search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dhcpcd: update README.DRAGONFLY
[dragonfly.git] / libexec / rtld-elf / rtld.c
blobccd7dba2c96ceb5822f6e649043966b6248867f7
1 /*-
2 * Copyright 1996, 1997, 1998, 1999, 2000 John D. Polstra.
3 * Copyright 2003 Alexander Kabaev <kan@FreeBSD.ORG>.
4 * Copyright 2009-2012 Konstantin Belousov <kib@FreeBSD.ORG>.
5 * Copyright 2012 John Marino <draco@marino.st>.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 *
28 * $FreeBSD$
29 */
30
31 /*
32 * Dynamic linker for ELF.
33 *
34 * John Polstra <jdp@polstra.com>.
35 */
36
37 #ifndef __GNUC__
38 #error "GCC is needed to compile this file"
39 #endif
40
41 #include <sys/param.h>
42 #include <sys/mount.h>
43 #include <sys/mman.h>
44 #include <sys/stat.h>
45 #include <sys/sysctl.h>
46 #include <sys/utsname.h>
47 #include <sys/ktrace.h>
48 #include <sys/resident.h>
49 #include <sys/tls.h>
50
51 #include <machine/tls.h>
52
53 #include <dlfcn.h>
54 #include <err.h>
55 #include <errno.h>
56 #include <fcntl.h>
57 #include <stdarg.h>
58 #include <stdio.h>
59 #include <stdlib.h>
60 #include <string.h>
61 #include <unistd.h>
62
63 #include "debug.h"
64 #include "rtld.h"
65 #include "libmap.h"
66 #include "rtld_printf.h"
67 #include "notes.h"
68
69 #define PATH_RTLD "/usr/libexec/ld-elf.so.2"
70 #define LD_ARY_CACHE 16
71
72 /* Types. */
73 typedef void (*func_ptr_type)();
74 typedef void * (*path_enum_proc) (const char *path, size_t len, void *arg);
75
76 /*
77 * Function declarations.
78 */
79 static int __getstatictlsextra(void);
80 static const char *_getenv_ld(const char *id);
81 static void die(void) __dead2;
82 static void digest_dynamic1(Obj_Entry *, int, const Elf_Dyn **,
83 const Elf_Dyn **, const Elf_Dyn **);
84 static void digest_dynamic2(Obj_Entry *, const Elf_Dyn *, const Elf_Dyn *,
85 const Elf_Dyn *);
86 static void digest_dynamic(Obj_Entry *, int);
87 static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t, const char *);
88 static void distribute_static_tls(Objlist *, RtldLockState *);
89 static Obj_Entry *dlcheck(void *);
90 static Obj_Entry *dlopen_object(const char *name, int fd, Obj_Entry *refobj,
91 int lo_flags, int mode, RtldLockState *lockstate);
92 static Obj_Entry *do_load_object(int, const char *, char *, struct stat *, int);
93 static int do_search_info(const Obj_Entry *obj, int, struct dl_serinfo *);
94 static bool donelist_check(DoneList *, const Obj_Entry *);
95 static void errmsg_restore(char *);
96 static char *errmsg_save(void);
97 static void *fill_search_info(const char *, size_t, void *);
98 static char *find_library(const char *, const Obj_Entry *, int *);
99 static const char *gethints(bool);
100 static void init_dag(Obj_Entry *);
101 static void init_rtld(caddr_t, Elf_Auxinfo **);
102 static void initlist_add_neededs(Needed_Entry *, Objlist *);
103 static void initlist_add_objects(Obj_Entry *, Obj_Entry **, Objlist *);
104 static void linkmap_add(Obj_Entry *);
105 static void linkmap_delete(Obj_Entry *);
106 static void load_filtees(Obj_Entry *, int flags, RtldLockState *);
107 static void unload_filtees(Obj_Entry *);
108 static int load_needed_objects(Obj_Entry *, int);
109 static int load_preload_objects(void);
110 static Obj_Entry *load_object(const char *, int fd, const Obj_Entry *, int);
111 static void map_stacks_exec(RtldLockState *);
112 static Obj_Entry *obj_from_addr(const void *);
113 static void objlist_call_fini(Objlist *, Obj_Entry *, RtldLockState *);
114 static void objlist_call_init(Objlist *, RtldLockState *);
115 static void objlist_clear(Objlist *);
116 static Objlist_Entry *objlist_find(Objlist *, const Obj_Entry *);
117 static void objlist_init(Objlist *);
118 static void objlist_push_head(Objlist *, Obj_Entry *);
119 static void objlist_push_tail(Objlist *, Obj_Entry *);
120 static void objlist_put_after(Objlist *, Obj_Entry *, Obj_Entry *);
121 static void objlist_remove(Objlist *, Obj_Entry *);
122 static int parse_libdir(const char *);
123 static void *path_enumerate(const char *, path_enum_proc, void *);
124 static int relocate_object_dag(Obj_Entry *root, bool bind_now,
125 Obj_Entry *rtldobj, int flags, RtldLockState *lockstate);
126 static int relocate_object(Obj_Entry *obj, bool bind_now, Obj_Entry *rtldobj,
127 int flags, RtldLockState *lockstate);
128 static int relocate_objects(Obj_Entry *, bool, Obj_Entry *, int,
129 RtldLockState *);
130 static int resolve_objects_ifunc(Obj_Entry *first, bool bind_now,
131 int flags, RtldLockState *lockstate);
132 static int rtld_dirname(const char *, char *);
133 static int rtld_dirname_abs(const char *, char *);
134 static void *rtld_dlopen(const char *name, int fd, int mode);
135 static void rtld_exit(void);
136 static char *search_library_path(const char *, const char *);
137 static char *search_library_pathfds(const char *, const char *, int *);
138 static const void **get_program_var_addr(const char *, RtldLockState *);
139 static void set_program_var(const char *, const void *);
140 static int symlook_default(SymLook *, const Obj_Entry *refobj);
141 static int symlook_global(SymLook *, DoneList *);
142 static void symlook_init_from_req(SymLook *, const SymLook *);
143 static int symlook_list(SymLook *, const Objlist *, DoneList *);
144 static int symlook_needed(SymLook *, const Needed_Entry *, DoneList *);
145 static int symlook_obj1_sysv(SymLook *, const Obj_Entry *);
146 static int symlook_obj1_gnu(SymLook *, const Obj_Entry *);
147 static void trace_loaded_objects(Obj_Entry *);
148 static void unlink_object(Obj_Entry *);
149 static void unload_object(Obj_Entry *);
150 static void unref_dag(Obj_Entry *);
151 static void ref_dag(Obj_Entry *);
152 static char *origin_subst_one(char *, const char *, const char *, bool);
153 static char *origin_subst(char *, const char *);
154 static void preinit_main(void);
155 static int rtld_verify_versions(const Objlist *);
156 static int rtld_verify_object_versions(Obj_Entry *);
157 static void object_add_name(Obj_Entry *, const char *);
158 static int object_match_name(const Obj_Entry *, const char *);
159 static void ld_utrace_log(int, void *, void *, size_t, int, const char *);
160 static void rtld_fill_dl_phdr_info(const Obj_Entry *obj,
161 struct dl_phdr_info *phdr_info);
162 static uint_fast32_t gnu_hash (const char *);
163 static bool matched_symbol(SymLook *, const Obj_Entry *, Sym_Match_Result *,
164 const unsigned long);
165
166 void r_debug_state(struct r_debug *, struct link_map *) __noinline;
167 void _r_debug_postinit(struct link_map *) __noinline;
168
169 /*
170 * Data declarations.
171 */
172 static char *error_message; /* Message for dlerror(), or NULL */
173 struct r_debug r_debug; /* for GDB; */
174 static bool libmap_disable; /* Disable libmap */
175 static bool ld_loadfltr; /* Immediate filters processing */
176 static char *libmap_override; /* Maps to use in addition to libmap.conf */
177 static bool trust; /* False for setuid and setgid programs */
178 static bool dangerous_ld_env; /* True if environment variables have been
179 used to affect the libraries loaded */
180 static const char *ld_bind_now; /* Environment variable for immediate binding */
181 static const char *ld_debug; /* Environment variable for debugging */
182 static const char *ld_library_path; /* Environment variable for search path */
183 static const char *ld_library_dirs; /* Env variable for library descriptors */
184 static char *ld_preload; /* Environment variable for libraries to
185 load first */
186 static const char *ld_elf_hints_path; /* Env var. for alternative hints path */
187 static const char *ld_tracing; /* Called from ldd to print libs */
188 static const char *ld_utrace; /* Use utrace() to log events. */
189 static int (*rtld_functrace)( /* Optional function call tracing hook */
190 const char *caller_obj,
191 const char *callee_obj,
192 const char *callee_func,
193 void *stack);
194 static const Obj_Entry *rtld_functrace_obj; /* Object thereof */
195 static Obj_Entry *obj_list; /* Head of linked list of shared objects */
196 static Obj_Entry **obj_tail; /* Link field of last object in list */
197 static Obj_Entry **preload_tail;
198 static Obj_Entry *obj_main; /* The main program shared object */
199 static Obj_Entry obj_rtld; /* The dynamic linker shared object */
200 static unsigned int obj_count; /* Number of objects in obj_list */
201 static unsigned int obj_loads; /* Number of objects in obj_list */
202
203 static int ld_resident; /* Non-zero if resident */
204 static const char *ld_ary[LD_ARY_CACHE];
205 static int ld_index;
206 static Objlist initlist;
207
208 static Objlist list_global = /* Objects dlopened with RTLD_GLOBAL */
209 STAILQ_HEAD_INITIALIZER(list_global);
210 static Objlist list_main = /* Objects loaded at program startup */
211 STAILQ_HEAD_INITIALIZER(list_main);
212 static Objlist list_fini = /* Objects needing fini() calls */
213 STAILQ_HEAD_INITIALIZER(list_fini);
214
215 static Elf_Sym sym_zero; /* For resolving undefined weak refs. */
216 const char *__ld_sharedlib_base;
217
218 #define GDB_STATE(s,m) r_debug.r_state = s; r_debug_state(&r_debug,m);
219
220 extern Elf_Dyn _DYNAMIC;
221 #pragma weak _DYNAMIC
222 #ifndef RTLD_IS_DYNAMIC
223 #define RTLD_IS_DYNAMIC() (&_DYNAMIC != NULL)
224 #endif
225
226 #ifdef ENABLE_OSRELDATE
227 int osreldate;
228 #endif
229
230 static int stack_prot = PROT_READ | PROT_WRITE | RTLD_DEFAULT_STACK_EXEC;
231 #if 0
232 static int max_stack_flags;
233 #endif
234
235 /*
236 * Global declarations normally provided by crt1. The dynamic linker is
237 * not built with crt1, so we have to provide them ourselves.
238 */
239 char *__progname;
240 char **environ;
241
242 /*
243 * Used to pass argc, argv to init functions.
244 */
245 int main_argc;
246 char **main_argv;
247
248 /*
249 * Globals to control TLS allocation.
250 */
251 size_t tls_last_offset; /* Static TLS offset of last module */
252 size_t tls_last_size; /* Static TLS size of last module */
253 size_t tls_static_space; /* Static TLS space allocated */
254 int tls_dtv_generation = 1; /* Used to detect when dtv size changes */
255 int tls_max_index = 1; /* Largest module index allocated */
256
257 /*
258 * Fill in a DoneList with an allocation large enough to hold all of
259 * the currently-loaded objects. Keep this as a macro since it calls
260 * alloca and we want that to occur within the scope of the caller.
261 */
262 #define donelist_init(dlp) \
263 ((dlp)->objs = alloca(obj_count * sizeof (dlp)->objs[0]), \
264 assert((dlp)->objs != NULL), \
265 (dlp)->num_alloc = obj_count, \
266 (dlp)->num_used = 0)
267
268 #define UTRACE_DLOPEN_START 1
269 #define UTRACE_DLOPEN_STOP 2
270 #define UTRACE_DLCLOSE_START 3
271 #define UTRACE_DLCLOSE_STOP 4
272 #define UTRACE_LOAD_OBJECT 5
273 #define UTRACE_UNLOAD_OBJECT 6
274 #define UTRACE_ADD_RUNDEP 7
275 #define UTRACE_PRELOAD_FINISHED 8
276 #define UTRACE_INIT_CALL 9
277 #define UTRACE_FINI_CALL 10
278
279 struct utrace_rtld {
280 char sig[4]; /* 'RTLD' */
281 int event;
282 void *handle;
283 void *mapbase; /* Used for 'parent' and 'init/fini' */
284 size_t mapsize;
285 int refcnt; /* Used for 'mode' */
286 char name[MAXPATHLEN];
287 };
288
289 #define LD_UTRACE(e, h, mb, ms, r, n) do { \
290 if (ld_utrace != NULL) \
291 ld_utrace_log(e, h, mb, ms, r, n); \
292 } while (0)
293
294 static void
295 ld_utrace_log(int event, void *handle, void *mapbase, size_t mapsize,
296 int refcnt, const char *name)
297 {
298 struct utrace_rtld ut;
299
300 ut.sig[0] = 'R';
301 ut.sig[1] = 'T';
302 ut.sig[2] = 'L';
303 ut.sig[3] = 'D';
304 ut.event = event;
305 ut.handle = handle;
306 ut.mapbase = mapbase;
307 ut.mapsize = mapsize;
308 ut.refcnt = refcnt;
309 bzero(ut.name, sizeof(ut.name));
310 if (name)
311 strlcpy(ut.name, name, sizeof(ut.name));
312 utrace(&ut, sizeof(ut));
313 }
314
315 /*
316 * Main entry point for dynamic linking. The first argument is the
317 * stack pointer. The stack is expected to be laid out as described
318 * in the SVR4 ABI specification, Intel 386 Processor Supplement.
319 * Specifically, the stack pointer points to a word containing
320 * ARGC. Following that in the stack is a null-terminated sequence
321 * of pointers to argument strings. Then comes a null-terminated
322 * sequence of pointers to environment strings. Finally, there is a
323 * sequence of "auxiliary vector" entries.
324 *
325 * The second argument points to a place to store the dynamic linker's
326 * exit procedure pointer and the third to a place to store the main
327 * program's object.
328 *
329 * The return value is the main program's entry point.
330 */
331 func_ptr_type
332 _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
333 {
334 Elf_Auxinfo *aux_info[AT_COUNT];
335 int i;
336 int argc;
337 char **argv;
338 char **env;
339 Elf_Auxinfo *aux;
340 Elf_Auxinfo *auxp;
341 const char *argv0;
342 Objlist_Entry *entry;
343 Obj_Entry *obj;
344 Obj_Entry *last_interposer;
345
346 /* marino: DO NOT MOVE THESE VARIABLES TO _rtld
347 Obj_Entry **preload_tail;
348 Objlist initlist;
349 from global to here. It will break the DWARF2 unwind scheme.
350 */
351
352 /*
353 * On entry, the dynamic linker itself has not been relocated yet.
354 * Be very careful not to reference any global data until after
355 * init_rtld has returned. It is OK to reference file-scope statics
356 * and string constants, and to call static and global functions.
357 */
358
359 /* Find the auxiliary vector on the stack. */
360 argc = *sp++;
361 argv = (char **) sp;
362 sp += argc + 1; /* Skip over arguments and NULL terminator */
363 env = (char **) sp;
364
365 /*
366 * If we aren't already resident we have to dig out some more info.
367 * Note that auxinfo does not exist when we are resident.
368 *
369 * I'm not sure about the ld_resident check. It seems to read zero
370 * prior to relocation, which is what we want. When running from a
371 * resident copy everything will be relocated so we are definitely
372 * good there.
373 */
374 if (ld_resident == 0) {
375 while (*sp++ != 0) /* Skip over environment, and NULL terminator */
376 ;
377 aux = (Elf_Auxinfo *) sp;
378
379 /* Digest the auxiliary vector. */
380 for (i = 0; i < AT_COUNT; i++)
381 aux_info[i] = NULL;
382 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) {
383 if (auxp->a_type < AT_COUNT)
384 aux_info[auxp->a_type] = auxp;
385 }
386
387 /* Initialize and relocate ourselves. */
388 assert(aux_info[AT_BASE] != NULL);
389 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr, aux_info);
390 }
391
392 ld_index = 0; /* don't use old env cache in case we are resident */
393 __progname = obj_rtld.path;
394 argv0 = argv[0] != NULL ? argv[0] : "(null)";
395 environ = env;
396 main_argc = argc;
397 main_argv = argv;
398
399 trust = !issetugid();
400
401 ld_bind_now = _getenv_ld("LD_BIND_NOW");
402 /*
403 * If the process is tainted, then we un-set the dangerous environment
404 * variables. The process will be marked as tainted until setuid(2)
405 * is called. If any child process calls setuid(2) we do not want any
406 * future processes to honor the potentially un-safe variables.
407 */
408 if (!trust) {
409 if ( unsetenv("LD_DEBUG")
410 || unsetenv("LD_PRELOAD")
411 || unsetenv("LD_LIBRARY_PATH")
412 || unsetenv("LD_LIBRARY_PATH_FDS")
413 || unsetenv("LD_ELF_HINTS_PATH")
414 || unsetenv("LD_LIBMAP")
415 || unsetenv("LD_LIBMAP_DISABLE")
416 || unsetenv("LD_LOADFLTR")
417 || unsetenv("LD_SHAREDLIB_BASE")
418 ) {
419 _rtld_error("environment corrupt; aborting");
420 die();
421 }
422 }
423 __ld_sharedlib_base = _getenv_ld("LD_SHAREDLIB_BASE");
424 ld_debug = _getenv_ld("LD_DEBUG");
425 libmap_disable = _getenv_ld("LD_LIBMAP_DISABLE") != NULL;
426 libmap_override = (char *)_getenv_ld("LD_LIBMAP");
427 ld_library_path = _getenv_ld("LD_LIBRARY_PATH");
428 ld_library_dirs = _getenv_ld("LD_LIBRARY_PATH_FDS");
429 ld_preload = (char *)_getenv_ld("LD_PRELOAD");
430 ld_elf_hints_path = _getenv_ld("LD_ELF_HINTS_PATH");
431 ld_loadfltr = _getenv_ld("LD_LOADFLTR") != NULL;
432 dangerous_ld_env = (ld_library_path != NULL)
433 || (ld_preload != NULL)
434 || (ld_elf_hints_path != NULL)
435 || ld_loadfltr
436 || (libmap_override != NULL)
437 || libmap_disable
438 ;
439 ld_tracing = _getenv_ld("LD_TRACE_LOADED_OBJECTS");
440 ld_utrace = _getenv_ld("LD_UTRACE");
441
442 if ((ld_elf_hints_path == NULL) || strlen(ld_elf_hints_path) == 0)
443 ld_elf_hints_path = _PATH_ELF_HINTS;
444
445 if (ld_debug != NULL && *ld_debug != '\0')
446 debug = 1;
447 dbg("%s is initialized, base address = %p", __progname,
448 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr);
449 dbg("RTLD dynamic = %p", obj_rtld.dynamic);
450 dbg("RTLD pltgot = %p", obj_rtld.pltgot);
451
452 dbg("initializing thread locks");
453 lockdflt_init();
454
455 /*
456 * If we are resident we can skip work that we have already done.
457 * Note that the stack is reset and there is no Elf_Auxinfo
458 * when running from a resident image, and the static globals setup
459 * between here and resident_skip will have already been setup.
460 */
461 if (ld_resident)
462 goto resident_skip1;
463
464 /*
465 * Load the main program, or process its program header if it is
466 * already loaded.
467 */
468 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */
469 int fd = aux_info[AT_EXECFD]->a_un.a_val;
470 dbg("loading main program");
471 obj_main = map_object(fd, argv0, NULL);
472 close(fd);
473 if (obj_main == NULL)
474 die();
475 #if 0
476 max_stack_flags = obj_main->stack_flags;
477 #endif
478 } else { /* Main program already loaded. */
479 const Elf_Phdr *phdr;
480 int phnum;
481 caddr_t entry;
482
483 dbg("processing main program's program header");
484 assert(aux_info[AT_PHDR] != NULL);
485 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr;
486 assert(aux_info[AT_PHNUM] != NULL);
487 phnum = aux_info[AT_PHNUM]->a_un.a_val;
488 assert(aux_info[AT_PHENT] != NULL);
489 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr));
490 assert(aux_info[AT_ENTRY] != NULL);
491 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr;
492 if ((obj_main = digest_phdr(phdr, phnum, entry, argv0)) == NULL)
493 die();
494 }
495
496 char buf[MAXPATHLEN];
497 if (aux_info[AT_EXECPATH] != NULL) {
498 char *kexecpath;
499
500 kexecpath = aux_info[AT_EXECPATH]->a_un.a_ptr;
501 dbg("AT_EXECPATH %p %s", kexecpath, kexecpath);
502 if (kexecpath[0] == '/')
503 obj_main->path = kexecpath;
504 else if (getcwd(buf, sizeof(buf)) == NULL ||
505 strlcat(buf, "/", sizeof(buf)) >= sizeof(buf) ||
506 strlcat(buf, kexecpath, sizeof(buf)) >= sizeof(buf))
507 obj_main->path = xstrdup(argv0);
508 else
509 obj_main->path = xstrdup(buf);
510 } else {
511 char resolved[MAXPATHLEN];
512 dbg("No AT_EXECPATH");
513 if (argv0[0] == '/') {
514 if (realpath(argv0, resolved) != NULL)
515 obj_main->path = xstrdup(resolved);
516 else
517 obj_main->path = xstrdup(argv0);
518 } else {
519 if (getcwd(buf, sizeof(buf)) != NULL
520 && strlcat(buf, "/", sizeof(buf)) < sizeof(buf)
521 && strlcat(buf, argv0, sizeof (buf)) < sizeof(buf)
522 && access(buf, R_OK) == 0
523 && realpath(buf, resolved) != NULL)
524 obj_main->path = xstrdup(resolved);
525 else
526 obj_main->path = xstrdup(argv0);
527 }
528 }
529 dbg("obj_main path %s", obj_main->path);
530 obj_main->mainprog = true;
531
532 if (aux_info[AT_STACKPROT] != NULL &&
533 aux_info[AT_STACKPROT]->a_un.a_val != 0)
534 stack_prot = aux_info[AT_STACKPROT]->a_un.a_val;
535
536 /*
537 * Get the actual dynamic linker pathname from the executable if
538 * possible. (It should always be possible.) That ensures that
539 * gdb will find the right dynamic linker even if a non-standard
540 * one is being used.
541 */
542 if (obj_main->interp != NULL &&
543 strcmp(obj_main->interp, obj_rtld.path) != 0) {
544 free(obj_rtld.path);
545 obj_rtld.path = xstrdup(obj_main->interp);
546 __progname = obj_rtld.path;
547 }
548
549 digest_dynamic(obj_main, 0);
550 dbg("%s valid_hash_sysv %d valid_hash_gnu %d dynsymcount %d",
551 obj_main->path, obj_main->valid_hash_sysv, obj_main->valid_hash_gnu,
552 obj_main->dynsymcount);
553
554 linkmap_add(obj_main);
555 linkmap_add(&obj_rtld);
556
557 /* Link the main program into the list of objects. */
558 *obj_tail = obj_main;
559 obj_tail = &obj_main->next;
560 obj_count++;
561 obj_loads++;
562
563 /* Initialize a fake symbol for resolving undefined weak references. */
564 sym_zero.st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE);
565 sym_zero.st_shndx = SHN_UNDEF;
566 sym_zero.st_value = -(uintptr_t)obj_main->relocbase;
567
568 if (!libmap_disable)
569 libmap_disable = (bool)lm_init(libmap_override);
570
571 dbg("loading LD_PRELOAD libraries");
572 if (load_preload_objects() == -1)
573 die();
574 preload_tail = obj_tail;
575
576 dbg("loading needed objects");
577 if (load_needed_objects(obj_main, 0) == -1)
578 die();
579
580 /* Make a list of all objects loaded at startup. */
581 last_interposer = obj_main;
582 for (obj = obj_list; obj != NULL; obj = obj->next) {
583 if (obj->z_interpose && obj != obj_main) {
584 objlist_put_after(&list_main, last_interposer, obj);
585 last_interposer = obj;
586 } else {
587 objlist_push_tail(&list_main, obj);
588 }
589 obj->refcount++;
590 }
591
592 dbg("checking for required versions");
593 if (rtld_verify_versions(&list_main) == -1 && !ld_tracing)
594 die();
595
596 resident_skip1:
597
598 if (ld_tracing) { /* We're done */
599 trace_loaded_objects(obj_main);
600 exit(0);
601 }
602
603 if (ld_resident) /* XXX clean this up! */
604 goto resident_skip2;
605
606 if (_getenv_ld("LD_DUMP_REL_PRE") != NULL) {
607 dump_relocations(obj_main);
608 exit (0);
609 }
610
611 /* setup TLS for main thread */
612 dbg("initializing initial thread local storage");
613 STAILQ_FOREACH(entry, &list_main, link) {
614 /*
615 * Allocate all the initial objects out of the static TLS
616 * block even if they didn't ask for it.
617 */
618 allocate_tls_offset(entry->obj);
619 }
620
621 /*
622 * Calculate the size of the TLS static segment. This is allocated
623 * for every thread. Generally make it page-aligned for efficiency,
624 * but take into account the fact that the actual allocation also
625 * includes room for the struct tls_tcb header.
626 */
627 {
628 ssize_t space;
629 ssize_t extra;
630
631 extra = __getstatictlsextra();
632 space = tls_last_offset + extra + sizeof(struct tls_tcb);
633 space = (space + PAGE_SIZE - 1) & ~((ssize_t)PAGE_SIZE - 1);
634
635 tls_static_space = (size_t)space - sizeof(struct tls_tcb);
636 }
637
638 /*
639 * Do not try to allocate the TLS here, let libc do it itself.
640 * (crt1 for the program will call _init_tls())
641 */
642
643 if (relocate_objects(obj_main,
644 ld_bind_now != NULL && *ld_bind_now != '\0',
645 &obj_rtld, SYMLOOK_EARLY, NULL) == -1)
646 die();
647
648 dbg("doing copy relocations");
649 if (do_copy_relocations(obj_main) == -1)
650 die();
651
652 resident_skip2:
653
654 if (_getenv_ld("LD_RESIDENT_UNREGISTER_NOW")) {
655 if (exec_sys_unregister(-1) < 0) {
656 dbg("exec_sys_unregister failed %d\n", errno);
657 exit(errno);
658 }
659 dbg("exec_sys_unregister success\n");
660 exit(0);
661 }
662
663 if (_getenv_ld("LD_DUMP_REL_POST") != NULL) {
664 dump_relocations(obj_main);
665 exit (0);
666 }
667
668 dbg("initializing key program variables");
669 set_program_var("__progname", argv[0] != NULL ? basename(argv[0]) : "");
670 set_program_var("environ", env);
671 set_program_var("__elf_aux_vector", aux);
672
673 if (_getenv_ld("LD_RESIDENT_REGISTER_NOW")) {
674 extern void resident_start(void);
675 ld_resident = 1;
676 if (exec_sys_register(resident_start) < 0) {
677 dbg("exec_sys_register failed %d\n", errno);
678 exit(errno);
679 }
680 dbg("exec_sys_register success\n");
681 exit(0);
682 }
683
684 /* Make a list of init functions to call. */
685 objlist_init(&initlist);
686 initlist_add_objects(obj_list, preload_tail, &initlist);
687
688 r_debug_state(NULL, &obj_main->linkmap); /* say hello to gdb! */
689
690 map_stacks_exec(NULL);
691
692 dbg("resolving ifuncs");
693 {
694 RtldLockState lockstate;
695
696 wlock_acquire(rtld_bind_lock, &lockstate);
697 if (resolve_objects_ifunc(
698 obj_main,
699 (ld_bind_now != NULL && *ld_bind_now != '\0'),
700 SYMLOOK_EARLY,
701 &lockstate) == -1) {
702 die();
703 }
704 lock_release(rtld_bind_lock, &lockstate);
705 }
706
707 /*
708 * Do NOT call the initlist here, give libc a chance to set up
709 * the initial TLS segment. crt1 will then call _rtld_call_init().
710 */
711
712 dbg("transferring control to program entry point = %p", obj_main->entry);
713
714 /* Return the exit procedure and the program entry point. */
715 *exit_proc = rtld_exit;
716 *objp = obj_main;
717 return (func_ptr_type) obj_main->entry;
718 }
719
720 /*
721 * Call the initialization list for dynamically loaded libraries.
722 * (called from crt1.c).
723 */
724 void
725 _rtld_call_init(void)
726 {
727 RtldLockState lockstate;
728 Obj_Entry *obj;
729
730 if (!obj_main->note_present && obj_main->valid_hash_gnu) {
731 /*
732 * The use of a linker script with a PHDRS directive that does not include
733 * PT_NOTE will block the crt_no_init note. In this case we'll look for the
734 * recently added GNU hash dynamic tag which gets built by default. It is
735 * extremely unlikely to find a pre-3.1 binary without a PT_NOTE header and
736 * a gnu hash tag. If gnu hash found, consider binary to use new crt code.
737 */
738 obj_main->crt_no_init = true;
739 dbg("Setting crt_no_init without presence of PT_NOTE header");
740 }
741
742 wlock_acquire(rtld_bind_lock, &lockstate);
743 if (obj_main->crt_no_init)
744 preinit_main();
745 else {
746 /*
747 * Make sure we don't call the main program's init and fini functions
748 * for binaries linked with old crt1 which calls _init itself.
749 */
750 obj_main->init = obj_main->fini = (Elf_Addr)NULL;
751 obj_main->init_array = obj_main->fini_array = (Elf_Addr)NULL;
752 }
753 objlist_call_init(&initlist, &lockstate);
754 _r_debug_postinit(&obj_main->linkmap);
755 objlist_clear(&initlist);
756 dbg("loading filtees");
757 for (obj = obj_list->next; obj != NULL; obj = obj->next) {
758 if (ld_loadfltr || obj->z_loadfltr)
759 load_filtees(obj, 0, &lockstate);
760 }
761 lock_release(rtld_bind_lock, &lockstate);
762 }
763
764 void *
765 rtld_resolve_ifunc(const Obj_Entry *obj, const Elf_Sym *def)
766 {
767 void *ptr;
768 Elf_Addr target;
769
770 ptr = (void *)make_function_pointer(def, obj);
771 target = ((Elf_Addr (*)(void))ptr)();
772 return ((void *)target);
773 }
774
775 Elf_Addr
776 _rtld_bind(Obj_Entry *obj, Elf_Size reloff, void *stack)
777 {
778 const Elf_Rel *rel;
779 const Elf_Sym *def;
780 const Obj_Entry *defobj;
781 Elf_Addr *where;
782 Elf_Addr target;
783 RtldLockState lockstate;
784
785 rlock_acquire(rtld_bind_lock, &lockstate);
786 if (sigsetjmp(lockstate.env, 0) != 0)
787 lock_upgrade(rtld_bind_lock, &lockstate);
788 if (obj->pltrel)
789 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff);
790 else
791 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff);
792
793 where = (Elf_Addr *) (obj->relocbase + rel->r_offset);
794 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true, NULL,
795 &lockstate);
796 if (def == NULL)
797 die();
798 if (ELF_ST_TYPE(def->st_info) == STT_GNU_IFUNC)
799 target = (Elf_Addr)rtld_resolve_ifunc(defobj, def);
800 else
801 target = (Elf_Addr)(defobj->relocbase + def->st_value);
802
803 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"",
804 defobj->strtab + def->st_name, basename(obj->path),
805 (void *)target, basename(defobj->path));
806
807 /*
808 * If we have a function call tracing hook, and the
809 * hook would like to keep tracing this one function,
810 * prevent the relocation so we will wind up here
811 * the next time again.
812 *
813 * We don't want to functrace calls from the functracer
814 * to avoid recursive loops.
815 */
816 if (rtld_functrace != NULL && obj != rtld_functrace_obj) {
817 if (rtld_functrace(obj->path,
818 defobj->path,
819 defobj->strtab + def->st_name,
820 stack)) {
821 lock_release(rtld_bind_lock, &lockstate);
822 return target;
823 }
824 }
825
826 /*
827 * Write the new contents for the jmpslot. Note that depending on
828 * architecture, the value which we need to return back to the
829 * lazy binding trampoline may or may not be the target
830 * address. The value returned from reloc_jmpslot() is the value
831 * that the trampoline needs.
832 */
833 target = reloc_jmpslot(where, target, defobj, obj, rel);
834 lock_release(rtld_bind_lock, &lockstate);
835 return target;
836 }
837
838 /*
839 * Error reporting function. Use it like printf. If formats the message
840 * into a buffer, and sets things up so that the next call to dlerror()
841 * will return the message.
842 */
843 void
844 _rtld_error(const char *fmt, ...)
845 {
846 static char buf[512];
847 va_list ap;
848
849 va_start(ap, fmt);
850 rtld_vsnprintf(buf, sizeof buf, fmt, ap);
851 error_message = buf;
852 va_end(ap);
853 }
854
855 /*
856 * Return a dynamically-allocated copy of the current error message, if any.
857 */
858 static char *
859 errmsg_save(void)
860 {
861 return error_message == NULL ? NULL : xstrdup(error_message);
862 }
863
864 /*
865 * Restore the current error message from a copy which was previously saved
866 * by errmsg_save(). The copy is freed.
867 */
868 static void
869 errmsg_restore(char *saved_msg)
870 {
871 if (saved_msg == NULL)
872 error_message = NULL;
873 else {
874 _rtld_error("%s", saved_msg);
875 free(saved_msg);
876 }
877 }
878
879 const char *
880 basename(const char *name)
881 {
882 const char *p = strrchr(name, '/');
883 return p != NULL ? p + 1 : name;
884 }
885
886 static struct utsname uts;
887
888 static char *
889 origin_subst_one(char *real, const char *kw, const char *subst,
890 bool may_free)
891 {
892 char *p, *p1, *res, *resp;
893 int subst_len, kw_len, subst_count, old_len, new_len;
894
895 kw_len = strlen(kw);
896
897 /*
898 * First, count the number of the keyword occurrences, to
899 * preallocate the final string.
900 */
901 for (p = real, subst_count = 0;; p = p1 + kw_len, subst_count++) {
902 p1 = strstr(p, kw);
903 if (p1 == NULL)
904 break;
905 }
906
907 /*
908 * If the keyword is not found, just return.
909 */
910 if (subst_count == 0)
911 return (may_free ? real : xstrdup(real));
912
913 /*
914 * There is indeed something to substitute. Calculate the
915 * length of the resulting string, and allocate it.
916 */
917 subst_len = strlen(subst);
918 old_len = strlen(real);
919 new_len = old_len + (subst_len - kw_len) * subst_count;
920 res = xmalloc(new_len + 1);
921
922 /*
923 * Now, execute the substitution loop.
924 */
925 for (p = real, resp = res, *resp = '\0';;) {
926 p1 = strstr(p, kw);
927 if (p1 != NULL) {
928 /* Copy the prefix before keyword. */
929 memcpy(resp, p, p1 - p);
930 resp += p1 - p;
931 /* Keyword replacement. */
932 memcpy(resp, subst, subst_len);
933 resp += subst_len;
934 *resp = '\0';
935 p = p1 + kw_len;
936 } else
937 break;
938 }
939
940 /* Copy to the end of string and finish. */
941 strcat(resp, p);
942 if (may_free)
943 free(real);
944 return (res);
945 }
946
947 static char *
948 origin_subst(char *real, const char *origin_path)
949 {
950 char *res1, *res2, *res3, *res4;
951
952 if (uts.sysname[0] == '\0') {
953 if (uname(&uts) != 0) {
954 _rtld_error("utsname failed: %d", errno);
955 return (NULL);
956 }
957 }
958 res1 = origin_subst_one(real, "$ORIGIN", origin_path, false);
959 res2 = origin_subst_one(res1, "$OSNAME", uts.sysname, true);
960 res3 = origin_subst_one(res2, "$OSREL", uts.release, true);
961 res4 = origin_subst_one(res3, "$PLATFORM", uts.machine, true);
962 return (res4);
963 }
964
965 static void
966 die(void)
967 {
968 const char *msg = dlerror();
969
970 if (msg == NULL)
971 msg = "Fatal error";
972 rtld_fdputstr(STDERR_FILENO, msg);
973 rtld_fdputchar(STDERR_FILENO, '\n');
974 _exit(1);
975 }
976
977 /*
978 * Process a shared object's DYNAMIC section, and save the important
979 * information in its Obj_Entry structure.
980 */
981 static void
982 digest_dynamic1(Obj_Entry *obj, int early, const Elf_Dyn **dyn_rpath,
983 const Elf_Dyn **dyn_soname, const Elf_Dyn **dyn_runpath)
984 {
985 const Elf_Dyn *dynp;
986 Needed_Entry **needed_tail = &obj->needed;
987 Needed_Entry **needed_filtees_tail = &obj->needed_filtees;
988 Needed_Entry **needed_aux_filtees_tail = &obj->needed_aux_filtees;
989 const Elf_Hashelt *hashtab;
990 const Elf32_Word *hashval;
991 Elf32_Word bkt, nmaskwords;
992 int bloom_size32;
993 bool nmw_power2;
994 int plttype = DT_REL;
995
996 *dyn_rpath = NULL;
997 *dyn_soname = NULL;
998 *dyn_runpath = NULL;
999
1000 obj->bind_now = false;
1001 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) {
1002 switch (dynp->d_tag) {
1003
1004 case DT_REL:
1005 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr);
1006 break;
1007
1008 case DT_RELSZ:
1009 obj->relsize = dynp->d_un.d_val;
1010 break;
1011
1012 case DT_RELENT:
1013 assert(dynp->d_un.d_val == sizeof(Elf_Rel));
1014 break;
1015
1016 case DT_JMPREL:
1017 obj->pltrel = (const Elf_Rel *)
1018 (obj->relocbase + dynp->d_un.d_ptr);
1019 break;
1020
1021 case DT_PLTRELSZ:
1022 obj->pltrelsize = dynp->d_un.d_val;
1023 break;
1024
1025 case DT_RELA:
1026 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr);
1027 break;
1028
1029 case DT_RELASZ:
1030 obj->relasize = dynp->d_un.d_val;
1031 break;
1032
1033 case DT_RELAENT:
1034 assert(dynp->d_un.d_val == sizeof(Elf_Rela));
1035 break;
1036
1037 case DT_PLTREL:
1038 plttype = dynp->d_un.d_val;
1039 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA);
1040 break;
1041
1042 case DT_SYMTAB:
1043 obj->symtab = (const Elf_Sym *)
1044 (obj->relocbase + dynp->d_un.d_ptr);
1045 break;
1046
1047 case DT_SYMENT:
1048 assert(dynp->d_un.d_val == sizeof(Elf_Sym));
1049 break;
1050
1051 case DT_STRTAB:
1052 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr);
1053 break;
1054
1055 case DT_STRSZ:
1056 obj->strsize = dynp->d_un.d_val;
1057 break;
1058
1059 case DT_VERNEED:
1060 obj->verneed = (const Elf_Verneed *) (obj->relocbase +
1061 dynp->d_un.d_val);
1062 break;
1063
1064 case DT_VERNEEDNUM:
1065 obj->verneednum = dynp->d_un.d_val;
1066 break;
1067
1068 case DT_VERDEF:
1069 obj->verdef = (const Elf_Verdef *) (obj->relocbase +
1070 dynp->d_un.d_val);
1071 break;
1072
1073 case DT_VERDEFNUM:
1074 obj->verdefnum = dynp->d_un.d_val;
1075 break;
1076
1077 case DT_VERSYM:
1078 obj->versyms = (const Elf_Versym *)(obj->relocbase +
1079 dynp->d_un.d_val);
1080 break;
1081
1082 case DT_HASH:
1083 {
1084 hashtab = (const Elf_Hashelt *)(obj->relocbase +
1085 dynp->d_un.d_ptr);
1086 obj->nbuckets = hashtab[0];
1087 obj->nchains = hashtab[1];
1088 obj->buckets = hashtab + 2;
1089 obj->chains = obj->buckets + obj->nbuckets;
1090 obj->valid_hash_sysv = obj->nbuckets > 0 && obj->nchains > 0 &&
1091 obj->buckets != NULL;
1092 }
1093 break;
1094
1095 case DT_GNU_HASH:
1096 {
1097 hashtab = (const Elf_Hashelt *)(obj->relocbase +
1098 dynp->d_un.d_ptr);
1099 obj->nbuckets_gnu = hashtab[0];
1100 obj->symndx_gnu = hashtab[1];
1101 nmaskwords = hashtab[2];
1102 bloom_size32 = (__ELF_WORD_SIZE / 32) * nmaskwords;
1103 /* Number of bitmask words is required to be power of 2 */
1104 nmw_power2 = powerof2(nmaskwords);
1105 obj->maskwords_bm_gnu = nmaskwords - 1;
1106 obj->shift2_gnu = hashtab[3];
1107 obj->bloom_gnu = (Elf_Addr *) (hashtab + 4);
1108 obj->buckets_gnu = hashtab + 4 + bloom_size32;
1109 obj->chain_zero_gnu = obj->buckets_gnu + obj->nbuckets_gnu -
1110 obj->symndx_gnu;
1111 obj->valid_hash_gnu = nmw_power2 && obj->nbuckets_gnu > 0 &&
1112 obj->buckets_gnu != NULL;
1113 }
1114 break;
1115
1116 case DT_NEEDED:
1117 if (!obj->rtld) {
1118 Needed_Entry *nep = NEW(Needed_Entry);
1119 nep->name = dynp->d_un.d_val;
1120 nep->obj = NULL;
1121 nep->next = NULL;
1122
1123 *needed_tail = nep;
1124 needed_tail = &nep->next;
1125 }
1126 break;
1127
1128 case DT_FILTER:
1129 if (!obj->rtld) {
1130 Needed_Entry *nep = NEW(Needed_Entry);
1131 nep->name = dynp->d_un.d_val;
1132 nep->obj = NULL;
1133 nep->next = NULL;
1134
1135 *needed_filtees_tail = nep;
1136 needed_filtees_tail = &nep->next;
1137 }
1138 break;
1139
1140 case DT_AUXILIARY:
1141 if (!obj->rtld) {
1142 Needed_Entry *nep = NEW(Needed_Entry);
1143 nep->name = dynp->d_un.d_val;
1144 nep->obj = NULL;
1145 nep->next = NULL;
1146
1147 *needed_aux_filtees_tail = nep;
1148 needed_aux_filtees_tail = &nep->next;
1149 }
1150 break;
1151
1152 case DT_PLTGOT:
1153 obj->pltgot = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr);
1154 break;
1155
1156 case DT_TEXTREL:
1157 obj->textrel = true;
1158 break;
1159
1160 case DT_SYMBOLIC:
1161 obj->symbolic = true;
1162 break;
1163
1164 case DT_RPATH:
1165 /*
1166 * We have to wait until later to process this, because we
1167 * might not have gotten the address of the string table yet.
1168 */
1169 *dyn_rpath = dynp;
1170 break;
1171
1172 case DT_SONAME:
1173 *dyn_soname = dynp;
1174 break;
1175
1176 case DT_RUNPATH:
1177 *dyn_runpath = dynp;
1178 break;
1179
1180 case DT_INIT:
1181 obj->init = (Elf_Addr) (obj->relocbase + dynp->d_un.d_ptr);
1182 break;
1183
1184 case DT_PREINIT_ARRAY:
1185 obj->preinit_array = (Elf_Addr)(obj->relocbase + dynp->d_un.d_ptr);
1186 break;
1187
1188 case DT_PREINIT_ARRAYSZ:
1189 obj->preinit_array_num = dynp->d_un.d_val / sizeof(Elf_Addr);
1190 break;
1191
1192 case DT_INIT_ARRAY:
1193 obj->init_array = (Elf_Addr)(obj->relocbase + dynp->d_un.d_ptr);
1194 break;
1195
1196 case DT_INIT_ARRAYSZ:
1197 obj->init_array_num = dynp->d_un.d_val / sizeof(Elf_Addr);
1198 break;
1199
1200 case DT_FINI:
1201 obj->fini = (Elf_Addr)(obj->relocbase + dynp->d_un.d_ptr);
1202 break;
1203
1204 case DT_FINI_ARRAY:
1205 obj->fini_array = (Elf_Addr)(obj->relocbase + dynp->d_un.d_ptr);
1206 break;
1207
1208 case DT_FINI_ARRAYSZ:
1209 obj->fini_array_num = dynp->d_un.d_val / sizeof(Elf_Addr);
1210 break;
1211
1212 case DT_DEBUG:
1213 /* XXX - not implemented yet */
1214 if (!early)
1215 dbg("Filling in DT_DEBUG entry");
1216 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug;
1217 break;
1218
1219 case DT_FLAGS:
1220 if ((dynp->d_un.d_val & DF_ORIGIN) && trust)
1221 obj->z_origin = true;
1222 if (dynp->d_un.d_val & DF_SYMBOLIC)
1223 obj->symbolic = true;
1224 if (dynp->d_un.d_val & DF_TEXTREL)
1225 obj->textrel = true;
1226 if (dynp->d_un.d_val & DF_BIND_NOW)
1227 obj->bind_now = true;
1228 if (dynp->d_un.d_val & DF_STATIC_TLS)
1229 obj->static_tls = true;
1230 break;
1231
1232 case DT_FLAGS_1:
1233 if (dynp->d_un.d_val & DF_1_NOOPEN)
1234 obj->z_noopen = true;
1235 if ((dynp->d_un.d_val & DF_1_ORIGIN) && trust)
1236 obj->z_origin = true;
1237 /*if (dynp->d_un.d_val & DF_1_GLOBAL)
1238 XXX ;*/
1239 if (dynp->d_un.d_val & DF_1_BIND_NOW)
1240 obj->bind_now = true;
1241 if (dynp->d_un.d_val & DF_1_NODELETE)
1242 obj->z_nodelete = true;
1243 if (dynp->d_un.d_val & DF_1_LOADFLTR)
1244 obj->z_loadfltr = true;
1245 if (dynp->d_un.d_val & DF_1_INTERPOSE)
1246 obj->z_interpose = true;
1247 if (dynp->d_un.d_val & DF_1_NODEFLIB)
1248 obj->z_nodeflib = true;
1249 break;
1250
1251 default:
1252 if (!early) {
1253 dbg("Ignoring d_tag %ld = %#lx", (long)dynp->d_tag,
1254 (long)dynp->d_tag);
1255 }
1256 break;
1257 }
1258 }
1259
1260 obj->traced = false;
1261
1262 if (plttype == DT_RELA) {
1263 obj->pltrela = (const Elf_Rela *) obj->pltrel;
1264 obj->pltrel = NULL;
1265 obj->pltrelasize = obj->pltrelsize;
1266 obj->pltrelsize = 0;
1267 }
1268
1269 /* Determine size of dynsym table (equal to nchains of sysv hash) */
1270 if (obj->valid_hash_sysv)
1271 obj->dynsymcount = obj->nchains;
1272 else if (obj->valid_hash_gnu) {
1273 obj->dynsymcount = 0;
1274 for (bkt = 0; bkt < obj->nbuckets_gnu; bkt++) {
1275 if (obj->buckets_gnu[bkt] == 0)
1276 continue;
1277 hashval = &obj->chain_zero_gnu[obj->buckets_gnu[bkt]];
1278 do
1279 obj->dynsymcount++;
1280 while ((*hashval++ & 1u) == 0);
1281 }
1282 obj->dynsymcount += obj->symndx_gnu;
1283 }
1284 }
1285
1286 static void
1287 digest_dynamic2(Obj_Entry *obj, const Elf_Dyn *dyn_rpath,
1288 const Elf_Dyn *dyn_soname, const Elf_Dyn *dyn_runpath)
1289 {
1290
1291 if (obj->z_origin && obj->origin_path == NULL) {
1292 obj->origin_path = xmalloc(PATH_MAX);
1293 if (rtld_dirname_abs(obj->path, obj->origin_path) == -1)
1294 die();
1295 }
1296
1297 if (dyn_runpath != NULL) {
1298 obj->runpath = (char *)obj->strtab + dyn_runpath->d_un.d_val;
1299 if (obj->z_origin)
1300 obj->runpath = origin_subst(obj->runpath, obj->origin_path);
1301 }
1302 else if (dyn_rpath != NULL) {
1303 obj->rpath = (char *)obj->strtab + dyn_rpath->d_un.d_val;
1304 if (obj->z_origin)
1305 obj->rpath = origin_subst(obj->rpath, obj->origin_path);
1306 }
1307
1308 if (dyn_soname != NULL)
1309 object_add_name(obj, obj->strtab + dyn_soname->d_un.d_val);
1310 }
1311
1312 static void
1313 digest_dynamic(Obj_Entry *obj, int early)
1314 {
1315 const Elf_Dyn *dyn_rpath;
1316 const Elf_Dyn *dyn_soname;
1317 const Elf_Dyn *dyn_runpath;
1318
1319 digest_dynamic1(obj, early, &dyn_rpath, &dyn_soname, &dyn_runpath);
1320 digest_dynamic2(obj, dyn_rpath, dyn_soname, dyn_runpath);
1321 }
1322
1323 /*
1324 * Process a shared object's program header. This is used only for the
1325 * main program, when the kernel has already loaded the main program
1326 * into memory before calling the dynamic linker. It creates and
1327 * returns an Obj_Entry structure.
1328 */
1329 static Obj_Entry *
1330 digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry, const char *path)
1331 {
1332 Obj_Entry *obj;
1333 const Elf_Phdr *phlimit = phdr + phnum;
1334 const Elf_Phdr *ph;
1335 Elf_Addr note_start, note_end;
1336 int nsegs = 0;
1337
1338 obj = obj_new();
1339 for (ph = phdr; ph < phlimit; ph++) {
1340 if (ph->p_type != PT_PHDR)
1341 continue;
1342
1343 obj->phdr = phdr;
1344 obj->phsize = ph->p_memsz;
1345 obj->relocbase = (caddr_t)phdr - ph->p_vaddr;
1346 break;
1347 }
1348
1349 obj->stack_flags = PF_X | PF_R | PF_W;
1350
1351 for (ph = phdr; ph < phlimit; ph++) {
1352 switch (ph->p_type) {
1353
1354 case PT_INTERP:
1355 obj->interp = (const char *)(ph->p_vaddr + obj->relocbase);
1356 break;
1357
1358 case PT_LOAD:
1359 if (nsegs == 0) { /* First load segment */
1360 obj->vaddrbase = trunc_page(ph->p_vaddr);
1361 obj->mapbase = obj->vaddrbase + obj->relocbase;
1362 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) -
1363 obj->vaddrbase;
1364 } else { /* Last load segment */
1365 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) -
1366 obj->vaddrbase;
1367 }
1368 nsegs++;
1369 break;
1370
1371 case PT_DYNAMIC:
1372 obj->dynamic = (const Elf_Dyn *)(ph->p_vaddr + obj->relocbase);
1373 break;
1374
1375 case PT_TLS:
1376 obj->tlsindex = 1;
1377 obj->tlssize = ph->p_memsz;
1378 obj->tlsalign = ph->p_align;
1379 obj->tlsinitsize = ph->p_filesz;
1380 obj->tlsinit = (void*)(ph->p_vaddr + obj->relocbase);
1381 break;
1382
1383 case PT_GNU_STACK:
1384 obj->stack_flags = ph->p_flags;
1385 break;
1386
1387 case PT_GNU_RELRO:
1388 obj->relro_page = obj->relocbase + trunc_page(ph->p_vaddr);
1389 obj->relro_size = round_page(ph->p_memsz);
1390 break;
1391
1392 case PT_NOTE:
1393 obj->note_present = true;
1394 note_start = (Elf_Addr)obj->relocbase + ph->p_vaddr;
1395 note_end = note_start + ph->p_filesz;
1396 digest_notes(obj, note_start, note_end);
1397 break;
1398 }
1399 }
1400 if (nsegs < 1) {
1401 _rtld_error("%s: too few PT_LOAD segments", path);
1402 return NULL;
1403 }
1404
1405 obj->entry = entry;
1406 return obj;
1407 }
1408
1409 void
1410 digest_notes(Obj_Entry *obj, Elf_Addr note_start, Elf_Addr note_end)
1411 {
1412 const Elf_Note *note;
1413 const char *note_name;
1414 uintptr_t p;
1415
1416 for (note = (const Elf_Note *)note_start; (Elf_Addr)note < note_end;
1417 note = (const Elf_Note *)((const char *)(note + 1) +
1418 roundup2(note->n_namesz, sizeof(Elf32_Addr)) +
1419 roundup2(note->n_descsz, sizeof(Elf32_Addr)))) {
1420 if (note->n_namesz != sizeof(NOTE_VENDOR) ||
1421 note->n_descsz != sizeof(int32_t))
1422 continue;
1423 if (note->n_type != ABI_NOTETYPE &&
1424 note->n_type != CRT_NOINIT_NOTETYPE)
1425 continue;
1426 note_name = (const char *)(note + 1);
1427 if (strncmp(NOTE_VENDOR, note_name, sizeof(NOTE_VENDOR)) != 0)
1428 continue;
1429 switch (note->n_type) {
1430 case ABI_NOTETYPE:
1431 /* DragonFly osrel note */
1432 p = (uintptr_t)(note + 1);
1433 p += roundup2(note->n_namesz, sizeof(Elf32_Addr));
1434 obj->osrel = *(const int32_t *)(p);
1435 dbg("note osrel %d", obj->osrel);
1436 break;
1437 case CRT_NOINIT_NOTETYPE:
1438 /* DragonFly 'crt does not call init' note */
1439 obj->crt_no_init = true;
1440 dbg("note crt_no_init");
1441 break;
1442 }
1443 }
1444 }
1445
1446 static Obj_Entry *
1447 dlcheck(void *handle)
1448 {
1449 Obj_Entry *obj;
1450
1451 for (obj = obj_list; obj != NULL; obj = obj->next)
1452 if (obj == (Obj_Entry *) handle)
1453 break;
1454
1455 if (obj == NULL || obj->refcount == 0 || obj->dl_refcount == 0) {
1456 _rtld_error("Invalid shared object handle %p", handle);
1457 return NULL;
1458 }
1459 return obj;
1460 }
1461
1462 /*
1463 * If the given object is already in the donelist, return true. Otherwise
1464 * add the object to the list and return false.
1465 */
1466 static bool
1467 donelist_check(DoneList *dlp, const Obj_Entry *obj)
1468 {
1469 unsigned int i;
1470
1471 for (i = 0; i < dlp->num_used; i++)
1472 if (dlp->objs[i] == obj)
1473 return true;
1474 /*
1475 * Our donelist allocation should always be sufficient. But if
1476 * our threads locking isn't working properly, more shared objects
1477 * could have been loaded since we allocated the list. That should
1478 * never happen, but we'll handle it properly just in case it does.
1479 */
1480 if (dlp->num_used < dlp->num_alloc)
1481 dlp->objs[dlp->num_used++] = obj;
1482 return false;
1483 }
1484
1485 /*
1486 * Hash function for symbol table lookup. Don't even think about changing
1487 * this. It is specified by the System V ABI.
1488 */
1489 unsigned long
1490 elf_hash(const char *name)
1491 {
1492 const unsigned char *p = (const unsigned char *) name;
1493 unsigned long h = 0;
1494 unsigned long g;
1495
1496 while (*p != '\0') {
1497 h = (h << 4) + *p++;
1498 if ((g = h & 0xf0000000) != 0)
1499 h ^= g >> 24;
1500 h &= ~g;
1501 }
1502 return h;
1503 }
1504
1505 /*
1506 * The GNU hash function is the Daniel J. Bernstein hash clipped to 32 bits
1507 * unsigned in case it's implemented with a wider type.
1508 */
1509 static uint_fast32_t
1510 gnu_hash(const char *s)
1511 {
1512 uint_fast32_t h;
1513 unsigned char c;
1514
1515 h = 5381;
1516 for (c = *s; c != '\0'; c = *++s)
1517 h = h * 33 + c;
1518 return (h & 0xffffffff);
1519 }
1520
1521
1522 /*
1523 * Find the library with the given name, and return its full pathname.
1524 * The returned string is dynamically allocated. Generates an error
1525 * message and returns NULL if the library cannot be found.
1526 *
1527 * If the second argument is non-NULL, then it refers to an already-
1528 * loaded shared object, whose library search path will be searched.
1529 *
1530 * If a library is successfully located via LD_LIBRARY_PATH_FDS, its
1531 * descriptor (which is close-on-exec) will be passed out via the third
1532 * argument.
1533 *
1534 * The search order is:
1535 * DT_RPATH in the referencing file _unless_ DT_RUNPATH is present (1)
1536 * DT_RPATH of the main object if DSO without defined DT_RUNPATH (1)
1537 * LD_LIBRARY_PATH
1538 * DT_RUNPATH in the referencing file
1539 * ldconfig hints (if -z nodefaultlib, filter out default library directories
1540 * from list)
1541 * /lib:/usr/lib _unless_ the referencing file is linked with -z nodefaultlib
1542 *
1543 * (1) Handled in digest_dynamic2 - rpath left NULL if runpath defined.
1544 */
1545 static char *
1546 find_library(const char *xname, const Obj_Entry *refobj, int *fdp)
1547 {
1548 char *pathname;
1549 char *name;
1550 bool nodeflib, objgiven;
1551
1552 objgiven = refobj != NULL;
1553 if (strchr(xname, '/') != NULL) { /* Hard coded pathname */
1554 if (xname[0] != '/' && !trust) {
1555 _rtld_error("Absolute pathname required for shared object \"%s\"",
1556 xname);
1557 return NULL;
1558 }
1559 if (objgiven && refobj->z_origin) {
1560 return (origin_subst(__DECONST(char *, xname),
1561 refobj->origin_path));
1562 } else {
1563 return (xstrdup(xname));
1564 }
1565 }
1566
1567 if (libmap_disable || !objgiven ||
1568 (name = lm_find(refobj->path, xname)) == NULL)
1569 name = (char *)xname;
1570
1571 dbg(" Searching for \"%s\"", name);
1572
1573 nodeflib = objgiven ? refobj->z_nodeflib : false;
1574 if ((objgiven &&
1575 (pathname = search_library_path(name, refobj->rpath)) != NULL) ||
1576 (objgiven && refobj->runpath == NULL && refobj != obj_main &&
1577 (pathname = search_library_path(name, obj_main->rpath)) != NULL) ||
1578 (pathname = search_library_path(name, ld_library_path)) != NULL ||
1579 (objgiven &&
1580 (pathname = search_library_path(name, refobj->runpath)) != NULL) ||
1581 (pathname = search_library_pathfds(name, ld_library_dirs, fdp)) != NULL ||
1582 (pathname = search_library_path(name, gethints(nodeflib))) != NULL ||
1583 (objgiven && !nodeflib &&
1584 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL))
1585 return (pathname);
1586
1587 if (objgiven && refobj->path != NULL) {
1588 _rtld_error("Shared object \"%s\" not found, required by \"%s\"",
1589 name, basename(refobj->path));
1590 } else {
1591 _rtld_error("Shared object \"%s\" not found", name);
1592 }
1593 return NULL;
1594 }
1595
1596 /*
1597 * Given a symbol number in a referencing object, find the corresponding
1598 * definition of the symbol. Returns a pointer to the symbol, or NULL if
1599 * no definition was found. Returns a pointer to the Obj_Entry of the
1600 * defining object via the reference parameter DEFOBJ_OUT.
1601 */
1602 const Elf_Sym *
1603 find_symdef(unsigned long symnum, const Obj_Entry *refobj,
1604 const Obj_Entry **defobj_out, int flags, SymCache *cache,
1605 RtldLockState *lockstate)
1606 {
1607 const Elf_Sym *ref;
1608 const Elf_Sym *def;
1609 const Obj_Entry *defobj;
1610 SymLook req;
1611 const char *name;
1612 int res;
1613
1614 /*
1615 * If we have already found this symbol, get the information from
1616 * the cache.
1617 */
1618 if (symnum >= refobj->dynsymcount)
1619 return NULL; /* Bad object */
1620 if (cache != NULL && cache[symnum].sym != NULL) {
1621 *defobj_out = cache[symnum].obj;
1622 return cache[symnum].sym;
1623 }
1624
1625 ref = refobj->symtab + symnum;
1626 name = refobj->strtab + ref->st_name;
1627 def = NULL;
1628 defobj = NULL;
1629
1630 /*
1631 * We don't have to do a full scale lookup if the symbol is local.
1632 * We know it will bind to the instance in this load module; to
1633 * which we already have a pointer (ie ref). By not doing a lookup,
1634 * we not only improve performance, but it also avoids unresolvable
1635 * symbols when local symbols are not in the hash table.
1636 *
1637 * This might occur for TLS module relocations, which simply use
1638 * symbol 0.
1639 */
1640 if (ELF_ST_BIND(ref->st_info) != STB_LOCAL) {
1641 if (ELF_ST_TYPE(ref->st_info) == STT_SECTION) {
1642 _rtld_error("%s: Bogus symbol table entry %lu", refobj->path,
1643 symnum);
1644 }
1645 symlook_init(&req, name);
1646 req.flags = flags;
1647 req.ventry = fetch_ventry(refobj, symnum);
1648 req.lockstate = lockstate;
1649 res = symlook_default(&req, refobj);
1650 if (res == 0) {
1651 def = req.sym_out;
1652 defobj = req.defobj_out;
1653 }
1654 } else {
1655 def = ref;
1656 defobj = refobj;
1657 }
1658
1659 /*
1660 * If we found no definition and the reference is weak, treat the
1661 * symbol as having the value zero.
1662 */
1663 if (def == NULL && ELF_ST_BIND(ref->st_info) == STB_WEAK) {
1664 def = &sym_zero;
1665 defobj = obj_main;
1666 }
1667
1668 if (def != NULL) {
1669 *defobj_out = defobj;
1670 /* Record the information in the cache to avoid subsequent lookups. */
1671 if (cache != NULL) {
1672 cache[symnum].sym = def;
1673 cache[symnum].obj = defobj;
1674 }
1675 } else {
1676 if (refobj != &obj_rtld)
1677 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name);
1678 }
1679 return def;
1680 }
1681
1682 /*
1683 * Return the search path from the ldconfig hints file, reading it if
1684 * necessary. If nostdlib is true, then the default search paths are
1685 * not added to result.
1686 *
1687 * Returns NULL if there are problems with the hints file,
1688 * or if the search path there is empty.
1689 */
1690 static const char *
1691 gethints(bool nostdlib)
1692 {
1693 static char *hints, *filtered_path;
1694 struct elfhints_hdr hdr;
1695 struct fill_search_info_args sargs, hargs;
1696 struct dl_serinfo smeta, hmeta, *SLPinfo, *hintinfo;
1697 struct dl_serpath *SLPpath, *hintpath;
1698 char *p;
1699 unsigned int SLPndx, hintndx, fndx, fcount;
1700 int fd;
1701 size_t flen;
1702 bool skip;
1703
1704 /* First call, read the hints file */
1705 if (hints == NULL) {
1706 /* Keep from trying again in case the hints file is bad. */
1707 hints = "";
1708
1709 if ((fd = open(ld_elf_hints_path, O_RDONLY | O_CLOEXEC)) == -1)
1710 return (NULL);
1711 if (read(fd, &hdr, sizeof hdr) != sizeof hdr ||
1712 hdr.magic != ELFHINTS_MAGIC ||
1713 hdr.version != 1) {
1714 close(fd);
1715 return (NULL);
1716 }
1717 p = xmalloc(hdr.dirlistlen + 1);
1718 if (lseek(fd, hdr.strtab + hdr.dirlist, SEEK_SET) == -1 ||
1719 read(fd, p, hdr.dirlistlen + 1) !=
1720 (ssize_t)hdr.dirlistlen + 1) {
1721 free(p);
1722 close(fd);
1723 return (NULL);
1724 }
1725 hints = p;
1726 close(fd);
1727 }
1728
1729 /*
1730 * If caller agreed to receive list which includes the default
1731 * paths, we are done. Otherwise, if we still have not
1732 * calculated filtered result, do it now.
1733 */
1734 if (!nostdlib)
1735 return (hints[0] != '\0' ? hints : NULL);
1736 if (filtered_path != NULL)
1737 goto filt_ret;
1738
1739 /*
1740 * Obtain the list of all configured search paths, and the
1741 * list of the default paths.
1742 *
1743 * First estimate the size of the results.
1744 */
1745 smeta.dls_size = __offsetof(struct dl_serinfo, dls_serpath);
1746 smeta.dls_cnt = 0;
1747 hmeta.dls_size = __offsetof(struct dl_serinfo, dls_serpath);
1748 hmeta.dls_cnt = 0;
1749
1750 sargs.request = RTLD_DI_SERINFOSIZE;
1751 sargs.serinfo = &smeta;
1752 hargs.request = RTLD_DI_SERINFOSIZE;
1753 hargs.serinfo = &hmeta;
1754
1755 path_enumerate(STANDARD_LIBRARY_PATH, fill_search_info, &sargs);
1756 path_enumerate(p, fill_search_info, &hargs);
1757
1758 SLPinfo = xmalloc(smeta.dls_size);
1759 hintinfo = xmalloc(hmeta.dls_size);
1760
1761 /*
1762 * Next fetch both sets of paths.
1763 */
1764 sargs.request = RTLD_DI_SERINFO;
1765 sargs.serinfo = SLPinfo;
1766 sargs.serpath = &SLPinfo->dls_serpath[0];
1767 sargs.strspace = (char *)&SLPinfo->dls_serpath[smeta.dls_cnt];
1768
1769 hargs.request = RTLD_DI_SERINFO;
1770 hargs.serinfo = hintinfo;
1771 hargs.serpath = &hintinfo->dls_serpath[0];
1772 hargs.strspace = (char *)&hintinfo->dls_serpath[hmeta.dls_cnt];
1773
1774 path_enumerate(STANDARD_LIBRARY_PATH, fill_search_info, &sargs);
1775 path_enumerate(p, fill_search_info, &hargs);
1776
1777 /*
1778 * Now calculate the difference between two sets, by excluding
1779 * standard paths from the full set.
1780 */
1781 fndx = 0;
1782 fcount = 0;
1783 filtered_path = xmalloc(hdr.dirlistlen + 1);
1784 hintpath = &hintinfo->dls_serpath[0];
1785 for (hintndx = 0; hintndx < hmeta.dls_cnt; hintndx++, hintpath++) {
1786 skip = false;
1787 SLPpath = &SLPinfo->dls_serpath[0];
1788 /*
1789 * Check each standard path against current.
1790 */
1791 for (SLPndx = 0; SLPndx < smeta.dls_cnt; SLPndx++, SLPpath++) {
1792 /* matched, skip the path */
1793 if (!strcmp(hintpath->dls_name, SLPpath->dls_name)) {
1794 skip = true;
1795 break;
1796 }
1797 }
1798 if (skip)
1799 continue;
1800 /*
1801 * Not matched against any standard path, add the path
1802 * to result. Separate consecutive paths with ':'.
1803 */
1804 if (fcount > 0) {
1805 filtered_path[fndx] = ':';
1806 fndx++;
1807 }
1808 fcount++;
1809 flen = strlen(hintpath->dls_name);
1810 strncpy((filtered_path + fndx), hintpath->dls_name, flen);
1811 fndx += flen;
1812 }
1813 filtered_path[fndx] = '\0';
1814
1815 free(SLPinfo);
1816 free(hintinfo);
1817
1818 filt_ret:
1819 return (filtered_path[0] != '\0' ? filtered_path : NULL);
1820 }
1821
1822 static void
1823 init_dag(Obj_Entry *root)
1824 {
1825 const Needed_Entry *needed;
1826 const Objlist_Entry *elm;
1827 DoneList donelist;
1828
1829 if (root->dag_inited)
1830 return;
1831 donelist_init(&donelist);
1832
1833 /* Root object belongs to own DAG. */
1834 objlist_push_tail(&root->dldags, root);
1835 objlist_push_tail(&root->dagmembers, root);
1836 donelist_check(&donelist, root);
1837
1838 /*
1839 * Add dependencies of root object to DAG in breadth order
1840 * by exploiting the fact that each new object get added
1841 * to the tail of the dagmembers list.
1842 */
1843 STAILQ_FOREACH(elm, &root->dagmembers, link) {
1844 for (needed = elm->obj->needed; needed != NULL; needed = needed->next) {
1845 if (needed->obj == NULL || donelist_check(&donelist, needed->obj))
1846 continue;
1847 objlist_push_tail(&needed->obj->dldags, root);
1848 objlist_push_tail(&root->dagmembers, needed->obj);
1849 }
1850 }
1851 root->dag_inited = true;
1852 }
1853
1854 static void
1855 process_nodelete(Obj_Entry *root)
1856 {
1857 const Objlist_Entry *elm;
1858
1859 /*
1860 * Walk over object DAG and process every dependent object that
1861 * is marked as DF_1_NODELETE. They need to grow their own DAG,
1862 * which then should have its reference upped separately.
1863 */
1864 STAILQ_FOREACH(elm, &root->dagmembers, link) {
1865 if (elm->obj != NULL && elm->obj->z_nodelete &&
1866 !elm->obj->ref_nodel) {
1867 dbg("obj %s nodelete", elm->obj->path);
1868 init_dag(elm->obj);
1869 ref_dag(elm->obj);
1870 elm->obj->ref_nodel = true;
1871 }
1872 }
1873 }
1874
1875 /*
1876 * Initialize the dynamic linker. The argument is the address at which
1877 * the dynamic linker has been mapped into memory. The primary task of
1878 * this function is to relocate the dynamic linker.
1879 */
1880 static void
1881 init_rtld(caddr_t mapbase, Elf_Auxinfo **aux_info)
1882 {
1883 Obj_Entry objtmp; /* Temporary rtld object */
1884 const Elf_Ehdr *ehdr;
1885 const Elf_Dyn *dyn_rpath;
1886 const Elf_Dyn *dyn_soname;
1887 const Elf_Dyn *dyn_runpath;
1888
1889 /*
1890 * Conjure up an Obj_Entry structure for the dynamic linker.
1891 *
1892 * The "path" member can't be initialized yet because string constants
1893 * cannot yet be accessed. Below we will set it correctly.
1894 */
1895 memset(&objtmp, 0, sizeof(objtmp));
1896 objtmp.path = NULL;
1897 objtmp.rtld = true;
1898 objtmp.mapbase = mapbase;
1899 #ifdef PIC
1900 objtmp.relocbase = mapbase;
1901 #endif
1902 if (RTLD_IS_DYNAMIC()) {
1903 objtmp.dynamic = rtld_dynamic(&objtmp);
1904 digest_dynamic1(&objtmp, 1, &dyn_rpath, &dyn_soname, &dyn_runpath);
1905 assert(objtmp.needed == NULL);
1906 assert(!objtmp.textrel);
1907
1908 /*
1909 * Temporarily put the dynamic linker entry into the object list, so
1910 * that symbols can be found.
1911 */
1912
1913 relocate_objects(&objtmp, true, &objtmp, 0, NULL);
1914 }
1915 ehdr = (Elf_Ehdr *)mapbase;
1916 objtmp.phdr = (Elf_Phdr *)((char *)mapbase + ehdr->e_phoff);
1917 objtmp.phsize = ehdr->e_phnum * sizeof(objtmp.phdr[0]);
1918
1919 /* Initialize the object list. */
1920 obj_tail = &obj_list;
1921
1922 /* Now that non-local variables can be accesses, copy out obj_rtld. */
1923 memcpy(&obj_rtld, &objtmp, sizeof(obj_rtld));
1924
1925 #ifdef ENABLE_OSRELDATE
1926 if (aux_info[AT_OSRELDATE] != NULL)
1927 osreldate = aux_info[AT_OSRELDATE]->a_un.a_val;
1928 #endif
1929
1930 digest_dynamic2(&obj_rtld, dyn_rpath, dyn_soname, dyn_runpath);
1931
1932 /* Replace the path with a dynamically allocated copy. */
1933 obj_rtld.path = xstrdup(PATH_RTLD);
1934
1935 r_debug.r_brk = r_debug_state;
1936 r_debug.r_state = RT_CONSISTENT;
1937 }
1938
1939 /*
1940 * Add the init functions from a needed object list (and its recursive
1941 * needed objects) to "list". This is not used directly; it is a helper
1942 * function for initlist_add_objects(). The write lock must be held
1943 * when this function is called.
1944 */
1945 static void
1946 initlist_add_neededs(Needed_Entry *needed, Objlist *list)
1947 {
1948 /* Recursively process the successor needed objects. */
1949 if (needed->next != NULL)
1950 initlist_add_neededs(needed->next, list);
1951
1952 /* Process the current needed object. */
1953 if (needed->obj != NULL)
1954 initlist_add_objects(needed->obj, &needed->obj->next, list);
1955 }
1956
1957 /*
1958 * Scan all of the DAGs rooted in the range of objects from "obj" to
1959 * "tail" and add their init functions to "list". This recurses over
1960 * the DAGs and ensure the proper init ordering such that each object's
1961 * needed libraries are initialized before the object itself. At the
1962 * same time, this function adds the objects to the global finalization
1963 * list "list_fini" in the opposite order. The write lock must be
1964 * held when this function is called.
1965 */
1966 static void
1967 initlist_add_objects(Obj_Entry *obj, Obj_Entry **tail, Objlist *list)
1968 {
1969
1970 if (obj->init_scanned || obj->init_done)
1971 return;
1972 obj->init_scanned = true;
1973
1974 /* Recursively process the successor objects. */
1975 if (&obj->next != tail)
1976 initlist_add_objects(obj->next, tail, list);
1977
1978 /* Recursively process the needed objects. */
1979 if (obj->needed != NULL)
1980 initlist_add_neededs(obj->needed, list);
1981 if (obj->needed_filtees != NULL)
1982 initlist_add_neededs(obj->needed_filtees, list);
1983 if (obj->needed_aux_filtees != NULL)
1984 initlist_add_neededs(obj->needed_aux_filtees, list);
1985
1986 /* Add the object to the init list. */
1987 if (obj->preinit_array != (Elf_Addr)NULL || obj->init != (Elf_Addr)NULL ||
1988 obj->init_array != (Elf_Addr)NULL)
1989 objlist_push_tail(list, obj);
1990
1991 /* Add the object to the global fini list in the reverse order. */
1992 if ((obj->fini != (Elf_Addr)NULL || obj->fini_array != (Elf_Addr)NULL)
1993 && !obj->on_fini_list) {
1994 objlist_push_head(&list_fini, obj);
1995 obj->on_fini_list = true;
1996 }
1997 }
1998
1999 #ifndef FPTR_TARGET
2000 #define FPTR_TARGET(f) ((Elf_Addr) (f))
2001 #endif
2002
2003 static void
2004 free_needed_filtees(Needed_Entry *n)
2005 {
2006 Needed_Entry *needed, *needed1;
2007
2008 for (needed = n; needed != NULL; needed = needed->next) {
2009 if (needed->obj != NULL) {
2010 dlclose(needed->obj);
2011 needed->obj = NULL;
2012 }
2013 }
2014 for (needed = n; needed != NULL; needed = needed1) {
2015 needed1 = needed->next;
2016 free(needed);
2017 }
2018 }
2019
2020 static void
2021 unload_filtees(Obj_Entry *obj)
2022 {
2023
2024 free_needed_filtees(obj->needed_filtees);
2025 obj->needed_filtees = NULL;
2026 free_needed_filtees(obj->needed_aux_filtees);
2027 obj->needed_aux_filtees = NULL;
2028 obj->filtees_loaded = false;
2029 }
2030
2031 static void
2032 load_filtee1(Obj_Entry *obj, Needed_Entry *needed, int flags,
2033 RtldLockState *lockstate)
2034 {
2035
2036 for (; needed != NULL; needed = needed->next) {
2037 needed->obj = dlopen_object(obj->strtab + needed->name, -1, obj,
2038 flags, ((ld_loadfltr || obj->z_loadfltr) ? RTLD_NOW : RTLD_LAZY) |
2039 RTLD_LOCAL, lockstate);
2040 }
2041 }
2042
2043 static void
2044 load_filtees(Obj_Entry *obj, int flags, RtldLockState *lockstate)
2045 {
2046
2047 lock_restart_for_upgrade(lockstate);
2048 if (!obj->filtees_loaded) {
2049 load_filtee1(obj, obj->needed_filtees, flags, lockstate);
2050 load_filtee1(obj, obj->needed_aux_filtees, flags, lockstate);
2051 obj->filtees_loaded = true;
2052 }
2053 }
2054
2055 static int
2056 process_needed(Obj_Entry *obj, Needed_Entry *needed, int flags)
2057 {
2058 Obj_Entry *obj1;
2059
2060 for (; needed != NULL; needed = needed->next) {
2061 obj1 = needed->obj = load_object(obj->strtab + needed->name, -1, obj,
2062 flags & ~RTLD_LO_NOLOAD);
2063 if (obj1 == NULL && !ld_tracing && (flags & RTLD_LO_FILTEES) == 0)
2064 return (-1);
2065 }
2066 return (0);
2067 }
2068
2069 /*
2070 * Given a shared object, traverse its list of needed objects, and load
2071 * each of them. Returns 0 on success. Generates an error message and
2072 * returns -1 on failure.
2073 */
2074 static int
2075 load_needed_objects(Obj_Entry *first, int flags)
2076 {
2077 Obj_Entry *obj;
2078
2079 for (obj = first; obj != NULL; obj = obj->next) {
2080 if (process_needed(obj, obj->needed, flags) == -1)
2081 return (-1);
2082 }
2083 return (0);
2084 }
2085
2086 static int
2087 load_preload_objects(void)
2088 {
2089 char *p = ld_preload;
2090 Obj_Entry *obj;
2091 static const char delim[] = " \t:;";
2092
2093 if (p == NULL)
2094 return 0;
2095
2096 p += strspn(p, delim);
2097 while (*p != '\0') {
2098 size_t len = strcspn(p, delim);
2099 char savech;
2100 SymLook req;
2101 int res;
2102
2103 savech = p[len];
2104 p[len] = '\0';
2105 obj = load_object(p, -1, NULL, 0);
2106 if (obj == NULL)
2107 return -1; /* XXX - cleanup */
2108 obj->z_interpose = true;
2109 p[len] = savech;
2110 p += len;
2111 p += strspn(p, delim);
2112
2113 /* Check for the magic tracing function */
2114 symlook_init(&req, RTLD_FUNCTRACE);
2115 res = symlook_obj(&req, obj);
2116 if (res == 0) {
2117 rtld_functrace = (void *)(req.defobj_out->relocbase +
2118 req.sym_out->st_value);
2119 rtld_functrace_obj = req.defobj_out;
2120 }
2121 }
2122 LD_UTRACE(UTRACE_PRELOAD_FINISHED, NULL, NULL, 0, 0, NULL);
2123 return 0;
2124 }
2125
2126 static const char *
2127 printable_path(const char *path)
2128 {
2129
2130 return (path == NULL ? "<unknown>" : path);
2131 }
2132
2133 /*
2134 * Load a shared object into memory, if it is not already loaded. The
2135 * object may be specified by name or by user-supplied file descriptor
2136 * fd_u. In the later case, the fd_u descriptor is not closed, but its
2137 * duplicate is.
2138 *
2139 * Returns a pointer to the Obj_Entry for the object. Returns NULL
2140 * on failure.
2141 */
2142 static Obj_Entry *
2143 load_object(const char *name, int fd_u, const Obj_Entry *refobj, int flags)
2144 {
2145 Obj_Entry *obj;
2146 int fd;
2147 struct stat sb;
2148 char *path;
2149
2150 fd = -1;
2151 if (name != NULL) {
2152 for (obj = obj_list->next; obj != NULL; obj = obj->next) {
2153 if (object_match_name(obj, name))
2154 return (obj);
2155 }
2156
2157 path = find_library(name, refobj, &fd);
2158 if (path == NULL)
2159 return (NULL);
2160 } else
2161 path = NULL;
2162
2163 if (fd >= 0) {
2164 /*
2165 * search_library_pathfds() opens a fresh file descriptor for the
2166 * library, so there is no need to dup().
2167 */
2168 } else if (fd_u == -1) {
2169 /*
2170 * If we didn't find a match by pathname, or the name is not
2171 * supplied, open the file and check again by device and inode.
2172 * This avoids false mismatches caused by multiple links or ".."
2173 * in pathnames.
2174 *
2175 * To avoid a race, we open the file and use fstat() rather than
2176 * using stat().
2177 */
2178 if ((fd = open(path, O_RDONLY | O_CLOEXEC)) == -1) {
2179 _rtld_error("Cannot open \"%s\"", path);
2180 free(path);
2181 return (NULL);
2182 }
2183 } else {
2184 fd = fcntl(fd_u, F_DUPFD_CLOEXEC, 0);
2185 if (fd == -1) {
2186 _rtld_error("Cannot dup fd");
2187 free(path);
2188 return (NULL);
2189 }
2190 }
2191 if (fstat(fd, &sb) == -1) {
2192 _rtld_error("Cannot fstat \"%s\"", printable_path(path));
2193 close(fd);
2194 free(path);
2195 return NULL;
2196 }
2197 for (obj = obj_list->next; obj != NULL; obj = obj->next)
2198 if (obj->ino == sb.st_ino && obj->dev == sb.st_dev)
2199 break;
2200 if (obj != NULL && name != NULL) {
2201 object_add_name(obj, name);
2202 free(path);
2203 close(fd);
2204 return obj;
2205 }
2206 if (flags & RTLD_LO_NOLOAD) {
2207 free(path);
2208 close(fd);
2209 return (NULL);
2210 }
2211
2212 /* First use of this object, so we must map it in */
2213 obj = do_load_object(fd, name, path, &sb, flags);
2214 if (obj == NULL)
2215 free(path);
2216 close(fd);
2217
2218 return obj;
2219 }
2220
2221 static Obj_Entry *
2222 do_load_object(int fd, const char *name, char *path, struct stat *sbp,
2223 int flags)
2224 {
2225 Obj_Entry *obj;
2226 struct statfs fs;
2227
2228 /*
2229 * but first, make sure that environment variables haven't been
2230 * used to circumvent the noexec flag on a filesystem.
2231 */
2232 if (dangerous_ld_env) {
2233 if (fstatfs(fd, &fs) != 0) {
2234 _rtld_error("Cannot fstatfs \"%s\"", printable_path(path));
2235 return NULL;
2236 }
2237 if (fs.f_flags & MNT_NOEXEC) {
2238 _rtld_error("Cannot execute objects on %s\n", fs.f_mntonname);
2239 return NULL;
2240 }
2241 }
2242 dbg("loading \"%s\"", printable_path(path));
2243 obj = map_object(fd, printable_path(path), sbp);
2244 if (obj == NULL)
2245 return NULL;
2246
2247 /*
2248 * If DT_SONAME is present in the object, digest_dynamic2 already
2249 * added it to the object names.
2250 */
2251 if (name != NULL)
2252 object_add_name(obj, name);
2253 obj->path = path;
2254 digest_dynamic(obj, 0);
2255 dbg("%s valid_hash_sysv %d valid_hash_gnu %d dynsymcount %d", obj->path,
2256 obj->valid_hash_sysv, obj->valid_hash_gnu, obj->dynsymcount);
2257 if (obj->z_noopen && (flags & (RTLD_LO_DLOPEN | RTLD_LO_TRACE)) ==
2258 RTLD_LO_DLOPEN) {
2259 dbg("refusing to load non-loadable \"%s\"", obj->path);
2260 _rtld_error("Cannot dlopen non-loadable %s", obj->path);
2261 munmap(obj->mapbase, obj->mapsize);
2262 obj_free(obj);
2263 return (NULL);
2264 }
2265
2266 *obj_tail = obj;
2267 obj_tail = &obj->next;
2268 obj_count++;
2269 obj_loads++;
2270 linkmap_add(obj); /* for GDB & dlinfo() */
2271 #if 0
2272 max_stack_flags |= obj->stack_flags;
2273 #endif
2274
2275 dbg(" %p .. %p: %s", obj->mapbase,
2276 obj->mapbase + obj->mapsize - 1, obj->path);
2277 if (obj->textrel)
2278 dbg(" WARNING: %s has impure text", obj->path);
2279 LD_UTRACE(UTRACE_LOAD_OBJECT, obj, obj->mapbase, obj->mapsize, 0,
2280 obj->path);
2281
2282 return obj;
2283 }
2284
2285 static Obj_Entry *
2286 obj_from_addr(const void *addr)
2287 {
2288 Obj_Entry *obj;
2289
2290 for (obj = obj_list; obj != NULL; obj = obj->next) {
2291 if (addr < (void *) obj->mapbase)
2292 continue;
2293 if (addr < (void *) (obj->mapbase + obj->mapsize))
2294 return obj;
2295 }
2296 return NULL;
2297 }
2298
2299 /*
2300 * If the main program is defined with a .preinit_array section, call
2301 * each function in order. This must occur before the initialization
2302 * of any shared object or the main program.
2303 */
2304 static void
2305 preinit_main(void)
2306 {
2307 Elf_Addr *preinit_addr;
2308 int index;
2309
2310 preinit_addr = (Elf_Addr *)obj_main->preinit_array;
2311 if (preinit_addr == NULL)
2312 return;
2313
2314 for (index = 0; index < obj_main->preinit_array_num; index++) {
2315 if (preinit_addr[index] != 0 && preinit_addr[index] != 1) {
2316 dbg("calling preinit function for %s at %p", obj_main->path,
2317 (void *)preinit_addr[index]);
2318 LD_UTRACE(UTRACE_INIT_CALL, obj_main, (void *)preinit_addr[index],
2319 0, 0, obj_main->path);
2320 call_init_pointer(obj_main, preinit_addr[index]);
2321 }
2322 }
2323 }
2324
2325 /*
2326 * Call the finalization functions for each of the objects in "list"
2327 * belonging to the DAG of "root" and referenced once. If NULL "root"
2328 * is specified, every finalization function will be called regardless
2329 * of the reference count and the list elements won't be freed. All of
2330 * the objects are expected to have non-NULL fini functions.
2331 */
2332 static void
2333 objlist_call_fini(Objlist *list, Obj_Entry *root, RtldLockState *lockstate)
2334 {
2335 Objlist_Entry *elm;
2336 char *saved_msg;
2337 Elf_Addr *fini_addr;
2338 int index;
2339
2340 assert(root == NULL || root->refcount == 1);
2341
2342 /*
2343 * Preserve the current error message since a fini function might
2344 * call into the dynamic linker and overwrite it.
2345 */
2346 saved_msg = errmsg_save();
2347 do {
2348 STAILQ_FOREACH(elm, list, link) {
2349 if (root != NULL && (elm->obj->refcount != 1 ||
2350 objlist_find(&root->dagmembers, elm->obj) == NULL))
2351 continue;
2352
2353 /* Remove object from fini list to prevent recursive invocation. */
2354 STAILQ_REMOVE(list, elm, Struct_Objlist_Entry, link);
2355 /*
2356 * XXX: If a dlopen() call references an object while the
2357 * fini function is in progress, we might end up trying to
2358 * unload the referenced object in dlclose() or the object
2359 * won't be unloaded although its fini function has been
2360 * called.
2361 */
2362 lock_release(rtld_bind_lock, lockstate);
2363
2364 /*
2365 * It is legal to have both DT_FINI and DT_FINI_ARRAY defined.
2366 * When this happens, DT_FINI_ARRAY is processed first.
2367 * It is also processed backwards. It is possible to encounter
2368 * DT_FINI_ARRAY elements with values of 0 or 1, but they need
2369 * to be ignored.
2370 */
2371 fini_addr = (Elf_Addr *)elm->obj->fini_array;
2372 if (fini_addr != NULL && elm->obj->fini_array_num > 0) {
2373 for (index = elm->obj->fini_array_num - 1; index >= 0; index--) {
2374 if (fini_addr[index] != 0 && fini_addr[index] != 1) {
2375 dbg("calling fini array function for %s at %p",
2376 elm->obj->path, (void *)fini_addr[index]);
2377 LD_UTRACE(UTRACE_FINI_CALL, elm->obj,
2378 (void *)fini_addr[index], 0, 0, elm->obj->path);
2379 call_initfini_pointer(elm->obj, fini_addr[index]);
2380 }
2381 }
2382 }
2383 if (elm->obj->fini != (Elf_Addr)NULL) {
2384 dbg("calling fini function for %s at %p", elm->obj->path,
2385 (void *)elm->obj->fini);
2386 LD_UTRACE(UTRACE_FINI_CALL, elm->obj, (void *)elm->obj->fini,
2387 0, 0, elm->obj->path);
2388 call_initfini_pointer(elm->obj, elm->obj->fini);
2389 }
2390 wlock_acquire(rtld_bind_lock, lockstate);
2391 /* No need to free anything if process is going down. */
2392 if (root != NULL)
2393 free(elm);
2394 /*
2395 * We must restart the list traversal after every fini call
2396 * because a dlclose() call from the fini function or from
2397 * another thread might have modified the reference counts.
2398 */
2399 break;
2400 }
2401 } while (elm != NULL);
2402 errmsg_restore(saved_msg);
2403 }
2404
2405 /*
2406 * Call the initialization functions for each of the objects in
2407 * "list". All of the objects are expected to have non-NULL init
2408 * functions.
2409 */
2410 static void
2411 objlist_call_init(Objlist *list, RtldLockState *lockstate)
2412 {
2413 Objlist_Entry *elm;
2414 Obj_Entry *obj;
2415 char *saved_msg;
2416 Elf_Addr *init_addr;
2417 int index;
2418
2419 /*
2420 * Clean init_scanned flag so that objects can be rechecked and
2421 * possibly initialized earlier if any of vectors called below
2422 * cause the change by using dlopen.
2423 */
2424 for (obj = obj_list; obj != NULL; obj = obj->next)
2425 obj->init_scanned = false;
2426
2427 /*
2428 * Preserve the current error message since an init function might
2429 * call into the dynamic linker and overwrite it.
2430 */
2431 saved_msg = errmsg_save();
2432 STAILQ_FOREACH(elm, list, link) {
2433 if (elm->obj->init_done) /* Initialized early. */
2434 continue;
2435
2436 /*
2437 * Race: other thread might try to use this object before current
2438 * one completes the initilization. Not much can be done here
2439 * without better locking.
2440 */
2441 elm->obj->init_done = true;
2442 lock_release(rtld_bind_lock, lockstate);
2443
2444 /*
2445 * It is legal to have both DT_INIT and DT_INIT_ARRAY defined.
2446 * When this happens, DT_INIT is processed first.
2447 * It is possible to encounter DT_INIT_ARRAY elements with values
2448 * of 0 or 1, but they need to be ignored.
2449 */
2450 if (elm->obj->init != (Elf_Addr)NULL) {
2451 dbg("calling init function for %s at %p", elm->obj->path,
2452 (void *)elm->obj->init);
2453 LD_UTRACE(UTRACE_INIT_CALL, elm->obj, (void *)elm->obj->init,
2454 0, 0, elm->obj->path);
2455 call_initfini_pointer(elm->obj, elm->obj->init);
2456 }
2457 init_addr = (Elf_Addr *)elm->obj->init_array;
2458 if (init_addr != NULL) {
2459 for (index = 0; index < elm->obj->init_array_num; index++) {
2460 if (init_addr[index] != 0 && init_addr[index] != 1) {
2461 dbg("calling init array function for %s at %p", elm->obj->path,
2462 (void *)init_addr[index]);
2463 LD_UTRACE(UTRACE_INIT_CALL, elm->obj,
2464 (void *)init_addr[index], 0, 0, elm->obj->path);
2465 call_init_pointer(elm->obj, init_addr[index]);
2466 }
2467 }
2468 }
2469 wlock_acquire(rtld_bind_lock, lockstate);
2470 }
2471 errmsg_restore(saved_msg);
2472 }
2473
2474 static void
2475 objlist_clear(Objlist *list)
2476 {
2477 Objlist_Entry *elm;
2478
2479 while (!STAILQ_EMPTY(list)) {
2480 elm = STAILQ_FIRST(list);
2481 STAILQ_REMOVE_HEAD(list, link);
2482 free(elm);
2483 }
2484 }
2485
2486 static Objlist_Entry *
2487 objlist_find(Objlist *list, const Obj_Entry *obj)
2488 {
2489 Objlist_Entry *elm;
2490
2491 STAILQ_FOREACH(elm, list, link)
2492 if (elm->obj == obj)
2493 return elm;
2494 return NULL;
2495 }
2496
2497 static void
2498 objlist_init(Objlist *list)
2499 {
2500 STAILQ_INIT(list);
2501 }
2502
2503 static void
2504 objlist_push_head(Objlist *list, Obj_Entry *obj)
2505 {
2506 Objlist_Entry *elm;
2507
2508 elm = NEW(Objlist_Entry);
2509 elm->obj = obj;
2510 STAILQ_INSERT_HEAD(list, elm, link);
2511 }
2512
2513 static void
2514 objlist_push_tail(Objlist *list, Obj_Entry *obj)
2515 {
2516 Objlist_Entry *elm;
2517
2518 elm = NEW(Objlist_Entry);
2519 elm->obj = obj;
2520 STAILQ_INSERT_TAIL(list, elm, link);
2521 }
2522
2523 static void
2524 objlist_put_after(Objlist *list, Obj_Entry *listobj, Obj_Entry *obj)
2525 {
2526 Objlist_Entry *elm, *listelm;
2527
2528 STAILQ_FOREACH(listelm, list, link) {
2529 if (listelm->obj == listobj)
2530 break;
2531 }
2532 elm = NEW(Objlist_Entry);
2533 elm->obj = obj;
2534 if (listelm != NULL)
2535 STAILQ_INSERT_AFTER(list, listelm, elm, link);
2536 else
2537 STAILQ_INSERT_TAIL(list, elm, link);
2538 }
2539
2540 static void
2541 objlist_remove(Objlist *list, Obj_Entry *obj)
2542 {
2543 Objlist_Entry *elm;
2544
2545 if ((elm = objlist_find(list, obj)) != NULL) {
2546 STAILQ_REMOVE(list, elm, Struct_Objlist_Entry, link);
2547 free(elm);
2548 }
2549 }
2550
2551 /*
2552 * Relocate dag rooted in the specified object.
2553 * Returns 0 on success, or -1 on failure.
2554 */
2555
2556 static int
2557 relocate_object_dag(Obj_Entry *root, bool bind_now, Obj_Entry *rtldobj,
2558 int flags, RtldLockState *lockstate)
2559 {
2560 Objlist_Entry *elm;
2561 int error;
2562
2563 error = 0;
2564 STAILQ_FOREACH(elm, &root->dagmembers, link) {
2565 error = relocate_object(elm->obj, bind_now, rtldobj, flags,
2566 lockstate);
2567 if (error == -1)
2568 break;
2569 }
2570 return (error);
2571 }
2572
2573 /*
2574 * Prepare for, or clean after, relocating an object marked with
2575 * DT_TEXTREL or DF_TEXTREL. Before relocating, all read-only
2576 * segments are remapped read-write. After relocations are done, the
2577 * segment's permissions are returned back to the modes specified in
2578 * the phdrs. If any relocation happened, or always for wired
2579 * program, COW is triggered.
2580 */
2581 static int
2582 reloc_textrel_prot(Obj_Entry *obj, bool before)
2583 {
2584 const Elf_Phdr *ph;
2585 void *base;
2586 size_t l, sz;
2587 int prot;
2588
2589 for (l = obj->phsize / sizeof(*ph), ph = obj->phdr; l > 0;
2590 l--, ph++) {
2591 if (ph->p_type != PT_LOAD || (ph->p_flags & PF_W) != 0)
2592 continue;
2593 base = obj->relocbase + trunc_page(ph->p_vaddr);
2594 sz = round_page(ph->p_vaddr + ph->p_filesz) -
2595 trunc_page(ph->p_vaddr);
2596 prot = convert_prot(ph->p_flags) | (before ? PROT_WRITE : 0);
2597 /*
2598 * Make sure modified text segments are included in the
2599 * core dump since we modified it. This unfortunately causes the
2600 * entire text segment to core-out but we don't have much of a
2601 * choice. We could try to only reenable core dumps on pages
2602 * in which relocations occured but that is likely most of the text
2603 * pages anyway, and even that would not work because the rest of
2604 * the text pages would wind up as a read-only OBJT_DEFAULT object
2605 * (created due to our modifications) backed by the original OBJT_VNODE
2606 * object, and the ELF coredump code is currently only able to dump
2607 * vnode records for pure vnode-backed mappings, not vnode backings
2608 * to memory objects.
2609 */
2610 if (before == false)
2611 madvise(base, sz, MADV_CORE);
2612 if (mprotect(base, sz, prot) == -1) {
2613 _rtld_error("%s: Cannot write-%sable text segment: %s",
2614 obj->path, before ? "en" : "dis",
2615 rtld_strerror(errno));
2616 return (-1);
2617 }
2618 }
2619 return (0);
2620 }
2621
2622 /*
2623 * Relocate single object.
2624 * Returns 0 on success, or -1 on failure.
2625 */
2626 static int
2627 relocate_object(Obj_Entry *obj, bool bind_now, Obj_Entry *rtldobj,
2628 int flags, RtldLockState *lockstate)
2629 {
2630
2631 if (obj->relocated)
2632 return (0);
2633 obj->relocated = true;
2634 if (obj != rtldobj)
2635 dbg("relocating \"%s\"", obj->path);
2636
2637 if (obj->symtab == NULL || obj->strtab == NULL ||
2638 !(obj->valid_hash_sysv || obj->valid_hash_gnu)) {
2639 _rtld_error("%s: Shared object has no run-time symbol table",
2640 obj->path);
2641 return (-1);
2642 }
2643
2644 /* There are relocations to the write-protected text segment. */
2645 if (obj->textrel && reloc_textrel_prot(obj, true) != 0)
2646 return (-1);
2647
2648 /* Process the non-PLT non-IFUNC relocations. */
2649 if (reloc_non_plt(obj, rtldobj, flags, lockstate))
2650 return (-1);
2651
2652 /* Re-protected the text segment. */
2653 if (obj->textrel && reloc_textrel_prot(obj, false) != 0)
2654 return (-1);
2655
2656 /* Set the special PLT or GOT entries. */
2657 init_pltgot(obj);
2658
2659 /* Process the PLT relocations. */
2660 if (reloc_plt(obj) == -1)
2661 return (-1);
2662 /* Relocate the jump slots if we are doing immediate binding. */
2663 if (obj->bind_now || bind_now)
2664 if (reloc_jmpslots(obj, flags, lockstate) == -1)
2665 return (-1);
2666
2667 /*
2668 * Process the non-PLT IFUNC relocations. The relocations are
2669 * processed in two phases, because IFUNC resolvers may
2670 * reference other symbols, which must be readily processed
2671 * before resolvers are called.
2672 */
2673 if (obj->non_plt_gnu_ifunc &&
2674 reloc_non_plt(obj, rtldobj, flags | SYMLOOK_IFUNC, lockstate))
2675 return (-1);
2676
2677 /*
2678 * Set up the magic number and version in the Obj_Entry. These
2679 * were checked in the crt1.o from the original ElfKit, so we
2680 * set them for backward compatibility.
2681 */
2682 obj->magic = RTLD_MAGIC;
2683 obj->version = RTLD_VERSION;
2684
2685 /*
2686 * Set relocated data to read-only status if protection specified
2687 */
2688
2689 if (obj->relro_size) {
2690 if (mprotect(obj->relro_page, obj->relro_size, PROT_READ) == -1) {
2691 _rtld_error("%s: Cannot enforce relro relocation: %s",
2692 obj->path, rtld_strerror(errno));
2693 return (-1);
2694 }
2695 obj->relro_protected = true;
2696 }
2697 return (0);
2698 }
2699
2700 /*
2701 * Relocate newly-loaded shared objects. The argument is a pointer to
2702 * the Obj_Entry for the first such object. All objects from the first
2703 * to the end of the list of objects are relocated. Returns 0 on success,
2704 * or -1 on failure.
2705 */
2706 static int
2707 relocate_objects(Obj_Entry *first, bool bind_now, Obj_Entry *rtldobj,
2708 int flags, RtldLockState *lockstate)
2709 {
2710 Obj_Entry *obj;
2711 int error;
2712
2713 for (error = 0, obj = first; obj != NULL; obj = obj->next) {
2714 error = relocate_object(obj, bind_now, rtldobj, flags,
2715 lockstate);
2716 if (error == -1)
2717 break;
2718 }
2719 return (error);
2720 }
2721
2722 /*
2723 * The handling of R_MACHINE_IRELATIVE relocations and jumpslots
2724 * referencing STT_GNU_IFUNC symbols is postponed till the other
2725 * relocations are done. The indirect functions specified as
2726 * ifunc are allowed to call other symbols, so we need to have
2727 * objects relocated before asking for resolution from indirects.
2728 *
2729 * The R_MACHINE_IRELATIVE slots are resolved in greedy fashion,
2730 * instead of the usual lazy handling of PLT slots. It is
2731 * consistent with how GNU does it.
2732 */
2733 static int
2734 resolve_object_ifunc(Obj_Entry *obj, bool bind_now, int flags,
2735 RtldLockState *lockstate)
2736 {
2737 if (obj->irelative && reloc_iresolve(obj, lockstate) == -1)
2738 return (-1);
2739 if (obj->irelative_nonplt && reloc_iresolve_nonplt(obj,
2740 lockstate) == -1)
2741 return (-1);
2742 if ((obj->bind_now || bind_now) && obj->gnu_ifunc &&
2743 reloc_gnu_ifunc(obj, flags, lockstate) == -1)
2744 return (-1);
2745 return (0);
2746 }
2747
2748 static int
2749 resolve_objects_ifunc(Obj_Entry *first, bool bind_now, int flags,
2750 RtldLockState *lockstate)
2751 {
2752 Obj_Entry *obj;
2753
2754 for (obj = first; obj != NULL; obj = obj->next) {
2755 if (resolve_object_ifunc(obj, bind_now, flags, lockstate) == -1)
2756 return (-1);
2757 }
2758 return (0);
2759 }
2760
2761 static int
2762 initlist_objects_ifunc(Objlist *list, bool bind_now, int flags,
2763 RtldLockState *lockstate)
2764 {
2765 Objlist_Entry *elm;
2766
2767 STAILQ_FOREACH(elm, list, link) {
2768 if (resolve_object_ifunc(elm->obj, bind_now, flags,
2769 lockstate) == -1)
2770 return (-1);
2771 }
2772 return (0);
2773 }
2774
2775 /*
2776 * Cleanup procedure. It will be called (by the atexit mechanism) just
2777 * before the process exits.
2778 */
2779 static void
2780 rtld_exit(void)
2781 {
2782 RtldLockState lockstate;
2783
2784 wlock_acquire(rtld_bind_lock, &lockstate);
2785 dbg("rtld_exit()");
2786 objlist_call_fini(&list_fini, NULL, &lockstate);
2787 /* No need to remove the items from the list, since we are exiting. */
2788 if (!libmap_disable)
2789 lm_fini();
2790 lock_release(rtld_bind_lock, &lockstate);
2791 }
2792
2793 /*
2794 * Iterate over a search path, translate each element, and invoke the
2795 * callback on the result.
2796 */
2797 static void *
2798 path_enumerate(const char *path, path_enum_proc callback, void *arg)
2799 {
2800 const char *trans;
2801 if (path == NULL)
2802 return (NULL);
2803
2804 path += strspn(path, ":;");
2805 while (*path != '\0') {
2806 size_t len;
2807 char *res;
2808
2809 len = strcspn(path, ":;");
2810 trans = lm_findn(NULL, path, len);
2811 if (trans)
2812 res = callback(trans, strlen(trans), arg);
2813 else
2814 res = callback(path, len, arg);
2815
2816 if (res != NULL)
2817 return (res);
2818
2819 path += len;
2820 path += strspn(path, ":;");
2821 }
2822
2823 return (NULL);
2824 }
2825
2826 struct try_library_args {
2827 const char *name;
2828 size_t namelen;
2829 char *buffer;
2830 size_t buflen;
2831 };
2832
2833 static void *
2834 try_library_path(const char *dir, size_t dirlen, void *param)
2835 {
2836 struct try_library_args *arg;
2837
2838 arg = param;
2839 if (*dir == '/' || trust) {
2840 char *pathname;
2841
2842 if (dirlen + 1 + arg->namelen + 1 > arg->buflen)
2843 return (NULL);
2844
2845 pathname = arg->buffer;
2846 strncpy(pathname, dir, dirlen);
2847 pathname[dirlen] = '/';
2848 strcpy(pathname + dirlen + 1, arg->name);
2849
2850 dbg(" Trying \"%s\"", pathname);
2851 if (access(pathname, F_OK) == 0) { /* We found it */
2852 pathname = xmalloc(dirlen + 1 + arg->namelen + 1);
2853 strcpy(pathname, arg->buffer);
2854 return (pathname);
2855 }
2856 }
2857 return (NULL);
2858 }
2859
2860 static char *
2861 search_library_path(const char *name, const char *path)
2862 {
2863 char *p;
2864 struct try_library_args arg;
2865
2866 if (path == NULL)
2867 return NULL;
2868
2869 arg.name = name;
2870 arg.namelen = strlen(name);
2871 arg.buffer = xmalloc(PATH_MAX);
2872 arg.buflen = PATH_MAX;
2873
2874 p = path_enumerate(path, try_library_path, &arg);
2875
2876 free(arg.buffer);
2877
2878 return (p);
2879 }
2880
2881
2882 /*
2883 * Finds the library with the given name using the directory descriptors
2884 * listed in the LD_LIBRARY_PATH_FDS environment variable.
2885 *
2886 * Returns a freshly-opened close-on-exec file descriptor for the library,
2887 * or -1 if the library cannot be found.
2888 */
2889 static char *
2890 search_library_pathfds(const char *name, const char *path, int *fdp)
2891 {
2892 char *envcopy, *fdstr, *found, *last_token;
2893 size_t len;
2894 int dirfd, fd;
2895
2896 dbg("%s('%s', '%s', fdp)", __func__, name, path);
2897
2898 /* Don't load from user-specified libdirs into setuid binaries. */
2899 if (!trust)
2900 return (NULL);
2901
2902 /* We can't do anything if LD_LIBRARY_PATH_FDS isn't set. */
2903 if (path == NULL)
2904 return (NULL);
2905
2906 /* LD_LIBRARY_PATH_FDS only works with relative paths. */
2907 if (name[0] == '/') {
2908 dbg("Absolute path (%s) passed to %s", name, __func__);
2909 return (NULL);
2910 }
2911
2912 /*
2913 * Use strtok_r() to walk the FD:FD:FD list. This requires a local
2914 * copy of the path, as strtok_r rewrites separator tokens
2915 * with '\0'.
2916 *
2917 * NOTE: strtok() uses a __thread static and cannot be used by rtld.
2918 */
2919 found = NULL;
2920 envcopy = xstrdup(path);
2921 for (fdstr = strtok_r(envcopy, ":", &last_token); fdstr != NULL;
2922 fdstr = strtok_r(NULL, ":", &last_token)) {
2923 dirfd = parse_libdir(fdstr);
2924 if (dirfd < 0)
2925 break;
2926 fd = openat(dirfd, name, O_RDONLY | O_CLOEXEC);
2927 if (fd >= 0) {
2928 *fdp = fd;
2929 len = strlen(fdstr) + strlen(name) + 3;
2930 found = xmalloc(len);
2931 if (rtld_snprintf(found, len, "#%d/%s", dirfd, name) < 0) {
2932 _rtld_error("error generating '%d/%s'",
2933 dirfd, name);
2934 die();
2935 }
2936 dbg("open('%s') => %d", found, fd);
2937 break;
2938 }
2939 }
2940 free(envcopy);
2941
2942 return (found);
2943 }
2944
2945
2946 int
2947 dlclose(void *handle)
2948 {
2949 Obj_Entry *root;
2950 RtldLockState lockstate;
2951
2952 wlock_acquire(rtld_bind_lock, &lockstate);
2953 root = dlcheck(handle);
2954 if (root == NULL) {
2955 lock_release(rtld_bind_lock, &lockstate);
2956 return -1;
2957 }
2958 LD_UTRACE(UTRACE_DLCLOSE_START, handle, NULL, 0, root->dl_refcount,
2959 root->path);
2960
2961 /* Unreference the object and its dependencies. */
2962 root->dl_refcount--;
2963
2964 if (root->refcount == 1) {
2965 /*
2966 * The object will be no longer referenced, so we must unload it.
2967 * First, call the fini functions.
2968 */
2969 objlist_call_fini(&list_fini, root, &lockstate);
2970
2971 unref_dag(root);
2972
2973 /* Finish cleaning up the newly-unreferenced objects. */
2974 GDB_STATE(RT_DELETE,&root->linkmap);
2975 unload_object(root);
2976 GDB_STATE(RT_CONSISTENT,NULL);
2977 } else
2978 unref_dag(root);
2979
2980 LD_UTRACE(UTRACE_DLCLOSE_STOP, handle, NULL, 0, 0, NULL);
2981 lock_release(rtld_bind_lock, &lockstate);
2982 return 0;
2983 }
2984
2985 char *
2986 dlerror(void)
2987 {
2988 char *msg = error_message;
2989 error_message = NULL;
2990 return msg;
2991 }
2992
2993 void *
2994 dlopen(const char *name, int mode)
2995 {
2996
2997 return (rtld_dlopen(name, -1, mode));
2998 }
2999
3000 void *
3001 fdlopen(int fd, int mode)
3002 {
3003
3004 return (rtld_dlopen(NULL, fd, mode));
3005 }
3006
3007 static void *
3008 rtld_dlopen(const char *name, int fd, int mode)
3009 {
3010 RtldLockState lockstate;
3011 int lo_flags;
3012
3013 LD_UTRACE(UTRACE_DLOPEN_START, NULL, NULL, 0, mode, name);
3014 ld_tracing = (mode & RTLD_TRACE) == 0 ? NULL : "1";
3015 if (ld_tracing != NULL) {
3016 rlock_acquire(rtld_bind_lock, &lockstate);
3017 if (sigsetjmp(lockstate.env, 0) != 0)
3018 lock_upgrade(rtld_bind_lock, &lockstate);
3019 environ = (char **)*get_program_var_addr("environ", &lockstate);
3020 lock_release(rtld_bind_lock, &lockstate);
3021 }
3022 lo_flags = RTLD_LO_DLOPEN;
3023 if (mode & RTLD_NODELETE)
3024 lo_flags |= RTLD_LO_NODELETE;
3025 if (mode & RTLD_NOLOAD)
3026 lo_flags |= RTLD_LO_NOLOAD;
3027 if (ld_tracing != NULL)
3028 lo_flags |= RTLD_LO_TRACE;
3029
3030 return (dlopen_object(name, fd, obj_main, lo_flags,
3031 mode & (RTLD_MODEMASK | RTLD_GLOBAL), NULL));
3032 }
3033
3034 static void
3035 dlopen_cleanup(Obj_Entry *obj)
3036 {
3037
3038 obj->dl_refcount--;
3039 unref_dag(obj);
3040 if (obj->refcount == 0)
3041 unload_object(obj);
3042 }
3043
3044 static Obj_Entry *
3045 dlopen_object(const char *name, int fd, Obj_Entry *refobj, int lo_flags,
3046 int mode, RtldLockState *lockstate)
3047 {
3048 Obj_Entry **old_obj_tail;
3049 Obj_Entry *obj;
3050 Objlist initlist;
3051 RtldLockState mlockstate;
3052 int result;
3053
3054 objlist_init(&initlist);
3055
3056 if (lockstate == NULL && !(lo_flags & RTLD_LO_EARLY)) {
3057 wlock_acquire(rtld_bind_lock, &mlockstate);
3058 lockstate = &mlockstate;
3059 }
3060 GDB_STATE(RT_ADD,NULL);
3061
3062 old_obj_tail = obj_tail;
3063 obj = NULL;
3064 if (name == NULL && fd == -1) {
3065 obj = obj_main;
3066 obj->refcount++;
3067 } else {
3068 obj = load_object(name, fd, refobj, lo_flags);
3069 }
3070
3071 if (obj) {
3072 obj->dl_refcount++;
3073 if (mode & RTLD_GLOBAL && objlist_find(&list_global, obj) == NULL)
3074 objlist_push_tail(&list_global, obj);
3075 if (*old_obj_tail != NULL) { /* We loaded something new. */
3076 assert(*old_obj_tail == obj);
3077 if ((lo_flags & RTLD_LO_EARLY) == 0 && obj->static_tls &&
3078 !allocate_tls_offset(obj)) {
3079 _rtld_error("%s: No space available "
3080 "for static TLS",
3081 obj->path);
3082 result = -1;
3083 } else {
3084 result = 0;
3085 }
3086 if (result == 0) {
3087 result = load_needed_objects(
3088 obj,
3089 lo_flags & (RTLD_LO_DLOPEN | RTLD_LO_EARLY));
3090 }
3091 init_dag(obj);
3092 ref_dag(obj);
3093 if (result != -1)
3094 result = rtld_verify_versions(&obj->dagmembers);
3095 if (result != -1 && ld_tracing)
3096 goto trace;
3097 if (result == -1 || relocate_object_dag(obj,
3098 (mode & RTLD_MODEMASK) == RTLD_NOW, &obj_rtld,
3099 (lo_flags & RTLD_LO_EARLY) ? SYMLOOK_EARLY : 0,
3100 lockstate) == -1) {
3101 dlopen_cleanup(obj);
3102 obj = NULL;
3103 } else if (lo_flags & RTLD_LO_EARLY) {
3104 /*
3105 * Do not call the init functions for early loaded
3106 * filtees. The image is still not initialized enough
3107 * for them to work.
3108 *
3109 * Our object is found by the global object list and
3110 * will be ordered among all init calls done right
3111 * before transferring control to main.
3112 */
3113 } else {
3114 /* Make list of init functions to call. */
3115 initlist_add_objects(obj, &obj->next, &initlist);
3116 }
3117 /*
3118 * Process all no_delete objects here, given them own
3119 * DAGs to prevent their dependencies from being unloaded.
3120 * This has to be done after we have loaded all of the
3121 * dependencies, so that we do not miss any.
3122 */
3123 if (obj != NULL)
3124 process_nodelete(obj);
3125 } else {
3126 /*
3127 * Bump the reference counts for objects on this DAG. If
3128 * this is the first dlopen() call for the object that was
3129 * already loaded as a dependency, initialize the dag
3130 * starting at it.
3131 */
3132 init_dag(obj);
3133 ref_dag(obj);
3134
3135 if ((lo_flags & RTLD_LO_TRACE) != 0)
3136 goto trace;
3137 }
3138 if (obj != NULL && ((lo_flags & RTLD_LO_NODELETE) != 0 ||
3139 obj->z_nodelete) && !obj->ref_nodel) {
3140 dbg("obj %s nodelete", obj->path);
3141 ref_dag(obj);
3142 obj->z_nodelete = obj->ref_nodel = true;
3143 }
3144 }
3145
3146 LD_UTRACE(UTRACE_DLOPEN_STOP, obj, NULL, 0, obj ? obj->dl_refcount : 0,
3147 name);
3148 GDB_STATE(RT_CONSISTENT,obj ? &obj->linkmap : NULL);
3149
3150 if ((lo_flags & RTLD_LO_EARLY) == 0) {
3151 map_stacks_exec(lockstate);
3152 if (obj)
3153 distribute_static_tls(&initlist, lockstate);
3154 }
3155
3156 if (initlist_objects_ifunc(&initlist, (mode & RTLD_MODEMASK) == RTLD_NOW,
3157 (lo_flags & RTLD_LO_EARLY) ? SYMLOOK_EARLY : 0,
3158 lockstate) == -1) {
3159 objlist_clear(&initlist);
3160 dlopen_cleanup(obj);
3161 if (lockstate == &mlockstate)
3162 lock_release(rtld_bind_lock, lockstate);
3163 return (NULL);
3164 }
3165
3166 if (!(lo_flags & RTLD_LO_EARLY)) {
3167 /* Call the init functions. */
3168 objlist_call_init(&initlist, lockstate);
3169 }
3170 objlist_clear(&initlist);
3171 if (lockstate == &mlockstate)
3172 lock_release(rtld_bind_lock, lockstate);
3173 return obj;
3174 trace:
3175 trace_loaded_objects(obj);
3176 if (lockstate == &mlockstate)
3177 lock_release(rtld_bind_lock, lockstate);
3178 exit(0);
3179 }
3180
3181 static void *
3182 do_dlsym(void *handle, const char *name, void *retaddr, const Ver_Entry *ve,
3183 int flags)
3184 {
3185 DoneList donelist;
3186 const Obj_Entry *obj, *defobj;
3187 const Elf_Sym *def;
3188 SymLook req;
3189 RtldLockState lockstate;
3190 tls_index ti;
3191 int res;
3192
3193 def = NULL;
3194 defobj = NULL;
3195 symlook_init(&req, name);
3196 req.ventry = ve;
3197 req.flags = flags | SYMLOOK_IN_PLT;
3198 req.lockstate = &lockstate;
3199
3200 rlock_acquire(rtld_bind_lock, &lockstate);
3201 if (sigsetjmp(lockstate.env, 0) != 0)
3202 lock_upgrade(rtld_bind_lock, &lockstate);
3203 if (handle == NULL || handle == RTLD_NEXT ||
3204 handle == RTLD_DEFAULT || handle == RTLD_SELF ||
3205 handle == RTLD_ALL) {
3206
3207 if (handle != RTLD_ALL) {
3208 if ((obj = obj_from_addr(retaddr)) == NULL) {
3209 _rtld_error("Cannot determine caller's shared object");
3210 lock_release(rtld_bind_lock, &lockstate);
3211 return NULL;
3212 }
3213 } else {
3214 obj = obj_list;
3215 }
3216 if (handle == NULL) { /* Just the caller's shared object. */
3217 res = symlook_obj(&req, obj);
3218 if (res == 0) {
3219 def = req.sym_out;
3220 defobj = req.defobj_out;
3221 }
3222 } else if (handle == RTLD_NEXT || /* Objects after caller's */
3223 handle == RTLD_SELF || /* ... caller included */
3224 handle == RTLD_ALL) { /* All Objects */
3225 if (handle == RTLD_NEXT)
3226 obj = obj->next;
3227 for (; obj != NULL; obj = obj->next) {
3228 res = symlook_obj(&req, obj);
3229 if (res == 0) {
3230 if (def == NULL ||
3231 ELF_ST_BIND(req.sym_out->st_info) != STB_WEAK) {
3232 def = req.sym_out;
3233 defobj = req.defobj_out;
3234 if (ELF_ST_BIND(def->st_info) != STB_WEAK)
3235 break;
3236 }
3237 }
3238 }
3239 /*
3240 * Search the dynamic linker itself, and possibly resolve the
3241 * symbol from there. This is how the application links to
3242 * dynamic linker services such as dlopen.
3243 */
3244 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) {
3245 res = symlook_obj(&req, &obj_rtld);
3246 if (res == 0) {
3247 def = req.sym_out;
3248 defobj = req.defobj_out;
3249 }
3250 }
3251 } else {
3252 assert(handle == RTLD_DEFAULT);
3253 res = symlook_default(&req, obj);
3254 if (res == 0) {
3255 defobj = req.defobj_out;
3256 def = req.sym_out;
3257 }
3258 }
3259 } else {
3260 if ((obj = dlcheck(handle)) == NULL) {
3261 lock_release(rtld_bind_lock, &lockstate);
3262 return NULL;
3263 }
3264
3265 donelist_init(&donelist);
3266 if (obj->mainprog) {
3267 /* Handle obtained by dlopen(NULL, ...) implies global scope. */
3268 res = symlook_global(&req, &donelist);
3269 if (res == 0) {
3270 def = req.sym_out;
3271 defobj = req.defobj_out;
3272 }
3273 /*
3274 * Search the dynamic linker itself, and possibly resolve the
3275 * symbol from there. This is how the application links to
3276 * dynamic linker services such as dlopen.
3277 */
3278 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) {
3279 res = symlook_obj(&req, &obj_rtld);
3280 if (res == 0) {
3281 def = req.sym_out;
3282 defobj = req.defobj_out;
3283 }
3284 }
3285 }
3286 else {
3287 /* Search the whole DAG rooted at the given object. */
3288 res = symlook_list(&req, &obj->dagmembers, &donelist);
3289 if (res == 0) {
3290 def = req.sym_out;
3291 defobj = req.defobj_out;
3292 }
3293 }
3294 }
3295
3296 if (def != NULL) {
3297 lock_release(rtld_bind_lock, &lockstate);
3298
3299 /*
3300 * The value required by the caller is derived from the value
3301 * of the symbol. this is simply the relocated value of the
3302 * symbol.
3303 */
3304 if (ELF_ST_TYPE(def->st_info) == STT_FUNC)
3305 return (make_function_pointer(def, defobj));
3306 else if (ELF_ST_TYPE(def->st_info) == STT_GNU_IFUNC)
3307 return (rtld_resolve_ifunc(defobj, def));
3308 else if (ELF_ST_TYPE(def->st_info) == STT_TLS) {
3309 ti.ti_module = defobj->tlsindex;
3310 ti.ti_offset = def->st_value;
3311 return (__tls_get_addr(&ti));
3312 } else
3313 return (defobj->relocbase + def->st_value);
3314 }
3315
3316 _rtld_error("Undefined symbol \"%s\"", name);
3317 lock_release(rtld_bind_lock, &lockstate);
3318 return NULL;
3319 }
3320
3321 void *
3322 dlsym(void *handle, const char *name)
3323 {
3324 return do_dlsym(handle, name, __builtin_return_address(0), NULL,
3325 SYMLOOK_DLSYM);
3326 }
3327
3328 dlfunc_t
3329 dlfunc(void *handle, const char *name)
3330 {
3331 union {
3332 void *d;
3333 dlfunc_t f;
3334 } rv;
3335
3336 rv.d = do_dlsym(handle, name, __builtin_return_address(0), NULL,
3337 SYMLOOK_DLSYM);
3338 return (rv.f);
3339 }
3340
3341 void *
3342 dlvsym(void *handle, const char *name, const char *version)
3343 {
3344 Ver_Entry ventry;
3345
3346 ventry.name = version;
3347 ventry.file = NULL;
3348 ventry.hash = elf_hash(version);
3349 ventry.flags= 0;
3350 return do_dlsym(handle, name, __builtin_return_address(0), &ventry,
3351 SYMLOOK_DLSYM);
3352 }
3353
3354 int
3355 _rtld_addr_phdr(const void *addr, struct dl_phdr_info *phdr_info)
3356 {
3357 const Obj_Entry *obj;
3358 RtldLockState lockstate;
3359
3360 rlock_acquire(rtld_bind_lock, &lockstate);
3361 obj = obj_from_addr(addr);
3362 if (obj == NULL) {
3363 _rtld_error("No shared object contains address");
3364 lock_release(rtld_bind_lock, &lockstate);
3365 return (0);
3366 }
3367 rtld_fill_dl_phdr_info(obj, phdr_info);
3368 lock_release(rtld_bind_lock, &lockstate);
3369 return (1);
3370 }
3371
3372 int
3373 dladdr(const void *addr, Dl_info *info)
3374 {
3375 const Obj_Entry *obj;
3376 const Elf_Sym *def;
3377 void *symbol_addr;
3378 unsigned long symoffset;
3379 RtldLockState lockstate;
3380
3381 rlock_acquire(rtld_bind_lock, &lockstate);
3382 obj = obj_from_addr(addr);
3383 if (obj == NULL) {
3384 _rtld_error("No shared object contains address");
3385 lock_release(rtld_bind_lock, &lockstate);
3386 return 0;
3387 }
3388 info->dli_fname = obj->path;
3389 info->dli_fbase = obj->mapbase;
3390 info->dli_saddr = NULL;
3391 info->dli_sname = NULL;
3392
3393 /*
3394 * Walk the symbol list looking for the symbol whose address is
3395 * closest to the address sent in.
3396 */
3397 for (symoffset = 0; symoffset < obj->dynsymcount; symoffset++) {
3398 def = obj->symtab + symoffset;
3399
3400 /*
3401 * For skip the symbol if st_shndx is either SHN_UNDEF or
3402 * SHN_COMMON.
3403 */
3404 if (def->st_shndx == SHN_UNDEF || def->st_shndx == SHN_COMMON)
3405 continue;
3406
3407 /*
3408 * If the symbol is greater than the specified address, or if it
3409 * is further away from addr than the current nearest symbol,
3410 * then reject it.
3411 */
3412 symbol_addr = obj->relocbase + def->st_value;
3413 if (symbol_addr > addr || symbol_addr < info->dli_saddr)
3414 continue;
3415
3416 /* Update our idea of the nearest symbol. */
3417 info->dli_sname = obj->strtab + def->st_name;
3418 info->dli_saddr = symbol_addr;
3419
3420 /* Exact match? */
3421 if (info->dli_saddr == addr)
3422 break;
3423 }
3424 lock_release(rtld_bind_lock, &lockstate);
3425 return 1;
3426 }
3427
3428 int
3429 dlinfo(void *handle, int request, void *p)
3430 {
3431 const Obj_Entry *obj;
3432 RtldLockState lockstate;
3433 int error;
3434
3435 rlock_acquire(rtld_bind_lock, &lockstate);
3436
3437 if (handle == NULL || handle == RTLD_SELF) {
3438 void *retaddr;
3439
3440 retaddr = __builtin_return_address(0); /* __GNUC__ only */
3441 if ((obj = obj_from_addr(retaddr)) == NULL)
3442 _rtld_error("Cannot determine caller's shared object");
3443 } else
3444 obj = dlcheck(handle);
3445
3446 if (obj == NULL) {
3447 lock_release(rtld_bind_lock, &lockstate);
3448 return (-1);
3449 }
3450
3451 error = 0;
3452 switch (request) {
3453 case RTLD_DI_LINKMAP:
3454 *((struct link_map const **)p) = &obj->linkmap;
3455 break;
3456 case RTLD_DI_ORIGIN:
3457 error = rtld_dirname(obj->path, p);
3458 break;
3459
3460 case RTLD_DI_SERINFOSIZE:
3461 case RTLD_DI_SERINFO:
3462 error = do_search_info(obj, request, (struct dl_serinfo *)p);
3463 break;
3464
3465 default:
3466 _rtld_error("Invalid request %d passed to dlinfo()", request);
3467 error = -1;
3468 }
3469
3470 lock_release(rtld_bind_lock, &lockstate);
3471
3472 return (error);
3473 }
3474
3475 static void
3476 rtld_fill_dl_phdr_info(const Obj_Entry *obj, struct dl_phdr_info *phdr_info)
3477 {
3478
3479 phdr_info->dlpi_addr = (Elf_Addr)obj->relocbase;
3480 phdr_info->dlpi_name = obj->path;
3481 phdr_info->dlpi_phdr = obj->phdr;
3482 phdr_info->dlpi_phnum = obj->phsize / sizeof(obj->phdr[0]);
3483 phdr_info->dlpi_tls_modid = obj->tlsindex;
3484 phdr_info->dlpi_tls_data = obj->tlsinit;
3485 phdr_info->dlpi_adds = obj_loads;
3486 phdr_info->dlpi_subs = obj_loads - obj_count;
3487 }
3488
3489 int
3490 dl_iterate_phdr(__dl_iterate_hdr_callback callback, void *param)
3491 {
3492 struct dl_phdr_info phdr_info;
3493 const Obj_Entry *obj;
3494 RtldLockState bind_lockstate, phdr_lockstate;
3495 int error;
3496
3497 wlock_acquire(rtld_phdr_lock, &phdr_lockstate);
3498 rlock_acquire(rtld_bind_lock, &bind_lockstate);
3499
3500 error = 0;
3501
3502 for (obj = obj_list; obj != NULL; obj = obj->next) {
3503 rtld_fill_dl_phdr_info(obj, &phdr_info);
3504 if ((error = callback(&phdr_info, sizeof phdr_info, param)) != 0)
3505 break;
3506
3507 }
3508 if (error == 0) {
3509 rtld_fill_dl_phdr_info(&obj_rtld, &phdr_info);
3510 error = callback(&phdr_info, sizeof(phdr_info), param);
3511 }
3512
3513 lock_release(rtld_bind_lock, &bind_lockstate);
3514 lock_release(rtld_phdr_lock, &phdr_lockstate);
3515
3516 return (error);
3517 }
3518
3519 static void *
3520 fill_search_info(const char *dir, size_t dirlen, void *param)
3521 {
3522 struct fill_search_info_args *arg;
3523
3524 arg = param;
3525
3526 if (arg->request == RTLD_DI_SERINFOSIZE) {
3527 arg->serinfo->dls_cnt ++;
3528 arg->serinfo->dls_size += sizeof(struct dl_serpath) + dirlen + 1;
3529 } else {
3530 struct dl_serpath *s_entry;
3531
3532 s_entry = arg->serpath;
3533 s_entry->dls_name = arg->strspace;
3534 s_entry->dls_flags = arg->flags;
3535
3536 strncpy(arg->strspace, dir, dirlen);
3537 arg->strspace[dirlen] = '\0';
3538
3539 arg->strspace += dirlen + 1;
3540 arg->serpath++;
3541 }
3542
3543 return (NULL);
3544 }
3545
3546 static int
3547 do_search_info(const Obj_Entry *obj, int request, struct dl_serinfo *info)
3548 {
3549 struct dl_serinfo _info;
3550 struct fill_search_info_args args;
3551
3552 args.request = RTLD_DI_SERINFOSIZE;
3553 args.serinfo = &_info;
3554
3555 _info.dls_size = __offsetof(struct dl_serinfo, dls_serpath);
3556 _info.dls_cnt = 0;
3557
3558 path_enumerate(obj->rpath, fill_search_info, &args);
3559 path_enumerate(ld_library_path, fill_search_info, &args);
3560 path_enumerate(obj->runpath, fill_search_info, &args);
3561 path_enumerate(gethints(obj->z_nodeflib), fill_search_info, &args);
3562 if (!obj->z_nodeflib)
3563 path_enumerate(STANDARD_LIBRARY_PATH, fill_search_info, &args);
3564
3565
3566 if (request == RTLD_DI_SERINFOSIZE) {
3567 info->dls_size = _info.dls_size;
3568 info->dls_cnt = _info.dls_cnt;
3569 return (0);
3570 }
3571
3572 if (info->dls_cnt != _info.dls_cnt || info->dls_size != _info.dls_size) {
3573 _rtld_error("Uninitialized Dl_serinfo struct passed to dlinfo()");
3574 return (-1);
3575 }
3576
3577 args.request = RTLD_DI_SERINFO;
3578 args.serinfo = info;
3579 args.serpath = &info->dls_serpath[0];
3580 args.strspace = (char *)&info->dls_serpath[_info.dls_cnt];
3581
3582 args.flags = LA_SER_RUNPATH;
3583 if (path_enumerate(obj->rpath, fill_search_info, &args) != NULL)
3584 return (-1);
3585
3586 args.flags = LA_SER_LIBPATH;
3587 if (path_enumerate(ld_library_path, fill_search_info, &args) != NULL)
3588 return (-1);
3589
3590 args.flags = LA_SER_RUNPATH;
3591 if (path_enumerate(obj->runpath, fill_search_info, &args) != NULL)
3592 return (-1);
3593
3594 args.flags = LA_SER_CONFIG;
3595 if (path_enumerate(gethints(obj->z_nodeflib), fill_search_info, &args)
3596 != NULL)
3597 return (-1);
3598
3599 args.flags = LA_SER_DEFAULT;
3600 if (!obj->z_nodeflib &&
3601 path_enumerate(STANDARD_LIBRARY_PATH, fill_search_info, &args) != NULL)
3602 return (-1);
3603 return (0);
3604 }
3605
3606 static int
3607 rtld_dirname(const char *path, char *bname)
3608 {
3609 const char *endp;
3610
3611 /* Empty or NULL string gets treated as "." */
3612 if (path == NULL || *path == '\0') {
3613 bname[0] = '.';
3614 bname[1] = '\0';
3615 return (0);
3616 }
3617
3618 /* Strip trailing slashes */
3619 endp = path + strlen(path) - 1;
3620 while (endp > path && *endp == '/')
3621 endp--;
3622
3623 /* Find the start of the dir */
3624 while (endp > path && *endp != '/')
3625 endp--;
3626
3627 /* Either the dir is "/" or there are no slashes */
3628 if (endp == path) {
3629 bname[0] = *endp == '/' ? '/' : '.';
3630 bname[1] = '\0';
3631 return (0);
3632 } else {
3633 do {
3634 endp--;
3635 } while (endp > path && *endp == '/');
3636 }
3637
3638 if (endp - path + 2 > PATH_MAX)
3639 {
3640 _rtld_error("Filename is too long: %s", path);
3641 return(-1);
3642 }
3643
3644 strncpy(bname, path, endp - path + 1);
3645 bname[endp - path + 1] = '\0';
3646 return (0);
3647 }
3648
3649 static int
3650 rtld_dirname_abs(const char *path, char *base)
3651 {
3652 char base_rel[PATH_MAX];
3653
3654 if (rtld_dirname(path, base) == -1)
3655 return (-1);
3656 if (base[0] == '/')
3657 return (0);
3658 if (getcwd(base_rel, sizeof(base_rel)) == NULL ||
3659 strlcat(base_rel, "/", sizeof(base_rel)) >= sizeof(base_rel) ||
3660 strlcat(base_rel, base, sizeof(base_rel)) >= sizeof(base_rel))
3661 return (-1);
3662 strcpy(base, base_rel);
3663 return (0);
3664 }
3665
3666 static void
3667 linkmap_add(Obj_Entry *obj)
3668 {
3669 struct link_map *l = &obj->linkmap;
3670 struct link_map *prev;
3671
3672 obj->linkmap.l_name = obj->path;
3673 obj->linkmap.l_addr = obj->mapbase;
3674 obj->linkmap.l_ld = obj->dynamic;
3675
3676 if (r_debug.r_map == NULL) {
3677 r_debug.r_map = l;
3678 return;
3679 }
3680
3681 /*
3682 * Scan to the end of the list, but not past the entry for the
3683 * dynamic linker, which we want to keep at the very end.
3684 */
3685 for (prev = r_debug.r_map;
3686 prev->l_next != NULL && prev->l_next != &obj_rtld.linkmap;
3687 prev = prev->l_next)
3688 ;
3689
3690 /* Link in the new entry. */
3691 l->l_prev = prev;
3692 l->l_next = prev->l_next;
3693 if (l->l_next != NULL)
3694 l->l_next->l_prev = l;
3695 prev->l_next = l;
3696 }
3697
3698 static void
3699 linkmap_delete(Obj_Entry *obj)
3700 {
3701 struct link_map *l = &obj->linkmap;
3702
3703 if (l->l_prev == NULL) {
3704 if ((r_debug.r_map = l->l_next) != NULL)
3705 l->l_next->l_prev = NULL;
3706 return;
3707 }
3708
3709 if ((l->l_prev->l_next = l->l_next) != NULL)
3710 l->l_next->l_prev = l->l_prev;
3711 }
3712
3713 /*
3714 * Function for the debugger to set a breakpoint on to gain control.
3715 *
3716 * The two parameters allow the debugger to easily find and determine
3717 * what the runtime loader is doing and to whom it is doing it.
3718 *
3719 * When the loadhook trap is hit (r_debug_state, set at program
3720 * initialization), the arguments can be found on the stack:
3721 *
3722 * +8 struct link_map *m
3723 * +4 struct r_debug *rd
3724 * +0 RetAddr
3725 */
3726 void
3727 r_debug_state(struct r_debug* rd, struct link_map *m)
3728 {
3729 /*
3730 * The following is a hack to force the compiler to emit calls to
3731 * this function, even when optimizing. If the function is empty,
3732 * the compiler is not obliged to emit any code for calls to it,
3733 * even when marked __noinline. However, gdb depends on those
3734 * calls being made.
3735 */
3736 __asm __volatile("" : : : "memory");
3737 }
3738
3739 /*
3740 * A function called after init routines have completed. This can be used to
3741 * break before a program's entry routine is called, and can be used when
3742 * main is not available in the symbol table.
3743 */
3744 void
3745 _r_debug_postinit(struct link_map *m)
3746 {
3747
3748 /* See r_debug_state(). */
3749 __asm __volatile("" : : : "memory");
3750 }
3751
3752 /*
3753 * Get address of the pointer variable in the main program.
3754 * Prefer non-weak symbol over the weak one.
3755 */
3756 static const void **
3757 get_program_var_addr(const char *name, RtldLockState *lockstate)
3758 {
3759 SymLook req;
3760 DoneList donelist;
3761
3762 symlook_init(&req, name);
3763 req.lockstate = lockstate;
3764 donelist_init(&donelist);
3765 if (symlook_global(&req, &donelist) != 0)
3766 return (NULL);
3767 if (ELF_ST_TYPE(req.sym_out->st_info) == STT_FUNC)
3768 return ((const void **)make_function_pointer(req.sym_out,
3769 req.defobj_out));
3770 else if (ELF_ST_TYPE(req.sym_out->st_info) == STT_GNU_IFUNC)
3771 return ((const void **)rtld_resolve_ifunc(req.defobj_out, req.sym_out));
3772 else
3773 return ((const void **)(req.defobj_out->relocbase +
3774 req.sym_out->st_value));
3775 }
3776
3777 /*
3778 * Set a pointer variable in the main program to the given value. This
3779 * is used to set key variables such as "environ" before any of the
3780 * init functions are called.
3781 */
3782 static void
3783 set_program_var(const char *name, const void *value)
3784 {
3785 const void **addr;
3786
3787 if ((addr = get_program_var_addr(name, NULL)) != NULL) {
3788 dbg("\"%s\": *%p <-- %p", name, addr, value);
3789 *addr = value;
3790 }
3791 }
3792
3793 /*
3794 * Search the global objects, including dependencies and main object,
3795 * for the given symbol.
3796 */
3797 static int
3798 symlook_global(SymLook *req, DoneList *donelist)
3799 {
3800 SymLook req1;
3801 const Objlist_Entry *elm;
3802 int res;
3803
3804 symlook_init_from_req(&req1, req);
3805
3806 /* Search all objects loaded at program start up. */
3807 if (req->defobj_out == NULL ||
3808 ELF_ST_BIND(req->sym_out->st_info) == STB_WEAK) {
3809 res = symlook_list(&req1, &list_main, donelist);
3810 if (res == 0 && (req->defobj_out == NULL ||
3811 ELF_ST_BIND(req1.sym_out->st_info) != STB_WEAK)) {
3812 req->sym_out = req1.sym_out;
3813 req->defobj_out = req1.defobj_out;
3814 assert(req->defobj_out != NULL);
3815 }
3816 }
3817
3818 /* Search all DAGs whose roots are RTLD_GLOBAL objects. */
3819 STAILQ_FOREACH(elm, &list_global, link) {
3820 if (req->defobj_out != NULL &&
3821 ELF_ST_BIND(req->sym_out->st_info) != STB_WEAK)
3822 break;
3823 res = symlook_list(&req1, &elm->obj->dagmembers, donelist);
3824 if (res == 0 && (req->defobj_out == NULL ||
3825 ELF_ST_BIND(req1.sym_out->st_info) != STB_WEAK)) {
3826 req->sym_out = req1.sym_out;
3827 req->defobj_out = req1.defobj_out;
3828 assert(req->defobj_out != NULL);
3829 }
3830 }
3831
3832 return (req->sym_out != NULL ? 0 : ESRCH);
3833 }
3834
3835 /*
3836 * This is a special version of getenv which is far more efficient
3837 * at finding LD_ environment vars.
3838 */
3839 static
3840 const char *
3841 _getenv_ld(const char *id)
3842 {
3843 const char *envp;
3844 int i, j;
3845 int idlen = strlen(id);
3846
3847 if (ld_index == LD_ARY_CACHE)
3848 return(getenv(id));
3849 if (ld_index == 0) {
3850 for (i = j = 0; (envp = environ[i]) != NULL && j < LD_ARY_CACHE; ++i) {
3851 if (envp[0] == 'L' && envp[1] == 'D' && envp[2] == '_')
3852 ld_ary[j++] = envp;
3853 }
3854 if (j == 0)
3855 ld_ary[j++] = "";
3856 ld_index = j;
3857 }
3858 for (i = ld_index - 1; i >= 0; --i) {
3859 if (strncmp(ld_ary[i], id, idlen) == 0 && ld_ary[i][idlen] == '=')
3860 return(ld_ary[i] + idlen + 1);
3861 }
3862 return(NULL);
3863 }
3864
3865 /*
3866 * Given a symbol name in a referencing object, find the corresponding
3867 * definition of the symbol. Returns a pointer to the symbol, or NULL if
3868 * no definition was found. Returns a pointer to the Obj_Entry of the
3869 * defining object via the reference parameter DEFOBJ_OUT.
3870 */
3871 static int
3872 symlook_default(SymLook *req, const Obj_Entry *refobj)
3873 {
3874 DoneList donelist;
3875 const Objlist_Entry *elm;
3876 SymLook req1;
3877 int res;
3878
3879 donelist_init(&donelist);
3880 symlook_init_from_req(&req1, req);
3881
3882 /* Look first in the referencing object if linked symbolically. */
3883 if (refobj->symbolic && !donelist_check(&donelist, refobj)) {
3884 res = symlook_obj(&req1, refobj);
3885 if (res == 0) {
3886 req->sym_out = req1.sym_out;
3887 req->defobj_out = req1.defobj_out;
3888 assert(req->defobj_out != NULL);
3889 }
3890 }
3891
3892 symlook_global(req, &donelist);
3893
3894 /* Search all dlopened DAGs containing the referencing object. */
3895 STAILQ_FOREACH(elm, &refobj->dldags, link) {
3896 if (req->sym_out != NULL &&
3897 ELF_ST_BIND(req->sym_out->st_info) != STB_WEAK)
3898 break;
3899 res = symlook_list(&req1, &elm->obj->dagmembers, &donelist);
3900 if (res == 0 && (req->sym_out == NULL ||
3901 ELF_ST_BIND(req1.sym_out->st_info) != STB_WEAK)) {
3902 req->sym_out = req1.sym_out;
3903 req->defobj_out = req1.defobj_out;
3904 assert(req->defobj_out != NULL);
3905 }
3906 }
3907
3908 /*
3909 * Search the dynamic linker itself, and possibly resolve the
3910 * symbol from there. This is how the application links to
3911 * dynamic linker services such as dlopen.
3912 */
3913 if (req->sym_out == NULL ||
3914 ELF_ST_BIND(req->sym_out->st_info) == STB_WEAK) {
3915 res = symlook_obj(&req1, &obj_rtld);
3916 if (res == 0) {
3917 req->sym_out = req1.sym_out;
3918 req->defobj_out = req1.defobj_out;
3919 assert(req->defobj_out != NULL);
3920 }
3921 }
3922
3923 return (req->sym_out != NULL ? 0 : ESRCH);
3924 }
3925
3926 static int
3927 symlook_list(SymLook *req, const Objlist *objlist, DoneList *dlp)
3928 {
3929 const Elf_Sym *def;
3930 const Obj_Entry *defobj;
3931 const Objlist_Entry *elm;
3932 SymLook req1;
3933 int res;
3934
3935 def = NULL;
3936 defobj = NULL;
3937 STAILQ_FOREACH(elm, objlist, link) {
3938 if (donelist_check(dlp, elm->obj))
3939 continue;
3940 symlook_init_from_req(&req1, req);
3941 if ((res = symlook_obj(&req1, elm->obj)) == 0) {
3942 if (def == NULL || ELF_ST_BIND(req1.sym_out->st_info) != STB_WEAK) {
3943 def = req1.sym_out;
3944 defobj = req1.defobj_out;
3945 if (ELF_ST_BIND(def->st_info) != STB_WEAK)
3946 break;
3947 }
3948 }
3949 }
3950 if (def != NULL) {
3951 req->sym_out = def;
3952 req->defobj_out = defobj;
3953 return (0);
3954 }
3955 return (ESRCH);
3956 }
3957
3958 /*
3959 * Search the chain of DAGS cointed to by the given Needed_Entry
3960 * for a symbol of the given name. Each DAG is scanned completely
3961 * before advancing to the next one. Returns a pointer to the symbol,
3962 * or NULL if no definition was found.
3963 */
3964 static int
3965 symlook_needed(SymLook *req, const Needed_Entry *needed, DoneList *dlp)
3966 {
3967 const Elf_Sym *def;
3968 const Needed_Entry *n;
3969 const Obj_Entry *defobj;
3970 SymLook req1;
3971 int res;
3972
3973 def = NULL;
3974 defobj = NULL;
3975 symlook_init_from_req(&req1, req);
3976 for (n = needed; n != NULL; n = n->next) {
3977 if (n->obj == NULL ||
3978 (res = symlook_list(&req1, &n->obj->dagmembers, dlp)) != 0)
3979 continue;
3980 if (def == NULL || ELF_ST_BIND(req1.sym_out->st_info) != STB_WEAK) {
3981 def = req1.sym_out;
3982 defobj = req1.defobj_out;
3983 if (ELF_ST_BIND(def->st_info) != STB_WEAK)
3984 break;
3985 }
3986 }
3987 if (def != NULL) {
3988 req->sym_out = def;
3989 req->defobj_out = defobj;
3990 return (0);
3991 }
3992 return (ESRCH);
3993 }
3994
3995 /*
3996 * Search the symbol table of a single shared object for a symbol of
3997 * the given name and version, if requested. Returns a pointer to the
3998 * symbol, or NULL if no definition was found. If the object is
3999 * filter, return filtered symbol from filtee.
4000 *
4001 * The symbol's hash value is passed in for efficiency reasons; that
4002 * eliminates many recomputations of the hash value.
4003 */
4004 int
4005 symlook_obj(SymLook *req, const Obj_Entry *obj)
4006 {
4007 DoneList donelist;
4008 SymLook req1;
4009 int flags, res, mres;
4010
4011 /*
4012 * If there is at least one valid hash at this point, we prefer to
4013 * use the faster GNU version if available.
4014 */
4015 if (obj->valid_hash_gnu)
4016 mres = symlook_obj1_gnu(req, obj);
4017 else if (obj->valid_hash_sysv)
4018 mres = symlook_obj1_sysv(req, obj);
4019 else
4020 return (EINVAL);
4021
4022 if (mres == 0) {
4023 if (obj->needed_filtees != NULL) {
4024 flags = (req->flags & SYMLOOK_EARLY) ? RTLD_LO_EARLY : 0;
4025 load_filtees(__DECONST(Obj_Entry *, obj), flags, req->lockstate);
4026 donelist_init(&donelist);
4027 symlook_init_from_req(&req1, req);
4028 res = symlook_needed(&req1, obj->needed_filtees, &donelist);
4029 if (res == 0) {
4030 req->sym_out = req1.sym_out;
4031 req->defobj_out = req1.defobj_out;
4032 }
4033 return (res);
4034 }
4035 if (obj->needed_aux_filtees != NULL) {
4036 flags = (req->flags & SYMLOOK_EARLY) ? RTLD_LO_EARLY : 0;
4037 load_filtees(__DECONST(Obj_Entry *, obj), flags, req->lockstate);
4038 donelist_init(&donelist);
4039 symlook_init_from_req(&req1, req);
4040 res = symlook_needed(&req1, obj->needed_aux_filtees, &donelist);
4041 if (res == 0) {
4042 req->sym_out = req1.sym_out;
4043 req->defobj_out = req1.defobj_out;
4044 return (res);
4045 }
4046 }
4047 }
4048 return (mres);
4049 }
4050
4051 /* Symbol match routine common to both hash functions */
4052 static bool
4053 matched_symbol(SymLook *req, const Obj_Entry *obj, Sym_Match_Result *result,
4054 const unsigned long symnum)
4055 {
4056 Elf_Versym verndx;
4057 const Elf_Sym *symp;
4058 const char *strp;
4059
4060 symp = obj->symtab + symnum;
4061 strp = obj->strtab + symp->st_name;
4062
4063 switch (ELF_ST_TYPE(symp->st_info)) {
4064 case STT_FUNC:
4065 case STT_NOTYPE:
4066 case STT_OBJECT:
4067 case STT_COMMON:
4068 case STT_GNU_IFUNC:
4069 if (symp->st_value == 0)
4070 return (false);
4071 /* fallthrough */
4072 case STT_TLS:
4073 if (symp->st_shndx != SHN_UNDEF)
4074 break;
4075 else if (((req->flags & SYMLOOK_IN_PLT) == 0) &&
4076 (ELF_ST_TYPE(symp->st_info) == STT_FUNC))
4077 break;
4078 /* fallthrough */
4079 default:
4080 return (false);
4081 }
4082 if (strcmp(req->name, strp) != 0)
4083 return (false);
4084
4085 if (req->ventry == NULL) {
4086 if (obj->versyms != NULL) {
4087 verndx = VER_NDX(obj->versyms[symnum]);
4088 if (verndx > obj->vernum) {
4089 _rtld_error(
4090 "%s: symbol %s references wrong version %d",
4091 obj->path, obj->strtab + symnum, verndx);
4092 return (false);
4093 }
4094 /*
4095 * If we are not called from dlsym (i.e. this
4096 * is a normal relocation from unversioned
4097 * binary), accept the symbol immediately if
4098 * it happens to have first version after this
4099 * shared object became versioned. Otherwise,
4100 * if symbol is versioned and not hidden,
4101 * remember it. If it is the only symbol with
4102 * this name exported by the shared object, it
4103 * will be returned as a match by the calling
4104 * function. If symbol is global (verndx < 2)
4105 * accept it unconditionally.
4106 */
4107 if ((req->flags & SYMLOOK_DLSYM) == 0 &&
4108 verndx == VER_NDX_GIVEN) {
4109 result->sym_out = symp;
4110 return (true);
4111 }
4112 else if (verndx >= VER_NDX_GIVEN) {
4113 if ((obj->versyms[symnum] & VER_NDX_HIDDEN)
4114 == 0) {
4115 if (result->vsymp == NULL)
4116 result->vsymp = symp;
4117 result->vcount++;
4118 }
4119 return (false);
4120 }
4121 }
4122 result->sym_out = symp;
4123 return (true);
4124 }
4125 if (obj->versyms == NULL) {
4126 if (object_match_name(obj, req->ventry->name)) {
4127 _rtld_error("%s: object %s should provide version %s "
4128 "for symbol %s", obj_rtld.path, obj->path,
4129 req->ventry->name, obj->strtab + symnum);
4130 return (false);
4131 }
4132 } else {
4133 verndx = VER_NDX(obj->versyms[symnum]);
4134 if (verndx > obj->vernum) {
4135 _rtld_error("%s: symbol %s references wrong version %d",
4136 obj->path, obj->strtab + symnum, verndx);
4137 return (false);
4138 }
4139 if (obj->vertab[verndx].hash != req->ventry->hash ||
4140 strcmp(obj->vertab[verndx].name, req->ventry->name)) {
4141 /*
4142 * Version does not match. Look if this is a
4143 * global symbol and if it is not hidden. If
4144 * global symbol (verndx < 2) is available,
4145 * use it. Do not return symbol if we are
4146 * called by dlvsym, because dlvsym looks for
4147 * a specific version and default one is not
4148 * what dlvsym wants.
4149 */
4150 if ((req->flags & SYMLOOK_DLSYM) ||
4151 (verndx >= VER_NDX_GIVEN) ||
4152 (obj->versyms[symnum] & VER_NDX_HIDDEN))
4153 return (false);
4154 }
4155 }
4156 result->sym_out = symp;
4157 return (true);
4158 }
4159
4160 /*
4161 * Search for symbol using SysV hash function.
4162 * obj->buckets is known not to be NULL at this point; the test for this was
4163 * performed with the obj->valid_hash_sysv assignment.
4164 */
4165 static int
4166 symlook_obj1_sysv(SymLook *req, const Obj_Entry *obj)
4167 {
4168 unsigned long symnum;
4169 Sym_Match_Result matchres;
4170
4171 matchres.sym_out = NULL;
4172 matchres.vsymp = NULL;
4173 matchres.vcount = 0;
4174
4175 for (symnum = obj->buckets[req->hash % obj->nbuckets];
4176 symnum != STN_UNDEF; symnum = obj->chains[symnum]) {
4177 if (symnum >= obj->nchains)
4178 return (ESRCH); /* Bad object */
4179
4180 if (matched_symbol(req, obj, &matchres, symnum)) {
4181 req->sym_out = matchres.sym_out;
4182 req->defobj_out = obj;
4183 return (0);
4184 }
4185 }
4186 if (matchres.vcount == 1) {
4187 req->sym_out = matchres.vsymp;
4188 req->defobj_out = obj;
4189 return (0);
4190 }
4191 return (ESRCH);
4192 }
4193
4194 /* Search for symbol using GNU hash function */
4195 static int
4196 symlook_obj1_gnu(SymLook *req, const Obj_Entry *obj)
4197 {
4198 Elf_Addr bloom_word;
4199 const Elf32_Word *hashval;
4200 Elf32_Word bucket;
4201 Sym_Match_Result matchres;
4202 unsigned int h1, h2;
4203 unsigned long symnum;
4204
4205 matchres.sym_out = NULL;
4206 matchres.vsymp = NULL;
4207 matchres.vcount = 0;
4208
4209 /* Pick right bitmask word from Bloom filter array */
4210 bloom_word = obj->bloom_gnu[(req->hash_gnu / __ELF_WORD_SIZE) &
4211 obj->maskwords_bm_gnu];
4212
4213 /* Calculate modulus word size of gnu hash and its derivative */
4214 h1 = req->hash_gnu & (__ELF_WORD_SIZE - 1);
4215 h2 = ((req->hash_gnu >> obj->shift2_gnu) & (__ELF_WORD_SIZE - 1));
4216
4217 /* Filter out the "definitely not in set" queries */
4218 if (((bloom_word >> h1) & (bloom_word >> h2) & 1) == 0)
4219 return (ESRCH);
4220
4221 /* Locate hash chain and corresponding value element*/
4222 bucket = obj->buckets_gnu[req->hash_gnu % obj->nbuckets_gnu];
4223 if (bucket == 0)
4224 return (ESRCH);
4225 hashval = &obj->chain_zero_gnu[bucket];
4226 do {
4227 if (((*hashval ^ req->hash_gnu) >> 1) == 0) {
4228 symnum = hashval - obj->chain_zero_gnu;
4229 if (matched_symbol(req, obj, &matchres, symnum)) {
4230 req->sym_out = matchres.sym_out;
4231 req->defobj_out = obj;
4232 return (0);
4233 }
4234 }
4235 } while ((*hashval++ & 1) == 0);
4236 if (matchres.vcount == 1) {
4237 req->sym_out = matchres.vsymp;
4238 req->defobj_out = obj;
4239 return (0);
4240 }
4241 return (ESRCH);
4242 }
4243
4244 static void
4245 trace_loaded_objects(Obj_Entry *obj)
4246 {
4247 const char *fmt1, *fmt2, *fmt, *main_local, *list_containers;
4248 int c;
4249
4250 if ((main_local = _getenv_ld("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL)
4251 main_local = "";
4252
4253 if ((fmt1 = _getenv_ld("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL)
4254 fmt1 = "\t%o => %p (%x)\n";
4255
4256 if ((fmt2 = _getenv_ld("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL)
4257 fmt2 = "\t%o (%x)\n";
4258
4259 list_containers = _getenv_ld("LD_TRACE_LOADED_OBJECTS_ALL");
4260
4261 for (; obj; obj = obj->next) {
4262 Needed_Entry *needed;
4263 char *name, *path;
4264 bool is_lib;
4265
4266 if (list_containers && obj->needed != NULL)
4267 rtld_printf("%s:\n", obj->path);
4268 for (needed = obj->needed; needed; needed = needed->next) {
4269 if (needed->obj != NULL) {
4270 if (needed->obj->traced && !list_containers)
4271 continue;
4272 needed->obj->traced = true;
4273 path = needed->obj->path;
4274 } else
4275 path = "not found";
4276
4277 name = (char *)obj->strtab + needed->name;
4278 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */
4279
4280 fmt = is_lib ? fmt1 : fmt2;
4281 while ((c = *fmt++) != '\0') {
4282 switch (c) {
4283 default:
4284 rtld_putchar(c);
4285 continue;
4286 case '\\':
4287 switch (c = *fmt) {
4288 case '\0':
4289 continue;
4290 case 'n':
4291 rtld_putchar('\n');
4292 break;
4293 case 't':
4294 rtld_putchar('\t');
4295 break;
4296 }
4297 break;
4298 case '%':
4299 switch (c = *fmt) {
4300 case '\0':
4301 continue;
4302 case '%':
4303 default:
4304 rtld_putchar(c);
4305 break;
4306 case 'A':
4307 rtld_putstr(main_local);
4308 break;
4309 case 'a':
4310 rtld_putstr(obj_main->path);
4311 break;
4312 case 'o':
4313 rtld_putstr(name);
4314 break;
4315 case 'p':
4316 rtld_putstr(path);
4317 break;
4318 case 'x':
4319 rtld_printf("%p", needed->obj ? needed->obj->mapbase :
4320 0);
4321 break;
4322 }
4323 break;
4324 }
4325 ++fmt;
4326 }
4327 }
4328 }
4329 }
4330
4331 /*
4332 * Unload a dlopened object and its dependencies from memory and from
4333 * our data structures. It is assumed that the DAG rooted in the
4334 * object has already been unreferenced, and that the object has a
4335 * reference count of 0.
4336 */
4337 static void
4338 unload_object(Obj_Entry *root)
4339 {
4340 Obj_Entry *obj;
4341 Obj_Entry **linkp;
4342
4343 assert(root->refcount == 0);
4344
4345 /*
4346 * Pass over the DAG removing unreferenced objects from
4347 * appropriate lists.
4348 */
4349 unlink_object(root);
4350
4351 /* Unmap all objects that are no longer referenced. */
4352 linkp = &obj_list->next;
4353 while ((obj = *linkp) != NULL) {
4354 if (obj->refcount == 0) {
4355 LD_UTRACE(UTRACE_UNLOAD_OBJECT, obj, obj->mapbase, obj->mapsize, 0,
4356 obj->path);
4357 dbg("unloading \"%s\"", obj->path);
4358 unload_filtees(root);
4359 munmap(obj->mapbase, obj->mapsize);
4360 linkmap_delete(obj);
4361 *linkp = obj->next;
4362 obj_count--;
4363 obj_free(obj);
4364 } else
4365 linkp = &obj->next;
4366 }
4367 obj_tail = linkp;
4368 }
4369
4370 static void
4371 unlink_object(Obj_Entry *root)
4372 {
4373 Objlist_Entry *elm;
4374
4375 if (root->refcount == 0) {
4376 /* Remove the object from the RTLD_GLOBAL list. */
4377 objlist_remove(&list_global, root);
4378
4379 /* Remove the object from all objects' DAG lists. */
4380 STAILQ_FOREACH(elm, &root->dagmembers, link) {
4381 objlist_remove(&elm->obj->dldags, root);
4382 if (elm->obj != root)
4383 unlink_object(elm->obj);
4384 }
4385 }
4386 }
4387
4388 static void
4389 ref_dag(Obj_Entry *root)
4390 {
4391 Objlist_Entry *elm;
4392
4393 assert(root->dag_inited);
4394 STAILQ_FOREACH(elm, &root->dagmembers, link)
4395 elm->obj->refcount++;
4396 }
4397
4398 static void
4399 unref_dag(Obj_Entry *root)
4400 {
4401 Objlist_Entry *elm;
4402
4403 assert(root->dag_inited);
4404 STAILQ_FOREACH(elm, &root->dagmembers, link)
4405 elm->obj->refcount--;
4406 }
4407
4408 /*
4409 * Common code for MD __tls_get_addr().
4410 */
4411 void *
4412 tls_get_addr_common(Elf_Addr** dtvp, int index, size_t offset)
4413 {
4414 Elf_Addr* dtv = *dtvp;
4415 RtldLockState lockstate;
4416
4417 /* Check dtv generation in case new modules have arrived */
4418 if (dtv[0] != tls_dtv_generation) {
4419 Elf_Addr* newdtv;
4420 int to_copy;
4421
4422 wlock_acquire(rtld_bind_lock, &lockstate);
4423 newdtv = xcalloc(tls_max_index + 2, sizeof(Elf_Addr));
4424 to_copy = dtv[1];
4425 if (to_copy > tls_max_index)
4426 to_copy = tls_max_index;
4427 memcpy(&newdtv[2], &dtv[2], to_copy * sizeof(Elf_Addr));
4428 newdtv[0] = tls_dtv_generation;
4429 newdtv[1] = tls_max_index;
4430 free(dtv);
4431 lock_release(rtld_bind_lock, &lockstate);
4432 dtv = *dtvp = newdtv;
4433 }
4434
4435 /* Dynamically allocate module TLS if necessary */
4436 if (!dtv[index + 1]) {
4437 /* Signal safe, wlock will block out signals. */
4438 wlock_acquire(rtld_bind_lock, &lockstate);
4439 if (!dtv[index + 1])
4440 dtv[index + 1] = (Elf_Addr)allocate_module_tls(index);
4441 lock_release(rtld_bind_lock, &lockstate);
4442 }
4443 return ((void *)(dtv[index + 1] + offset));
4444 }
4445
4446 #if defined(RTLD_STATIC_TLS_VARIANT_II)
4447
4448 /*
4449 * Allocate the static TLS area. Return a pointer to the TCB. The
4450 * static area is based on negative offsets relative to the tcb.
4451 *
4452 * The TCB contains an errno pointer for the system call layer, but because
4453 * we are the RTLD we really have no idea how the caller was compiled so
4454 * the information has to be passed in. errno can either be:
4455 *
4456 * type 0 errno is a simple non-TLS global pointer.
4457 * (special case for e.g. libc_rtld)
4458 * type 1 errno accessed by GOT entry (dynamically linked programs)
4459 * type 2 errno accessed by %gs:OFFSET (statically linked programs)
4460 */
4461 struct tls_tcb *
4462 allocate_tls(Obj_Entry *objs)
4463 {
4464 Obj_Entry *obj;
4465 size_t data_size;
4466 size_t dtv_size;
4467 struct tls_tcb *tcb;
4468 Elf_Addr *dtv;
4469 Elf_Addr addr;
4470
4471 /*
4472 * Allocate the new TCB. static TLS storage is placed just before the
4473 * TCB to support the %gs:OFFSET (negative offset) model.
4474 */
4475 data_size = (tls_static_space + RTLD_STATIC_TLS_ALIGN_MASK) &
4476 ~RTLD_STATIC_TLS_ALIGN_MASK;
4477 tcb = malloc(data_size + sizeof(*tcb));
4478 tcb = (void *)((char *)tcb + data_size); /* actual tcb location */
4479
4480 dtv_size = (tls_max_index + 2) * sizeof(Elf_Addr);
4481 dtv = malloc(dtv_size);
4482 bzero(dtv, dtv_size);
4483
4484 #ifdef RTLD_TCB_HAS_SELF_POINTER
4485 tcb->tcb_self = tcb;
4486 #endif
4487 tcb->tcb_dtv = dtv;
4488 tcb->tcb_pthread = NULL;
4489
4490 dtv[0] = tls_dtv_generation;
4491 dtv[1] = tls_max_index;
4492
4493 for (obj = objs; obj; obj = obj->next) {
4494 if (obj->tlsoffset) {
4495 addr = (Elf_Addr)tcb - obj->tlsoffset;
4496 memset((void *)(addr + obj->tlsinitsize),
4497 0, obj->tlssize - obj->tlsinitsize);
4498 if (obj->tlsinit) {
4499 memcpy((void*) addr, obj->tlsinit, obj->tlsinitsize);
4500 obj->static_tls_copied = true;
4501 }
4502 dtv[obj->tlsindex + 1] = addr;
4503 }
4504 }
4505 return(tcb);
4506 }
4507
4508 void
4509 free_tls(struct tls_tcb *tcb)
4510 {
4511 Elf_Addr *dtv;
4512 int dtv_size, i;
4513 Elf_Addr tls_start, tls_end;
4514 size_t data_size;
4515
4516 data_size = (tls_static_space + RTLD_STATIC_TLS_ALIGN_MASK) &
4517 ~RTLD_STATIC_TLS_ALIGN_MASK;
4518
4519 dtv = tcb->tcb_dtv;
4520 dtv_size = dtv[1];
4521 tls_end = (Elf_Addr)tcb;
4522 tls_start = (Elf_Addr)tcb - data_size;
4523 for (i = 0; i < dtv_size; i++) {
4524 if (dtv[i+2] != 0 && (dtv[i+2] < tls_start || dtv[i+2] > tls_end)) {
4525 free((void *)dtv[i+2]);
4526 }
4527 }
4528 free(dtv);
4529
4530 free((void*) tls_start);
4531 }
4532
4533 #else
4534 #error "Unsupported TLS layout"
4535 #endif
4536
4537 /*
4538 * Allocate TLS block for module with given index.
4539 */
4540 void *
4541 allocate_module_tls(int index)
4542 {
4543 Obj_Entry* obj;
4544 char* p;
4545
4546 for (obj = obj_list; obj; obj = obj->next) {
4547 if (obj->tlsindex == index)
4548 break;
4549 }
4550 if (!obj) {
4551 _rtld_error("Can't find module with TLS index %d", index);
4552 die();
4553 }
4554
4555 p = malloc(obj->tlssize);
4556 if (p == NULL) {
4557 _rtld_error("Cannot allocate TLS block for index %d", index);
4558 die();
4559 }
4560 memcpy(p, obj->tlsinit, obj->tlsinitsize);
4561 memset(p + obj->tlsinitsize, 0, obj->tlssize - obj->tlsinitsize);
4562
4563 return p;
4564 }
4565
4566 bool
4567 allocate_tls_offset(Obj_Entry *obj)
4568 {
4569 size_t off;
4570
4571 if (obj->tls_done)
4572 return true;
4573
4574 if (obj->tlssize == 0) {
4575 obj->tls_done = true;
4576 return true;
4577 }
4578
4579 if (obj->tlsindex == 1)
4580 off = calculate_first_tls_offset(obj->tlssize, obj->tlsalign);
4581 else
4582 off = calculate_tls_offset(tls_last_offset, tls_last_size,
4583 obj->tlssize, obj->tlsalign);
4584
4585 /*
4586 * If we have already fixed the size of the static TLS block, we
4587 * must stay within that size. When allocating the static TLS, we
4588 * leave a small amount of space spare to be used for dynamically
4589 * loading modules which use static TLS.
4590 */
4591 if (tls_static_space) {
4592 if (calculate_tls_end(off, obj->tlssize) > tls_static_space)
4593 return false;
4594 }
4595
4596 tls_last_offset = obj->tlsoffset = off;
4597 tls_last_size = obj->tlssize;
4598 obj->tls_done = true;
4599
4600 return true;
4601 }
4602
4603 void
4604 free_tls_offset(Obj_Entry *obj)
4605 {
4606 #ifdef RTLD_STATIC_TLS_VARIANT_II
4607 /*
4608 * If we were the last thing to allocate out of the static TLS
4609 * block, we give our space back to the 'allocator'. This is a
4610 * simplistic workaround to allow libGL.so.1 to be loaded and
4611 * unloaded multiple times. We only handle the Variant II
4612 * mechanism for now - this really needs a proper allocator.
4613 */
4614 if (calculate_tls_end(obj->tlsoffset, obj->tlssize)
4615 == calculate_tls_end(tls_last_offset, tls_last_size)) {
4616 tls_last_offset -= obj->tlssize;
4617 tls_last_size = 0;
4618 }
4619 #endif
4620 }
4621
4622 struct tls_tcb *
4623 _rtld_allocate_tls(void)
4624 {
4625 struct tls_tcb *new_tcb;
4626 RtldLockState lockstate;
4627
4628 wlock_acquire(rtld_bind_lock, &lockstate);
4629 new_tcb = allocate_tls(obj_list);
4630 lock_release(rtld_bind_lock, &lockstate);
4631
4632 return (new_tcb);
4633 }
4634
4635 void
4636 _rtld_free_tls(struct tls_tcb *tcb)
4637 {
4638 RtldLockState lockstate;
4639
4640 wlock_acquire(rtld_bind_lock, &lockstate);
4641 free_tls(tcb);
4642 lock_release(rtld_bind_lock, &lockstate);
4643 }
4644
4645 static void
4646 object_add_name(Obj_Entry *obj, const char *name)
4647 {
4648 Name_Entry *entry;
4649 size_t len;
4650
4651 len = strlen(name);
4652 entry = malloc(sizeof(Name_Entry) + len);
4653
4654 if (entry != NULL) {
4655 strcpy(entry->name, name);
4656 STAILQ_INSERT_TAIL(&obj->names, entry, link);
4657 }
4658 }
4659
4660 static int
4661 object_match_name(const Obj_Entry *obj, const char *name)
4662 {
4663 Name_Entry *entry;
4664
4665 STAILQ_FOREACH(entry, &obj->names, link) {
4666 if (strcmp(name, entry->name) == 0)
4667 return (1);
4668 }
4669 return (0);
4670 }
4671
4672 static Obj_Entry *
4673 locate_dependency(const Obj_Entry *obj, const char *name)
4674 {
4675 const Objlist_Entry *entry;
4676 const Needed_Entry *needed;
4677
4678 STAILQ_FOREACH(entry, &list_main, link) {
4679 if (object_match_name(entry->obj, name))
4680 return entry->obj;
4681 }
4682
4683 for (needed = obj->needed; needed != NULL; needed = needed->next) {
4684 if (strcmp(obj->strtab + needed->name, name) == 0 ||
4685 (needed->obj != NULL && object_match_name(needed->obj, name))) {
4686 /*
4687 * If there is DT_NEEDED for the name we are looking for,
4688 * we are all set. Note that object might not be found if
4689 * dependency was not loaded yet, so the function can
4690 * return NULL here. This is expected and handled
4691 * properly by the caller.
4692 */
4693 return (needed->obj);
4694 }
4695 }
4696 _rtld_error("%s: Unexpected inconsistency: dependency %s not found",
4697 obj->path, name);
4698 die();
4699 }
4700
4701 static int
4702 check_object_provided_version(Obj_Entry *refobj, const Obj_Entry *depobj,
4703 const Elf_Vernaux *vna)
4704 {
4705 const Elf_Verdef *vd;
4706 const char *vername;
4707
4708 vername = refobj->strtab + vna->vna_name;
4709 vd = depobj->verdef;
4710 if (vd == NULL) {
4711 _rtld_error("%s: version %s required by %s not defined",
4712 depobj->path, vername, refobj->path);
4713 return (-1);
4714 }
4715 for (;;) {
4716 if (vd->vd_version != VER_DEF_CURRENT) {
4717 _rtld_error("%s: Unsupported version %d of Elf_Verdef entry",
4718 depobj->path, vd->vd_version);
4719 return (-1);
4720 }
4721 if (vna->vna_hash == vd->vd_hash) {
4722 const Elf_Verdaux *aux = (const Elf_Verdaux *)
4723 ((char *)vd + vd->vd_aux);
4724 if (strcmp(vername, depobj->strtab + aux->vda_name) == 0)
4725 return (0);
4726 }
4727 if (vd->vd_next == 0)
4728 break;
4729 vd = (const Elf_Verdef *) ((char *)vd + vd->vd_next);
4730 }
4731 if (vna->vna_flags & VER_FLG_WEAK)
4732 return (0);
4733 _rtld_error("%s: version %s required by %s not found",
4734 depobj->path, vername, refobj->path);
4735 return (-1);
4736 }
4737
4738 static int
4739 rtld_verify_object_versions(Obj_Entry *obj)
4740 {
4741 const Elf_Verneed *vn;
4742 const Elf_Verdef *vd;
4743 const Elf_Verdaux *vda;
4744 const Elf_Vernaux *vna;
4745 const Obj_Entry *depobj;
4746 int maxvernum, vernum;
4747
4748 if (obj->ver_checked)
4749 return (0);
4750 obj->ver_checked = true;
4751
4752 maxvernum = 0;
4753 /*
4754 * Walk over defined and required version records and figure out
4755 * max index used by any of them. Do very basic sanity checking
4756 * while there.
4757 */
4758 vn = obj->verneed;
4759 while (vn != NULL) {
4760 if (vn->vn_version != VER_NEED_CURRENT) {
4761 _rtld_error("%s: Unsupported version %d of Elf_Verneed entry",
4762 obj->path, vn->vn_version);
4763 return (-1);
4764 }
4765 vna = (const Elf_Vernaux *) ((char *)vn + vn->vn_aux);
4766 for (;;) {
4767 vernum = VER_NEED_IDX(vna->vna_other);
4768 if (vernum > maxvernum)
4769 maxvernum = vernum;
4770 if (vna->vna_next == 0)
4771 break;
4772 vna = (const Elf_Vernaux *) ((char *)vna + vna->vna_next);
4773 }
4774 if (vn->vn_next == 0)
4775 break;
4776 vn = (const Elf_Verneed *) ((char *)vn + vn->vn_next);
4777 }
4778
4779 vd = obj->verdef;
4780 while (vd != NULL) {
4781 if (vd->vd_version != VER_DEF_CURRENT) {
4782 _rtld_error("%s: Unsupported version %d of Elf_Verdef entry",
4783 obj->path, vd->vd_version);
4784 return (-1);
4785 }
4786 vernum = VER_DEF_IDX(vd->vd_ndx);
4787 if (vernum > maxvernum)
4788 maxvernum = vernum;
4789 if (vd->vd_next == 0)
4790 break;
4791 vd = (const Elf_Verdef *) ((char *)vd + vd->vd_next);
4792 }
4793
4794 if (maxvernum == 0)
4795 return (0);
4796
4797 /*
4798 * Store version information in array indexable by version index.
4799 * Verify that object version requirements are satisfied along the
4800 * way.
4801 */
4802 obj->vernum = maxvernum + 1;
4803 obj->vertab = xcalloc(obj->vernum, sizeof(Ver_Entry));
4804
4805 vd = obj->verdef;
4806 while (vd != NULL) {
4807 if ((vd->vd_flags & VER_FLG_BASE) == 0) {
4808 vernum = VER_DEF_IDX(vd->vd_ndx);
4809 assert(vernum <= maxvernum);
4810 vda = (const Elf_Verdaux *)((char *)vd + vd->vd_aux);
4811 obj->vertab[vernum].hash = vd->vd_hash;
4812 obj->vertab[vernum].name = obj->strtab + vda->vda_name;
4813 obj->vertab[vernum].file = NULL;
4814 obj->vertab[vernum].flags = 0;
4815 }
4816 if (vd->vd_next == 0)
4817 break;
4818 vd = (const Elf_Verdef *) ((char *)vd + vd->vd_next);
4819 }
4820
4821 vn = obj->verneed;
4822 while (vn != NULL) {
4823 depobj = locate_dependency(obj, obj->strtab + vn->vn_file);
4824 if (depobj == NULL)
4825 return (-1);
4826 vna = (const Elf_Vernaux *) ((char *)vn + vn->vn_aux);
4827 for (;;) {
4828 if (check_object_provided_version(obj, depobj, vna))
4829 return (-1);
4830 vernum = VER_NEED_IDX(vna->vna_other);
4831 assert(vernum <= maxvernum);
4832 obj->vertab[vernum].hash = vna->vna_hash;
4833 obj->vertab[vernum].name = obj->strtab + vna->vna_name;
4834 obj->vertab[vernum].file = obj->strtab + vn->vn_file;
4835 obj->vertab[vernum].flags = (vna->vna_other & VER_NEED_HIDDEN) ?
4836 VER_INFO_HIDDEN : 0;
4837 if (vna->vna_next == 0)
4838 break;
4839 vna = (const Elf_Vernaux *) ((char *)vna + vna->vna_next);
4840 }
4841 if (vn->vn_next == 0)
4842 break;
4843 vn = (const Elf_Verneed *) ((char *)vn + vn->vn_next);
4844 }
4845 return 0;
4846 }
4847
4848 static int
4849 rtld_verify_versions(const Objlist *objlist)
4850 {
4851 Objlist_Entry *entry;
4852 int rc;
4853
4854 rc = 0;
4855 STAILQ_FOREACH(entry, objlist, link) {
4856 /*
4857 * Skip dummy objects or objects that have their version requirements
4858 * already checked.
4859 */
4860 if (entry->obj->strtab == NULL || entry->obj->vertab != NULL)
4861 continue;
4862 if (rtld_verify_object_versions(entry->obj) == -1) {
4863 rc = -1;
4864 if (ld_tracing == NULL)
4865 break;
4866 }
4867 }
4868 if (rc == 0 || ld_tracing != NULL)
4869 rc = rtld_verify_object_versions(&obj_rtld);
4870 return rc;
4871 }
4872
4873 const Ver_Entry *
4874 fetch_ventry(const Obj_Entry *obj, unsigned long symnum)
4875 {
4876 Elf_Versym vernum;
4877
4878 if (obj->vertab) {
4879 vernum = VER_NDX(obj->versyms[symnum]);
4880 if (vernum >= obj->vernum) {
4881 _rtld_error("%s: symbol %s has wrong verneed value %d",
4882 obj->path, obj->strtab + symnum, vernum);
4883 } else if (obj->vertab[vernum].hash != 0) {
4884 return &obj->vertab[vernum];
4885 }
4886 }
4887 return NULL;
4888 }
4889
4890 int
4891 _rtld_get_stack_prot(void)
4892 {
4893
4894 return (stack_prot);
4895 }
4896
4897 static void
4898 map_stacks_exec(RtldLockState *lockstate)
4899 {
4900 return;
4901 /*
4902 * Stack protection must be implemented in the kernel before the dynamic
4903 * linker can handle PT_GNU_STACK sections.
4904 * The following is the FreeBSD implementation of map_stacks_exec()
4905 * void (*thr_map_stacks_exec)(void);
4906 *
4907 * if ((max_stack_flags & PF_X) == 0 || (stack_prot & PROT_EXEC) != 0)
4908 * return;
4909 * thr_map_stacks_exec = (void (*)(void))(uintptr_t)
4910 * get_program_var_addr("__pthread_map_stacks_exec", lockstate);
4911 * if (thr_map_stacks_exec != NULL) {
4912 * stack_prot |= PROT_EXEC;
4913 * thr_map_stacks_exec();
4914 * }
4915 */
4916 }
4917
4918 /*
4919 * Only called after all primary shared libraries are loaded (EARLY is
4920 * not set). Resolves the static TLS distribution function at first-call.
4921 * This is typically a weak libc symbol that is overrideen by the threading
4922 * library.
4923 */
4924 static void
4925 distribute_static_tls(Objlist *list, RtldLockState *lockstate)
4926 {
4927 Objlist_Entry *elm;
4928 Obj_Entry *obj;
4929 static void (*dtlsfunc)(size_t, void *, size_t, size_t);
4930
4931 /*
4932 * First time, resolve "_pthread_distribute_static_tls".
4933 */
4934 if (dtlsfunc == NULL) {
4935 dtlsfunc = (void *)dlfunc(RTLD_ALL,
4936 "_pthread_distribute_static_tls");
4937 if (dtlsfunc == NULL)
4938 return;
4939 }
4940
4941 /*
4942 * Initialize static TLS data for the object list using the callback
4943 * function (to either libc or pthreads).
4944 */
4945 STAILQ_FOREACH(elm, list, link) {
4946 obj = elm->obj;
4947 if (/*obj->marker ||*/ !obj->tls_done || obj->static_tls_copied)
4948 continue;
4949 dtlsfunc(obj->tlsoffset, obj->tlsinit,
4950 obj->tlsinitsize, obj->tlssize);
4951 obj->static_tls_copied = true;
4952 }
4953 }
4954
4955 void
4956 symlook_init(SymLook *dst, const char *name)
4957 {
4958
4959 bzero(dst, sizeof(*dst));
4960 dst->name = name;
4961 dst->hash = elf_hash(name);
4962 dst->hash_gnu = gnu_hash(name);
4963 }
4964
4965 static void
4966 symlook_init_from_req(SymLook *dst, const SymLook *src)
4967 {
4968
4969 dst->name = src->name;
4970 dst->hash = src->hash;
4971 dst->hash_gnu = src->hash_gnu;
4972 dst->ventry = src->ventry;
4973 dst->flags = src->flags;
4974 dst->defobj_out = NULL;
4975 dst->sym_out = NULL;
4976 dst->lockstate = src->lockstate;
4977 }
4978
4979
4980 /*
4981 * Parse a file descriptor number without pulling in more of libc (e.g. atoi).
4982 */
4983 static int
4984 parse_libdir(const char *str)
4985 {
4986 static const int RADIX = 10; /* XXXJA: possibly support hex? */
4987 const char *orig;
4988 int fd;
4989 char c;
4990
4991 orig = str;
4992 fd = 0;
4993 for (c = *str; c != '\0'; c = *++str) {
4994 if (c < '0' || c > '9')
4995 return (-1);
4996
4997 fd *= RADIX;
4998 fd += c - '0';
4999 }
5000
5001 /* Make sure we actually parsed something. */
5002 if (str == orig) {
5003 _rtld_error("failed to parse directory FD from '%s'", str);
5004 return (-1);
5005 }
5006 return (fd);
5007 }
5008
5009 #ifdef ENABLE_OSRELDATE
5010 /*
5011 * Overrides for libc_pic-provided functions.
5012 */
5013
5014 int
5015 __getosreldate(void)
5016 {
5017 size_t len;
5018 int oid[2];
5019 int error, osrel;
5020
5021 if (osreldate != 0)
5022 return (osreldate);
5023
5024 oid[0] = CTL_KERN;
5025 oid[1] = KERN_OSRELDATE;
5026 osrel = 0;
5027 len = sizeof(osrel);
5028 error = sysctl(oid, 2, &osrel, &len, NULL, 0);
5029 if (error == 0 && osrel > 0 && len == sizeof(osrel))
5030 osreldate = osrel;
5031 return (osreldate);
5032 }
5033 #endif
5034
5035 /*
5036 * Ask the kernel for the extra tls space to allocate after calculating
5037 * base tls requirements in rtld-elf. 5.9 or later.
5038 */
5039 static int
5040 __getstatictlsextra(void)
5041 {
5042 size_t len;
5043 int oid[2];
5044 int error;
5045 int tls_extra;
5046
5047 oid[0] = CTL_KERN;
5048 oid[1] = KERN_STATIC_TLS_EXTRA;
5049 len = sizeof(tls_extra);
5050 error = sysctl(oid, 2, &tls_extra, &len, NULL, 0);
5051 if (error || len != sizeof(tls_extra))
5052 tls_extra = RTLD_STATIC_TLS_EXTRA_DEFAULT;
5053 if (tls_extra < RTLD_STATIC_TLS_EXTRA_MIN)
5054 tls_extra = RTLD_STATIC_TLS_EXTRA_MIN;
5055 if (tls_extra > RTLD_STATIC_TLS_EXTRA_MAX)
5056 tls_extra = RTLD_STATIC_TLS_EXTRA_MAX;
5057 return tls_extra;
5058 }
5059
5060 /*
5061 * No unresolved symbols for rtld.
5062 */
5063 void
5064 __pthread_cxa_finalize(struct dl_phdr_info *a)
5065 {
5066 }
5067
5068 const char *
5069 rtld_strerror(int errnum)
5070 {
5071
5072 if (errnum < 0 || errnum >= sys_nerr)
5073 return ("Unknown error");
5074 return (sys_errlist[errnum]);
5075 }
DragonFly BSD