rtld_search_dirs.dirs[0] == NULL)
741 {
742 errstring = N_("cannot create cache for search path");
743 goto signal_error;
744 }
745
746 __rtld_search_dirs.malloced = 0;
747 pelem = GL(dl_all_dirs) = __rtld_search_dirs.dirs[0];
748 strp = system_dirs;
749 idx = 0;
750
751 do
752 {
753 size_t cnt;
754
755 *aelem++ = pelem;
756
757 pelem->what = "system search path";
758 pelem->where = NULL;
759
760 pelem->dirname = strp;
761 pelem->dirnamelen = system_dirs_len[idx];
762 strp += system_dirs_len[idx] + 1;
763
764 /* System paths must be absolute. */
765 assert (pelem->dirname[0] == '/');
766 for (cnt = 0; cnt < ncapstr; ++cnt)
767 pelem->status[cnt] = unknown;
768
769 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
770
771 pelem += round_size;
772 }
773 while (idx < nsystem_dirs_len);
774
775 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
776 *aelem = NULL;
777
778 /* This points to the map of the main object. If there is no main
779 object (e.g., under --help, use the dynamic loader itself as a
780 stand-in. */
781 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
782 #ifdef SHARED
783 if (l == NULL)
784 l = &GL (dl_rtld_map);
785 #endif
786 assert (l->l_type != lt_loaded);
787
788 if (l->l_info[DT_RUNPATH])
789 {
790 /* Allocate room for the search path and fill in information
791 from RUNPATH. */
792 decompose_rpath (&l->l_runpath_dirs,
793 (const void *) (D_PTR (l, l_info[DT_STRTAB])
794 + l->l_info[DT_RUNPATH]->d_un.d_val),
795 l, "RUNPATH");
796 /* During rtld init the memory is allocated by the stub malloc,
797 prevent any attempt to free it by the normal malloc. */
798 l->l_runpath_dirs.malloced = 0;
799
800 /* The RPATH is ignored. */
801 l->l_rpath_dirs.dirs = (void *) -1;
802 }
803 else
804 {
805 l->l_runpath_dirs.dirs = (void *) -1;
806
807 if (l->l_info[DT_RPATH])
808 {
809 /* Allocate room for the search path and fill in information
810 from RPATH. */
811 decompose_rpath (&l->l_rpath_dirs,
812 (const void *) (D_PTR (l, l_info[DT_STRTAB])
813 + l->l_info[DT_RPATH]->d_un.d_val),
814 l, "RPATH");
815 /* During rtld init the memory is allocated by the stub
816 malloc, prevent any attempt to free it by the normal
817 malloc. */
818 l->l_rpath_dirs.malloced = 0;
819 }
820 else
821 l->l_rpath_dirs.dirs = (void *) -1;
822 }
823
824 if (llp != NULL && *llp != '\0')
825 {
826 char *llp_tmp = strdupa (llp);
827
828 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
829 elements it has. */
830 size_t nllp = 1;
831 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
832 if (*cp == ':' || *cp == ';')
833 ++nllp;
834
835 __rtld_env_path_list.dirs = (struct r_search_path_elem **)
836 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
837 if (__rtld_env_path_list.dirs == NULL)
838 {
839 errstring = N_("cannot create cache for search path");
840 goto signal_error;
841 }
842
843 (void) fillin_rpath (llp_tmp, __rtld_env_path_list.dirs, ":;",
844 source, NULL, l);
845
846 if (__rtld_env_path_list.dirs[0] == NULL)
847 {
848 free (__rtld_env_path_list.dirs);
849 __rtld_env_path_list.dirs = (void *) -1;
850 }
851
852 __rtld_env_path_list.malloced = 0;
853 }
854 else
855 __rtld_env_path_list.dirs = (void *) -1;
856 }
857
858
859 /* Process PT_GNU_PROPERTY program header PH in module L after
860 PT_LOAD segments are mapped. Only one NT_GNU_PROPERTY_TYPE_0
861 note is handled which contains processor specific properties.
862 FD is -1 for the kernel mapped main executable otherwise it is
863 the fd used for loading module L. */
864
865 void
866 _dl_process_pt_gnu_property (struct link_map *l, int fd, const ElfW(Phdr) *ph)
867 {
868 const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr);
869 const ElfW(Addr) size = ph->p_memsz;
870 const ElfW(Addr) align = ph->p_align;
871
872 /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes in
873 32-bit objects and to 8 bytes in 64-bit objects. Skip notes
874 with incorrect alignment. */
875 if (align != (__ELF_NATIVE_CLASS / 8))
876 return;
877
878 const ElfW(Addr) start = (ElfW(Addr)) note;
879 unsigned int last_type = 0;
880
881 while ((ElfW(Addr)) (note + 1) - start < size)
882 {
883 /* Find the NT_GNU_PROPERTY_TYPE_0 note. */
884 if (note->n_namesz == 4
885 && note->n_type == NT_GNU_PROPERTY_TYPE_0
886 && memcmp (note + 1, "GNU", 4) == 0)
887 {
888 /* Check for invalid property. */
889 if (note->n_descsz < 8
890 || (note->n_descsz % sizeof (ElfW(Addr))) != 0)
891 return;
892
893 /* Start and end of property array. */
894 unsigned char *ptr = (unsigned char *) (note + 1) + 4;
895 unsigned char *ptr_end = ptr + note->n_descsz;
896
897 do
898 {
899 unsigned int type = *(unsigned int *) ptr;
900 unsigned int datasz = *(unsigned int *) (ptr + 4);
901
902 /* Property type must be in ascending order. */
903 if (type < last_type)
904 return;
905
906 ptr += 8;
907 if ((ptr + datasz) > ptr_end)
908 return;
909
910 last_type = type;
911
912 /* Target specific property processing. */
913 if (_dl_process_gnu_property (l, fd, type, datasz, ptr) == 0)
914 return;
915
916 /* Check the next property item. */
917 ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr)));
918 }
919 while ((ptr_end - ptr) >= 8);
920
921 /* Only handle one NT_GNU_PROPERTY_TYPE_0. */
922 return;
923 }
924
925 note = ((const void *) note
926 + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz,
927 align));
928 }
929 }
930
931
932 /* Map in the shared object NAME, actually located in REALNAME, and already
933 opened on FD. */
934
935 #ifndef EXTERNAL_MAP_FROM_FD
936 static
937 #endif
938 struct link_map *
939 _dl_map_object_from_fd (const char *name, const char *origname, int fd,
940 struct filebuf *fbp, char *realname,
941 struct link_map *loader, int l_type, int mode,
942 void **stack_endp, Lmid_t nsid)
943 {
944 struct link_map *l = NULL;
945 const ElfW(Ehdr) *header;
946 const ElfW(Phdr) *phdr;
947 const ElfW(Phdr) *ph;
948 size_t maplength;
949 int type;
950 /* Initialize to keep the compiler happy. */
951 const char *errstring = NULL;
952 int errval = 0;
953
954 /* Get file information. To match the kernel behavior, do not fill
955 in this information for the executable in case of an explicit
956 loader invocation. */
957 struct r_file_id id;
958 if (mode & __RTLD_OPENEXEC)
959 {
960 assert (nsid == LM_ID_BASE);
961 memset (&id, 0, sizeof (id));
962 }
963 else
964 {
965 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
966 {
967 errstring = N_("cannot stat shared object");
968 lose_errno:
969 errval = errno;
970 lose:
971 /* The file might already be closed. */
972 if (fd != -1)
973 __close_nocancel (fd);
974 if (l != NULL && l->l_map_start != 0)
975 _dl_unmap_segments (l);
976 if (l != NULL && l->l_origin != (char *) -1l)
977 free ((char *) l->l_origin);
978 if (l != NULL && !l->l_libname->dont_free)
979 free (l->l_libname);
980 if (l != NULL && l->l_phdr_allocated)
981 free ((void *) l->l_phdr);
982 free (l);
983 free (realname);
984 _dl_signal_error (errval, name, NULL, errstring);
985 }
986
987 /* Look again to see if the real name matched another already loaded. */
988 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
989 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
990 {
991 /* The object is already loaded.
992 Just bump its reference count and return it. */
993 __close_nocancel (fd);
994
995 /* If the name is not in the list of names for this object add
996 it. */
997 free (realname);
998 add_name_to_object (l, name);
999
1000 return l;
1001 }
1002 }
1003
1004 #ifdef SHARED
1005 /* When loading into a namespace other than the base one we must
1006 avoid loading ld.so since there can only be one copy. Ever. */
1007 if (__glibc_unlikely (nsid != LM_ID_BASE)
1008 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
1009 || _dl_name_match_p (name, &GL(dl_rtld_map))))
1010 {
1011 /* This is indeed ld.so. Create a new link_map which refers to
1012 the real one for almost everything. */
1013 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1014 if (l == NULL)
1015 goto fail_new;
1016
1017 /* Refer to the real descriptor. */
1018 l->l_real = &GL(dl_rtld_map);
1019
1020 /* Copy l_addr and l_ld to avoid a GDB warning with dlmopen(). */
1021 l->l_addr = l->l_real->l_addr;
1022 l->l_ld = l->l_real->l_ld;
1023
1024 /* No need to bump the refcount of the real object, ld.so will
1025 never be unloaded. */
1026 __close_nocancel (fd);
1027
1028 /* Add the map for the mirrored object to the object list. */
1029 _dl_add_to_namespace_list (l, nsid);
1030
1031 return l;
1032 }
1033 #endif
1034
1035 if (mode & RTLD_NOLOAD)
1036 {
1037 /* We are not supposed to load the object unless it is already
1038 loaded. So return now. */
1039 free (realname);
1040 __close_nocancel (fd);
1041 return NULL;
1042 }
1043
1044 /* Print debugging message. */
1045 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1046 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
1047
1048 /* This is the ELF header. We read it in `open_verify'. */
1049 header = (void *) fbp->buf;
1050
1051 /* Enter the new object in the list of loaded objects. */
1052 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1053 if (__glibc_unlikely (l == NULL))
1054 {
1055 #ifdef SHARED
1056 fail_new:
1057 #endif
1058 errstring = N_("cannot create shared object descriptor");
1059 goto lose_errno;
1060 }
1061
1062 /* Extract the remaining details we need from the ELF header
1063 and then read in the program header table. */
1064 l->l_entry = header->e_entry;
1065 type = header->e_type;
1066 l->l_phnum = header->e_phnum;
1067
1068 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1069 if (header->e_phoff + maplength <= (size_t) fbp->len)
1070 phdr = (void *) (fbp->buf + header->e_phoff);
1071 else
1072 {
1073 phdr = alloca (maplength);
1074 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1075 header->e_phoff) != maplength)
1076 {
1077 errstring = N_("cannot read file data");
1078 goto lose_errno;
1079 }
1080 }
1081
1082 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1083 * executable. Other platforms default to a nonexecutable stack and don't
1084 * need PT_GNU_STACK to do so. */
1085 unsigned int stack_flags = DEFAULT_STACK_PERMS;
1086
1087 {
1088 /* Scan the program header table, collecting its load commands. */
1089 struct loadcmd loadcmds[l->l_phnum];
1090 size_t nloadcmds = 0;
1091 bool has_holes = false;
1092 bool empty_dynamic = false;
1093 ElfW(Addr) p_align_max = 0;
1094
1095 /* The struct is initialized to zero so this is not necessary:
1096 l->l_ld = 0;
1097 l->l_phdr = 0;
1098 l->l_addr = 0; */
1099 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1100 switch (ph->p_type)
1101 {
1102 /* These entries tell us where to find things once the file's
1103 segments are mapped in. We record the addresses it says
1104 verbatim, and later correct for the run-time load address. */
1105 case PT_DYNAMIC:
1106 if (ph->p_filesz == 0)
1107 empty_dynamic = true; /* Usually separate debuginfo. */
1108 else
1109 {
1110 /* Debuginfo only files from "objcopy --only-keep-debug"
1111 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
1112 such a segment to avoid a crash later. */
1113 l->l_ld = (void *) ph->p_vaddr;
1114 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1115 l->l_ld_readonly = (ph->p_flags & PF_W) == 0;
1116 }
1117 break;
1118
1119 case PT_PHDR:
1120 l->l_phdr = (void *) ph->p_vaddr;
1121 break;
1122
1123 case PT_LOAD:
1124 /* A load command tells us to map in part of the file.
1125 We record the load commands and process them all later. */
1126 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1127 & (GLRO(dl_pagesize) - 1)) != 0))
1128 {
1129 errstring
1130 = N_("ELF load command address/offset not page-aligned");
1131 goto lose;
1132 }
1133
1134 struct loadcmd *c = &loadcmds[nloadcmds++];
1135 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1136 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1137 c->dataend = ph->p_vaddr + ph->p_filesz;
1138 c->allocend = ph->p_vaddr + ph->p_memsz;
1139 /* Remember the maximum p_align. */
1140 if (powerof2 (ph->p_align) && ph->p_align > p_align_max)
1141 p_align_max = ph->p_align;
1142 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1143
1144 DIAG_PUSH_NEEDS_COMMENT;
1145
1146 #if __GNUC_PREREQ (11, 0)
1147 /* Suppress invalid GCC warning:
1148 ‘(((char *)loadcmds.113_68 + _933 + 16))[329406144173384849].mapend’ may be used uninitialized [-Wmaybe-uninitialized]
1149 See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106008
1150 */
1151 DIAG_IGNORE_NEEDS_COMMENT (11, "-Wmaybe-uninitialized");
1152 #endif
1153 /* Determine whether there is a gap between the last segment
1154 and this one. */
1155 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1156 has_holes = true;
1157 DIAG_POP_NEEDS_COMMENT;
1158
1159 /* Optimize a common case. */
1160 #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1161 c->prot = (PF_TO_PROT
1162 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1163 #else
1164 c->prot = 0;
1165 if (ph->p_flags & PF_R)
1166 c->prot |= PROT_READ;
1167 if (ph->p_flags & PF_W)
1168 c->prot |= PROT_WRITE;
1169 if (ph->p_flags & PF_X)
1170 c->prot |= PROT_EXEC;
1171 #endif
1172 break;
1173
1174 case PT_TLS:
1175 if (ph->p_memsz == 0)
1176 /* Nothing to do for an empty segment. */
1177 break;
1178
1179 l->l_tls_blocksize = ph->p_memsz;
1180 l->l_tls_align = ph->p_align;
1181 if (ph->p_align == 0)
1182 l->l_tls_firstbyte_offset = 0;
1183 else
1184 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1185 l->l_tls_initimage_size = ph->p_filesz;
1186 /* Since we don't know the load address yet only store the
1187 offset. We will adjust it later. */
1188 l->l_tls_initimage = (void *) ph->p_vaddr;
1189
1190 /* l->l_tls_modid is assigned below, once there is no
1191 possibility for failure. */
1192
1193 if (l->l_type != lt_library
1194 && GL(dl_tls_dtv_slotinfo_list) == NULL)
1195 {
1196 #ifdef SHARED
1197 /* We are loading the executable itself when the dynamic
1198 linker was executed directly. The setup will happen
1199 later. */
1200 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
1201 #else
1202 assert (false && "TLS not initialized in static application");
1203 #endif
1204 }
1205 break;
1206
1207 case PT_GNU_STACK:
1208 stack_flags = ph->p_flags;
1209 break;
1210
1211 case PT_GNU_RELRO:
1212 l->l_relro_addr = ph->p_vaddr;
1213 l->l_relro_size = ph->p_memsz;
1214 break;
1215 }
1216
1217 if (__glibc_unlikely (nloadcmds == 0))
1218 {
1219 /* This only happens for a bogus object that will be caught with
1220 another error below. But we don't want to go through the
1221 calculations below using NLOADCMDS - 1. */
1222 errstring = N_("object file has no loadable segments");
1223 goto lose;
1224 }
1225
1226 /* Align all PT_LOAD segments to the maximum p_align. */
1227 for (size_t i = 0; i < nloadcmds; i++)
1228 loadcmds[i].mapalign = p_align_max;
1229
1230 /* dlopen of an executable is not valid because it is not possible
1231 to perform proper relocations, handle static TLS, or run the
1232 ELF constructors. For PIE, the check needs the dynamic
1233 section, so there is another check below. */
1234 if (__glibc_unlikely (type != ET_DYN)
1235 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1236 {
1237 /* This object is loaded at a fixed address. This must never
1238 happen for objects loaded with dlopen. */
1239 errstring = N_("cannot dynamically load executable");
1240 goto lose;
1241 }
1242
1243 /* This check recognizes most separate debuginfo files. */
1244 if (__glibc_unlikely ((l->l_ld == 0 && type == ET_DYN) || empty_dynamic))
1245 {
1246 errstring = N_("object file has no dynamic section");
1247 goto lose;
1248 }
1249
1250 /* Length of the sections to be loaded. */
1251 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1252
1253 /* Now process the load commands and map segments into memory.
1254 This is responsible for filling in:
1255 l_map_start, l_map_end, l_addr, l_contiguous, l_phdr
1256 */
1257 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1258 maplength, has_holes, loader);
1259 if (__glibc_unlikely (errstring != NULL))
1260 {
1261 /* Mappings can be in an inconsistent state: avoid unmap. */
1262 l->l_map_start = l->l_map_end = 0;
1263 goto lose;
1264 }
1265 }
1266
1267 if (l->l_ld != 0)
1268 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1269
1270 elf_get_dynamic_info (l, false, false);
1271
1272 /* Make sure we are not dlopen'ing an object that has the
1273 DF_1_NOOPEN flag set, or a PIE object. */
1274 if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1275 && (mode & __RTLD_DLOPEN))
1276 || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE)
1277 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)))
1278 {
1279 if (l->l_flags_1 & DF_1_PIE)
1280 errstring
1281 = N_("cannot dynamically load position-independent executable");
1282 else
1283 errstring = N_("shared object cannot be dlopen()ed");
1284 goto lose;
1285 }
1286
1287 if (l->l_phdr == NULL)
1288 {
1289 /* The program header is not contained in any of the segments.
1290 We have to allocate memory ourself and copy it over from out
1291 temporary place. */
1292 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1293 * sizeof (ElfW(Phdr)));
1294 if (newp == NULL)
1295 {
1296 errstring = N_("cannot allocate memory for program header");
1297 goto lose_errno;
1298 }
1299
1300 l->l_phdr = memcpy (newp, phdr,
1301 (header->e_phnum * sizeof (ElfW(Phdr))));
1302 l->l_phdr_allocated = 1;
1303 }
1304 else
1305 /* Adjust the PT_PHDR value by the runtime load address. */
1306 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1307
1308 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1309 {
1310 /* The stack is presently not executable, but this module
1311 requires that it be executable. We must change the
1312 protection of the variable which contains the flags used in
1313 the mprotect calls. */
1314 #ifdef SHARED
1315 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1316 {
1317 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1318 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1319
1320 struct link_map *const m = &GL(dl_rtld_map);
1321 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1322 + m->l_relro_size)
1323 & -GLRO(dl_pagesize));
1324 if (__glibc_likely (p + s <= relro_end))
1325 {
1326 /* The variable lies in the region protected by RELRO. */
1327 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1328 {
1329 errstring = N_("cannot change memory protections");
1330 goto lose_errno;
1331 }
1332 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1333 __mprotect ((void *) p, s, PROT_READ);
1334 }
1335 else
1336 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1337 }
1338 else
1339 #endif
1340 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1341
1342 #ifdef check_consistency
1343 check_consistency ();
1344 #endif
1345
1346 #if PTHREAD_IN_LIBC
1347 errval = _dl_make_stacks_executable (stack_endp);
1348 #else
1349 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1350 #endif
1351 if (errval)
1352 {
1353 errstring = N_("\
1354 cannot enable executable stack as shared object requires");
1355 goto lose;
1356 }
1357 }
1358
1359 /* Adjust the address of the TLS initialization image. */
1360 if (l->l_tls_initimage != NULL)
1361 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1362
1363 /* Process program headers again after load segments are mapped in
1364 case processing requires accessing those segments. Scan program
1365 headers backward so that PT_NOTE can be skipped if PT_GNU_PROPERTY
1366 exits. */
1367 for (ph = &l->l_phdr[l->l_phnum]; ph != l->l_phdr; --ph)
1368 switch (ph[-1].p_type)
1369 {
1370 case PT_NOTE:
1371 _dl_process_pt_note (l, fd, &ph[-1]);
1372 break;
1373 case PT_GNU_PROPERTY:
1374 _dl_process_pt_gnu_property (l, fd, &ph[-1]);
1375 break;
1376 }
1377
1378 /* We are done mapping in the file. We no longer need the descriptor. */
1379 if (__glibc_unlikely (__close_nocancel (fd) != 0))
1380 {
1381 errstring = N_("cannot close file descriptor");
1382 goto lose_errno;
1383 }
1384 /* Signal that we closed the file. */
1385 fd = -1;
1386
1387 /* Failures before this point are handled locally via lose.
1388 There are no more failures in this function until return,
1389 to change that the cleanup handling needs to be updated. */
1390
1391 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1392 assert (type != ET_EXEC || l->l_type == lt_executable);
1393
1394 l->l_entry += l->l_addr;
1395
1396 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1397 _dl_debug_printf ("\
1398 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*zx\n\
1399 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1400 (int) sizeof (void *) * 2,
1401 (unsigned long int) l->l_ld,
1402 (int) sizeof (void *) * 2,
1403 (unsigned long int) l->l_addr,
1404 (int) sizeof (void *) * 2, maplength,
1405 (int) sizeof (void *) * 2,
1406 (unsigned long int) l->l_entry,
1407 (int) sizeof (void *) * 2,
1408 (unsigned long int) l->l_phdr,
1409 (int) sizeof (void *) * 2, l->l_phnum);
1410
1411 /* Set up the symbol hash table. */
1412 _dl_setup_hash (l);
1413
1414 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1415 have to do this for the main map. */
1416 if ((mode & RTLD_DEEPBIND) == 0
1417 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1418 && &l->l_searchlist != l->l_scope[0])
1419 {
1420 /* Create an appropriate searchlist. It contains only this map.
1421 This is the definition of DT_SYMBOLIC in SysVr4. */
1422 l->l_symbolic_searchlist.r_list[0] = l;
1423 l->l_symbolic_searchlist.r_nlist = 1;
1424
1425 /* Now move the existing entries one back. */
1426 memmove (&l->l_scope[1], &l->l_scope[0],
1427 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1428
1429 /* Now add the new entry. */
1430 l->l_scope[0] = &l->l_symbolic_searchlist;
1431 }
1432
1433 /* Remember whether this object must be initialized first. */
1434 if (l->l_flags_1 & DF_1_INITFIRST)
1435 GL(dl_initfirst) = l;
1436
1437 /* Finally the file information. */
1438 l->l_file_id = id;
1439
1440 #ifdef SHARED
1441 /* When auditing is used the recorded names might not include the
1442 name by which the DSO is actually known. Add that as well. */
1443 if (__glibc_unlikely (origname != NULL))
1444 add_name_to_object (l, origname);
1445
1446 /* When we profile the SONAME might be needed for something else but
1447 loading. Add it right away. */
1448 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1449 && l->l_info[DT_SONAME] != NULL)
1450 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1451 + l->l_info[DT_SONAME]->d_un.d_val));
1452 #else
1453 /* Audit modules only exist when linking is dynamic so ORIGNAME
1454 cannot be non-NULL. */
1455 assert (origname == NULL);
1456 #endif
1457
1458 /* If we have newly loaded libc.so, update the namespace
1459 description. */
1460 if (GL(dl_ns)[nsid].libc_map == NULL
1461 && l->l_info[DT_SONAME] != NULL
1462 && strcmp (((const char *) D_PTR (l, l_info[DT_STRTAB])
1463 + l->l_info[DT_SONAME]->d_un.d_val), LIBC_SO) == 0)
1464 GL(dl_ns)[nsid].libc_map = l;
1465
1466 /* _dl_close can only eventually undo the module ID assignment (via
1467 remove_slotinfo) if this function returns a pointer to a link
1468 map. Therefore, delay this step until all possibilities for
1469 failure have been excluded. */
1470 if (l->l_tls_blocksize > 0
1471 && (__glibc_likely (l->l_type == lt_library)
1472 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1473 not set up TLS data structures, so don't use them now. */
1474 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL)))
1475 /* Assign the next available module ID. */
1476 _dl_assign_tls_modid (l);
1477
1478 #ifdef DL_AFTER_LOAD
1479 DL_AFTER_LOAD (l);
1480 #endif
1481
1482 /* Now that the object is fully initialized add it to the object list. */
1483 _dl_add_to_namespace_list (l, nsid);
1484
1485 /* Skip auditing and debugger notification when called from 'sprof'. */
1486 if (mode & __RTLD_SPROF)
1487 return l;
1488
1489 /* Signal that we are going to add new objects. */
1490 struct r_debug *r = _dl_debug_update (nsid);
1491 if (r->r_state == RT_CONSISTENT)
1492 {
1493 #ifdef SHARED
1494 /* Auditing checkpoint: we are going to add new objects. Since this
1495 is called after _dl_add_to_namespace_list the namespace is guaranteed
1496 to not be empty. */
1497 if ((mode & __RTLD_AUDIT) == 0)
1498 _dl_audit_activity_nsid (nsid, LA_ACT_ADD);
1499 #endif
1500
1501 /* Notify the debugger we have added some objects. We need to
1502 call _dl_debug_initialize in a static program in case dynamic
1503 linking has not been used before. */
1504 r->r_state = RT_ADD;
1505 _dl_debug_state ();
1506 LIBC_PROBE (map_start, 2, nsid, r);
1507 }
1508 else
1509 assert (r->r_state == RT_ADD);
1510
1511 #ifdef SHARED
1512 /* Auditing checkpoint: we have a new object. */
1513 if (!GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1514 _dl_audit_objopen (l, nsid);
1515 #endif
1516
1517 return l;
1518 }
1519 \f
1520 /* Print search path. */
1521 static void
1522 print_search_path (struct r_search_path_elem **list,
1523 const char *what, const char *name)
1524 {
1525 char buf[max_dirnamelen + max_capstrlen];
1526 int first = 1;
1527
1528 _dl_debug_printf (" search path=");
1529
1530 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1531 {
1532 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1533 size_t cnt;
1534
1535 for (cnt = 0; cnt < ncapstr; ++cnt)
1536 if ((*list)->status[cnt] != nonexisting)
1537 {
1538 #ifdef SHARED
1539 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1540 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1541 cp[0] = '\0';
1542 else
1543 cp[-1] = '\0';
1544 #else
1545 *endp = '\0';
1546 #endif
1547
1548 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1549 first = 0;
1550 }
1551
1552 ++list;
1553 }
1554
1555 if (name != NULL)
1556 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1557 DSO_FILENAME (name));
1558 else
1559 _dl_debug_printf_c ("\t\t(%s)\n", what);
1560 }
1561 \f
1562 /* Open a file and verify it is an ELF file for this architecture. We
1563 ignore only ELF files for other architectures. Non-ELF files and
1564 ELF files with different header information cause fatal errors since
1565 this could mean there is something wrong in the installation and the
1566 user might want to know about this.
1567
1568 If FD is not -1, then the file is already open and FD refers to it.
1569 In that case, FD is consumed for both successful and error returns. */
1570 static int
1571 open_verify (const char *name, int fd,
1572 struct filebuf *fbp, struct link_map *loader,
1573 int whatcode, int mode, bool *found_other_class, bool free_name)
1574 {
1575 /* This is the expected ELF header. */
1576 #define ELF32_CLASS ELFCLASS32
1577 #define ELF64_CLASS ELFCLASS64
1578 #ifndef VALID_ELF_HEADER
1579 # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1580 # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1581 # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1582 #elif defined MORE_ELF_HEADER_DATA
1583 MORE_ELF_HEADER_DATA;
1584 #endif
1585 static const unsigned char expected[EI_NIDENT] =
1586 {
1587 [EI_MAG0] = ELFMAG0,
1588 [EI_MAG1] = ELFMAG1,
1589 [EI_MAG2] = ELFMAG2,
1590 [EI_MAG3] = ELFMAG3,
1591 [EI_CLASS] = ELFW(CLASS),
1592 [EI_DATA] = byteorder,
1593 [EI_VERSION] = EV_CURRENT,
1594 [EI_OSABI] = ELFOSABI_SYSV,
1595 [EI_ABIVERSION] = 0
1596 };
1597 /* Initialize it to make the compiler happy. */
1598 const char *errstring = NULL;
1599 int errval = 0;
1600
1601 #ifdef SHARED
1602 /* Give the auditing libraries a chance. */
1603 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
1604 {
1605 const char *original_name = name;
1606 name = _dl_audit_objsearch (name, loader, whatcode);
1607 if (name == NULL)
1608 return -1;
1609
1610 if (fd != -1 && name != original_name && strcmp (name, original_name))
1611 {
1612 /* An audit library changed what we're supposed to open,
1613 so FD no longer matches it. */
1614 __close_nocancel (fd);
1615 fd = -1;
1616 }
1617 }
1618 #endif
1619
1620 if (fd == -1)
1621 /* Open the file. We always open files read-only. */
1622 fd = __open64_nocancel (name, O_RDONLY | O_CLOEXEC);
1623
1624 if (fd != -1)
1625 {
1626 ElfW(Ehdr) *ehdr;
1627 ElfW(Phdr) *phdr;
1628 size_t maplength;
1629
1630 /* We successfully opened the file. Now verify it is a file
1631 we can use. */
1632 __set_errno (0);
1633 fbp->len = 0;
1634 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1635 /* Read in the header. */
1636 do
1637 {
1638 ssize_t retlen = __read_nocancel (fd, fbp->buf + fbp->len,
1639 sizeof (fbp->buf) - fbp->len);
1640 if (retlen <= 0)
1641 break;
1642 fbp->len += retlen;
1643 }
1644 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1645
1646 /* This is where the ELF header is loaded. */
1647 ehdr = (ElfW(Ehdr) *) fbp->buf;
1648
1649 /* Now run the tests. */
1650 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1651 {
1652 errval = errno;
1653 errstring = (errval == 0
1654 ? N_("file too short") : N_("cannot read file data"));
1655 lose:
1656 if (free_name)
1657 {
1658 char *realname = (char *) name;
1659 name = strdupa (realname);
1660 free (realname);
1661 }
1662 __close_nocancel (fd);
1663 _dl_signal_error (errval, name, NULL, errstring);
1664 }
1665
1666 /* See whether the ELF header is what we expect. */
1667 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1668 EI_ABIVERSION)
1669 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1670 ehdr->e_ident[EI_ABIVERSION])
1671 || memcmp (&ehdr->e_ident[EI_PAD],
1672 &expected[EI_PAD],
1673 EI_NIDENT - EI_PAD) != 0))
1674 {
1675 /* Something is wrong. */
1676 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1677 if (*magp !=
1678 #if BYTE_ORDER == LITTLE_ENDIAN
1679 ((ELFMAG0 << (EI_MAG0 * 8))
1680 | (ELFMAG1 << (EI_MAG1 * 8))
1681 | (ELFMAG2 << (EI_MAG2 * 8))
1682 | (ELFMAG3 << (EI_MAG3 * 8)))
1683 #else
1684 ((ELFMAG0 << (EI_MAG3 * 8))
1685 | (ELFMAG1 << (EI_MAG2 * 8))
1686 | (ELFMAG2 << (EI_MAG1 * 8))
1687 | (ELFMAG3 << (EI_MAG0 * 8)))
1688 #endif
1689 )
1690 errstring = N_("invalid ELF header");
1691
1692 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1693 {
1694 /* This is not a fatal error. On architectures where
1695 32-bit and 64-bit binaries can be run this might
1696 happen. */
1697 *found_other_class = true;
1698 __close_nocancel (fd);
1699 __set_errno (ENOENT);
1700 return -1;
1701 }
1702 else if (ehdr->e_ident[EI_DATA] != byteorder)
1703 {
1704 if (BYTE_ORDER == BIG_ENDIAN)
1705 errstring = N_("ELF file data encoding not big-endian");
1706 else
1707 errstring = N_("ELF file data encoding not little-endian");
1708 }
1709 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1710 errstring
1711 = N_("ELF file version ident does not match current one");
1712 /* XXX We should be able so set system specific versions which are
1713 allowed here. */
1714 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1715 errstring = N_("ELF file OS ABI invalid");
1716 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1717 ehdr->e_ident[EI_ABIVERSION]))
1718 errstring = N_("ELF file ABI version invalid");
1719 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1720 EI_NIDENT - EI_PAD) != 0)
1721 errstring = N_("nonzero padding in e_ident");
1722 else
1723 /* Otherwise we don't know what went wrong. */
1724 errstring = N_("internal error");
1725
1726 goto lose;
1727 }
1728
1729 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1730 {
1731 errstring = N_("ELF file version does not match current one");
1732 goto lose;
1733 }
1734 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1735 {
1736 __close_nocancel (fd);
1737 __set_errno (ENOENT);
1738 return -1;
1739 }
1740 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1741 && ehdr->e_type != ET_EXEC))
1742 {
1743 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1744 goto lose;
1745 }
1746 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1747 {
1748 errstring = N_("ELF file's phentsize not the expected size");
1749 goto lose;
1750 }
1751
1752 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1753 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1754 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1755 else
1756 {
1757 phdr = alloca (maplength);
1758 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1759 ehdr->e_phoff) != maplength)
1760 {
1761 errval = errno;
1762 errstring = N_("cannot read file data");
1763 goto lose;
1764 }
1765 }
1766
1767 if (__glibc_unlikely (elf_machine_reject_phdr_p
1768 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1769 loader, fd)))
1770 {
1771 __close_nocancel (fd);
1772 __set_errno (ENOENT);
1773 return -1;
1774 }
1775
1776 }
1777
1778 return fd;
1779 }
1780 \f
1781 /* Try to open NAME in one of the directories in SPS. Return the fd, or -1.
1782 If successful, fill in *REALNAME with the malloc'd full directory name. If
1783 it turns out that none of the directories in SPS exists, SPS->DIRS is
1784 replaced with (void *) -1, and the old value is free()d if SPS->MALLOCED is
1785 true. */
1786
1787 static int
1788 open_path (const char *name, size_t namelen, int mode,
1789 struct r_search_path_struct *sps, char **realname,
1790 struct filebuf *fbp, struct link_map *loader, int whatcode,
1791 bool *found_other_class)
1792 {
1793 struct r_search_path_elem **dirs = sps->dirs;
1794 char *buf;
1795 int fd = -1;
1796 const char *current_what = NULL;
1797 int any = 0;
1798
1799 if (__glibc_unlikely (dirs == NULL))
1800 /* We're called before _dl_init_paths when loading the main executable
1801 given on the command line when rtld is run directly. */
1802 return -1;
1803
1804 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1805 do
1806 {
1807 struct r_search_path_elem *this_dir = *dirs;
1808 size_t buflen = 0;
1809 size_t cnt;
1810 char *edp;
1811 int here_any = 0;
1812
1813 /* If we are debugging the search for libraries print the path
1814 now if it hasn't happened now. */
1815 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1816 && current_what != this_dir->what)
1817 {
1818 current_what = this_dir->what;
1819 print_search_path (dirs, current_what, this_dir->where);
1820 }
1821
1822 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1823 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1824 {
1825 /* Skip this directory if we know it does not exist. */
1826 if (this_dir->status[cnt] == nonexisting)
1827 continue;
1828
1829 #ifdef SHARED
1830 buflen =
1831 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1832 capstr[cnt].len),
1833 name, namelen)
1834 - buf);
1835 #else
1836 buflen = (char *) __mempcpy (edp, name, namelen) - buf;
1837 #endif
1838
1839 /* Print name we try if this is wanted. */
1840 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1841 _dl_debug_printf (" trying file=%s\n", buf);
1842
1843 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1844 found_other_class, false);
1845 if (this_dir->status[cnt] == unknown)
1846 {
1847 if (fd != -1)
1848 this_dir->status[cnt] = existing;
1849 /* Do not update the directory information when loading
1850 auditing code. We must try to disturb the program as
1851 little as possible. */
1852 else if (loader == NULL
1853 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1854 {
1855 /* We failed to open machine dependent library. Let's
1856 test whether there is any directory at all. */
1857 struct __stat64_t64 st;
1858
1859 buf[buflen - namelen] = '\0';
1860
1861 if (__stat64_time64 (buf, &st) != 0
1862 || ! S_ISDIR (st.st_mode))
1863 /* The directory does not exist or it is no directory. */
1864 this_dir->status[cnt] = nonexisting;
1865 else
1866 this_dir->status[cnt] = existing;
1867 }
1868 }
1869
1870 /* Remember whether we found any existing directory. */
1871 here_any |= this_dir->status[cnt] != nonexisting;
1872
1873 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1874 && __libc_enable_secure)
1875 {
1876 /* This is an extra security effort to make sure nobody can
1877 preload broken shared objects which are in the trusted
1878 directories and so exploit the bugs. */
1879 struct __stat64_t64 st;
1880
1881 if (__fstat64_time64 (fd, &st) != 0
1882 || (st.st_mode & S_ISUID) == 0)
1883 {
1884 /* The shared object cannot be tested for being SUID
1885 or this bit is not set. In this case we must not
1886 use this object. */
1887 __close_nocancel (fd);
1888 fd = -1;
1889 /* We simply ignore the file, signal this by setting
1890 the error value which would have been set by `open'. */
1891 errno = ENOENT;
1892 }
1893 }
1894 }
1895
1896 if (fd != -1)
1897 {
1898 *realname = (char *) malloc (buflen);
1899 if (*realname != NULL)
1900 {
1901 memcpy (*realname, buf, buflen);
1902 return fd;
1903 }
1904 else
1905 {
1906 /* No memory for the name, we certainly won't be able
1907 to load and link it. */
1908 __close_nocancel (fd);
1909 return -1;
1910 }
1911 }
1912
1913 /* Continue the search if the file does not exist (ENOENT), if it can
1914 not be accessed (EACCES), or if the a component in the path is not a
1915 directory (for instance, if the component is a existing file meaning
1916 essentially that the pathname is invalid - ENOTDIR). */
1917 if (here_any && errno != ENOENT && errno != EACCES && errno != ENOTDIR)
1918 return -1;
1919
1920 /* Remember whether we found anything. */
1921 any |= here_any;
1922 }
1923 while (*++dirs != NULL);
1924
1925 /* Remove the whole path if none of the directories exists. */
1926 if (__glibc_unlikely (! any))
1927 {
1928 /* Paths which were allocated using the minimal malloc() in ld.so
1929 must not be freed using the general free() in libc. */
1930 if (sps->malloced)
1931 free (sps->dirs);
1932
1933 /* __rtld_search_dirs and __rtld_env_path_list are
1934 attribute_relro, therefore avoid writing to them. */
1935 if (sps != &__rtld_search_dirs && sps != &__rtld_env_path_list)
1936 sps->dirs = (void *) -1;
1937 }
1938
1939 return -1;
1940 }
1941
1942 /* Map in the shared object file NAME. */
1943
1944 struct link_map *
1945 _dl_map_object (struct link_map *loader, const char *name,
1946 int type, int trace_mode, int mode, Lmid_t nsid)
1947 {
1948 int fd;
1949 const char *origname = NULL;
1950 char *realname;
1951 char *name_copy;
1952 struct link_map *l;
1953 struct filebuf fb;
1954
1955 assert (nsid >= 0);
1956 assert (nsid < GL(dl_nns));
1957
1958 /* Look for this name among those already loaded. */
1959 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1960 {
1961 /* If the requested name matches the soname of a loaded object,
1962 use that object. Elide this check for names that have not
1963 yet been opened. */
1964 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1965 continue;
1966 if (!_dl_name_match_p (name, l))
1967 {
1968 const char *soname;
1969
1970 if (__glibc_likely (l->l_soname_added)
1971 || l->l_info[DT_SONAME] == NULL)
1972 continue;
1973
1974 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1975 + l->l_info[DT_SONAME]->d_un.d_val);
1976 if (strcmp (name, soname) != 0)
1977 continue;
1978
1979 /* We have a match on a new name -- cache it. */
1980 add_name_to_object (l, soname);
1981 l->l_soname_added = 1;
1982 }
1983
1984 /* We have a match. */
1985 return l;
1986 }
1987
1988 /* Display information if we are debugging. */
1989 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1990 && loader != NULL)
1991 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1992 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1993 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1994 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
1995
1996 #ifdef SHARED
1997 /* Give the auditing libraries a chance to change the name before we
1998 try anything. */
1999 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
2000 {
2001 const char *before = name;
2002 name = _dl_audit_objsearch (name, loader, LA_SER_ORIG);
2003 if (name == NULL)
2004 {
2005 fd = -1;
2006 goto no_file;
2007 }
2008 if (before != name && strcmp (before, name) != 0)
2009 origname = before;
2010 }
2011 #endif
2012
2013 /* Will be true if we found a DSO which is of the other ELF class. */
2014 bool found_other_class = false;
2015
2016 if (strchr (name, '/') == NULL)
2017 {
2018 /* Search for NAME in several places. */
2019
2020 size_t namelen = strlen (name) + 1;
2021
2022 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2023 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
2024
2025 fd = -1;
2026
2027 /* When the object has the RUNPATH information we don't use any
2028 RPATHs. */
2029 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
2030 {
2031 /* This is the executable's map (if there is one). Make sure that
2032 we do not look at it twice. */
2033 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2034 bool did_main_map = false;
2035
2036 /* First try the DT_RPATH of the dependent object that caused NAME
2037 to be loaded. Then that object's dependent, and on up. */
2038 for (l = loader; l; l = l->l_loader)
2039 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2040 {
2041 fd = open_path (name, namelen, mode,
2042 &l->l_rpath_dirs,
2043 &realname, &fb, loader, LA_SER_RUNPATH,
2044 &found_other_class);
2045 if (fd != -1)
2046 break;
2047
2048 did_main_map |= l == main_map;
2049 }
2050
2051 /* If dynamically linked, try the DT_RPATH of the executable
2052 itself. NB: we do this for lookups in any namespace. */
2053 if (fd == -1 && !did_main_map
2054 && main_map != NULL && main_map->l_type != lt_loaded
2055 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2056 "RPATH"))
2057 fd = open_path (name, namelen, mode,
2058 &main_map->l_rpath_dirs,
2059 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2060 &found_other_class);
2061
2062 /* Also try DT_RUNPATH in the executable for LD_AUDIT dlopen
2063 call. */
2064 if (__glibc_unlikely (mode & __RTLD_AUDIT)
2065 && fd == -1 && !did_main_map
2066 && main_map != NULL && main_map->l_type != lt_loaded)
2067 {
2068 struct r_search_path_struct l_rpath_dirs;
2069 l_rpath_dirs.dirs = NULL;
2070 if (cache_rpath (main_map, &l_rpath_dirs,
2071 DT_RUNPATH, "RUNPATH"))
2072 fd = open_path (name, namelen, mode, &l_rpath_dirs,
2073 &realname, &fb, loader ?: main_map,
2074 LA_SER_RUNPATH, &found_other_class);
2075 }
2076 }
2077
2078 /* Try the LD_LIBRARY_PATH environment variable. */
2079 if (fd == -1 && __rtld_env_path_list.dirs != (void *) -1)
2080 fd = open_path (name, namelen, mode, &__rtld_env_path_list,
2081 &realname, &fb,
2082 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2083 LA_SER_LIBPATH, &found_other_class);
2084
2085 /* Look at the RUNPATH information for this binary. */
2086 if (fd == -1 && loader != NULL
2087 && cache_rpath (loader, &loader->l_runpath_dirs,
2088 DT_RUNPATH, "RUNPATH"))
2089 fd = open_path (name, namelen, mode,
2090 &loader->l_runpath_dirs, &realname, &fb, loader,
2091 LA_SER_RUNPATH, &found_other_class);
2092
2093 #ifdef USE_LDCONFIG
2094 if (fd == -1
2095 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2096 || ! __libc_enable_secure)
2097 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2098 {
2099 /* Check the list of libraries in the file /etc/ld.so.cache,
2100 for compatibility with Linux's ldconfig program. */
2101 char *cached = _dl_load_cache_lookup (name);
2102
2103 if (cached != NULL)
2104 {
2105 // XXX Correct to unconditionally default to namespace 0?
2106 l = (loader
2107 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2108 # ifdef SHARED
2109 ?: &GL(dl_rtld_map)
2110 # endif
2111 );
2112
2113 /* If the loader has the DF_1_NODEFLIB flag set we must not
2114 use a cache entry from any of these directories. */
2115 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2116 {
2117 const char *dirp = system_dirs;
2118 unsigned int cnt = 0;
2119
2120 do
2121 {
2122 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2123 {
2124 /* The prefix matches. Don't use the entry. */
2125 free (cached);
2126 cached = NULL;
2127 break;
2128 }
2129
2130 dirp += system_dirs_len[cnt] + 1;
2131 ++cnt;
2132 }
2133 while (cnt < nsystem_dirs_len);
2134 }
2135
2136 if (cached != NULL)
2137 {
2138 fd = open_verify (cached, -1,
2139 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2140 LA_SER_CONFIG, mode, &found_other_class,
2141 false);
2142 if (__glibc_likely (fd != -1))
2143 realname = cached;
2144 else
2145 free (cached);
2146 }
2147 }
2148 }
2149 #endif
2150
2151 /* Finally, try the default path. */
2152 if (fd == -1
2153 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2154 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2155 && __rtld_search_dirs.dirs != (void *) -1)
2156 fd = open_path (name, namelen, mode, &__rtld_search_dirs,
2157 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2158
2159 /* Add another newline when we are tracing the library loading. */
2160 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2161 _dl_debug_printf ("\n");
2162 }
2163 else
2164 {
2165 /* The path may contain dynamic string tokens. */
2166 realname = (loader
2167 ? expand_dynamic_string_token (loader, name)
2168 : __strdup (name));
2169 if (realname == NULL)
2170 fd = -1;
2171 else
2172 {
2173 fd = open_verify (realname, -1, &fb,
2174 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2175 &found_other_class, true);
2176 if (__glibc_unlikely (fd == -1))
2177 free (realname);
2178 }
2179 }
2180
2181 #ifdef SHARED
2182 no_file:
2183 #endif
2184 /* In case the LOADER information has only been provided to get to
2185 the appropriate RUNPATH/RPATH information we do not need it
2186 anymore. */
2187 if (mode & __RTLD_CALLMAP)
2188 loader = NULL;
2189
2190 if (__glibc_unlikely (fd == -1))
2191 {
2192 if (trace_mode)
2193 {
2194 /* We haven't found an appropriate library. But since we
2195 are only interested in the list of libraries this isn't
2196 so severe. Fake an entry with all the information we
2197 have. */
2198 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2199
2200 /* Allocate a new object map. */
2201 if ((name_copy = __strdup (name)) == NULL
2202 || (l = _dl_new_object (name_copy, name, type, loader,
2203 mode, nsid)) == NULL)
2204 {
2205 free (name_copy);
2206 _dl_signal_error (ENOMEM, name, NULL,
2207 N_("cannot create shared object descriptor"));
2208 }
2209 /* Signal that this is a faked entry. */
2210 l->l_faked = 1;
2211 /* Since the descriptor is initialized with zero we do not
2212 have do this here.
2213 l->l_reserved = 0; */
2214 l->l_buckets = &dummy_bucket;
2215 l->l_nbuckets = 1;
2216 l->l_relocated = 1;
2217
2218 /* Enter the object in the object list. */
2219 _dl_add_to_namespace_list (l, nsid);
2220
2221 return l;
2222 }
2223 else if (found_other_class)
2224 _dl_signal_error (0, name, NULL,
2225 ELFW(CLASS) == ELFCLASS32
2226 ? N_("wrong ELF class: ELFCLASS64")
2227 : N_("wrong ELF class: ELFCLASS32"));
2228 else
2229 _dl_signal_error (errno, name, NULL,
2230 N_("cannot open shared object file"));
2231 }
2232
2233 void *stack_end = __libc_stack_end;
2234 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2235 type, mode, &stack_end, nsid);
2236 }
2237
2238 struct add_path_state
2239 {
2240 bool counting;
2241 unsigned int idx;
2242 Dl_serinfo *si;
2243 char *allocptr;
2244 };
2245
2246 static void
2247 add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2248 unsigned int flags)
2249 {
2250 if (sps->dirs != (void *) -1)
2251 {
2252 struct r_search_path_elem **dirs = sps->dirs;
2253 do
2254 {
2255 const struct r_search_path_elem *const r = *dirs++;
2256 if (p->counting)
2257 {
2258 p->si->dls_cnt++;
2259 p->si->dls_size += MAX (2, r->dirnamelen);
2260 }
2261 else
2262 {
2263 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2264 sp->dls_name = p->allocptr;
2265 if (r->dirnamelen < 2)
2266 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2267 else
2268 p->allocptr = __mempcpy (p->allocptr,
2269 r->dirname, r->dirnamelen - 1);
2270 *p->allocptr++ = '\0';
2271 sp->dls_flags = flags;
2272 }
2273 }
2274 while (*dirs != NULL);
2275 }
2276 }
2277
2278 void
2279 _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2280 {
2281 if (counting)
2282 {
2283 si->dls_cnt = 0;
2284 si->dls_size = 0;
2285 }
2286
2287 struct add_path_state p =
2288 {
2289 .counting = counting,
2290 .idx = 0,
2291 .si = si,
2292 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2293 };
2294
2295 # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2296
2297 /* When the object has the RUNPATH information we don't use any RPATHs. */
2298 if (loader->l_info[DT_RUNPATH] == NULL)
2299 {
2300 /* First try the DT_RPATH of the dependent object that caused NAME
2301 to be loaded. Then that object's dependent, and on up. */
2302
2303 struct link_map *l = loader;
2304 do
2305 {
2306 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2307 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2308 l = l->l_loader;
2309 }
2310 while (l != NULL);
2311
2312 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2313 if (loader->l_ns == LM_ID_BASE)
2314 {
2315 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2316 if (l != NULL && l->l_type != lt_loaded && l != loader)
2317 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2318 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2319 }
2320 }
2321
2322 /* Try the LD_LIBRARY_PATH environment variable. */
2323 add_path (&p, &__rtld_env_path_list, XXX_ENV);
2324
2325 /* Look at the RUNPATH information for this binary. */
2326 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2327 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2328
2329 /* XXX
2330 Here is where ld.so.cache gets checked, but we don't have
2331 a way to indicate that in the results for Dl_serinfo. */
2332
2333 /* Finally, try the default path. */
2334 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2335 add_path (&p, &__rtld_search_dirs, XXX_default);
2336
2337 if (counting)
2338 /* Count the struct size before the string area, which we didn't
2339 know before we completed dls_cnt. */
2340 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2341 }
sources.redhat.com git mirror of glibc CVS