Add a testcase for copy reloc against protected data
[glibc.git] / elf / dl-load.c
blob41b91fcc86664b39ea8c0ce5ed35109ab494c925
1 /* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2015 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
19 #include <elf.h>
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <libintl.h>
23 #include <stdbool.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <ldsodefs.h>
28 #include <bits/wordsize.h>
29 #include <sys/mman.h>
30 #include <sys/param.h>
31 #include <sys/stat.h>
32 #include <sys/types.h>
33 #include "dynamic-link.h"
34 #include <abi-tag.h>
35 #include <stackinfo.h>
36 #include <caller.h>
37 #include <sysdep.h>
38 #include <stap-probe.h>
40 #include <dl-dst.h>
41 #include <dl-load.h>
42 #include <dl-map-segments.h>
43 #include <dl-unmap-segments.h>
44 #include <dl-machine-reject-phdr.h>
47 #include <endian.h>
48 #if BYTE_ORDER == BIG_ENDIAN
49 # define byteorder ELFDATA2MSB
50 #elif BYTE_ORDER == LITTLE_ENDIAN
51 # define byteorder ELFDATA2LSB
52 #else
53 # error "Unknown BYTE_ORDER " BYTE_ORDER
54 # define byteorder ELFDATANONE
55 #endif
57 #define STRING(x) __STRING (x)
60 int __stack_prot attribute_hidden attribute_relro
61 #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
62 = PROT_GROWSDOWN;
63 #elif _STACK_GROWS_UP && defined PROT_GROWSUP
64 = PROT_GROWSUP;
65 #else
66 = 0;
67 #endif
70 /* Type for the buffer we put the ELF header and hopefully the program
71 header. This buffer does not really have to be too large. In most
72 cases the program header follows the ELF header directly. If this
73 is not the case all bets are off and we can make the header
74 arbitrarily large and still won't get it read. This means the only
75 question is how large are the ELF and program header combined. The
76 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
77 bytes long. Each program header entry is again 32 and 56 bytes
78 long respectively. I.e., even with a file which has 10 program
79 header entries we only have to read 372B/624B respectively. Add to
80 this a bit of margin for program notes and reading 512B and 832B
81 for 32-bit and 64-bit files respecitvely is enough. If this
82 heuristic should really fail for some file the code in
83 `_dl_map_object_from_fd' knows how to recover. */
84 struct filebuf
86 ssize_t len;
87 #if __WORDSIZE == 32
88 # define FILEBUF_SIZE 512
89 #else
90 # define FILEBUF_SIZE 832
91 #endif
92 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
95 /* This is the decomposed LD_LIBRARY_PATH search path. */
96 static struct r_search_path_struct env_path_list attribute_relro;
98 /* List of the hardware capabilities we might end up using. */
99 static const struct r_strlenpair *capstr attribute_relro;
100 static size_t ncapstr attribute_relro;
101 static size_t max_capstrlen attribute_relro;
104 /* Get the generated information about the trusted directories. */
105 #include "trusted-dirs.h"
107 static const char system_dirs[] = SYSTEM_DIRS;
108 static const size_t system_dirs_len[] =
110 SYSTEM_DIRS_LEN
112 #define nsystem_dirs_len \
113 (sizeof (system_dirs_len) / sizeof (system_dirs_len[0]))
116 static bool
117 is_trusted_path (const char *path, size_t len)
119 const char *trun = system_dirs;
121 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
123 if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
124 /* Found it. */
125 return true;
127 trun += system_dirs_len[idx] + 1;
130 return false;
134 static bool
135 is_trusted_path_normalize (const char *path, size_t len)
137 if (len == 0)
138 return false;
140 if (*path == ':')
142 ++path;
143 --len;
146 char *npath = (char *) alloca (len + 2);
147 char *wnp = npath;
148 while (*path != '\0')
150 if (path[0] == '/')
152 if (path[1] == '.')
154 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
156 while (wnp > npath && *--wnp != '/')
158 path += 3;
159 continue;
161 else if (path[2] == '/' || path[2] == '\0')
163 path += 2;
164 continue;
168 if (wnp > npath && wnp[-1] == '/')
170 ++path;
171 continue;
175 *wnp++ = *path++;
178 if (wnp == npath || wnp[-1] != '/')
179 *wnp++ = '/';
181 const char *trun = system_dirs;
183 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
185 if (wnp - npath >= system_dirs_len[idx]
186 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
187 /* Found it. */
188 return true;
190 trun += system_dirs_len[idx] + 1;
193 return false;
197 static size_t
198 is_dst (const char *start, const char *name, const char *str,
199 int is_path, int secure)
201 size_t len;
202 bool is_curly = false;
204 if (name[0] == '{')
206 is_curly = true;
207 ++name;
210 len = 0;
211 while (name[len] == str[len] && name[len] != '\0')
212 ++len;
214 if (is_curly)
216 if (name[len] != '}')
217 return 0;
219 /* Point again at the beginning of the name. */
220 --name;
221 /* Skip over closing curly brace and adjust for the --name. */
222 len += 2;
224 else if (name[len] != '\0' && name[len] != '/'
225 && (!is_path || name[len] != ':'))
226 return 0;
228 if (__glibc_unlikely (secure)
229 && ((name[len] != '\0' && name[len] != '/'
230 && (!is_path || name[len] != ':'))
231 || (name != start + 1 && (!is_path || name[-2] != ':'))))
232 return 0;
234 return len;
238 size_t
239 _dl_dst_count (const char *name, int is_path)
241 const char *const start = name;
242 size_t cnt = 0;
246 size_t len;
248 /* $ORIGIN is not expanded for SUID/GUID programs (except if it
249 is $ORIGIN alone) and it must always appear first in path. */
250 ++name;
251 if ((len = is_dst (start, name, "ORIGIN", is_path,
252 __libc_enable_secure)) != 0
253 || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
254 || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
255 ++cnt;
257 name = strchr (name + len, '$');
259 while (name != NULL);
261 return cnt;
265 char *
266 _dl_dst_substitute (struct link_map *l, const char *name, char *result,
267 int is_path)
269 const char *const start = name;
271 /* Now fill the result path. While copying over the string we keep
272 track of the start of the last path element. When we come across
273 a DST we copy over the value or (if the value is not available)
274 leave the entire path element out. */
275 char *wp = result;
276 char *last_elem = result;
277 bool check_for_trusted = false;
281 if (__glibc_unlikely (*name == '$'))
283 const char *repl = NULL;
284 size_t len;
286 ++name;
287 if ((len = is_dst (start, name, "ORIGIN", is_path,
288 __libc_enable_secure)) != 0)
290 repl = l->l_origin;
291 check_for_trusted = (__libc_enable_secure
292 && l->l_type == lt_executable);
294 else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
295 repl = GLRO(dl_platform);
296 else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
297 repl = DL_DST_LIB;
299 if (repl != NULL && repl != (const char *) -1)
301 wp = __stpcpy (wp, repl);
302 name += len;
304 else if (len > 1)
306 /* We cannot use this path element, the value of the
307 replacement is unknown. */
308 wp = last_elem;
309 name += len;
310 while (*name != '\0' && (!is_path || *name != ':'))
311 ++name;
312 /* Also skip following colon if this is the first rpath
313 element, but keep an empty element at the end. */
314 if (wp == result && is_path && *name == ':' && name[1] != '\0')
315 ++name;
317 else
318 /* No DST we recognize. */
319 *wp++ = '$';
321 else
323 *wp++ = *name++;
324 if (is_path && *name == ':')
326 /* In SUID/SGID programs, after $ORIGIN expansion the
327 normalized path must be rooted in one of the trusted
328 directories. */
329 if (__glibc_unlikely (check_for_trusted)
330 && !is_trusted_path_normalize (last_elem, wp - last_elem))
331 wp = last_elem;
332 else
333 last_elem = wp;
335 check_for_trusted = false;
339 while (*name != '\0');
341 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
342 path must be rooted in one of the trusted directories. */
343 if (__glibc_unlikely (check_for_trusted)
344 && !is_trusted_path_normalize (last_elem, wp - last_elem))
345 wp = last_elem;
347 *wp = '\0';
349 return result;
353 /* Return copy of argument with all recognized dynamic string tokens
354 ($ORIGIN and $PLATFORM for now) replaced. On some platforms it
355 might not be possible to determine the path from which the object
356 belonging to the map is loaded. In this case the path element
357 containing $ORIGIN is left out. */
358 static char *
359 expand_dynamic_string_token (struct link_map *l, const char *s, int is_path)
361 /* We make two runs over the string. First we determine how large the
362 resulting string is and then we copy it over. Since this is no
363 frequently executed operation we are looking here not for performance
364 but rather for code size. */
365 size_t cnt;
366 size_t total;
367 char *result;
369 /* Determine the number of DST elements. */
370 cnt = DL_DST_COUNT (s, is_path);
372 /* If we do not have to replace anything simply copy the string. */
373 if (__glibc_likely (cnt == 0))
374 return __strdup (s);
376 /* Determine the length of the substituted string. */
377 total = DL_DST_REQUIRED (l, s, strlen (s), cnt);
379 /* Allocate the necessary memory. */
380 result = (char *) malloc (total + 1);
381 if (result == NULL)
382 return NULL;
384 return _dl_dst_substitute (l, s, result, is_path);
388 /* Add `name' to the list of names for a particular shared object.
389 `name' is expected to have been allocated with malloc and will
390 be freed if the shared object already has this name.
391 Returns false if the object already had this name. */
392 static void
393 internal_function
394 add_name_to_object (struct link_map *l, const char *name)
396 struct libname_list *lnp, *lastp;
397 struct libname_list *newname;
398 size_t name_len;
400 lastp = NULL;
401 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
402 if (strcmp (name, lnp->name) == 0)
403 return;
405 name_len = strlen (name) + 1;
406 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
407 if (newname == NULL)
409 /* No more memory. */
410 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
411 return;
413 /* The object should have a libname set from _dl_new_object. */
414 assert (lastp != NULL);
416 newname->name = memcpy (newname + 1, name, name_len);
417 newname->next = NULL;
418 newname->dont_free = 0;
419 lastp->next = newname;
422 /* Standard search directories. */
423 static struct r_search_path_struct rtld_search_dirs attribute_relro;
425 static size_t max_dirnamelen;
427 static struct r_search_path_elem **
428 fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
429 int check_trusted, const char *what, const char *where,
430 struct link_map *l)
432 char *cp;
433 size_t nelems = 0;
434 char *to_free;
436 while ((cp = __strsep (&rpath, sep)) != NULL)
438 struct r_search_path_elem *dirp;
440 to_free = cp = expand_dynamic_string_token (l, cp, 1);
442 size_t len = strlen (cp);
444 /* `strsep' can pass an empty string. This has to be
445 interpreted as `use the current directory'. */
446 if (len == 0)
448 static const char curwd[] = "./";
449 cp = (char *) curwd;
452 /* Remove trailing slashes (except for "/"). */
453 while (len > 1 && cp[len - 1] == '/')
454 --len;
456 /* Now add one if there is none so far. */
457 if (len > 0 && cp[len - 1] != '/')
458 cp[len++] = '/';
460 /* Make sure we don't use untrusted directories if we run SUID. */
461 if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
463 free (to_free);
464 continue;
467 /* See if this directory is already known. */
468 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
469 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
470 break;
472 if (dirp != NULL)
474 /* It is available, see whether it's on our own list. */
475 size_t cnt;
476 for (cnt = 0; cnt < nelems; ++cnt)
477 if (result[cnt] == dirp)
478 break;
480 if (cnt == nelems)
481 result[nelems++] = dirp;
483 else
485 size_t cnt;
486 enum r_dir_status init_val;
487 size_t where_len = where ? strlen (where) + 1 : 0;
489 /* It's a new directory. Create an entry and add it. */
490 dirp = (struct r_search_path_elem *)
491 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
492 + where_len + len + 1);
493 if (dirp == NULL)
494 _dl_signal_error (ENOMEM, NULL, NULL,
495 N_("cannot create cache for search path"));
497 dirp->dirname = ((char *) dirp + sizeof (*dirp)
498 + ncapstr * sizeof (enum r_dir_status));
499 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
500 dirp->dirnamelen = len;
502 if (len > max_dirnamelen)
503 max_dirnamelen = len;
505 /* We have to make sure all the relative directories are
506 never ignored. The current directory might change and
507 all our saved information would be void. */
508 init_val = cp[0] != '/' ? existing : unknown;
509 for (cnt = 0; cnt < ncapstr; ++cnt)
510 dirp->status[cnt] = init_val;
512 dirp->what = what;
513 if (__glibc_likely (where != NULL))
514 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
515 + (ncapstr * sizeof (enum r_dir_status)),
516 where, where_len);
517 else
518 dirp->where = NULL;
520 dirp->next = GL(dl_all_dirs);
521 GL(dl_all_dirs) = dirp;
523 /* Put it in the result array. */
524 result[nelems++] = dirp;
526 free (to_free);
529 /* Terminate the array. */
530 result[nelems] = NULL;
532 return result;
536 static bool
537 internal_function
538 decompose_rpath (struct r_search_path_struct *sps,
539 const char *rpath, struct link_map *l, const char *what)
541 /* Make a copy we can work with. */
542 const char *where = l->l_name;
543 char *copy;
544 char *cp;
545 struct r_search_path_elem **result;
546 size_t nelems;
547 /* Initialize to please the compiler. */
548 const char *errstring = NULL;
550 /* First see whether we must forget the RUNPATH and RPATH from this
551 object. */
552 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
553 && !__libc_enable_secure)
555 const char *inhp = GLRO(dl_inhibit_rpath);
559 const char *wp = where;
561 while (*inhp == *wp && *wp != '\0')
563 ++inhp;
564 ++wp;
567 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
569 /* This object is on the list of objects for which the
570 RUNPATH and RPATH must not be used. */
571 sps->dirs = (void *) -1;
572 return false;
575 while (*inhp != '\0')
576 if (*inhp++ == ':')
577 break;
579 while (*inhp != '\0');
582 /* Make a writable copy. */
583 copy = __strdup (rpath);
584 if (copy == NULL)
586 errstring = N_("cannot create RUNPATH/RPATH copy");
587 goto signal_error;
590 /* Ignore empty rpaths. */
591 if (*copy == 0)
593 free (copy);
594 sps->dirs = (struct r_search_path_elem **) -1;
595 return false;
598 /* Count the number of necessary elements in the result array. */
599 nelems = 0;
600 for (cp = copy; *cp != '\0'; ++cp)
601 if (*cp == ':')
602 ++nelems;
604 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
605 number of necessary entries. */
606 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
607 * sizeof (*result));
608 if (result == NULL)
610 free (copy);
611 errstring = N_("cannot create cache for search path");
612 signal_error:
613 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
616 fillin_rpath (copy, result, ":", 0, what, where, l);
618 /* Free the copied RPATH string. `fillin_rpath' make own copies if
619 necessary. */
620 free (copy);
622 sps->dirs = result;
623 /* The caller will change this value if we haven't used a real malloc. */
624 sps->malloced = 1;
625 return true;
628 /* Make sure cached path information is stored in *SP
629 and return true if there are any paths to search there. */
630 static bool
631 cache_rpath (struct link_map *l,
632 struct r_search_path_struct *sp,
633 int tag,
634 const char *what)
636 if (sp->dirs == (void *) -1)
637 return false;
639 if (sp->dirs != NULL)
640 return true;
642 if (l->l_info[tag] == NULL)
644 /* There is no path. */
645 sp->dirs = (void *) -1;
646 return false;
649 /* Make sure the cache information is available. */
650 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
651 + l->l_info[tag]->d_un.d_val),
652 l, what);
656 void
657 internal_function
658 _dl_init_paths (const char *llp)
660 size_t idx;
661 const char *strp;
662 struct r_search_path_elem *pelem, **aelem;
663 size_t round_size;
664 struct link_map __attribute__ ((unused)) *l = NULL;
665 /* Initialize to please the compiler. */
666 const char *errstring = NULL;
668 /* Fill in the information about the application's RPATH and the
669 directories addressed by the LD_LIBRARY_PATH environment variable. */
671 /* Get the capabilities. */
672 capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
673 &ncapstr, &max_capstrlen);
675 /* First set up the rest of the default search directory entries. */
676 aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
677 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
678 if (rtld_search_dirs.dirs == NULL)
680 errstring = N_("cannot create search path array");
681 signal_error:
682 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
685 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
686 + ncapstr * sizeof (enum r_dir_status))
687 / sizeof (struct r_search_path_elem));
689 rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)
690 malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))
691 * round_size * sizeof (struct r_search_path_elem));
692 if (rtld_search_dirs.dirs[0] == NULL)
694 errstring = N_("cannot create cache for search path");
695 goto signal_error;
698 rtld_search_dirs.malloced = 0;
699 pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
700 strp = system_dirs;
701 idx = 0;
705 size_t cnt;
707 *aelem++ = pelem;
709 pelem->what = "system search path";
710 pelem->where = NULL;
712 pelem->dirname = strp;
713 pelem->dirnamelen = system_dirs_len[idx];
714 strp += system_dirs_len[idx] + 1;
716 /* System paths must be absolute. */
717 assert (pelem->dirname[0] == '/');
718 for (cnt = 0; cnt < ncapstr; ++cnt)
719 pelem->status[cnt] = unknown;
721 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
723 pelem += round_size;
725 while (idx < nsystem_dirs_len);
727 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
728 *aelem = NULL;
730 #ifdef SHARED
731 /* This points to the map of the main object. */
732 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
733 if (l != NULL)
735 assert (l->l_type != lt_loaded);
737 if (l->l_info[DT_RUNPATH])
739 /* Allocate room for the search path and fill in information
740 from RUNPATH. */
741 decompose_rpath (&l->l_runpath_dirs,
742 (const void *) (D_PTR (l, l_info[DT_STRTAB])
743 + l->l_info[DT_RUNPATH]->d_un.d_val),
744 l, "RUNPATH");
745 /* During rtld init the memory is allocated by the stub malloc,
746 prevent any attempt to free it by the normal malloc. */
747 l->l_runpath_dirs.malloced = 0;
749 /* The RPATH is ignored. */
750 l->l_rpath_dirs.dirs = (void *) -1;
752 else
754 l->l_runpath_dirs.dirs = (void *) -1;
756 if (l->l_info[DT_RPATH])
758 /* Allocate room for the search path and fill in information
759 from RPATH. */
760 decompose_rpath (&l->l_rpath_dirs,
761 (const void *) (D_PTR (l, l_info[DT_STRTAB])
762 + l->l_info[DT_RPATH]->d_un.d_val),
763 l, "RPATH");
764 /* During rtld init the memory is allocated by the stub
765 malloc, prevent any attempt to free it by the normal
766 malloc. */
767 l->l_rpath_dirs.malloced = 0;
769 else
770 l->l_rpath_dirs.dirs = (void *) -1;
773 #endif /* SHARED */
775 if (llp != NULL && *llp != '\0')
777 size_t nllp;
778 const char *cp = llp;
779 char *llp_tmp;
781 #ifdef SHARED
782 /* Expand DSTs. */
783 size_t cnt = DL_DST_COUNT (llp, 1);
784 if (__glibc_likely (cnt == 0))
785 llp_tmp = strdupa (llp);
786 else
788 /* Determine the length of the substituted string. */
789 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);
791 /* Allocate the necessary memory. */
792 llp_tmp = (char *) alloca (total + 1);
793 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);
795 #else
796 llp_tmp = strdupa (llp);
797 #endif
799 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
800 elements it has. */
801 nllp = 1;
802 while (*cp)
804 if (*cp == ':' || *cp == ';')
805 ++nllp;
806 ++cp;
809 env_path_list.dirs = (struct r_search_path_elem **)
810 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
811 if (env_path_list.dirs == NULL)
813 errstring = N_("cannot create cache for search path");
814 goto signal_error;
817 (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
818 __libc_enable_secure, "LD_LIBRARY_PATH",
819 NULL, l);
821 if (env_path_list.dirs[0] == NULL)
823 free (env_path_list.dirs);
824 env_path_list.dirs = (void *) -1;
827 env_path_list.malloced = 0;
829 else
830 env_path_list.dirs = (void *) -1;
834 static void
835 __attribute__ ((noreturn, noinline))
836 lose (int code, int fd, const char *name, char *realname, struct link_map *l,
837 const char *msg, struct r_debug *r, Lmid_t nsid)
839 /* The file might already be closed. */
840 if (fd != -1)
841 (void) __close (fd);
842 if (l != NULL && l->l_origin != (char *) -1l)
843 free ((char *) l->l_origin);
844 free (l);
845 free (realname);
847 if (r != NULL)
849 r->r_state = RT_CONSISTENT;
850 _dl_debug_state ();
851 LIBC_PROBE (map_failed, 2, nsid, r);
854 _dl_signal_error (code, name, NULL, msg);
858 /* Map in the shared object NAME, actually located in REALNAME, and already
859 opened on FD. */
861 #ifndef EXTERNAL_MAP_FROM_FD
862 static
863 #endif
864 struct link_map *
865 _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
866 char *realname, struct link_map *loader, int l_type,
867 int mode, void **stack_endp, Lmid_t nsid)
869 struct link_map *l = NULL;
870 const ElfW(Ehdr) *header;
871 const ElfW(Phdr) *phdr;
872 const ElfW(Phdr) *ph;
873 size_t maplength;
874 int type;
875 struct stat64 st;
876 /* Initialize to keep the compiler happy. */
877 const char *errstring = NULL;
878 int errval = 0;
879 struct r_debug *r = _dl_debug_initialize (0, nsid);
880 bool make_consistent = false;
882 /* Get file information. */
883 if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, &st) < 0))
885 errstring = N_("cannot stat shared object");
886 call_lose_errno:
887 errval = errno;
888 call_lose:
889 lose (errval, fd, name, realname, l, errstring,
890 make_consistent ? r : NULL, nsid);
893 /* Look again to see if the real name matched another already loaded. */
894 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
895 if (l->l_removed == 0 && l->l_ino == st.st_ino && l->l_dev == st.st_dev)
897 /* The object is already loaded.
898 Just bump its reference count and return it. */
899 __close (fd);
901 /* If the name is not in the list of names for this object add
902 it. */
903 free (realname);
904 add_name_to_object (l, name);
906 return l;
909 #ifdef SHARED
910 /* When loading into a namespace other than the base one we must
911 avoid loading ld.so since there can only be one copy. Ever. */
912 if (__glibc_unlikely (nsid != LM_ID_BASE)
913 && ((st.st_ino == GL(dl_rtld_map).l_ino
914 && st.st_dev == GL(dl_rtld_map).l_dev)
915 || _dl_name_match_p (name, &GL(dl_rtld_map))))
917 /* This is indeed ld.so. Create a new link_map which refers to
918 the real one for almost everything. */
919 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
920 if (l == NULL)
921 goto fail_new;
923 /* Refer to the real descriptor. */
924 l->l_real = &GL(dl_rtld_map);
926 /* No need to bump the refcount of the real object, ld.so will
927 never be unloaded. */
928 __close (fd);
930 /* Add the map for the mirrored object to the object list. */
931 _dl_add_to_namespace_list (l, nsid);
933 return l;
935 #endif
937 if (mode & RTLD_NOLOAD)
939 /* We are not supposed to load the object unless it is already
940 loaded. So return now. */
941 free (realname);
942 __close (fd);
943 return NULL;
946 /* Print debugging message. */
947 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
948 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
950 /* This is the ELF header. We read it in `open_verify'. */
951 header = (void *) fbp->buf;
953 #ifndef MAP_ANON
954 # define MAP_ANON 0
955 if (_dl_zerofd == -1)
957 _dl_zerofd = _dl_sysdep_open_zero_fill ();
958 if (_dl_zerofd == -1)
960 free (realname);
961 __close (fd);
962 _dl_signal_error (errno, NULL, NULL,
963 N_("cannot open zero fill device"));
966 #endif
968 /* Signal that we are going to add new objects. */
969 if (r->r_state == RT_CONSISTENT)
971 #ifdef SHARED
972 /* Auditing checkpoint: we are going to add new objects. */
973 if ((mode & __RTLD_AUDIT) == 0
974 && __glibc_unlikely (GLRO(dl_naudit) > 0))
976 struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
977 /* Do not call the functions for any auditing object. */
978 if (head->l_auditing == 0)
980 struct audit_ifaces *afct = GLRO(dl_audit);
981 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
983 if (afct->activity != NULL)
984 afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD);
986 afct = afct->next;
990 #endif
992 /* Notify the debugger we have added some objects. We need to
993 call _dl_debug_initialize in a static program in case dynamic
994 linking has not been used before. */
995 r->r_state = RT_ADD;
996 _dl_debug_state ();
997 LIBC_PROBE (map_start, 2, nsid, r);
998 make_consistent = true;
1000 else
1001 assert (r->r_state == RT_ADD);
1003 /* Enter the new object in the list of loaded objects. */
1004 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1005 if (__glibc_unlikely (l == NULL))
1007 #ifdef SHARED
1008 fail_new:
1009 #endif
1010 errstring = N_("cannot create shared object descriptor");
1011 goto call_lose_errno;
1014 /* Extract the remaining details we need from the ELF header
1015 and then read in the program header table. */
1016 l->l_entry = header->e_entry;
1017 type = header->e_type;
1018 l->l_phnum = header->e_phnum;
1020 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1021 if (header->e_phoff + maplength <= (size_t) fbp->len)
1022 phdr = (void *) (fbp->buf + header->e_phoff);
1023 else
1025 phdr = alloca (maplength);
1026 __lseek (fd, header->e_phoff, SEEK_SET);
1027 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1029 errstring = N_("cannot read file data");
1030 goto call_lose_errno;
1034 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1035 * executable. Other platforms default to a nonexecutable stack and don't
1036 * need PT_GNU_STACK to do so. */
1037 uint_fast16_t stack_flags = DEFAULT_STACK_PERMS;
1040 /* Scan the program header table, collecting its load commands. */
1041 struct loadcmd loadcmds[l->l_phnum];
1042 size_t nloadcmds = 0;
1043 bool has_holes = false;
1045 /* The struct is initialized to zero so this is not necessary:
1046 l->l_ld = 0;
1047 l->l_phdr = 0;
1048 l->l_addr = 0; */
1049 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1050 switch (ph->p_type)
1052 /* These entries tell us where to find things once the file's
1053 segments are mapped in. We record the addresses it says
1054 verbatim, and later correct for the run-time load address. */
1055 case PT_DYNAMIC:
1056 l->l_ld = (void *) ph->p_vaddr;
1057 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1058 break;
1060 case PT_PHDR:
1061 l->l_phdr = (void *) ph->p_vaddr;
1062 break;
1064 case PT_LOAD:
1065 /* A load command tells us to map in part of the file.
1066 We record the load commands and process them all later. */
1067 if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0))
1069 errstring = N_("ELF load command alignment not page-aligned");
1070 goto call_lose;
1072 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1073 & (ph->p_align - 1)) != 0))
1075 errstring
1076 = N_("ELF load command address/offset not properly aligned");
1077 goto call_lose;
1080 struct loadcmd *c = &loadcmds[nloadcmds++];
1081 c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
1082 c->mapend = ((ph->p_vaddr + ph->p_filesz + GLRO(dl_pagesize) - 1)
1083 & ~(GLRO(dl_pagesize) - 1));
1084 c->dataend = ph->p_vaddr + ph->p_filesz;
1085 c->allocend = ph->p_vaddr + ph->p_memsz;
1086 c->mapoff = ph->p_offset & ~(GLRO(dl_pagesize) - 1);
1088 /* Determine whether there is a gap between the last segment
1089 and this one. */
1090 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1091 has_holes = true;
1093 /* Optimize a common case. */
1094 #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1095 c->prot = (PF_TO_PROT
1096 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1097 #else
1098 c->prot = 0;
1099 if (ph->p_flags & PF_R)
1100 c->prot |= PROT_READ;
1101 if (ph->p_flags & PF_W)
1102 c->prot |= PROT_WRITE;
1103 if (ph->p_flags & PF_X)
1104 c->prot |= PROT_EXEC;
1105 #endif
1106 break;
1108 case PT_TLS:
1109 if (ph->p_memsz == 0)
1110 /* Nothing to do for an empty segment. */
1111 break;
1113 l->l_tls_blocksize = ph->p_memsz;
1114 l->l_tls_align = ph->p_align;
1115 if (ph->p_align == 0)
1116 l->l_tls_firstbyte_offset = 0;
1117 else
1118 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1119 l->l_tls_initimage_size = ph->p_filesz;
1120 /* Since we don't know the load address yet only store the
1121 offset. We will adjust it later. */
1122 l->l_tls_initimage = (void *) ph->p_vaddr;
1124 /* If not loading the initial set of shared libraries,
1125 check whether we should permit loading a TLS segment. */
1126 if (__glibc_likely (l->l_type == lt_library)
1127 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1128 not set up TLS data structures, so don't use them now. */
1129 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))
1131 /* Assign the next available module ID. */
1132 l->l_tls_modid = _dl_next_tls_modid ();
1133 break;
1136 #ifdef SHARED
1137 if (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0)
1138 /* We are loading the executable itself when the dynamic linker
1139 was executed directly. The setup will happen later. */
1140 break;
1142 # ifdef _LIBC_REENTRANT
1143 /* In a static binary there is no way to tell if we dynamically
1144 loaded libpthread. */
1145 if (GL(dl_error_catch_tsd) == &_dl_initial_error_catch_tsd)
1146 # endif
1147 #endif
1149 /* We have not yet loaded libpthread.
1150 We can do the TLS setup right now! */
1152 void *tcb;
1154 /* The first call allocates TLS bookkeeping data structures.
1155 Then we allocate the TCB for the initial thread. */
1156 if (__glibc_unlikely (_dl_tls_setup ())
1157 || __glibc_unlikely ((tcb = _dl_allocate_tls (NULL)) == NULL))
1159 errval = ENOMEM;
1160 errstring = N_("\
1161 cannot allocate TLS data structures for initial thread");
1162 goto call_lose;
1165 /* Now we install the TCB in the thread register. */
1166 errstring = TLS_INIT_TP (tcb);
1167 if (__glibc_likely (errstring == NULL))
1169 /* Now we are all good. */
1170 l->l_tls_modid = ++GL(dl_tls_max_dtv_idx);
1171 break;
1174 /* The kernel is too old or somesuch. */
1175 errval = 0;
1176 _dl_deallocate_tls (tcb, 1);
1177 goto call_lose;
1180 /* Uh-oh, the binary expects TLS support but we cannot
1181 provide it. */
1182 errval = 0;
1183 errstring = N_("cannot handle TLS data");
1184 goto call_lose;
1185 break;
1187 case PT_GNU_STACK:
1188 stack_flags = ph->p_flags;
1189 break;
1191 case PT_GNU_RELRO:
1192 l->l_relro_addr = ph->p_vaddr;
1193 l->l_relro_size = ph->p_memsz;
1194 break;
1197 if (__glibc_unlikely (nloadcmds == 0))
1199 /* This only happens for a bogus object that will be caught with
1200 another error below. But we don't want to go through the
1201 calculations below using NLOADCMDS - 1. */
1202 errstring = N_("object file has no loadable segments");
1203 goto call_lose;
1206 if (__glibc_unlikely (type != ET_DYN)
1207 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1209 /* This object is loaded at a fixed address. This must never
1210 happen for objects loaded with dlopen. */
1211 errstring = N_("cannot dynamically load executable");
1212 goto call_lose;
1215 /* Length of the sections to be loaded. */
1216 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1218 /* Now process the load commands and map segments into memory.
1219 This is responsible for filling in:
1220 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1222 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1223 maplength, has_holes, loader);
1224 if (__glibc_unlikely (errstring != NULL))
1225 goto call_lose;
1228 if (l->l_ld == 0)
1230 if (__glibc_unlikely (type == ET_DYN))
1232 errstring = N_("object file has no dynamic section");
1233 goto call_lose;
1236 else
1237 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1239 elf_get_dynamic_info (l, NULL);
1241 /* Make sure we are not dlopen'ing an object that has the
1242 DF_1_NOOPEN flag set. */
1243 if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1244 && (mode & __RTLD_DLOPEN))
1246 /* We are not supposed to load this object. Free all resources. */
1247 _dl_unmap_segments (l);
1249 if (!l->l_libname->dont_free)
1250 free (l->l_libname);
1252 if (l->l_phdr_allocated)
1253 free ((void *) l->l_phdr);
1255 errstring = N_("shared object cannot be dlopen()ed");
1256 goto call_lose;
1259 if (l->l_phdr == NULL)
1261 /* The program header is not contained in any of the segments.
1262 We have to allocate memory ourself and copy it over from out
1263 temporary place. */
1264 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1265 * sizeof (ElfW(Phdr)));
1266 if (newp == NULL)
1268 errstring = N_("cannot allocate memory for program header");
1269 goto call_lose_errno;
1272 l->l_phdr = memcpy (newp, phdr,
1273 (header->e_phnum * sizeof (ElfW(Phdr))));
1274 l->l_phdr_allocated = 1;
1276 else
1277 /* Adjust the PT_PHDR value by the runtime load address. */
1278 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1280 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1282 if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso) != 0))
1284 errstring = N_("invalid caller");
1285 goto call_lose;
1288 /* The stack is presently not executable, but this module
1289 requires that it be executable. We must change the
1290 protection of the variable which contains the flags used in
1291 the mprotect calls. */
1292 #ifdef SHARED
1293 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1295 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1296 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1298 struct link_map *const m = &GL(dl_rtld_map);
1299 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1300 + m->l_relro_size)
1301 & -GLRO(dl_pagesize));
1302 if (__glibc_likely (p + s <= relro_end))
1304 /* The variable lies in the region protected by RELRO. */
1305 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1307 errstring = N_("cannot change memory protections");
1308 goto call_lose_errno;
1310 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1311 __mprotect ((void *) p, s, PROT_READ);
1313 else
1314 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1316 else
1317 #endif
1318 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1320 #ifdef check_consistency
1321 check_consistency ();
1322 #endif
1324 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1325 if (errval)
1327 errstring = N_("\
1328 cannot enable executable stack as shared object requires");
1329 goto call_lose;
1333 /* Adjust the address of the TLS initialization image. */
1334 if (l->l_tls_initimage != NULL)
1335 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1337 /* We are done mapping in the file. We no longer need the descriptor. */
1338 if (__glibc_unlikely (__close (fd) != 0))
1340 errstring = N_("cannot close file descriptor");
1341 goto call_lose_errno;
1343 /* Signal that we closed the file. */
1344 fd = -1;
1346 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1347 assert (type != ET_EXEC || l->l_type == lt_executable);
1349 l->l_entry += l->l_addr;
1351 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1352 _dl_debug_printf ("\
1353 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1354 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1355 (int) sizeof (void *) * 2,
1356 (unsigned long int) l->l_ld,
1357 (int) sizeof (void *) * 2,
1358 (unsigned long int) l->l_addr,
1359 (int) sizeof (void *) * 2, maplength,
1360 (int) sizeof (void *) * 2,
1361 (unsigned long int) l->l_entry,
1362 (int) sizeof (void *) * 2,
1363 (unsigned long int) l->l_phdr,
1364 (int) sizeof (void *) * 2, l->l_phnum);
1366 /* Set up the symbol hash table. */
1367 _dl_setup_hash (l);
1369 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1370 have to do this for the main map. */
1371 if ((mode & RTLD_DEEPBIND) == 0
1372 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1373 && &l->l_searchlist != l->l_scope[0])
1375 /* Create an appropriate searchlist. It contains only this map.
1376 This is the definition of DT_SYMBOLIC in SysVr4. */
1377 l->l_symbolic_searchlist.r_list[0] = l;
1378 l->l_symbolic_searchlist.r_nlist = 1;
1380 /* Now move the existing entries one back. */
1381 memmove (&l->l_scope[1], &l->l_scope[0],
1382 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1384 /* Now add the new entry. */
1385 l->l_scope[0] = &l->l_symbolic_searchlist;
1388 /* Remember whether this object must be initialized first. */
1389 if (l->l_flags_1 & DF_1_INITFIRST)
1390 GL(dl_initfirst) = l;
1392 /* Finally the file information. */
1393 l->l_dev = st.st_dev;
1394 l->l_ino = st.st_ino;
1396 /* When we profile the SONAME might be needed for something else but
1397 loading. Add it right away. */
1398 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1399 && l->l_info[DT_SONAME] != NULL)
1400 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1401 + l->l_info[DT_SONAME]->d_un.d_val));
1403 #ifdef DL_AFTER_LOAD
1404 DL_AFTER_LOAD (l);
1405 #endif
1407 /* Now that the object is fully initialized add it to the object list. */
1408 _dl_add_to_namespace_list (l, nsid);
1410 #ifdef SHARED
1411 /* Auditing checkpoint: we have a new object. */
1412 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1413 && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1415 struct audit_ifaces *afct = GLRO(dl_audit);
1416 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1418 if (afct->objopen != NULL)
1420 l->l_audit[cnt].bindflags
1421 = afct->objopen (l, nsid, &l->l_audit[cnt].cookie);
1423 l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0;
1426 afct = afct->next;
1429 #endif
1431 return l;
1434 /* Print search path. */
1435 static void
1436 print_search_path (struct r_search_path_elem **list,
1437 const char *what, const char *name)
1439 char buf[max_dirnamelen + max_capstrlen];
1440 int first = 1;
1442 _dl_debug_printf (" search path=");
1444 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1446 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1447 size_t cnt;
1449 for (cnt = 0; cnt < ncapstr; ++cnt)
1450 if ((*list)->status[cnt] != nonexisting)
1452 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1453 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1454 cp[0] = '\0';
1455 else
1456 cp[-1] = '\0';
1458 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1459 first = 0;
1462 ++list;
1465 if (name != NULL)
1466 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1467 DSO_FILENAME (name));
1468 else
1469 _dl_debug_printf_c ("\t\t(%s)\n", what);
1472 /* Open a file and verify it is an ELF file for this architecture. We
1473 ignore only ELF files for other architectures. Non-ELF files and
1474 ELF files with different header information cause fatal errors since
1475 this could mean there is something wrong in the installation and the
1476 user might want to know about this. */
1477 static int
1478 open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
1479 int whatcode, int mode, bool *found_other_class, bool free_name)
1481 /* This is the expected ELF header. */
1482 #define ELF32_CLASS ELFCLASS32
1483 #define ELF64_CLASS ELFCLASS64
1484 #ifndef VALID_ELF_HEADER
1485 # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1486 # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1487 # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1488 #elif defined MORE_ELF_HEADER_DATA
1489 MORE_ELF_HEADER_DATA;
1490 #endif
1491 static const unsigned char expected[EI_NIDENT] =
1493 [EI_MAG0] = ELFMAG0,
1494 [EI_MAG1] = ELFMAG1,
1495 [EI_MAG2] = ELFMAG2,
1496 [EI_MAG3] = ELFMAG3,
1497 [EI_CLASS] = ELFW(CLASS),
1498 [EI_DATA] = byteorder,
1499 [EI_VERSION] = EV_CURRENT,
1500 [EI_OSABI] = ELFOSABI_SYSV,
1501 [EI_ABIVERSION] = 0
1503 static const struct
1505 ElfW(Word) vendorlen;
1506 ElfW(Word) datalen;
1507 ElfW(Word) type;
1508 char vendor[4];
1509 } expected_note = { 4, 16, 1, "GNU" };
1510 /* Initialize it to make the compiler happy. */
1511 const char *errstring = NULL;
1512 int errval = 0;
1514 #ifdef SHARED
1515 /* Give the auditing libraries a chance. */
1516 if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0
1517 && loader->l_auditing == 0)
1519 struct audit_ifaces *afct = GLRO(dl_audit);
1520 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1522 if (afct->objsearch != NULL)
1524 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1525 whatcode);
1526 if (name == NULL)
1527 /* Ignore the path. */
1528 return -1;
1531 afct = afct->next;
1534 #endif
1536 /* Open the file. We always open files read-only. */
1537 int fd = __open (name, O_RDONLY | O_CLOEXEC);
1538 if (fd != -1)
1540 ElfW(Ehdr) *ehdr;
1541 ElfW(Phdr) *phdr, *ph;
1542 ElfW(Word) *abi_note;
1543 unsigned int osversion;
1544 size_t maplength;
1546 /* We successfully opened the file. Now verify it is a file
1547 we can use. */
1548 __set_errno (0);
1549 fbp->len = 0;
1550 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1551 /* Read in the header. */
1554 ssize_t retlen = __libc_read (fd, fbp->buf + fbp->len,
1555 sizeof (fbp->buf) - fbp->len);
1556 if (retlen <= 0)
1557 break;
1558 fbp->len += retlen;
1560 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1562 /* This is where the ELF header is loaded. */
1563 ehdr = (ElfW(Ehdr) *) fbp->buf;
1565 /* Now run the tests. */
1566 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1568 errval = errno;
1569 errstring = (errval == 0
1570 ? N_("file too short") : N_("cannot read file data"));
1571 call_lose:
1572 if (free_name)
1574 char *realname = (char *) name;
1575 name = strdupa (realname);
1576 free (realname);
1578 lose (errval, fd, name, NULL, NULL, errstring, NULL, 0);
1581 /* See whether the ELF header is what we expect. */
1582 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1583 EI_ABIVERSION)
1584 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1585 ehdr->e_ident[EI_ABIVERSION])
1586 || memcmp (&ehdr->e_ident[EI_PAD],
1587 &expected[EI_PAD],
1588 EI_NIDENT - EI_PAD) != 0))
1590 /* Something is wrong. */
1591 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1592 if (*magp !=
1593 #if BYTE_ORDER == LITTLE_ENDIAN
1594 ((ELFMAG0 << (EI_MAG0 * 8)) |
1595 (ELFMAG1 << (EI_MAG1 * 8)) |
1596 (ELFMAG2 << (EI_MAG2 * 8)) |
1597 (ELFMAG3 << (EI_MAG3 * 8)))
1598 #else
1599 ((ELFMAG0 << (EI_MAG3 * 8)) |
1600 (ELFMAG1 << (EI_MAG2 * 8)) |
1601 (ELFMAG2 << (EI_MAG1 * 8)) |
1602 (ELFMAG3 << (EI_MAG0 * 8)))
1603 #endif
1605 errstring = N_("invalid ELF header");
1606 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1608 /* This is not a fatal error. On architectures where
1609 32-bit and 64-bit binaries can be run this might
1610 happen. */
1611 *found_other_class = true;
1612 goto close_and_out;
1614 else if (ehdr->e_ident[EI_DATA] != byteorder)
1616 if (BYTE_ORDER == BIG_ENDIAN)
1617 errstring = N_("ELF file data encoding not big-endian");
1618 else
1619 errstring = N_("ELF file data encoding not little-endian");
1621 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1622 errstring
1623 = N_("ELF file version ident does not match current one");
1624 /* XXX We should be able so set system specific versions which are
1625 allowed here. */
1626 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1627 errstring = N_("ELF file OS ABI invalid");
1628 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1629 ehdr->e_ident[EI_ABIVERSION]))
1630 errstring = N_("ELF file ABI version invalid");
1631 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1632 EI_NIDENT - EI_PAD) != 0)
1633 errstring = N_("nonzero padding in e_ident");
1634 else
1635 /* Otherwise we don't know what went wrong. */
1636 errstring = N_("internal error");
1638 goto call_lose;
1641 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1643 errstring = N_("ELF file version does not match current one");
1644 goto call_lose;
1646 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1647 goto close_and_out;
1648 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1649 && ehdr->e_type != ET_EXEC))
1651 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1652 goto call_lose;
1654 else if (__glibc_unlikely (ehdr->e_type == ET_EXEC
1655 && (mode & __RTLD_OPENEXEC) == 0))
1657 /* BZ #16634. It is an error to dlopen ET_EXEC (unless
1658 __RTLD_OPENEXEC is explicitly set). We return error here
1659 so that code in _dl_map_object_from_fd does not try to set
1660 l_tls_modid for this module. */
1662 errstring = N_("cannot dynamically load executable");
1663 goto call_lose;
1665 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1667 errstring = N_("ELF file's phentsize not the expected size");
1668 goto call_lose;
1671 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1672 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1673 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1674 else
1676 phdr = alloca (maplength);
1677 __lseek (fd, ehdr->e_phoff, SEEK_SET);
1678 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1680 read_error:
1681 errval = errno;
1682 errstring = N_("cannot read file data");
1683 goto call_lose;
1687 if (__glibc_unlikely (elf_machine_reject_phdr_p
1688 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1689 loader, fd)))
1690 goto close_and_out;
1692 /* Check .note.ABI-tag if present. */
1693 for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
1694 if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
1696 ElfW(Addr) size = ph->p_filesz;
1698 if (ph->p_offset + size <= (size_t) fbp->len)
1699 abi_note = (void *) (fbp->buf + ph->p_offset);
1700 else
1702 abi_note = alloca (size);
1703 __lseek (fd, ph->p_offset, SEEK_SET);
1704 if (__libc_read (fd, (void *) abi_note, size) != size)
1705 goto read_error;
1708 while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
1710 #define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
1711 ElfW(Addr) note_size = 3 * sizeof (ElfW(Word))
1712 + ROUND (abi_note[0])
1713 + ROUND (abi_note[1]);
1715 if (size - 32 < note_size)
1717 size = 0;
1718 break;
1720 size -= note_size;
1721 abi_note = (void *) abi_note + note_size;
1724 if (size == 0)
1725 continue;
1727 osversion = (abi_note[5] & 0xff) * 65536
1728 + (abi_note[6] & 0xff) * 256
1729 + (abi_note[7] & 0xff);
1730 if (abi_note[4] != __ABI_TAG_OS
1731 || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
1733 close_and_out:
1734 __close (fd);
1735 __set_errno (ENOENT);
1736 fd = -1;
1739 break;
1743 return fd;
1746 /* Try to open NAME in one of the directories in *DIRSP.
1747 Return the fd, or -1. If successful, fill in *REALNAME
1748 with the malloc'd full directory name. If it turns out
1749 that none of the directories in *DIRSP exists, *DIRSP is
1750 replaced with (void *) -1, and the old value is free()d
1751 if MAY_FREE_DIRS is true. */
1753 static int
1754 open_path (const char *name, size_t namelen, int mode,
1755 struct r_search_path_struct *sps, char **realname,
1756 struct filebuf *fbp, struct link_map *loader, int whatcode,
1757 bool *found_other_class)
1759 struct r_search_path_elem **dirs = sps->dirs;
1760 char *buf;
1761 int fd = -1;
1762 const char *current_what = NULL;
1763 int any = 0;
1765 if (__glibc_unlikely (dirs == NULL))
1766 /* We're called before _dl_init_paths when loading the main executable
1767 given on the command line when rtld is run directly. */
1768 return -1;
1770 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1773 struct r_search_path_elem *this_dir = *dirs;
1774 size_t buflen = 0;
1775 size_t cnt;
1776 char *edp;
1777 int here_any = 0;
1778 int err;
1780 /* If we are debugging the search for libraries print the path
1781 now if it hasn't happened now. */
1782 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1783 && current_what != this_dir->what)
1785 current_what = this_dir->what;
1786 print_search_path (dirs, current_what, this_dir->where);
1789 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1790 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1792 /* Skip this directory if we know it does not exist. */
1793 if (this_dir->status[cnt] == nonexisting)
1794 continue;
1796 buflen =
1797 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1798 capstr[cnt].len),
1799 name, namelen)
1800 - buf);
1802 /* Print name we try if this is wanted. */
1803 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1804 _dl_debug_printf (" trying file=%s\n", buf);
1806 fd = open_verify (buf, fbp, loader, whatcode, mode,
1807 found_other_class, false);
1808 if (this_dir->status[cnt] == unknown)
1810 if (fd != -1)
1811 this_dir->status[cnt] = existing;
1812 /* Do not update the directory information when loading
1813 auditing code. We must try to disturb the program as
1814 little as possible. */
1815 else if (loader == NULL
1816 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1818 /* We failed to open machine dependent library. Let's
1819 test whether there is any directory at all. */
1820 struct stat64 st;
1822 buf[buflen - namelen - 1] = '\0';
1824 if (__xstat64 (_STAT_VER, buf, &st) != 0
1825 || ! S_ISDIR (st.st_mode))
1826 /* The directory does not exist or it is no directory. */
1827 this_dir->status[cnt] = nonexisting;
1828 else
1829 this_dir->status[cnt] = existing;
1833 /* Remember whether we found any existing directory. */
1834 here_any |= this_dir->status[cnt] != nonexisting;
1836 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1837 && __libc_enable_secure)
1839 /* This is an extra security effort to make sure nobody can
1840 preload broken shared objects which are in the trusted
1841 directories and so exploit the bugs. */
1842 struct stat64 st;
1844 if (__fxstat64 (_STAT_VER, fd, &st) != 0
1845 || (st.st_mode & S_ISUID) == 0)
1847 /* The shared object cannot be tested for being SUID
1848 or this bit is not set. In this case we must not
1849 use this object. */
1850 __close (fd);
1851 fd = -1;
1852 /* We simply ignore the file, signal this by setting
1853 the error value which would have been set by `open'. */
1854 errno = ENOENT;
1859 if (fd != -1)
1861 *realname = (char *) malloc (buflen);
1862 if (*realname != NULL)
1864 memcpy (*realname, buf, buflen);
1865 return fd;
1867 else
1869 /* No memory for the name, we certainly won't be able
1870 to load and link it. */
1871 __close (fd);
1872 return -1;
1875 if (here_any && (err = errno) != ENOENT && err != EACCES)
1876 /* The file exists and is readable, but something went wrong. */
1877 return -1;
1879 /* Remember whether we found anything. */
1880 any |= here_any;
1882 while (*++dirs != NULL);
1884 /* Remove the whole path if none of the directories exists. */
1885 if (__glibc_unlikely (! any))
1887 /* Paths which were allocated using the minimal malloc() in ld.so
1888 must not be freed using the general free() in libc. */
1889 if (sps->malloced)
1890 free (sps->dirs);
1892 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1893 avoid writing into it. */
1894 if (sps != &rtld_search_dirs && sps != &env_path_list)
1895 sps->dirs = (void *) -1;
1898 return -1;
1901 /* Map in the shared object file NAME. */
1903 struct link_map *
1904 internal_function
1905 _dl_map_object (struct link_map *loader, const char *name,
1906 int type, int trace_mode, int mode, Lmid_t nsid)
1908 int fd;
1909 char *realname;
1910 char *name_copy;
1911 struct link_map *l;
1912 struct filebuf fb;
1914 assert (nsid >= 0);
1915 assert (nsid < GL(dl_nns));
1917 /* Look for this name among those already loaded. */
1918 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1920 /* If the requested name matches the soname of a loaded object,
1921 use that object. Elide this check for names that have not
1922 yet been opened. */
1923 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1924 continue;
1925 if (!_dl_name_match_p (name, l))
1927 const char *soname;
1929 if (__glibc_likely (l->l_soname_added)
1930 || l->l_info[DT_SONAME] == NULL)
1931 continue;
1933 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1934 + l->l_info[DT_SONAME]->d_un.d_val);
1935 if (strcmp (name, soname) != 0)
1936 continue;
1938 /* We have a match on a new name -- cache it. */
1939 add_name_to_object (l, soname);
1940 l->l_soname_added = 1;
1943 /* We have a match. */
1944 return l;
1947 /* Display information if we are debugging. */
1948 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1949 && loader != NULL)
1950 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1951 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1952 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1953 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
1955 #ifdef SHARED
1956 /* Give the auditing libraries a chance to change the name before we
1957 try anything. */
1958 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1959 && (loader == NULL || loader->l_auditing == 0))
1961 struct audit_ifaces *afct = GLRO(dl_audit);
1962 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1964 if (afct->objsearch != NULL)
1966 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1967 LA_SER_ORIG);
1968 if (name == NULL)
1970 /* Do not try anything further. */
1971 fd = -1;
1972 goto no_file;
1976 afct = afct->next;
1979 #endif
1981 /* Will be true if we found a DSO which is of the other ELF class. */
1982 bool found_other_class = false;
1984 if (strchr (name, '/') == NULL)
1986 /* Search for NAME in several places. */
1988 size_t namelen = strlen (name) + 1;
1990 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1991 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
1993 fd = -1;
1995 /* When the object has the RUNPATH information we don't use any
1996 RPATHs. */
1997 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
1999 /* This is the executable's map (if there is one). Make sure that
2000 we do not look at it twice. */
2001 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2002 bool did_main_map = false;
2004 /* First try the DT_RPATH of the dependent object that caused NAME
2005 to be loaded. Then that object's dependent, and on up. */
2006 for (l = loader; l; l = l->l_loader)
2007 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2009 fd = open_path (name, namelen, mode,
2010 &l->l_rpath_dirs,
2011 &realname, &fb, loader, LA_SER_RUNPATH,
2012 &found_other_class);
2013 if (fd != -1)
2014 break;
2016 did_main_map |= l == main_map;
2019 /* If dynamically linked, try the DT_RPATH of the executable
2020 itself. NB: we do this for lookups in any namespace. */
2021 if (fd == -1 && !did_main_map
2022 && main_map != NULL && main_map->l_type != lt_loaded
2023 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2024 "RPATH"))
2025 fd = open_path (name, namelen, mode,
2026 &main_map->l_rpath_dirs,
2027 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2028 &found_other_class);
2031 /* Try the LD_LIBRARY_PATH environment variable. */
2032 if (fd == -1 && env_path_list.dirs != (void *) -1)
2033 fd = open_path (name, namelen, mode, &env_path_list,
2034 &realname, &fb,
2035 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2036 LA_SER_LIBPATH, &found_other_class);
2038 /* Look at the RUNPATH information for this binary. */
2039 if (fd == -1 && loader != NULL
2040 && cache_rpath (loader, &loader->l_runpath_dirs,
2041 DT_RUNPATH, "RUNPATH"))
2042 fd = open_path (name, namelen, mode,
2043 &loader->l_runpath_dirs, &realname, &fb, loader,
2044 LA_SER_RUNPATH, &found_other_class);
2046 #ifdef USE_LDCONFIG
2047 if (fd == -1
2048 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2049 || ! __libc_enable_secure)
2050 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2052 /* Check the list of libraries in the file /etc/ld.so.cache,
2053 for compatibility with Linux's ldconfig program. */
2054 char *cached = _dl_load_cache_lookup (name);
2056 if (cached != NULL)
2058 // XXX Correct to unconditionally default to namespace 0?
2059 l = (loader
2060 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2061 # ifdef SHARED
2062 ?: &GL(dl_rtld_map)
2063 # endif
2066 /* If the loader has the DF_1_NODEFLIB flag set we must not
2067 use a cache entry from any of these directories. */
2068 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2070 const char *dirp = system_dirs;
2071 unsigned int cnt = 0;
2075 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2077 /* The prefix matches. Don't use the entry. */
2078 free (cached);
2079 cached = NULL;
2080 break;
2083 dirp += system_dirs_len[cnt] + 1;
2084 ++cnt;
2086 while (cnt < nsystem_dirs_len);
2089 if (cached != NULL)
2091 fd = open_verify (cached,
2092 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2093 LA_SER_CONFIG, mode, &found_other_class,
2094 false);
2095 if (__glibc_likely (fd != -1))
2096 realname = cached;
2097 else
2098 free (cached);
2102 #endif
2104 /* Finally, try the default path. */
2105 if (fd == -1
2106 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2107 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2108 && rtld_search_dirs.dirs != (void *) -1)
2109 fd = open_path (name, namelen, mode, &rtld_search_dirs,
2110 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2112 /* Add another newline when we are tracing the library loading. */
2113 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2114 _dl_debug_printf ("\n");
2116 else
2118 /* The path may contain dynamic string tokens. */
2119 realname = (loader
2120 ? expand_dynamic_string_token (loader, name, 0)
2121 : __strdup (name));
2122 if (realname == NULL)
2123 fd = -1;
2124 else
2126 fd = open_verify (realname, &fb,
2127 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2128 &found_other_class, true);
2129 if (__glibc_unlikely (fd == -1))
2130 free (realname);
2134 #ifdef SHARED
2135 no_file:
2136 #endif
2137 /* In case the LOADER information has only been provided to get to
2138 the appropriate RUNPATH/RPATH information we do not need it
2139 anymore. */
2140 if (mode & __RTLD_CALLMAP)
2141 loader = NULL;
2143 if (__glibc_unlikely (fd == -1))
2145 if (trace_mode
2146 && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0))
2148 /* We haven't found an appropriate library. But since we
2149 are only interested in the list of libraries this isn't
2150 so severe. Fake an entry with all the information we
2151 have. */
2152 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2154 /* Allocate a new object map. */
2155 if ((name_copy = __strdup (name)) == NULL
2156 || (l = _dl_new_object (name_copy, name, type, loader,
2157 mode, nsid)) == NULL)
2159 free (name_copy);
2160 _dl_signal_error (ENOMEM, name, NULL,
2161 N_("cannot create shared object descriptor"));
2163 /* Signal that this is a faked entry. */
2164 l->l_faked = 1;
2165 /* Since the descriptor is initialized with zero we do not
2166 have do this here.
2167 l->l_reserved = 0; */
2168 l->l_buckets = &dummy_bucket;
2169 l->l_nbuckets = 1;
2170 l->l_relocated = 1;
2172 /* Enter the object in the object list. */
2173 _dl_add_to_namespace_list (l, nsid);
2175 return l;
2177 else if (found_other_class)
2178 _dl_signal_error (0, name, NULL,
2179 ELFW(CLASS) == ELFCLASS32
2180 ? N_("wrong ELF class: ELFCLASS64")
2181 : N_("wrong ELF class: ELFCLASS32"));
2182 else
2183 _dl_signal_error (errno, name, NULL,
2184 N_("cannot open shared object file"));
2187 void *stack_end = __libc_stack_end;
2188 return _dl_map_object_from_fd (name, fd, &fb, realname, loader, type, mode,
2189 &stack_end, nsid);
2192 struct add_path_state
2194 bool counting;
2195 unsigned int idx;
2196 Dl_serinfo *si;
2197 char *allocptr;
2200 static void
2201 add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2202 unsigned int flags)
2204 if (sps->dirs != (void *) -1)
2206 struct r_search_path_elem **dirs = sps->dirs;
2209 const struct r_search_path_elem *const r = *dirs++;
2210 if (p->counting)
2212 p->si->dls_cnt++;
2213 p->si->dls_size += MAX (2, r->dirnamelen);
2215 else
2217 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2218 sp->dls_name = p->allocptr;
2219 if (r->dirnamelen < 2)
2220 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2221 else
2222 p->allocptr = __mempcpy (p->allocptr,
2223 r->dirname, r->dirnamelen - 1);
2224 *p->allocptr++ = '\0';
2225 sp->dls_flags = flags;
2228 while (*dirs != NULL);
2232 void
2233 internal_function
2234 _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2236 if (counting)
2238 si->dls_cnt = 0;
2239 si->dls_size = 0;
2242 struct add_path_state p =
2244 .counting = counting,
2245 .idx = 0,
2246 .si = si,
2247 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2250 # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2252 /* When the object has the RUNPATH information we don't use any RPATHs. */
2253 if (loader->l_info[DT_RUNPATH] == NULL)
2255 /* First try the DT_RPATH of the dependent object that caused NAME
2256 to be loaded. Then that object's dependent, and on up. */
2258 struct link_map *l = loader;
2261 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2262 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2263 l = l->l_loader;
2265 while (l != NULL);
2267 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2268 if (loader->l_ns == LM_ID_BASE)
2270 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2271 if (l != NULL && l->l_type != lt_loaded && l != loader)
2272 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2273 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2277 /* Try the LD_LIBRARY_PATH environment variable. */
2278 add_path (&p, &env_path_list, XXX_ENV);
2280 /* Look at the RUNPATH information for this binary. */
2281 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2282 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2284 /* XXX
2285 Here is where ld.so.cache gets checked, but we don't have
2286 a way to indicate that in the results for Dl_serinfo. */
2288 /* Finally, try the default path. */
2289 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2290 add_path (&p, &rtld_search_dirs, XXX_default);
2292 if (counting)
2293 /* Count the struct size before the string area, which we didn't
2294 know before we completed dls_cnt. */
2295 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;