1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 /* LINTLIBRARY */
29
30 #include <sys/mman.h>
31 #include <sys/types.h>
32 #include <sys/stat.h>
33 #include <procfs.h>
34 #include <unistd.h>
35 #include <fcntl.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <limits.h>
39 #include <errno.h>
40 #include <alloca.h>
41 #include "rtld.h"
42 #include "rtc.h"
43 #include "_crle.h"
44 #include "msg.h"
45
46 /*
47 * Routines for dumping alternate objects under CRLE_AUD_DLDUMP mode.
48 */
49 static Addr membgn = 0;
50 static Addr memend = 0;
51
52 /*
53 * For each file in the configuration file that requires an alternate (dldump())
54 * version, add the object to the processes main link-map. The process head
55 * may be an application, shared object, or lddstub. In any case this object
56 * may be augmented with other objects defined within the configuration file.
57 *
58 * Each file is initially loaded with RTLD_CONFGEN so that no dependency
59 * analysis, relocation, or user code (.init's) is executed. By skipping
60 * analysis we save time and allow for a family of objects to be dumped that
61 * may not have all relocations satisfied. If necessary, a later call to
62 * dlopen() using RTLD_NOW will force relocations to occur.
63 *
64 * A mapping range is maintained to span the mapping of each objects, and this
65 * range is finally written back to the caller.
66 */
67 static int
68 /* ARGSUSED1 */
load(const char * opath,const char * npath)69 load(const char *opath, const char *npath)
70 {
71 Grp_hdl * ghp;
72 Rt_map * lmp;
73 Addr _membgn, _memend;
74
75 if ((ghp = (Grp_hdl *)dlmopen(LM_ID_BASE, opath,
76 (RTLD_LAZY | RTLD_GLOBAL | RTLD_CONFGEN))) == NULL) {
77 (void) fprintf(stderr, MSG_INTL(MSG_DL_OPEN),
78 MSG_ORIG(MSG_FIL_LIBCRLE), dlerror());
79 return (1);
80 }
81 lmp = ghp->gh_ownlmp;
82 FLAGS1(lmp) |= FL1_RT_CONFSET;
83
84 /*
85 * Establish the mapping range of the objects dumped so far.
86 */
87 _membgn = ADDR(lmp);
88 _memend = (ADDR(lmp) + MSIZE(lmp));
89
90 if (membgn == 0) {
91 membgn = _membgn;
92 memend = _memend;
93 } else {
94 if (membgn > _membgn)
95 membgn = _membgn;
96 if (memend < _memend)
97 memend = _memend;
98 }
99 return (0);
100 }
101
102 /*
103 * dldump(3x) an object that is already part of the main link-map list.
104 */
105 static int
dump(const char * opath,const char * npath)106 dump(const char *opath, const char *npath)
107 {
108 (void) unlink(npath);
109
110 if (dldump(opath, npath, dlflag) != 0) {
111 (void) fprintf(stderr, MSG_INTL(MSG_DL_DUMP),
112 MSG_ORIG(MSG_FIL_LIBCRLE), dlerror());
113 return (1);
114 }
115 return (0);
116 }
117
118 /*
119 * Traverse a configuration file directory/file list. Each file within the
120 * list is maintained as both a full pathname and a simple filename - we're
121 * only interested in one.
122 *
123 * This rutine is called twice, once to insure the appropriate objects are
124 * mapped in (fptr == load()) and then once again to dldump(3x) the mapped
125 * objects (fptr == dump()).
126 */
127 static int
scanconfig(Addr addr,int (* fptr)())128 scanconfig(Addr addr, int (*fptr)())
129 {
130 Rtc_head * head = (Rtc_head *)addr;
131 Rtc_obj * obj;
132 Rtc_dir * dirtbl;
133 Rtc_file * filetbl;
134 const char *str, *strtbl;
135
136 /* LINTED */
137 strtbl = (const char *)((char *)addr + head->ch_str);
138
139 /*
140 * Scan the directory and filename arrays looking for alternatives.
141 */
142 for (dirtbl = (Rtc_dir *)(head->ch_dir + addr);
143 dirtbl->cd_obj; dirtbl++) {
144
145 obj = (Rtc_obj *)(dirtbl->cd_obj + addr);
146 str = strtbl + obj->co_name;
147
148 if (obj->co_flags & RTC_OBJ_NOEXIST)
149 continue;
150
151 for (filetbl = (Rtc_file *)(dirtbl->cd_file + addr);
152 filetbl->cf_obj; filetbl++) {
153
154 obj = (Rtc_obj *)(filetbl->cf_obj + addr);
155 str = strtbl + obj->co_name;
156
157 if ((obj->co_flags &
158 (RTC_OBJ_DUMP | RTC_OBJ_REALPTH | RTC_OBJ_EXEC)) ==
159 (RTC_OBJ_DUMP | RTC_OBJ_REALPTH)) {
160 if ((*fptr)(str, strtbl + obj->co_alter) != 0)
161 return (1);
162 }
163 }
164 }
165
166 /*
167 * Are we dumping a specific application.
168 */
169 if (head->ch_app) {
170 if (fptr == load) {
171 Grp_hdl * ghp;
172
173 /*
174 * Obtain a handle to the application and set the
175 * FL1_RT_CONFSET flag.
176 */
177 if ((ghp = dlmopen(LM_ID_BASE, 0,
178 (RTLD_NOLOAD | RTLD_CONFGEN))) == 0)
179 return (1);
180 FLAGS1(ghp->gh_ownlmp) |= FL1_RT_CONFSET;
181
182 } else {
183 /*
184 * If we're dumping and this configuration is for a
185 * specific application dump it also.
186 */
187 /* LINTED */
188 obj = (Rtc_obj *)((char *)addr + head->ch_app);
189 str = strtbl + obj->co_alter;
190
191 if (dump((const char *)0, str) != 0)
192 return (1);
193 }
194 }
195
196 return (0);
197 }
198
199 /*
200 * Before loading any dependencies determine the present memory mappings being
201 * used and fill any holes between these mappings. This insures that all
202 * dldump()'ed dependencies will live in a single consecutive address range.
203 */
204 int
filladdr(void)205 filladdr(void)
206 {
207 prmap_t *maps, *_maps;
208 struct stat status;
209 int fd = 0, err, num, _num;
210 size_t size, syspagsz;
211 uintptr_t laddr = 0, saddr;
212 pstatus_t prstatus;
213
214 /*
215 * Open /proc/self/status to determine the virtual address of the
216 * process heap.
217 */
218 if ((fd = open(MSG_ORIG(MSG_PTH_PROCSTATUS), O_RDONLY)) == -1) {
219 err = errno;
220 (void) fprintf(stderr, MSG_INTL(MSG_SYS_OPEN),
221 MSG_ORIG(MSG_FIL_LIBCRLE), MSG_ORIG(MSG_PTH_PROCSTATUS),
222 strerror(err));
223 return (1);
224 }
225 if (read(fd, &prstatus, sizeof (pstatus_t)) != sizeof (pstatus_t)) {
226 err = errno;
227 (void) fprintf(stderr, MSG_INTL(MSG_SYS_READ),
228 MSG_ORIG(MSG_FIL_LIBCRLE), MSG_ORIG(MSG_PTH_PROCSTATUS),
229 strerror(err));
230 (void) close(fd);
231 return (1);
232 }
233 (void) close(fd);
234
235 /*
236 * Round the process heap to the next page boundary so that it can be
237 * used to isolated the a.out mappings (pr_brkbase typically occurs
238 * at the end, but within, the a.out's data segment). As libcrle is
239 * used as an audit library, no process user code has run so there
240 * can't be any heap. pr_brksize is added here for completeness.
241 */
242 syspagsz = sysconf(_SC_PAGESIZE);
243 saddr = M_PROUND(prstatus.pr_brkbase + prstatus.pr_brksize);
244
245 /*
246 * Open /proc/self/rmap to obtain the processes reserved mappings.
247 */
248 if ((fd = open(MSG_ORIG(MSG_PTH_PROCRMAP), O_RDONLY)) == -1) {
249 err = errno;
250 (void) fprintf(stderr, MSG_INTL(MSG_SYS_OPEN),
251 MSG_ORIG(MSG_FIL_LIBCRLE), MSG_ORIG(MSG_PTH_PROCRMAP),
252 strerror(err));
253 return (1);
254 }
255 (void) fstat(fd, &status);
256
257 /*
258 * Determine number of mappings - use alloca so as not to perturb any
259 * mapping information by a malloc, which itself might add a mapping.
260 */
261 /* LINTED */
262 num = (int)(status.st_size / sizeof (prmap_t));
263 size = num * sizeof (prmap_t);
264
265 if ((maps = alloca(size)) == 0) {
266 (void) fprintf(stderr, MSG_INTL(MSG_SYS_ALLOC),
267 MSG_ORIG(MSG_FIL_LIBCRLE), strerror(ENOMEM));
268 (void) close(pfd);
269 return (1);
270 }
271
272 if (read(fd, (void *)maps, size) < 0) {
273 err = errno;
274 (void) fprintf(stderr, MSG_INTL(MSG_SYS_READ),
275 MSG_ORIG(MSG_FIL_LIBCRLE), MSG_ORIG(MSG_PTH_PROCRMAP),
276 strerror(err));
277 (void) close(fd);
278 return (1);
279 }
280 (void) close(fd);
281
282 /*
283 * Use /dev/null for filling holes.
284 */
285 if ((fd = open(MSG_ORIG(MSG_PTH_DEVNULL), O_RDONLY)) == -1) {
286 err = errno;
287 (void) fprintf(stderr, MSG_INTL(MSG_SYS_OPEN),
288 MSG_ORIG(MSG_FIL_LIBCRLE), MSG_ORIG(MSG_PTH_DEVNULL),
289 strerror(err));
290 return (1);
291 }
292
293 /*
294 * Scan each mapping - note it is assummed that the mappings are
295 * presented in order. We fill holes between mappings. On intel
296 * the last mapping is usually the data segment of ld.so.1, after
297 * this comes a red zone into which non-fixed mapping won't get
298 * place. Thus we can simply bail from the loop after seeing the
299 * last mapping.
300 */
301 for (_num = 0, _maps = maps; _num < num; _num++, _maps++) {
302 /*
303 * Skip all mappings below brkbase, these represent the a.out
304 * (and the stack on intel).
305 */
306 if ((laddr == 0) &&
307 ((_maps->pr_vaddr + _maps->pr_size) <= saddr))
308 continue;
309
310 /*
311 * For each consecutive mapping determine the hole between each
312 * and fill it from /dev/null.
313 */
314 if (laddr == 0) {
315 laddr = _maps->pr_vaddr + _maps->pr_size;
316 continue;
317 }
318
319 if ((size = _maps->pr_vaddr - laddr) != 0) {
320 if (mmap((void *)laddr, size, PROT_NONE,
321 (MAP_FIXED | MAP_PRIVATE), fd, 0) == MAP_FAILED) {
322 err = errno;
323 (void) fprintf(stderr, MSG_INTL(MSG_SYS_MMAP),
324 MSG_ORIG(MSG_FIL_LIBCRLE),
325 MSG_ORIG(MSG_PTH_DEVNULL), strerror(err));
326 return (1);
327 }
328 }
329 laddr = _maps->pr_vaddr + _maps->pr_size;
330 }
331
332 /*
333 * It's been observed that there may be space between the end of the
334 * last mapping (typically ld.so.1), and the kernel base address. As
335 * there's no interface to determine the kernel base address, keep
336 * filling in pages until we get an error. We'll get ENOMEM once we
337 * hit the kernel base address.
338 */
339 while (laddr) {
340 if (mmap((void *)laddr, syspagsz, PROT_NONE,
341 (MAP_FIXED | MAP_PRIVATE), fd, 0) == MAP_FAILED) {
342 err = errno;
343 if (err == ENOMEM)
344 break;
345 (void) fprintf(stderr, MSG_INTL(MSG_SYS_MMAP),
346 MSG_ORIG(MSG_FIL_LIBCRLE),
347 MSG_ORIG(MSG_PTH_DEVNULL), strerror(err));
348 return (1);
349 }
350 laddr += syspagsz;
351 }
352
353 /*
354 * Close /dev/null.
355 */
356 (void) close(fd);
357 return (0);
358 }
359
360 /*
361 * Dump alternative objects as part of building a configuration file. A temp
362 * configuration is already built and made available to the process, and is
363 * located via dlinfo(). Having load()'ed each object, and dump()'ed its image,
364 * the final memory reservation infoamtion is returned to the caller.
365 */
366 int
dumpconfig(void)367 dumpconfig(void)
368 {
369 char buffer[PATH_MAX];
370 Addr config;
371 Dl_info info;
372
373 /*
374 * Determine the configuration file and where it is mapped.
375 */
376 if (dlinfo((void *)NULL, RTLD_DI_CONFIGADDR, &info) == -1) {
377 (void) fprintf(stderr, MSG_INTL(MSG_DL_INFO),
378 MSG_ORIG(MSG_FIL_LIBCRLE), dlerror());
379 return (1);
380 }
381 config = (Addr)info.dli_fbase;
382
383 /*
384 * Scan the configuration file for alternative entries.
385 */
386 if (scanconfig(config, load) != 0)
387 return (1);
388
389 /*
390 * Having mapped all objects, relocate them. It would be nice if we
391 * could drop this step altogether, and have dldump() carry out just
392 * those relocations required, but when binding to an application we
393 * need to handle copy relocations - these can affect bindings (in the
394 * case of things like libld.so which have direct bindings) and require
395 * that the data being copied is itself relocated.
396 */
397 if (dlmopen(LM_ID_BASE, 0, (RTLD_NOW | RTLD_CONFGEN)) == 0)
398 return (1);
399
400 /*
401 * Rescan the configuration dumping out each alternative file.
402 */
403 if (scanconfig(config, dump) != 0)
404 return (1);
405
406 /*
407 * Having established the memory range of the dumped images and
408 * sucessfully dumped them out, report back to the caller.
409 */
410 (void) sprintf(buffer, MSG_ORIG(MSG_AUD_RESBGN), EC_ADDR(membgn));
411 (void) write(pfd, buffer, strlen(buffer));
412
413 (void) sprintf(buffer, MSG_ORIG(MSG_AUD_RESEND), EC_ADDR(memend));
414 (void) write(pfd, buffer, strlen(buffer));
415
416 return (0);
417 }
418