1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * Copyright (c) 1988 AT&T
28 * All Rights Reserved
29 */
30 /*
31 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
32 */
33
34 /*
35 * Run time linker common setup.
36 *
37 * Called from _setup to get the process going at startup.
38 */
39
40 #include <stdlib.h>
41 #include <fcntl.h>
42 #include <stdio.h>
43 #include <sys/types.h>
44 #include <sys/stat.h>
45 #include <sys/mman.h>
46 #include <string.h>
47 #include <unistd.h>
48 #include <dlfcn.h>
49 #include <sys/sysconfig.h>
50 #include <sys/auxv.h>
51 #include <debug.h>
52 #include <conv.h>
53 #include "_rtld.h"
54 #include "_audit.h"
55 #include "_elf.h"
56 #include "_a.out.h"
57 #include "msg.h"
58
59
60 extern int _end, _edata, _etext;
61 extern void _init(void);
62 extern int _brk_unlocked(void *);
63
64 #ifndef SGS_PRE_UNIFIED_PROCESS
65 /* needed for _brk_unlocked() */
66 void *_nd = &_end;
67 #endif
68
69 /*
70 * Counters that are incremented every time an object is mapped/unmapped.
71 *
72 * Note that exec() will usually map 2 objects before we receive control,
73 * but this can be 1 if ld.so.1 is executed directly. We count one of these
74 * here, and add another as necessary in setup().
75 */
76 u_longlong_t cnt_map = 1;
77 u_longlong_t cnt_unmap = 0;
78
79
80 /*
81 * Define for the executable's interpreter.
82 * Usually it is ld.so.1, but for the first release of ICL binaries
83 * it is libc.so.1. We keep this information so that we don't end
84 * up mapping libc twice if it is the interpreter.
85 */
86 static Interp _interp;
87
88 /*
89 * LD_PRELOAD objects.
90 */
91 static int
preload(const char * str,Rt_map * mlmp,Rt_map ** clmp)92 preload(const char *str, Rt_map *mlmp, Rt_map **clmp)
93 {
94 Alist *palp = NULL;
95 char *objs, *ptr, *next;
96 Word lmflags = lml_main.lm_flags;
97 int lddstub;
98
99 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
100
101 if ((objs = strdup(str)) == NULL)
102 return (0);
103
104 /*
105 * Determine if we've been called from lddstub.
106 */
107 lddstub = (lmflags & LML_FLG_TRC_ENABLE) &&
108 (FLAGS1(*clmp) & FL1_RT_LDDSTUB);
109
110
111 for (ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next);
112 ptr != NULL;
113 ptr = strtok_r(NULL, MSG_ORIG(MSG_STR_DELIMIT), &next)) {
114 Rt_map *nlmp = NULL;
115 uint_t flags;
116
117 DBG_CALL(Dbg_file_preload(&lml_main, ptr));
118
119 /*
120 * Establish the flags for loading each object. If we're
121 * called via lddstub, then the first preloaded object is the
122 * object being inspected by ldd(1). This object should not be
123 * marked as an interposer, as this object is intended to act
124 * as the target object of the process.
125 */
126 if (lddstub)
127 flags = FLG_RT_PRELOAD;
128 else
129 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO);
130
131 /*
132 * If this a secure application, then preload errors are
133 * reduced to warnings, as the errors are non-fatal.
134 */
135 if (rtld_flags & RT_FL_SECURE)
136 rtld_flags2 |= RT_FL2_FTL2WARN;
137 if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED,
138 PD_FLG_EXTLOAD, 0) != 0)
139 nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp,
140 MODE(mlmp), flags, 0, NULL);
141 remove_alist(&palp, 0);
142 if (rtld_flags & RT_FL_SECURE)
143 rtld_flags2 &= ~RT_FL2_FTL2WARN;
144 if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0))
145 nlmp = NULL;
146
147 if (lddstub && nlmp) {
148 lddstub = 0;
149
150 /*
151 * Fabricate a binding between the target shared object
152 * and lddstub so that the target object isn't called
153 * out from unused() processing.
154 */
155 if (lmflags &
156 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) {
157 if (bind_one(*clmp, nlmp, BND_REFER) == 0)
158 nlmp = NULL;
159 }
160
161 /*
162 * By identifying lddstub as the caller, several
163 * confusing ldd() diagnostics get suppressed. These
164 * diagnostics would reveal how the target shared object
165 * was found from lddstub. Now that the real target is
166 * loaded, identify the target as the caller so that all
167 * ldd() diagnostics are enabled for subsequent objects.
168 */
169 if (nlmp)
170 *clmp = nlmp;
171 }
172
173 /*
174 * If no error occurred with loading this object, indicate that
175 * this link-map list contains an interposer.
176 */
177 if (nlmp == NULL) {
178 if ((lmflags & LML_FLG_TRC_ENABLE) ||
179 (rtld_flags & RT_FL_SECURE))
180 continue;
181 else
182 return (0);
183 }
184 if (flags & FLG_RT_OBJINTPO)
185 lml_main.lm_flags |= LML_FLG_INTRPOSE;
186
187 }
188
189 free(palp);
190 free(objs);
191 return (1);
192 }
193
194 Rt_map *
setup(char ** envp,auxv_t * auxv,Word _flags,char * _platform,int _syspagsz,char * _rtldname,ulong_t ld_base,ulong_t interp_base,int fd,Phdr * phdr,char * execname,char ** argv,uid_t uid,uid_t euid,gid_t gid,gid_t egid,void * aoutdyn,int auxflags,uint_t * hwcap)195 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz,
196 char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr,
197 char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid,
198 void *aoutdyn, int auxflags, uint_t *hwcap)
199 {
200 Rt_map *rlmp, *mlmp, *clmp, **tobj = NULL;
201 Ehdr *ehdr;
202 rtld_stat_t status;
203 int features = 0, ldsoexec = 0;
204 size_t eaddr, esize;
205 char *str, *argvname;
206 Word lmflags;
207 mmapobj_result_t *mpp;
208 Fdesc fdr = { 0 }, fdm = { 0 };
209 Rej_desc rej = { 0 };
210 APlist *ealp = NULL;
211
212 /*
213 * Now that ld.so has relocated itself, initialize our own 'environ' so
214 * as to establish an address suitable for any libc requirements.
215 */
216 _environ = (char **)((ulong_t)auxv - sizeof (char *));
217 _init();
218 _environ = envp;
219
220 /*
221 * Establish a base time. Total time diagnostics start from entering
222 * ld.so.1 here, however the base time is reset each time the ld.so.1
223 * is re-entered. Note also, there will be a large time associated
224 * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1
225 * and establishing the liblddbg infrastructure takes some time.
226 */
227 (void) gettimeofday(&DBG_TOTALTIME, NULL);
228 DBG_DELTATIME = DBG_TOTALTIME;
229
230 /*
231 * Determine how ld.so.1 has been executed.
232 */
233 if ((fd == -1) && (phdr == NULL)) {
234 /*
235 * If we received neither the AT_EXECFD nor the AT_PHDR aux
236 * vector, ld.so.1 must have been invoked directly from the
237 * command line.
238 */
239 ldsoexec = 1;
240
241 /*
242 * AT_SUN_EXECNAME provides the most precise name, if it is
243 * available, otherwise fall back to argv[0]. At this time,
244 * there is no process name.
245 */
246 if (execname)
247 rtldname = execname;
248 else if (argv[0])
249 rtldname = argv[0];
250 else
251 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
252 } else {
253 /*
254 * Otherwise, we have a standard process. AT_SUN_EXECNAME
255 * provides the most precise name, if it is available,
256 * otherwise fall back to argv[0]. Provided the application
257 * is already mapped, the process is the application, so
258 * simplify the application name for use in any diagnostics.
259 */
260 if (execname)
261 argvname = execname;
262 else if (argv[0])
263 argvname = execname = argv[0];
264 else
265 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
266
267 if (fd == -1) {
268 if ((str = strrchr(argvname, '/')) != NULL)
269 procname = ++str;
270 else
271 procname = argvname;
272 }
273
274 /*
275 * At this point, we don't know the runtime linkers full path
276 * name. The _rtldname passed to us is the SONAME of the
277 * runtime linker, which is typically /lib/ld.so.1 no matter
278 * what the full path is. Use this for now, we'll reset the
279 * runtime linkers name once the application is analyzed.
280 */
281 if (_rtldname) {
282 if ((str = strrchr(_rtldname, '/')) != NULL)
283 rtldname = ++str;
284 else
285 rtldname = _rtldname;
286 } else
287 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
288
289 /* exec() brought in two objects for us. Count the second one */
290 cnt_map++;
291 }
292
293 /*
294 * Initialize any global variables.
295 */
296 at_flags = _flags;
297
298 if ((org_scapset->sc_plat = _platform) != NULL)
299 org_scapset->sc_platsz = strlen(_platform);
300
301 if (org_scapset->sc_plat == NULL)
302 platform_name(org_scapset);
303 if (org_scapset->sc_mach == NULL)
304 machine_name(org_scapset);
305
306 /*
307 * If pagesize is unspecified find its value.
308 */
309 if ((syspagsz = _syspagsz) == 0)
310 syspagsz = _sysconfig(_CONFIG_PAGESIZE);
311
312 /*
313 * Add the unused portion of the last data page to the free space list.
314 * The page size must be set before doing this. Here, _end refers to
315 * the end of the runtime linkers bss. Note that we do not use the
316 * unused data pages from any included .so's to supplement this free
317 * space as badly behaved .os's may corrupt this data space, and in so
318 * doing ruin our data.
319 */
320 eaddr = S_DROUND((size_t)&_end);
321 esize = eaddr % syspagsz;
322 if (esize) {
323 esize = syspagsz - esize;
324 addfree((void *)eaddr, esize);
325 }
326
327 /*
328 * Establish initial link-map list flags, and link-map list alists.
329 */
330 if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl),
331 AL_CNT_LMLISTS) == NULL)
332 return (0);
333 lml_main.lm_flags |= LML_FLG_BASELM;
334 lml_main.lm_lmid = LM_ID_BASE;
335 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE);
336
337 if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl),
338 AL_CNT_LMLISTS) == NULL)
339 return (0);
340 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_HOLDLOCK);
341 lml_rtld.lm_tflags |= LML_TFLG_NOAUDIT;
342 lml_rtld.lm_lmid = LM_ID_LDSO;
343 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO);
344
345 /*
346 * Determine whether we have a secure executable.
347 */
348 security(uid, euid, gid, egid, auxflags);
349
350 /*
351 * Make an initial pass of environment variables to pick off those
352 * related to locale processing. At the same time, collect and save
353 * any LD_XXXX variables for later processing. Note that this later
354 * processing will be skipped if ld.so.1 is invoked from the command
355 * line with -e LD_NOENVIRON.
356 */
357 if (envp && (readenv_user((const char **)envp, &ealp) == 1))
358 return (0);
359
360 /*
361 * If ld.so.1 has been invoked directly, process its arguments.
362 */
363 if (ldsoexec) {
364 /*
365 * Process any arguments that are specific to ld.so.1, and
366 * reorganize the process stack to effectively remove ld.so.1
367 * from the stack. Reinitialize the environment pointer, as
368 * this pointer may have been shifted after skipping ld.so.1's
369 * arguments.
370 */
371 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags),
372 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) {
373 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT));
374 return (0);
375 }
376 _environ = envp;
377
378 /*
379 * Open the object that ld.so.1 is to execute.
380 */
381 argvname = execname = argv[0];
382
383 if ((fd = open(argvname, O_RDONLY)) == -1) {
384 int err = errno;
385 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN),
386 argvname, strerror(err));
387 return (0);
388 }
389 }
390
391 /*
392 * Having processed any ld.so.1 command line options, return to process
393 * any LD_XXXX environment variables.
394 */
395 if (ealp) {
396 if (((rtld_flags & RT_FL_NOENVIRON) == 0) &&
397 (procenv_user(ealp, &(lml_main.lm_flags),
398 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1))
399 return (0);
400 free(ealp);
401 }
402
403 /*
404 * Initialize a hardware capability descriptor for use in comparing
405 * each loaded object. The aux vector must provide AF_SUN_HWCAPVERIFY,
406 * as prior to this setting any hardware capabilities that were found
407 * could not be relied upon.
408 */
409 if (auxflags & AF_SUN_HWCAPVERIFY) {
410 rtld_flags2 |= RT_FL2_HWCAP;
411 org_scapset->sc_hw_1 = (Xword)hwcap[0];
412 org_scapset->sc_hw_2 = (Xword)hwcap[1];
413 }
414
415 /*
416 * Create a mapping descriptor for ld.so.1. We can determine our
417 * two segments information from known symbols.
418 */
419 if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL)
420 return (0);
421 mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base);
422 mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr;
423 mpp[0].mr_fsize = mpp[0].mr_msize;
424 mpp[0].mr_prot = (PROT_READ | PROT_EXEC);
425
426 mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug);
427 mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr;
428 mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr;
429 mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC);
430
431 if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL)
432 return (0);
433 if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr,
434 (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base),
435 NULL, NULL, NULL)) == NULL)
436 return (0);
437
438 MMAPS(rlmp) = mpp;
439 MMAPCNT(rlmp) = 2;
440 PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr;
441 PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr +
442 (ulong_t)mpp[1].mr_msize;
443
444 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
445 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE |
446 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET);
447
448 /*
449 * Initialize the runtime linkers information.
450 */
451 interp = &_interp;
452 interp->i_name = (char *)rtldname;
453 interp->i_faddr = (caddr_t)ADDR(rlmp);
454 ldso_plt_init(rlmp);
455
456 /*
457 * Map in the file, if exec has not already done so, or if the file
458 * was passed as an argument to an explicit execution of ld.so.1 from
459 * the command line.
460 */
461 if (fd != -1) {
462 /*
463 * Map the file. Once the object is mapped we no longer need
464 * the file descriptor.
465 */
466 (void) rtld_fstat(fd, &status);
467 fdm.fd_oname = argvname;
468 fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname,
469 fd, &rej);
470 (void) close(fd);
471
472 if (fdm.fd_ftp == NULL) {
473 Conv_reject_desc_buf_t rej_buf;
474
475 eprintf(&lml_main, ERR_FATAL,
476 MSG_INTL(err_reject[rej.rej_type]), argvname,
477 conv_reject_desc(&rej, &rej_buf, M_MACH));
478 return (0);
479 }
480
481 /*
482 * Finish processing the loading of the file.
483 */
484 if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL)
485 return (0);
486 fdm.fd_dev = status.st_dev;
487 fdm.fd_ino = status.st_ino;
488
489 if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, NULL, &fdm,
490 NULL)) == NULL)
491 return (0);
492
493 /*
494 * We now have a process name for error diagnostics.
495 */
496 if ((str = strrchr(argvname, '/')) != NULL)
497 procname = ++str;
498 else
499 procname = argvname;
500
501 if (ldsoexec) {
502 mmapobj_result_t *mpp = MMAPS(mlmp);
503 uint_t mnum, mapnum = MMAPCNT(mlmp);
504 void *brkbase = NULL;
505
506 /*
507 * Since ld.so.1 was the primary executed object - the
508 * brk() base has not yet been initialized, we need to
509 * initialize it. For an executable, initialize it to
510 * the end of the object. For a shared object (ET_DYN)
511 * initialize it to the first page in memory.
512 */
513 for (mnum = 0; mnum < mapnum; mnum++, mpp++)
514 brkbase = mpp->mr_addr + mpp->mr_msize;
515
516 if (brkbase == NULL)
517 brkbase = (void *)syspagsz;
518
519 if (_brk_unlocked(brkbase) == -1) {
520 int err = errno;
521
522 eprintf(&lml_main, ERR_FATAL,
523 MSG_INTL(MSG_SYS_BRK), argvname,
524 strerror(err));
525 return (0);
526 }
527 }
528 } else {
529 /*
530 * Set up function ptr and arguments according to the type
531 * of file class the executable is. (Currently only supported
532 * types are ELF and a.out format.) Then create a link map
533 * for the executable.
534 */
535 if (aoutdyn) {
536 #ifdef A_OUT
537 mmapobj_result_t *mpp;
538
539 /*
540 * Create a mapping structure sufficient to describe
541 * a single two segments. The ADDR() of the a.out is
542 * established as 0, which is required but the AOUT
543 * relocation code.
544 */
545 if ((mpp =
546 calloc(sizeof (mmapobj_result_t), 2)) == NULL)
547 return (0);
548
549 if ((fdm.fd_nname =
550 stravl_insert(execname, 0, 0, 0)) == NULL)
551 return (0);
552 if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA,
553 &fdm, 0, 0, aoutdyn, NULL, NULL)) == NULL)
554 return (0);
555
556 /*
557 * Establish the true mapping information for the a.out.
558 */
559 if (aout_get_mmap(&lml_main, mpp)) {
560 free(mpp);
561 return (0);
562 }
563
564 MSIZE(mlmp) =
565 (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) -
566 S_ALIGN((size_t)mpp[0].mr_addr, syspagsz);
567 MMAPS(mlmp) = mpp;
568 MMAPCNT(mlmp) = 2;
569 PADSTART(mlmp) = (ulong_t)mpp->mr_addr;
570 PADIMLEN(mlmp) = mpp->mr_msize;
571
572 /*
573 * Disable any object configuration cache (BCP apps
574 * bring in sbcp which can benefit from any object
575 * cache, but both the app and sbcp can't use the same
576 * objects).
577 */
578 rtld_flags |= RT_FL_NOOBJALT;
579
580 /*
581 * Make sure no-direct bindings are in effect.
582 */
583 lml_main.lm_tflags |= LML_TFLG_NODIRECT;
584 #else
585 eprintf(&lml_main, ERR_FATAL,
586 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname);
587 return (0);
588 #endif
589 } else if (phdr) {
590 Phdr *pptr;
591 Off i_offset = 0;
592 Addr base = 0;
593 ulong_t phsize;
594 mmapobj_result_t *mpp, *fmpp, *hmpp = NULL;
595 uint_t mapnum = 0;
596 int i;
597 size_t msize;
598
599 /*
600 * Using the executables phdr address determine the base
601 * address of the input file. NOTE, this assumes the
602 * program headers and elf header are part of the same
603 * mapped segment. Although this has held for many
604 * years now, it might be more flexible if the kernel
605 * gave use the ELF headers start address, rather than
606 * the Program headers.
607 *
608 * Determine from the ELF header if we're been called
609 * from a shared object or dynamic executable. If the
610 * latter, then any addresses within the object are used
611 * as is. Addresses within shared objects must be added
612 * to the process's base address.
613 */
614 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset);
615 phsize = ehdr->e_phentsize;
616 if (ehdr->e_type == ET_DYN)
617 base = (Addr)ehdr;
618
619 /*
620 * Allocate a mapping array to retain mapped segment
621 * information.
622 */
623 if ((fmpp = mpp = calloc(ehdr->e_phnum,
624 sizeof (mmapobj_result_t))) == NULL)
625 return (0);
626
627 /*
628 * Extract the needed information from the segment
629 * headers.
630 */
631 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) {
632 if (pptr->p_type == PT_INTERP) {
633 i_offset = pptr->p_offset;
634 interp->i_faddr =
635 (caddr_t)interp_base;
636 }
637 if ((pptr->p_type == PT_LOAD) &&
638 (pptr->p_filesz || pptr->p_memsz)) {
639 int perm = (PROT_READ | PROT_EXEC);
640 size_t off;
641
642 if (i_offset && pptr->p_filesz &&
643 (i_offset >= pptr->p_offset) &&
644 (i_offset <=
645 (pptr->p_memsz + pptr->p_offset))) {
646 interp->i_name = (char *)
647 pptr->p_vaddr + i_offset -
648 pptr->p_offset + base;
649 i_offset = 0;
650 }
651
652 if (pptr->p_flags & PF_W)
653 perm |= PROT_WRITE;
654
655 /*
656 * Retain segments mapping info. Round
657 * each segment to a page boundary, as
658 * this insures addresses are suitable
659 * for mprotect() if required.
660 */
661 off = pptr->p_vaddr + base;
662 if (hmpp == NULL) {
663 hmpp = mpp;
664 mpp->mr_addr = (caddr_t)ehdr;
665 } else
666 mpp->mr_addr = (caddr_t)off;
667
668 off -= (size_t)(uintptr_t)mpp->mr_addr;
669 mpp->mr_msize = pptr->p_memsz + off;
670 mpp->mr_fsize = pptr->p_filesz + off;
671 mpp->mr_prot = perm;
672
673 mpp++, mapnum++;
674 }
675
676 pptr = (Phdr *)((ulong_t)pptr + phsize);
677 }
678
679 mpp--;
680 msize = (size_t)(mpp->mr_addr + mpp->mr_msize) -
681 S_ALIGN((size_t)fmpp->mr_addr, syspagsz);
682
683 if ((fdm.fd_nname =
684 stravl_insert(execname, 0, 0, 0)) == NULL)
685 return (0);
686 if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA,
687 &fdm, (Addr)hmpp->mr_addr, msize,
688 NULL, NULL, NULL)) == NULL)
689 return (0);
690
691 MMAPS(mlmp) = fmpp;
692 MMAPCNT(mlmp) = mapnum;
693 PADSTART(mlmp) = (ulong_t)fmpp->mr_addr;
694 PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr +
695 (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize;
696 }
697 }
698
699 /*
700 * Establish the interpretors name as that defined within the initial
701 * object (executable). This provides for ORIGIN processing of ld.so.1
702 * dependencies. Note, the NAME() of the object remains that which was
703 * passed to us as the SONAME on execution.
704 */
705 if (ldsoexec == 0) {
706 size_t len = strlen(interp->i_name);
707
708 if (expand(&interp->i_name, &len, 0, 0,
709 (PD_TKN_ISALIST | PD_TKN_CAP), rlmp) & PD_TKN_RESOLVED)
710 fdr.fd_flags |= FLG_FD_RESOLVED;
711 }
712 fdr.fd_pname = interp->i_name;
713 (void) fullpath(rlmp, &fdr);
714
715 /*
716 * The runtime linker acts as a filtee for various dl*() functions that
717 * are defined in libc (and libdl). Make sure this standard name for
718 * the runtime linker is also registered in the FullPathNode AVL tree.
719 */
720 (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0);
721
722 /*
723 * Having established the true runtime linkers name, simplify the name
724 * for error diagnostics.
725 */
726 if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL)
727 rtldname = ++str;
728 else
729 rtldname = PATHNAME(rlmp);
730
731 /*
732 * Expand the fullpath name of the application. This typically occurs
733 * as a part of loading an object, but as the kernel probably mapped
734 * it in, complete this processing now.
735 */
736 (void) fullpath(mlmp, 0);
737
738 /*
739 * Some troublesome programs will change the value of argv[0]. Dupping
740 * the process string protects us, and insures the string is left in
741 * any core files.
742 */
743 if ((str = (char *)strdup(procname)) == NULL)
744 return (0);
745 procname = str;
746
747 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET);
748 FLAGS1(mlmp) |= FL1_RT_USED;
749
750 /*
751 * It's the responsibility of MAIN(crt0) to call it's _init and _fini
752 * section, therefore null out any INIT/FINI so that this object isn't
753 * collected during tsort processing. And, if the application has no
754 * initarray or finiarray we can economize on establishing bindings.
755 */
756 INIT(mlmp) = FINI(mlmp) = NULL;
757 if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL))
758 FLAGS1(mlmp) |= FL1_RT_NOINIFIN;
759
760 /*
761 * Identify lddstub if necessary.
762 */
763 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB)
764 FLAGS1(mlmp) |= FL1_RT_LDDSTUB;
765
766 /*
767 * Retain our argument information for use in dlinfo.
768 */
769 argsinfo.dla_argv = argv--;
770 argsinfo.dla_argc = (long)*argv;
771 argsinfo.dla_envp = envp;
772 argsinfo.dla_auxv = auxv;
773
774 (void) enter(0);
775
776 /*
777 * Add our two main link-maps to the dynlm_list
778 */
779 if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL)
780 return (0);
781
782 if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL)
783 return (0);
784
785 /*
786 * Reset the link-map counts for both lists. The init count is used to
787 * track how many objects have pending init sections, this gets incre-
788 * mented each time an object is relocated. Since ld.so.1 relocates
789 * itself, it's init count will remain zero.
790 * The object count is used to track how many objects have pending fini
791 * sections, as ld.so.1 handles its own fini we can zero its count.
792 */
793 lml_main.lm_obj = 1;
794 lml_rtld.lm_obj = 0;
795
796 /*
797 * Initialize debugger information structure. Some parts of this
798 * structure were initialized statically.
799 */
800 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head;
801 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head;
802 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr;
803 r_debug.rtd_dynlmlst = &dynlm_list;
804
805 /*
806 * Determine the dev/inode information for the executable to complete
807 * load_so() checking for those who might dlopen(a.out).
808 */
809 if (rtld_stat(PATHNAME(mlmp), &status) == 0) {
810 STDEV(mlmp) = status.st_dev;
811 STINO(mlmp) = status.st_ino;
812 }
813
814 /*
815 * Initialize any configuration information.
816 */
817 if (!(rtld_flags & RT_FL_NOCFG)) {
818 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1)
819 return (0);
820 }
821
822 #if defined(_ELF64)
823 /*
824 * If this is a 64-bit process, determine whether this process has
825 * restricted the process address space to 32-bits. Any dependencies
826 * that are restricted to a 32-bit address space can only be loaded if
827 * the executable has established this requirement.
828 */
829 if (CAPSET(mlmp).sc_sf_1 & SF1_SUNW_ADDR32)
830 rtld_flags2 |= RT_FL2_ADDR32;
831 #endif
832 /*
833 * Establish any alternative capabilities, and validate this object
834 * if it defines it's own capabilities information.
835 */
836 if (cap_alternative() == 0)
837 return (0);
838
839 if (cap_check_lmp(mlmp, &rej) == 0) {
840 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) {
841 /* LINTED */
842 (void) printf(MSG_INTL(ldd_warn[rej.rej_type]),
843 NAME(mlmp), rej.rej_str);
844 } else {
845 /* LINTED */
846 eprintf(&lml_main, ERR_FATAL,
847 MSG_INTL(err_reject[rej.rej_type]),
848 NAME(mlmp), rej.rej_str);
849 return (0);
850 }
851 }
852
853 /*
854 * Establish the modes of the initial object. These modes are
855 * propagated to any preloaded objects and explicit shared library
856 * dependencies.
857 *
858 * If we're generating a configuration file using crle(1), remove
859 * any RTLD_NOW use, as we don't want to trigger any relocation proc-
860 * essing during crle(1)'s first past (this would just be unnecessary
861 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is
862 * not required to trigger filter loading.
863 *
864 * Note, RTLD_NOW may have been established during analysis of the
865 * application had the application been built -z now.
866 */
867 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
868
869 if (rtld_flags & RT_FL_CONFGEN) {
870 MODE(mlmp) |= RTLD_CONFGEN;
871 MODE(mlmp) &= ~RTLD_NOW;
872 rtld_flags2 &= ~RT_FL2_BINDNOW;
873 }
874
875 if ((MODE(mlmp) & RTLD_NOW) == 0) {
876 if (rtld_flags2 & RT_FL2_BINDNOW)
877 MODE(mlmp) |= RTLD_NOW;
878 else
879 MODE(mlmp) |= RTLD_LAZY;
880 }
881
882 /*
883 * If debugging was requested initialize things now that any cache has
884 * been established. A user can specify LD_DEBUG=help to discover the
885 * list of debugging tokens available without running the application.
886 * However, don't allow this setting from a configuration file.
887 *
888 * Note, to prevent recursion issues caused by loading and binding the
889 * debugging libraries themselves, a local debugging descriptor is
890 * initialized. Once the debugging setup has completed, this local
891 * descriptor is copied to the global descriptor which effectively
892 * enables diagnostic output.
893 *
894 * Ignore any debugging request if we're being monitored by a process
895 * that expects the old getpid() initialization handshake.
896 */
897 if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) {
898 Dbg_desc _dbg_desc = {0};
899 struct timeval total = DBG_TOTALTIME;
900 struct timeval delta = DBG_DELTATIME;
901
902 if (rpl_debug) {
903 if (dbg_setup(rpl_debug, &_dbg_desc) == 0)
904 return (0);
905 if (_dbg_desc.d_extra & DBG_E_HELP_EXIT)
906 rtldexit(&lml_main, 0);
907 }
908 if (prm_debug)
909 (void) dbg_setup(prm_debug, &_dbg_desc);
910
911 *dbg_desc = _dbg_desc;
912 DBG_TOTALTIME = total;
913 DBG_DELTATIME = delta;
914 }
915
916 /*
917 * Now that debugging is enabled generate any diagnostics from any
918 * previous events.
919 */
920 if (DBG_ENABLED) {
921 DBG_CALL(Dbg_cap_val(&lml_main, org_scapset, alt_scapset,
922 M_MACH));
923 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name,
924 features));
925
926 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv,
927 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA));
928
929 if (THIS_IS_ELF(mlmp)) {
930 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp),
931 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr,
932 ALIST_OFF_DATA));
933 } else {
934 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp),
935 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr,
936 ALIST_OFF_DATA));
937 }
938 }
939
940 /*
941 * Enable auditing.
942 */
943 if (rpl_audit || prm_audit || profile_lib) {
944 int ndx;
945 const char *aud[3];
946
947 aud[0] = rpl_audit;
948 aud[1] = prm_audit;
949 aud[2] = profile_lib;
950
951 /*
952 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that
953 * can't be established is non-fatal.
954 */
955 if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL)
956 return (0);
957
958 for (ndx = 0; ndx < 3; ndx++) {
959 if (aud[ndx]) {
960 if ((auditors->ad_name =
961 strdup(aud[ndx])) == NULL)
962 return (0);
963 rtld_flags2 |= RT_FL2_FTL2WARN;
964 (void) audit_setup(mlmp, auditors,
965 PD_FLG_EXTLOAD, NULL);
966 rtld_flags2 &= ~RT_FL2_FTL2WARN;
967 }
968 }
969 lml_main.lm_tflags |= auditors->ad_flags;
970 }
971 if (AUDITORS(mlmp)) {
972 /*
973 * Any object required auditing (set with a DT_DEPAUDIT dynamic
974 * entry) that can't be established is fatal.
975 */
976 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) {
977 /*
978 * If this object requires global auditing, use the
979 * local auditing information to set the global
980 * auditing descriptor. The effect is that a
981 * DT_DEPAUDIT act as an LD_AUDIT.
982 */
983 if ((auditors == NULL) && ((auditors = calloc(1,
984 sizeof (Audit_desc))) == NULL))
985 return (0);
986
987 auditors->ad_name = AUDITORS(mlmp)->ad_name;
988 if (audit_setup(mlmp, auditors, 0, NULL) == 0)
989 return (0);
990 lml_main.lm_tflags |= auditors->ad_flags;
991
992 /*
993 * Clear the local auditor information.
994 */
995 free((void *) AUDITORS(mlmp));
996 AUDITORS(mlmp) = NULL;
997
998 } else {
999 /*
1000 * Establish any local auditing.
1001 */
1002 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0)
1003 return (0);
1004
1005 AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags;
1006 lml_main.lm_flags |= LML_FLG_LOCAUDIT;
1007 }
1008 }
1009
1010 /*
1011 * Explicitly add the initial object and ld.so.1 to those objects being
1012 * audited. Note, although the ld.so.1 link-map isn't auditable,
1013 * establish a cookie for ld.so.1 as this may be bound to via the
1014 * dl*() family.
1015 */
1016 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) {
1017 if (((audit_objopen(mlmp, mlmp) == 0) ||
1018 (audit_objopen(mlmp, rlmp) == 0)) &&
1019 (AFLAGS(mlmp) & LML_TFLG_AUD_MASK))
1020 return (0);
1021 }
1022
1023 /*
1024 * Map in any preloadable shared objects. Establish the caller as the
1025 * head of the main link-map list. In the case of being exercised from
1026 * lddstub, the caller gets reassigned to the first target shared object
1027 * so as to provide intuitive diagnostics from ldd().
1028 *
1029 * Note, it is valid to preload a 4.x shared object with a 5.0
1030 * executable (or visa-versa), as this functionality is required by
1031 * ldd(1).
1032 */
1033 clmp = mlmp;
1034 if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0))
1035 return (0);
1036 if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0))
1037 return (0);
1038
1039 /*
1040 * Load all dependent (needed) objects.
1041 */
1042 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == NULL)
1043 return (0);
1044
1045 /*
1046 * Relocate all the dependencies we've just added.
1047 *
1048 * If this process has been established via crle(1), the environment
1049 * variable LD_CONFGEN will have been set. crle(1) may create this
1050 * process twice. The first time crle only needs to gather dependency
1051 * information. The second time, is to dldump() the images.
1052 *
1053 * If we're only gathering dependencies, relocation is unnecessary.
1054 * As crle(1) may be building an arbitrary family of objects, they may
1055 * not fully relocate either. Hence the relocation phase is not carried
1056 * out now, but will be called by crle(1) once all objects have been
1057 * loaded.
1058 */
1059 if ((rtld_flags & RT_FL_CONFGEN) == 0) {
1060
1061 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
1062
1063 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp,
1064 mlmp, NULL) == 0)
1065 return (0);
1066
1067 /*
1068 * Inform the debuggers that basic process initialization is
1069 * complete, and that the state of ld.so.1 (link-map lists,
1070 * etc.) is stable. This handshake enables the debugger to
1071 * initialize themselves, and consequently allows the user to
1072 * set break points in .init code.
1073 *
1074 * Most new debuggers use librtld_db to monitor activity events.
1075 * Older debuggers indicated their presence by setting the
1076 * DT_DEBUG entry in the dynamic executable (see elf_new_lm()).
1077 * In this case, getpid() is called so that the debugger can
1078 * catch the system call. This old mechanism has some
1079 * restrictions, as getpid() should not be called prior to
1080 * basic process initialization being completed. This
1081 * restriction has become increasingly difficult to maintain,
1082 * as the use of auditors, LD_DEBUG, and the initialization
1083 * handshake with libc can result in "premature" getpid()
1084 * calls. The use of this getpid() handshake is expected to
1085 * disappear at some point in the future, and there is intent
1086 * to work towards that goal.
1087 */
1088 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT);
1089 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT);
1090
1091 if (rtld_flags & RT_FL_DEBUGGER) {
1092 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG;
1093 (void) getpid();
1094 }
1095 }
1096
1097 /*
1098 * Indicate preinit activity, and call any auditing routines. These
1099 * routines are called before initializing any threads via libc, or
1100 * before collecting the complete set of .inits on the primary link-map.
1101 * Although most libc interfaces are encapsulated in local routines
1102 * within libc, they have been known to escape (ie. call a .plt). As
1103 * the appcert auditor uses preinit as a trigger to establish some
1104 * external interfaces to the main link-maps libc, we need to activate
1105 * this trigger before exercising any code within libc. Additionally,
1106 * I wouldn't put it past an auditor to add additional objects to the
1107 * primary link-map. Hence, we collect .inits after the audit call.
1108 */
1109 rd_event(&lml_main, RD_PREINIT, 0);
1110
1111 if (aud_activity ||
1112 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY))
1113 audit_activity(mlmp, LA_ACT_CONSISTENT);
1114 if (aud_preinit ||
1115 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT))
1116 audit_preinit(mlmp);
1117
1118 /*
1119 * If we're creating initial configuration information, we're done
1120 * now that the auditing step has been called.
1121 */
1122 if (rtld_flags & RT_FL_CONFGEN) {
1123 leave(LIST(mlmp), 0);
1124 return (mlmp);
1125 }
1126
1127 /*
1128 * Sort the .init sections of all objects we've added. If we're
1129 * tracing we only need to execute this under ldd(1) with the -i or -u
1130 * options.
1131 */
1132 lmflags = lml_main.lm_flags;
1133 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) ||
1134 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) {
1135 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init,
1136 RT_SORT_REV)) == (Rt_map **)S_ERROR)
1137 return (0);
1138 }
1139
1140 /*
1141 * If we are tracing we're done. This is the one legitimate use of a
1142 * direct call to rtldexit() rather than return, as we don't want to
1143 * return and jump to the application.
1144 */
1145 if (lmflags & LML_FLG_TRC_ENABLE) {
1146 unused(&lml_main);
1147 rtldexit(&lml_main, 0);
1148 }
1149
1150 /*
1151 * Check if this instance of the linker should have a primary link
1152 * map. This flag allows multiple copies of the -same- -version-
1153 * of the linker (and libc) to run in the same address space.
1154 *
1155 * Without this flag we only support one copy of the linker in a
1156 * process because by default the linker will always try to
1157 * initialize at one primary link map The copy of libc which is
1158 * initialized on a primary link map will initialize global TLS
1159 * data which can be shared with other copies of libc in the
1160 * process. The problem is that if there is more than one copy
1161 * of the linker, only one copy should link libc onto a primary
1162 * link map, otherwise libc will attempt to re-initialize global
1163 * TLS data. So when a copy of the linker is loaded with this
1164 * flag set, it will not initialize any primary link maps since
1165 * presumably another copy of the linker will do this.
1166 *
1167 * Note that this flag only allows multiple copies of the -same-
1168 * -version- of the linker (and libc) to coexist. This approach
1169 * will not work if we are trying to load different versions of
1170 * the linker and libc into the same process. The reason for
1171 * this is that the format of the global TLS data may not be
1172 * the same for different versions of libc. In this case each
1173 * different version of libc must have it's own primary link map
1174 * and be able to maintain it's own TLS data. The only way this
1175 * can be done is by carefully managing TLS pointers on transitions
1176 * between code associated with each of the different linkers.
1177 * Note that this is actually what is done for processes in lx
1178 * branded zones. Although in the lx branded zone case, the
1179 * other linker and libc are actually gld and glibc. But the
1180 * same general TLS management mechanism used by the lx brand
1181 * would apply to any attempts to run multiple versions of the
1182 * solaris linker and libc in a single process.
1183 */
1184 if (auxflags & AF_SUN_NOPLM)
1185 rtld_flags2 |= RT_FL2_NOPLM;
1186
1187 /*
1188 * Establish any static TLS for this primary link-map. Note, regardless
1189 * of whether TLS is available, an initial handshake occurs with libc to
1190 * indicate we're processing the primary link-map. Having identified
1191 * the primary link-map, initialize threads.
1192 */
1193 if (rt_get_extern(&lml_main, mlmp) == 0)
1194 return (0);
1195
1196 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) {
1197 if (tls_statmod(&lml_main, mlmp) == 0)
1198 return (0);
1199 rt_thr_init(&lml_main);
1200 rtld_flags2 |= RT_FL2_PLMSETUP;
1201 } else {
1202 rt_thr_init(&lml_main);
1203 }
1204
1205 /*
1206 * Fire all dependencies .init sections. Identify any unused
1207 * dependencies, and leave the runtime linker - effectively calling
1208 * the dynamic executables entry point.
1209 */
1210 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp,
1211 SHT_PREINIT_ARRAY);
1212
1213 if (tobj)
1214 call_init(tobj, DBG_INIT_SORT);
1215
1216 rd_event(&lml_main, RD_POSTINIT, 0);
1217
1218 unused(&lml_main);
1219
1220 DBG_CALL(Dbg_util_call_main(mlmp));
1221
1222 rtld_flags |= (RT_FL_OPERATION | RT_FL_APPLIC);
1223
1224 leave(LIST(mlmp), 0);
1225
1226 return (mlmp);
1227 }
1228