search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
move 32-bit libs to lib/i386 subdirs & 64-bit libs to lib/
[unleashed.git] / usr / src / cmd / sgs / rtld / common / elf.c
blobf2f1d2811bf29ff34e338ec5ec05a1824253a5ab
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1988 AT&T
24 * All Rights Reserved
25 *
26 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
27 */
28 /*
29 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
30 */
31
32 /*
33 * Object file dependent support for ELF objects.
34 */
35
36 #include <stdio.h>
37 #include <sys/procfs.h>
38 #include <sys/mman.h>
39 #include <sys/debug.h>
40 #include <string.h>
41 #include <limits.h>
42 #include <dlfcn.h>
43 #include <debug.h>
44 #include <conv.h>
45 #include "_rtld.h"
46 #include "_audit.h"
47 #include "_elf.h"
48 #include "_inline_gen.h"
49 #include "_inline_reloc.h"
50 #include "msg.h"
51
52 /*
53 * Default and secure dependency search paths.
54 */
55 static Spath_defn _elf_def_dirs[] = {
56 #if defined(_ELF64)
57 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE },
58 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE },
59 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE },
60 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE },
61 #else
62 { MSG_ORIG(MSG_PTH_LIB_32), MSG_PTH_LIB_32_SIZE },
63 { MSG_ORIG(MSG_PTH_USRLIB_32), MSG_PTH_USRLIB_32_SIZE },
64 #endif
65 { 0, 0 }
66 };
67
68 static Spath_defn _elf_sec_dirs[] = {
69 #if defined(_ELF64)
70 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE },
71 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE },
72 #else
73 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE },
74 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE },
75 #endif
76 { 0, 0 }
77 };
78
79 Alist *elf_def_dirs = NULL;
80 Alist *elf_sec_dirs = NULL;
81
82 /*
83 * Defines for local functions.
84 */
85 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
86 static Addr elf_entry_point(void);
87 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t);
88 static Alist **elf_get_def_dirs(void);
89 static Alist **elf_get_sec_dirs(void);
90 static char *elf_get_so(const char *, const char *, size_t, size_t);
91 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *);
92
93 /*
94 * Functions and data accessed through indirect pointers.
95 */
96 Fct elf_fct = {
97 elf_verify,
98 elf_new_lmp,
99 elf_entry_point,
100 elf_needed,
101 lookup_sym,
102 elf_reloc,
103 elf_get_def_dirs,
104 elf_get_sec_dirs,
105 elf_fix_name,
106 elf_get_so,
107 elf_dladdr,
108 dlsym_handle
109 };
110
111 /*
112 * Default and secure dependency search paths.
113 */
114 static Alist **
115 elf_get_def_dirs()
116 {
117 if (elf_def_dirs == NULL)
118 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT);
119 return (&elf_def_dirs);
120 }
121
122 static Alist **
123 elf_get_sec_dirs()
124 {
125 if (elf_sec_dirs == NULL)
126 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE);
127 return (&elf_sec_dirs);
128 }
129
130 /*
131 * Redefine NEEDED name if necessary.
132 */
133 static int
134 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni,
135 uint_t orig)
136 {
137 /*
138 * For ABI compliance, if we are asked for ld.so.1, then really give
139 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1).
140 */
141 if (((*name == '/') &&
142 /* BEGIN CSTYLED */
143 #if defined(_ELF64)
144 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) ||
145 #else
146 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) ||
147 #endif
148 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) {
149 /* END CSTYLED */
150 Pdesc *pdp;
151
152 DBG_CALL(Dbg_file_fixname(LIST(clmp), name,
153 MSG_ORIG(MSG_PTH_LIBSYS)));
154 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc),
155 alni)) == NULL)
156 return (0);
157
158 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS);
159 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE;
160 pdp->pd_flags = PD_FLG_PNSLASH;
161
162 return (1);
163 }
164
165 return (expand_paths(clmp, name, alpp, alni, orig, 0));
166 }
167
168 /*
169 * Determine whether this object requires capabilities.
170 */
171 inline static int
172 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej)
173 {
174 Phdr *phdr;
175 Cap *cap = NULL;
176 Dyn *dyn = NULL;
177 char *str = NULL;
178 Addr base;
179 uint_t cnt, dyncnt;
180
181 /*
182 * If this is a shared object, the base address of the shared object is
183 * added to all address values defined within the object. Otherwise, if
184 * this is an executable, all object addresses are used as is.
185 */
186 if (ehdr->e_type == ET_EXEC)
187 base = 0;
188 else
189 base = (Addr)ehdr;
190
191 /* LINTED */
192 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff);
193 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) {
194 if (phdr->p_type == PT_DYNAMIC) {
195 /* LINTED */
196 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
197 dyncnt = phdr->p_filesz / sizeof (Dyn);
198 } else if (phdr->p_type == PT_SUNWCAP) {
199 /* LINTED */
200 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
201 }
202 }
203
204 if (cap) {
205 /*
206 * From the .dynamic section, determine the associated string
207 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT
208 * processing.
209 */
210 while (dyn && dyncnt) {
211 if (dyn->d_tag == DT_NULL) {
212 break;
213 } else if (dyn->d_tag == DT_STRTAB) {
214 str = (char *)(dyn->d_un.d_ptr + base);
215 break;
216 }
217 dyn++, dyncnt--;
218 }
219 }
220
221 /*
222 * Establish any alternative capabilities, and validate this object
223 * if it defines it's own capabilities information.
224 */
225 return (cap_check_fdesc(fdp, cap, str, rej));
226 }
227
228 /*
229 * Determine if we have been given an ELF file and if so determine if the file
230 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor
231 * with associated error information.
232 */
233 Fct *
234 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name,
235 Rej_desc *rej)
236 {
237 Ehdr *ehdr;
238 char *caddr = (char *)addr;
239
240 /*
241 * Determine if we're an elf file. If not simply return, we don't set
242 * any rejection information as this test allows use to scroll through
243 * the objects we support (ELF, AOUT).
244 */
245 if (size < sizeof (Ehdr) ||
246 caddr[EI_MAG0] != ELFMAG0 ||
247 caddr[EI_MAG1] != ELFMAG1 ||
248 caddr[EI_MAG2] != ELFMAG2 ||
249 caddr[EI_MAG3] != ELFMAG3) {
250 return (NULL);
251 }
252
253 /*
254 * Check class and encoding.
255 */
256 /* LINTED */
257 ehdr = (Ehdr *)addr;
258 if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
259 rej->rej_type = SGS_REJ_CLASS;
260 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
261 return (NULL);
262 }
263 if (ehdr->e_ident[EI_DATA] != M_DATA) {
264 rej->rej_type = SGS_REJ_DATA;
265 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
266 return (NULL);
267 }
268 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
269 (ehdr->e_type != ET_DYN)) {
270 rej->rej_type = SGS_REJ_TYPE;
271 rej->rej_info = (uint_t)ehdr->e_type;
272 return (NULL);
273 }
274
275 /*
276 * Verify ELF version.
277 */
278 if (ehdr->e_version > EV_CURRENT) {
279 rej->rej_type = SGS_REJ_VERSION;
280 rej->rej_info = (uint_t)ehdr->e_version;
281 return (NULL);
282 }
283
284 /*
285 * Verify machine specific flags.
286 */
287 if (elf_mach_flags_check(rej, ehdr) == 0)
288 return (NULL);
289
290 /*
291 * Verify any capability requirements. Note, if this object is a shared
292 * object that is explicitly defined on the ldd(1) command line, and it
293 * contains an incompatible capabilities requirement, then inform the
294 * user, but continue processing.
295 */
296 if (elf_cap_check(fdp, ehdr, rej) == 0) {
297 Rt_map *lmp = lml_main.lm_head;
298
299 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp &&
300 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) {
301 /* LINTED */
302 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name,
303 rej->rej_str);
304 return (&elf_fct);
305 }
306 return (NULL);
307 }
308 return (&elf_fct);
309 }
310
311 /*
312 * The runtime linker employs lazy loading to provide the libraries needed for
313 * debugging, preloading .o's and dldump(). As these are seldom used, the
314 * standard startup of ld.so.1 doesn't initialize all the information necessary
315 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading
316 * is called we get here to perform these initializations:
317 *
318 * - elf_needed() is called to establish any ld.so.1 dependencies. These
319 * dependencies should all be lazy loaded, so this routine is typically a
320 * no-op. However, we call elf_needed() for completeness, in case any
321 * NEEDED initialization is required.
322 *
323 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These
324 * are by default skipped thus delaying all relative relocation processing
325 * on every invocation of ld.so.1.
326 */
327 int
328 elf_rtld_load()
329 {
330 Lm_list *lml = &lml_rtld;
331 Rt_map *lmp = lml->lm_head;
332
333 if (lml->lm_flags & LML_FLG_PLTREL)
334 return (1);
335
336 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0)
337 return (0);
338
339 #if defined(__i386)
340 /*
341 * This is a kludge to give ld.so.1 a performance benefit on i386.
342 * It's based around two factors.
343 *
344 * - JMPSLOT relocations (PLT's) actually need a relative relocation
345 * applied to the GOT entry so that they can find PLT0.
346 *
347 * - ld.so.1 does not exercise *any* PLT's before it has made a call
348 * to elf_lazy_load(). This is because all dynamic dependencies
349 * are recorded as lazy dependencies.
350 */
351 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp),
352 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
353 (ulong_t)ADDR(lmp), lmp, NULL, 0);
354 #endif
355 lml->lm_flags |= LML_FLG_PLTREL;
356 return (1);
357 }
358
359 /*
360 * Lazy load an object.
361 */
362 Rt_map *
363 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym,
364 uint_t flags, Grp_hdl **hdl, int *in_nfavl)
365 {
366 Alist *palp = NULL;
367 Rt_map *nlmp;
368 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip;
369 const char *name;
370 Lm_list *lml = LIST(clmp);
371 Aliste lmco;
372
373 /*
374 * If this dependency should be ignored, or has already been processed,
375 * we're done.
376 */
377 if (((nlmp = (Rt_map *)dip->di_info) != NULL) ||
378 (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE)))
379 return (nlmp);
380
381 /*
382 * If we're running under ldd(1), indicate that this dependency has been
383 * processed (see test above). It doesn't matter whether the object is
384 * successfully loaded or not, this flag simply ensures that we don't
385 * repeatedly attempt to load an object that has already failed to load.
386 * To do so would create multiple failure diagnostics for the same
387 * object under ldd(1).
388 */
389 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
390 dip->di_flags |= FLG_DI_LDD_DONE;
391
392 /*
393 * Determine the initial dependency name.
394 */
395 name = dip->di_name;
396 DBG_CALL(Dbg_file_lazyload(clmp, name, sym));
397
398 /*
399 * If this object needs to establish its own group, make sure a handle
400 * is created.
401 */
402 if (dip->di_flags & FLG_DI_GROUP)
403 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
404
405 /*
406 * Lazy dependencies are identified as DT_NEEDED entries with a
407 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The
408 * dynamic information element that corresponds to the DT_POSFLAG_1
409 * entry is free, and thus used to store the present entrance
410 * identifier. This identifier is used to prevent multiple attempts to
411 * load a failed lazy loadable dependency within the same runtime linker
412 * operation. However, future attempts to reload this dependency are
413 * still possible.
414 */
415 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1))
416 pdip->di_info = (void *)slp->sl_id;
417
418 /*
419 * Expand the requested name if necessary.
420 */
421 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0)
422 return (NULL);
423
424 /*
425 * Establish a link-map control list for this request.
426 */
427 if ((lmco = create_cntl(lml, 0)) == 0) {
428 remove_alist(&palp, 1);
429 return (NULL);
430 }
431
432 /*
433 * Load the associated object.
434 */
435 dip->di_info = nlmp =
436 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl);
437
438 /*
439 * Remove any expanded pathname infrastructure. Reduce the pending lazy
440 * dependency count of the caller, together with the link-map lists
441 * count of objects that still have lazy dependencies pending.
442 */
443 remove_alist(&palp, 1);
444 if (--LAZY(clmp) == 0)
445 LIST(clmp)->lm_lazy--;
446
447 /*
448 * Finish processing the objects associated with this request, and
449 * create an association between the caller and this dependency.
450 */
451 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) ||
452 ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) ||
453 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0)))
454 dip->di_info = nlmp = NULL;
455
456 /*
457 * If this lazyload has failed, and we've created a new link-map
458 * control list to which this request has added objects, then remove
459 * all the objects that have been associated to this request.
460 */
461 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
462 remove_lmc(lml, clmp, lmco, name);
463
464 /*
465 * Remove any temporary link-map control list.
466 */
467 if (lmco != ALIST_OFF_DATA)
468 remove_cntl(lml, lmco);
469
470 /*
471 * If this lazy loading failed, record the fact, and bump the lazy
472 * counts.
473 */
474 if (nlmp == NULL) {
475 dip->di_flags |= FLG_DI_LAZYFAIL;
476 if (LAZY(clmp)++ == 0)
477 LIST(clmp)->lm_lazy++;
478 }
479
480 return (nlmp);
481 }
482
483 /*
484 * Return the entry point of the ELF executable.
485 */
486 static Addr
487 elf_entry_point(void)
488 {
489 Rt_map *lmp = lml_main.lm_head;
490 Ehdr *ehdr = (Ehdr *)ADDR(lmp);
491 Addr addr = (Addr)(ehdr->e_entry);
492
493 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0)
494 addr += ADDR(lmp);
495
496 return (addr);
497 }
498
499 /*
500 * Determine if a dependency requires a particular version and if so verify
501 * that the version exists in the dependency.
502 */
503 int
504 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
505 {
506 Verneed *vnd = VERNEED(clmp);
507 int _num, num = VERNEEDNUM(clmp);
508 char *cstrs = (char *)STRTAB(clmp);
509 Lm_list *lml = LIST(clmp);
510
511 /*
512 * Traverse the callers version needed information and determine if any
513 * specific versions are required from the dependency.
514 */
515 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp)));
516 for (_num = 1; _num <= num; _num++,
517 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
518 Half cnt = vnd->vn_cnt;
519 Vernaux *vnap;
520 char *nstrs, *need;
521
522 /*
523 * Determine if a needed entry matches this dependency.
524 */
525 need = (char *)(cstrs + vnd->vn_file);
526 if (strcmp(name, need) != 0)
527 continue;
528
529 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
530 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
531 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
532
533 /*
534 * Validate that each version required actually exists in the
535 * dependency.
536 */
537 nstrs = (char *)STRTAB(nlmp);
538
539 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
540 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
541 char *version, *define;
542 Verdef *vdf = VERDEF(nlmp);
543 ulong_t _num, num = VERDEFNUM(nlmp);
544 int found = 0;
545
546 /*
547 * Skip validation of versions that are marked
548 * INFO. This optimization is used for versions
549 * that are inherited by another version. Verification
550 * of the inheriting version is sufficient.
551 *
552 * Such versions are recorded in the object for the
553 * benefit of VERSYM entries that refer to them. This
554 * provides a purely diagnostic benefit.
555 */
556 if (vnap->vna_flags & VER_FLG_INFO)
557 continue;
558
559 version = (char *)(cstrs + vnap->vna_name);
560 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version));
561
562 for (_num = 1; _num <= num; _num++,
563 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
564 Verdaux *vdap;
565
566 if (vnap->vna_hash != vdf->vd_hash)
567 continue;
568
569 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
570 define = (char *)(nstrs + vdap->vda_name);
571 if (strcmp(version, define) != 0)
572 continue;
573
574 found++;
575 break;
576 }
577
578 /*
579 * If we're being traced print out any matched version
580 * when the verbose (-v) option is in effect. Always
581 * print any unmatched versions.
582 */
583 if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
584 /* BEGIN CSTYLED */
585 if (found) {
586 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
587 continue;
588
589 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
590 need, version, NAME(nlmp));
591 } else {
592 if (rtld_flags & RT_FL_SILENCERR)
593 continue;
594
595 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
596 need, version);
597 }
598 /* END CSTYLED */
599 continue;
600 }
601
602 /*
603 * If the version hasn't been found then this is a
604 * candidate for a fatal error condition. Weak
605 * version definition requirements are silently
606 * ignored. Also, if the image inspected for a version
607 * definition has no versioning recorded at all then
608 * silently ignore this (this provides better backward
609 * compatibility to old images created prior to
610 * versioning being available). Both of these skipped
611 * diagnostics are available under tracing (see above).
612 */
613 if ((found == 0) && (num != 0) &&
614 (!(vnap->vna_flags & VER_FLG_WEAK))) {
615 eprintf(lml, ERR_FATAL,
616 MSG_INTL(MSG_VER_NFOUND), need, version,
617 NAME(clmp));
618 return (0);
619 }
620 }
621 }
622 DBG_CALL(Dbg_ver_need_done(lml));
623 return (1);
624 }
625
626 /*
627 * Search through the dynamic section for DT_NEEDED entries and perform one
628 * of two functions. If only the first argument is specified then load the
629 * defined shared object, otherwise add the link map representing the defined
630 * link map the the dlopen list.
631 */
632 static int
633 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl)
634 {
635 Alist *palp = NULL;
636 Dyn *dyn;
637 Dyninfo *dip;
638 Word lmflags = lml->lm_flags;
639
640 /*
641 * A DYNINFO() structure is created during link-map generation that
642 * parallels the DYN() information, and defines any flags that
643 * influence a dependencies loading.
644 */
645 for (dyn = DYN(clmp), dip = DYNINFO(clmp);
646 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
647 uint_t flags = 0, silent = 0;
648 const char *name = dip->di_name;
649 Rt_map *nlmp = NULL;
650
651 if ((dip->di_flags & FLG_DI_NEEDED) == 0)
652 continue;
653
654 /*
655 * Skip any deferred dependencies, unless ldd(1) has forced
656 * their processing. By default, deferred dependencies are
657 * only processed when an explicit binding to an individual
658 * deferred reference is made.
659 */
660 if ((dip->di_flags & FLG_DI_DEFERRED) &&
661 ((rtld_flags & RT_FL_DEFERRED) == 0))
662 continue;
663
664 /*
665 * NOTE, libc.so.1 can't be lazy loaded. Although a lazy
666 * position flag won't be produced when a RTLDINFO .dynamic
667 * entry is found (introduced with the UPM in Solaris 10), it
668 * was possible to mark libc for lazy loading on previous
669 * releases. To reduce the overhead of testing for this
670 * occurrence, only carry out this check for the first object
671 * on the link-map list (there aren't many applications built
672 * without libc).
673 */
674 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) &&
675 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
676 dip->di_flags &= ~FLG_DI_LAZY;
677
678 /*
679 * Don't bring in lazy loaded objects yet unless we've been
680 * asked to attempt to load all available objects (crle(1) sets
681 * LD_FLAGS=loadavail). Even under RTLD_NOW we don't process
682 * this - RTLD_NOW will cause relocation processing which in
683 * turn might trigger lazy loading, but its possible that the
684 * object has a lazy loaded file with no bindings (i.e., it
685 * should never have been a dependency in the first place).
686 */
687 if (dip->di_flags & FLG_DI_LAZY) {
688 if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
689 LAZY(clmp)++;
690 continue;
691 }
692
693 /*
694 * Silence any error messages - see description under
695 * elf_lookup_filtee().
696 */
697 if ((rtld_flags & RT_FL_SILENCERR) == 0) {
698 rtld_flags |= RT_FL_SILENCERR;
699 silent = 1;
700 }
701 }
702
703 DBG_CALL(Dbg_file_needed(clmp, name));
704
705 /*
706 * If we're running under ldd(1), indicate that this dependency
707 * has been processed. It doesn't matter whether the object is
708 * successfully loaded or not, this flag simply ensures that we
709 * don't repeatedly attempt to load an object that has already
710 * failed to load. To do so would create multiple failure
711 * diagnostics for the same object under ldd(1).
712 */
713 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
714 dip->di_flags |= FLG_DI_LDD_DONE;
715
716 /*
717 * Identify any group permission requirements.
718 */
719 if (dip->di_flags & FLG_DI_GROUP)
720 flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
721
722 /*
723 * Establish the objects name, load it and establish a binding
724 * with the caller.
725 */
726 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) ||
727 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp),
728 flags, 0, in_nfavl)) == NULL) ||
729 (bind_one(clmp, nlmp, BND_NEEDED) == 0))
730 nlmp = NULL;
731
732 /*
733 * Clean up any infrastructure, including the removal of the
734 * error suppression state, if it had been previously set in
735 * this routine.
736 */
737 remove_alist(&palp, 0);
738
739 if (silent)
740 rtld_flags &= ~RT_FL_SILENCERR;
741
742 if ((dip->di_info = (void *)nlmp) == NULL) {
743 /*
744 * If the object could not be mapped, continue if error
745 * suppression is established or we're here with ldd(1).
746 */
747 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
748 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
749 continue;
750 else {
751 remove_alist(&palp, 1);
752 return (0);
753 }
754 }
755 }
756
757 if (LAZY(clmp))
758 lml->lm_lazy++;
759
760 remove_alist(&palp, 1);
761 return (1);
762 }
763
764 /*
765 * A null symbol interpretor. Used if a filter has no associated filtees.
766 */
767 /* ARGSUSED0 */
768 static int
769 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
770 {
771 return (0);
772 }
773
774 /*
775 * Disable filtee use.
776 */
777 static void
778 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip)
779 {
780 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
781 /*
782 * If this is an object filter, null out the reference name.
783 */
784 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
785 REFNAME(lmp) = NULL;
786 OBJFLTRNDX(lmp) = FLTR_DISABLED;
787
788 /*
789 * Indicate that this filtee is no longer available.
790 */
791 if (dip->di_flags & FLG_DI_STDFLTR)
792 SYMINTP(lmp) = elf_null_find_sym;
793
794 }
795 } else if (dip->di_flags & FLG_DI_STDFLTR) {
796 /*
797 * Indicate that this standard filtee is no longer available.
798 */
799 if (SYMSFLTRCNT(lmp))
800 SYMSFLTRCNT(lmp)--;
801 } else {
802 /*
803 * Indicate that this auxiliary filtee is no longer available.
804 */
805 if (SYMAFLTRCNT(lmp))
806 SYMAFLTRCNT(lmp)--;
807 }
808 dip->di_flags &= ~MSK_DI_FILTER;
809 }
810
811 /*
812 * Find symbol interpreter - filters.
813 * This function is called when the symbols from a shared object should
814 * be resolved from the shared objects filtees instead of from within itself.
815 *
816 * A symbol name of 0 is used to trigger filtee loading.
817 */
818 static int
819 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
820 int *in_nfavl)
821 {
822 const char *name = slp->sl_name, *filtees;
823 Rt_map *clmp = slp->sl_cmap;
824 Rt_map *ilmp = slp->sl_imap;
825 Pdesc *pdp;
826 int any;
827 Dyninfo *dip = &DYNINFO(ilmp)[ndx];
828 Lm_list *lml = LIST(ilmp);
829 Aliste idx;
830
831 /*
832 * Indicate that the filter has been used. If a binding already exists
833 * to the caller, indicate that this object is referenced. This insures
834 * we don't generate false unreferenced diagnostics from ldd -u/U or
835 * debugging. Don't create a binding regardless, as this filter may
836 * have been dlopen()'ed.
837 */
838 if (name && (ilmp != clmp)) {
839 Word tracing = (LIST(clmp)->lm_flags &
840 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
841
842 if (tracing || DBG_ENABLED) {
843 Bnd_desc *bdp;
844 Aliste idx;
845
846 FLAGS1(ilmp) |= FL1_RT_USED;
847
848 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) {
849 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) {
850 if (bdp->b_caller == clmp) {
851 bdp->b_flags |= BND_REFER;
852 break;
853 }
854 }
855 }
856 }
857 }
858
859 /*
860 * If this is the first call to process this filter, establish the
861 * filtee list. If a configuration file exists, determine if any
862 * filtee associations for this filter, and its filtee reference, are
863 * defined. Otherwise, process the filtee reference. Any token
864 * expansion is also completed at this point (i.e., $PLATFORM).
865 */
866 filtees = dip->di_name;
867 if (dip->di_info == NULL) {
868 if (rtld_flags2 & RT_FL2_FLTCFG) {
869 elf_config_flt(lml, PATHNAME(ilmp), filtees,
870 (Alist **)&dip->di_info, AL_CNT_FILTEES);
871 }
872 if (dip->di_info == NULL) {
873 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0));
874 if ((lml->lm_flags &
875 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
876 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
877 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
878 NAME(ilmp), filtees);
879
880 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info,
881 AL_CNT_FILTEES, 0, 0) == 0) {
882 elf_disable_filtee(ilmp, dip);
883 return (0);
884 }
885 }
886 }
887
888 /*
889 * Traverse the filtee list, dlopen()'ing any objects specified and
890 * using their group handle to lookup the symbol.
891 */
892 any = 0;
893 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) {
894 int mode;
895 Grp_hdl *ghp;
896 Rt_map *nlmp = NULL;
897
898 if (pdp->pd_plen == 0)
899 continue;
900
901 /*
902 * Establish the mode of the filtee from the filter. As filtees
903 * are loaded via a dlopen(), make sure that RTLD_GROUP is set
904 * and the filtees aren't global. It would be nice to have
905 * RTLD_FIRST used here also, but as filters got out long before
906 * RTLD_FIRST was introduced it's a little too late now.
907 */
908 mode = MODE(ilmp) | RTLD_GROUP;
909 mode &= ~RTLD_GLOBAL;
910
911 /*
912 * Insure that any auxiliary filter can locate symbols from its
913 * caller.
914 */
915 if (dip->di_flags & FLG_DI_AUXFLTR)
916 mode |= RTLD_PARENT;
917
918 /*
919 * Process any capability directory. Establish a new link-map
920 * control list from which to analyze any newly added objects.
921 */
922 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) {
923 const char *dir = pdp->pd_pname;
924 Aliste lmco;
925
926 /*
927 * Establish a link-map control list for this request.
928 */
929 if ((lmco = create_cntl(lml, 0)) == 0)
930 return (0);
931
932 /*
933 * Determine the capability filtees. If none can be
934 * found, provide suitable diagnostics.
935 */
936 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp));
937 if (cap_filtees((Alist **)&dip->di_info, idx, dir,
938 lmco, ilmp, clmp, filtees, mode,
939 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) {
940 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
941 (dip->di_flags & FLG_DI_AUXFLTR) &&
942 (rtld_flags & RT_FL_WARNFLTR)) {
943 (void) printf(
944 MSG_INTL(MSG_LDD_CAP_NFOUND), dir);
945 }
946 DBG_CALL(Dbg_cap_filter(lml, dir, 0));
947 }
948
949 /*
950 * Re-establish the originating path name descriptor,
951 * as the expansion of capabilities filtees may have
952 * re-allocated the controlling Alist. Mark this
953 * original pathname descriptor as unused so that the
954 * descriptor isn't revisited for processing. Any real
955 * capabilities filtees have been added as new pathname
956 * descriptors following this descriptor.
957 */
958 pdp = alist_item((Alist *)dip->di_info, idx);
959 pdp->pd_flags &= ~PD_TKN_CAP;
960 pdp->pd_plen = 0;
961
962 /*
963 * Now that any capability objects have been processed,
964 * remove any temporary link-map control list.
965 */
966 if (lmco != ALIST_OFF_DATA)
967 remove_cntl(lml, lmco);
968 }
969
970 if (pdp->pd_plen == 0)
971 continue;
972
973 /*
974 * Process an individual filtee.
975 */
976 if (pdp->pd_info == NULL) {
977 const char *filtee = pdp->pd_pname;
978 int audit = 0;
979
980 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0));
981
982 ghp = NULL;
983
984 /*
985 * Determine if the reference link map is already
986 * loaded. As an optimization compare the filtee with
987 * our interpretor. The most common filter is
988 * libdl.so.1, which is a filter on ld.so.1.
989 */
990 #if defined(_ELF64)
991 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
992 #else
993 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
994 #endif
995 uint_t hflags, rdflags, cdflags;
996
997 /*
998 * Establish any flags for the handle (Grp_hdl).
999 *
1000 * - This is a special, public, ld.so.1
1001 * handle.
1002 * - Only the first object on this handle
1003 * can supply symbols.
1004 * - This handle provides a filtee.
1005 *
1006 * Essentially, this handle allows a caller to
1007 * reference the dl*() family of interfaces from
1008 * ld.so.1.
1009 */
1010 hflags = (GPH_PUBLIC | GPH_LDSO |
1011 GPH_FIRST | GPH_FILTEE);
1012
1013 /*
1014 * Establish the flags for the referenced
1015 * dependency descriptor (Grp_desc).
1016 *
1017 * - ld.so.1 is available for dlsym().
1018 * - ld.so.1 is available to relocate
1019 * against.
1020 * - There's no need to add an dependencies
1021 * to this handle.
1022 */
1023 rdflags = (GPD_DLSYM | GPD_RELOC);
1024
1025 /*
1026 * Establish the flags for this callers
1027 * dependency descriptor (Grp_desc).
1028 *
1029 * - The explicit creation of a handle
1030 * creates a descriptor for the referenced
1031 * object and the parent (caller).
1032 */
1033 cdflags = GPD_PARENT;
1034
1035 nlmp = lml_rtld.lm_head;
1036 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1037 hflags, rdflags, cdflags)) == NULL)
1038 nlmp = NULL;
1039
1040 /*
1041 * Establish the filter handle to prevent any
1042 * recursion.
1043 */
1044 if (nlmp && ghp)
1045 pdp->pd_info = (void *)ghp;
1046
1047 /*
1048 * Audit the filter/filtee established. Ignore
1049 * any return from the auditor, as we can't
1050 * allow ignore filtering to ld.so.1, otherwise
1051 * nothing is going to work.
1052 */
1053 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) &
1054 LML_TFLG_AUD_OBJFILTER))
1055 (void) audit_objfilter(ilmp, filtees,
1056 nlmp, 0);
1057
1058 } else {
1059 Rej_desc rej = { 0 };
1060 Fdesc fd = { 0 };
1061 Aliste lmco;
1062
1063 /*
1064 * Trace the inspection of this file, determine
1065 * any auditor substitution, and seed the file
1066 * descriptor with the originating name.
1067 */
1068 if (load_trace(lml, pdp, clmp, &fd) == NULL)
1069 continue;
1070
1071 /*
1072 * Establish a link-map control list for this
1073 * request.
1074 */
1075 if ((lmco = create_cntl(lml, 0)) == 0)
1076 return (0);
1077
1078 /*
1079 * Locate and load the filtee.
1080 */
1081 if ((nlmp = load_path(lml, lmco, ilmp, mode,
1082 FLG_RT_PUBHDL, &ghp, &fd, &rej,
1083 in_nfavl)) == NULL)
1084 file_notfound(LIST(ilmp), filtee, ilmp,
1085 FLG_RT_PUBHDL, &rej);
1086
1087 filtee = pdp->pd_pname;
1088
1089 /*
1090 * Establish the filter handle to prevent any
1091 * recursion.
1092 */
1093 if (nlmp && ghp) {
1094 ghp->gh_flags |= GPH_FILTEE;
1095 pdp->pd_info = (void *)ghp;
1096
1097 FLAGS1(nlmp) |= FL1_RT_USED;
1098 }
1099
1100 /*
1101 * Audit the filter/filtee established. A
1102 * return of 0 indicates the auditor wishes to
1103 * ignore this filtee.
1104 */
1105 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1106 LML_TFLG_AUD_OBJFILTER)) {
1107 if (audit_objfilter(ilmp, filtees,
1108 nlmp, 0) == 0) {
1109 audit = 1;
1110 nlmp = NULL;
1111 }
1112 }
1113
1114 /*
1115 * Finish processing the objects associated with
1116 * this request. Create an association between
1117 * this object and the originating filter to
1118 * provide sufficient information to tear down
1119 * this filtee if necessary.
1120 */
1121 if (nlmp && ghp && (((nlmp = analyze_lmc(lml,
1122 lmco, nlmp, clmp, in_nfavl)) == NULL) ||
1123 (relocate_lmc(lml, lmco, ilmp, nlmp,
1124 in_nfavl) == 0)))
1125 nlmp = NULL;
1126
1127 /*
1128 * If the filtee has been successfully
1129 * processed, then create an association
1130 * between the filter and filtee. This
1131 * association provides sufficient information
1132 * to tear down the filter and filtee if
1133 * necessary.
1134 */
1135 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD));
1136 if (nlmp && ghp && (hdl_add(ghp, ilmp,
1137 GPD_FILTER, NULL) == NULL))
1138 nlmp = NULL;
1139
1140 /*
1141 * Generate a diagnostic if the filtee couldn't
1142 * be loaded.
1143 */
1144 if (nlmp == NULL)
1145 DBG_CALL(Dbg_file_filtee(lml, 0, filtee,
1146 audit));
1147
1148 /*
1149 * If this filtee loading has failed, and we've
1150 * created a new link-map control list to which
1151 * this request has added objects, then remove
1152 * all the objects that have been associated to
1153 * this request.
1154 */
1155 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
1156 remove_lmc(lml, clmp, lmco, name);
1157
1158 /*
1159 * Remove any temporary link-map control list.
1160 */
1161 if (lmco != ALIST_OFF_DATA)
1162 remove_cntl(lml, lmco);
1163 }
1164
1165 /*
1166 * If the filtee couldn't be loaded, null out the
1167 * path name descriptor entry, and continue the search.
1168 * Otherwise, the group handle is retained for future
1169 * symbol searches.
1170 */
1171 if (nlmp == NULL) {
1172 pdp->pd_info = NULL;
1173 pdp->pd_plen = 0;
1174 continue;
1175 }
1176 }
1177
1178 ghp = (Grp_hdl *)pdp->pd_info;
1179
1180 /*
1181 * If name is NULL, we're here to trigger filtee loading.
1182 * Skip the symbol lookup so that we'll continue looking for
1183 * additional filtees.
1184 */
1185 if (name) {
1186 Grp_desc *gdp;
1187 int ret = 0;
1188 Aliste idx;
1189 Slookup sl = *slp;
1190
1191 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM);
1192 any++;
1193
1194 /*
1195 * Look for the symbol in the handles dependencies.
1196 */
1197 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) {
1198 if ((gdp->gd_flags & GPD_DLSYM) == 0)
1199 continue;
1200
1201 /*
1202 * If our parent is a dependency don't look at
1203 * it (otherwise we are in a recursive loop).
1204 * This situation can occur with auxiliary
1205 * filters if the filtee has a dependency on the
1206 * filter. This dependency isn't necessary as
1207 * auxiliary filters are opened RTLD_PARENT, but
1208 * users may still unknowingly add an explicit
1209 * dependency to the parent.
1210 */
1211 if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1212 continue;
1213
1214 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo,
1215 in_nfavl)) != 0) ||
1216 (ghp->gh_flags & GPH_FIRST))
1217 break;
1218 }
1219
1220 /*
1221 * If a symbol has been found, indicate the binding
1222 * and return the symbol.
1223 */
1224 if (ret) {
1225 *binfo |= DBG_BINFO_FILTEE;
1226 return (1);
1227 }
1228 }
1229
1230 /*
1231 * If this object is tagged to terminate filtee processing we're
1232 * done.
1233 */
1234 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE)
1235 break;
1236 }
1237
1238 /*
1239 * If we're just here to trigger filtee loading then we're done.
1240 */
1241 if (name == NULL)
1242 return (0);
1243
1244 /*
1245 * If no filtees have been found for a filter, clean up any path name
1246 * descriptors and disable their search completely. For auxiliary
1247 * filters we can reselect the symbol search function so that we never
1248 * enter this routine again for this object. For standard filters we
1249 * use the null symbol routine.
1250 */
1251 if (any == 0) {
1252 remove_alist((Alist **)&(dip->di_info), 1);
1253 elf_disable_filtee(ilmp, dip);
1254 }
1255
1256 return (0);
1257 }
1258
1259 /*
1260 * Focal point for disabling error messages for auxiliary filters. As an
1261 * auxiliary filter allows for filtee use, but provides a fallback should a
1262 * filtee not exist (or fail to load), any errors generated as a consequence of
1263 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR
1264 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is
1265 * produced. ldd(1) employs printf(), and here the selection of whether to
1266 * print a diagnostic in regards to auxiliary filters is a little more complex.
1267 *
1268 * - The determination of whether to produce an ldd message, or a fatal
1269 * error message is driven by LML_FLG_TRC_ENABLE.
1270 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1271 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1272 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1273 * - If the calling object is lddstub, then several classes of message are
1274 * suppressed. The user isn't trying to diagnose lddstub, this is simply
1275 * a stub executable employed to preload a user specified library against.
1276 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1277 * be suppressed. All detailed ldd messages should still be produced.
1278 */
1279 int
1280 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
1281 int *in_nfavl)
1282 {
1283 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx];
1284 int ret, silent = 0;
1285
1286 /*
1287 * Make sure this entry is still acting as a filter. We may have tried
1288 * to process this previously, and disabled it if the filtee couldn't
1289 * be processed. However, other entries may provide different filtees
1290 * that are yet to be completed.
1291 */
1292 if (dip->di_flags == 0)
1293 return (0);
1294
1295 /*
1296 * Indicate whether an error message is required should this filtee not
1297 * be found, based on the type of filter.
1298 */
1299 if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1300 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1301 rtld_flags |= RT_FL_SILENCERR;
1302 silent = 1;
1303 }
1304
1305 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl);
1306
1307 if (silent)
1308 rtld_flags &= ~RT_FL_SILENCERR;
1309
1310 return (ret);
1311 }
1312
1313 /*
1314 * Compute the elf hash value (as defined in the ELF access library).
1315 * The form of the hash table is:
1316 *
1317 * |--------------|
1318 * | # of buckets |
1319 * |--------------|
1320 * | # of chains |
1321 * |--------------|
1322 * | bucket[] |
1323 * |--------------|
1324 * | chain[] |
1325 * |--------------|
1326 */
1327 ulong_t
1328 elf_hash(const char *name)
1329 {
1330 uint_t hval = 0;
1331
1332 while (*name) {
1333 uint_t g;
1334 hval = (hval << 4) + *name++;
1335 if ((g = (hval & 0xf0000000)) != 0)
1336 hval ^= g >> 24;
1337 hval &= ~g;
1338 }
1339 return ((ulong_t)hval);
1340 }
1341
1342 /*
1343 * Look up a symbol. The callers lookup information is passed in the Slookup
1344 * structure, and any resultant binding information is returned in the Sresult
1345 * structure.
1346 */
1347 int
1348 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
1349 {
1350 const char *name = slp->sl_name;
1351 Rt_map *ilmp = slp->sl_imap;
1352 ulong_t hash = slp->sl_hash;
1353 uint_t ndx, hashoff, buckets, *chainptr;
1354 Sym *sym, *symtabptr;
1355 char *strtabptr, *strtabname;
1356 uint_t flags1;
1357 Syminfo *sip;
1358
1359 /*
1360 * If we're only here to establish a symbols index, skip the diagnostic
1361 * used to trace a symbol search.
1362 */
1363 if ((slp->sl_flags & LKUP_SYMNDX) == 0)
1364 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF)));
1365
1366 if (HASH(ilmp) == NULL)
1367 return (0);
1368
1369 buckets = HASH(ilmp)[0];
1370 /* LINTED */
1371 hashoff = ((uint_t)hash % buckets) + 2;
1372
1373 /*
1374 * Get the first symbol from the hash chain and initialize the string
1375 * and symbol table pointers.
1376 */
1377 if ((ndx = HASH(ilmp)[hashoff]) == 0)
1378 return (0);
1379
1380 chainptr = HASH(ilmp) + 2 + buckets;
1381 strtabptr = STRTAB(ilmp);
1382 symtabptr = SYMTAB(ilmp);
1383
1384 while (ndx) {
1385 sym = symtabptr + ndx;
1386 strtabname = strtabptr + sym->st_name;
1387
1388 /*
1389 * Compare the symbol found with the name required. If the
1390 * names don't match continue with the next hash entry.
1391 */
1392 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1393 hashoff = ndx + buckets + 2;
1394 if ((ndx = chainptr[ndx]) != 0)
1395 continue;
1396 return (0);
1397 }
1398
1399 /*
1400 * Symbols that are defined as hidden within an object usually
1401 * have any references from within the same object bound at
1402 * link-edit time, thus ld.so.1 is not involved. However, if
1403 * these are capabilities symbols, then references to them must
1404 * be resolved at runtime. A hidden symbol can only be bound
1405 * to by the object that defines the symbol.
1406 */
1407 if ((sym->st_shndx != SHN_UNDEF) &&
1408 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) &&
1409 (slp->sl_cmap != ilmp))
1410 return (0);
1411
1412 /*
1413 * The Solaris ld does not put DT_VERSYM in the dynamic
1414 * section, but the GNU ld does. The GNU runtime linker
1415 * interprets the top bit of the 16-bit Versym value
1416 * (0x8000) as the "hidden" bit. If this bit is set,
1417 * the linker is supposed to act as if that symbol does
1418 * not exist. The hidden bit supports their versioning
1419 * scheme, which allows multiple incompatible functions
1420 * with the same name to exist at different versions
1421 * within an object. The Solaris linker does not support this
1422 * mechanism, or the model of interface evolution that
1423 * it allows, but we honor the hidden bit in GNU ld
1424 * produced objects in order to interoperate with them.
1425 */
1426 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) {
1427 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name,
1428 ndx, VERSYM(ilmp)[ndx]));
1429 return (0);
1430 }
1431
1432 /*
1433 * If we're only here to establish a symbol's index, we're done.
1434 */
1435 if (slp->sl_flags & LKUP_SYMNDX) {
1436 srp->sr_dmap = ilmp;
1437 srp->sr_sym = sym;
1438 return (1);
1439 }
1440
1441 /*
1442 * If we find a match and the symbol is defined, capture the
1443 * symbol pointer and the link map in which it was found.
1444 */
1445 if (sym->st_shndx != SHN_UNDEF) {
1446 srp->sr_dmap = ilmp;
1447 srp->sr_sym = sym;
1448 *binfo |= DBG_BINFO_FOUND;
1449
1450 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1451 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1452 is_sym_interposer(ilmp, sym)))
1453 *binfo |= DBG_BINFO_INTERPOSE;
1454 break;
1455
1456 /*
1457 * If we find a match and the symbol is undefined, the
1458 * symbol type is a function, and the value of the symbol
1459 * is non zero, then this is a special case. This allows
1460 * the resolution of a function address to the plt[] entry.
1461 * See SPARC ABI, Dynamic Linking, Function Addresses for
1462 * more details.
1463 */
1464 } else if ((slp->sl_flags & LKUP_SPEC) &&
1465 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1466 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1467 srp->sr_dmap = ilmp;
1468 srp->sr_sym = sym;
1469 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1470
1471 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1472 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1473 is_sym_interposer(ilmp, sym)))
1474 *binfo |= DBG_BINFO_INTERPOSE;
1475 return (1);
1476 }
1477
1478 /*
1479 * Undefined symbol.
1480 */
1481 return (0);
1482 }
1483
1484 /*
1485 * We've found a match. Determine if the defining object contains
1486 * symbol binding information.
1487 */
1488 if ((sip = SYMINFO(ilmp)) != NULL)
1489 sip += ndx;
1490
1491 /*
1492 * If this definition is a singleton, and we haven't followed a default
1493 * symbol search knowing that we're looking for a singleton (presumably
1494 * because the symbol definition has been changed since the referring
1495 * object was built), then reject this binding so that the caller can
1496 * fall back to a standard symbol search.
1497 */
1498 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) &&
1499 (((slp->sl_flags & LKUP_STANDARD) == 0) ||
1500 (((slp->sl_flags & LKUP_SINGLETON) == 0) &&
1501 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) {
1502 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1503 DBG_BNDREJ_SINGLE));
1504 *binfo |= BINFO_REJSINGLE;
1505 *binfo &= ~DBG_BINFO_MSK;
1506 return (0);
1507 }
1508
1509 /*
1510 * If this is a direct binding request, but the symbol definition has
1511 * disabled directly binding to it (presumably because the symbol
1512 * definition has been changed since the referring object was built),
1513 * reject this binding so that the caller can fall back to a standard
1514 * symbol search.
1515 */
1516 if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1517 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1518 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1519 DBG_BNDREJ_DIRECT));
1520 *binfo |= BINFO_REJDIRECT;
1521 *binfo &= ~DBG_BINFO_MSK;
1522 return (0);
1523 }
1524
1525 /*
1526 * If this is a binding request within an RTLD_GROUP family, and the
1527 * symbol has disabled directly binding to it, reject this binding so
1528 * that the caller can fall back to a standard symbol search.
1529 *
1530 * Effectively, an RTLD_GROUP family achieves what can now be
1531 * established with direct bindings. However, various symbols have
1532 * been tagged as inappropriate for direct binding to (ie. libc:malloc).
1533 *
1534 * A symbol marked as no-direct cannot be used within a group without
1535 * first ensuring that the symbol has not been interposed upon outside
1536 * of the group. A common example occurs when users implement their own
1537 * version of malloc() in the executable. Such a malloc() interposes on
1538 * the libc:malloc, and this interposition must be honored within the
1539 * group as well.
1540 *
1541 * Following any rejection, LKUP_WORLD is established as a means of
1542 * overriding this test as we return to a standard search.
1543 */
1544 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) &&
1545 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) &&
1546 ((slp->sl_flags & LKUP_WORLD) == 0)) {
1547 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1548 DBG_BNDREJ_GROUP));
1549 *binfo |= BINFO_REJGROUP;
1550 *binfo &= ~DBG_BINFO_MSK;
1551 return (0);
1552 }
1553
1554 /*
1555 * If this symbol is associated with capabilities, then each of the
1556 * capabilities instances needs to be compared against the system
1557 * capabilities. The best instance will be chosen to satisfy this
1558 * binding.
1559 */
1560 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) &&
1561 (cap_match(srp, ndx, symtabptr, strtabptr) == 0))
1562 return (0);
1563
1564 /*
1565 * Determine whether this object is acting as a filter.
1566 */
1567 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1568 return (1);
1569
1570 /*
1571 * Determine if this object offers per-symbol filtering, and if so,
1572 * whether this symbol references a filtee.
1573 */
1574 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1575 /*
1576 * If this is a standard filter reference, and no standard
1577 * filtees remain to be inspected, we're done. If this is an
1578 * auxiliary filter reference, and no auxiliary filtees remain,
1579 * we'll fall through in case any object filtering is available.
1580 */
1581 if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1582 (SYMSFLTRCNT(ilmp) == 0))
1583 return (0);
1584
1585 if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1586 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1587 SYMAFLTRCNT(ilmp))) {
1588 Sresult sr;
1589
1590 /*
1591 * Initialize a local symbol result descriptor, using
1592 * the original symbol name.
1593 */
1594 SRESULT_INIT(sr, slp->sl_name);
1595
1596 /*
1597 * This symbol has an associated filtee. Lookup the
1598 * symbol in the filtee, and if it is found return it.
1599 * If the symbol doesn't exist, and this is a standard
1600 * filter, return an error, otherwise fall through to
1601 * catch any object filtering that may be available.
1602 */
1603 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto,
1604 in_nfavl)) {
1605 *srp = sr;
1606 return (1);
1607 }
1608 if (sip->si_flags & SYMINFO_FLG_FILTER)
1609 return (0);
1610 }
1611 }
1612
1613 /*
1614 * Determine if this object provides global filtering.
1615 */
1616 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1617 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1618 Sresult sr;
1619
1620 /*
1621 * Initialize a local symbol result descriptor, using
1622 * the original symbol name.
1623 */
1624 SRESULT_INIT(sr, slp->sl_name);
1625
1626 /*
1627 * This object has an associated filtee. Lookup the
1628 * symbol in the filtee, and if it is found return it.
1629 * If the symbol doesn't exist, and this is a standard
1630 * filter, return and error, otherwise return the symbol
1631 * within the filter itself.
1632 */
1633 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp),
1634 in_nfavl)) {
1635 *srp = sr;
1636 return (1);
1637 }
1638 }
1639
1640 if (flags1 & FL1_RT_OBJSFLTR)
1641 return (0);
1642 }
1643 return (1);
1644 }
1645
1646 /*
1647 * Create a new Rt_map structure for an ELF object and initialize
1648 * all values.
1649 */
1650 Rt_map *
1651 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize,
1652 void *odyn, Rt_map *clmp, int *in_nfavl)
1653 {
1654 const char *name = fdp->fd_nname;
1655 Rt_map *lmp;
1656 Ehdr *ehdr = (Ehdr *)addr;
1657 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL;
1658 Dyn *dyn = (Dyn *)odyn;
1659 Cap *cap = NULL;
1660 int ndx;
1661 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1662 Xword rpath = 0;
1663 size_t lmsz, rtsz, epsz, dynsz = 0;
1664 uint_t dyncnt = 0;
1665
1666 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco));
1667
1668 /*
1669 * If this is a shared object, the base address of the shared object is
1670 * added to all address values defined within the object. Otherwise, if
1671 * this is an executable, all object addresses are used as is.
1672 */
1673 if (ehdr->e_type == ET_EXEC)
1674 base = 0;
1675 else
1676 base = addr;
1677
1678 /*
1679 * Traverse the program header table, picking off required items. This
1680 * traversal also provides for the sizing of the PT_DYNAMIC section.
1681 */
1682 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff);
1683 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++,
1684 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) {
1685 switch (phdr->p_type) {
1686 case PT_DYNAMIC:
1687 dphdr = phdr;
1688 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
1689 break;
1690 case PT_TLS:
1691 tphdr = phdr;
1692 break;
1693 case PT_SUNWCAP:
1694 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
1695 break;
1696 case PT_SUNW_UNWIND:
1697 case PT_SUNW_EH_FRAME:
1698 uphdr = phdr;
1699 break;
1700 default:
1701 break;
1702 }
1703 }
1704
1705 /*
1706 * Determine the number of PT_DYNAMIC entries for the DYNINFO()
1707 * allocation. Sadly, this is a little larger than we really need,
1708 * as there are typically padding DT_NULL entries. However, adding
1709 * this data to the initial link-map allocation is a win.
1710 */
1711 if (dyn) {
1712 dyncnt = dphdr->p_filesz / sizeof (Dyn);
1713 dynsz = dyncnt * sizeof (Dyninfo);
1714 }
1715
1716 /*
1717 * Allocate space for the link-map, private elf information, and
1718 * DYNINFO() data. Once these are allocated and initialized,
1719 * remove_so(0, lmp) can be used to tear down the link-map allocation
1720 * should any failures occur.
1721 */
1722 rtsz = S_DROUND(sizeof (Rt_map));
1723 epsz = S_DROUND(sizeof (Rt_elfp));
1724 lmsz = rtsz + epsz + dynsz;
1725 if ((lmp = calloc(lmsz, 1)) == NULL)
1726 return (NULL);
1727 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz);
1728 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz);
1729 LMSIZE(lmp) = lmsz;
1730
1731 /*
1732 * All fields not filled in were set to 0 by calloc.
1733 */
1734 NAME(lmp) = (char *)name;
1735 ADDR(lmp) = addr;
1736 MSIZE(lmp) = msize;
1737 SYMINTP(lmp) = elf_find_sym;
1738 FCT(lmp) = &elf_fct;
1739 LIST(lmp) = lml;
1740 OBJFLTRNDX(lmp) = FLTR_DISABLED;
1741 SORTVAL(lmp) = -1;
1742 DYN(lmp) = dyn;
1743 DYNINFOCNT(lmp) = dyncnt;
1744 PTUNWIND(lmp) = uphdr;
1745
1746 if (ehdr->e_type == ET_EXEC)
1747 FLAGS(lmp) |= FLG_RT_FIXED;
1748
1749 /*
1750 * Fill in rest of the link map entries with information from the file's
1751 * dynamic structure.
1752 */
1753 if (dyn) {
1754 Dyninfo *dip;
1755 uint_t dynndx;
1756 Xword pltpadsz = 0;
1757 Rti_desc *rti;
1758 Dyn *pdyn;
1759 Word lmtflags = lml->lm_tflags;
1760 int ignore = 0;
1761
1762 /*
1763 * Note, we use DT_NULL to terminate processing, and the
1764 * dynamic entry count as a fall back. Normally, a DT_NULL
1765 * entry marks the end of the dynamic section. Any non-NULL
1766 * items following the first DT_NULL are silently ignored.
1767 * This situation should only occur through use of elfedit(1)
1768 * or a similar tool.
1769 */
1770 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp);
1771 dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) {
1772
1773 if (ignore) {
1774 dip->di_flags |= FLG_DI_IGNORE;
1775 continue;
1776 }
1777
1778 switch ((Xword)dyn->d_tag) {
1779 case DT_NULL:
1780 dip->di_flags |= ignore = FLG_DI_IGNORE;
1781 break;
1782 case DT_POSFLAG_1:
1783 dip->di_flags |= FLG_DI_POSFLAG1;
1784 break;
1785 case DT_NEEDED:
1786 case DT_USED:
1787 dip->di_flags |= FLG_DI_NEEDED;
1788
1789 /* BEGIN CSTYLED */
1790 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) {
1791 /*
1792 * Identify any non-deferred lazy load for
1793 * future processing, unless LD_NOLAZYLOAD
1794 * has been set.
1795 */
1796 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) &&
1797 ((lmtflags & LML_TFLG_NOLAZYLD) == 0))
1798 dip->di_flags |= FLG_DI_LAZY;
1799
1800 /*
1801 * Identify any group permission
1802 * requirements.
1803 */
1804 if (pdyn->d_un.d_val & DF_P1_GROUPPERM)
1805 dip->di_flags |= FLG_DI_GROUP;
1806
1807 /*
1808 * Identify any deferred dependencies.
1809 */
1810 if (pdyn->d_un.d_val & DF_P1_DEFERRED)
1811 dip->di_flags |= FLG_DI_DEFERRED;
1812 }
1813 /* END CSTYLED */
1814 break;
1815 case DT_SYMTAB:
1816 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1817 break;
1818 case DT_SUNW_SYMTAB:
1819 SUNWSYMTAB(lmp) =
1820 (void *)(dyn->d_un.d_ptr + base);
1821 break;
1822 case DT_SUNW_SYMSZ:
1823 SUNWSYMSZ(lmp) = dyn->d_un.d_val;
1824 break;
1825 case DT_STRTAB:
1826 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1827 break;
1828 case DT_SYMENT:
1829 SYMENT(lmp) = dyn->d_un.d_val;
1830 break;
1831 case DT_FEATURE_1:
1832 if (dyn->d_un.d_val & DTF_1_CONFEXP)
1833 crle = 1;
1834 break;
1835 case DT_MOVESZ:
1836 MOVESZ(lmp) = dyn->d_un.d_val;
1837 FLAGS(lmp) |= FLG_RT_MOVE;
1838 break;
1839 case DT_MOVEENT:
1840 MOVEENT(lmp) = dyn->d_un.d_val;
1841 break;
1842 case DT_MOVETAB:
1843 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1844 break;
1845 case DT_REL:
1846 case DT_RELA:
1847 /*
1848 * At this time, ld.so. can only handle one
1849 * type of relocation per object.
1850 */
1851 REL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1852 break;
1853 case DT_RELSZ:
1854 case DT_RELASZ:
1855 RELSZ(lmp) = dyn->d_un.d_val;
1856 break;
1857 case DT_RELENT:
1858 case DT_RELAENT:
1859 RELENT(lmp) = dyn->d_un.d_val;
1860 break;
1861 case DT_RELCOUNT:
1862 case DT_RELACOUNT:
1863 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val;
1864 break;
1865 case DT_HASH:
1866 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base);
1867 break;
1868 case DT_PLTGOT:
1869 PLTGOT(lmp) =
1870 (uint_t *)(dyn->d_un.d_ptr + base);
1871 break;
1872 case DT_PLTRELSZ:
1873 PLTRELSZ(lmp) = dyn->d_un.d_val;
1874 break;
1875 case DT_JMPREL:
1876 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1877 break;
1878 case DT_INIT:
1879 if (dyn->d_un.d_ptr != 0)
1880 INIT(lmp) =
1881 (void (*)())(dyn->d_un.d_ptr +
1882 base);
1883 break;
1884 case DT_FINI:
1885 if (dyn->d_un.d_ptr != 0)
1886 FINI(lmp) =
1887 (void (*)())(dyn->d_un.d_ptr +
1888 base);
1889 break;
1890 case DT_INIT_ARRAY:
1891 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1892 base);
1893 break;
1894 case DT_INIT_ARRAYSZ:
1895 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1896 break;
1897 case DT_FINI_ARRAY:
1898 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1899 base);
1900 break;
1901 case DT_FINI_ARRAYSZ:
1902 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1903 break;
1904 case DT_PREINIT_ARRAY:
1905 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1906 base);
1907 break;
1908 case DT_PREINIT_ARRAYSZ:
1909 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1910 break;
1911 case DT_RPATH:
1912 case DT_RUNPATH:
1913 rpath = dyn->d_un.d_val;
1914 break;
1915 case DT_FILTER:
1916 dip->di_flags |= FLG_DI_STDFLTR;
1917 fltr = dyn->d_un.d_val;
1918 OBJFLTRNDX(lmp) = dynndx;
1919 FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
1920 break;
1921 case DT_AUXILIARY:
1922 dip->di_flags |= FLG_DI_AUXFLTR;
1923 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1924 fltr = dyn->d_un.d_val;
1925 OBJFLTRNDX(lmp) = dynndx;
1926 }
1927 FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
1928 break;
1929 case DT_SUNW_FILTER:
1930 dip->di_flags |=
1931 (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
1932 SYMSFLTRCNT(lmp)++;
1933 FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
1934 break;
1935 case DT_SUNW_AUXILIARY:
1936 dip->di_flags |=
1937 (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
1938 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1939 SYMAFLTRCNT(lmp)++;
1940 }
1941 FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
1942 break;
1943 case DT_DEPAUDIT:
1944 if (!(rtld_flags & RT_FL_NOAUDIT)) {
1945 audit = dyn->d_un.d_val;
1946 FLAGS1(lmp) |= FL1_RT_DEPAUD;
1947 }
1948 break;
1949 case DT_CONFIG:
1950 cfile = dyn->d_un.d_val;
1951 break;
1952 case DT_DEBUG:
1953 /*
1954 * DT_DEBUG entries are only created in
1955 * dynamic objects that require an interpretor
1956 * (ie. all dynamic executables and some shared
1957 * objects), and provide for a hand-shake with
1958 * old debuggers. This entry is initialized to
1959 * zero by the link-editor. If a debugger is
1960 * monitoring us, and has updated this entry,
1961 * set the debugger monitor flag, and finish
1962 * initializing the debugging structure. See
1963 * setup(). Also, switch off any configuration
1964 * object use as most debuggers can't handle
1965 * fixed dynamic executables as dependencies.
1966 */
1967 if (dyn->d_un.d_ptr)
1968 rtld_flags |=
1969 (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
1970 dyn->d_un.d_ptr = (Addr)&r_debug;
1971 break;
1972 case DT_VERNEED:
1973 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr +
1974 base);
1975 break;
1976 case DT_VERNEEDNUM:
1977 /* LINTED */
1978 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val;
1979 break;
1980 case DT_VERDEF:
1981 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr +
1982 base);
1983 break;
1984 case DT_VERDEFNUM:
1985 /* LINTED */
1986 VERDEFNUM(lmp) = (int)dyn->d_un.d_val;
1987 break;
1988 case DT_VERSYM:
1989 /*
1990 * The Solaris ld does not produce DT_VERSYM,
1991 * but the GNU ld does, in order to support
1992 * their style of versioning, which differs
1993 * from ours in some ways, while using the
1994 * same data structures. The presence of
1995 * DT_VERSYM therefore means that GNU
1996 * versioning rules apply to the given file.
1997 * If DT_VERSYM is not present, then Solaris
1998 * versioning rules apply.
1999 */
2000 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr +
2001 base);
2002 break;
2003 case DT_BIND_NOW:
2004 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
2005 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2006 MODE(lmp) |= RTLD_NOW;
2007 MODE(lmp) &= ~RTLD_LAZY;
2008 }
2009 break;
2010 case DT_FLAGS:
2011 FLAGS1(lmp) |= FL1_RT_DTFLAGS;
2012 if (dyn->d_un.d_val & DF_SYMBOLIC)
2013 FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
2014 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
2015 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2016 MODE(lmp) |= RTLD_NOW;
2017 MODE(lmp) &= ~RTLD_LAZY;
2018 }
2019 /*
2020 * Capture any static TLS use, and enforce that
2021 * this object be non-deletable.
2022 */
2023 if (dyn->d_un.d_val & DF_STATIC_TLS) {
2024 FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2025 MODE(lmp) |= RTLD_NODELETE;
2026 }
2027 break;
2028 case DT_FLAGS_1:
2029 if (dyn->d_un.d_val & DF_1_DISPRELPND)
2030 FLAGS1(lmp) |= FL1_RT_DISPREL;
2031 if (dyn->d_un.d_val & DF_1_GROUP)
2032 FLAGS(lmp) |=
2033 (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
2034 if ((dyn->d_un.d_val & DF_1_NOW) &&
2035 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2036 MODE(lmp) |= RTLD_NOW;
2037 MODE(lmp) &= ~RTLD_LAZY;
2038 }
2039 if (dyn->d_un.d_val & DF_1_NODELETE)
2040 MODE(lmp) |= RTLD_NODELETE;
2041 if (dyn->d_un.d_val & DF_1_INITFIRST)
2042 FLAGS(lmp) |= FLG_RT_INITFRST;
2043 if (dyn->d_un.d_val & DF_1_NOOPEN)
2044 FLAGS(lmp) |= FLG_RT_NOOPEN;
2045 if (dyn->d_un.d_val & DF_1_LOADFLTR)
2046 FLAGS(lmp) |= FLG_RT_LOADFLTR;
2047 if (dyn->d_un.d_val & DF_1_NODUMP)
2048 FLAGS(lmp) |= FLG_RT_NODUMP;
2049 if (dyn->d_un.d_val & DF_1_CONFALT)
2050 crle = 1;
2051 if (dyn->d_un.d_val & DF_1_DIRECT)
2052 FLAGS1(lmp) |= FL1_RT_DIRECT;
2053 if (dyn->d_un.d_val & DF_1_NODEFLIB)
2054 FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2055 if (dyn->d_un.d_val & DF_1_ENDFILTEE)
2056 FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2057 if (dyn->d_un.d_val & DF_1_TRANS)
2058 FLAGS(lmp) |= FLG_RT_TRANS;
2059
2060 /*
2061 * Global auditing is only meaningful when
2062 * specified by the initiating object of the
2063 * process - typically the dynamic executable.
2064 * If this is the initiating object, its link-
2065 * map will not yet have been added to the
2066 * link-map list, and consequently the link-map
2067 * list is empty. (see setup()).
2068 */
2069 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) {
2070 if (lml_main.lm_head == NULL)
2071 FLAGS1(lmp) |= FL1_RT_GLOBAUD;
2072 else
2073 DBG_CALL(Dbg_audit_ignore(lmp));
2074 }
2075
2076 /*
2077 * If this object identifies itself as an
2078 * interposer, but relocation processing has
2079 * already started, then demote it. It's too
2080 * late to guarantee complete interposition.
2081 */
2082 /* BEGIN CSTYLED */
2083 if (dyn->d_un.d_val &
2084 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) {
2085 if (lml->lm_flags & LML_FLG_STARTREL) {
2086 DBG_CALL(Dbg_util_intoolate(lmp));
2087 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2088 (void) printf(
2089 MSG_INTL(MSG_LDD_REL_ERR2),
2090 NAME(lmp));
2091 } else if (dyn->d_un.d_val & DF_1_INTERPOSE)
2092 FLAGS(lmp) |= FLG_RT_OBJINTPO;
2093 else
2094 FLAGS(lmp) |= FLG_RT_SYMINTPO;
2095 }
2096 /* END CSTYLED */
2097 break;
2098 case DT_SYMINFO:
2099 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr +
2100 base);
2101 break;
2102 case DT_SYMINENT:
2103 SYMINENT(lmp) = dyn->d_un.d_val;
2104 break;
2105 case DT_PLTPAD:
2106 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base);
2107 break;
2108 case DT_PLTPADSZ:
2109 pltpadsz = dyn->d_un.d_val;
2110 break;
2111 case DT_SUNW_RTLDINF:
2112 /*
2113 * Maintain a list of RTLDINFO structures.
2114 * Typically, libc is the only supplier, and
2115 * only one structure is provided. However,
2116 * multiple suppliers and multiple structures
2117 * are supported. For example, one structure
2118 * may provide thread_init, and another
2119 * structure may provide atexit reservations.
2120 */
2121 if ((rti = alist_append(&lml->lm_rti, NULL,
2122 sizeof (Rti_desc),
2123 AL_CNT_RTLDINFO)) == NULL) {
2124 remove_so(0, lmp, clmp);
2125 return (NULL);
2126 }
2127 rti->rti_lmp = lmp;
2128 rti->rti_info = (void *)(dyn->d_un.d_ptr +
2129 base);
2130 break;
2131 case DT_SUNW_SORTENT:
2132 SUNWSORTENT(lmp) = dyn->d_un.d_val;
2133 break;
2134 case DT_SUNW_SYMSORT:
2135 SUNWSYMSORT(lmp) =
2136 (void *)(dyn->d_un.d_ptr + base);
2137 break;
2138 case DT_SUNW_SYMSORTSZ:
2139 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val;
2140 break;
2141 case DT_DEPRECATED_SPARC_REGISTER:
2142 case M_DT_REGISTER:
2143 dip->di_flags |= FLG_DI_REGISTER;
2144 FLAGS(lmp) |= FLG_RT_REGSYMS;
2145 break;
2146 case DT_SUNW_CAP:
2147 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base);
2148 break;
2149 case DT_SUNW_CAPINFO:
2150 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base);
2151 break;
2152 case DT_SUNW_CAPCHAIN:
2153 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr +
2154 base);
2155 break;
2156 case DT_SUNW_CAPCHAINENT:
2157 CAPCHAINENT(lmp) = dyn->d_un.d_val;
2158 break;
2159 case DT_SUNW_CAPCHAINSZ:
2160 CAPCHAINSZ(lmp) = dyn->d_un.d_val;
2161 break;
2162 }
2163 }
2164
2165 /*
2166 * Update any Dyninfo string pointers now that STRTAB() is
2167 * known.
2168 */
2169 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp);
2170 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
2171
2172 switch ((Xword)dyn->d_tag) {
2173 case DT_NEEDED:
2174 case DT_USED:
2175 case DT_FILTER:
2176 case DT_AUXILIARY:
2177 case DT_SUNW_FILTER:
2178 case DT_SUNW_AUXILIARY:
2179 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val;
2180 break;
2181 }
2182 }
2183
2184 /*
2185 * Assign any padding.
2186 */
2187 if (PLTPAD(lmp)) {
2188 if (pltpadsz == (Xword)0)
2189 PLTPAD(lmp) = NULL;
2190 else
2191 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2192 pltpadsz);
2193 }
2194 }
2195
2196 /*
2197 * A dynsym contains only global functions. We want to have
2198 * a version of it that also includes local functions, so that
2199 * dladdr() will be able to report names for local functions
2200 * when used to generate a stack trace for a stripped file.
2201 * This version of the dynsym is provided via DT_SUNW_SYMTAB.
2202 *
2203 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick
2204 * in order to avoid having to have two copies of the global
2205 * symbols held in DT_SYMTAB: The local symbols are placed in
2206 * a separate section than the globals in the dynsym, but the
2207 * linker conspires to put the data for these two sections adjacent
2208 * to each other. DT_SUNW_SYMTAB points at the top of the local
2209 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables.
2210 *
2211 * If the two sections are not adjacent, then something went wrong
2212 * at link time. We use ASSERT to kill the process if this is
2213 * a debug build. In a production build, we will silently ignore
2214 * the presence of the .ldynsym and proceed. We can detect this
2215 * situation by checking to see that DT_SYMTAB lies in
2216 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ.
2217 */
2218 if ((SUNWSYMTAB(lmp) != NULL) &&
2219 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) ||
2220 (((char *)SYMTAB(lmp) >=
2221 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) {
2222 ASSERT(0);
2223 SUNWSYMTAB(lmp) = NULL;
2224 SUNWSYMSZ(lmp) = 0;
2225 }
2226
2227 /*
2228 * If configuration file use hasn't been disabled, and a configuration
2229 * file hasn't already been set via an environment variable, see if any
2230 * application specific configuration file is specified. An LD_CONFIG
2231 * setting is used first, but if this image was generated via crle(1)
2232 * then a default configuration file is a fall-back.
2233 */
2234 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) {
2235 if (cfile)
2236 config->c_name = (const char *)(cfile +
2237 (char *)STRTAB(lmp));
2238 else if (crle)
2239 rtld_flags |= RT_FL_CONFAPP;
2240 }
2241
2242 if (rpath)
2243 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2244 if (fltr)
2245 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp));
2246
2247 /*
2248 * For Intel ABI compatibility. It's possible that a JMPREL can be
2249 * specified without any other relocations (e.g. a dynamic executable
2250 * normally only contains .plt relocations). If this is the case then
2251 * no REL, RELSZ or RELENT will have been created. For us to be able
2252 * to traverse the .plt relocations under LD_BIND_NOW we need to know
2253 * the RELENT for these relocations. Refer to elf_reloc() for more
2254 * details.
2255 */
2256 if (!RELENT(lmp) && JMPREL(lmp))
2257 RELENT(lmp) = sizeof (M_RELOC);
2258
2259 /*
2260 * Establish any per-object auditing. If we're establishing main's
2261 * link-map its too early to go searching for audit objects so just
2262 * hold the object name for later (see setup()).
2263 */
2264 if (audit) {
2265 char *cp = audit + (char *)STRTAB(lmp);
2266
2267 if (*cp) {
2268 if (((AUDITORS(lmp) =
2269 calloc(1, sizeof (Audit_desc))) == NULL) ||
2270 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) {
2271 remove_so(0, lmp, clmp);
2272 return (NULL);
2273 }
2274 if (lml_main.lm_head) {
2275 if (audit_setup(lmp, AUDITORS(lmp), 0,
2276 in_nfavl) == 0) {
2277 remove_so(0, lmp, clmp);
2278 return (NULL);
2279 }
2280 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags;
2281 lml->lm_flags |= LML_FLG_LOCAUDIT;
2282 }
2283 }
2284 }
2285
2286 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) {
2287 remove_so(0, lmp, clmp);
2288 return (NULL);
2289 }
2290
2291 /*
2292 * A capabilities section should be identified by a DT_SUNW_CAP entry,
2293 * and if non-empty object capabilities are included, a PT_SUNWCAP
2294 * header should reference the section. Make sure CAP() is set
2295 * regardless.
2296 */
2297 if ((CAP(lmp) == NULL) && cap)
2298 CAP(lmp) = cap;
2299
2300 /*
2301 * Make sure any capabilities information or chain can be handled.
2302 */
2303 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT))
2304 CAPINFO(lmp) = NULL;
2305 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT))
2306 CAPCHAIN(lmp) = NULL;
2307
2308 /*
2309 * As part of processing dependencies, a file descriptor is populated
2310 * with capabilities information following validation.
2311 */
2312 if (fdp->fd_flags & FLG_FD_ALTCHECK) {
2313 FLAGS1(lmp) |= FL1_RT_ALTCHECK;
2314 CAPSET(lmp) = fdp->fd_scapset;
2315
2316 if (fdp->fd_flags & FLG_FD_ALTCAP)
2317 FLAGS1(lmp) |= FL1_RT_ALTCAP;
2318
2319 } else if ((cap = CAP(lmp)) != NULL) {
2320 /*
2321 * Processing of the a.out and ld.so.1 does not involve a file
2322 * descriptor as exec() did all the work, so capture the
2323 * capabilities for these cases.
2324 */
2325 while (cap->c_tag != CA_SUNW_NULL) {
2326 switch (cap->c_tag) {
2327 case CA_SUNW_HW_1:
2328 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val;
2329 break;
2330 case CA_SUNW_SF_1:
2331 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val;
2332 break;
2333 case CA_SUNW_HW_2:
2334 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val;
2335 break;
2336 case CA_SUNW_PLAT:
2337 CAPSET(lmp).sc_plat = STRTAB(lmp) +
2338 cap->c_un.c_ptr;
2339 break;
2340 case CA_SUNW_MACH:
2341 CAPSET(lmp).sc_mach = STRTAB(lmp) +
2342 cap->c_un.c_ptr;
2343 break;
2344 }
2345 cap++;
2346 }
2347 }
2348
2349 /*
2350 * If a capabilities chain table exists, duplicate it. The chain table
2351 * is inspected for each initial call to a capabilities family lead
2352 * symbol. From this chain, each family member is inspected to
2353 * determine the 'best' family member. The chain table is then updated
2354 * so that the best member is immediately selected for any further
2355 * family searches.
2356 */
2357 if (CAPCHAIN(lmp)) {
2358 Capchain *capchain;
2359
2360 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL)
2361 return (NULL);
2362 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp));
2363 CAPCHAIN(lmp) = capchain;
2364 }
2365
2366 /*
2367 * Add the mapped object to the end of the link map list.
2368 */
2369 lm_append(lml, lmco, lmp);
2370
2371 /*
2372 * Start the system loading in the ELF information we'll be processing.
2373 */
2374 if (REL(lmp)) {
2375 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2376 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2377 MADV_WILLNEED);
2378 }
2379 return (lmp);
2380 }
2381
2382 /*
2383 * Build full pathname of shared object from given directory name and filename.
2384 */
2385 static char *
2386 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen)
2387 {
2388 static char pname[PATH_MAX];
2389
2390 (void) strncpy(pname, dir, dlen);
2391 pname[dlen++] = '/';
2392 (void) strncpy(&pname[dlen], file, flen + 1);
2393 return (pname);
2394 }
2395
2396 /*
2397 * The copy relocation is recorded in a copy structure which will be applied
2398 * after all other relocations are carried out. This provides for copying data
2399 * that must be relocated itself (ie. pointers in shared objects). This
2400 * structure also provides a means of binding RTLD_GROUP dependencies to any
2401 * copy relocations that have been taken from any group members.
2402 *
2403 * If the size of the .bss area available for the copy information is not the
2404 * same as the source of the data inform the user if we're under ldd(1) control
2405 * (this checking was only established in 5.3, so by only issuing an error via
2406 * ldd(1) we maintain the standard set by previous releases).
2407 */
2408 int
2409 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2410 Rt_map *dlmp, const void *dadd)
2411 {
2412 Rel_copy rc;
2413 Lm_list *lml = LIST(rlmp);
2414
2415 rc.r_name = name;
2416 rc.r_rsym = rsym; /* the new reference symbol and its */
2417 rc.r_rlmp = rlmp; /* associated link-map */
2418 rc.r_dlmp = dlmp; /* the defining link-map */
2419 rc.r_dsym = dsym; /* the original definition */
2420 rc.r_radd = radd;
2421 rc.r_dadd = dadd;
2422
2423 if (rsym->st_size > dsym->st_size)
2424 rc.r_size = (size_t)dsym->st_size;
2425 else
2426 rc.r_size = (size_t)rsym->st_size;
2427
2428 if (alist_append(&COPY_R(dlmp), &rc, sizeof (Rel_copy),
2429 AL_CNT_COPYREL) == NULL) {
2430 if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2431 return (0);
2432 else
2433 return (1);
2434 }
2435 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2436 if (aplist_append(&COPY_S(rlmp), dlmp,
2437 AL_CNT_COPYREL) == NULL) {
2438 if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2439 return (0);
2440 else
2441 return (1);
2442 }
2443 FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2444 }
2445
2446 /*
2447 * If we are tracing (ldd), warn the user if
2448 * 1) the size from the reference symbol differs from the
2449 * copy definition. We can only copy as much data as the
2450 * reference (dynamic executables) entry allows.
2451 * 2) the copy definition has STV_PROTECTED visibility.
2452 */
2453 if (lml->lm_flags & LML_FLG_TRC_WARN) {
2454 if (rsym->st_size != dsym->st_size) {
2455 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2456 _conv_reloc_type(M_R_COPY), demangle(name),
2457 NAME(rlmp), EC_XWORD(rsym->st_size),
2458 NAME(dlmp), EC_XWORD(dsym->st_size));
2459 if (rsym->st_size > dsym->st_size)
2460 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2461 NAME(dlmp));
2462 else
2463 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2464 NAME(rlmp));
2465 }
2466
2467 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2468 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2469 _conv_reloc_type(M_R_COPY), demangle(name),
2470 NAME(dlmp));
2471 }
2472 }
2473
2474 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd,
2475 (Xword)rc.r_size));
2476 return (1);
2477 }
2478
2479 /*
2480 * Determine the symbol location of an address within a link-map. Look for
2481 * the nearest symbol (whose value is less than or equal to the required
2482 * address). This is the object specific part of dladdr().
2483 */
2484 static void
2485 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2486 {
2487 ulong_t ndx, cnt, base, _value;
2488 Sym *sym, *_sym = NULL;
2489 const char *str;
2490 int _flags;
2491 uint_t *dynaddr_ndx;
2492 uint_t dynaddr_n = 0;
2493 ulong_t value;
2494
2495 /*
2496 * If SUNWSYMTAB() is non-NULL, then it sees a special version of
2497 * the dynsym that starts with any local function symbols that exist in
2498 * the library and then moves to the data held in SYMTAB(). In this
2499 * case, SUNWSYMSZ tells us how long the symbol table is. The
2500 * availability of local function symbols will enhance the results
2501 * we can provide.
2502 *
2503 * If SUNWSYMTAB() is non-NULL, then there might also be a
2504 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains
2505 * an array of indices into SUNWSYMTAB, sorted by increasing
2506 * address. We can use this to do an O(log N) search instead of a
2507 * brute force search.
2508 *
2509 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that
2510 * contains only global symbols. In that case, the length of
2511 * the symbol table comes from the nchain field of the related
2512 * symbol lookup hash table.
2513 */
2514 str = STRTAB(lmp);
2515 if (SUNWSYMSZ(lmp) == 0) {
2516 sym = SYMTAB(lmp);
2517 /*
2518 * If we don't have a .hash table there are no symbols
2519 * to look at.
2520 */
2521 if (HASH(lmp) == NULL)
2522 return;
2523 cnt = HASH(lmp)[1];
2524 } else {
2525 sym = SUNWSYMTAB(lmp);
2526 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp);
2527 dynaddr_ndx = SUNWSYMSORT(lmp);
2528 if (dynaddr_ndx != NULL)
2529 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp);
2530 }
2531
2532 if (FLAGS(lmp) & FLG_RT_FIXED)
2533 base = 0;
2534 else
2535 base = ADDR(lmp);
2536
2537 if (dynaddr_n > 0) { /* Binary search */
2538 long low = 0, low_bnd;
2539 long high = dynaddr_n - 1, high_bnd;
2540 long mid;
2541 Sym *mid_sym;
2542
2543 /*
2544 * Note that SUNWSYMSORT only contains symbols types that
2545 * supply memory addresses, so there's no need to check and
2546 * filter out any other types.
2547 */
2548 low_bnd = low;
2549 high_bnd = high;
2550 while (low <= high) {
2551 mid = (low + high) / 2;
2552 mid_sym = &sym[dynaddr_ndx[mid]];
2553 value = mid_sym->st_value + base;
2554 if (addr < value) {
2555 if ((sym[dynaddr_ndx[high]].st_value + base) >=
2556 addr)
2557 high_bnd = high;
2558 high = mid - 1;
2559 } else if (addr > value) {
2560 if ((sym[dynaddr_ndx[low]].st_value + base) <=
2561 addr)
2562 low_bnd = low;
2563 low = mid + 1;
2564 } else {
2565 _sym = mid_sym;
2566 _value = value;
2567 break;
2568 }
2569 }
2570 /*
2571 * If the above didn't find it exactly, then we must
2572 * return the closest symbol with a value that doesn't
2573 * exceed the one we are looking for. If that symbol exists,
2574 * it will lie in the range bounded by low_bnd and
2575 * high_bnd. This is a linear search, but a short one.
2576 */
2577 if (_sym == NULL) {
2578 for (mid = low_bnd; mid <= high_bnd; mid++) {
2579 mid_sym = &sym[dynaddr_ndx[mid]];
2580 value = mid_sym->st_value + base;
2581 if (addr >= value) {
2582 _sym = mid_sym;
2583 _value = value;
2584 } else {
2585 break;
2586 }
2587 }
2588 }
2589 } else { /* Linear search */
2590 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2591 /*
2592 * Skip expected symbol types that are not functions
2593 * or data:
2594 * - A symbol table starts with an undefined symbol
2595 * in slot 0. If we are using SUNWSYMTAB(),
2596 * there will be a second undefined symbol
2597 * right before the globals.
2598 * - The local part of SUNWSYMTAB() contains a
2599 * series of function symbols. Each section
2600 * starts with an initial STT_FILE symbol.
2601 */
2602 if ((sym->st_shndx == SHN_UNDEF) ||
2603 (ELF_ST_TYPE(sym->st_info) == STT_FILE))
2604 continue;
2605
2606 value = sym->st_value + base;
2607 if (value > addr)
2608 continue;
2609 if (value < _value)
2610 continue;
2611
2612 _sym = sym;
2613 _value = value;
2614
2615 /*
2616 * Note, because we accept local and global symbols
2617 * we could find a section symbol that matches the
2618 * associated address, which means that the symbol
2619 * name will be null. In this case continue the
2620 * search in case we can find a global symbol of
2621 * the same value.
2622 */
2623 if ((value == addr) &&
2624 (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2625 break;
2626 }
2627 }
2628
2629 _flags = flags & RTLD_DL_MASK;
2630 if (_sym) {
2631 if (_flags == RTLD_DL_SYMENT)
2632 *info = (void *)_sym;
2633 else if (_flags == RTLD_DL_LINKMAP)
2634 *info = (void *)lmp;
2635
2636 dlip->dli_sname = str + _sym->st_name;
2637 dlip->dli_saddr = (void *)_value;
2638 } else {
2639 /*
2640 * addr lies between the beginning of the mapped segment and
2641 * the first global symbol. We have no symbol to return
2642 * and the caller requires one. We use _START_, the base
2643 * address of the mapping.
2644 */
2645
2646 if (_flags == RTLD_DL_SYMENT) {
2647 /*
2648 * An actual symbol struct is needed, so we
2649 * construct one for _START_. To do this in a
2650 * fully accurate way requires a different symbol
2651 * for each mapped segment. This requires the
2652 * use of dynamic memory and a mutex. That's too much
2653 * plumbing for a fringe case of limited importance.
2654 *
2655 * Fortunately, we can simplify:
2656 * - Only the st_size and st_info fields are useful
2657 * outside of the linker internals. The others
2658 * reference things that outside code cannot see,
2659 * and can be set to 0.
2660 * - It's just a label and there is no size
2661 * to report. So, the size should be 0.
2662 * This means that only st_info needs a non-zero
2663 * (constant) value. A static struct will suffice.
2664 * It must be const (readonly) so the caller can't
2665 * change its meaning for subsequent callers.
2666 */
2667 static const Sym fsym = { 0, 0, 0,
2668 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) };
2669 *info = (void *) &fsym;
2670 }
2671
2672 dlip->dli_sname = MSG_ORIG(MSG_SYM_START);
2673 dlip->dli_saddr = (void *) ADDR(lmp);
2674 }
2675 }
2676
2677 /*
2678 * This routine is called as a last fall-back to search for a symbol from a
2679 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing
2680 * the number of objects mapped, any symbol search is first carried out using
2681 * the objects that already exist in the process (either on a link-map list or
2682 * handle). If a symbol can't be found, and lazy dependencies are still
2683 * pending, this routine loads the dependencies in an attempt to locate the
2684 * symbol.
2685 */
2686 int
2687 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
2688 {
2689 static APlist *alist = NULL;
2690 Aliste idx1;
2691 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap;
2692 const char *name = slp->sl_name;
2693 Slookup sl1 = *slp;
2694 Lm_list *lml;
2695 Lm_cntl *lmc;
2696
2697 /*
2698 * It's quite possible we've been here before to process objects,
2699 * therefore reinitialize our dynamic list.
2700 */
2701 if (alist)
2702 aplist_reset(alist);
2703
2704 /*
2705 * Discard any relocation index from further symbol searches. This
2706 * index has already been used to trigger any necessary lazy-loads,
2707 * and it might be because one of these lazy loads has failed that
2708 * we're performing this fallback. By removing the relocation index
2709 * we don't try and perform the same failed lazy loading activity again.
2710 */
2711 sl1.sl_rsymndx = 0;
2712
2713 /*
2714 * Determine the callers link-map list so that we can monitor whether
2715 * new objects have been added.
2716 */
2717 lml = LIST(clmp);
2718 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp));
2719
2720 /*
2721 * Generate a local list of new objects to process. This list can grow
2722 * as each object supplies its own lazy dependencies.
2723 */
2724 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL)
2725 return (0);
2726
2727 for (APLIST_TRAVERSE(alist, idx1, lmp1)) {
2728 uint_t dynndx;
2729 Dyninfo *dip, *pdip;
2730
2731 /*
2732 * Loop through the lazy DT_NEEDED entries examining each object
2733 * for the required symbol. If the symbol is not found, the
2734 * object is in turn added to the local alist, so that the
2735 * objects lazy DT_NEEDED entries can be examined.
2736 */
2737 lmp = lmp1;
2738 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL;
2739 !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) {
2740 Grp_hdl *ghp;
2741 Grp_desc *gdp;
2742 Rt_map *nlmp, *llmp;
2743 Slookup sl2;
2744 Sresult sr;
2745 Aliste idx2;
2746
2747 if (((dip->di_flags & FLG_DI_LAZY) == 0) ||
2748 dip->di_info)
2749 continue;
2750
2751 /*
2752 * If this object has already failed to lazy load, and
2753 * we're still processing the same runtime linker
2754 * operation that produced the failure, don't bother
2755 * to try and load the object again.
2756 */
2757 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip &&
2758 (pdip->di_flags & FLG_DI_POSFLAG1)) {
2759 if (pdip->di_info == (void *)ld_entry_cnt)
2760 continue;
2761
2762 dip->di_flags &= ~FLG_DI_LAZYFAIL;
2763 pdip->di_info = NULL;
2764 }
2765
2766 /*
2767 * Determine the last link-map presently on the callers
2768 * link-map control list.
2769 */
2770 llmp = lmc->lc_tail;
2771
2772 /*
2773 * Try loading this lazy dependency. If the object
2774 * can't be loaded, consider this non-fatal and continue
2775 * the search. Lazy loaded dependencies need not exist
2776 * and their loading should only turn out to be fatal
2777 * if they are required to satisfy a relocation.
2778 *
2779 * A successful lazy load can mean one of two things:
2780 *
2781 * - new objects have been loaded, in which case the
2782 * objects will have been analyzed, relocated, and
2783 * finally moved to the callers control list.
2784 * - the objects are already loaded, and this lazy
2785 * load has simply associated the referenced object
2786 * with it's lazy dependencies.
2787 *
2788 * If new objects are loaded, look in these objects
2789 * first. Note, a new object can be the object being
2790 * referenced by this lazy load, however we can also
2791 * descend into multiple lazy loads as we relocate this
2792 * reference.
2793 *
2794 * If the symbol hasn't been found, use the referenced
2795 * objects handle, as it might have dependencies on
2796 * objects that are already loaded. Note that existing
2797 * objects might have already been searched and skipped
2798 * as non-available to this caller. However, a lazy
2799 * load might have caused the promotion of modes, or
2800 * added this object to the family of the caller. In
2801 * either case, the handle associated with the object
2802 * is then used to carry out the symbol search.
2803 */
2804 if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name,
2805 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL)
2806 continue;
2807
2808 if (NEXT_RT_MAP(llmp)) {
2809 /*
2810 * Look in any new objects.
2811 */
2812 sl1.sl_imap = NEXT_RT_MAP(llmp);
2813 sl1.sl_flags &= ~LKUP_STDRELOC;
2814
2815 /*
2816 * Initialize a local symbol result descriptor,
2817 * using the original symbol name.
2818 */
2819 SRESULT_INIT(sr, slp->sl_name);
2820
2821 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) {
2822 *srp = sr;
2823 return (1);
2824 }
2825 }
2826
2827 /*
2828 * Use the objects handle to inspect the family of
2829 * objects associated with the handle. Note, there's
2830 * a possibility of overlap with the above search,
2831 * should a lazy load bring in new objects and
2832 * reference existing objects.
2833 */
2834 sl2 = sl1;
2835 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) {
2836 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) &&
2837 (gdp->gd_flags & GPD_DLSYM)) {
2838
2839 sl2.sl_imap = gdp->gd_depend;
2840 sl2.sl_flags |= LKUP_FIRST;
2841
2842 /*
2843 * Initialize a local symbol result
2844 * descriptor, using the original
2845 * symbol name.
2846 */
2847 SRESULT_INIT(sr, slp->sl_name);
2848
2849 if (lookup_sym(&sl2, &sr, binfo,
2850 in_nfavl)) {
2851 *srp = sr;
2852 return (1);
2853 }
2854 }
2855 }
2856
2857 /*
2858 * Some dlsym() operations are already traversing a
2859 * link-map (dlopen(0)), and thus there's no need to
2860 * save them on the dynamic dependency list.
2861 */
2862 if (slp->sl_flags & LKUP_NODESCENT)
2863 continue;
2864
2865 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == 0)
2866 return (0);
2867 }
2868 }
2869
2870 return (0);
2871 }
2872
2873 /*
2874 * Warning message for bad r_offset.
2875 */
2876 void
2877 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
2878 ulong_t rsymndx)
2879 {
2880 const char *name = NULL;
2881 Lm_list *lml = LIST(lmp);
2882 int trace;
2883
2884 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
2885 (((rtld_flags & RT_FL_SILENCERR) == 0) ||
2886 (lml->lm_flags & LML_FLG_TRC_VERBOSE)))
2887 trace = 1;
2888 else
2889 trace = 0;
2890
2891 if ((trace == 0) && (DBG_ENABLED == 0))
2892 return;
2893
2894 if (rsymndx) {
2895 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) +
2896 (rsymndx * SYMENT(lmp)));
2897
2898 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
2899 name = (char *)(STRTAB(lmp) + symref->st_name);
2900 }
2901
2902 if (name == NULL)
2903 name = MSG_INTL(MSG_STR_UNKNOWN);
2904
2905 if (trace) {
2906 const char *rstr;
2907
2908 rstr = _conv_reloc_type((uint_t)rtype);
2909 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
2910 EC_ADDR(roffset));
2911 return;
2912 }
2913
2914 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name);
2915 }
2916
2917 /*
2918 * Resolve a static TLS relocation.
2919 */
2920 long
2921 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name,
2922 ulong_t roffset, long value)
2923 {
2924 Lm_list *lml = LIST(lmp);
2925
2926 /*
2927 * Relocations against a static TLS block have limited support once
2928 * process initialization has completed. Any error condition should be
2929 * discovered by testing for DF_STATIC_TLS as part of loading an object,
2930 * however individual relocations are tested in case the dynamic flag
2931 * had not been set when this object was built.
2932 */
2933 if (PTTLS(lmp) == NULL) {
2934 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2935 M_REL_SHT_TYPE, rel, NULL, 0, name));
2936 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2937 _conv_reloc_type((uint_t)rtype), NAME(lmp),
2938 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2939 return (0);
2940 }
2941
2942 /*
2943 * If no static TLS has been set aside for this object, determine if
2944 * any can be obtained. Enforce that any object using static TLS is
2945 * non-deletable.
2946 */
2947 if (TLSSTATOFF(lmp) == 0) {
2948 FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2949 MODE(lmp) |= RTLD_NODELETE;
2950
2951 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) {
2952 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2953 M_REL_SHT_TYPE, rel, NULL, 0, name));
2954 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2955 _conv_reloc_type((uint_t)rtype), NAME(lmp),
2956 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2957 return (0);
2958 }
2959 }
2960
2961 /*
2962 * Typically, a static TLS offset is maintained as a symbols value.
2963 * For local symbols that are not apart of the dynamic symbol table,
2964 * the TLS relocation points to a section symbol, and the static TLS
2965 * offset was deposited in the associated GOT table. Make sure the GOT
2966 * is cleared, so that the value isn't reused in do_reloc().
2967 */
2968 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) {
2969 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) {
2970 value = *(long *)roffset;
2971 *(long *)roffset = 0;
2972 } else {
2973 value = sym->st_value;
2974 }
2975 }
2976 return (-(TLSSTATOFF(lmp) - value));
2977 }
2978
2979 /*
2980 * If the symbol is not found and the reference was not to a weak symbol, report
2981 * an error. Weak references may be unresolved.
2982 */
2983 int
2984 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo)
2985 {
2986 Lm_list *lml = LIST(lmp);
2987
2988 /*
2989 * Under crle(1), relocation failures are ignored.
2990 */
2991 if (lml->lm_flags & LML_FLG_IGNRELERR)
2992 return (1);
2993
2994 /*
2995 * Under ldd(1), unresolved references are reported. However, if the
2996 * original reference is EXTERN or PARENT these references are ignored
2997 * unless ldd's -p option is in effect.
2998 */
2999 if (lml->lm_flags & LML_FLG_TRC_WARN) {
3000 if (((binfo & DBG_BINFO_REF_MSK) == 0) ||
3001 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) {
3002 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND),
3003 demangle(name), NAME(lmp));
3004 }
3005 return (1);
3006 }
3007
3008 /*
3009 * Otherwise, the unresolved references is fatal.
3010 */
3011 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel,
3012 NULL, 0, name));
3013 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp),
3014 demangle(name));
3015
3016 return (0);
3017 }
Unleashed OS