| blob | 7fe28efbddb210640144afa9cacf21e75b1547e7 |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include <string>
6 #include <cstring>
7 #include <cstdlib>
8 #include <cstdio>
9 #include <dlfcn.h>
10 #include <unistd.h>
11 #include <algorithm>
12 #include <fcntl.h>
17 #include <inttypes.h>
19 #if defined(ANDROID)
20 #include <sys/syscall.h>
22 #include <android/api-level.h>
23 #if __ANDROID_API__ < 8
24 /* Android API < 8 doesn't provide sigaltstack */
30 }
36 #ifdef __ARM_EABI__
39 #endif
43 /**
44 * dlfcn.h replacements functions
45 */
49 {
54 }
58 {
62 }
66 {
70 }
74 }
76 }
78 int
80 {
84 }
87 }
89 int
91 {
97 }
99 int
101 {
107 dl_phdr_info info;
113 // Assuming l_addr points to Elf headers (in most cases, this is true),
114 // get the Phdr location from there.
116 // If the page is not mapped, mincore returns an error.
123 }
124 }
129 }
131 }
133 #ifdef __ARM_EABI__
136 {
144 }
145 #endif
147 /**
148 * faulty.lib public API
149 */
151 MFBT_API size_t
156 }
160 {
164 offset);
165 }
167 MFBT_API void
169 {
173 }
175 MFBT_API bool
177 {
179 }
183 /**
184 * Returns the part after the last '/' for the given path
185 */
188 {
193 }
197 /**
198 * LibHandle
199 */
201 {
203 }
207 {
209 }
211 size_t
213 {
219 }
223 {
230 /* Ensure the availability of all pages within the mapping */
233 }
234 }
236 }
238 void
240 {
243 }
245 /**
246 * SystemElf
247 */
250 {
251 /* The Android linker returns a handle when the file name matches an
252 * already loaded library, even when the full path doesn't exist */
256 }
265 }
267 }
270 {
277 }
281 {
286 }
288 Mappable *
290 {
294 #ifdef ANDROID
295 /* On Android, if we don't have the full path, try in /system/lib */
302 }
303 #endif
306 }
308 #ifdef __ARM_EABI__
311 {
312 /* TODO: properly implement when ElfLoader::GetHandleByPtr
313 does return SystemElf handles */
316 }
317 #endif
319 /**
320 * ElfLoader
321 */
323 /* Unique ElfLoader instance */
328 {
329 /* Ensure logging is initialized or refresh if environment changed. */
334 /* Handle dlopen(nullptr) directly. */
338 }
340 /* TODO: Handle relative paths correctly */
343 /* Search the list of handles we already have for a match. When the given
344 * path is not absolute, compare file names, otherwise compare full paths. */
353 }
358 /* When the path is not absolute and the library is being loaded for
359 * another, first try to load the library from the directory containing
360 * that parent library. */
368 }
372 /* Try loading with the custom linker if we have a Mappable */
376 /* Try loading with the system linker if everything above failed */
380 /* If we didn't have an absolute path and haven't been able to load
381 * a library yet, try in the system search path */
391 }
395 {
396 /* Scan the list of handles we already have for a match */
400 }
402 }
404 Mappable *
406 {
417 /* When the MOZ_LINKER_EXTRACT environment variable is set to "1",
418 * compressed libraries are going to be (temporarily) extracted as
419 * files, in the directory pointed by the MOZ_LINKER_CACHE
420 * environment variable. */
429 }
430 }
431 }
432 }
433 /* If we couldn't load above, try with a MappableFile */
438 }
440 void
442 {
446 }
448 void
450 {
451 /* Ensure logging is initialized or refresh if environment changed. */
464 }
465 }
468 {
469 LibHandleList list;
470 /* Build up a list of all library handles with direct (external) references.
471 * We actually skip system library handles because we want to keep at least
472 * some of these open. Most notably, Mozilla codebase keeps a few libgnome
473 * libraries deliberately open because of the mess that libORBit destruction
474 * is. dlclose()ing these libraries actually leads to problems. */
482 }
483 }
484 }
485 /* Force release all external references to the handles collected above */
488 }
489 /* Remove the remaining system handles. */
502 /* Not removing, since it could have references to other libraries,
503 * destroying them as a side effect, and possibly leaving dangling
504 * pointers in the handle list we're scanning */
505 }
506 }
507 }
508 }
510 void
512 {
517 }
519 #ifdef __ARM_EABI__
520 int
523 {
527 }
528 #else
529 int
532 {
536 }
537 #endif
539 void
541 {
542 /* Call all destructors for the given DSO handle in reverse order they were
543 * registered. */
549 }
550 }
551 }
553 void
555 {
561 }
562 }
565 {
566 /* Find ELF auxiliary vectors.
567 *
568 * The kernel stores the following data on the stack when starting a
569 * program:
570 * argc
571 * argv[0] (pointer into argv strings defined below)
572 * argv[1] (likewise)
573 * ...
574 * argv[argc - 1] (likewise)
575 * nullptr
576 * envp[0] (pointer into environment strings defined below)
577 * envp[1] (likewise)
578 * ...
579 * envp[n] (likewise)
580 * nullptr
581 * ... (more NULLs on some platforms such as Android 4.3)
582 * auxv[0] (first ELF auxiliary vector)
583 * auxv[1] (second ELF auxiliary vector)
584 * ...
585 * auxv[p] (last ELF auxiliary vector)
586 * (AT_NULL, nullptr)
587 * padding
588 * argv strings, separated with '\0'
589 * environment strings, separated with '\0'
590 * nullptr
591 *
592 * What we are after are the auxv values defined by the following struct.
593 */
597 };
599 /* Pointer to the environment variables list */
602 /* The environment may have changed since the program started, in which
603 * case the environ variables list isn't the list the kernel put on stack
604 * anymore. But in this new list, variables that didn't change still point
605 * to the strings the kernel put on stack. It is quite unlikely that two
606 * modified environment variables point to two consecutive strings in memory,
607 * so we assume that if two consecutive environment variables point to two
608 * consecutive strings, we found strings the kernel put on stack. */
616 /* Next, we scan the stack backwards to find a pointer to one of those
617 * strings we found above, which will give us the location of the original
618 * envp list. As we are looking for pointers, we need to look at 32-bits or
619 * 64-bits aligned values, depening on the architecture. */
623 scan--;
625 /* Finally, scan forward to find the last environment variable pointer and
626 * thus the first auxiliary vector. */
629 /* Some platforms have more NULLs here, so skip them if we encounter them */
631 scan++;
635 /* The two values of interest in the auxiliary vectors are AT_PHDR and
636 * AT_PHNUM, which gives us the the location and size of the ELF program
637 * headers. */
643 /* Assume the base address is the first byte of the same page */
645 }
648 auxv++;
649 }
654 }
656 /* In some cases, the address for the program headers we get from the
657 * auxiliary vectors is not mapped, because of the PT_LOAD segments
658 * definitions in the program executable. Trying to map anonymous memory
659 * with a hint giving the base address will return a different address
660 * if something is mapped there, and the base address otherwise. */
664 /* If program headers aren't mapped, try to map them */
669 }
672 /* If we don't manage to map at the right address, just give up. */
676 }
677 }
678 /* Sanity check: the first bytes at the base address should be an ELF
679 * header. */
683 }
685 /* Search for the program PT_DYNAMIC segment */
689 /* While the program headers are expected within the first mapped page of
690 * the program executable, the executable PT_LOADs may actually make them
691 * loaded at an address that is not the wanted base address of the
692 * library. We thus need to adjust the base address, compensating for the
693 * virtual address of the PT_LOAD segment corresponding to offset 0. */
698 }
702 }
704 /* Search for the DT_DEBUG information */
709 }
710 }
712 }
714 /**
715 * Helper class to ensure the given pointer is writable within the scope of
716 * an instance. Permissions to the memory page where the pointer lies are
717 * restored to their original value when the instance is destroyed.
718 */
719 class EnsureWritable
720 {
724 {
744 }
747 {
750 }
751 }
755 {
756 /* The interesting part of the /proc/self/maps format looks like:
757 * startAddr-endAddr rwxp */
781 }
783 }
788 };
790 /**
791 * The system linker maintains a doubly linked list of library it loads
792 * for use by the debugger. Unfortunately, it also uses the list pointers
793 * in a lot of operations and adding our data in the list is likely to
794 * trigger crashes when the linker tries to use data we don't provide or
795 * that fall off the amount data we allocated. Fortunately, the linker only
796 * traverses the list forward and accesses the head of the list from a
797 * private pointer instead of using the value in the r_debug structure.
798 * This means we can safely add members at the beginning of the list.
799 * Unfortunately, gdb checks the coherency of l_prev values, so we have
800 * to adjust the l_prev value for the first element the system linker
801 * knows about. Fortunately, it doesn't use l_prev, and the first element
802 * is not ever going to be released before our elements, since it is the
803 * program executable, so the system linker should not be changing
804 * r_debug::r_map.
805 */
806 void
808 {
817 /* When adding a library for the first time, r_map points to data
818 * handled by the system linker, and that data may be read-only */
826 }
828 void
830 {
837 else
841 /* When removing the first added library, its l_next is going to be
842 * data handled by the system linker, and that data may be read-only */
849 }
851 #if defined(ANDROID)
852 /* As some system libraries may be calling signal() or sigaction() to
853 * set a SIGSEGV handler, effectively breaking MappableSeekableZStream,
854 * or worse, restore our SIGSEGV handler with wrong flags (which using
855 * signal() will do), we want to hook into the system's sigaction() to
856 * replace it with our own wrapper instead, so that our handler is never
857 * replaced. We used to only do that with libraries this linker loads,
858 * but it turns out at least one system library does call signal() and
859 * breaks us (libsc-a3xx.so on the Samsung Galaxy S4).
860 * As libc's signal (bsd_signal/sysv_signal, really) calls sigaction
861 * under the hood, instead of calling the signal system call directly,
862 * we only need to hook sigaction. This is true for both bionic and
863 * glibc.
864 */
866 /* libc's sigaction */
871 /* Simple reimplementation of sigaction. This is roughly equivalent
872 * to the assembly that comes in bionic, but not quite equivalent to
873 * glibc's implementation, so we only use this on Android. */
874 int
877 {
879 }
881 /* Replace the first instructions of the given function with a jump
882 * to the given new function. */
884 static bool
886 {
890 #if defined(__i386__)
891 // A 32-bit jump is a 5 bytes instruction.
897 #elif defined(__arm__)
899 // .thumb
903 // .arm
905 // .word <new_func>
906 };
909 /* Function is thumb, the actual address of the code is without the
910 * least significant bit. */
911 addr--;
912 /* The arm part of the trampoline needs to be 32-bit aligned */
915 else
918 /* Function is arm, we only need the arm part of the trampoline */
920 }
928 #else
930 #endif
931 }
932 #else
933 #define sys_sigaction sigaction
935 static bool
937 {
939 }
940 #endif
944 /* Clock that only accounts for time spent in the current process. */
946 {
952 }
956 }
958 }
960 /* Data structure used to pass data to the temporary signal handler,
961 * as well as triggering a test crash. */
965 };
970 {
971 /* Initialize oldStack.ss_flags to an invalid value when used to set
972 * an alternative stack, meaning we haven't got information about the
973 * original alternative stack and thus don't mean to restore it in
974 * the destructor. */
977 /* Get the current segfault signal handler. */
981 /* Some devices don't provide useful information to their SIGSEGV handlers,
982 * making it impossible for on-demand decompression to work. To check if
983 * we're on such a device, setup a temporary handler and deliberately
984 * trigger a segfault. The handler will set signalHandlingBroken if the
985 * provided information is bogus.
986 * Some other devices have a kernel option enabled that makes SIGSEGV handler
987 * have an overhead so high that it affects how on-demand decompression
988 * performs. The handler will also set signalHandlingSlow if the triggered
989 * SIGSEGV took too much time. */
1007 /* Restore the original segfault signal handler. */
1010 }
1012 void
1014 {
1015 /* Ideally, we'd need some locking here, but in practice, we're not
1016 * going to race with another thread. */
1025 sigaction_func libc_sigaction;
1027 #if defined(ANDROID)
1028 /* Android > 4.4 comes with a sigaction wrapper in a LD_PRELOADed library
1029 * (libsigchain) for ART. That wrapper kind of does the same trick as we
1030 * do, so we need extra care in handling it.
1031 * - Divert the libc's sigaction, assuming the LD_PRELOADed library uses
1032 * it under the hood (which is more or less true according to the source
1033 * of that library, since it's doing a lookup in RTLD_NEXT)
1034 * - With the LD_PRELOADed library in place, all calls to sigaction from
1035 * from system libraries will go to the LD_PRELOADed library.
1036 * - The LD_PRELOADed library calls to sigaction go to our __wrap_sigaction.
1037 * - The calls to sigaction from libraries faulty.lib loads are sent to
1038 * the LD_PRELOADed library.
1039 * In practice, for signal handling, this means:
1040 * - The signal handler registered to the kernel is ours.
1041 * - Our handler redispatches to the LD_PRELOADed library's if there's a
1042 * segfault we don't handle.
1043 * - The LD_PRELOADed library redispatches according to whatever system
1044 * library or faulty.lib-loaded library set with sigaction.
1045 *
1046 * When there is no sigaction wrapper in place:
1047 * - Divert the libc's sigaction.
1048 * - Calls to sigaction from system library and faulty.lib-loaded libraries
1049 * all go to the libc's sigaction, which end up in our __wrap_sigaction.
1050 * - The signal handler registered to the kernel is ours.
1051 * - Our handler redispatches according to whatever system library or
1052 * faulty.lib-loaded library set with sigaction.
1053 */
1056 libc_sigaction =
1059 #endif
1060 {
1062 }
1067 /* Setup an alternative stack if the already existing one is not big
1068 * enough, or if there is none. */
1078 stack_t stack;
1084 }
1085 }
1086 /* Register our own handler, and store the already registered one in
1087 * SEGVHandler's struct sigaction member */
1091 }
1094 {
1095 /* Restore alternative stack for signals */
1098 /* Restore original signal handler */
1101 }
1103 /* Test handler for a deliberately triggered SIGSEGV that determines whether
1104 * useful information is provided to signal handlers, particularly whether
1105 * si_addr is filled in properly, and whether the segfault handler is called
1106 * quickly enough. */
1108 {
1117 /* See bug 886736 for timings on different devices, 150 µs is reasonably above
1118 * the latency on "working" devices and seems to be short enough to not incur
1119 * a huge overhead to on-demand decompression. */
1122 }
1124 /* TODO: "properly" handle signal masks and flags */
1126 {
1127 //ASSERT(signum == SIGSEGV);
1130 /* Check whether we segfaulted in the address space of a CustomElf. We're
1131 * only expecting that to happen as an access error. */
1140 }
1141 }
1143 /* Redispatch to the registered handler */
1151 /* Reset the handler to the default one, and trigger it. */
1160 }
1161 }
1163 int
1166 {
1169 /* Use system sigaction() function for all but SIGSEGV signals. */
1178 }