/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright (c) 1988 AT&T * All Rights Reserved * * * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" /* * Object file dependent support for ELF objects. */ #include "_synonyms.h" #include #include #include #include #include #include #include #include "conv.h" #include "_rtld.h" #include "_audit.h" #include "_elf.h" #include "msg.h" #include "debug.h" /* * Default and secure dependency search paths. */ static Pnode elf_dflt_dirs[] = { #if defined(_ELF64) #ifndef SGS_PRE_UNIFIED_PROCESS { MSG_ORIG(MSG_PTH_LIB_64), 0, MSG_PTH_LIB_64_SIZE, LA_SER_DEFAULT, 0, &elf_dflt_dirs[1] }, #endif { MSG_ORIG(MSG_PTH_USRLIB_64), 0, MSG_PTH_USRLIB_64_SIZE, LA_SER_DEFAULT, 0, 0 } #else #ifndef SGS_PRE_UNIFIED_PROCESS { MSG_ORIG(MSG_PTH_LIB), 0, MSG_PTH_LIB_SIZE, LA_SER_DEFAULT, 0, &elf_dflt_dirs[1] }, #endif { MSG_ORIG(MSG_PTH_USRLIB), 0, MSG_PTH_USRLIB_SIZE, LA_SER_DEFAULT, 0, 0 } #endif }; static Pnode elf_secure_dirs[] = { #if defined(_ELF64) #ifndef SGS_PRE_UNIFIED_PROCESS { MSG_ORIG(MSG_PTH_LIBSE_64), 0, MSG_PTH_LIBSE_64_SIZE, LA_SER_SECURE, 0, &elf_secure_dirs[1] }, #endif { MSG_ORIG(MSG_PTH_USRLIBSE_64), 0, MSG_PTH_USRLIBSE_64_SIZE, LA_SER_SECURE, 0, 0 } #else #ifndef SGS_PRE_UNIFIED_PROCESS { MSG_ORIG(MSG_PTH_LIBSE), 0, MSG_PTH_LIBSE_SIZE, LA_SER_SECURE, 0, &elf_secure_dirs[1] }, #endif { MSG_ORIG(MSG_PTH_USRLIBSE), 0, MSG_PTH_USRLIBSE_SIZE, LA_SER_SECURE, 0, 0 } #endif }; /* * Defines for local functions. */ static Pnode *elf_fix_name(const char *, Rt_map *, uint_t); static int elf_are_u(Rej_desc *); static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); static ulong_t elf_entry_pt(void); static char *elf_get_so(const char *, const char *); static Rt_map *elf_map_so(Lm_list *, Aliste, const char *, const char *, int); static int elf_needed(Lm_list *, Aliste, Rt_map *); static void elf_unmap_so(Rt_map *); static int elf_verify_vers(const char *, Rt_map *, Rt_map *); /* * Functions and data accessed through indirect pointers. */ Fct elf_fct = { elf_are_u, elf_entry_pt, elf_map_so, elf_unmap_so, elf_needed, lookup_sym, elf_reloc, elf_dflt_dirs, elf_secure_dirs, elf_fix_name, elf_get_so, elf_dladdr, dlsym_handle, elf_verify_vers, elf_set_prot }; /* * Redefine NEEDED name if necessary. */ static Pnode * elf_fix_name(const char *name, Rt_map *clmp, uint_t orig) { /* * For ABI compliance, if we are asked for ld.so.1, then really give * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). */ if (((*name == '/') && #if defined(_ELF64) (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || #else (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || #endif (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { Pnode *pnp; DBG_CALL(Dbg_file_fixname(name, MSG_ORIG(MSG_PTH_LIBSYS))); if (((pnp = calloc(sizeof (Pnode), 1)) == 0) || ((pnp->p_name = strdup(MSG_ORIG(MSG_PTH_LIBSYS))) == 0)) { if (pnp) free(pnp); return (0); } pnp->p_len = MSG_PTH_LIBSYS_SIZE; pnp->p_orig = (orig & PN_SER_MASK); return (pnp); } return (expand_paths(clmp, name, orig, 0)); } /* * Determine if we have been given an ELF file and if so determine if the file * is compatible. Returns 1 if true, else 0 and sets the reject descriptor * with associated error information. */ static int elf_are_u(Rej_desc *rej) { Ehdr *ehdr; /* * Determine if we're an elf file. If not simply return, we don't set * any rejection information as this test allows use to scroll through * the objects we support (ELF, AOUT). */ if (fmap->fm_fsize < sizeof (Ehdr) || fmap->fm_maddr[EI_MAG0] != ELFMAG0 || fmap->fm_maddr[EI_MAG1] != ELFMAG1 || fmap->fm_maddr[EI_MAG2] != ELFMAG2 || fmap->fm_maddr[EI_MAG3] != ELFMAG3) { return (0); } /* * Check class and encoding. */ /* LINTED */ ehdr = (Ehdr *)fmap->fm_maddr; if (ehdr->e_ident[EI_CLASS] != M_CLASS) { rej->rej_type = SGS_REJ_CLASS; rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; return (0); } if (ehdr->e_ident[EI_DATA] != M_DATA) { rej->rej_type = SGS_REJ_DATA; rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; return (0); } if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && (ehdr->e_type != ET_DYN)) { rej->rej_type = SGS_REJ_TYPE; rej->rej_info = (uint_t)ehdr->e_type; return (0); } /* * Verify machine specific flags, and hardware capability requirements. */ if ((elf_mach_flags_check(rej, ehdr) == 0) || ((rtld_flags2 & RT_FL2_HWCAP) && (hwcap_check(rej, ehdr) == 0))) return (0); /* * Verify ELF version. ??? is this too restrictive ??? */ if (ehdr->e_version > EV_CURRENT) { rej->rej_type = SGS_REJ_VERSION; rej->rej_info = (uint_t)ehdr->e_version; return (0); } return (1); } /* * The runtime linker employs lazy loading to provide the libraries needed for * debugging, preloading .o's and dldump(). As these are seldom used, the * standard startup of ld.so.1 doesn't initialize all the information necessary * to perform plt relocation on ld.so.1's link-map. The first time lazy loading * is called we get here to perform these initializations: * * o elf_needed() is called to set up the DYNINFO() indexes for each lazy * dependency. Typically, for all other objects, this is called during * analyze_so(), but as ld.so.1 is set-contained we skip this processing. * * o For intel, ld.so.1's JMPSLOT relocations need relative updates. These * are by default skipped thus delaying all relative relocation processing * on every invocation of ld.so.1. */ int elf_rtld_load() { Lm_list *lml = &lml_rtld; Rt_map *lmp = lml->lm_head; if (lml->lm_flags & LML_FLG_PLTREL) return (1); /* * As we need to refer to the DYNINFO() information, insure that it has * been initialized. */ if (elf_needed(lml, ALO_DATA, lmp) == 0) return (0); #if defined(i386) /* * This is a kludge to give ld.so.1 a performance benefit on i386. * It's based around two factors. * * o JMPSLOT relocations (PLT's) actually need a relative relocation * applied to the GOT entry so that they can find PLT0. * * o ld.so.1 does not exercise *any* PLT's before it has made a call * to elf_lazy_load(). This is because all dynamic dependencies * are recorded as lazy dependencies. */ (void) elf_reloc_relacount((ulong_t)JMPREL(lmp), (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), (ulong_t)ADDR(lmp)); #endif lml->lm_flags |= LML_FLG_PLTREL; return (1); } /* * Lazy load an object. */ Rt_map * elf_lazy_load(Rt_map *clmp, uint_t ndx, const char *sym) { Rt_map *nlmp, *hlmp; Dyninfo *dip = &DYNINFO(clmp)[ndx]; uint_t flags = 0; Pnode *pnp; const char *name; Lm_list *lml = LIST(clmp); Lm_cntl *lmc; Aliste lmco; /* * If this dependency has already been processed, we're done. */ if (((nlmp = (Rt_map *)dip->di_info) != 0) || (dip->di_flags & FLG_DI_PROCESSD)) return (nlmp); /* * Determine the initial dependency name, and indicate that this * dependencies processing has initiated. */ name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; DBG_CALL(Dbg_file_lazyload(name, NAME(clmp), sym)); if (lml->lm_flags & LML_FLG_TRC_ENABLE) dip->di_flags |= FLG_DI_PROCESSD; if (dip->di_flags & FLG_DI_GROUP) flags |= (FLG_RT_SETGROUP | FLG_RT_HANDLE); /* * Expand the requested name if necessary. */ if ((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0) return (0); /* * Provided the object on the head of the link-map has completed its * relocation, create a new link-map control list for this request. */ hlmp = lml->lm_head; if (FLAGS(hlmp) & FLG_RT_RELOCED) { if ((lmc = alist_append(&(lml->lm_lists), 0, sizeof (Lm_cntl), AL_CNT_LMLISTS)) == 0) { remove_pnode(pnp); return (0); } lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists); } else { lmc = 0; lmco = ALO_DATA; } /* * Load the associated object. */ dip->di_info = nlmp = load_one(lml, lmco, pnp, clmp, MODE(clmp), flags, 0); /* * Remove any expanded pathname infrastructure. Reduce the pending lazy * dependency count of the caller, together with the link-map lists * count of objects that still have lazy dependencies pending. */ remove_pnode(pnp); if (--LAZY(clmp) == 0) LIST(clmp)->lm_lazy--; /* * Finish processing the objects associated with this request. */ if (nlmp && ((analyze_lmc(lml, lmco, nlmp) == 0) || (relocate_lmc(lml, lmco, nlmp) == 0))) dip->di_info = nlmp = 0; /* * If the dependency has been successfully processed, and it is part of * a link-map control list that is equivalent, or less, that the callers * control list, create an association between the caller and this * dependency. If this dependency isn't yet apart of the callers * link-map control list, then it is still apart of a list that is being * relocated. As the relocation of an object on this list might still * fail, we can't yet bind the caller to this object. To do so, would * be locking the object so that it couldn't be deleted. Mark this * object as free, and it will be reprocessed when this dependency is * next referenced. */ if (nlmp) { if (CNTL(nlmp) <= CNTL(clmp)) { if (bind_one(clmp, nlmp, BND_NEEDED) == 0) dip->di_info = nlmp = 0; } else { dip->di_info = 0; dip->di_flags &= ~FLG_DI_PROCESSD; if (LAZY(clmp)++ == 0) LIST(clmp)->lm_lazy++; } } /* * After a successful load, any objects collected on the new link-map * control list will have been moved to the callers link-map control * list. This control list can now be deleted. */ if (lmc) { if (nlmp == 0) remove_incomplete(lml, lmco); remove_cntl(lml, lmco); } return (nlmp); } /* * Return the entry point of the ELF executable. */ static ulong_t elf_entry_pt(void) { return (ENTRY(lml_main.lm_head)); } /* * Unmap a given ELF shared object from the address space. */ static void elf_unmap_so(Rt_map *lmp) { caddr_t addr; size_t size; Mmap *mmaps; /* * If this link map represents a relocatable object concatenation, then * the image was simply generated in allocated memory. Free the memory. * * Note: the memory was originally allocated in the libelf:_elf_outmap * routine and would normally have been free'd in elf_outsync(), but * because we 'interpose' on that routine the memory wasn't free'd at * that time. */ if (FLAGS(lmp) & FLG_RT_IMGALLOC) { free((void *)ADDR(lmp)); return; } /* * If padding was enabled via rtld_db, then we have at least one page * in front of the image - and possibly a trailing page. * Unmap the front page first: */ if (PADSTART(lmp) != ADDR(lmp)) { addr = (caddr_t)M_PTRUNC(PADSTART(lmp)); size = ADDR(lmp) - (ulong_t)addr; (void) munmap(addr, size); } /* * Unmap any trailing padding. */ if (M_PROUND((PADSTART(lmp) + PADIMLEN(lmp))) > M_PROUND(ADDR(lmp) + MSIZE(lmp))) { addr = (caddr_t)M_PROUND(ADDR(lmp) + MSIZE(lmp)); size = M_PROUND(PADSTART(lmp) + PADIMLEN(lmp)) - (ulong_t)addr; (void) munmap(addr, size); } /* * Unmmap all mapped segments. */ for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) (void) munmap(mmaps->m_vaddr, mmaps->m_msize); } /* * Determine if a dependency requires a particular version and if so verify * that the version exists in the dependency. */ static int elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) { Verneed *vnd = VERNEED(clmp); int _num, num = VERNEEDNUM(clmp); char *cstrs = (char *)STRTAB(clmp); Lm_list *lml = LIST(clmp); /* * Traverse the callers version needed information and determine if any * specific versions are required from the dependency. */ for (_num = 1; _num <= num; _num++, vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { Half cnt = vnd->vn_cnt; Vernaux *vnap; char *nstrs, *need; /* * Determine if a needed entry matches this dependency. */ need = (char *)(cstrs + vnd->vn_file); if (strcmp(name, need) != 0) continue; DBG_CALL(Dbg_ver_need_title(NAME(clmp))); if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); /* * Validate that each version required actually exists in the * dependency. */ nstrs = (char *)STRTAB(nlmp); for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { char *version, *define; Verdef *vdf = VERDEF(nlmp); ulong_t _num, num = VERDEFNUM(nlmp); int found = 0; version = (char *)(cstrs + vnap->vna_name); DBG_CALL(Dbg_ver_need_entry(0, need, version)); for (_num = 1; _num <= num; _num++, vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { Verdaux *vdap; if (vnap->vna_hash != vdf->vd_hash) continue; vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); define = (char *)(nstrs + vdap->vda_name); if (strcmp(version, define) != 0) continue; found++; break; } /* * If we're being traced print out any matched version * when the verbose (-v) option is in effect. Always * print any unmatched versions. */ if (lml->lm_flags & LML_FLG_TRC_ENABLE) { if (found) { if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) continue; (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), need, version, NAME(nlmp)); } else { if (rtld_flags & RT_FL_SILENCERR) continue; (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), need, version); } continue; } /* * If the version hasn't been found then this is a * candidate for a fatal error condition. Weak * version definition requirements are silently * ignored. Also, if the image inspected for a version * definition has no versioning recorded at all then * silently ignore this (this provides better backward * compatibility to old images created prior to * versioning being available). Both of these skipped * diagnostics are available under tracing (see above). */ if ((found == 0) && (num != 0) && (!(vnap->vna_flags & VER_FLG_WEAK))) { eprintf(ERR_FATAL, MSG_INTL(MSG_VER_NFOUND), need, version, NAME(clmp)); return (0); } } return (1); } return (1); } /* * Search through the dynamic section for DT_NEEDED entries and perform one * of two functions. If only the first argument is specified then load the * defined shared object, otherwise add the link map representing the defined * link map the the dlopen list. */ static int elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp) { Dyn *dyn; ulong_t ndx = 0; uint_t lazy = 0, flags = 0; Word lmflags = lml->lm_flags; Word lmtflags = lml->lm_tflags; /* * Process each shared object on needed list. */ if (DYN(clmp) == 0) return (1); for (dyn = (Dyn *)DYN(clmp); dyn->d_tag != DT_NULL; dyn++, ndx++) { Dyninfo *dip = &DYNINFO(clmp)[ndx]; Rt_map *nlmp = 0; char *name; int silent = 0; Pnode *pnp; switch (dyn->d_tag) { case DT_POSFLAG_1: if ((dyn->d_un.d_val & DF_P1_LAZYLOAD) && !(lmtflags & LML_TFLG_NOLAZYLD)) lazy = 1; if (dyn->d_un.d_val & DF_P1_GROUPPERM) flags = (FLG_RT_SETGROUP | FLG_RT_HANDLE); continue; case DT_NEEDED: case DT_USED: dip->di_flags |= FLG_DI_NEEDED; if (flags) dip->di_flags |= FLG_DI_GROUP; name = (char *)STRTAB(clmp) + dyn->d_un.d_val; /* * NOTE, libc.so.1 can't be lazy loaded. Although a * lazy position flag won't be produced when a RTLDINFO * .dynamic entry is found (introduced with the UPM in * Solaris 10), it was possible to mark libc for lazy * loading on previous releases. To reduce the overhead * of testing for this occurrence, only carry out this * check for the first object on the link-map list * (there aren't many applications built without libc). */ if (lazy && (lml->lm_head == clmp) && (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) lazy = 0; /* * Don't bring in lazy loaded objects yet unless we've * been asked to attempt to load all available objects * (crle(1) sets LD_FLAGS=loadavail). Even under * RTLD_NOW we don't process this - RTLD_NOW will cause * relocation processing which in turn might trigger * lazy loading, but its possible that the object has a * lazy loaded file with no bindings (i.e., it should * never have been a dependency in the first place). */ if (lazy) { if ((lmflags & LML_FLG_LOADAVAIL) == 0) { LAZY(clmp)++; lazy = flags = 0; continue; } /* * Silence any error messages - see description * under elf_lookup_filtee(). */ if ((rtld_flags & RT_FL_SILENCERR) == 0) { rtld_flags |= RT_FL_SILENCERR; silent = 1; } } break; case DT_AUXILIARY: dip->di_flags |= FLG_DI_AUXFLTR; lazy = flags = 0; continue; case DT_SUNW_AUXILIARY: dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); lazy = flags = 0; continue; case DT_FILTER: dip->di_flags |= FLG_DI_STDFLTR; lazy = flags = 0; continue; case DT_SUNW_FILTER: dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); lazy = flags = 0; continue; default: lazy = flags = 0; continue; } DBG_CALL(Dbg_file_needed(name, NAME(clmp))); if (lml->lm_flags & LML_FLG_TRC_ENABLE) dip->di_flags |= FLG_DI_PROCESSD; /* * Establish the objects name, load it and establish a binding * with the caller. */ if (((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0) || ((nlmp = load_one(lml, lmco, pnp, clmp, MODE(clmp), flags, 0)) == 0) || (bind_one(clmp, nlmp, BND_NEEDED) == 0)) nlmp = 0; /* * Clean up any infrastructure, including the removal of the * error suppression state, if it had been previously set in * this routine. */ if (pnp) remove_pnode(pnp); if (silent) rtld_flags &= ~RT_FL_SILENCERR; lazy = flags = 0; if ((dip->di_info = (void *)nlmp) == 0) { /* * If the object could not be mapped, continue if error * suppression is established or we're here with ldd(1). */ if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) continue; else return (0); } } if (LAZY(clmp)) lml->lm_lazy++; return (1); } static int elf_map_check(const char *name, caddr_t vaddr, Off size) { prmap_t *maps, *_maps; int pfd, num, _num; caddr_t eaddr = vaddr + size; int err; /* * If memory reservations have been established for alternative objects * determine if this object falls within the reservation, if it does no * further checking is required. */ if (rtld_flags & RT_FL_MEMRESV) { Rtc_head *head = (Rtc_head *)config->c_bgn; if ((vaddr >= (caddr_t)(uintptr_t)head->ch_resbgn) && (eaddr <= (caddr_t)(uintptr_t)head->ch_resend)) return (0); } /* * Determine the mappings presently in use by this process. */ if ((pfd = pr_open()) == FD_UNAVAIL) return (1); if (ioctl(pfd, PIOCNMAP, (void *)&num) == -1) { err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_PROC), pr_name, strerror(err)); return (1); } if ((maps = malloc((num + 1) * sizeof (prmap_t))) == 0) return (1); if (ioctl(pfd, PIOCMAP, (void *)maps) == -1) { err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_PROC), pr_name, strerror(err)); free(maps); return (1); } /* * Determine if the supplied address clashes with any of the present * process mappings. */ for (_num = 0, _maps = maps; _num < num; _num++, _maps++) { caddr_t _eaddr = _maps->pr_vaddr + _maps->pr_size; Rt_map *lmp; const char *str; if ((eaddr < _maps->pr_vaddr) || (vaddr >= _eaddr)) continue; /* * We have a memory clash. See if one of the known dynamic * dependency mappings represents this space so as to provide * the user a more meaningful message. */ if ((lmp = _caller(vaddr, 0)) != 0) str = NAME(lmp); else str = MSG_INTL(MSG_STR_UNKNOWN); eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_MAPINUSE), name, EC_ADDR(vaddr), EC_OFF(size), str); return (1); } free(maps); return (0); } /* * Obtain a memory reservation. On newer systems, both MAP_ANON and MAP_ALIGN * are used to obtained an aligned reservation from anonymous memory. If * MAP_ANON isn't available, then MAP_ALIGN isn't either, so obtain a standard * reservation using the file as backing. */ static Am_ret elf_map_reserve(const char *name, caddr_t *maddr, Off msize, int mperm, int fd, Xword align) { Am_ret amret; int mflag = MAP_PRIVATE | MAP_NORESERVE; #if defined(MAP_ALIGN) if ((rtld_flags2 & RT_FL2_NOMALIGN) == 0) { mflag |= MAP_ALIGN; *maddr = (caddr_t)align; } #endif if ((amret = anon_map(maddr, msize, PROT_NONE, mflag)) == AM_ERROR) return (amret); if (amret == AM_OK) return (AM_OK); /* * If an anonymous memory request failed (which should only be the * case if it is unsupported on the system we're running on), establish * the initial mapping directly from the file. */ *maddr = 0; if ((*maddr = mmap(*maddr, msize, mperm, MAP_PRIVATE, fd, 0)) == MAP_FAILED) { int err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), name, strerror(err)); return (AM_ERROR); } return (AM_NOSUP); } static void * elf_map_textdata(caddr_t addr, Off flen, int mperm, int phdr_mperm, int mflag, int fd, Off foff) { #if defined(MAP_TEXT) && defined(MAP_INITDATA) static int notd = 0; /* * If MAP_TEXT and MAP_INITDATA are available, select the appropriate * flag. */ if (notd == 0) { if ((phdr_mperm & (PROT_WRITE | PROT_EXEC)) == PROT_EXEC) mflag |= MAP_TEXT; else mflag |= MAP_INITDATA; } #endif if (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff) != MAP_FAILED) return (0); #if defined(MAP_TEXT) && defined(MAP_INITDATA) if ((notd == 0) && (errno == EINVAL)) { /* * MAP_TEXT and MAP_INITDATA may not be supported on this * platform, try again without. */ notd = 1; mflag &= ~(MAP_TEXT | MAP_INITDATA); return (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff)); } #endif return (MAP_FAILED); } /* * Map in a file. */ static caddr_t elf_map_it( const char *name, /* actual name stored for pathname */ Off fsize, /* total mapping claim of the file */ Ehdr *ehdr, /* ELF header of file */ Phdr *fphdr, /* first loadable Phdr */ Phdr *lphdr, /* last loadable Phdr */ Phdr **rrphdr, /* return first Phdr in reservation */ caddr_t *rraddr, /* return start of reservation */ Off *rrsize, /* return total size of reservation */ int fixed, /* image is resolved to a fixed addr */ int fd, /* images file descriptor */ Xword align, /* image segments maximum alignment */ Mmap *mmaps, /* mmap information array and */ uint_t *mmapcnt) /* mapping count */ { caddr_t raddr; /* reservation address */ Off rsize; /* reservation size */ Phdr *phdr; /* working program header poiner */ caddr_t maddr; /* working mmap address */ caddr_t faddr; /* working file address */ size_t padsize; /* object padding requirement */ size_t padpsize = 0; /* padding size rounded to next page */ size_t padmsize = 0; /* padding size rounded for alignment */ int skipfseg; /* skip mapping first segment */ int mperm; /* segment permissions */ Am_ret amret = AM_NOSUP; /* * If padding is required extend both the front and rear of the image. * To insure the image itself is mapped at the correct alignment the * initial padding is rounded up to the nearest page. Once the image is * mapped the excess can be pruned to the nearest page required for the * actual padding itself. */ if ((padsize = r_debug.rtd_objpad) != 0) { padpsize = M_PROUND(padsize); if (fixed) padmsize = padpsize; else padmsize = S_ROUND(padsize, align); } /* * Determine the initial permissions used to map in the first segment. * If this segments memsz is greater that its filesz then the difference * must be zeroed. Make sure this segment is writable. */ mperm = 0; if (fphdr->p_flags & PF_R) mperm |= PROT_READ; if (fphdr->p_flags & PF_X) mperm |= PROT_EXEC; if ((fphdr->p_flags & PF_W) || (fphdr->p_memsz > fphdr->p_filesz)) mperm |= PROT_WRITE; /* * Determine whether or not to let system reserve address space based on * whether this is a dynamic executable (addresses in object are fixed) * or a shared object (addresses in object are relative to the objects' * base). */ if (fixed) { /* * Determine the reservation address and size, and insure that * this reservation isn't already in use. */ faddr = maddr = (caddr_t)M_PTRUNC((ulong_t)fphdr->p_vaddr); raddr = maddr - padpsize; rsize = fsize + padpsize + padsize; if (lml_main.lm_head) { if (elf_map_check(name, raddr, rsize) != 0) return (0); } /* * As this is a fixed image, all segments must be individually * mapped. */ skipfseg = 0; } else { size_t esize; /* * If this isn't a fixed image, reserve enough address space for * the entire image to be mapped. The amount of reservation is * the range between the beginning of the first, and end of the * last loadable segment, together with any padding, plus the * alignment of the first segment. * * The optimal reservation is made as a no-reserve mapping from * anonymous memory. Each segment is then mapped into this * reservation. If the anonymous mapping capability isn't * available, the reservation is obtained from the file itself. * In this case the first segment of the image is mapped as part * of the reservation, thus only the following segments need to * be remapped. */ rsize = fsize + padmsize + padsize; if ((amret = elf_map_reserve(name, &raddr, rsize, mperm, fd, align)) == AM_ERROR) return (0); maddr = raddr + padmsize; faddr = (caddr_t)S_ROUND((Off)maddr, align); /* * If this reservation has been obtained from anonymous memory, * then all segments must be individually mapped. Otherwise, * the first segment heads the reservation. */ if (amret == AM_OK) skipfseg = 0; else skipfseg = 1; /* * For backward compatibility (where MAP_ALIGN isn't available), * insure the alignment of the reservation is adequate for this * object, and if not remap the object to obtain the correct * alignment. */ if (faddr != maddr) { (void) munmap(raddr, rsize); rsize += align; if ((amret = elf_map_reserve(name, &raddr, rsize, mperm, fd, align)) == AM_ERROR) return (0); maddr = faddr = (caddr_t)S_ROUND((Off)(raddr + padpsize), align); esize = maddr - raddr + padpsize; /* * As ths image has been realigned, the first segment * of the file needs to be remapped to its correct * location. */ skipfseg = 0; } else esize = padmsize - padpsize; /* * If this reservation included padding, remove any excess for * the start of the image (the padding was adjusted to insure * the image was aligned appropriately). */ if (esize) { (void) munmap(raddr, esize); raddr += esize; rsize -= esize; } } /* * At this point we know the initial location of the image, and its * size. Pass these back to the caller for inclusion in the link-map * that will eventually be created. */ *rraddr = raddr; *rrsize = rsize; /* * The first loadable segment is now pointed to by maddr. This segment * will eventually contain the elf header and program headers, so reset * the program header. Pass this back to the caller for inclusion in * the link-map so it can be used for later unmapping operations. */ /* LINTED */ *rrphdr = (Phdr *)((char *)maddr + ehdr->e_phoff); /* * If padding is required at the front of the image, obtain that now. * Note, if we've already obtained a reservation from anonymous memory * then this reservation will already include suitable padding. * Otherwise this reservation is backed by the file, or in the case of * a fixed image, doesn't yet exist. Map the padding so that it is * suitably protected (PROT_NONE), and insure the first segment of the * file is mapped to its correct location. */ if (padsize) { if (amret == AM_NOSUP) { if (dz_map(raddr, padpsize, PROT_NONE, (MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE)) == MAP_FAILED) return (0); skipfseg = 0; } rsize -= padpsize; } /* * Map individual segments. For a fixed image, these will each be * unique mappings. For a reservation these will fill in the * reservation. */ for (phdr = fphdr; phdr <= lphdr; phdr = (Phdr *)((Off)phdr + ehdr->e_phentsize)) { caddr_t addr; Off mlen, flen; size_t size; /* * Skip non-loadable segments or segments that don't occupy * any memory. */ if (((phdr->p_type != PT_LOAD) && (phdr->p_type != PT_SUNWBSS)) || (phdr->p_memsz == 0)) continue; /* * Establish this segments address relative to our base. */ addr = (caddr_t)M_PTRUNC((ulong_t)(phdr->p_vaddr + (fixed ? 0 : faddr))); /* * Determine the mapping protection from the segment attributes. * Also determine the etext address from the last loadable * segment which has permissions but no write access. */ mperm = 0; if (phdr->p_flags) { if (phdr->p_flags & PF_R) mperm |= PROT_READ; if (phdr->p_flags & PF_X) mperm |= PROT_EXEC; if (phdr->p_flags & PF_W) mperm |= PROT_WRITE; else fmap->fm_etext = phdr->p_vaddr + phdr->p_memsz + (ulong_t)(fixed ? 0 : faddr); } /* * Determine the type of mapping required. */ if (phdr->p_type == PT_SUNWBSS) { /* * Potentially, we can defer the loading of any SUNWBSS * segment, depending on whether the symbols it provides * have been bound to. In this manner, large segments * that are interposed upon between shared libraries * may not require mapping. Note, that the mapping * information is recorded in our mapping descriptor at * this time. */ mlen = phdr->p_memsz; flen = 0; } else if ((phdr->p_filesz == 0) && (phdr->p_flags == 0)) { /* * If this segment has no backing file and no flags * specified, then it defines a reservation. At this * point all standard loadable segments will have been * processed. The segment reservation is mapped * directly from /dev/null. */ if (nu_map((caddr_t)addr, phdr->p_memsz, PROT_NONE, MAP_FIXED | MAP_PRIVATE) == MAP_FAILED) return (0); mlen = phdr->p_memsz; flen = 0; } else if (phdr->p_filesz == 0) { /* * If this segment has no backing file then it defines a * nobits segment and is mapped directly from /dev/zero. */ if (dz_map((caddr_t)addr, phdr->p_memsz, mperm, MAP_FIXED | MAP_PRIVATE) == MAP_FAILED) return (0); mlen = phdr->p_memsz; flen = 0; } else { Off foff; /* * This mapping originates from the file. Determine the * file offset to which the mapping will be directed * (must be aligned) and how much to map (might be more * than the file in the case of .bss). */ foff = M_PTRUNC((ulong_t)phdr->p_offset); mlen = phdr->p_memsz + (phdr->p_offset - foff); flen = phdr->p_filesz + (phdr->p_offset - foff); /* * If this is a non-fixed, non-anonymous mapping, and no * padding is involved, then the first loadable segment * is already part of the initial reservation. In this * case there is no need to remap this segment. */ if ((skipfseg == 0) || (phdr != fphdr)) { int phdr_mperm = mperm; /* * If this segments memsz is greater that its * filesz then the difference must be zeroed. * Make sure this segment is writable. */ if (phdr->p_memsz > phdr->p_filesz) mperm |= PROT_WRITE; if (elf_map_textdata((caddr_t)addr, flen, mperm, phdr_mperm, (MAP_FIXED | MAP_PRIVATE), fd, foff) == MAP_FAILED) { int err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), name, strerror(err)); return (0); } } /* * If the memory occupancy of the segment overflows the * definition in the file, we need to "zero out" the end * of the mapping we've established, and if necessary, * map some more space from /dev/zero. Note, zero'ed * memory must end on a double word boundary to satisfy * zero(). */ if (phdr->p_memsz > phdr->p_filesz) { caddr_t zaddr; size_t zlen, zplen; Off fend; foff = (Off)(phdr->p_vaddr + phdr->p_filesz + (fixed ? 0 : faddr)); zaddr = (caddr_t)M_PROUND(foff); zplen = (size_t)(zaddr - foff); fend = (Off)S_DROUND((size_t)(phdr->p_vaddr + phdr->p_memsz + (fixed ? 0 : faddr))); zlen = (size_t)(fend - foff); /* * Determine whether the number of bytes that * must be zero'ed overflow to the next page. * If not, simply clear the exact bytes * (filesz to memsz) from this page. Otherwise, * clear the remaining bytes of this page, and * map an following pages from /dev/zero. */ if (zlen < zplen) zero((caddr_t)foff, (long)zlen); else { zero((caddr_t)foff, (long)zplen); if ((zlen = (fend - (Off)zaddr)) > 0) { if (dz_map(zaddr, zlen, mperm, MAP_FIXED | MAP_PRIVATE) == MAP_FAILED) return (0); } } } } /* * Unmap anything from the last mapping address to this one and * update the mapping claim pointer. */ if ((fixed == 0) && ((size = addr - maddr) != 0)) { (void) munmap(maddr, size); rsize -= size; } /* * Retain this segments mapping information. */ mmaps[*mmapcnt].m_vaddr = addr; mmaps[*mmapcnt].m_msize = mlen; mmaps[*mmapcnt].m_fsize = flen; mmaps[*mmapcnt].m_perm = mperm; (*mmapcnt)++; maddr = addr + M_PROUND(mlen); rsize -= M_PROUND(mlen); } /* * If padding is required at the end of the image, obtain that now. * Note, if we've already obtained a reservation from anonymous memory * then this reservation will already include suitable padding. */ if (padsize) { if (amret == AM_NOSUP) { /* * maddr is currently page aligned from the last segment * mapping. */ if (dz_map(maddr, padsize, PROT_NONE, (MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE)) == MAP_FAILED) return (0); } maddr += padsize; rsize -= padsize; } /* * Unmap any final reservation. */ if ((fixed == 0) && (rsize != 0)) (void) munmap(maddr, rsize); return (faddr); } /* * A null symbol interpretor. Used if a filter has no associated filtees. */ /* ARGSUSED0 */ static Sym * elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo) { return ((Sym *)0); } /* * Disable filtee use. */ static void elf_disable_filtee(Rt_map * lmp, Dyninfo * dip) { dip->di_info = 0; if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { /* * If this is an object filter, free the filtee's duplication. */ if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { free(REFNAME(lmp)); REFNAME(lmp) = (char *)0; OBJFLTRNDX(lmp) = FLTR_DISABLED; /* * Indicate that this filtee is no longer available. */ if (dip->di_flags & FLG_DI_STDFLTR) SYMINTP(lmp) = elf_null_find_sym; } } else if (dip->di_flags & FLG_DI_STDFLTR) { /* * Indicate that this standard filtee is no longer available. */ if (SYMSFLTRCNT(lmp)) SYMSFLTRCNT(lmp)--; } else { /* * Indicate that this auxiliary filtee is no longer available. */ if (SYMAFLTRCNT(lmp)) SYMAFLTRCNT(lmp)--; } dip->di_flags &= ~MSK_DI_FILTER; } /* * Find symbol interpreter - filters. * This function is called when the symbols from a shared object should * be resolved from the shared objects filtees instead of from within itself. * * A symbol name of 0 is used to trigger filtee loading. */ static Sym * _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx) { const char *name = slp->sl_name, *filtees; Rt_map *clmp = slp->sl_cmap; Rt_map *ilmp = slp->sl_imap; Pnode *pnp, **pnpp; int any; Dyninfo *dip = &DYNINFO(ilmp)[ndx]; Lm_list *lml = LIST(ilmp); Lm_cntl *lmc = 0; Aliste lmco; /* * Indicate that the filter has been used. If a binding already exists * to the caller, indicate that this object is referenced. This insures * we don't generate false unreferenced diagnostics from ldd -u/U or * debugging. Don't create a binding regardless, as this filter may * have been dlopen()'ed. */ if (name && (ilmp != clmp)) { Word tracing = (LIST(clmp)->lm_flags & (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); if (tracing || dbg_mask) { Bnd_desc ** bdpp; Aliste off; FLAGS1(ilmp) |= FL1_RT_USED; if ((tracing & LML_FLG_TRC_UNREF) || dbg_mask) { for (ALIST_TRAVERSE(CALLERS(ilmp), off, bdpp)) { Bnd_desc * bdp = *bdpp; if (bdp->b_caller == clmp) { bdp->b_flags |= BND_REFER; break; } } } } } /* * If this is the first call to process this filter, establish the * filtee list. If a configuration file exists, determine if any * filtee associations for this filter, and its filtee reference, are * defined. Otherwise, process the filtee reference. Any token * expansion is also completed at this point (i.e., $PLATFORM). */ filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; if (dip->di_info == 0) { if (rtld_flags2 & RT_FL2_FLTCFG) dip->di_info = elf_config_flt(PATHNAME(ilmp), filtees); if (dip->di_info == 0) { DBG_CALL(Dbg_file_filter(NAME(ilmp), filtees, 0)); if ((lml->lm_flags & (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), NAME(ilmp), filtees); if ((dip->di_info = (void *)expand_paths(ilmp, filtees, PN_SER_FILTEE, 0)) == 0) { elf_disable_filtee(ilmp, dip); return ((Sym *)0); } } } /* * Traverse the filtee list, dlopen()'ing any objects specified and * using their group handle to lookup the symbol. */ for (any = 0, pnpp = (Pnode **)&(dip->di_info), pnp = *pnpp; pnp; pnpp = &pnp->p_next, pnp = * pnpp) { int mode; Grp_hdl *ghp; Rt_map *nlmp = 0; if (pnp->p_len == 0) continue; /* * Establish the mode of the filtee from the filter. As filtees * are loaded via a dlopen(), make sure that RTLD_GROUP is set * and the filtees aren't global. It would be nice to have * RTLD_FIRST used here also, but as filters got out long before * RTLD_FIRST was introduced it's a little too late now. */ mode = MODE(ilmp) | RTLD_GROUP; mode &= ~RTLD_GLOBAL; /* * Insure that any auxiliary filter can locate symbols from its * caller. */ if (dip->di_flags & FLG_DI_AUXFLTR) mode |= RTLD_PARENT; /* * Process any hardware capability directory. Establish a new * link-map control list from which to analyze any newly added * objects. Note that an lmc may already be allocated from a * previous filtee dlopen() that failed. */ if ((pnp->p_info == 0) && (pnp->p_orig & PN_TKN_HWCAP)) { if ((lmc == 0) && (FLAGS(lml->lm_head) & FLG_RT_RELOCED) && ((lmc = alist_append(&(lml->lm_lists), 0, sizeof (Lm_cntl), AL_CNT_LMLISTS)) == 0)) return ((Sym *)0); if (lmc) lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists); else lmco = ALO_DATA; pnp = hwcap_filtees(pnpp, lmco, dip, ilmp, filtees, mode, (FLG_RT_HANDLE | FLG_RT_HWCAP)); } if (pnp->p_len == 0) continue; /* * Process an individual filtee. */ if (pnp->p_info == 0) { const char *filtee = pnp->p_name; int audit = 0; DBG_CALL(Dbg_file_filtee(NAME(ilmp), filtee, 0)); ghp = 0; /* * Determine if the reference link map is already * loaded. As an optimization compare the filtee with * our interpretor. The most common filter is * libdl.so.1, which is a filter on ld.so.1. */ #if defined(_ELF64) if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { #else if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { #endif /* * Create an association between ld.so.1 and * the filter. */ nlmp = lml_rtld.lm_head; if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, (GPH_LDSO | GPH_FIRST | GPH_FILTEE))) == 0) nlmp = 0; /* * Establish the filter handle to prevent any * recursion. */ if (nlmp && ghp) pnp->p_info = (void *)ghp; /* * Audit the filter/filtee established. Ignore * any return from the auditor, as we can't * allow ignore filtering to ld.so.1, otherwise * nothing is going to work. */ if ((lml->lm_tflags | FLAGS1(ilmp)) & LML_TFLG_AUD_OBJFILTER) (void) audit_objfilter(ilmp, filtees, nlmp, 0); } else { Rej_desc rej = { 0 }; /* * Establish a new link-map control list from * which to analyze any newly added objects. * Note that an lmc may already be allocated * from a previous filtee dlopen() that failed. */ if ((lmc == 0) && (FLAGS(lml->lm_head) & FLG_RT_RELOCED) && ((lmc = alist_append(&(lml->lm_lists), 0, sizeof (Lm_cntl), AL_CNT_LMLISTS)) == 0)) return ((Sym *)0); if (lmc) lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists); else lmco = ALO_DATA; /* * Load the filtee. */ if ((nlmp = load_path(lml, lmco, filtee, ilmp, mode, FLG_RT_HANDLE, &ghp, 0, &rej)) == 0) { file_notfound(LIST(ilmp), filtee, ilmp, FLG_RT_HANDLE, &rej); remove_rej(&rej); } /* * Establish the filter handle to prevent any * recursion. */ if (nlmp && ghp) { ghp->gh_flags |= GPH_FILTEE; pnp->p_info = (void *)ghp; } /* * Audit the filter/filtee established. A * return of 0 indicates the auditor wishes to * ignore this filtee. */ if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & LML_TFLG_AUD_OBJFILTER)) { if (audit_objfilter(ilmp, filtees, nlmp, 0) == 0) { audit = 1; nlmp = 0; } } /* * Finish processing the objects associated with * this request. Create an association between * this object and the originating filter to * provide sufficient information to tear down * this filtee if necessary. */ if (nlmp && ghp && ((analyze_lmc(lml, lmco, nlmp) == 0) || (relocate_lmc(lml, lmco, nlmp) == 0))) nlmp = 0; /* * If the filtee has been successfully * processed, and it is part of a link-map * control list that is equivalent, or less, * than the filter control list, create an * association between the filter and filtee. * This association provides sufficient * information to tear down the filter and * filtee if necessary. */ if (nlmp && ghp && (CNTL(nlmp) <= CNTL(ilmp)) && (hdl_add(ghp, ilmp, GPD_FILTER) == 0)) nlmp = 0; } /* * Generate a diagnostic if the filtee couldn't be * loaded, null out the pnode entry, and continue * the search. Otherwise, retain this group handle * for future symbol searches. */ if (nlmp == 0) { pnp->p_info = 0; DBG_CALL(Dbg_file_filtee(0, filtee, audit)); if (ghp) (void) dlclose_core(ghp, ilmp); if (lmc) { (void) lm_salvage(lml, 0, lmco); lmc->lc_head = lmc->lc_tail = 0; } pnp->p_len = 0; continue; } } ghp = (Grp_hdl *)pnp->p_info; /* * If we're just here to trigger filtee loading skip the symbol * lookup so we'll continue looking for additional filtees. */ if (name) { Grp_desc *gdp; Sym *sym = 0; Aliste off; Slookup sl = *slp; sl.sl_flags |= LKUP_FIRST; any++; /* * Look for the symbol in the handles dependencies. */ for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) { if ((gdp->gd_flags & GPD_AVAIL) == 0) continue; /* * If our parent is a dependency don't look at * it (otherwise we are in a recursive loop). * This situation can occur with auxiliary * filters if the filtee has a dependency on the * filter. This dependency isn't necessary as * auxiliary filters are opened RTLD_PARENT, but * users may still unknowingly add an explicit * dependency to the parent. */ if ((sl.sl_imap = gdp->gd_depend) == ilmp) continue; if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp, binfo)) != 0) || (ghp->gh_flags & GPH_FIRST)) break; } /* * If this filtee has just been loaded (nlmp != 0), * determine whether the filtee was triggered by a * relocation from an object that is still being * relocated on a leaf link-map control list. As the * relocation of an object on this list might still * fail, we can't yet bind the filter to the filtee. * To do so, would be locking the filtee so that it * couldn't be deleted, and the filtee itself could have * bound to an object that must be torn down. Insure * the caller isn't bound to the handle at this time. * Any association will be reestablished when the filter * is later referenced and the filtee has propagated to * the same link-map control list. */ if (nlmp && (CNTL(nlmp) > CNTL(ilmp))) { remove_caller(ghp, ilmp); pnp->p_info = 0; } if (sym) { if (lmc) remove_cntl(lml, lmco); *binfo |= DBG_BINFO_FILTEE; return (sym); } } /* * If this object is tagged to terminate filtee processing we're * done. */ if (FLAGS1(ghp->gh_owner) & FL1_RT_ENDFILTE) break; } if (lmc) remove_cntl(lml, lmco); /* * If we're just here to trigger filtee loading then we're done. */ if (name == 0) return ((Sym *)0); /* * If no filtees have been found for a filter, clean up any Pnode * structures and disable their search completely. For auxiliary * filters we can reselect the symbol search function so that we never * enter this routine again for this object. For standard filters we * use the null symbol routine. */ if (any == 0) { remove_pnode((Pnode *)dip->di_info); elf_disable_filtee(ilmp, dip); return ((Sym *)0); } return ((Sym *)0); } /* * Focal point for disabling error messages for auxiliary filters. As an * auxiliary filter allows for filtee use, but provides a fallback should a * filtee not exist (or fail to load), any errors generated as a consequence of * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR * suppresses errors generated by eprint(), but insures a debug diagnostic is * produced. ldd(1) employs printf(), and here, the selection of whether to * print a diagnostic in regards to auxiliary filters is a little more complex. * * . The determination of whether to produce an ldd message, or a fatal * error message is driven by LML_FLG_TRC_ENABLE. * . More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). * * . If the calling object is lddstub, then several classes of message are * suppressed. The user isn't trying to diagnose lddstub, this is simply * a stub executable employed to preload a user specified library against. * * . If RT_FL_SILENCERR is in effect then any generic ldd() messages should * be suppressed. All detailed ldd messages should still be produced. */ Sym * elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx) { Sym *sym; Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; int silent = 0; /* * Make sure this entry is still acting as a filter. We may have tried * to process this previously, and disabled it if the filtee couldn't * be processed. However, other entries may provide different filtees * that are yet to be completed. */ if (dip->di_flags == 0) return ((Sym *)0); /* * Indicate whether an error message is required should this filtee not * be found, based on the type of filter. */ if ((dip->di_flags & FLG_DI_AUXFLTR) && ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { rtld_flags |= RT_FL_SILENCERR; silent = 1; } sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx); if (silent) rtld_flags &= ~RT_FL_SILENCERR; return (sym); } /* * Compute the elf hash value (as defined in the ELF access library). * The form of the hash table is: * * |--------------| * | # of buckets | * |--------------| * | # of chains | * |--------------| * | bucket[] | * |--------------| * | chain[] | * |--------------| */ ulong_t elf_hash(const char *name) { uint_t hval = 0; while (*name) { uint_t g; hval = (hval << 4) + *name++; if ((g = (hval & 0xf0000000)) != 0) hval ^= g >> 24; hval &= ~g; } return ((ulong_t)hval); } /* * If flag argument has LKUP_SPEC set, we treat undefined symbols of type * function specially in the executable - if they have a value, even though * undefined, we use that value. This allows us to associate all references * to a function's address to a single place in the process: the plt entry * for that function in the executable. Calls to lookup from plt binding * routines do NOT set LKUP_SPEC in the flag. */ Sym * elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo) { const char *name = slp->sl_name; Rt_map *ilmp = slp->sl_imap; ulong_t hash = slp->sl_hash; uint_t ndx, htmp, buckets, *chainptr; Sym *sym, *symtabptr; char *strtabptr, *strtabname; uint_t flags1; Syminfo *sip; DBG_CALL(Dbg_syms_lookup(name, NAME(ilmp), MSG_ORIG(MSG_STR_ELF))); if (HASH(ilmp) == 0) return ((Sym *)0); buckets = HASH(ilmp)[0]; /* LINTED */ htmp = (uint_t)hash % buckets; /* * Get the first symbol on hash chain and initialize the string * and symbol table pointers. */ if ((ndx = HASH(ilmp)[htmp + 2]) == 0) return ((Sym *)0); chainptr = HASH(ilmp) + 2 + buckets; strtabptr = STRTAB(ilmp); symtabptr = SYMTAB(ilmp); while (ndx) { sym = symtabptr + ndx; strtabname = strtabptr + sym->st_name; /* * Compare the symbol found with the name required. If the * names don't match continue with the next hash entry. */ if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { if ((ndx = chainptr[ndx]) != 0) continue; return ((Sym *)0); } /* * If we find a match and the symbol is defined, return the * symbol pointer and the link map in which it was found. */ if (sym->st_shndx != SHN_UNDEF) { *dlmp = ilmp; *binfo |= DBG_BINFO_FOUND; if (FLAGS(ilmp) & FLG_RT_INTRPOSE) *binfo |= DBG_BINFO_INTERPOSE; if (slp->sl_flags & LKUP_SELF) return (sym); break; /* * If we find a match and the symbol is undefined, the * symbol type is a function, and the value of the symbol * is non zero, then this is a special case. This allows * the resolution of a function address to the plt[] entry. * See SPARC ABI, Dynamic Linking, Function Addresses for * more details. */ } else if ((slp->sl_flags & (LKUP_SPEC | LKUP_SELF)) && (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { *dlmp = ilmp; *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); if (FLAGS(ilmp) & FLG_RT_INTRPOSE) *binfo |= DBG_BINFO_INTERPOSE; return (sym); } /* * Undefined symbol. */ if (slp->sl_flags & LKUP_SELF) return (sym); return ((Sym *)0); } /* * We've found a match. Determine if the defining object contains * symbol binding information. */ if ((sip = SYMINFO(ilmp)) != 0) /* LINTED */ sip = (Syminfo *)((char *)sip + (ndx * SYMINENT(ilmp))); /* * If this is a direct binding request, but the symbol definition has * disabled directly binding to it (presumably because the symbol * definition has been changed since the referring object was built), * indicate this failure so that the caller can fall back to a standard * symbol search. Clear any debug binding information for cleanliness. */ if (sip && (slp->sl_flags & LKUP_DIRECT) && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { *binfo |= BINFO_DIRECTDIS; *binfo &= ~DBG_BINFO_MSK; return ((Sym *)0); } /* * Determine whether this object is acting as a filter. */ if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) return (sym); /* * Determine if this object offers per-symbol filtering, and if so, * whether this symbol references a filtee. */ if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { /* * If this is a standard filter reference, and no standard * filtees remain to be inspected, we're done. If this is an * auxiliary filter reference, and no auxiliary filtees remain, * we'll fall through in case any object filtering is available. */ if ((sip->si_flags & SYMINFO_FLG_FILTER) && (SYMSFLTRCNT(ilmp) == 0)) return ((Sym *)0); if ((sip->si_flags & SYMINFO_FLG_FILTER) || ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && SYMAFLTRCNT(ilmp))) { Sym * fsym; /* * This symbol has an associated filtee. Lookup the * symbol in the filtee, and if it is found return it. * If the symbol doesn't exist, and this is a standard * filter, return an error, otherwise fall through to * catch any object filtering that may be available. */ if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, sip->si_boundto)) != 0) return (fsym); if (sip->si_flags & SYMINFO_FLG_FILTER) return ((Sym *)0); } } /* * Determine if this object provides global filtering. */ if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { Sym * fsym; if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { /* * This object has an associated filtee. Lookup the * symbol in the filtee, and if it is found return it. * If the symbol doesn't exist, and this is a standard * filter, return and error, otherwise return the symbol * within the filter itself. */ if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, OBJFLTRNDX(ilmp))) != 0) return (fsym); } if (flags1 & FL1_RT_OBJSFLTR) return ((Sym *)0); } return (sym); } /* * Create a new Rt_map structure for an ELF object and initialize * all values. */ Rt_map * elf_new_lm(Lm_list *lml, const char *pname, const char *oname, Dyn *ld, ulong_t addr, ulong_t etext, Aliste lmco, ulong_t msize, ulong_t entry, ulong_t paddr, ulong_t padimsize, Mmap *mmaps, uint_t mmapcnt) { Rt_map *lmp; ulong_t base, fltr = 0, audit = 0, cfile = 0, crle = 0; Xword rpath = 0; Ehdr *ehdr = (Ehdr *)addr; DBG_CALL(Dbg_file_elf(pname, (ulong_t)ld, addr, msize, entry, get_linkmap_id(lml), lmco)); /* * Allocate space for the link-map and private elf information. Once * these are allocated and initialized, we can use remove_so(0, lmp) to * tear down the link-map should any failures occur. */ if ((lmp = calloc(sizeof (Rt_map), 1)) == 0) return (0); if ((ELFPRV(lmp) = calloc(sizeof (Rt_elfp), 1)) == 0) { free(lmp); return (0); } /* * All fields not filled in were set to 0 by calloc. */ ORIGNAME(lmp) = PATHNAME(lmp) = NAME(lmp) = (char *)pname; DYN(lmp) = ld; ADDR(lmp) = addr; MSIZE(lmp) = msize; ENTRY(lmp) = (Addr)entry; SYMINTP(lmp) = elf_find_sym; ETEXT(lmp) = etext; FCT(lmp) = &elf_fct; LIST(lmp) = lml; PADSTART(lmp) = paddr; PADIMLEN(lmp) = padimsize; THREADID(lmp) = rt_thr_self(); OBJFLTRNDX(lmp) = FLTR_DISABLED; MMAPS(lmp) = mmaps; MMAPCNT(lmp) = mmapcnt; ASSERT(mmapcnt != 0); /* * If this is a shared object, add the base address to each address. * if this is an executable, use address as is. */ if (ehdr->e_type == ET_EXEC) { base = 0; FLAGS(lmp) |= FLG_RT_FIXED; } else base = addr; /* * Fill in rest of the link map entries with information from the file's * dynamic structure. */ if (ld) { uint_t dyncnt = 0; Xword pltpadsz = 0; void *rtldinfo; /* CSTYLED */ for ( ; ld->d_tag != DT_NULL; ++ld, dyncnt++) { switch ((Xword)ld->d_tag) { case DT_SYMTAB: SYMTAB(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_STRTAB: STRTAB(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_SYMENT: SYMENT(lmp) = ld->d_un.d_val; break; case DT_FEATURE_1: ld->d_un.d_val |= DTF_1_PARINIT; if (ld->d_un.d_val & DTF_1_CONFEXP) crle = 1; break; case DT_MOVESZ: MOVESZ(lmp) = ld->d_un.d_val; FLAGS(lmp) |= FLG_RT_MOVE; break; case DT_MOVEENT: MOVEENT(lmp) = ld->d_un.d_val; break; case DT_MOVETAB: MOVETAB(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_REL: case DT_RELA: /* * At this time we can only handle 1 type of * relocation per object. */ REL(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_RELSZ: case DT_RELASZ: RELSZ(lmp) = ld->d_un.d_val; break; case DT_RELENT: case DT_RELAENT: RELENT(lmp) = ld->d_un.d_val; break; case DT_RELCOUNT: case DT_RELACOUNT: RELACOUNT(lmp) = (uint_t)ld->d_un.d_val; break; case DT_TEXTREL: FLAGS1(lmp) |= FL1_RT_TEXTREL; break; case DT_HASH: HASH(lmp) = (uint_t *)(ld->d_un.d_ptr + base); break; case DT_PLTGOT: PLTGOT(lmp) = (uint_t *)(ld->d_un.d_ptr + base); break; case DT_PLTRELSZ: PLTRELSZ(lmp) = ld->d_un.d_val; break; case DT_JMPREL: JMPREL(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_INIT: INIT(lmp) = (void (*)())(ld->d_un.d_ptr + base); break; case DT_FINI: FINI(lmp) = (void (*)())(ld->d_un.d_ptr + base); break; case DT_INIT_ARRAY: INITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + base); break; case DT_INIT_ARRAYSZ: INITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; break; case DT_FINI_ARRAY: FINIARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + base); break; case DT_FINI_ARRAYSZ: FINIARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; break; case DT_PREINIT_ARRAY: PREINITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + base); break; case DT_PREINIT_ARRAYSZ: PREINITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; break; case DT_RPATH: case DT_RUNPATH: rpath = ld->d_un.d_val; break; case DT_FILTER: fltr = ld->d_un.d_val; OBJFLTRNDX(lmp) = dyncnt; FLAGS1(lmp) |= FL1_RT_OBJSFLTR; break; case DT_AUXILIARY: if (!(rtld_flags & RT_FL_NOAUXFLTR)) { fltr = ld->d_un.d_val; OBJFLTRNDX(lmp) = dyncnt; } FLAGS1(lmp) |= FL1_RT_OBJAFLTR; break; case DT_SUNW_FILTER: SYMSFLTRCNT(lmp)++; FLAGS1(lmp) |= FL1_RT_SYMSFLTR; break; case DT_SUNW_AUXILIARY: if (!(rtld_flags & RT_FL_NOAUXFLTR)) { SYMAFLTRCNT(lmp)++; } FLAGS1(lmp) |= FL1_RT_SYMAFLTR; break; case DT_DEPAUDIT: if (!(rtld_flags & RT_FL_NOAUDIT)) audit = ld->d_un.d_val; break; case DT_CONFIG: cfile = ld->d_un.d_val; break; case DT_DEBUG: /* * DT_DEBUG entries are only created in * dynamic objects that require an interpretor * (ie. all dynamic executables and some shared * objects), and provide for a hand-shake with * debuggers. This entry is initialized to * zero by the link-editor. If a debugger has * us and updated this entry set the debugger * flag, and finish initializing the debugging * structure (see setup() also). Switch off any * configuration object use as most debuggers * can't handle fixed dynamic executables as * dependencies, and we can't handle requests * like object padding for alternative objects. */ if (ld->d_un.d_ptr) rtld_flags |= (RT_FL_DEBUGGER | RT_FL_NOOBJALT); ld->d_un.d_ptr = (Addr)&r_debug; break; case DT_VERNEED: VERNEED(lmp) = (Verneed *)(ld->d_un.d_ptr + base); break; case DT_VERNEEDNUM: /* LINTED */ VERNEEDNUM(lmp) = (int)ld->d_un.d_val; break; case DT_VERDEF: VERDEF(lmp) = (Verdef *)(ld->d_un.d_ptr + base); break; case DT_VERDEFNUM: /* LINTED */ VERDEFNUM(lmp) = (int)ld->d_un.d_val; break; case DT_BIND_NOW: if (ld->d_un.d_val & DF_BIND_NOW) { MODE(lmp) |= RTLD_NOW; MODE(lmp) &= ~RTLD_LAZY; } break; case DT_FLAGS: if (ld->d_un.d_val & DF_SYMBOLIC) FLAGS1(lmp) |= FL1_RT_SYMBOLIC; if (ld->d_un.d_val & DF_TEXTREL) FLAGS1(lmp) |= FL1_RT_TEXTREL; if (ld->d_un.d_val & DF_BIND_NOW) { MODE(lmp) |= RTLD_NOW; MODE(lmp) &= ~RTLD_LAZY; } break; case DT_FLAGS_1: if (ld->d_un.d_val & DF_1_DISPRELPND) FLAGS1(lmp) |= FL1_RT_DISPREL; if (ld->d_un.d_val & DF_1_GROUP) FLAGS(lmp) |= (FLG_RT_SETGROUP | FLG_RT_HANDLE); if (ld->d_un.d_val & DF_1_NOW) { MODE(lmp) |= RTLD_NOW; MODE(lmp) &= ~RTLD_LAZY; } if (ld->d_un.d_val & DF_1_NODELETE) MODE(lmp) |= RTLD_NODELETE; if (ld->d_un.d_val & DF_1_INITFIRST) FLAGS(lmp) |= FLG_RT_INITFRST; if (ld->d_un.d_val & DF_1_NOOPEN) FLAGS(lmp) |= FLG_RT_NOOPEN; if (ld->d_un.d_val & DF_1_LOADFLTR) FLAGS(lmp) |= FLG_RT_LOADFLTR; if (ld->d_un.d_val & DF_1_NODUMP) FLAGS(lmp) |= FLG_RT_NODUMP; if (ld->d_un.d_val & DF_1_CONFALT) crle = 1; if (ld->d_un.d_val & DF_1_DIRECT) FLAGS(lmp) |= FLG_RT_DIRECT; if (ld->d_un.d_val & DF_1_NODEFLIB) FLAGS1(lmp) |= FL1_RT_NODEFLIB; if (ld->d_un.d_val & DF_1_ENDFILTEE) FLAGS1(lmp) |= FL1_RT_ENDFILTE; if (ld->d_un.d_val & DF_1_TRANS) FLAGS(lmp) |= FLG_RT_TRANS; #ifndef EXPAND_RELATIVE if (ld->d_un.d_val & DF_1_ORIGIN) FLAGS1(lmp) |= FL1_RT_RELATIVE; #endif /* * If this object identifies itself as an * interposer, but relocation processing has * already started, then demote it. It's too * late to guarantee complete interposition. */ if (ld->d_un.d_val & DF_1_INTERPOSE) { if ((lml->lm_flags & LML_FLG_STARTREL) == 0) FLAGS(lmp) |= FLG_RT_INTRPOSE; else { DBG_CALL(Dbg_util_intoolate(NAME(lmp))); if (lml->lm_flags & LML_FLG_TRC_ENABLE) (void) printf( MSG_INTL(MSG_LDD_REL_ERR2), NAME(lmp)); } } break; case DT_SYMINFO: SYMINFO(lmp) = (Syminfo *)(ld->d_un.d_ptr + base); break; case DT_SYMINENT: SYMINENT(lmp) = ld->d_un.d_val; break; case DT_PLTPAD: PLTPAD(lmp) = (void *)(ld->d_un.d_ptr + base); break; case DT_PLTPADSZ: pltpadsz = ld->d_un.d_val; break; case DT_SUNW_RTLDINF: if ((lml->lm_info_lmp != 0) && (lml->lm_info_lmp != lmp)) { DBG_CALL(Dbg_unused_rtldinfo( NAME(lmp), NAME(lml->lm_info_lmp))); break; } lml->lm_info_lmp = lmp; rtldinfo = (void *)(ld->d_un.d_ptr + base); /* * We maintain a list of DT_SUNW_RTLDINFO * structures for a given object. This permits * the RTLDINFO structures to be grouped * functionly inside of a shared object. * * For example, we could have one for * thread_init, and another for atexit * reservations. */ if (alist_append(&lml->lm_rtldinfo, &rtldinfo, sizeof (void *), AL_CNT_RTLDINFO) == 0) { remove_so(0, lmp); return (0); } break; case DT_DEPRECATED_SPARC_REGISTER: case M_DT_REGISTER: FLAGS(lmp) |= FLG_RT_REGSYMS; break; case M_DT_PLTRESERVE: PLTRESERVE(lmp) = (void *)(ld->d_un.d_ptr + base); break; } } if (PLTPAD(lmp)) { if (pltpadsz == (Xword)0) PLTPAD(lmp) = 0; else PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + pltpadsz); } /* * Allocate Dynamic Info structure */ if ((DYNINFO(lmp) = calloc((size_t)dyncnt, sizeof (Dyninfo))) == 0) { remove_so(0, lmp); return (0); } DYNINFOCNT(lmp) = dyncnt; } /* * If configuration file use hasn't been disabled, and a configuration * file hasn't already been set via an environment variable, see if any * application specific configuration file is specified. An LD_CONFIG * setting is used first, but if this image was generated via crle(1) * then a default configuration file is a fall-back. */ if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == 0)) { if (cfile) config->c_name = (const char *)(cfile + (char *)STRTAB(lmp)); else if (crle) { rtld_flags |= RT_FL_CONFAPP; #ifndef EXPAND_RELATIVE FLAGS1(lmp) |= FL1_RT_RELATIVE; #endif } } if (rpath) RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); if (fltr) { /* * If this object is a global filter, duplicate the filtee * string name(s) so that REFNAME() is available in core files. * This cludge was useful for debuggers at one point, but only * when the filtee name was an individual full path. */ if ((REFNAME(lmp) = strdup(fltr + (char *)STRTAB(lmp))) == 0) { remove_so(0, lmp); return (0); } } if (rtld_flags & RT_FL_RELATIVE) FLAGS1(lmp) |= FL1_RT_RELATIVE; /* * For Intel ABI compatibility. It's possible that a JMPREL can be * specified without any other relocations (e.g. a dynamic executable * normally only contains .plt relocations). If this is the case then * no REL, RELSZ or RELENT will have been created. For us to be able * to traverse the .plt relocations under LD_BIND_NOW we need to know * the RELENT for these relocations. Refer to elf_reloc() for more * details. */ if (!RELENT(lmp) && JMPREL(lmp)) RELENT(lmp) = sizeof (Rel); /* * Establish any per-object auditing. If we're establishing `main's * link-map its too early to go searching for audit objects so just * hold the object name for later (see setup()). */ if (audit) { char *cp = audit + (char *)STRTAB(lmp); if (*cp) { if (((AUDITORS(lmp) = calloc(1, sizeof (Audit_desc))) == 0) || ((AUDITORS(lmp)->ad_name = strdup(cp)) == 0)) { remove_so(0, lmp); return (0); } if (NAME(lmp)) { if (audit_setup(lmp, AUDITORS(lmp)) == 0) { remove_so(0, lmp); return (0); } FLAGS1(lmp) |= AUDITORS(lmp)->ad_flags; lml->lm_flags |= LML_FLG_LOCAUDIT; } } } if ((CONDVAR(lmp) = rt_cond_create()) == 0) { remove_so(0, lmp); return (0); } if (oname && ((append_alias(lmp, oname, 0)) == 0)) { remove_so(0, lmp); return (0); } /* * Add the mapped object to the end of the link map list. */ lm_append(lml, lmco, lmp); return (lmp); } /* * Assign hardware/software capabilities. */ void cap_assign(Cap *cap, Rt_map *lmp) { while (cap->c_tag != CA_SUNW_NULL) { switch (cap->c_tag) { case CA_SUNW_HW_1: HWCAP(lmp) = cap->c_un.c_val; break; case CA_SUNW_SF_1: SFCAP(lmp) = cap->c_un.c_val; } cap++; } } /* * Map in an ELF object. * Takes an open file descriptor for the object to map and its pathname; returns * a pointer to a Rt_map structure for this object, or 0 on error. */ static Rt_map * elf_map_so(Lm_list *lml, Aliste lmco, const char *pname, const char *oname, int fd) { int i; /* general temporary */ Off memsize = 0; /* total memory size of pathname */ Off mentry; /* entry point */ Ehdr *ehdr; /* ELF header of ld.so */ Phdr *phdr; /* first Phdr in file */ Phdr *phdr0; /* Saved first Phdr in file */ Phdr *pptr; /* working Phdr */ Phdr *fph = 0; /* first loadable Phdr */ Phdr *lph; /* last loadable Phdr */ Phdr *lfph = 0; /* last loadable (filesz != 0) Phdr */ Phdr *lmph = 0; /* last loadable (memsz != 0) Phdr */ Phdr *swph = 0; /* program header for SUNWBSS */ Phdr *tlph = 0; /* program header for PT_TLS */ Phdr *unwindph = 0; /* program header for PT_SUNW_UNWIND */ Cap *cap = 0; /* program header for SUNWCAP */ Dyn *mld = 0; /* DYNAMIC structure for pathname */ size_t size; /* size of elf and program headers */ caddr_t faddr = 0; /* mapping address of pathname */ Rt_map *lmp; /* link map created */ caddr_t paddr; /* start of padded image */ Off plen; /* size of image including padding */ const char *name; Half etype; int fixed; Mmap *mmaps; uint_t mmapcnt = 0; Xword align = 0; /* * Establish the objects name. */ if (pname == (char *)0) name = pr_name; else name = pname; /* LINTED */ ehdr = (Ehdr *)fmap->fm_maddr; /* * If this a relocatable object then special processing is required. */ if ((etype = ehdr->e_type) == ET_REL) return (elf_obj_file(lml, lmco, name, fd)); /* * If this isn't a dynamic executable or shared object we can't process * it. If this is a dynamic executable then all addresses are fixed. */ if (etype == ET_EXEC) fixed = 1; else if (etype == ET_DYN) fixed = 0; else { eprintf(ERR_ELF, MSG_INTL(MSG_GEN_BADTYPE), name, conv_etype_str(etype)); return (0); } /* * If our original mapped page was not large enough to hold all the * program headers remap them. */ size = (size_t)((char *)ehdr->e_phoff + (ehdr->e_phnum * ehdr->e_phentsize)); if (size > fmap->fm_fsize) { eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), name); return (0); } if (size > fmap->fm_msize) { fmap_setup(); if ((fmap->fm_maddr = mmap(fmap->fm_maddr, size, PROT_READ, fmap->fm_mflags, fd, 0)) == MAP_FAILED) { int err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), name, strerror(err)); return (0); } fmap->fm_msize = size; /* LINTED */ ehdr = (Ehdr *)fmap->fm_maddr; } /* LINTED */ phdr0 = phdr = (Phdr *)((char *)ehdr + ehdr->e_ehsize); /* * Get entry point. */ mentry = ehdr->e_entry; /* * Point at program headers and perform some basic validation. */ for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++, pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) { if ((pptr->p_type == PT_LOAD) || (pptr->p_type == PT_SUNWBSS)) { if (fph == 0) { fph = pptr; /* LINTED argument lph is initialized in first pass */ } else if (pptr->p_vaddr <= lph->p_vaddr) { eprintf(ERR_ELF, MSG_INTL(MSG_GEN_INVPRGHDR), name); return (0); } lph = pptr; if (pptr->p_memsz) lmph = pptr; if (pptr->p_filesz) lfph = pptr; if (pptr->p_type == PT_SUNWBSS) swph = pptr; if (pptr->p_align > align) align = pptr->p_align; } else if (pptr->p_type == PT_DYNAMIC) mld = (Dyn *)(pptr->p_vaddr); else if (pptr->p_type == PT_TLS) tlph = pptr; else if (pptr->p_type == PT_SUNWCAP) cap = (Cap *)(pptr->p_vaddr); else if (pptr->p_type == PT_SUNW_UNWIND) unwindph = pptr; } #if defined(MAP_ALIGN) /* * Make sure the maximum page alignment is a power of 2 >= the system * page size, for use with MAP_ALIGN. */ align = M_PROUND(align); #endif /* * We'd better have at least one loadable segment, together with some * specified file and memory size. */ if ((fph == 0) || (lmph == 0) || (lfph == 0)) { eprintf(ERR_ELF, MSG_INTL(MSG_GEN_NOLOADSEG), name); return (0); } /* * Check that the files size accounts for the loadable sections * we're going to map in (failure to do this may cause spurious * bus errors if we're given a truncated file). */ if (fmap->fm_fsize < ((size_t)lfph->p_offset + lfph->p_filesz)) { eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), name); return (0); } /* * Memsize must be page rounded so that if we add object padding * at the end it will start at the beginning of a page. */ plen = memsize = M_PROUND((lmph->p_vaddr + lmph->p_memsz) - M_PTRUNC((ulong_t)fph->p_vaddr)); /* * Determine if an existing mapping is acceptable. */ if (interp && (lml->lm_flags & LML_FLG_BASELM) && (strcmp(name, interp->i_name) == 0)) { /* * If this is the interpreter then it has already been mapped * and we have the address so don't map it again. Note that * the common occurrence of a reference to the interpretor * (libdl -> ld.so.1) will have been caught during filter * initialization (see elf_lookup_filtee()). However, some * ELF implementations are known to record libc.so.1 as the * interpretor, and thus this test catches this behavior. */ paddr = faddr = interp->i_faddr; } else if ((fixed == 0) && (r_debug.rtd_objpad == 0) && (memsize <= fmap->fm_msize) && ((fph->p_flags & PF_W) == 0) && (fph->p_filesz == fph->p_memsz) && (((Xword)fmap->fm_maddr % align) == 0)) { /* * If the mapping required has already been established from * the initial page we don't need to do anything more. Reset * the fmap address so then any later files start a new fmap. * This is really an optimization for filters, such as libdl.so, * which should only require one page. */ paddr = faddr = fmap->fm_maddr; fmap->fm_maddr = 0; fmap_setup(); } /* * Allocate a mapping array to retain mapped segment information. */ if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0) return (0); /* * If we're reusing an existing mapping determine the objects etext * address. Otherwise map the file (which will calculate the etext * address as part of the mapping process). */ if (faddr) { caddr_t base; if (fixed) base = 0; else base = faddr; /* LINTED */ phdr0 = phdr = (Phdr *)((char *)faddr + ehdr->e_ehsize); for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++, pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) { if (pptr->p_type != PT_LOAD) continue; mmaps[mmapcnt].m_vaddr = (pptr->p_vaddr + base); mmaps[mmapcnt].m_msize = pptr->p_memsz; mmaps[mmapcnt].m_fsize = pptr->p_filesz; mmaps[mmapcnt].m_perm = (PROT_READ | PROT_EXEC); mmapcnt++; if (!(pptr->p_flags & PF_W)) { fmap->fm_etext = (ulong_t)pptr->p_vaddr + (ulong_t)pptr->p_memsz + (ulong_t)(fixed ? 0 : faddr); } } } else { /* * Map the file. */ if (!(faddr = elf_map_it(name, memsize, ehdr, fph, lph, &phdr, &paddr, &plen, fixed, fd, align, mmaps, &mmapcnt))) return (0); } /* * Calculate absolute base addresses and entry points. */ if (!fixed) { if (mld) /* LINTED */ mld = (Dyn *)((Off)mld + faddr); if (cap) /* LINTED */ cap = (Cap *)((Off)cap + faddr); mentry += (Off)faddr; } /* * Create new link map structure for newly mapped shared object. */ if (!(lmp = elf_new_lm(lml, pname, oname, mld, (ulong_t)faddr, fmap->fm_etext, lmco, memsize, mentry, (ulong_t)paddr, plen, mmaps, mmapcnt))) { (void) munmap((caddr_t)faddr, memsize); return (0); } /* * Start the system loading in the ELF information we'll be processing. */ if (REL(lmp)) { (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), MADV_WILLNEED); } /* * If this shared object contains a any special segments, record them. */ if (swph) { FLAGS(lmp) |= FLG_RT_SUNWBSS; SUNWBSS(lmp) = phdr + (swph - phdr0); } if (tlph) { PTTLS(lmp) = phdr + (tlph - phdr0); tls_assign_soffset(lmp); } if (unwindph) PTUNWIND(lmp) = phdr + (unwindph - phdr0); if (cap) cap_assign(cap, lmp); return (lmp); } /* * Function to correct protection settings. Segments are all mapped initially * with permissions as given in the segment header. We need to turn on write * permissions on a text segment if there are any relocations against that * segment, and them turn write permission back off again before returning * control to the user. This function turns the permission on or off depending * on the value of the argument. */ int elf_set_prot(Rt_map * lmp, int permission) { Mmap *mmaps; /* * If this is an allocated image (ie. a relocatable object) we can't * mprotect() anything. */ if (FLAGS(lmp) & FLG_RT_IMGALLOC) return (1); DBG_CALL(Dbg_file_prot(NAME(lmp), permission)); for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) { if (mmaps->m_perm & PROT_WRITE) continue; if (mprotect(mmaps->m_vaddr, mmaps->m_msize, (mmaps->m_perm | permission)) == -1) { int err = errno; eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MPROT), NAME(lmp), strerror(err)); return (0); } } return (1); } /* * Build full pathname of shared object from given directory name and filename. */ static char * elf_get_so(const char *dir, const char *file) { static char pname[PATH_MAX]; (void) snprintf(pname, PATH_MAX, MSG_ORIG(MSG_FMT_PATH), dir, file); return (pname); } /* * The copy relocation is recorded in a copy structure which will be applied * after all other relocations are carried out. This provides for copying data * that must be relocated itself (ie. pointers in shared objects). This * structure also provides a means of binding RTLD_GROUP dependencies to any * copy relocations that have been taken from any group members. * * If the size of the .bss area available for the copy information is not the * same as the source of the data inform the user if we're under ldd(1) control * (this checking was only established in 5.3, so by only issuing an error via * ldd(1) we maintain the standard set by previous releases). */ int elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, Rt_map *dlmp, const void *dadd) { Rel_copy rc; Lm_list *lml = LIST(rlmp); rc.r_name = name; rc.r_rsym = rsym; /* the new reference symbol and its */ rc.r_rlmp = rlmp; /* associated link-map */ rc.r_dlmp = dlmp; /* the defining link-map */ rc.r_dsym = dsym; /* the original definition */ rc.r_radd = radd; rc.r_dadd = dadd; if (rsym->st_size > dsym->st_size) rc.r_size = (size_t)dsym->st_size; else rc.r_size = (size_t)rsym->st_size; if (alist_append(©(dlmp), &rc, sizeof (Rel_copy), AL_CNT_COPYREL) == 0) { if (!(lml->lm_flags & LML_FLG_TRC_WARN)) return (0); else return (1); } if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { if (alist_append(©(rlmp), &dlmp, sizeof (Rt_map *), AL_CNT_COPYREL) == 0) { if (!(lml->lm_flags & LML_FLG_TRC_WARN)) return (0); else return (1); } FLAGS1(dlmp) |= FL1_RT_COPYTOOK; } /* * If we are tracing (ldd), warn the user if * 1) the size from the reference symbol differs from the * copy definition. We can only copy as much data as the * reference (dynamic executables) entry allows. * 2) the copy definition has STV_PROTECTED visibility. */ if (lml->lm_flags & LML_FLG_TRC_WARN) { if (rsym->st_size != dsym->st_size) { (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), _conv_reloc_type_str(M_R_COPY), demangle(name), NAME(rlmp), EC_XWORD(rsym->st_size), NAME(dlmp), EC_XWORD(dsym->st_size)); if (rsym->st_size > dsym->st_size) (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), NAME(dlmp)); else (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), NAME(rlmp)); } if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), _conv_reloc_type_str(M_R_COPY), demangle(name), NAME(dlmp)); } } DBG_CALL(Dbg_reloc_apply((Xword)radd, (Xword)rc.r_size)); return (1); } /* * Determine the symbol location of an address within a link-map. Look for * the nearest symbol (whose value is less than or equal to the required * address). This is the object specific part of dladdr(). */ static void elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) { ulong_t ndx, cnt, base, _value; Sym *sym, *_sym; const char *str; /* * If we don't have a .hash table there are no symbols to look at. */ if (HASH(lmp) == 0) return; cnt = HASH(lmp)[1]; str = STRTAB(lmp); sym = SYMTAB(lmp); if (FLAGS(lmp) & FLG_RT_FIXED) base = 0; else base = ADDR(lmp); for (_sym = 0, _value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { ulong_t value; if (sym->st_shndx == SHN_UNDEF) continue; value = sym->st_value + base; if (value > addr) continue; if (value < _value) continue; _sym = sym; _value = value; /* * Note, because we accept local and global symbols we could * find a section symbol that matches the associated address, * which means that the symbol name will be null. In this * case continue the search in case we can find a global * symbol of the same value. */ if ((value == addr) && (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) break; } if (_sym) { int _flags = flags & RTLD_DL_MASK; if (_flags == RTLD_DL_SYMENT) *info = (void *)_sym; else if (_flags == RTLD_DL_LINKMAP) *info = (void *)lmp; dlip->dli_sname = str + _sym->st_name; dlip->dli_saddr = (void *)_value; } } static void elf_lazy_cleanup(Alist * alp) { Rt_map ** lmpp; Aliste off; /* * Cleanup any link-maps added to this dynamic list and free it. */ for (ALIST_TRAVERSE(alp, off, lmpp)) FLAGS(*lmpp) &= ~FLG_RT_DLSYM; free(alp); } /* * This routine is called upon to search for a symbol from the dependencies of * the initial link-map. To maintain lazy loadings goal of reducing the number * of objects mapped, any symbol search is first carried out using the objects * that already exist in the process (either on a link-map list or handle). * If a symbol can't be found, and lazy dependencies are still pending, this * routine loads the dependencies in an attempt to locate the symbol. * * Only new objects are inspected as we will have already inspected presently * loaded objects before calling this routine. However, a new object may not * be new - although the di_lmp might be zero, the object may have been mapped * as someone elses dependency. Thus there's a possibility of some symbol * search duplication. */ Sym * elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo) { Sym *sym = 0; Alist * alist = 0; Aliste off; Rt_map ** lmpp, * lmp = slp->sl_imap; const char *name = slp->sl_name; if (alist_append(&alist, &lmp, sizeof (Rt_map *), AL_CNT_LAZYFIND) == 0) return (0); FLAGS(lmp) |= FLG_RT_DLSYM; for (ALIST_TRAVERSE(alist, off, lmpp)) { uint_t cnt = 0; Slookup sl = *slp; Dyninfo *dip; /* * Loop through the DT_NEEDED entries examining each object for * the symbol. If the symbol is not found the object is in turn * added to the alist, so that its DT_NEEDED entires may be * examined. */ lmp = *lmpp; for (dip = DYNINFO(lmp); cnt < DYNINFOCNT(lmp); cnt++, dip++) { Rt_map *nlmp; if (((dip->di_flags & FLG_DI_NEEDED) == 0) || dip->di_info) continue; /* * If this entry defines a lazy dependency try loading * it. If the file can't be loaded, consider this * non-fatal and continue the search (lazy loaded * dependencies need not exist and their loading should * only be fatal if called from a relocation). * * If the file is already loaded and relocated we must * still inspect it for symbols, even though it might * have already been searched. This lazy load operation * might have promoted the permissions of the object, * and thus made the object applicable for this symbol * search, whereas before the object might have been * skipped. */ if ((nlmp = elf_lazy_load(lmp, cnt, name)) == 0) continue; /* * If this object isn't yet a part of the dynamic list * then inspect it for the symbol. If the symbol isn't * found add the object to the dynamic list so that we * can inspect its dependencies. */ if (FLAGS(nlmp) & FLG_RT_DLSYM) continue; sl.sl_imap = nlmp; if (sym = LM_LOOKUP_SYM(sl.sl_cmap)(&sl, _lmp, binfo)) break; /* * Some dlsym() operations are already traversing a * link-map (dlopen(0)), and thus there's no need to * build our own dynamic dependency list. */ if ((sl.sl_flags & LKUP_NODESCENT) == 0) { if (alist_append(&alist, &nlmp, sizeof (Rt_map *), AL_CNT_LAZYFIND) == 0) { elf_lazy_cleanup(alist); return (0); } FLAGS(nlmp) |= FLG_RT_DLSYM; } } if (sym) break; } elf_lazy_cleanup(alist); return (sym); } /* * Warning message for bad r_offset. */ void elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, ulong_t rsymndx) { const char *name = (char *)0; int trace; if ((LIST(lmp)->lm_flags & LML_FLG_TRC_ENABLE) && (((rtld_flags & RT_FL_SILENCERR) == 0) || (LIST(lmp)->lm_flags & LML_FLG_TRC_VERBOSE))) trace = 1; else trace = 0; if ((trace == 0) && (dbg_mask == 0)) return; if (rsymndx) { Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + (rsymndx * SYMENT(lmp))); if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) name = (char *)(STRTAB(lmp) + symref->st_name); } if (name == 0) name = MSG_ORIG(MSG_STR_EMPTY); if (trace) { const char *rstr; rstr = _conv_reloc_type_str((uint_t)rtype); (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, EC_ADDR(roffset)); return; } Dbg_reloc_error(M_MACH, M_REL_SHT_TYPE, rel, name, MSG_ORIG(MSG_REL_BADROFFSET)); }