1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * Copyright (c) 2015, Joyent, Inc. All rights reserved.
29 */
30
31 /*
32 * Dump an elf file.
33 */
34 #include <stddef.h>
35 #include <sys/elf_386.h>
36 #include <sys/elf_amd64.h>
37 #include <sys/elf_SPARC.h>
38 #include <_libelf.h>
39 #include <dwarf.h>
40 #include <stdio.h>
41 #include <unistd.h>
42 #include <errno.h>
43 #include <strings.h>
44 #include <debug.h>
45 #include <conv.h>
46 #include <msg.h>
47 #include <_elfdump.h>
48
49
50 /*
51 * VERSYM_STATE is used to maintain information about the VERSYM section
52 * in the object being analyzed. It is filled in by versions(), and used
53 * by init_symtbl_state() when displaying symbol information.
54 *
55 * There are three forms of symbol versioning known to us:
56 *
57 * 1) The original form, introduced with Solaris 2.5, in which
58 * the Versym contains indexes to Verdef records, and the
59 * Versym values for UNDEF symbols resolved by other objects
60 * are all set to 0.
61 * 2) The GNU form, which is backward compatible with the original
62 * Solaris form, but which adds several extensions:
63 * - The Versym also contains indexes to Verneed records, recording
64 * which object/version contributed the external symbol at
65 * link time. These indexes start with the next value following
66 * the final Verdef index. The index is written to the previously
67 * reserved vna_other field of the ELF Vernaux structure.
68 * - The top bit of the Versym value is no longer part of the index,
69 * but is used as a "hidden bit" to prevent binding to the symbol.
70 * - Multiple implementations of a given symbol, contained in varying
71 * versions are allowed, using special assembler pseudo ops,
72 * and encoded in the symbol name using '@' characters.
73 * 3) Modified Solaris form, in which we adopt the first GNU extension
74 * (Versym indexes to Verneed records), but not the others.
75 *
76 * elfdump can handle any of these cases. The presence of a DT_VERSYM
77 * dynamic element indicates a full GNU object. An object that lacks
78 * a DT_VERSYM entry, but which has non-zero vna_other fields in the Vernaux
79 * structures is a modified Solaris object. An object that has neither of
80 * these uses the original form.
81 *
82 * max_verndx contains the largest version index that can appear
83 * in a Versym entry. This can never be less than 1: In the case where
84 * there is no verdef/verneed sections, the [0] index is reserved
85 * for local symbols, and the [1] index for globals. If the original
86 * Solaris versioning rules are in effect and there is a verdef section,
87 * then max_verndex is the number of defined versions. If one of the
88 * other versioning forms is in effect, then:
89 * 1) If there is no verneed section, it is the same as for
90 * original Solaris versioning.
91 * 2) If there is a verneed section, the vna_other field of the
92 * Vernaux structs contain versions, and max_verndx is the
93 * largest such index.
94 *
95 * If gnu_full is True, the object uses the full GNU form of versioning.
96 * The value of the gnu_full field is based on the presence of
97 * a DT_VERSYM entry in the dynamic section: GNU ld produces these, and
98 * Solaris ld does not.
99 *
100 * The gnu_needed field is True if the Versym contains indexes to
101 * Verneed records, as indicated by non-zero vna_other fields in the Verneed
102 * section. If gnu_full is True, then gnu_needed will always be true.
103 * However, gnu_needed can be true without gnu_full. This is the modified
104 * Solaris form.
105 */
106 typedef struct {
107 Cache *cache; /* Pointer to cache entry for VERSYM */
108 Versym *data; /* Pointer to versym array */
109 int gnu_full; /* True if object uses GNU versioning rules */
110 int gnu_needed; /* True if object uses VERSYM indexes for */
111 /* VERNEED (subset of gnu_full) */
112 int max_verndx; /* largest versym index value */
113 } VERSYM_STATE;
114
115 /*
116 * SYMTBL_STATE is used to maintain information about a single symbol
117 * table section, for use by the routines that display symbol information.
118 */
119 typedef struct {
120 const char *file; /* Name of file */
121 Ehdr *ehdr; /* ELF header for file */
122 Cache *cache; /* Cache of all section headers */
123 uchar_t osabi; /* OSABI to use */
124 Word shnum; /* # of sections in cache */
125 Cache *seccache; /* Cache of symbol table section hdr */
126 Word secndx; /* Index of symbol table section hdr */
127 const char *secname; /* Name of section */
128 uint_t flags; /* Command line option flags */
129 struct { /* Extended section index data */
130 int checked; /* TRUE if already checked for shxndx */
131 Word *data; /* NULL, or extended section index */
132 /* used for symbol table entries */
133 uint_t n; /* # items in shxndx.data */
134 } shxndx;
135 VERSYM_STATE *versym; /* NULL, or associated VERSYM section */
136 Sym *sym; /* Array of symbols */
137 Word symn; /* # of symbols */
138 } SYMTBL_STATE;
139
140 /*
141 * A variable of this type is used to track information related to
142 * .eh_frame and .eh_frame_hdr sections across calls to unwind_eh_frame().
143 */
144 typedef struct {
145 Word frame_cnt; /* # .eh_frame sections seen */
146 Word frame_ndx; /* Section index of 1st .eh_frame */
147 Word hdr_cnt; /* # .eh_frame_hdr sections seen */
148 Word hdr_ndx; /* Section index of 1st .eh_frame_hdr */
149 uint64_t frame_ptr; /* Value of FramePtr field from first */
150 /* .eh_frame_hdr section */
151 uint64_t frame_base; /* Data addr of 1st .eh_frame */
152 } gnu_eh_state_t;
153
154 /*
155 * C++ .exception_ranges entries make use of the signed ptrdiff_t
156 * type to record self-relative pointer values. We need a type
157 * for this that is matched to the ELFCLASS being processed.
158 */
159 #if defined(_ELF64)
160 typedef int64_t PTRDIFF_T;
161 #else
162 typedef int32_t PTRDIFF_T;
163 #endif
164
165 /*
166 * The Sun C++ ABI uses this struct to define each .exception_ranges
167 * entry. From the ABI:
168 *
169 * The field ret_addr is a self relative pointer to the start of the address
170 * range. The name was chosen because in the current implementation the range
171 * typically starts at the return address for a call site.
172 *
173 * The field length is the difference, in bytes, between the pc of the last
174 * instruction covered by the exception range and the first. When only a
175 * single call site is represented without optimization, this will equal zero.
176 *
177 * The field handler_addr is a relative pointer which stores the difference
178 * between the start of the exception range and the address of all code to
179 * catch exceptions and perform the cleanup for stack unwinding.
180 *
181 * The field type_block is a relative pointer which stores the difference
182 * between the start of the exception range and the address of an array used
183 * for storing a list of the types of exceptions which can be caught within
184 * the exception range.
185 */
186 typedef struct {
187 PTRDIFF_T ret_addr;
188 Xword length;
189 PTRDIFF_T handler_addr;
190 PTRDIFF_T type_block;
191 Xword reserved;
192 } exception_range_entry;
193
194 /*
195 * Focal point for verifying symbol names.
196 */
197 static const char *
string(Cache * refsec,Word ndx,Cache * strsec,const char * file,Word name)198 string(Cache *refsec, Word ndx, Cache *strsec, const char *file, Word name)
199 {
200 /*
201 * If an error in this routine is due to a property of the string
202 * section, as opposed to a bad offset into the section (a property of
203 * the referencing section), then we will detect the same error on
204 * every call involving those sections. We use these static variables
205 * to retain the information needed to only issue each such error once.
206 */
207 static Cache *last_refsec; /* Last referencing section seen */
208 static int strsec_err; /* True if error issued */
209
210 const char *strs;
211 Word strn;
212
213 if ((strsec->c_data == NULL) || (strsec->c_data->d_buf == NULL))
214 return (NULL);
215
216 strs = (char *)strsec->c_data->d_buf;
217 strn = strsec->c_data->d_size;
218
219 /*
220 * We only print a diagnostic regarding a bad string table once per
221 * input section being processed. If the refsec has changed, reset
222 * our retained error state.
223 */
224 if (last_refsec != refsec) {
225 last_refsec = refsec;
226 strsec_err = 0;
227 }
228
229 /* Verify that strsec really is a string table */
230 if (strsec->c_shdr->sh_type != SHT_STRTAB) {
231 if (!strsec_err) {
232 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOTSTRTAB),
233 file, strsec->c_ndx, refsec->c_ndx);
234 strsec_err = 1;
235 }
236 return (MSG_INTL(MSG_STR_UNKNOWN));
237 }
238
239 /*
240 * Is the string table offset within range of the available strings?
241 */
242 if (name >= strn) {
243 /*
244 * Do we have a empty string table?
245 */
246 if (strs == NULL) {
247 if (!strsec_err) {
248 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
249 file, strsec->c_name);
250 strsec_err = 1;
251 }
252 } else {
253 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSTOFF),
254 file, refsec->c_name, EC_WORD(ndx), strsec->c_name,
255 EC_WORD(name), EC_WORD(strn - 1));
256 }
257
258 /*
259 * Return the empty string so that the calling function can
260 * continue it's output diagnostics.
261 */
262 return (MSG_INTL(MSG_STR_UNKNOWN));
263 }
264 return (strs + name);
265 }
266
267 /*
268 * Relocations can reference section symbols and standard symbols. If the
269 * former, establish the section name.
270 */
271 static const char *
relsymname(Cache * cache,Cache * csec,Cache * strsec,Word symndx,Word symnum,Word relndx,Sym * syms,char * secstr,size_t secsz,const char * file)272 relsymname(Cache *cache, Cache *csec, Cache *strsec, Word symndx, Word symnum,
273 Word relndx, Sym *syms, char *secstr, size_t secsz, const char *file)
274 {
275 Sym *sym;
276 const char *name;
277
278 if (symndx >= symnum) {
279 (void) fprintf(stderr, MSG_INTL(MSG_ERR_RELBADSYMNDX),
280 file, EC_WORD(symndx), EC_WORD(relndx));
281 return (MSG_INTL(MSG_STR_UNKNOWN));
282 }
283
284 sym = (Sym *)(syms + symndx);
285 name = string(csec, symndx, strsec, file, sym->st_name);
286
287 /*
288 * If the symbol represents a section offset construct an appropriate
289 * string. Note, although section symbol table entries typically have
290 * a NULL name pointer, entries do exist that point into the string
291 * table to their own NULL strings.
292 */
293 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION) &&
294 ((sym->st_name == 0) || (*name == '\0'))) {
295 (void) snprintf(secstr, secsz, MSG_INTL(MSG_STR_SECTION),
296 cache[sym->st_shndx].c_name);
297 return ((const char *)secstr);
298 }
299
300 return (name);
301 }
302
303 /*
304 * Focal point for establishing a string table section. Data such as the
305 * dynamic information simply points to a string table. Data such as
306 * relocations, reference a symbol table, which in turn is associated with a
307 * string table.
308 */
309 static int
stringtbl(Cache * cache,int symtab,Word ndx,Word shnum,const char * file,Word * symnum,Cache ** symsec,Cache ** strsec)310 stringtbl(Cache *cache, int symtab, Word ndx, Word shnum, const char *file,
311 Word *symnum, Cache **symsec, Cache **strsec)
312 {
313 Shdr *shdr = cache[ndx].c_shdr;
314
315 /*
316 * If symtab is non-zero, the ndx we are called with represents a
317 * shdr which links to a symbol table (which then links to a string
318 * table)
319 */
320 if (symtab != 0) {
321 /*
322 * Validate the symbol table linkage.
323 */
324 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) {
325 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
326 file, cache[ndx].c_name, EC_WORD(shdr->sh_link));
327 return (0);
328 }
329
330 /*
331 * Establish the symbol table index.
332 */
333 ndx = shdr->sh_link;
334 shdr = cache[ndx].c_shdr;
335
336 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) {
337 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
338 file, cache[ndx].c_name);
339 return (0);
340 }
341
342 /*
343 * Obtain, and verify the symbol table data.
344 */
345 if ((cache[ndx].c_data == NULL) ||
346 (cache[ndx].c_data->d_buf == NULL)) {
347 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
348 file, cache[ndx].c_name);
349 return (0);
350 }
351
352 /*
353 * Return symbol table information.
354 */
355 if (symnum)
356 *symnum = (shdr->sh_size / shdr->sh_entsize);
357 if (symsec)
358 *symsec = &cache[ndx];
359 }
360
361 /*
362 * Validate the string table linkage.
363 */
364 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) {
365 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
366 file, cache[ndx].c_name, EC_WORD(shdr->sh_link));
367 return (0);
368 }
369
370 if (strsec)
371 *strsec = &cache[shdr->sh_link];
372
373 return (1);
374 }
375
376 /*
377 * Lookup a symbol and set Sym accordingly.
378 *
379 * entry:
380 * name - Name of symbol to lookup
381 * cache - Cache of all section headers
382 * shnum - # of sections in cache
383 * sym - Address of pointer to receive symbol
384 * target - NULL, or section to which the symbol must be associated.
385 * symtab - Symbol table to search for symbol
386 * file - Name of file
387 *
388 * exit:
389 * If the symbol is found, *sym is set to reference it, and True is
390 * returned. If target is non-NULL, the symbol must reference the given
391 * section --- otherwise the section is not checked.
392 *
393 * If no symbol is found, False is returned.
394 */
395 static int
symlookup(const char * name,Cache * cache,Word shnum,Sym ** sym,Cache * target,Cache * symtab,const char * file)396 symlookup(const char *name, Cache *cache, Word shnum, Sym **sym,
397 Cache *target, Cache *symtab, const char *file)
398 {
399 Shdr *shdr;
400 Word symn, cnt;
401 Sym *syms;
402
403 if (symtab == 0)
404 return (0);
405
406 shdr = symtab->c_shdr;
407
408 /*
409 * Determine the symbol data and number.
410 */
411 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) {
412 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
413 file, symtab->c_name);
414 return (0);
415 }
416 if ((symtab->c_data == NULL) || (symtab->c_data->d_buf == NULL))
417 return (0);
418
419 /* LINTED */
420 symn = (Word)(shdr->sh_size / shdr->sh_entsize);
421 syms = (Sym *)symtab->c_data->d_buf;
422
423 /*
424 * Get the associated string table section.
425 */
426 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) {
427 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
428 file, symtab->c_name, EC_WORD(shdr->sh_link));
429 return (0);
430 }
431
432 /*
433 * Loop through the symbol table to find a match.
434 */
435 *sym = NULL;
436 for (cnt = 0; cnt < symn; syms++, cnt++) {
437 const char *symname;
438
439 symname = string(symtab, cnt, &cache[shdr->sh_link], file,
440 syms->st_name);
441
442 if (symname && (strcmp(name, symname) == 0) &&
443 ((target == NULL) || (target->c_ndx == syms->st_shndx))) {
444 /*
445 * It is possible, though rare, for a local and
446 * global symbol of the same name to exist, each
447 * contributed by a different input object. If the
448 * symbol just found is local, remember it, but
449 * continue looking.
450 */
451 *sym = syms;
452 if (ELF_ST_BIND(syms->st_info) != STB_LOCAL)
453 break;
454 }
455 }
456
457 return (*sym != NULL);
458 }
459
460 /*
461 * Print section headers.
462 */
463 static void
sections(const char * file,Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi)464 sections(const char *file, Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi)
465 {
466 size_t seccnt;
467
468 for (seccnt = 1; seccnt < shnum; seccnt++) {
469 Cache *_cache = &cache[seccnt];
470 Shdr *shdr = _cache->c_shdr;
471 const char *secname = _cache->c_name;
472
473 /*
474 * Although numerous section header entries can be zero, it's
475 * usually a sign of trouble if the type is zero.
476 */
477 if (shdr->sh_type == 0) {
478 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHTYPE),
479 file, secname, EC_WORD(shdr->sh_type));
480 }
481
482 if (!match(MATCH_F_ALL, secname, seccnt, shdr->sh_type))
483 continue;
484
485 /*
486 * Identify any sections that are suspicious. A .got section
487 * shouldn't exist in a relocatable object.
488 */
489 if (ehdr->e_type == ET_REL) {
490 if (strncmp(secname, MSG_ORIG(MSG_ELF_GOT),
491 MSG_ELF_GOT_SIZE) == 0) {
492 (void) fprintf(stderr,
493 MSG_INTL(MSG_GOT_UNEXPECTED), file,
494 secname);
495 }
496 }
497
498 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
499 dbg_print(0, MSG_INTL(MSG_ELF_SHDR), EC_WORD(seccnt), secname);
500 Elf_shdr(0, osabi, ehdr->e_machine, shdr);
501 }
502 }
503
504 /*
505 * Obtain a specified Phdr entry.
506 */
507 static Phdr *
getphdr(Word phnum,Word * type_arr,Word type_cnt,const char * file,Elf * elf,size_t * phndx)508 getphdr(Word phnum, Word *type_arr, Word type_cnt, const char *file, Elf *elf,
509 size_t *phndx)
510 {
511 Word cnt, tcnt;
512 Phdr *phdr;
513
514 if (phndx != NULL)
515 *phndx = 0;
516
517 if ((phdr = elf_getphdr(elf)) == NULL) {
518 failure(file, MSG_ORIG(MSG_ELF_GETPHDR));
519 return (NULL);
520 }
521
522 for (cnt = 0; cnt < phnum; phdr++, cnt++) {
523 for (tcnt = 0; tcnt < type_cnt; tcnt++) {
524 if (phdr->p_type == type_arr[tcnt]) {
525 if (phndx != NULL) {
526 *phndx = cnt;
527 }
528 return (phdr);
529 }
530 }
531 }
532 return (NULL);
533 }
534
535 /*
536 * Display the contents of GNU/amd64 .eh_frame and .eh_frame_hdr
537 * sections.
538 *
539 * entry:
540 * cache - Cache of all section headers
541 * shndx - Index of .eh_frame or .eh_frame_hdr section to be displayed
542 * shnum - Total number of sections which exist
543 * uphdr - NULL, or unwind program header associated with
544 * the .eh_frame_hdr section.
545 * ehdr - ELF header for file
546 * eh_state - Data used across calls to this routine. The
547 * caller should zero it before the first call, and
548 * pass it on every call.
549 * osabi - OSABI to use in displaying information
550 * file - Name of file
551 * flags - Command line option flags
552 */
553 static void
unwind_eh_frame(Cache * cache,Word shndx,Word shnum,Phdr * uphdr,Ehdr * ehdr,gnu_eh_state_t * eh_state,uchar_t osabi,const char * file,uint_t flags)554 unwind_eh_frame(Cache *cache, Word shndx, Word shnum, Phdr *uphdr, Ehdr *ehdr,
555 gnu_eh_state_t *eh_state, uchar_t osabi, const char *file, uint_t flags)
556 {
557 #if defined(_ELF64)
558 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_64
559 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_64
560 #else
561 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_32
562 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_32
563 #endif
564
565 Cache *_cache = &cache[shndx];
566 Shdr *shdr = _cache->c_shdr;
567 uchar_t *data = (uchar_t *)(_cache->c_data->d_buf);
568 size_t datasize = _cache->c_data->d_size;
569 Conv_dwarf_ehe_buf_t dwarf_ehe_buf;
570 uint64_t ndx, frame_ptr, fde_cnt, tabndx;
571 uint_t vers, frame_ptr_enc, fde_cnt_enc, table_enc;
572 uint64_t initloc, initloc0 = 0;
573 uint64_t gotaddr = 0;
574 int cnt;
575
576 for (cnt = 1; cnt < shnum; cnt++) {
577 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT),
578 MSG_ELF_GOT_SIZE) == 0) {
579 gotaddr = cache[cnt].c_shdr->sh_addr;
580 break;
581 }
582 }
583
584 if ((data == NULL) || (datasize == 0)) {
585 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
586 file, _cache ->c_name);
587 return;
588 }
589
590 /*
591 * Is this a .eh_frame_hdr?
592 */
593 if ((uphdr && (shdr->sh_addr == uphdr->p_vaddr)) ||
594 (strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRMHDR),
595 MSG_SCN_FRMHDR_SIZE) == 0)) {
596 /*
597 * There can only be a single .eh_frame_hdr.
598 * Flag duplicates.
599 */
600 if (++eh_state->hdr_cnt > 1)
601 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTEHFRMHDR),
602 file, EC_WORD(shndx), _cache->c_name);
603
604 dbg_print(0, MSG_ORIG(MSG_UNW_FRMHDR));
605 ndx = 0;
606
607 vers = data[ndx++];
608 frame_ptr_enc = data[ndx++];
609 fde_cnt_enc = data[ndx++];
610 table_enc = data[ndx++];
611
612 dbg_print(0, MSG_ORIG(MSG_UNW_FRMVERS), vers);
613
614 switch (dwarf_ehe_extract(data, datasize, &ndx,
615 &frame_ptr, frame_ptr_enc, ehdr->e_ident, B_TRUE,
616 shdr->sh_addr, ndx, gotaddr)) {
617 case DW_OVERFLOW:
618 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW),
619 file, _cache->c_name);
620 return;
621 case DW_BAD_ENCODING:
622 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC),
623 file, _cache->c_name, frame_ptr_enc);
624 return;
625 case DW_SUCCESS:
626 break;
627 }
628 if (eh_state->hdr_cnt == 1) {
629 eh_state->hdr_ndx = shndx;
630 eh_state->frame_ptr = frame_ptr;
631 }
632
633 dbg_print(0, MSG_ORIG(MSG_UNW_FRPTRENC),
634 conv_dwarf_ehe(frame_ptr_enc, &dwarf_ehe_buf),
635 EC_XWORD(frame_ptr));
636
637 switch (dwarf_ehe_extract(data, datasize, &ndx, &fde_cnt,
638 fde_cnt_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr, ndx,
639 gotaddr)) {
640 case DW_OVERFLOW:
641 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW),
642 file, _cache->c_name);
643 return;
644 case DW_BAD_ENCODING:
645 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC),
646 file, _cache->c_name, fde_cnt_enc);
647 return;
648 case DW_SUCCESS:
649 break;
650 }
651
652 dbg_print(0, MSG_ORIG(MSG_UNW_FDCNENC),
653 conv_dwarf_ehe(fde_cnt_enc, &dwarf_ehe_buf),
654 EC_XWORD(fde_cnt));
655 dbg_print(0, MSG_ORIG(MSG_UNW_TABENC),
656 conv_dwarf_ehe(table_enc, &dwarf_ehe_buf));
657 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB1));
658 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB2));
659
660 for (tabndx = 0; tabndx < fde_cnt; tabndx++) {
661 uint64_t table;
662
663 switch (dwarf_ehe_extract(data, datasize, &ndx,
664 &initloc, table_enc, ehdr->e_ident, B_TRUE,
665 shdr->sh_addr, ndx, gotaddr)) {
666 case DW_OVERFLOW:
667 (void) fprintf(stderr,
668 MSG_INTL(MSG_ERR_DWOVRFLW), file,
669 _cache->c_name);
670 return;
671 case DW_BAD_ENCODING:
672 (void) fprintf(stderr,
673 MSG_INTL(MSG_ERR_DWBADENC), file,
674 _cache->c_name, table_enc);
675 return;
676 case DW_SUCCESS:
677 break;
678 }
679 if ((tabndx != 0) && (initloc0 > initloc))
680 (void) fprintf(stderr,
681 MSG_INTL(MSG_ERR_BADSORT), file,
682 _cache->c_name, EC_WORD(tabndx));
683 switch (dwarf_ehe_extract(data, datasize, &ndx, &table,
684 table_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr,
685 ndx, gotaddr)) {
686 case DW_OVERFLOW:
687 (void) fprintf(stderr,
688 MSG_INTL(MSG_ERR_DWOVRFLW), file,
689 _cache->c_name);
690 return;
691 case DW_BAD_ENCODING:
692 (void) fprintf(stderr,
693 MSG_INTL(MSG_ERR_DWBADENC), file,
694 _cache->c_name, table_enc);
695 return;
696 case DW_SUCCESS:
697 break;
698 }
699
700 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTABENT),
701 EC_XWORD(initloc),
702 EC_XWORD(table));
703 initloc0 = initloc;
704 }
705 } else { /* Display the .eh_frame section */
706 eh_state->frame_cnt++;
707 if (eh_state->frame_cnt == 1) {
708 eh_state->frame_ndx = shndx;
709 eh_state->frame_base = shdr->sh_addr;
710 } else if ((eh_state->frame_cnt > 1) &&
711 (ehdr->e_type != ET_REL)) {
712 Conv_inv_buf_t inv_buf;
713
714 (void) fprintf(stderr, MSG_INTL(MSG_WARN_MULTEHFRM),
715 file, EC_WORD(shndx), _cache->c_name,
716 conv_ehdr_type(osabi, ehdr->e_type, 0, &inv_buf));
717 }
718 dump_eh_frame(file, _cache->c_name, data, datasize,
719 shdr->sh_addr, ehdr->e_machine, ehdr->e_ident, gotaddr);
720 }
721
722 /*
723 * If we've seen the .eh_frame_hdr and the first .eh_frame section,
724 * compare the header frame_ptr to the address of the actual frame
725 * section to ensure the link-editor got this right. Note, this
726 * diagnostic is only produced when unwind information is explicitly
727 * asked for, as shared objects built with an older ld(1) may reveal
728 * this inconsistency. Although an inconsistency, it doesn't seem to
729 * have any adverse effect on existing tools.
730 */
731 if (((flags & FLG_MASK_SHOW) != FLG_MASK_SHOW) &&
732 (eh_state->hdr_cnt > 0) && (eh_state->frame_cnt > 0) &&
733 (eh_state->frame_ptr != eh_state->frame_base))
734 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADEHFRMPTR),
735 file, EC_WORD(eh_state->hdr_ndx),
736 cache[eh_state->hdr_ndx].c_name,
737 EC_XWORD(eh_state->frame_ptr),
738 EC_WORD(eh_state->frame_ndx),
739 cache[eh_state->frame_ndx].c_name,
740 EC_XWORD(eh_state->frame_base));
741 #undef MSG_UNW_BINSRTAB2
742 #undef MSG_UNW_BINSRTABENT
743 }
744
745 /*
746 * Convert a self relative pointer into an address. A self relative
747 * pointer adds the address where the pointer resides to the offset
748 * contained in the pointer. The benefit is that the value of the
749 * pointer does not require relocation.
750 *
751 * entry:
752 * base_addr - Address of the pointer.
753 * delta - Offset relative to base_addr giving desired address
754 *
755 * exit:
756 * The computed address is returned.
757 *
758 * note:
759 * base_addr is an unsigned value, while ret_addr is signed. This routine
760 * used explicit testing and casting to explicitly control type
761 * conversion, and ensure that we handle the maximum possible range.
762 */
763 static Addr
srelptr(Addr base_addr,PTRDIFF_T delta)764 srelptr(Addr base_addr, PTRDIFF_T delta)
765 {
766 if (delta < 0)
767 return (base_addr - (Addr) (-delta));
768
769 return (base_addr + (Addr) delta);
770 }
771
772 /*
773 * Byte swap a PTRDIFF_T value.
774 */
775 static PTRDIFF_T
swap_ptrdiff(PTRDIFF_T value)776 swap_ptrdiff(PTRDIFF_T value)
777 {
778 PTRDIFF_T r;
779 uchar_t *dst = (uchar_t *)&r;
780 uchar_t *src = (uchar_t *)&value;
781
782 UL_ASSIGN_BSWAP_XWORD(dst, src);
783 return (r);
784 }
785
786 /*
787 * Display exception_range_entry items from the .exception_ranges section
788 * of a Sun C++ object.
789 */
790 static void
unwind_exception_ranges(Cache * _cache,const char * file,int do_swap)791 unwind_exception_ranges(Cache *_cache, const char *file, int do_swap)
792 {
793 /*
794 * Translate a PTRDIFF_T self-relative address field of
795 * an exception_range_entry struct into an address.
796 *
797 * entry:
798 * exc_addr - Address of base of exception_range_entry struct
799 * cur_ent - Pointer to data in the struct to be translated
800 *
801 * _f - Field of struct to be translated
802 */
803 #define SRELPTR(_f) \
804 srelptr(exc_addr + offsetof(exception_range_entry, _f), cur_ent->_f)
805
806 #if defined(_ELF64)
807 #define MSG_EXR_TITLE MSG_EXR_TITLE_64
808 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_64
809 #else
810 #define MSG_EXR_TITLE MSG_EXR_TITLE_32
811 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_32
812 #endif
813
814 exception_range_entry scratch, *ent, *cur_ent = &scratch;
815 char index[MAXNDXSIZE];
816 Word i, nelts;
817 Addr addr, addr0 = 0, offset = 0;
818 Addr exc_addr = _cache->c_shdr->sh_addr;
819
820 dbg_print(0, MSG_INTL(MSG_EXR_TITLE));
821 ent = (exception_range_entry *)(_cache->c_data->d_buf);
822 nelts = _cache->c_data->d_size / sizeof (exception_range_entry);
823
824 for (i = 0; i < nelts; i++, ent++) {
825 if (do_swap) {
826 /*
827 * Copy byte swapped values into the scratch buffer.
828 * The reserved field is not used, so we skip it.
829 */
830 scratch.ret_addr = swap_ptrdiff(ent->ret_addr);
831 scratch.length = BSWAP_XWORD(ent->length);
832 scratch.handler_addr = swap_ptrdiff(ent->handler_addr);
833 scratch.type_block = swap_ptrdiff(ent->type_block);
834 } else {
835 cur_ent = ent;
836 }
837
838 /*
839 * The table is required to be sorted by the address
840 * derived from ret_addr, to allow binary searching. Ensure
841 * that addresses grow monotonically.
842 */
843 addr = SRELPTR(ret_addr);
844 if ((i != 0) && (addr0 > addr))
845 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSORT),
846 file, _cache->c_name, EC_WORD(i));
847
848 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX),
849 EC_XWORD(i));
850 dbg_print(0, MSG_INTL(MSG_EXR_ENTRY), index, EC_ADDR(offset),
851 EC_ADDR(addr), EC_ADDR(cur_ent->length),
852 EC_ADDR(SRELPTR(handler_addr)),
853 EC_ADDR(SRELPTR(type_block)));
854
855 addr0 = addr;
856 exc_addr += sizeof (exception_range_entry);
857 offset += sizeof (exception_range_entry);
858 }
859
860 #undef SRELPTR
861 #undef MSG_EXR_TITLE
862 #undef MSG_EXR_ENTRY
863 }
864
865
866 /*
867 * For program headers which reflect a single section, check that their values
868 * and that of the section match.
869 */
870 static void
check_phdr_v_shdr(Phdr * phdr,size_t phndx,uchar_t osabi,Half mach,Cache * cache,const char * file)871 check_phdr_v_shdr(Phdr *phdr, size_t phndx,
872 uchar_t osabi, Half mach, Cache *cache, const char *file)
873 {
874 Conv_inv_buf_t inv_buf;
875
876 #define CHECK(str, pfield, sfield) \
877 if (phdr->pfield != cache->c_shdr->sfield) { \
878 fprintf(stderr, MSG_INTL(MSG_SHDR_PHDR_MISMATCH), \
879 file, \
880 cache->c_ndx, \
881 cache->c_name, \
882 str, \
883 conv_phdr_type(osabi, mach, phdr->p_type, \
884 CONV_FMT_ALT_CF, &inv_buf), \
885 #sfield, \
886 cache->c_shdr->sfield, \
887 phndx, \
888 #pfield, \
889 phdr->pfield); \
890 }
891
892 CHECK(MSG_INTL(MSG_STR_VADDR), p_vaddr, sh_addr);
893 CHECK(MSG_INTL(MSG_STR_OFFSET), p_offset, sh_offset);
894 CHECK(MSG_INTL(MSG_STR_FILESIZE), p_filesz, sh_size);
895 CHECK(MSG_INTL(MSG_STR_MEMSIZE), p_memsz, sh_size);
896 CHECK(MSG_INTL(MSG_STR_ALIGNMENT), p_align, sh_addralign);
897
898 #undef CHECK
899 }
900
901
902 /*
903 * Display information from unwind/exception sections:
904 *
905 * - GNU/amd64 .eh_frame and .eh_frame_hdr
906 * - Sun C++ .exception_ranges
907 *
908 */
909 static void
unwind(Cache * cache,Word shnum,Word phnum,Ehdr * ehdr,uchar_t osabi,const char * file,Elf * elf,uint_t flags)910 unwind(Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, uchar_t osabi,
911 const char *file, Elf *elf, uint_t flags)
912 {
913 static Word phdr_types[] = { PT_SUNW_UNWIND, PT_SUNW_EH_FRAME };
914
915 Word cnt;
916 Phdr *uphdr = NULL;
917 size_t phndx;
918 gnu_eh_state_t eh_state;
919
920 /*
921 * Historical background: .eh_frame and .eh_frame_hdr sections
922 * come from the GNU compilers (particularly C++), and are used
923 * under all architectures. Their format is based on DWARF. When
924 * the amd64 ABI was defined, these sections were adopted wholesale
925 * from the existing practice.
926 *
927 * When amd64 support was added to Solaris, support for these
928 * sections was added, using the SHT_AMD64_UNWIND section type
929 * to identify them. At first, we ignored them in objects for
930 * non-amd64 targets, but later broadened our support to include
931 * other architectures in order to better support gcc-generated
932 * objects.
933 *
934 * .exception_ranges implement the same basic concepts, but
935 * were invented at Sun for the Sun C++ compiler.
936 *
937 * We match these sections by name, rather than section type,
938 * because they can come in as either SHT_AMD64_UNWIND, or as
939 * SHT_PROGBITS, and because the type isn't enough to determine
940 * how they should be interpreted.
941 */
942 /* Find the program header for .eh_frame_hdr if present */
943 if (phnum) {
944 uphdr = getphdr(phnum, phdr_types,
945 sizeof (phdr_types) / sizeof (*phdr_types), file, elf,
946 &phndx);
947 }
948
949 /*
950 * eh_state is used to retain data used by unwind_eh_frame()
951 * across calls.
952 */
953 bzero(&eh_state, sizeof (eh_state));
954
955 for (cnt = 1; cnt < shnum; cnt++) {
956 Cache *_cache = &cache[cnt];
957 Shdr *shdr = _cache->c_shdr;
958 int is_exrange;
959
960 /*
961 * Skip sections of the wrong type. On amd64, they
962 * can be SHT_AMD64_UNWIND. On all platforms, they
963 * can be SHT_PROGBITS (including amd64, if using
964 * the GNU compilers).
965 *
966 * Skip anything other than these two types. The name
967 * test below will thin out the SHT_PROGBITS that don't apply.
968 */
969 if ((shdr->sh_type != SHT_PROGBITS) &&
970 (shdr->sh_type != SHT_AMD64_UNWIND))
971 continue;
972
973 /*
974 * Only sections with certain well known names are of interest.
975 * These are:
976 *
977 * .eh_frame - amd64/GNU-compiler unwind sections
978 * .eh_frame_hdr - Sorted table referencing .eh_frame
979 * .exception_ranges - Sun C++ unwind sections
980 *
981 * We do a prefix comparison, allowing for naming conventions
982 * like .eh_frame.foo, hence the use of strncmp() rather than
983 * strcmp(). This means that we only really need to test for
984 * .eh_frame, as it's a prefix of .eh_frame_hdr.
985 */
986 is_exrange = strncmp(_cache->c_name,
987 MSG_ORIG(MSG_SCN_EXRANGE), MSG_SCN_EXRANGE_SIZE) == 0;
988 if ((strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRM),
989 MSG_SCN_FRM_SIZE) != 0) && !is_exrange)
990 continue;
991
992 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type))
993 continue;
994
995 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
996 continue;
997
998 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
999 dbg_print(0, MSG_INTL(MSG_ELF_SCN_UNWIND), _cache->c_name);
1000
1001 if (is_exrange) {
1002 unwind_exception_ranges(_cache, file,
1003 _elf_sys_encoding() != ehdr->e_ident[EI_DATA]);
1004 } else {
1005 if ((uphdr != NULL) && (strcmp(_cache->c_name,
1006 MSG_ORIG(MSG_SCN_FRMHDR)) == 0)) {
1007 check_phdr_v_shdr(uphdr, phndx, osabi,
1008 ehdr->e_machine, _cache, file);
1009 }
1010
1011 unwind_eh_frame(cache, cnt, shnum, uphdr, ehdr,
1012 &eh_state, osabi, file, flags);
1013 }
1014 }
1015 }
1016
1017 /*
1018 * Initialize a symbol table state structure
1019 *
1020 * entry:
1021 * state - State structure to be initialized
1022 * cache - Cache of all section headers
1023 * shnum - # of sections in cache
1024 * secndx - Index of symbol table section
1025 * ehdr - ELF header for file
1026 * versym - Information about versym section
1027 * file - Name of file
1028 * flags - Command line option flags
1029 */
1030 static int
init_symtbl_state(SYMTBL_STATE * state,Cache * cache,Word shnum,Word secndx,Ehdr * ehdr,uchar_t osabi,VERSYM_STATE * versym,const char * file,uint_t flags)1031 init_symtbl_state(SYMTBL_STATE *state, Cache *cache, Word shnum, Word secndx,
1032 Ehdr *ehdr, uchar_t osabi, VERSYM_STATE *versym, const char *file,
1033 uint_t flags)
1034 {
1035 Shdr *shdr;
1036
1037 state->file = file;
1038 state->ehdr = ehdr;
1039 state->cache = cache;
1040 state->osabi = osabi;
1041 state->shnum = shnum;
1042 state->seccache = &cache[secndx];
1043 state->secndx = secndx;
1044 state->secname = state->seccache->c_name;
1045 state->flags = flags;
1046 state->shxndx.checked = 0;
1047 state->shxndx.data = NULL;
1048 state->shxndx.n = 0;
1049
1050 shdr = state->seccache->c_shdr;
1051
1052 /*
1053 * Check the symbol data and per-item size.
1054 */
1055 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) {
1056 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
1057 file, state->secname);
1058 return (0);
1059 }
1060 if ((state->seccache->c_data == NULL) ||
1061 (state->seccache->c_data->d_buf == NULL))
1062 return (0);
1063
1064 /* LINTED */
1065 state->symn = (Word)(shdr->sh_size / shdr->sh_entsize);
1066 state->sym = (Sym *)state->seccache->c_data->d_buf;
1067
1068 /*
1069 * Check associated string table section.
1070 */
1071 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) {
1072 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
1073 file, state->secname, EC_WORD(shdr->sh_link));
1074 return (0);
1075 }
1076
1077 /*
1078 * Determine if there is a associated Versym section
1079 * with this Symbol Table.
1080 */
1081 if (versym && versym->cache &&
1082 (versym->cache->c_shdr->sh_link == state->secndx))
1083 state->versym = versym;
1084 else
1085 state->versym = NULL;
1086
1087
1088 return (1);
1089 }
1090
1091 /*
1092 * Determine the extended section index used for symbol tables entries.
1093 */
1094 static void
symbols_getxindex(SYMTBL_STATE * state)1095 symbols_getxindex(SYMTBL_STATE *state)
1096 {
1097 uint_t symn;
1098 Word symcnt;
1099
1100 state->shxndx.checked = 1; /* Note that we've been called */
1101 for (symcnt = 1; symcnt < state->shnum; symcnt++) {
1102 Cache *_cache = &state->cache[symcnt];
1103 Shdr *shdr = _cache->c_shdr;
1104
1105 if ((shdr->sh_type != SHT_SYMTAB_SHNDX) ||
1106 (shdr->sh_link != state->secndx))
1107 continue;
1108
1109 if (shdr->sh_entsize == 0)
1110 symn = 0;
1111 else
1112 symn = (uint_t)(shdr->sh_size / shdr->sh_entsize);
1113
1114 if (symn == 0)
1115 continue;
1116
1117 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
1118 continue;
1119
1120 state->shxndx.data = _cache->c_data->d_buf;
1121 state->shxndx.n = symn;
1122 return;
1123 }
1124 }
1125
1126 /*
1127 * Produce a line of output for the given symbol
1128 *
1129 * entry:
1130 * state - Symbol table state
1131 * symndx - Index of symbol within the table
1132 * info - Value of st_info (indicates local/global range)
1133 * symndx_disp - Index to display. This may not be the same
1134 * as symndx if the display is relative to the logical
1135 * combination of the SUNW_ldynsym/dynsym tables.
1136 * sym - Symbol to display
1137 */
1138 static void
output_symbol(SYMTBL_STATE * state,Word symndx,Word info,Word disp_symndx,Sym * sym)1139 output_symbol(SYMTBL_STATE *state, Word symndx, Word info, Word disp_symndx,
1140 Sym *sym)
1141 {
1142 /*
1143 * Symbol types for which we check that the specified
1144 * address/size land inside the target section.
1145 */
1146 static const int addr_symtype[] = {
1147 0, /* STT_NOTYPE */
1148 1, /* STT_OBJECT */
1149 1, /* STT_FUNC */
1150 0, /* STT_SECTION */
1151 0, /* STT_FILE */
1152 1, /* STT_COMMON */
1153 0, /* STT_TLS */
1154 0, /* 7 */
1155 0, /* 8 */
1156 0, /* 9 */
1157 0, /* 10 */
1158 0, /* 11 */
1159 0, /* 12 */
1160 0, /* STT_SPARC_REGISTER */
1161 0, /* 14 */
1162 0, /* 15 */
1163 };
1164 #if STT_NUM != (STT_TLS + 1)
1165 #error "STT_NUM has grown. Update addr_symtype[]"
1166 #endif
1167
1168 char index[MAXNDXSIZE];
1169 const char *symname, *sec;
1170 Versym verndx;
1171 int gnuver;
1172 uchar_t type;
1173 Shdr *tshdr;
1174 Word shndx = 0;
1175 Conv_inv_buf_t inv_buf;
1176
1177 /* Ensure symbol index is in range */
1178 if (symndx >= state->symn) {
1179 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSYMNDX),
1180 state->file, state->secname, EC_WORD(symndx));
1181 return;
1182 }
1183
1184 /*
1185 * If we are using extended symbol indexes, find the
1186 * corresponding SHN_SYMTAB_SHNDX table.
1187 */
1188 if ((sym->st_shndx == SHN_XINDEX) && (state->shxndx.checked == 0))
1189 symbols_getxindex(state);
1190
1191 /* LINTED */
1192 symname = string(state->seccache, symndx,
1193 &state->cache[state->seccache->c_shdr->sh_link], state->file,
1194 sym->st_name);
1195
1196 tshdr = NULL;
1197 sec = NULL;
1198
1199 if (state->ehdr->e_type == ET_CORE) {
1200 sec = (char *)MSG_INTL(MSG_STR_UNKNOWN);
1201 } else if (state->flags & FLG_CTL_FAKESHDR) {
1202 /*
1203 * If we are using fake section headers derived from
1204 * the program headers, then the section indexes
1205 * in the symbols do not correspond to these headers.
1206 * The section names are not available, so all we can
1207 * do is to display them in numeric form.
1208 */
1209 sec = conv_sym_shndx(state->osabi, state->ehdr->e_machine,
1210 sym->st_shndx, CONV_FMT_DECIMAL, &inv_buf);
1211 } else if ((sym->st_shndx < SHN_LORESERVE) &&
1212 (sym->st_shndx < state->shnum)) {
1213 shndx = sym->st_shndx;
1214 tshdr = state->cache[shndx].c_shdr;
1215 sec = state->cache[shndx].c_name;
1216 } else if (sym->st_shndx == SHN_XINDEX) {
1217 if (state->shxndx.data) {
1218 Word _shxndx;
1219
1220 if (symndx > state->shxndx.n) {
1221 (void) fprintf(stderr,
1222 MSG_INTL(MSG_ERR_BADSYMXINDEX1),
1223 state->file, state->secname,
1224 EC_WORD(symndx));
1225 } else if ((_shxndx =
1226 state->shxndx.data[symndx]) > state->shnum) {
1227 (void) fprintf(stderr,
1228 MSG_INTL(MSG_ERR_BADSYMXINDEX2),
1229 state->file, state->secname,
1230 EC_WORD(symndx), EC_WORD(_shxndx));
1231 } else {
1232 shndx = _shxndx;
1233 tshdr = state->cache[shndx].c_shdr;
1234 sec = state->cache[shndx].c_name;
1235 }
1236 } else {
1237 (void) fprintf(stderr,
1238 MSG_INTL(MSG_ERR_BADSYMXINDEX3),
1239 state->file, state->secname, EC_WORD(symndx));
1240 }
1241 } else if ((sym->st_shndx < SHN_LORESERVE) &&
1242 (sym->st_shndx >= state->shnum)) {
1243 (void) fprintf(stderr,
1244 MSG_INTL(MSG_ERR_BADSYM5), state->file,
1245 state->secname, EC_WORD(symndx),
1246 demangle(symname, state->flags), sym->st_shndx);
1247 }
1248
1249 /*
1250 * If versioning is available display the
1251 * version index. If not, then use 0.
1252 */
1253 if (state->versym) {
1254 Versym test_verndx;
1255
1256 verndx = test_verndx = state->versym->data[symndx];
1257 gnuver = state->versym->gnu_full;
1258
1259 /*
1260 * Check to see if this is a defined symbol with a
1261 * version index that is outside the valid range for
1262 * the file. The interpretation of this depends on
1263 * the style of versioning used by the object.
1264 *
1265 * Versions >= VER_NDX_LORESERVE have special meanings,
1266 * and are exempt from this checking.
1267 *
1268 * GNU style version indexes use the top bit of the
1269 * 16-bit index value (0x8000) as the "hidden bit".
1270 * We must mask off this bit in order to compare
1271 * the version against the maximum value.
1272 */
1273 if (gnuver)
1274 test_verndx &= ~0x8000;
1275
1276 if ((test_verndx > state->versym->max_verndx) &&
1277 (verndx < VER_NDX_LORESERVE))
1278 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADVER),
1279 state->file, state->secname, EC_WORD(symndx),
1280 EC_HALF(test_verndx), state->versym->max_verndx);
1281 } else {
1282 verndx = 0;
1283 gnuver = 0;
1284 }
1285
1286 /*
1287 * Error checking for TLS.
1288 */
1289 type = ELF_ST_TYPE(sym->st_info);
1290 if (type == STT_TLS) {
1291 if (tshdr &&
1292 (sym->st_shndx != SHN_UNDEF) &&
1293 ((tshdr->sh_flags & SHF_TLS) == 0)) {
1294 (void) fprintf(stderr,
1295 MSG_INTL(MSG_ERR_BADSYM3), state->file,
1296 state->secname, EC_WORD(symndx),
1297 demangle(symname, state->flags));
1298 }
1299 } else if ((type != STT_SECTION) && sym->st_size &&
1300 tshdr && (tshdr->sh_flags & SHF_TLS)) {
1301 (void) fprintf(stderr,
1302 MSG_INTL(MSG_ERR_BADSYM4), state->file,
1303 state->secname, EC_WORD(symndx),
1304 demangle(symname, state->flags));
1305 }
1306
1307 /*
1308 * If a symbol with non-zero size has a type that
1309 * specifies an address, then make sure the location
1310 * it references is actually contained within the
1311 * section. UNDEF symbols don't count in this case,
1312 * so we ignore them.
1313 *
1314 * The meaning of the st_value field in a symbol
1315 * depends on the type of object. For a relocatable
1316 * object, it is the offset within the section.
1317 * For sharable objects, it is the offset relative to
1318 * the base of the object, and for other types, it is
1319 * the virtual address. To get an offset within the
1320 * section for non-ET_REL files, we subtract the
1321 * base address of the section.
1322 */
1323 if (addr_symtype[type] && (sym->st_size > 0) &&
1324 (sym->st_shndx != SHN_UNDEF) && ((sym->st_shndx < SHN_LORESERVE) ||
1325 (sym->st_shndx == SHN_XINDEX)) && (tshdr != NULL)) {
1326 Word v = sym->st_value;
1327 if (state->ehdr->e_type != ET_REL)
1328 v -= tshdr->sh_addr;
1329 if (((v + sym->st_size) > tshdr->sh_size)) {
1330 (void) fprintf(stderr,
1331 MSG_INTL(MSG_ERR_BADSYM6), state->file,
1332 state->secname, EC_WORD(symndx),
1333 demangle(symname, state->flags),
1334 EC_WORD(shndx), EC_XWORD(tshdr->sh_size),
1335 EC_XWORD(sym->st_value), EC_XWORD(sym->st_size));
1336 }
1337 }
1338
1339 /*
1340 * A typical symbol table uses the sh_info field to indicate one greater
1341 * than the symbol table index of the last local symbol, STB_LOCAL.
1342 * Therefore, symbol indexes less than sh_info should have local
1343 * binding. Symbol indexes greater than, or equal to sh_info, should
1344 * have global binding. Note, we exclude UNDEF/NOTY symbols with zero
1345 * value and size, as these symbols may be the result of an mcs(1)
1346 * section deletion.
1347 */
1348 if (info) {
1349 uchar_t bind = ELF_ST_BIND(sym->st_info);
1350
1351 if ((symndx < info) && (bind != STB_LOCAL)) {
1352 (void) fprintf(stderr,
1353 MSG_INTL(MSG_ERR_BADSYM7), state->file,
1354 state->secname, EC_WORD(symndx),
1355 demangle(symname, state->flags), EC_XWORD(info));
1356
1357 } else if ((symndx >= info) && (bind == STB_LOCAL) &&
1358 ((sym->st_shndx != SHN_UNDEF) ||
1359 (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE) ||
1360 (sym->st_size != 0) || (sym->st_value != 0))) {
1361 (void) fprintf(stderr,
1362 MSG_INTL(MSG_ERR_BADSYM8), state->file,
1363 state->secname, EC_WORD(symndx),
1364 demangle(symname, state->flags), EC_XWORD(info));
1365 }
1366 }
1367
1368 (void) snprintf(index, MAXNDXSIZE,
1369 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(disp_symndx));
1370 Elf_syms_table_entry(0, ELF_DBG_ELFDUMP, index, state->osabi,
1371 state->ehdr->e_machine, sym, verndx, gnuver, sec, symname);
1372 }
1373
1374 /*
1375 * Process a SHT_SUNW_cap capabilities section.
1376 */
1377 static int
cap_section(const char * file,Cache * cache,Word shnum,Cache * ccache,uchar_t osabi,Ehdr * ehdr,uint_t flags)1378 cap_section(const char *file, Cache *cache, Word shnum, Cache *ccache,
1379 uchar_t osabi, Ehdr *ehdr, uint_t flags)
1380 {
1381 SYMTBL_STATE state;
1382 Word cnum, capnum, nulls, symcaps;
1383 int descapndx, objcap, title;
1384 Cap *cap = (Cap *)ccache->c_data->d_buf;
1385 Shdr *cishdr = NULL, *cshdr = ccache->c_shdr;
1386 Cache *cicache = NULL, *strcache = NULL;
1387 Capinfo *capinfo = NULL;
1388 Word capinfonum = 0;
1389 const char *strs = NULL;
1390 size_t strs_size = 0;
1391
1392 if ((cshdr->sh_entsize == 0) || (cshdr->sh_size == 0)) {
1393 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
1394 file, ccache->c_name);
1395 return (0);
1396 }
1397
1398 /*
1399 * If this capabilities section is associated with symbols, then the
1400 * sh_link field points to the associated capabilities information
1401 * section. The sh_link field of the capabilities information section
1402 * points to the associated symbol table.
1403 */
1404 if (cshdr->sh_link) {
1405 Cache *scache;
1406 Shdr *sshdr;
1407
1408 /*
1409 * Validate that the sh_link field points to a capabilities
1410 * information section.
1411 */
1412 if (cshdr->sh_link >= shnum) {
1413 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
1414 file, ccache->c_name, EC_WORD(cshdr->sh_link));
1415 return (0);
1416 }
1417
1418 cicache = &cache[cshdr->sh_link];
1419 cishdr = cicache->c_shdr;
1420
1421 if (cishdr->sh_type != SHT_SUNW_capinfo) {
1422 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP),
1423 file, ccache->c_name, EC_WORD(cshdr->sh_link));
1424 return (0);
1425 }
1426
1427 capinfo = cicache->c_data->d_buf;
1428 capinfonum = (Word)(cishdr->sh_size / cishdr->sh_entsize);
1429
1430 /*
1431 * Validate that the sh_link field of the capabilities
1432 * information section points to a valid symbol table.
1433 */
1434 if ((cishdr->sh_link == 0) || (cishdr->sh_link >= shnum)) {
1435 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
1436 file, cicache->c_name, EC_WORD(cishdr->sh_link));
1437 return (0);
1438 }
1439 scache = &cache[cishdr->sh_link];
1440 sshdr = scache->c_shdr;
1441
1442 if ((sshdr->sh_type != SHT_SYMTAB) &&
1443 (sshdr->sh_type != SHT_DYNSYM)) {
1444 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO1),
1445 file, cicache->c_name, EC_WORD(cishdr->sh_link));
1446 return (0);
1447 }
1448
1449 if (!init_symtbl_state(&state, cache, shnum,
1450 cishdr->sh_link, ehdr, osabi, NULL, file, flags))
1451 return (0);
1452 }
1453
1454 /*
1455 * If this capabilities section contains capability string entries,
1456 * then determine the associated string table. Capabilities entries
1457 * that define names require that the capability section indicate
1458 * which string table to use via sh_info.
1459 */
1460 if (cshdr->sh_info) {
1461 Shdr *strshdr;
1462
1463 /*
1464 * Validate that the sh_info field points to a string table.
1465 */
1466 if (cshdr->sh_info >= shnum) {
1467 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
1468 file, ccache->c_name, EC_WORD(cshdr->sh_info));
1469 return (0);
1470 }
1471
1472 strcache = &cache[cshdr->sh_info];
1473 strshdr = strcache->c_shdr;
1474
1475 if (strshdr->sh_type != SHT_STRTAB) {
1476 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP),
1477 file, ccache->c_name, EC_WORD(cshdr->sh_info));
1478 return (0);
1479 }
1480 strs = (const char *)strcache->c_data->d_buf;
1481 strs_size = strcache->c_data->d_size;
1482 }
1483
1484 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1485 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAP), ccache->c_name);
1486
1487 capnum = (Word)(cshdr->sh_size / cshdr->sh_entsize);
1488
1489 nulls = symcaps = 0;
1490 objcap = title = 1;
1491 descapndx = -1;
1492
1493 /*
1494 * Traverse the capabilities section printing each capability group.
1495 * The first capabilities group defines any object capabilities. Any
1496 * following groups define symbol capabilities. In the case where no
1497 * object capabilities exist, but symbol capabilities do, a single
1498 * CA_SUNW_NULL terminator for the object capabilities exists.
1499 */
1500 for (cnum = 0; cnum < capnum; cap++, cnum++) {
1501 if (cap->c_tag == CA_SUNW_NULL) {
1502 /*
1503 * A CA_SUNW_NULL tag terminates a capabilities group.
1504 * If the first capabilities tag is CA_SUNW_NULL, then
1505 * no object capabilities exist.
1506 */
1507 if ((nulls++ == 0) && (cnum == 0))
1508 objcap = 0;
1509 title = 1;
1510 } else {
1511 if (title) {
1512 if (nulls == 0) {
1513 /*
1514 * If this capabilities group represents
1515 * the object capabilities (i.e., no
1516 * CA_SUNW_NULL tag has been processed
1517 * yet), then display an object
1518 * capabilities title.
1519 */
1520 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1521 dbg_print(0,
1522 MSG_INTL(MSG_OBJ_CAP_TITLE));
1523 } else {
1524 /*
1525 * If this is a symbols capabilities
1526 * group (i.e., a CA_SUNW_NULL tag has
1527 * already be found that terminates
1528 * the object capabilities group), then
1529 * display a symbol capabilities title,
1530 * and retain this capabilities index
1531 * for later processing.
1532 */
1533 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1534 dbg_print(0,
1535 MSG_INTL(MSG_SYM_CAP_TITLE));
1536 descapndx = cnum;
1537 }
1538 Elf_cap_title(0);
1539 title = 0;
1540 }
1541
1542 /*
1543 * Print the capabilities data.
1544 *
1545 * Note that CA_SUNW_PLAT, CA_SUNW_MACH and CA_SUNW_ID
1546 * entries require a string table, which should have
1547 * already been established.
1548 */
1549 if ((strs == NULL) && ((cap->c_tag == CA_SUNW_PLAT) ||
1550 (cap->c_tag == CA_SUNW_MACH) ||
1551 (cap->c_tag == CA_SUNW_ID))) {
1552 (void) fprintf(stderr,
1553 MSG_INTL(MSG_WARN_INVCAP3), file,
1554 EC_WORD(elf_ndxscn(ccache->c_scn)),
1555 ccache->c_name, EC_WORD(cshdr->sh_info));
1556 }
1557 Elf_cap_entry(0, cap, cnum, strs, strs_size,
1558 ehdr->e_machine);
1559 }
1560
1561 /*
1562 * If this CA_SUNW_NULL tag terminates a symbol capabilities
1563 * group, determine the associated symbols.
1564 */
1565 if ((cap->c_tag == CA_SUNW_NULL) && (nulls > 1) &&
1566 (descapndx != -1)) {
1567 Capinfo *cip;
1568 Word inum;
1569
1570 symcaps++;
1571
1572 /*
1573 * Make sure we've discovered a SHT_SUNW_capinfo table.
1574 */
1575 if ((cip = capinfo) == NULL) {
1576 (void) fprintf(stderr,
1577 MSG_INTL(MSG_ERR_INVCAP), file,
1578 ccache->c_name, EC_WORD(cshdr->sh_link));
1579 return (0);
1580 }
1581
1582 /*
1583 * Determine what symbols reference this capabilities
1584 * group.
1585 */
1586 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1587 dbg_print(0, MSG_INTL(MSG_CAPINFO_ENTRIES));
1588 Elf_syms_table_title(0, ELF_DBG_ELFDUMP);
1589
1590 for (inum = 1, cip++; inum < capinfonum;
1591 inum++, cip++) {
1592 Word gndx = (Word)ELF_C_GROUP(*cip);
1593
1594 if (gndx && (gndx == descapndx)) {
1595 output_symbol(&state, inum, 0,
1596 inum, state.sym + inum);
1597 }
1598 }
1599 descapndx = -1;
1600 continue;
1601 }
1602
1603 /*
1604 * An SF1_SUNW_ADDR32 software capability tag in a 32-bit
1605 * object is suspicious as it has no effect.
1606 */
1607 if ((cap->c_tag == CA_SUNW_SF_1) &&
1608 (ehdr->e_ident[EI_CLASS] == ELFCLASS32) &&
1609 (cap->c_un.c_val & SF1_SUNW_ADDR32)) {
1610 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INADDR32SF1),
1611 file, ccache->c_name);
1612 }
1613 }
1614
1615 /*
1616 * If this is a dynamic object, with symbol capabilities, then a
1617 * .SUNW_capchain section should exist. This section contains a chain
1618 * of symbol indexes for each capabilities family. This is the list
1619 * that is searched by ld.so.1 to determine the best capabilities
1620 * candidate.
1621 *
1622 * Note, more than one capabilities lead symbol can point to the same
1623 * family chain. For example, a weak/global pair of symbols can both
1624 * represent the same family of capabilities symbols. Therefore, to
1625 * display all possible families we traverse the capabilities
1626 * information section looking for CAPINFO_SUNW_GLOB lead symbols.
1627 * From these we determine the associated capabilities chain to inspect.
1628 */
1629 if (symcaps &&
1630 ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) {
1631 Capinfo *cip;
1632 Capchain *chain;
1633 Cache *chcache;
1634 Shdr *chshdr;
1635 Word chainnum, inum;
1636
1637 /*
1638 * Validate that the sh_info field of the capabilities
1639 * information section points to a capabilities chain section.
1640 */
1641 if (cishdr->sh_info >= shnum) {
1642 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
1643 file, cicache->c_name, EC_WORD(cishdr->sh_info));
1644 return (0);
1645 }
1646
1647 chcache = &cache[cishdr->sh_info];
1648 chshdr = chcache->c_shdr;
1649
1650 if (chshdr->sh_type != SHT_SUNW_capchain) {
1651 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO2),
1652 file, cicache->c_name, EC_WORD(cishdr->sh_info));
1653 return (0);
1654 }
1655
1656 chainnum = (Word)(chshdr->sh_size / chshdr->sh_entsize);
1657 chain = (Capchain *)chcache->c_data->d_buf;
1658
1659 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1660 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAPCHAIN), chcache->c_name);
1661
1662 /*
1663 * Traverse the capabilities information section looking for
1664 * CAPINFO_SUNW_GLOB lead capabilities symbols.
1665 */
1666 cip = capinfo;
1667 for (inum = 1, cip++; inum < capinfonum; inum++, cip++) {
1668 const char *name;
1669 Sym *sym;
1670 Word sndx, cndx;
1671 Word gndx = (Word)ELF_C_GROUP(*cip);
1672
1673 if ((gndx == 0) || (gndx != CAPINFO_SUNW_GLOB))
1674 continue;
1675
1676 /*
1677 * Determine the symbol that is associated with this
1678 * capability information entry, and use this to
1679 * identify this capability family.
1680 */
1681 sym = (Sym *)(state.sym + inum);
1682 name = string(cicache, inum, strcache, file,
1683 sym->st_name);
1684
1685 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1686 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_TITLE), name);
1687 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_ENTRY));
1688
1689 cndx = (Word)ELF_C_SYM(*cip);
1690
1691 /*
1692 * Traverse this families chain and identify each
1693 * family member.
1694 */
1695 for (;;) {
1696 char _chain[MAXNDXSIZE], _symndx[MAXNDXSIZE];
1697
1698 if (cndx >= chainnum) {
1699 (void) fprintf(stderr,
1700 MSG_INTL(MSG_ERR_INVCAPINFO3), file,
1701 cicache->c_name, EC_WORD(inum),
1702 EC_WORD(cndx));
1703 break;
1704 }
1705 if ((sndx = chain[cndx]) == 0)
1706 break;
1707
1708 /*
1709 * Determine this entries symbol reference.
1710 */
1711 if (sndx > state.symn) {
1712 (void) fprintf(stderr,
1713 MSG_INTL(MSG_ERR_CHBADSYMNDX), file,
1714 EC_WORD(sndx), chcache->c_name,
1715 EC_WORD(cndx));
1716 name = MSG_INTL(MSG_STR_UNKNOWN);
1717 } else {
1718 sym = (Sym *)(state.sym + sndx);
1719 name = string(chcache, sndx,
1720 strcache, file, sym->st_name);
1721 }
1722
1723 /*
1724 * Display the family member.
1725 */
1726 (void) snprintf(_chain, MAXNDXSIZE,
1727 MSG_ORIG(MSG_FMT_INTEGER), cndx);
1728 (void) snprintf(_symndx, MAXNDXSIZE,
1729 MSG_ORIG(MSG_FMT_INDEX2), EC_WORD(sndx));
1730 dbg_print(0, MSG_ORIG(MSG_FMT_CHAIN_INFO),
1731 _chain, _symndx, demangle(name, flags));
1732
1733 cndx++;
1734 }
1735 }
1736 }
1737 return (objcap);
1738 }
1739
1740 /*
1741 * Print the capabilities.
1742 *
1743 * A .SUNW_cap section can contain one or more, CA_SUNW_NULL terminated,
1744 * capabilities groups. The first group defines the object capabilities.
1745 * This group defines the minimum capability requirements of the entire
1746 * object file. If this is a dynamic object, this group should be associated
1747 * with a PT_SUNWCAP program header.
1748 *
1749 * Additional capabilities groups define the association of individual symbols
1750 * to specific capabilities.
1751 */
1752 static void
cap(const char * file,Cache * cache,Word shnum,Word phnum,Ehdr * ehdr,uchar_t osabi,Elf * elf,uint_t flags)1753 cap(const char *file, Cache *cache, Word shnum, Word phnum, Ehdr *ehdr,
1754 uchar_t osabi, Elf *elf, uint_t flags)
1755 {
1756 Word cnt;
1757 Shdr *cshdr = NULL;
1758 Cache *ccache = NULL;
1759 Phdr *uphdr = NULL;
1760 size_t phndx;
1761
1762 /*
1763 * Determine if a global capabilities header exists.
1764 */
1765 if (phnum) {
1766 Phdr *phdr;
1767
1768 if ((phdr = elf_getphdr(elf)) == NULL) {
1769 failure(file, MSG_ORIG(MSG_ELF_GETPHDR));
1770 return;
1771 }
1772
1773 for (cnt = 0; cnt < phnum; phdr++, cnt++) {
1774 if (phdr->p_type == PT_SUNWCAP) {
1775 uphdr = phdr;
1776 phndx = cnt;
1777 break;
1778 }
1779 }
1780 }
1781
1782 /*
1783 * Determine if a capabilities section exists.
1784 */
1785 for (cnt = 1; cnt < shnum; cnt++) {
1786 Cache *_cache = &cache[cnt];
1787 Shdr *shdr = _cache->c_shdr;
1788
1789 /*
1790 * Process any capabilities information.
1791 */
1792 if (shdr->sh_type == SHT_SUNW_cap) {
1793 if (cap_section(file, cache, shnum, _cache, osabi,
1794 ehdr, flags)) {
1795 /*
1796 * If this section defined an object capability
1797 * group, retain the section information for
1798 * program header validation.
1799 */
1800 ccache = _cache;
1801 cshdr = shdr;
1802 }
1803 continue;
1804 }
1805 }
1806
1807 if ((cshdr == NULL) && (uphdr == NULL))
1808 return;
1809
1810 if ((uphdr != NULL) && (cshdr == NULL))
1811 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP1), file);
1812
1813 /*
1814 * If this object is an executable or shared object, and it provided
1815 * an object capabilities group, then the group should have an
1816 * accompanying PT_SUNWCAP program header.
1817 */
1818 if (cshdr && ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) {
1819 if (uphdr == NULL) {
1820 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP2),
1821 file, EC_WORD(elf_ndxscn(ccache->c_scn)),
1822 ccache->c_name);
1823 } else {
1824 check_phdr_v_shdr(uphdr, phndx, osabi, ehdr->e_machine,
1825 ccache, file);
1826 }
1827 }
1828 }
1829
1830 /*
1831 * Print the interpreter.
1832 */
1833 static void
interp(const char * file,Cache * cache,Word shnum,Word phnum,Elf * elf,Ehdr * ehdr)1834 interp(const char *file, Cache *cache, Word shnum, Word phnum, Elf *elf,
1835 Ehdr *ehdr)
1836 {
1837 static Word phdr_types[] = { PT_INTERP };
1838
1839
1840 Word cnt;
1841 Shdr *ishdr = NULL;
1842 Cache *icache = NULL;
1843 Phdr *iphdr = NULL;
1844 size_t phndx;
1845
1846 /*
1847 * Determine if an interp header exists.
1848 */
1849 if (phnum) {
1850 iphdr = getphdr(phnum, phdr_types,
1851 sizeof (phdr_types) / sizeof (*phdr_types), file, elf,
1852 &phndx);
1853 }
1854
1855 if (iphdr == NULL)
1856 return;
1857
1858 /*
1859 * Determine if an interp section exists.
1860 */
1861 for (cnt = 1; cnt < shnum; cnt++) {
1862 Cache *_cache = &cache[cnt];
1863 Shdr *shdr = _cache->c_shdr;
1864
1865 /*
1866 * Scan sections to find a section which contains the PT_INTERP
1867 * string. The target section can't be in a NOBITS section.
1868 */
1869 if ((shdr->sh_type == SHT_NOBITS) ||
1870 (iphdr->p_offset < shdr->sh_offset) ||
1871 (iphdr->p_offset + iphdr->p_filesz) >
1872 (shdr->sh_offset + shdr->sh_size))
1873 continue;
1874
1875 icache = _cache;
1876 ishdr = shdr;
1877 break;
1878 }
1879
1880 /*
1881 * Print the interpreter string based on the offset defined in the
1882 * program header, as this is the offset used by the kernel.
1883 */
1884 if ((ishdr != NULL) &&
1885 (icache != NULL) &&
1886 (icache->c_data != NULL) &&
1887 (icache->c_data->d_buf != NULL) &&
1888 (icache->c_data->d_size > 0)) {
1889 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
1890 dbg_print(0, MSG_INTL(MSG_ELF_SCN_INTERP), icache->c_name);
1891 dbg_print(0, MSG_ORIG(MSG_FMT_INDENT),
1892 (char *)icache->c_data->d_buf +
1893 (iphdr->p_offset - ishdr->sh_offset));
1894 } else {
1895 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP1), file);
1896 }
1897
1898 /*
1899 * If there are any inconsistences between the program header and
1900 * section information, flag them.
1901 */
1902 if (icache != NULL) {
1903 check_phdr_v_shdr(iphdr, phndx, ELFOSABI_SOLARIS,
1904 ehdr->e_machine, icache, file);
1905 }
1906 }
1907
1908 /*
1909 * Print the syminfo section.
1910 */
1911 static void
syminfo(Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi,const char * file)1912 syminfo(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file)
1913 {
1914 Shdr *infoshdr;
1915 Syminfo *info;
1916 Sym *syms;
1917 Dyn *dyns;
1918 Word infonum, cnt, ndx, symnum, dynnum;
1919 Cache *infocache = NULL, *dyncache = NULL, *symsec, *strsec;
1920 Boolean *dynerr = NULL;
1921
1922 for (cnt = 1; cnt < shnum; cnt++) {
1923 if (cache[cnt].c_shdr->sh_type == SHT_SUNW_syminfo) {
1924 infocache = &cache[cnt];
1925 break;
1926 }
1927 }
1928 if (infocache == NULL)
1929 return;
1930
1931 infoshdr = infocache->c_shdr;
1932 if ((infoshdr->sh_entsize == 0) || (infoshdr->sh_size == 0)) {
1933 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
1934 file, infocache->c_name);
1935 return;
1936 }
1937 if ((infocache->c_data == NULL) || (infocache->c_data->d_buf == NULL))
1938 return;
1939
1940 infonum = (Word)(infoshdr->sh_size / infoshdr->sh_entsize);
1941 info = (Syminfo *)infocache->c_data->d_buf;
1942
1943 /*
1944 * If there is no associated dynamic section, determine if one
1945 * is needed, and if so issue a warning. If there is an
1946 * associated dynamic section, validate it and get the data buffer
1947 * for it.
1948 */
1949 dyns = NULL;
1950 dynnum = 0;
1951 if (infoshdr->sh_info == 0) {
1952 Syminfo *_info = info + 1;
1953
1954 for (ndx = 1; ndx < infonum; ndx++, _info++) {
1955 if ((_info->si_flags == 0) && (_info->si_boundto == 0))
1956 continue;
1957
1958 if (_info->si_boundto < SYMINFO_BT_LOWRESERVE)
1959 (void) fprintf(stderr,
1960 MSG_INTL(MSG_ERR_BADSHINFO), file,
1961 infocache->c_name,
1962 EC_WORD(infoshdr->sh_info));
1963 }
1964 } else if ((infoshdr->sh_info >= shnum) ||
1965 (cache[infoshdr->sh_info].c_shdr->sh_type != SHT_DYNAMIC)) {
1966 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO),
1967 file, infocache->c_name, EC_WORD(infoshdr->sh_info));
1968 } else {
1969 dyncache = &cache[infoshdr->sh_info];
1970 if ((dyncache->c_data == NULL) ||
1971 ((dyns = dyncache->c_data->d_buf) == NULL)) {
1972 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
1973 file, dyncache->c_name);
1974 }
1975 if (dyns != NULL) {
1976 if ((dyncache->c_shdr->sh_entsize == 0) ||
1977 (dyncache->c_shdr->sh_size == 0)) {
1978 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
1979 file, dyncache->c_name);
1980 return;
1981 }
1982
1983 dynnum = dyncache->c_shdr->sh_size /
1984 dyncache->c_shdr->sh_entsize;
1985
1986 /*
1987 * We validate the type of dynamic elements referenced
1988 * from the syminfo. This array is used report any
1989 * bad dynamic entries.
1990 */
1991 if ((dynerr = calloc(dynnum, sizeof (*dynerr))) ==
1992 NULL) {
1993 int err = errno;
1994 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC),
1995 file, strerror(err));
1996 return;
1997 }
1998 }
1999 }
2000
2001 /*
2002 * Get the data buffer for the associated symbol table and string table.
2003 */
2004 if (stringtbl(cache, 1, cnt, shnum, file,
2005 &symnum, &symsec, &strsec) == 0)
2006 return;
2007
2008 syms = symsec->c_data->d_buf;
2009
2010 /*
2011 * Loop through the syminfo entries.
2012 */
2013 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2014 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMINFO), infocache->c_name);
2015 Elf_syminfo_title(0);
2016
2017 for (ndx = 1, info++; ndx < infonum; ndx++, info++) {
2018 Sym *sym;
2019 const char *needed, *name;
2020 Word expect_dt;
2021 Word boundto = info->si_boundto;
2022
2023 if ((info->si_flags == 0) && (boundto == 0))
2024 continue;
2025
2026 sym = &syms[ndx];
2027 name = string(infocache, ndx, strsec, file, sym->st_name);
2028
2029 /* Is si_boundto set to one of the reserved values? */
2030 if (boundto >= SYMINFO_BT_LOWRESERVE) {
2031 Elf_syminfo_entry(0, ndx, info, name, NULL);
2032 continue;
2033 }
2034
2035 /*
2036 * si_boundto is referencing a dynamic section. If we don't
2037 * have one, an error was already issued above, so it suffices
2038 * to display an empty string. If we are out of bounds, then
2039 * report that and then display an empty string.
2040 */
2041 if ((dyns == NULL) || (boundto >= dynnum)) {
2042 if (dyns != NULL)
2043 (void) fprintf(stderr,
2044 MSG_INTL(MSG_ERR_BADSIDYNNDX), file,
2045 infocache->c_ndx, infocache->c_name,
2046 EC_WORD(ndx), EC_WORD(dynnum - 1),
2047 EC_WORD(boundto));
2048 Elf_syminfo_entry(0, ndx, info, name,
2049 MSG_ORIG(MSG_STR_EMPTY));
2050 continue;
2051 }
2052
2053 /*
2054 * The si_boundto reference expects a specific dynamic element
2055 * type at the given index. The dynamic element is always a
2056 * string that gives an object name. The specific type depends
2057 * on the si_flags present. Ensure that we've got the right
2058 * type.
2059 */
2060 if (info->si_flags & SYMINFO_FLG_FILTER)
2061 expect_dt = DT_SUNW_FILTER;
2062 else if (info->si_flags & SYMINFO_FLG_AUXILIARY)
2063 expect_dt = DT_SUNW_AUXILIARY;
2064 else if (info->si_flags & (SYMINFO_FLG_DIRECT |
2065 SYMINFO_FLG_LAZYLOAD | SYMINFO_FLG_DIRECTBIND))
2066 expect_dt = DT_NEEDED;
2067 else
2068 expect_dt = DT_NULL; /* means we ignore the type */
2069
2070 if ((dyns[boundto].d_tag != expect_dt) &&
2071 (expect_dt != DT_NULL)) {
2072 Conv_inv_buf_t buf1, buf2;
2073
2074 /* Only complain about each dynamic element once */
2075 if (!dynerr[boundto]) {
2076 (void) fprintf(stderr,
2077 MSG_INTL(MSG_ERR_BADSIDYNTAG),
2078 file, infocache->c_ndx, infocache->c_name,
2079 EC_WORD(ndx), dyncache->c_ndx,
2080 dyncache->c_name, EC_WORD(boundto),
2081 conv_dyn_tag(expect_dt, osabi,
2082 ehdr->e_machine, CONV_FMT_ALT_CF, &buf1),
2083 conv_dyn_tag(dyns[boundto].d_tag, osabi,
2084 ehdr->e_machine, CONV_FMT_ALT_CF, &buf2));
2085 dynerr[boundto] = TRUE;
2086 }
2087 }
2088
2089 /*
2090 * Whether or not the DT item we're pointing at is
2091 * of the right type, if it's a type we recognize as
2092 * providing a string, go ahead and show it. Otherwise
2093 * an empty string.
2094 */
2095 switch (dyns[boundto].d_tag) {
2096 case DT_NEEDED:
2097 case DT_SONAME:
2098 case DT_RPATH:
2099 case DT_RUNPATH:
2100 case DT_CONFIG:
2101 case DT_DEPAUDIT:
2102 case DT_USED:
2103 case DT_AUDIT:
2104 case DT_SUNW_AUXILIARY:
2105 case DT_SUNW_FILTER:
2106 case DT_FILTER:
2107 case DT_AUXILIARY:
2108 needed = string(infocache, boundto,
2109 strsec, file, dyns[boundto].d_un.d_val);
2110 break;
2111 default:
2112 needed = MSG_ORIG(MSG_STR_EMPTY);
2113 }
2114 Elf_syminfo_entry(0, ndx, info, name, needed);
2115 }
2116 if (dyns != NULL)
2117 free(dynerr);
2118 }
2119
2120 /*
2121 * Print version definition section entries.
2122 */
2123 static void
version_def(Verdef * vdf,Word vdf_num,Cache * vcache,Cache * scache,const char * file)2124 version_def(Verdef *vdf, Word vdf_num, Cache *vcache, Cache *scache,
2125 const char *file)
2126 {
2127 Word cnt;
2128 char index[MAXNDXSIZE];
2129
2130 Elf_ver_def_title(0);
2131
2132 for (cnt = 1; cnt <= vdf_num; cnt++,
2133 vdf = (Verdef *)((uintptr_t)vdf + vdf->vd_next)) {
2134 Conv_ver_flags_buf_t ver_flags_buf;
2135 const char *name, *dep;
2136 Half vcnt = vdf->vd_cnt - 1;
2137 Half ndx = vdf->vd_ndx;
2138 Verdaux *vdap = (Verdaux *)((uintptr_t)vdf + vdf->vd_aux);
2139
2140 /*
2141 * Obtain the name and first dependency (if any).
2142 */
2143 name = string(vcache, cnt, scache, file, vdap->vda_name);
2144 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next);
2145 if (vcnt)
2146 dep = string(vcache, cnt, scache, file, vdap->vda_name);
2147 else
2148 dep = MSG_ORIG(MSG_STR_EMPTY);
2149
2150 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX),
2151 EC_XWORD(ndx));
2152 Elf_ver_line_1(0, index, name, dep,
2153 conv_ver_flags(vdf->vd_flags, 0, &ver_flags_buf));
2154
2155 /*
2156 * Print any additional dependencies.
2157 */
2158 if (vcnt) {
2159 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next);
2160 for (vcnt--; vcnt; vcnt--,
2161 vdap = (Verdaux *)((uintptr_t)vdap +
2162 vdap->vda_next)) {
2163 dep = string(vcache, cnt, scache, file,
2164 vdap->vda_name);
2165 Elf_ver_line_2(0, MSG_ORIG(MSG_STR_EMPTY), dep);
2166 }
2167 }
2168 }
2169 }
2170
2171 /*
2172 * Print version needed section entries.
2173 *
2174 * entry:
2175 * vnd - Address of verneed data
2176 * vnd_num - # of Verneed entries
2177 * vcache - Cache of verneed section being processed
2178 * scache - Cache of associated string table section
2179 * file - Name of object being processed.
2180 * versym - Information about versym section
2181 *
2182 * exit:
2183 * The versions have been printed. If GNU style versioning
2184 * is in effect, versym->max_verndx has been updated to
2185 * contain the largest version index seen.
2186 *
2187 * note:
2188 * The versym section of an object that follows the original
2189 * Solaris versioning rules only contains indexes into the verdef
2190 * section. Symbols defined in other objects (UNDEF) are given
2191 * a version of 0, indicating that they are not defined by
2192 * this file, and the Verneed entries do not have associated version
2193 * indexes. For these reasons, we do not display a version index
2194 * for original-style Verneed sections.
2195 *
2196 * The GNU versioning extensions alter this: Symbols defined in other
2197 * objects receive a version index in the range above those defined
2198 * by the Verdef section, and the vna_other field of the Vernaux
2199 * structs inside the Verneed section contain the version index for
2200 * that item. We therefore display the index when showing the
2201 * contents of a GNU style Verneed section. You should not
2202 * necessarily expect these indexes to appear in sorted
2203 * order --- it seems that the GNU ld assigns the versions as
2204 * symbols are encountered during linking, and then the results
2205 * are assembled into the Verneed section afterwards.
2206 */
2207 static void
version_need(Verneed * vnd,Word vnd_num,Cache * vcache,Cache * scache,const char * file,VERSYM_STATE * versym)2208 version_need(Verneed *vnd, Word vnd_num, Cache *vcache, Cache *scache,
2209 const char *file, VERSYM_STATE *versym)
2210 {
2211 Word cnt;
2212 char index[MAXNDXSIZE];
2213 const char *index_str;
2214
2215 Elf_ver_need_title(0, versym->gnu_needed);
2216
2217 for (cnt = 1; cnt <= vnd_num; cnt++,
2218 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) {
2219 Conv_ver_flags_buf_t ver_flags_buf;
2220 const char *name, *dep;
2221 Half vcnt = vnd->vn_cnt;
2222 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux);
2223
2224 /*
2225 * Obtain the name of the needed file and the version name
2226 * within it that we're dependent on. Note that the count
2227 * should be at least one, otherwise this is a pretty bogus
2228 * entry.
2229 */
2230 name = string(vcache, cnt, scache, file, vnd->vn_file);
2231 if (vcnt)
2232 dep = string(vcache, cnt, scache, file, vnap->vna_name);
2233 else
2234 dep = MSG_INTL(MSG_STR_NULL);
2235
2236 if (vnap->vna_other == 0) { /* Traditional form */
2237 index_str = MSG_ORIG(MSG_STR_EMPTY);
2238 } else { /* GNU form */
2239 index_str = index;
2240 /* Format the version index value */
2241 (void) snprintf(index, MAXNDXSIZE,
2242 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(vnap->vna_other));
2243 if (vnap->vna_other > versym->max_verndx)
2244 versym->max_verndx = vnap->vna_other;
2245 }
2246 Elf_ver_line_1(0, index_str, name, dep,
2247 conv_ver_flags(vnap->vna_flags, 0, &ver_flags_buf));
2248
2249 /*
2250 * Print any additional version dependencies.
2251 */
2252 if (vcnt) {
2253 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next);
2254 for (vcnt--; vcnt; vcnt--,
2255 vnap = (Vernaux *)((uintptr_t)vnap +
2256 vnap->vna_next)) {
2257 dep = string(vcache, cnt, scache, file,
2258 vnap->vna_name);
2259 if (vnap->vna_other > 0) {
2260 /* Format the next index value */
2261 (void) snprintf(index, MAXNDXSIZE,
2262 MSG_ORIG(MSG_FMT_INDEX),
2263 EC_XWORD(vnap->vna_other));
2264 Elf_ver_line_1(0, index,
2265 MSG_ORIG(MSG_STR_EMPTY), dep,
2266 conv_ver_flags(vnap->vna_flags,
2267 0, &ver_flags_buf));
2268 if (vnap->vna_other >
2269 versym->max_verndx)
2270 versym->max_verndx =
2271 vnap->vna_other;
2272 } else {
2273 Elf_ver_line_3(0,
2274 MSG_ORIG(MSG_STR_EMPTY), dep,
2275 conv_ver_flags(vnap->vna_flags,
2276 0, &ver_flags_buf));
2277 }
2278 }
2279 }
2280 }
2281 }
2282
2283 /*
2284 * Examine the Verneed section for information related to GNU
2285 * style Versym indexing:
2286 * - A non-zero vna_other field indicates that Versym indexes can
2287 * reference Verneed records.
2288 * - If the object uses GNU style Versym indexing, the
2289 * maximum index value is needed to detect bad Versym entries.
2290 *
2291 * entry:
2292 * vnd - Address of verneed data
2293 * vnd_num - # of Verneed entries
2294 * versym - Information about versym section
2295 *
2296 * exit:
2297 * If a non-zero vna_other field is seen, versym->gnu_needed is set.
2298 *
2299 * versym->max_verndx has been updated to contain the largest
2300 * version index seen.
2301 */
2302 static void
update_gnu_verndx(Verneed * vnd,Word vnd_num,VERSYM_STATE * versym)2303 update_gnu_verndx(Verneed *vnd, Word vnd_num, VERSYM_STATE *versym)
2304 {
2305 Word cnt;
2306
2307 for (cnt = 1; cnt <= vnd_num; cnt++,
2308 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) {
2309 Half vcnt = vnd->vn_cnt;
2310 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux);
2311
2312 /*
2313 * A non-zero value of vna_other indicates that this
2314 * object references VERNEED items from the VERSYM
2315 * array.
2316 */
2317 if (vnap->vna_other != 0) {
2318 versym->gnu_needed = 1;
2319 if (vnap->vna_other > versym->max_verndx)
2320 versym->max_verndx = vnap->vna_other;
2321 }
2322
2323 /*
2324 * Check any additional version dependencies.
2325 */
2326 if (vcnt) {
2327 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next);
2328 for (vcnt--; vcnt; vcnt--,
2329 vnap = (Vernaux *)((uintptr_t)vnap +
2330 vnap->vna_next)) {
2331 if (vnap->vna_other == 0)
2332 continue;
2333
2334 versym->gnu_needed = 1;
2335 if (vnap->vna_other > versym->max_verndx)
2336 versym->max_verndx = vnap->vna_other;
2337 }
2338 }
2339 }
2340 }
2341
2342 /*
2343 * Display version section information if the flags require it.
2344 * Return version information needed by other output.
2345 *
2346 * entry:
2347 * cache - Cache of all section headers
2348 * shnum - # of sections in cache
2349 * file - Name of file
2350 * flags - Command line option flags
2351 * versym - VERSYM_STATE block to be filled in.
2352 */
2353 static void
versions(Cache * cache,Word shnum,const char * file,uint_t flags,VERSYM_STATE * versym)2354 versions(Cache *cache, Word shnum, const char *file, uint_t flags,
2355 VERSYM_STATE *versym)
2356 {
2357 GElf_Word cnt;
2358 Cache *verdef_cache = NULL, *verneed_cache = NULL;
2359
2360
2361 /* Gather information about the version sections */
2362 versym->max_verndx = 1;
2363 for (cnt = 1; cnt < shnum; cnt++) {
2364 Cache *_cache = &cache[cnt];
2365 Shdr *shdr = _cache->c_shdr;
2366 Dyn *dyn;
2367 ulong_t numdyn;
2368
2369 switch (shdr->sh_type) {
2370 case SHT_DYNAMIC:
2371 /*
2372 * The GNU ld puts a DT_VERSYM entry in the dynamic
2373 * section so that the runtime linker can use it to
2374 * implement their versioning rules. They allow multiple
2375 * incompatible functions with the same name to exist
2376 * in different versions. The Solaris ld does not
2377 * support this mechanism, and as such, does not
2378 * produce DT_VERSYM. We use this fact to determine
2379 * which ld produced this object, and how to interpret
2380 * the version values.
2381 */
2382 if ((shdr->sh_entsize == 0) ||
2383 (shdr->sh_size == 0) ||
2384 (_cache->c_data == NULL) ||
2385 (_cache->c_data->d_buf == NULL))
2386 continue;
2387 numdyn = shdr->sh_size / shdr->sh_entsize;
2388 dyn = (Dyn *)_cache->c_data->d_buf;
2389 for (; numdyn-- > 0; dyn++)
2390 if (dyn->d_tag == DT_VERSYM) {
2391 versym->gnu_full =
2392 versym->gnu_needed = 1;
2393 break;
2394 }
2395 break;
2396
2397 case SHT_SUNW_versym:
2398 /* Record data address for later symbol processing */
2399 if (_cache->c_data != NULL) {
2400 versym->cache = _cache;
2401 versym->data = _cache->c_data->d_buf;
2402 continue;
2403 }
2404 break;
2405
2406 case SHT_SUNW_verdef:
2407 case SHT_SUNW_verneed:
2408 /*
2409 * Ensure the data is non-NULL and the number
2410 * of items is non-zero. Otherwise, we don't
2411 * understand the section, and will not use it.
2412 */
2413 if ((_cache->c_data == NULL) ||
2414 (_cache->c_data->d_buf == NULL)) {
2415 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
2416 file, _cache->c_name);
2417 continue;
2418 }
2419 if (shdr->sh_info == 0) {
2420 (void) fprintf(stderr,
2421 MSG_INTL(MSG_ERR_BADSHINFO),
2422 file, _cache->c_name,
2423 EC_WORD(shdr->sh_info));
2424 continue;
2425 }
2426
2427 /* Make sure the string table index is in range */
2428 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) {
2429 (void) fprintf(stderr,
2430 MSG_INTL(MSG_ERR_BADSHLINK), file,
2431 _cache->c_name, EC_WORD(shdr->sh_link));
2432 continue;
2433 }
2434
2435 /*
2436 * The section is usable. Save the cache entry.
2437 */
2438 if (shdr->sh_type == SHT_SUNW_verdef) {
2439 verdef_cache = _cache;
2440 /*
2441 * Under Solaris rules, if there is a verdef
2442 * section, the max versym index is number
2443 * of version definitions it supplies.
2444 */
2445 versym->max_verndx = shdr->sh_info;
2446 } else {
2447 verneed_cache = _cache;
2448 }
2449 break;
2450 }
2451 }
2452
2453 /*
2454 * If there is a Verneed section, examine it for information
2455 * related to GNU style versioning.
2456 */
2457 if (verneed_cache != NULL)
2458 update_gnu_verndx((Verneed *)verneed_cache->c_data->d_buf,
2459 verneed_cache->c_shdr->sh_info, versym);
2460
2461 /*
2462 * Now that all the information is available, display the
2463 * Verdef and Verneed section contents, if requested.
2464 */
2465 if ((flags & FLG_SHOW_VERSIONS) == 0)
2466 return;
2467 if (verdef_cache != NULL) {
2468 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2469 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERDEF),
2470 verdef_cache->c_name);
2471 version_def((Verdef *)verdef_cache->c_data->d_buf,
2472 verdef_cache->c_shdr->sh_info, verdef_cache,
2473 &cache[verdef_cache->c_shdr->sh_link], file);
2474 }
2475 if (verneed_cache != NULL) {
2476 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2477 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERNEED),
2478 verneed_cache->c_name);
2479 /*
2480 * If GNU versioning applies to this object, version_need()
2481 * will update versym->max_verndx, and it is not
2482 * necessary to call update_gnu_verndx().
2483 */
2484 version_need((Verneed *)verneed_cache->c_data->d_buf,
2485 verneed_cache->c_shdr->sh_info, verneed_cache,
2486 &cache[verneed_cache->c_shdr->sh_link], file, versym);
2487 }
2488 }
2489
2490 /*
2491 * Search for and process any symbol tables.
2492 */
2493 void
symbols(Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi,VERSYM_STATE * versym,const char * file,uint_t flags)2494 symbols(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi,
2495 VERSYM_STATE *versym, const char *file, uint_t flags)
2496 {
2497 SYMTBL_STATE state;
2498 Cache *_cache;
2499 Word secndx;
2500
2501 for (secndx = 1; secndx < shnum; secndx++) {
2502 Word symcnt;
2503 Shdr *shdr;
2504
2505 _cache = &cache[secndx];
2506 shdr = _cache->c_shdr;
2507
2508 if ((shdr->sh_type != SHT_SYMTAB) &&
2509 (shdr->sh_type != SHT_DYNSYM) &&
2510 ((shdr->sh_type != SHT_SUNW_LDYNSYM) ||
2511 (osabi != ELFOSABI_SOLARIS)))
2512 continue;
2513 if (!match(MATCH_F_ALL, _cache->c_name, secndx, shdr->sh_type))
2514 continue;
2515
2516 if (!init_symtbl_state(&state, cache, shnum, secndx, ehdr,
2517 osabi, versym, file, flags))
2518 continue;
2519 /*
2520 * Loop through the symbol tables entries.
2521 */
2522 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2523 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMTAB), state.secname);
2524 Elf_syms_table_title(0, ELF_DBG_ELFDUMP);
2525
2526 for (symcnt = 0; symcnt < state.symn; symcnt++)
2527 output_symbol(&state, symcnt, shdr->sh_info, symcnt,
2528 state.sym + symcnt);
2529 }
2530 }
2531
2532 /*
2533 * Search for and process any SHT_SUNW_symsort or SHT_SUNW_tlssort sections.
2534 * These sections are always associated with the .SUNW_ldynsym./.dynsym pair.
2535 */
2536 static void
sunw_sort(Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi,VERSYM_STATE * versym,const char * file,uint_t flags)2537 sunw_sort(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi,
2538 VERSYM_STATE *versym, const char *file, uint_t flags)
2539 {
2540 SYMTBL_STATE ldynsym_state, dynsym_state;
2541 Cache *sortcache, *symcache;
2542 Shdr *sortshdr, *symshdr;
2543 Word sortsecndx, symsecndx;
2544 Word ldynsym_cnt;
2545 Word *ndx;
2546 Word ndxn;
2547 int output_cnt = 0;
2548 Conv_inv_buf_t inv_buf;
2549
2550 for (sortsecndx = 1; sortsecndx < shnum; sortsecndx++) {
2551
2552 sortcache = &cache[sortsecndx];
2553 sortshdr = sortcache->c_shdr;
2554
2555 if ((sortshdr->sh_type != SHT_SUNW_symsort) &&
2556 (sortshdr->sh_type != SHT_SUNW_tlssort))
2557 continue;
2558 if (!match(MATCH_F_ALL, sortcache->c_name, sortsecndx,
2559 sortshdr->sh_type))
2560 continue;
2561
2562 /*
2563 * If the section references a SUNW_ldynsym, then we
2564 * expect to see the associated .dynsym immediately
2565 * following. If it references a .dynsym, there is no
2566 * SUNW_ldynsym. If it is any other type, then we don't
2567 * know what to do with it.
2568 */
2569 if ((sortshdr->sh_link == 0) || (sortshdr->sh_link >= shnum)) {
2570 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
2571 file, sortcache->c_name,
2572 EC_WORD(sortshdr->sh_link));
2573 continue;
2574 }
2575 symcache = &cache[sortshdr->sh_link];
2576 symshdr = symcache->c_shdr;
2577 symsecndx = sortshdr->sh_link;
2578 ldynsym_cnt = 0;
2579 switch (symshdr->sh_type) {
2580 case SHT_SUNW_LDYNSYM:
2581 if (!init_symtbl_state(&ldynsym_state, cache, shnum,
2582 symsecndx, ehdr, osabi, versym, file, flags))
2583 continue;
2584 ldynsym_cnt = ldynsym_state.symn;
2585 /*
2586 * We know that the dynsym follows immediately
2587 * after the SUNW_ldynsym, and so, should be at
2588 * (sortshdr->sh_link + 1). However, elfdump is a
2589 * diagnostic tool, so we do the full paranoid
2590 * search instead.
2591 */
2592 for (symsecndx = 1; symsecndx < shnum; symsecndx++) {
2593 symcache = &cache[symsecndx];
2594 symshdr = symcache->c_shdr;
2595 if (symshdr->sh_type == SHT_DYNSYM)
2596 break;
2597 }
2598 if (symsecndx >= shnum) { /* Dynsym not found! */
2599 (void) fprintf(stderr,
2600 MSG_INTL(MSG_ERR_NODYNSYM),
2601 file, sortcache->c_name);
2602 continue;
2603 }
2604 /* Fallthrough to process associated dynsym */
2605 /* FALLTHROUGH */
2606 case SHT_DYNSYM:
2607 if (!init_symtbl_state(&dynsym_state, cache, shnum,
2608 symsecndx, ehdr, osabi, versym, file, flags))
2609 continue;
2610 break;
2611 default:
2612 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADNDXSEC),
2613 file, sortcache->c_name,
2614 conv_sec_type(osabi, ehdr->e_machine,
2615 symshdr->sh_type, 0, &inv_buf));
2616 continue;
2617 }
2618
2619 /*
2620 * Output header
2621 */
2622 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2623 if (ldynsym_cnt > 0) {
2624 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT2),
2625 sortcache->c_name, ldynsym_state.secname,
2626 dynsym_state.secname);
2627 /*
2628 * The data for .SUNW_ldynsym and dynsym sections
2629 * is supposed to be adjacent with SUNW_ldynsym coming
2630 * first. Check, and issue a warning if it isn't so.
2631 */
2632 if (((ldynsym_state.sym + ldynsym_state.symn)
2633 != dynsym_state.sym) &&
2634 ((flags & FLG_CTL_FAKESHDR) == 0))
2635 (void) fprintf(stderr,
2636 MSG_INTL(MSG_ERR_LDYNNOTADJ), file,
2637 ldynsym_state.secname,
2638 dynsym_state.secname);
2639 } else {
2640 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT1),
2641 sortcache->c_name, dynsym_state.secname);
2642 }
2643 Elf_syms_table_title(0, ELF_DBG_ELFDUMP);
2644
2645 /* If not first one, insert a line of white space */
2646 if (output_cnt++ > 0)
2647 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2648
2649 /*
2650 * SUNW_dynsymsort and SUNW_dyntlssort are arrays of
2651 * symbol indices. Iterate over the array entries,
2652 * dispaying the referenced symbols.
2653 */
2654 ndxn = sortshdr->sh_size / sortshdr->sh_entsize;
2655 ndx = (Word *)sortcache->c_data->d_buf;
2656 for (; ndxn-- > 0; ndx++) {
2657 if (*ndx >= ldynsym_cnt) {
2658 Word sec_ndx = *ndx - ldynsym_cnt;
2659
2660 output_symbol(&dynsym_state, sec_ndx, 0,
2661 *ndx, dynsym_state.sym + sec_ndx);
2662 } else {
2663 output_symbol(&ldynsym_state, *ndx, 0,
2664 *ndx, ldynsym_state.sym + *ndx);
2665 }
2666 }
2667 }
2668 }
2669
2670 /*
2671 * Search for and process any relocation sections.
2672 */
2673 static void
reloc(Cache * cache,Word shnum,Ehdr * ehdr,const char * file)2674 reloc(Cache *cache, Word shnum, Ehdr *ehdr, const char *file)
2675 {
2676 Word cnt;
2677
2678 for (cnt = 1; cnt < shnum; cnt++) {
2679 Word type, symnum;
2680 Xword relndx, relnum, relsize;
2681 void *rels;
2682 Sym *syms;
2683 Cache *symsec, *strsec;
2684 Cache *_cache = &cache[cnt];
2685 Shdr *shdr = _cache->c_shdr;
2686 char *relname = _cache->c_name;
2687 Conv_inv_buf_t inv_buf;
2688
2689 if (((type = shdr->sh_type) != SHT_RELA) &&
2690 (type != SHT_REL))
2691 continue;
2692 if (!match(MATCH_F_ALL, relname, cnt, type))
2693 continue;
2694
2695 /*
2696 * Decide entry size.
2697 */
2698 if (((relsize = shdr->sh_entsize) == 0) ||
2699 (relsize > shdr->sh_size)) {
2700 if (type == SHT_RELA)
2701 relsize = sizeof (Rela);
2702 else
2703 relsize = sizeof (Rel);
2704 }
2705
2706 /*
2707 * Determine the number of relocations available.
2708 */
2709 if (shdr->sh_size == 0) {
2710 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
2711 file, relname);
2712 continue;
2713 }
2714 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
2715 continue;
2716
2717 rels = _cache->c_data->d_buf;
2718 relnum = shdr->sh_size / relsize;
2719
2720 /*
2721 * Get the data buffer for the associated symbol table and
2722 * string table.
2723 */
2724 if (stringtbl(cache, 1, cnt, shnum, file,
2725 &symnum, &symsec, &strsec) == 0)
2726 continue;
2727
2728 syms = symsec->c_data->d_buf;
2729
2730 /*
2731 * Loop through the relocation entries.
2732 */
2733 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
2734 dbg_print(0, MSG_INTL(MSG_ELF_SCN_RELOC), _cache->c_name);
2735 Elf_reloc_title(0, ELF_DBG_ELFDUMP, type);
2736
2737 for (relndx = 0; relndx < relnum; relndx++,
2738 rels = (void *)((char *)rels + relsize)) {
2739 Half mach = ehdr->e_machine;
2740 char section[BUFSIZ];
2741 const char *symname;
2742 Word symndx, reltype;
2743 Rela *rela;
2744 Rel *rel;
2745
2746 /*
2747 * Unravel the relocation and determine the symbol with
2748 * which this relocation is associated.
2749 */
2750 if (type == SHT_RELA) {
2751 rela = (Rela *)rels;
2752 symndx = ELF_R_SYM(rela->r_info);
2753 reltype = ELF_R_TYPE(rela->r_info, mach);
2754 } else {
2755 rel = (Rel *)rels;
2756 symndx = ELF_R_SYM(rel->r_info);
2757 reltype = ELF_R_TYPE(rel->r_info, mach);
2758 }
2759
2760 symname = relsymname(cache, _cache, strsec, symndx,
2761 symnum, relndx, syms, section, BUFSIZ, file);
2762
2763 /*
2764 * A zero symbol index is only valid for a few
2765 * relocations.
2766 */
2767 if (symndx == 0) {
2768 int badrel = 0;
2769
2770 if ((mach == EM_SPARC) ||
2771 (mach == EM_SPARC32PLUS) ||
2772 (mach == EM_SPARCV9)) {
2773 if ((reltype != R_SPARC_NONE) &&
2774 (reltype != R_SPARC_REGISTER) &&
2775 (reltype != R_SPARC_RELATIVE))
2776 badrel++;
2777 } else if (mach == EM_386) {
2778 if ((reltype != R_386_NONE) &&
2779 (reltype != R_386_RELATIVE))
2780 badrel++;
2781 } else if (mach == EM_AMD64) {
2782 if ((reltype != R_AMD64_NONE) &&
2783 (reltype != R_AMD64_RELATIVE))
2784 badrel++;
2785 }
2786
2787 if (badrel) {
2788 (void) fprintf(stderr,
2789 MSG_INTL(MSG_ERR_BADREL1), file,
2790 conv_reloc_type(mach, reltype,
2791 0, &inv_buf));
2792 }
2793 }
2794
2795 Elf_reloc_entry_1(0, ELF_DBG_ELFDUMP,
2796 MSG_ORIG(MSG_STR_EMPTY), ehdr->e_machine, type,
2797 rels, relname, symname, 0);
2798 }
2799 }
2800 }
2801
2802
2803 /*
2804 * This value controls which test dyn_test() performs.
2805 */
2806 typedef enum { DYN_TEST_ADDR, DYN_TEST_SIZE, DYN_TEST_ENTSIZE } dyn_test_t;
2807
2808 /*
2809 * Used by dynamic() to compare the value of a dynamic element against
2810 * the starting address of the section it references.
2811 *
2812 * entry:
2813 * test_type - Specify which dyn item is being tested.
2814 * sh_type - SHT_* type value for required section.
2815 * sec_cache - Cache entry for section, or NULL if the object lacks
2816 * a section of this type.
2817 * dyn - Dyn entry to be tested
2818 * dynsec_cnt - # of dynamic section being examined. The first
2819 * dynamic section is 1, the next is 2, and so on...
2820 * ehdr - ELF header for file
2821 * file - Name of file
2822 */
2823 static void
dyn_test(dyn_test_t test_type,Word sh_type,Cache * sec_cache,Dyn * dyn,Word dynsec_cnt,Ehdr * ehdr,uchar_t osabi,const char * file)2824 dyn_test(dyn_test_t test_type, Word sh_type, Cache *sec_cache, Dyn *dyn,
2825 Word dynsec_cnt, Ehdr *ehdr, uchar_t osabi, const char *file)
2826 {
2827 Conv_inv_buf_t buf1, buf2;
2828
2829 /*
2830 * These tests are based around the implicit assumption that
2831 * there is only one dynamic section in an object, and also only
2832 * one of the sections it references. We have therefore gathered
2833 * all of the necessary information to test this in a single pass
2834 * over the section headers, which is very efficient. We are not
2835 * aware of any case where more than one dynamic section would
2836 * be meaningful in an ELF object, so this is a reasonable solution.
2837 *
2838 * To test multiple dynamic sections correctly would be more
2839 * expensive in code and time. We would have to build a data structure
2840 * containing all the dynamic elements. Then, we would use the address
2841 * to locate the section it references and ensure the section is of
2842 * the right type and that the address in the dynamic element is
2843 * to the start of the section. Then, we could check the size and
2844 * entsize values against those same sections. This is O(n^2), and
2845 * also complicated.
2846 *
2847 * In the highly unlikely case that there is more than one dynamic
2848 * section, we only test the first one, and simply allow the values
2849 * of the subsequent one to be displayed unchallenged.
2850 */
2851 if (dynsec_cnt != 1)
2852 return;
2853
2854 /*
2855 * A DT_ item that references a section address should always find
2856 * the section in the file.
2857 */
2858 if (sec_cache == NULL) {
2859 const char *name;
2860
2861 /*
2862 * Supply section names instead of section types for
2863 * things that reference progbits so that the error
2864 * message will make more sense.
2865 */
2866 switch (dyn->d_tag) {
2867 case DT_INIT:
2868 name = MSG_ORIG(MSG_ELF_INIT);
2869 break;
2870 case DT_FINI:
2871 name = MSG_ORIG(MSG_ELF_FINI);
2872 break;
2873 default:
2874 name = conv_sec_type(osabi, ehdr->e_machine,
2875 sh_type, 0, &buf1);
2876 break;
2877 }
2878 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNNOBCKSEC), file,
2879 name, conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine,
2880 CONV_FMT_ALT_CF, &buf2));
2881 return;
2882 }
2883
2884
2885 switch (test_type) {
2886 case DYN_TEST_ADDR:
2887 /* The section address should match the DT_ item value */
2888 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_addr)
2889 (void) fprintf(stderr,
2890 MSG_INTL(MSG_ERR_DYNBADADDR), file,
2891 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine,
2892 CONV_FMT_ALT_CF, &buf1), EC_ADDR(dyn->d_un.d_val),
2893 sec_cache->c_ndx, sec_cache->c_name,
2894 EC_ADDR(sec_cache->c_shdr->sh_addr));
2895 break;
2896
2897 case DYN_TEST_SIZE:
2898 /* The section size should match the DT_ item value */
2899 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_size)
2900 (void) fprintf(stderr,
2901 MSG_INTL(MSG_ERR_DYNBADSIZE), file,
2902 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine,
2903 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val),
2904 sec_cache->c_ndx, sec_cache->c_name,
2905 EC_XWORD(sec_cache->c_shdr->sh_size));
2906 break;
2907
2908 case DYN_TEST_ENTSIZE:
2909 /* The sh_entsize value should match the DT_ item value */
2910 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_entsize)
2911 (void) fprintf(stderr,
2912 MSG_INTL(MSG_ERR_DYNBADENTSIZE), file,
2913 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine,
2914 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val),
2915 sec_cache->c_ndx, sec_cache->c_name,
2916 EC_XWORD(sec_cache->c_shdr->sh_entsize));
2917 break;
2918 }
2919 }
2920
2921 /*
2922 * There are some DT_ entries that have corresponding symbols
2923 * (e.g. DT_INIT and _init). It is expected that these items will
2924 * both have the same value if both are present. This routine
2925 * examines the well known symbol tables for such symbols and
2926 * issues warnings for any that don't match.
2927 *
2928 * entry:
2929 * dyn - Dyn entry to be tested
2930 * symname - Name of symbol that corresponds to dyn
2931 * symtab_cache, dynsym_cache, ldynsym_cache - Symbol tables to check
2932 * target_cache - Section the symname section is expected to be
2933 * associated with.
2934 * cache - Cache of all section headers
2935 * shnum - # of sections in cache
2936 * ehdr - ELF header for file
2937 * osabi - OSABI to apply when interpreting object
2938 * file - Name of file
2939 */
2940 static void
dyn_symtest(Dyn * dyn,const char * symname,Cache * symtab_cache,Cache * dynsym_cache,Cache * ldynsym_cache,Cache * target_cache,Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi,const char * file)2941 dyn_symtest(Dyn *dyn, const char *symname, Cache *symtab_cache,
2942 Cache *dynsym_cache, Cache *ldynsym_cache, Cache *target_cache,
2943 Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file)
2944 {
2945 Conv_inv_buf_t buf;
2946 int i;
2947 Sym *sym;
2948 Cache *_cache = NULL;
2949
2950 for (i = 0; i < 3; i++) {
2951 switch (i) {
2952 case 0:
2953 _cache = symtab_cache;
2954 break;
2955 case 1:
2956 _cache = dynsym_cache;
2957 break;
2958 case 2:
2959 _cache = ldynsym_cache;
2960 break;
2961 }
2962
2963 if ((_cache != NULL) &&
2964 symlookup(symname, cache, shnum, &sym, target_cache,
2965 _cache, file) && (sym->st_value != dyn->d_un.d_val))
2966 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNSYMVAL),
2967 file, _cache->c_name, conv_dyn_tag(dyn->d_tag,
2968 osabi, ehdr->e_machine, CONV_FMT_ALT_CF, &buf),
2969 symname, EC_ADDR(sym->st_value));
2970 }
2971 }
2972
2973 /*
2974 * Search for and process a .dynamic section.
2975 */
2976 static void
dynamic(Cache * cache,Word shnum,Ehdr * ehdr,uchar_t osabi,const char * file,Word phnum,Elf * elf)2977 dynamic(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file,
2978 Word phnum, Elf *elf)
2979 {
2980 struct {
2981 Cache *symtab;
2982 Cache *dynstr;
2983 Cache *dynsym;
2984 Cache *hash;
2985 Cache *fini;
2986 Cache *fini_array;
2987 Cache *init;
2988 Cache *init_array;
2989 Cache *preinit_array;
2990 Cache *rel;
2991 Cache *rela;
2992 Cache *sunw_cap;
2993 Cache *sunw_capinfo;
2994 Cache *sunw_capchain;
2995 Cache *sunw_ldynsym;
2996 Cache *sunw_move;
2997 Cache *sunw_syminfo;
2998 Cache *sunw_symsort;
2999 Cache *sunw_tlssort;
3000 Cache *sunw_verdef;
3001 Cache *sunw_verneed;
3002 Cache *sunw_versym;
3003 } sec;
3004 Word dynsec_ndx;
3005 Word dynsec_num;
3006 int dynsec_cnt;
3007 Word cnt;
3008 int osabi_solaris = osabi == ELFOSABI_SOLARIS;
3009 Phdr *pt_dynamic = NULL;
3010 size_t phndx;
3011 static Word phdr_type[] = { PT_DYNAMIC };
3012
3013 /*
3014 * Make a pass over all the sections, gathering section information
3015 * we'll need below.
3016 */
3017 dynsec_num = 0;
3018 bzero(&sec, sizeof (sec));
3019 for (cnt = 1; cnt < shnum; cnt++) {
3020 Cache *_cache = &cache[cnt];
3021
3022 switch (_cache->c_shdr->sh_type) {
3023 case SHT_DYNAMIC:
3024 if (dynsec_num == 0) {
3025 dynsec_ndx = cnt;
3026
3027 /* Does it have a valid string table? */
3028 (void) stringtbl(cache, 0, cnt, shnum, file,
3029 0, 0, &sec.dynstr);
3030 }
3031 dynsec_num++;
3032 break;
3033
3034
3035 case SHT_PROGBITS:
3036 /*
3037 * We want to detect the .init and .fini sections,
3038 * if present. These are SHT_PROGBITS, so all we
3039 * have to go on is the section name. Normally comparing
3040 * names is a bad idea, but there are some special
3041 * names (i.e. .init/.fini/.interp) that are very
3042 * difficult to use in any other context, and for
3043 * these symbols, we do the heuristic match.
3044 */
3045 if (strcmp(_cache->c_name,
3046 MSG_ORIG(MSG_ELF_INIT)) == 0) {
3047 if (sec.init == NULL)
3048 sec.init = _cache;
3049 } else if (strcmp(_cache->c_name,
3050 MSG_ORIG(MSG_ELF_FINI)) == 0) {
3051 if (sec.fini == NULL)
3052 sec.fini = _cache;
3053 }
3054 break;
3055
3056 case SHT_REL:
3057 /*
3058 * We want the SHT_REL section with the lowest
3059 * offset. The linker gathers them together,
3060 * and puts the address of the first one
3061 * into the DT_REL dynamic element.
3062 */
3063 if ((sec.rel == NULL) ||
3064 (_cache->c_shdr->sh_offset <
3065 sec.rel->c_shdr->sh_offset))
3066 sec.rel = _cache;
3067 break;
3068
3069 case SHT_RELA:
3070 /* RELA is handled just like RELA above */
3071 if ((sec.rela == NULL) ||
3072 (_cache->c_shdr->sh_offset <
3073 sec.rela->c_shdr->sh_offset))
3074 sec.rela = _cache;
3075 break;
3076
3077 /*
3078 * The GRAB macro is used for the simple case in which
3079 * we simply grab the first section of the desired type.
3080 */
3081 #define GRAB(_sec_type, _sec_field) \
3082 case _sec_type: \
3083 if (sec._sec_field == NULL) \
3084 sec._sec_field = _cache; \
3085 break
3086 GRAB(SHT_SYMTAB, symtab);
3087 GRAB(SHT_DYNSYM, dynsym);
3088 GRAB(SHT_FINI_ARRAY, fini_array);
3089 GRAB(SHT_HASH, hash);
3090 GRAB(SHT_INIT_ARRAY, init_array);
3091 GRAB(SHT_SUNW_move, sunw_move);
3092 GRAB(SHT_PREINIT_ARRAY, preinit_array);
3093 GRAB(SHT_SUNW_cap, sunw_cap);
3094 GRAB(SHT_SUNW_capinfo, sunw_capinfo);
3095 GRAB(SHT_SUNW_capchain, sunw_capchain);
3096 GRAB(SHT_SUNW_LDYNSYM, sunw_ldynsym);
3097 GRAB(SHT_SUNW_syminfo, sunw_syminfo);
3098 GRAB(SHT_SUNW_symsort, sunw_symsort);
3099 GRAB(SHT_SUNW_tlssort, sunw_tlssort);
3100 GRAB(SHT_SUNW_verdef, sunw_verdef);
3101 GRAB(SHT_SUNW_verneed, sunw_verneed);
3102 GRAB(SHT_SUNW_versym, sunw_versym);
3103 #undef GRAB
3104 }
3105 }
3106
3107 if (phnum) {
3108 pt_dynamic = getphdr(phnum, phdr_type, 1, file, elf, &phndx);
3109 }
3110
3111 /*
3112 * If no dynamic section, return immediately. If more than one
3113 * dynamic section, then something odd is going on and an error
3114 * is in order, but then continue on and display them all.
3115 */
3116 if (dynsec_num == 0) {
3117 return;
3118 }
3119 if (dynsec_num > 1)
3120 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTDYN),
3121 file, EC_WORD(dynsec_num));
3122
3123
3124 dynsec_cnt = 0;
3125 for (cnt = dynsec_ndx; (cnt < shnum) && (dynsec_cnt < dynsec_num);
3126 cnt++) {
3127 Dyn *dyn;
3128 ulong_t numdyn;
3129 int ndx, end_ndx;
3130 Cache *_cache = &cache[cnt], *strsec;
3131 Shdr *shdr = _cache->c_shdr;
3132 int dumped = 0;
3133
3134 if (shdr->sh_type != SHT_DYNAMIC)
3135 continue;
3136 dynsec_cnt++;
3137
3138 /*
3139 * Verify the associated string table section.
3140 */
3141 if (stringtbl(cache, 0, cnt, shnum, file, 0, 0, &strsec) == 0)
3142 continue;
3143
3144 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) {
3145 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
3146 file, _cache->c_name);
3147 continue;
3148 }
3149 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
3150 continue;
3151
3152 /* The first time through, check v. PT_DYNAMIC */
3153 if (dynsec_cnt == 1) {
3154 Conv_inv_buf_t inv_buf;
3155
3156 if ((pt_dynamic == NULL) && (ehdr->e_type != ET_REL)) {
3157 fprintf(stderr, MSG_INTL(MSG_SHDR_NO_PHDR),
3158 file, _cache->c_ndx, _cache->c_name,
3159 conv_phdr_type(osabi, ehdr->e_machine,
3160 PT_DYNAMIC, CONV_FMT_ALT_CF, &inv_buf));
3161 }
3162
3163 if (pt_dynamic != NULL) {
3164 check_phdr_v_shdr(pt_dynamic, phndx,
3165 osabi, ehdr->e_machine, _cache, file);
3166 }
3167 }
3168
3169 numdyn = shdr->sh_size / shdr->sh_entsize;
3170 dyn = (Dyn *)_cache->c_data->d_buf;
3171
3172 /*
3173 * We expect the REL/RELA entries to reference the reloc
3174 * section with the lowest address. However, this is
3175 * not true for dumped objects. Detect if this object has
3176 * been dumped so that we can skip the reloc address test
3177 * in that case.
3178 */
3179 for (ndx = 0; ndx < numdyn; dyn++, ndx++) {
3180 if (dyn->d_tag == DT_FLAGS_1) {
3181 dumped = (dyn->d_un.d_val & DF_1_CONFALT) != 0;
3182 break;
3183 }
3184 }
3185 dyn = (Dyn *)_cache->c_data->d_buf;
3186
3187 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
3188 dbg_print(0, MSG_INTL(MSG_ELF_SCN_DYNAMIC), _cache->c_name);
3189
3190 Elf_dyn_title(0);
3191
3192 for (ndx = 0; ndx < numdyn; dyn++, ndx++) {
3193 union {
3194 Conv_inv_buf_t inv;
3195 Conv_dyn_flag_buf_t flag;
3196 Conv_dyn_flag1_buf_t flag1;
3197 Conv_dyn_posflag1_buf_t posflag1;
3198 Conv_dyn_feature1_buf_t feature1;
3199 } c_buf;
3200 const char *name = NULL;
3201
3202 /*
3203 * Print the information numerically, and if possible
3204 * as a string. If a string is available, name is
3205 * set to reference it.
3206 *
3207 * Also, take this opportunity to sanity check
3208 * the values of DT elements. In the code above,
3209 * we gathered information on sections that are
3210 * referenced by the dynamic section. Here, we
3211 * compare the attributes of those sections to
3212 * the DT_ items that reference them and report
3213 * on inconsistencies.
3214 *
3215 * Things not currently tested that could be improved
3216 * in later revisions include:
3217 * - We don't check PLT or GOT related items
3218 * - We don't handle computing the lengths of
3219 * relocation arrays. To handle this
3220 * requires examining data that spans
3221 * across sections, in a contiguous span
3222 * within a single segment.
3223 * - DT_VERDEFNUM and DT_VERNEEDNUM can't be
3224 * verified without parsing the sections.
3225 * - We don't handle DT_SUNW_SYMSZ, which would
3226 * be the sum of the lengths of .dynsym and
3227 * .SUNW_ldynsym
3228 * - DT_SUNW_STRPAD can't be verified other than
3229 * to check that it's not larger than
3230 * the string table.
3231 * - Some items come in "all or none" clusters
3232 * that give an address, element size,
3233 * and data length in bytes. We don't
3234 * verify that there are no missing items
3235 * in such groups.
3236 */
3237 switch (dyn->d_tag) {
3238 case DT_NULL:
3239 /*
3240 * Special case: DT_NULLs can come in groups
3241 * that we prefer to reduce to a single line.
3242 */
3243 end_ndx = ndx;
3244 while ((end_ndx < (numdyn - 1)) &&
3245 ((dyn + 1)->d_tag == DT_NULL)) {
3246 dyn++;
3247 end_ndx++;
3248 }
3249 Elf_dyn_null_entry(0, dyn, ndx, end_ndx);
3250 ndx = end_ndx;
3251 continue;
3252
3253 /*
3254 * String items all reference the dynstr. The string()
3255 * function does the necessary sanity checking.
3256 */
3257 case DT_NEEDED:
3258 case DT_SONAME:
3259 case DT_FILTER:
3260 case DT_AUXILIARY:
3261 case DT_CONFIG:
3262 case DT_RPATH:
3263 case DT_RUNPATH:
3264 case DT_USED:
3265 case DT_DEPAUDIT:
3266 case DT_AUDIT:
3267 name = string(_cache, ndx, strsec,
3268 file, dyn->d_un.d_ptr);
3269 break;
3270
3271 case DT_SUNW_AUXILIARY:
3272 case DT_SUNW_FILTER:
3273 if (osabi_solaris)
3274 name = string(_cache, ndx, strsec,
3275 file, dyn->d_un.d_ptr);
3276 break;
3277
3278 case DT_FLAGS:
3279 name = conv_dyn_flag(dyn->d_un.d_val,
3280 0, &c_buf.flag);
3281 break;
3282 case DT_FLAGS_1:
3283 name = conv_dyn_flag1(dyn->d_un.d_val, 0,
3284 &c_buf.flag1);
3285 break;
3286 case DT_POSFLAG_1:
3287 name = conv_dyn_posflag1(dyn->d_un.d_val, 0,
3288 &c_buf.posflag1);
3289 break;
3290 case DT_FEATURE_1:
3291 name = conv_dyn_feature1(dyn->d_un.d_val, 0,
3292 &c_buf.feature1);
3293 break;
3294 case DT_DEPRECATED_SPARC_REGISTER:
3295 name = MSG_INTL(MSG_STR_DEPRECATED);
3296 break;
3297
3298 case DT_SUNW_LDMACH:
3299 if (!osabi_solaris)
3300 break;
3301 name = conv_ehdr_mach((Half)dyn->d_un.d_val,
3302 0, &c_buf.inv);
3303 break;
3304
3305 /*
3306 * Cases below this point are strictly sanity checking,
3307 * and do not generate a name string. The TEST_ macros
3308 * are used to hide the boiler plate arguments neeeded
3309 * by dyn_test().
3310 */
3311 #define TEST_ADDR(_sh_type, _sec_field) \
3312 dyn_test(DYN_TEST_ADDR, _sh_type, \
3313 sec._sec_field, dyn, dynsec_cnt, ehdr, \
3314 osabi, file)
3315 #define TEST_SIZE(_sh_type, _sec_field) \
3316 dyn_test(DYN_TEST_SIZE, _sh_type, \
3317 sec._sec_field, dyn, dynsec_cnt, ehdr, \
3318 osabi, file)
3319 #define TEST_ENTSIZE(_sh_type, _sec_field) \
3320 dyn_test(DYN_TEST_ENTSIZE, _sh_type, \
3321 sec._sec_field, dyn, dynsec_cnt, ehdr, \
3322 osabi, file)
3323
3324 case DT_FINI:
3325 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_FINI),
3326 sec.symtab, sec.dynsym, sec.sunw_ldynsym,
3327 sec.fini, cache, shnum, ehdr, osabi, file);
3328 TEST_ADDR(SHT_PROGBITS, fini);
3329 break;
3330
3331 case DT_FINI_ARRAY:
3332 TEST_ADDR(SHT_FINI_ARRAY, fini_array);
3333 break;
3334
3335 case DT_FINI_ARRAYSZ:
3336 TEST_SIZE(SHT_FINI_ARRAY, fini_array);
3337 break;
3338
3339 case DT_HASH:
3340 TEST_ADDR(SHT_HASH, hash);
3341 break;
3342
3343 case DT_INIT:
3344 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_INIT),
3345 sec.symtab, sec.dynsym, sec.sunw_ldynsym,
3346 sec.init, cache, shnum, ehdr, osabi, file);
3347 TEST_ADDR(SHT_PROGBITS, init);
3348 break;
3349
3350 case DT_INIT_ARRAY:
3351 TEST_ADDR(SHT_INIT_ARRAY, init_array);
3352 break;
3353
3354 case DT_INIT_ARRAYSZ:
3355 TEST_SIZE(SHT_INIT_ARRAY, init_array);
3356 break;
3357
3358 case DT_MOVEENT:
3359 TEST_ENTSIZE(SHT_SUNW_move, sunw_move);
3360 break;
3361
3362 case DT_MOVESZ:
3363 TEST_SIZE(SHT_SUNW_move, sunw_move);
3364 break;
3365
3366 case DT_MOVETAB:
3367 TEST_ADDR(SHT_SUNW_move, sunw_move);
3368 break;
3369
3370 case DT_PREINIT_ARRAY:
3371 TEST_ADDR(SHT_PREINIT_ARRAY, preinit_array);
3372 break;
3373
3374 case DT_PREINIT_ARRAYSZ:
3375 TEST_SIZE(SHT_PREINIT_ARRAY, preinit_array);
3376 break;
3377
3378 case DT_REL:
3379 if (!dumped)
3380 TEST_ADDR(SHT_REL, rel);
3381 break;
3382
3383 case DT_RELENT:
3384 TEST_ENTSIZE(SHT_REL, rel);
3385 break;
3386
3387 case DT_RELA:
3388 if (!dumped)
3389 TEST_ADDR(SHT_RELA, rela);
3390 break;
3391
3392 case DT_RELAENT:
3393 TEST_ENTSIZE(SHT_RELA, rela);
3394 break;
3395
3396 case DT_STRTAB:
3397 TEST_ADDR(SHT_STRTAB, dynstr);
3398 break;
3399
3400 case DT_STRSZ:
3401 TEST_SIZE(SHT_STRTAB, dynstr);
3402 break;
3403
3404 case DT_SUNW_CAP:
3405 if (osabi_solaris)
3406 TEST_ADDR(SHT_SUNW_cap, sunw_cap);
3407 break;
3408
3409 case DT_SUNW_CAPINFO:
3410 if (osabi_solaris)
3411 TEST_ADDR(SHT_SUNW_capinfo,
3412 sunw_capinfo);
3413 break;
3414
3415 case DT_SUNW_CAPCHAIN:
3416 if (osabi_solaris)
3417 TEST_ADDR(SHT_SUNW_capchain,
3418 sunw_capchain);
3419 break;
3420
3421 case DT_SUNW_SYMTAB:
3422 TEST_ADDR(SHT_SUNW_LDYNSYM, sunw_ldynsym);
3423 break;
3424
3425 case DT_SYMENT:
3426 TEST_ENTSIZE(SHT_DYNSYM, dynsym);
3427 break;
3428
3429 case DT_SYMINENT:
3430 TEST_ENTSIZE(SHT_SUNW_syminfo, sunw_syminfo);
3431 break;
3432
3433 case DT_SYMINFO:
3434 TEST_ADDR(SHT_SUNW_syminfo, sunw_syminfo);
3435 break;
3436
3437 case DT_SYMINSZ:
3438 TEST_SIZE(SHT_SUNW_syminfo, sunw_syminfo);
3439 break;
3440
3441 case DT_SYMTAB:
3442 TEST_ADDR(SHT_DYNSYM, dynsym);
3443 break;
3444
3445 case DT_SUNW_SORTENT:
3446 /*
3447 * This entry is related to both the symsort and
3448 * tlssort sections.
3449 */
3450 if (osabi_solaris) {
3451 int test_tls =
3452 (sec.sunw_tlssort != NULL);
3453 int test_sym =
3454 (sec.sunw_symsort != NULL) ||
3455 !test_tls;
3456 if (test_sym)
3457 TEST_ENTSIZE(SHT_SUNW_symsort,
3458 sunw_symsort);
3459 if (test_tls)
3460 TEST_ENTSIZE(SHT_SUNW_tlssort,
3461 sunw_tlssort);
3462 }
3463 break;
3464
3465
3466 case DT_SUNW_SYMSORT:
3467 if (osabi_solaris)
3468 TEST_ADDR(SHT_SUNW_symsort,
3469 sunw_symsort);
3470 break;
3471
3472 case DT_SUNW_SYMSORTSZ:
3473 if (osabi_solaris)
3474 TEST_SIZE(SHT_SUNW_symsort,
3475 sunw_symsort);
3476 break;
3477
3478 case DT_SUNW_TLSSORT:
3479 if (osabi_solaris)
3480 TEST_ADDR(SHT_SUNW_tlssort,
3481 sunw_tlssort);
3482 break;
3483
3484 case DT_SUNW_TLSSORTSZ:
3485 if (osabi_solaris)
3486 TEST_SIZE(SHT_SUNW_tlssort,
3487 sunw_tlssort);
3488 break;
3489
3490 case DT_VERDEF:
3491 TEST_ADDR(SHT_SUNW_verdef, sunw_verdef);
3492 break;
3493
3494 case DT_VERNEED:
3495 TEST_ADDR(SHT_SUNW_verneed, sunw_verneed);
3496 break;
3497
3498 case DT_VERSYM:
3499 TEST_ADDR(SHT_SUNW_versym, sunw_versym);
3500 break;
3501 #undef TEST_ADDR
3502 #undef TEST_SIZE
3503 #undef TEST_ENTSIZE
3504 }
3505
3506 if (name == NULL)
3507 name = MSG_ORIG(MSG_STR_EMPTY);
3508 Elf_dyn_entry(0, dyn, ndx, name,
3509 osabi, ehdr->e_machine);
3510 }
3511 }
3512 }
3513
3514 /*
3515 * Search for and process a MOVE section.
3516 */
3517 static void
move(Cache * cache,Word shnum,const char * file,uint_t flags)3518 move(Cache *cache, Word shnum, const char *file, uint_t flags)
3519 {
3520 Word cnt;
3521 const char *fmt = NULL;
3522
3523 for (cnt = 1; cnt < shnum; cnt++) {
3524 Word movenum, symnum, ndx;
3525 Sym *syms;
3526 Cache *_cache = &cache[cnt];
3527 Shdr *shdr = _cache->c_shdr;
3528 Cache *symsec, *strsec;
3529 Move *move;
3530
3531 if (shdr->sh_type != SHT_SUNW_move)
3532 continue;
3533 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type))
3534 continue;
3535
3536 /*
3537 * Determine the move data and number.
3538 */
3539 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) {
3540 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
3541 file, _cache->c_name);
3542 continue;
3543 }
3544 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
3545 continue;
3546
3547 move = (Move *)_cache->c_data->d_buf;
3548 movenum = shdr->sh_size / shdr->sh_entsize;
3549
3550 /*
3551 * Get the data buffer for the associated symbol table and
3552 * string table.
3553 */
3554 if (stringtbl(cache, 1, cnt, shnum, file,
3555 &symnum, &symsec, &strsec) == 0)
3556 return;
3557
3558 syms = (Sym *)symsec->c_data->d_buf;
3559
3560 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
3561 dbg_print(0, MSG_INTL(MSG_ELF_SCN_MOVE), _cache->c_name);
3562 dbg_print(0, MSG_INTL(MSG_MOVE_TITLE));
3563
3564 if (fmt == NULL)
3565 fmt = MSG_INTL(MSG_MOVE_ENTRY);
3566
3567 for (ndx = 0; ndx < movenum; move++, ndx++) {
3568 const char *symname;
3569 char index[MAXNDXSIZE], section[BUFSIZ];
3570 Word symndx, shndx;
3571 Sym *sym;
3572
3573 /*
3574 * Check for null entries
3575 */
3576 if ((move->m_info == 0) && (move->m_value == 0) &&
3577 (move->m_poffset == 0) && (move->m_repeat == 0) &&
3578 (move->m_stride == 0)) {
3579 dbg_print(0, fmt, MSG_ORIG(MSG_STR_EMPTY),
3580 EC_XWORD(move->m_poffset), 0, 0, 0,
3581 EC_LWORD(0), MSG_ORIG(MSG_STR_EMPTY));
3582 continue;
3583 }
3584 if (((symndx = ELF_M_SYM(move->m_info)) == 0) ||
3585 (symndx >= symnum)) {
3586 (void) fprintf(stderr,
3587 MSG_INTL(MSG_ERR_BADMINFO), file,
3588 _cache->c_name, EC_XWORD(move->m_info));
3589
3590 (void) snprintf(index, MAXNDXSIZE,
3591 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx));
3592 dbg_print(0, fmt, index,
3593 EC_XWORD(move->m_poffset),
3594 ELF_M_SIZE(move->m_info), move->m_repeat,
3595 move->m_stride, move->m_value,
3596 MSG_INTL(MSG_STR_UNKNOWN));
3597 continue;
3598 }
3599
3600 symname = relsymname(cache, _cache, strsec,
3601 symndx, symnum, ndx, syms, section, BUFSIZ, file);
3602 sym = (Sym *)(syms + symndx);
3603
3604 /*
3605 * Additional sanity check.
3606 */
3607 shndx = sym->st_shndx;
3608 if (!((shndx == SHN_COMMON) ||
3609 (((shndx >= 1) && (shndx <= shnum)) &&
3610 (cache[shndx].c_shdr)->sh_type == SHT_NOBITS))) {
3611 (void) fprintf(stderr,
3612 MSG_INTL(MSG_ERR_BADSYM2), file,
3613 _cache->c_name, EC_WORD(symndx),
3614 demangle(symname, flags));
3615 }
3616
3617 (void) snprintf(index, MAXNDXSIZE,
3618 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx));
3619 dbg_print(0, fmt, index, EC_XWORD(move->m_poffset),
3620 ELF_M_SIZE(move->m_info), move->m_repeat,
3621 move->m_stride, move->m_value,
3622 demangle(symname, flags));
3623 }
3624 }
3625 }
3626
3627 /*
3628 * parse_note_t is used to track the state used by parse_note_entry()
3629 * between calls, and also to return the results of each call.
3630 */
3631 typedef struct {
3632 /* pns_ fields track progress through the data */
3633 const char *pns_file; /* File name */
3634 Cache *pns_cache; /* Note section cache entry */
3635 size_t pns_size; /* # unprocessed data bytes */
3636 Word *pns_data; /* # to next unused data byte */
3637
3638 /* pn_ fields return the results for a single call */
3639 Word pn_namesz; /* Value of note namesz field */
3640 Word pn_descsz; /* Value of note descsz field */
3641 Word pn_type; /* Value of note type field */
3642 const char *pn_name; /* if (namesz > 0) ptr to name bytes */
3643 const char *pn_desc; /* if (descsx > 0) ptr to data bytes */
3644 } parse_note_t;
3645
3646 /*
3647 * Extract the various sub-parts of a note entry, and advance the
3648 * data pointer past it.
3649 *
3650 * entry:
3651 * The state pns_ fields contain current values for the Note section
3652 *
3653 * exit:
3654 * On success, True (1) is returned, the state pns_ fields have been
3655 * advanced to point at the start of the next entry, and the information
3656 * for the recovered note entry is found in the state pn_ fields.
3657 *
3658 * On failure, False (0) is returned. The values contained in state
3659 * are undefined.
3660 */
3661 static int
parse_note_entry(parse_note_t * state)3662 parse_note_entry(parse_note_t *state)
3663 {
3664 size_t pad, noteoff;
3665
3666 noteoff = (Word)state->pns_cache->c_data->d_size - state->pns_size;
3667 /*
3668 * Make sure we can at least reference the 3 initial entries
3669 * (4-byte words) of the note information block.
3670 */
3671 if (state->pns_size >= (sizeof (Word) * 3)) {
3672 state->pns_size -= (sizeof (Word) * 3);
3673 } else {
3674 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDATASZ),
3675 state->pns_file, state->pns_cache->c_name,
3676 EC_WORD(noteoff));
3677 return (0);
3678 }
3679
3680 /*
3681 * Make sure any specified name string can be referenced.
3682 */
3683 if ((state->pn_namesz = *state->pns_data++) != 0) {
3684 if (state->pns_size >= state->pn_namesz) {
3685 state->pns_size -= state->pn_namesz;
3686 } else {
3687 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADNMSZ),
3688 state->pns_file, state->pns_cache->c_name,
3689 EC_WORD(noteoff), EC_WORD(state->pn_namesz));
3690 return (0);
3691 }
3692 }
3693
3694 /*
3695 * Make sure any specified descriptor can be referenced.
3696 */
3697 if ((state->pn_descsz = *state->pns_data++) != 0) {
3698 /*
3699 * If namesz isn't a 4-byte multiple, account for any
3700 * padding that must exist before the descriptor.
3701 */
3702 if ((pad = (state->pn_namesz & (sizeof (Word) - 1))) != 0) {
3703 pad = sizeof (Word) - pad;
3704 state->pns_size -= pad;
3705 }
3706 if (state->pns_size >= state->pn_descsz) {
3707 state->pns_size -= state->pn_descsz;
3708 } else {
3709 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDESZ),
3710 state->pns_file, state->pns_cache->c_name,
3711 EC_WORD(noteoff), EC_WORD(state->pn_namesz));
3712 return (0);
3713 }
3714 }
3715
3716 state->pn_type = *state->pns_data++;
3717
3718 /* Name */
3719 if (state->pn_namesz) {
3720 state->pn_name = (char *)state->pns_data;
3721 pad = (state->pn_namesz +
3722 (sizeof (Word) - 1)) & ~(sizeof (Word) - 1);
3723 /* LINTED */
3724 state->pns_data = (Word *)(state->pn_name + pad);
3725 }
3726
3727 /*
3728 * If multiple information blocks exist within a .note section
3729 * account for any padding that must exist before the next
3730 * information block.
3731 */
3732 if ((pad = (state->pn_descsz & (sizeof (Word) - 1))) != 0) {
3733 pad = sizeof (Word) - pad;
3734 if (state->pns_size > pad)
3735 state->pns_size -= pad;
3736 }
3737
3738 /* Data */
3739 if (state->pn_descsz) {
3740 state->pn_desc = (const char *)state->pns_data;
3741 /* LINTED */
3742 state->pns_data = (Word *)(state->pn_desc +
3743 state->pn_descsz + pad);
3744 }
3745
3746 return (1);
3747 }
3748
3749 /*
3750 * Callback function for use with conv_str_to_c_literal() below.
3751 */
3752 /*ARGSUSED2*/
3753 static void
c_literal_cb(const void * ptr,size_t size,void * uvalue)3754 c_literal_cb(const void *ptr, size_t size, void *uvalue)
3755 {
3756 (void) fwrite(ptr, size, 1, stdout);
3757 }
3758
3759 /*
3760 * Traverse a note section analyzing each note information block.
3761 * The data buffers size is used to validate references before they are made,
3762 * and is decremented as each element is processed.
3763 */
3764 void
note_entry(Cache * cache,Word * data,size_t size,Ehdr * ehdr,const char * file)3765 note_entry(Cache *cache, Word *data, size_t size, Ehdr *ehdr, const char *file)
3766 {
3767 int cnt = 0;
3768 int is_corenote;
3769 int do_swap;
3770 Conv_inv_buf_t inv_buf;
3771 parse_note_t pnstate;
3772
3773 pnstate.pns_file = file;
3774 pnstate.pns_cache = cache;
3775 pnstate.pns_size = size;
3776 pnstate.pns_data = data;
3777 do_swap = _elf_sys_encoding() != ehdr->e_ident[EI_DATA];
3778
3779 /*
3780 * Print out a single `note' information block.
3781 */
3782 while (pnstate.pns_size > 0) {
3783
3784 if (parse_note_entry(&pnstate) == 0)
3785 return;
3786
3787 /*
3788 * Is this a Solaris core note? Such notes all have
3789 * the name "CORE".
3790 */
3791 is_corenote = (ehdr->e_type == ET_CORE) &&
3792 (pnstate.pn_namesz == (MSG_STR_CORE_SIZE + 1)) &&
3793 (strncmp(MSG_ORIG(MSG_STR_CORE), pnstate.pn_name,
3794 MSG_STR_CORE_SIZE + 1) == 0);
3795
3796 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
3797 dbg_print(0, MSG_INTL(MSG_FMT_NOTEENTNDX), EC_WORD(cnt));
3798 cnt++;
3799 dbg_print(0, MSG_ORIG(MSG_NOTE_NAMESZ),
3800 EC_WORD(pnstate.pn_namesz));
3801 dbg_print(0, MSG_ORIG(MSG_NOTE_DESCSZ),
3802 EC_WORD(pnstate.pn_descsz));
3803
3804 if (is_corenote)
3805 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE_STR),
3806 conv_cnote_type(pnstate.pn_type, 0, &inv_buf));
3807 else
3808 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE),
3809 EC_WORD(pnstate.pn_type));
3810 if (pnstate.pn_namesz) {
3811 dbg_print(0, MSG_ORIG(MSG_NOTE_NAME));
3812 /*
3813 * The name string can contain embedded 'null'
3814 * bytes and/or unprintable characters. Also,
3815 * the final NULL is documented in the ELF ABI
3816 * as being included in the namesz. So, display
3817 * the name using C literal string notation, and
3818 * include the terminating NULL in the output.
3819 * We don't show surrounding double quotes, as
3820 * that implies the termination that we are showing
3821 * explicitly.
3822 */
3823 (void) fwrite(MSG_ORIG(MSG_STR_8SP),
3824 MSG_STR_8SP_SIZE, 1, stdout);
3825 conv_str_to_c_literal(pnstate.pn_name,
3826 pnstate.pn_namesz, c_literal_cb, NULL);
3827 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
3828 }
3829
3830 if (pnstate.pn_descsz) {
3831 int hexdump = 1;
3832
3833 /*
3834 * If this is a core note, let the corenote()
3835 * function handle it.
3836 */
3837 if (is_corenote) {
3838 /* We only issue the bad arch error once */
3839 static int badnote_done = 0;
3840 corenote_ret_t corenote_ret;
3841
3842 corenote_ret = corenote(ehdr->e_machine,
3843 do_swap, pnstate.pn_type, pnstate.pn_desc,
3844 pnstate.pn_descsz);
3845 switch (corenote_ret) {
3846 case CORENOTE_R_OK_DUMP:
3847 hexdump = 1;
3848 break;
3849 case CORENOTE_R_OK:
3850 hexdump = 0;
3851 break;
3852 case CORENOTE_R_BADDATA:
3853 (void) fprintf(stderr,
3854 MSG_INTL(MSG_NOTE_BADCOREDATA),
3855 file);
3856 break;
3857 case CORENOTE_R_BADARCH:
3858 if (badnote_done)
3859 break;
3860 (void) fprintf(stderr,
3861 MSG_INTL(MSG_NOTE_BADCOREARCH),
3862 file,
3863 conv_ehdr_mach(ehdr->e_machine,
3864 0, &inv_buf));
3865 break;
3866 case CORENOTE_R_BADTYPE:
3867 (void) fprintf(stderr,
3868 MSG_INTL(MSG_NOTE_BADCORETYPE),
3869 file,
3870 EC_WORD(pnstate.pn_type));
3871 break;
3872
3873 }
3874 }
3875
3876 /*
3877 * The default thing when we don't understand
3878 * the note data is to display it as hex bytes.
3879 */
3880 if (hexdump) {
3881 dbg_print(0, MSG_ORIG(MSG_NOTE_DESC));
3882 dump_hex_bytes(pnstate.pn_desc,
3883 pnstate.pn_descsz, 8, 4, 4);
3884 }
3885 }
3886 }
3887 }
3888
3889 /*
3890 * Search for and process .note sections.
3891 *
3892 * Returns the number of note sections seen.
3893 */
3894 static Word
note(Cache * cache,Word shnum,Ehdr * ehdr,const char * file)3895 note(Cache *cache, Word shnum, Ehdr *ehdr, const char *file)
3896 {
3897 Word cnt, note_cnt = 0;
3898
3899 /*
3900 * Otherwise look for any .note sections.
3901 */
3902 for (cnt = 1; cnt < shnum; cnt++) {
3903 Cache *_cache = &cache[cnt];
3904 Shdr *shdr = _cache->c_shdr;
3905
3906 if (shdr->sh_type != SHT_NOTE)
3907 continue;
3908 note_cnt++;
3909 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type))
3910 continue;
3911
3912 /*
3913 * As these sections are often hand rolled, make sure they're
3914 * properly aligned before proceeding, and issue an error
3915 * as necessary.
3916 *
3917 * Note that we will continue on to display the note even
3918 * if it has bad alignment. We can do this safely, because
3919 * libelf knows the alignment required for SHT_NOTE, and
3920 * takes steps to deliver a properly aligned buffer to us
3921 * even if the actual file is misaligned.
3922 */
3923 if (shdr->sh_offset & (sizeof (Word) - 1))
3924 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADALIGN),
3925 file, _cache->c_name);
3926
3927 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
3928 continue;
3929
3930 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
3931 dbg_print(0, MSG_INTL(MSG_ELF_SCN_NOTE), _cache->c_name);
3932 note_entry(_cache, (Word *)_cache->c_data->d_buf,
3933 /* LINTED */
3934 (Word)_cache->c_data->d_size, ehdr, file);
3935 }
3936
3937 return (note_cnt);
3938 }
3939
3940 /*
3941 * The Linux Standard Base defines a special note named .note.ABI-tag
3942 * that is used to maintain Linux ABI information. Presence of this section
3943 * is a strong indication that the object should be considered to be
3944 * ELFOSABI_LINUX.
3945 *
3946 * This function returns True (1) if such a note is seen, and False (0)
3947 * otherwise.
3948 */
3949 static int
has_linux_abi_note(Cache * cache,Word shnum,const char * file)3950 has_linux_abi_note(Cache *cache, Word shnum, const char *file)
3951 {
3952 Word cnt;
3953
3954 for (cnt = 1; cnt < shnum; cnt++) {
3955 parse_note_t pnstate;
3956 Cache *_cache = &cache[cnt];
3957 Shdr *shdr = _cache->c_shdr;
3958
3959 /*
3960 * Section must be SHT_NOTE, must have the name
3961 * .note.ABI-tag, and must have data.
3962 */
3963 if ((shdr->sh_type != SHT_NOTE) ||
3964 (strcmp(MSG_ORIG(MSG_STR_NOTEABITAG),
3965 _cache->c_name) != 0) ||
3966 (_cache->c_data == NULL) ||
3967 (_cache->c_data->d_buf == NULL))
3968 continue;
3969
3970 pnstate.pns_file = file;
3971 pnstate.pns_cache = _cache;
3972 pnstate.pns_size = _cache->c_data->d_size;
3973 pnstate.pns_data = (Word *)_cache->c_data->d_buf;
3974
3975 while (pnstate.pns_size > 0) {
3976 Word *w;
3977
3978 if (parse_note_entry(&pnstate) == 0)
3979 break;
3980
3981 /*
3982 * The type must be 1, and the name must be "GNU".
3983 * The descsz must be at least 16 bytes.
3984 */
3985 if ((pnstate.pn_type != 1) ||
3986 (pnstate.pn_namesz != (MSG_STR_GNU_SIZE + 1)) ||
3987 (strncmp(MSG_ORIG(MSG_STR_GNU), pnstate.pn_name,
3988 MSG_STR_CORE_SIZE + 1) != 0) ||
3989 (pnstate.pn_descsz < 16))
3990 continue;
3991
3992 /*
3993 * desc contains 4 32-bit fields. Field 0 must be 0,
3994 * indicating Linux. The second, third, and fourth
3995 * fields represent the earliest Linux kernel
3996 * version compatible with this object.
3997 */
3998 /*LINTED*/
3999 w = (Word *) pnstate.pn_desc;
4000 if (*w == 0)
4001 return (1);
4002 }
4003 }
4004
4005 return (0);
4006 }
4007
4008 /*
4009 * Determine an individual hash entry. This may be the initial hash entry,
4010 * or an associated chain entry.
4011 */
4012 static void
hash_entry(Cache * refsec,Cache * strsec,const char * hsecname,Word hashndx,Word symndx,Word symn,Sym * syms,const char * file,ulong_t bkts,uint_t flags,int chain)4013 hash_entry(Cache *refsec, Cache *strsec, const char *hsecname, Word hashndx,
4014 Word symndx, Word symn, Sym *syms, const char *file, ulong_t bkts,
4015 uint_t flags, int chain)
4016 {
4017 Sym *sym;
4018 const char *symname, *str;
4019 char _bucket[MAXNDXSIZE], _symndx[MAXNDXSIZE];
4020 ulong_t nbkt, nhash;
4021
4022 if (symndx > symn) {
4023 (void) fprintf(stderr, MSG_INTL(MSG_ERR_HSBADSYMNDX), file,
4024 EC_WORD(symndx), EC_WORD(hashndx));
4025 symname = MSG_INTL(MSG_STR_UNKNOWN);
4026 } else {
4027 sym = (Sym *)(syms + symndx);
4028 symname = string(refsec, symndx, strsec, file, sym->st_name);
4029 }
4030
4031 if (chain == 0) {
4032 (void) snprintf(_bucket, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER),
4033 hashndx);
4034 str = (const char *)_bucket;
4035 } else
4036 str = MSG_ORIG(MSG_STR_EMPTY);
4037
4038 (void) snprintf(_symndx, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX2),
4039 EC_WORD(symndx));
4040 dbg_print(0, MSG_ORIG(MSG_FMT_HASH_INFO), str, _symndx,
4041 demangle(symname, flags));
4042
4043 /*
4044 * Determine if this string is in the correct bucket.
4045 */
4046 nhash = elf_hash(symname);
4047 nbkt = nhash % bkts;
4048
4049 if (nbkt != hashndx) {
4050 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADHASH), file,
4051 hsecname, symname, EC_WORD(hashndx), nbkt);
4052 }
4053 }
4054
4055 #define MAXCOUNT 500
4056
4057 static void
hash(Cache * cache,Word shnum,const char * file,uint_t flags)4058 hash(Cache *cache, Word shnum, const char *file, uint_t flags)
4059 {
4060 static int count[MAXCOUNT];
4061 Word cnt;
4062 Word ndx, bkts, nchain;
4063 char number[MAXNDXSIZE];
4064
4065 for (cnt = 1; cnt < shnum; cnt++) {
4066 Word *hash, *chain;
4067 Cache *_cache = &cache[cnt];
4068 Shdr *sshdr, *hshdr = _cache->c_shdr;
4069 char *ssecname, *hsecname = _cache->c_name;
4070 Sym *syms;
4071 Word symn;
4072
4073 if (hshdr->sh_type != SHT_HASH)
4074 continue;
4075
4076 /*
4077 * Check the hash table data and size.
4078 */
4079 if ((hshdr->sh_entsize == 0) || (hshdr->sh_size == 0)) {
4080 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4081 file, hsecname);
4082 continue;
4083 }
4084 if ((_cache->c_data == NULL) ||
4085 (_cache->c_data->d_buf == NULL)) {
4086 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4087 file, hsecname);
4088 continue;
4089 }
4090
4091 hash = (Word *)_cache->c_data->d_buf;
4092 bkts = *hash++;
4093 nchain = *hash++;
4094 chain = hash + bkts;
4095
4096 /*
4097 * The section holds the sizes in addition to the buckets and
4098 * chains.
4099 */
4100 if (_cache->c_data->d_size <
4101 (bkts + nchain + 2) * sizeof (uint_t)) {
4102 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4103 file, hsecname);
4104 continue;
4105 }
4106
4107 /*
4108 * Get the data buffer for the associated symbol table.
4109 */
4110 if ((hshdr->sh_link == 0) || (hshdr->sh_link >= shnum)) {
4111 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
4112 file, hsecname, EC_WORD(hshdr->sh_link));
4113 continue;
4114 }
4115
4116 _cache = &cache[hshdr->sh_link];
4117 ssecname = _cache->c_name;
4118
4119 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
4120 continue;
4121
4122 if ((syms = (Sym *)_cache->c_data->d_buf) == NULL) {
4123 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4124 file, ssecname);
4125 continue;
4126 }
4127
4128 sshdr = _cache->c_shdr;
4129
4130 if ((sshdr->sh_entsize == 0) || (sshdr->sh_size == 0)) {
4131 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4132 file, ssecname);
4133 continue;
4134 }
4135
4136 /* LINTED */
4137 symn = (Word)(sshdr->sh_size / sshdr->sh_entsize);
4138
4139 /*
4140 * Check that there is a chain for each symbol.
4141 */
4142 if (symn > nchain) {
4143 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4144 file, ssecname);
4145 continue;
4146 }
4147
4148 /*
4149 * Get the associated string table section.
4150 */
4151 if ((sshdr->sh_link == 0) || (sshdr->sh_link >= shnum)) {
4152 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK),
4153 file, ssecname, EC_WORD(sshdr->sh_link));
4154 continue;
4155 }
4156
4157 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
4158 dbg_print(0, MSG_INTL(MSG_ELF_SCN_HASH), hsecname);
4159 dbg_print(0, MSG_INTL(MSG_ELF_HASH_INFO));
4160
4161 /*
4162 * Loop through the hash buckets, printing the appropriate
4163 * symbols.
4164 */
4165 for (ndx = 0; ndx < bkts; ndx++, hash++) {
4166 Word _ndx, _cnt;
4167
4168 if (*hash == 0) {
4169 count[0]++;
4170 continue;
4171 }
4172
4173 /*
4174 * Each hash bucket must contain to a valid chain index.
4175 * Because the symbol table is checked to be the same
4176 * length as the chain array, this also implicitly
4177 * checks those bounds.
4178 */
4179 if (*hash > nchain) {
4180 (void) fprintf(stderr,
4181 MSG_INTL(MSG_ERR_BADCHAINIDX), file,
4182 ssecname, EC_WORD(*hash), EC_WORD(ndx),
4183 EC_WORD(nchain));
4184 continue;
4185 }
4186
4187 hash_entry(_cache, &cache[sshdr->sh_link], hsecname,
4188 ndx, *hash, symn, syms, file, bkts, flags, 0);
4189
4190 /*
4191 * Determine if any other symbols are chained to this
4192 * bucket.
4193 */
4194 _ndx = chain[*hash];
4195 _cnt = 1;
4196 while (_ndx) {
4197 if (_ndx > nchain) {
4198 (void) fprintf(stderr,
4199 MSG_INTL(MSG_ERR_BADCHAINIDX), file,
4200 ssecname, EC_WORD(_ndx),
4201 EC_WORD(ndx), EC_WORD(nchain));
4202 break;
4203 }
4204 hash_entry(_cache, &cache[sshdr->sh_link],
4205 hsecname, ndx, _ndx, symn, syms, file,
4206 bkts, flags, 1);
4207 _ndx = chain[_ndx];
4208 _cnt++;
4209 }
4210
4211 if (_cnt >= MAXCOUNT) {
4212 (void) fprintf(stderr,
4213 MSG_INTL(MSG_HASH_OVERFLW), file,
4214 _cache->c_name, EC_WORD(ndx),
4215 EC_WORD(_cnt));
4216 } else
4217 count[_cnt]++;
4218 }
4219 break;
4220 }
4221
4222 /*
4223 * Print out the count information.
4224 */
4225 bkts = cnt = 0;
4226 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
4227
4228 for (ndx = 0; ndx < MAXCOUNT; ndx++) {
4229 Word _cnt;
4230
4231 if ((_cnt = count[ndx]) == 0)
4232 continue;
4233
4234 (void) snprintf(number, MAXNDXSIZE,
4235 MSG_ORIG(MSG_FMT_INTEGER), _cnt);
4236 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS1), number,
4237 EC_WORD(ndx));
4238 bkts += _cnt;
4239 cnt += (Word)(ndx * _cnt);
4240 }
4241 if (cnt) {
4242 (void) snprintf(number, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER),
4243 bkts);
4244 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS2), number,
4245 EC_WORD(cnt));
4246 }
4247 }
4248
4249 static void
group(Cache * cache,Word shnum,const char * file,uint_t flags)4250 group(Cache *cache, Word shnum, const char *file, uint_t flags)
4251 {
4252 Word scnt;
4253
4254 for (scnt = 1; scnt < shnum; scnt++) {
4255 Cache *_cache = &cache[scnt];
4256 Shdr *shdr = _cache->c_shdr;
4257 Word *grpdata, gcnt, grpcnt, symnum, unknown;
4258 Cache *symsec, *strsec;
4259 Sym *syms, *sym;
4260 char flgstrbuf[MSG_GRP_COMDAT_SIZE + 10];
4261 const char *grpnam;
4262
4263 if (shdr->sh_type != SHT_GROUP)
4264 continue;
4265 if (!match(MATCH_F_ALL, _cache->c_name, scnt, shdr->sh_type))
4266 continue;
4267 if ((_cache->c_data == NULL) ||
4268 ((grpdata = (Word *)_cache->c_data->d_buf) == NULL))
4269 continue;
4270 grpcnt = shdr->sh_size / sizeof (Word);
4271
4272 /*
4273 * Get the data buffer for the associated symbol table and
4274 * string table.
4275 */
4276 if (stringtbl(cache, 1, scnt, shnum, file,
4277 &symnum, &symsec, &strsec) == 0)
4278 return;
4279
4280 syms = symsec->c_data->d_buf;
4281
4282 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
4283 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GRP), _cache->c_name);
4284 dbg_print(0, MSG_INTL(MSG_GRP_TITLE));
4285
4286 /*
4287 * The first element of the group defines the group. The
4288 * associated symbol is defined by the sh_link field.
4289 */
4290 if ((shdr->sh_info == SHN_UNDEF) || (shdr->sh_info > symnum)) {
4291 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO),
4292 file, _cache->c_name, EC_WORD(shdr->sh_info));
4293 return;
4294 }
4295
4296 (void) strcpy(flgstrbuf, MSG_ORIG(MSG_STR_OSQBRKT));
4297 if (grpdata[0] & GRP_COMDAT) {
4298 (void) strcat(flgstrbuf, MSG_ORIG(MSG_GRP_COMDAT));
4299 }
4300 if ((unknown = (grpdata[0] & ~GRP_COMDAT)) != 0) {
4301 size_t len = strlen(flgstrbuf);
4302
4303 (void) snprintf(&flgstrbuf[len],
4304 (MSG_GRP_COMDAT_SIZE + 10 - len),
4305 MSG_ORIG(MSG_GRP_UNKNOWN), unknown);
4306 }
4307 (void) strcat(flgstrbuf, MSG_ORIG(MSG_STR_CSQBRKT));
4308 sym = (Sym *)(syms + shdr->sh_info);
4309
4310 /*
4311 * The GNU assembler can use section symbols as the signature
4312 * symbol as described by this comment in the gold linker
4313 * (found via google):
4314 *
4315 * It seems that some versions of gas will create a
4316 * section group associated with a section symbol, and
4317 * then fail to give a name to the section symbol. In
4318 * such a case, use the name of the section.
4319 *
4320 * In order to support such objects, we do the same.
4321 */
4322 grpnam = string(_cache, 0, strsec, file, sym->st_name);
4323 if (((sym->st_name == 0) || (*grpnam == '\0')) &&
4324 (ELF_ST_TYPE(sym->st_info) == STT_SECTION))
4325 grpnam = cache[sym->st_shndx].c_name;
4326
4327 dbg_print(0, MSG_INTL(MSG_GRP_SIGNATURE), flgstrbuf,
4328 demangle(grpnam, flags));
4329
4330 for (gcnt = 1; gcnt < grpcnt; gcnt++) {
4331 char index[MAXNDXSIZE];
4332 const char *name;
4333
4334 (void) snprintf(index, MAXNDXSIZE,
4335 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(gcnt));
4336
4337 if ((grpdata[gcnt] == 0) || (grpdata[gcnt] >= shnum))
4338 name = MSG_INTL(MSG_GRP_INVALSCN);
4339 else
4340 name = cache[grpdata[gcnt]].c_name;
4341
4342 (void) printf(MSG_ORIG(MSG_GRP_ENTRY), index, name,
4343 EC_XWORD(grpdata[gcnt]));
4344 }
4345 }
4346 }
4347
4348 static void
got(Cache * cache,Word shnum,Ehdr * ehdr,const char * file)4349 got(Cache *cache, Word shnum, Ehdr *ehdr, const char *file)
4350 {
4351 Cache *gotcache = NULL, *symtab = NULL;
4352 Addr gotbgn, gotend;
4353 Shdr *gotshdr;
4354 Word cnt, gotents, gotndx;
4355 size_t gentsize;
4356 Got_info *gottable;
4357 char *gotdata;
4358 Sym *gotsym;
4359 Xword gotsymaddr;
4360 uint_t sys_encoding;
4361
4362 /*
4363 * First, find the got.
4364 */
4365 for (cnt = 1; cnt < shnum; cnt++) {
4366 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT),
4367 MSG_ELF_GOT_SIZE) == 0) {
4368 gotcache = &cache[cnt];
4369 break;
4370 }
4371 }
4372 if (gotcache == NULL)
4373 return;
4374
4375 /*
4376 * A got section within a relocatable object is suspicious.
4377 */
4378 if (ehdr->e_type == ET_REL) {
4379 (void) fprintf(stderr, MSG_INTL(MSG_GOT_UNEXPECTED), file,
4380 gotcache->c_name);
4381 }
4382
4383 gotshdr = gotcache->c_shdr;
4384 if (gotshdr->sh_size == 0) {
4385 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4386 file, gotcache->c_name);
4387 return;
4388 }
4389
4390 gotbgn = gotshdr->sh_addr;
4391 gotend = gotbgn + gotshdr->sh_size;
4392
4393 /*
4394 * Some architectures don't properly set the sh_entsize for the GOT
4395 * table. If it's not set, default to a size of a pointer.
4396 */
4397 if ((gentsize = gotshdr->sh_entsize) == 0)
4398 gentsize = sizeof (Xword);
4399
4400 if ((gotcache->c_data == NULL) || (gotcache->c_data->d_buf == NULL))
4401 return;
4402
4403 /* LINTED */
4404 gotents = (Word)(gotshdr->sh_size / gentsize);
4405 gotdata = gotcache->c_data->d_buf;
4406
4407 if ((gottable = calloc(gotents, sizeof (Got_info))) == 0) {
4408 int err = errno;
4409 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), file,
4410 strerror(err));
4411 return;
4412 }
4413
4414 /*
4415 * Now we scan through all the sections looking for any relocations
4416 * that may be against the GOT. Since these may not be isolated to a
4417 * .rel[a].got section we check them all.
4418 * While scanning sections save the symbol table entry (a symtab
4419 * overriding a dynsym) so that we can lookup _GLOBAL_OFFSET_TABLE_.
4420 */
4421 for (cnt = 1; cnt < shnum; cnt++) {
4422 Word type, symnum;
4423 Xword relndx, relnum, relsize;
4424 void *rels;
4425 Sym *syms;
4426 Cache *symsec, *strsec;
4427 Cache *_cache = &cache[cnt];
4428 Shdr *shdr;
4429
4430 shdr = _cache->c_shdr;
4431 type = shdr->sh_type;
4432
4433 if ((symtab == 0) && (type == SHT_DYNSYM)) {
4434 symtab = _cache;
4435 continue;
4436 }
4437 if (type == SHT_SYMTAB) {
4438 symtab = _cache;
4439 continue;
4440 }
4441 if ((type != SHT_RELA) && (type != SHT_REL))
4442 continue;
4443
4444 /*
4445 * Decide entry size.
4446 */
4447 if (((relsize = shdr->sh_entsize) == 0) ||
4448 (relsize > shdr->sh_size)) {
4449 if (type == SHT_RELA)
4450 relsize = sizeof (Rela);
4451 else
4452 relsize = sizeof (Rel);
4453 }
4454
4455 /*
4456 * Determine the number of relocations available.
4457 */
4458 if (shdr->sh_size == 0) {
4459 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4460 file, _cache->c_name);
4461 continue;
4462 }
4463 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL))
4464 continue;
4465
4466 rels = _cache->c_data->d_buf;
4467 relnum = shdr->sh_size / relsize;
4468
4469 /*
4470 * Get the data buffer for the associated symbol table and
4471 * string table.
4472 */
4473 if (stringtbl(cache, 1, cnt, shnum, file,
4474 &symnum, &symsec, &strsec) == 0)
4475 continue;
4476
4477 syms = symsec->c_data->d_buf;
4478
4479 /*
4480 * Loop through the relocation entries.
4481 */
4482 for (relndx = 0; relndx < relnum; relndx++,
4483 rels = (void *)((char *)rels + relsize)) {
4484 char section[BUFSIZ];
4485 Addr offset;
4486 Got_info *gip;
4487 Word symndx, reltype;
4488 Rela *rela;
4489 Rel *rel;
4490
4491 /*
4492 * Unravel the relocation.
4493 */
4494 if (type == SHT_RELA) {
4495 rela = (Rela *)rels;
4496 symndx = ELF_R_SYM(rela->r_info);
4497 reltype = ELF_R_TYPE(rela->r_info,
4498 ehdr->e_machine);
4499 offset = rela->r_offset;
4500 } else {
4501 rel = (Rel *)rels;
4502 symndx = ELF_R_SYM(rel->r_info);
4503 reltype = ELF_R_TYPE(rel->r_info,
4504 ehdr->e_machine);
4505 offset = rel->r_offset;
4506 }
4507
4508 /*
4509 * Only pay attention to relocations against the GOT.
4510 */
4511 if ((offset < gotbgn) || (offset >= gotend))
4512 continue;
4513
4514 if ((gotshdr->sh_entsize == 0) ||
4515 (gotshdr->sh_size == 0)) {
4516 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ),
4517 file, gotcache->c_name);
4518 continue;
4519 }
4520
4521 /* LINTED */
4522 gotndx = (Word)((offset - gotbgn) /
4523 gotshdr->sh_entsize);
4524 gip = &gottable[gotndx];
4525
4526 if (gip->g_reltype != 0) {
4527 (void) fprintf(stderr,
4528 MSG_INTL(MSG_GOT_MULTIPLE), file,
4529 EC_WORD(gotndx), EC_ADDR(offset));
4530 continue;
4531 }
4532
4533 if (symndx)
4534 gip->g_symname = relsymname(cache, _cache,
4535 strsec, symndx, symnum, relndx, syms,
4536 section, BUFSIZ, file);
4537 gip->g_reltype = reltype;
4538 gip->g_rel = rels;
4539 }
4540 }
4541
4542 if (symlookup(MSG_ORIG(MSG_SYM_GOT), cache, shnum, &gotsym, NULL,
4543 symtab, file))
4544 gotsymaddr = gotsym->st_value;
4545 else
4546 gotsymaddr = gotbgn;
4547
4548 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
4549 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GOT), gotcache->c_name);
4550 Elf_got_title(0);
4551
4552 sys_encoding = _elf_sys_encoding();
4553 for (gotndx = 0; gotndx < gotents; gotndx++) {
4554 Got_info *gip;
4555 Sword gindex;
4556 Addr gaddr;
4557 Xword gotentry;
4558
4559 gip = &gottable[gotndx];
4560
4561 gaddr = gotbgn + (gotndx * gentsize);
4562 gindex = (Sword)(gaddr - gotsymaddr) / (Sword)gentsize;
4563
4564 if (gentsize == sizeof (Word))
4565 /* LINTED */
4566 gotentry = (Xword)(*((Word *)(gotdata) + gotndx));
4567 else
4568 /* LINTED */
4569 gotentry = *((Xword *)(gotdata) + gotndx);
4570
4571 Elf_got_entry(0, gindex, gaddr, gotentry, ehdr->e_machine,
4572 ehdr->e_ident[EI_DATA], sys_encoding,
4573 gip->g_reltype, gip->g_rel, gip->g_symname);
4574 }
4575 free(gottable);
4576 }
4577
4578 void
checksum(Elf * elf)4579 checksum(Elf *elf)
4580 {
4581 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
4582 dbg_print(0, MSG_INTL(MSG_STR_CHECKSUM), elf_checksum(elf));
4583 }
4584
4585 /*
4586 * This variable is used by regular() to communicate the address of
4587 * the section header cache to sort_shdr_ndx_arr(). Unfortunately,
4588 * the qsort() interface does not include a userdata argument by which
4589 * such arbitrary data can be passed, so we are stuck using global data.
4590 */
4591 static Cache *sort_shdr_ndx_arr_cache;
4592
4593
4594 /*
4595 * Used with qsort() to sort the section indices so that they can be
4596 * used to access the section headers in order of increasing data offset.
4597 *
4598 * entry:
4599 * sort_shdr_ndx_arr_cache - Contains address of
4600 * section header cache.
4601 * v1, v2 - Point at elements of sort_shdr_bits array to be compared.
4602 *
4603 * exit:
4604 * Returns -1 (less than), 0 (equal) or 1 (greater than).
4605 */
4606 static int
sort_shdr_ndx_arr(const void * v1,const void * v2)4607 sort_shdr_ndx_arr(const void *v1, const void *v2)
4608 {
4609 Cache *cache1 = sort_shdr_ndx_arr_cache + *((size_t *)v1);
4610 Cache *cache2 = sort_shdr_ndx_arr_cache + *((size_t *)v2);
4611
4612 if (cache1->c_shdr->sh_offset < cache2->c_shdr->sh_offset)
4613 return (-1);
4614
4615 if (cache1->c_shdr->sh_offset > cache2->c_shdr->sh_offset)
4616 return (1);
4617
4618 return (0);
4619 }
4620
4621
4622 static int
shdr_cache(const char * file,Elf * elf,Ehdr * ehdr,size_t shstrndx,size_t shnum,Cache ** cache_ret,Word flags)4623 shdr_cache(const char *file, Elf *elf, Ehdr *ehdr, size_t shstrndx,
4624 size_t shnum, Cache **cache_ret, Word flags)
4625 {
4626 Elf_Scn *scn;
4627 Elf_Data *data;
4628 size_t ndx;
4629 Shdr *nameshdr = NULL;
4630 char *names = NULL;
4631 Cache *cache, *_cache;
4632 size_t *shdr_ndx_arr, shdr_ndx_arr_cnt;
4633
4634
4635 /*
4636 * Obtain the .shstrtab data buffer to provide the required section
4637 * name strings.
4638 */
4639 if (shstrndx == SHN_UNDEF) {
4640 /*
4641 * It is rare, but legal, for an object to lack a
4642 * header string table section.
4643 */
4644 names = NULL;
4645 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHSTRSEC), file);
4646 } else if ((scn = elf_getscn(elf, shstrndx)) == NULL) {
4647 failure(file, MSG_ORIG(MSG_ELF_GETSCN));
4648 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SHDR),
4649 EC_XWORD(shstrndx));
4650
4651 } else if ((data = elf_getdata(scn, NULL)) == NULL) {
4652 failure(file, MSG_ORIG(MSG_ELF_GETDATA));
4653 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_DATA),
4654 EC_XWORD(shstrndx));
4655
4656 } else if ((nameshdr = elf_getshdr(scn)) == NULL) {
4657 failure(file, MSG_ORIG(MSG_ELF_GETSHDR));
4658 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN),
4659 EC_WORD(elf_ndxscn(scn)));
4660
4661 } else if ((names = data->d_buf) == NULL)
4662 (void) fprintf(stderr, MSG_INTL(MSG_ERR_SHSTRNULL), file);
4663
4664 /*
4665 * Allocate a cache to maintain a descriptor for each section.
4666 */
4667 if ((*cache_ret = cache = malloc(shnum * sizeof (Cache))) == NULL) {
4668 int err = errno;
4669 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC),
4670 file, strerror(err));
4671 return (0);
4672 }
4673
4674 *cache = cache_init;
4675 _cache = cache;
4676 _cache++;
4677
4678 /*
4679 * Allocate an array that will hold the section index for
4680 * each section that has data in the ELF file:
4681 *
4682 * - Is not a NOBITS section
4683 * - Data has non-zero length
4684 *
4685 * Note that shnum is an upper bound on the size required. It
4686 * is likely that we won't use a few of these array elements.
4687 * Allocating a modest amount of extra memory in this case means
4688 * that we can avoid an extra loop to count the number of needed
4689 * items, and can fill this array immediately in the first loop
4690 * below.
4691 */
4692 if ((shdr_ndx_arr = malloc(shnum * sizeof (*shdr_ndx_arr))) == NULL) {
4693 int err = errno;
4694 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC),
4695 file, strerror(err));
4696 return (0);
4697 }
4698 shdr_ndx_arr_cnt = 0;
4699
4700 /*
4701 * Traverse the sections of the file. This gathering of data is
4702 * carried out in two passes. First, the section headers are captured
4703 * and the section header names are evaluated. A verification pass is
4704 * then carried out over the section information. Files have been
4705 * known to exhibit overlapping (and hence erroneous) section header
4706 * information.
4707 *
4708 * Finally, the data for each section is obtained. This processing is
4709 * carried out after section verification because should any section
4710 * header overlap occur, and a file needs translating (ie. xlate'ing
4711 * information from a non-native architecture file), then the process
4712 * of translation can corrupt the section header information. Of
4713 * course, if there is any section overlap, the data related to the
4714 * sections is going to be compromised. However, it is the translation
4715 * of this data that has caused problems with elfdump()'s ability to
4716 * extract the data.
4717 */
4718 for (ndx = 1, scn = NULL; (scn = elf_nextscn(elf, scn)) != NULL;
4719 ndx++, _cache++) {
4720 char scnndxnm[100];
4721
4722 _cache->c_ndx = ndx;
4723 _cache->c_scn = scn;
4724
4725 if ((_cache->c_shdr = elf_getshdr(scn)) == NULL) {
4726 failure(file, MSG_ORIG(MSG_ELF_GETSHDR));
4727 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN),
4728 EC_WORD(elf_ndxscn(scn)));
4729 }
4730
4731 /*
4732 * If this section has data in the file, include it in
4733 * the array of sections to check for address overlap.
4734 */
4735 if (_cache->c_shdr != NULL &&
4736 (_cache->c_shdr->sh_size != 0) &&
4737 (_cache->c_shdr->sh_type != SHT_NOBITS))
4738 shdr_ndx_arr[shdr_ndx_arr_cnt++] = ndx;
4739
4740 /*
4741 * If a shstrtab exists, assign the section name.
4742 */
4743 if (names && _cache->c_shdr) {
4744 if (_cache->c_shdr->sh_name != 0 &&
4745 (nameshdr != NULL &&
4746 nameshdr->sh_size > _cache->c_shdr->sh_name)) {
4747 const char *symname;
4748 char *secname;
4749
4750 secname = names + _cache->c_shdr->sh_name;
4751
4752 /*
4753 * A SUN naming convention employs a "%" within
4754 * a section name to indicate a section/symbol
4755 * name. This originated from the compilers
4756 * -xF option, that places functions into their
4757 * own sections. This convention (which has no
4758 * formal standard) has also been followed for
4759 * COMDAT sections. To demangle the symbol
4760 * name, the name must be separated from the
4761 * section name.
4762 */
4763 if (((flags & FLG_CTL_DEMANGLE) == 0) ||
4764 ((symname = strchr(secname, '%')) == NULL))
4765 _cache->c_name = secname;
4766 else {
4767 size_t secsz = ++symname - secname;
4768 size_t strsz;
4769
4770 symname = demangle(symname, flags);
4771 strsz = secsz + strlen(symname) + 1;
4772
4773 if ((_cache->c_name =
4774 malloc(strsz)) == NULL) {
4775 int err = errno;
4776 (void) fprintf(stderr,
4777 MSG_INTL(MSG_ERR_MALLOC),
4778 file, strerror(err));
4779 free(shdr_ndx_arr);
4780 return (0);
4781 }
4782 (void) snprintf(_cache->c_name, strsz,
4783 MSG_ORIG(MSG_FMT_SECSYM),
4784 EC_WORD(secsz), secname, symname);
4785 }
4786
4787 continue;
4788 }
4789
4790 /*
4791 * Generate an error if the section name index is zero
4792 * or exceeds the shstrtab data. Fall through to
4793 * fabricate a section name.
4794 */
4795 if ((_cache->c_shdr->sh_name == 0) ||
4796 /* LINTED */
4797 (nameshdr->sh_size <= _cache->c_shdr->sh_name)) {
4798 (void) fprintf(stderr,
4799 MSG_INTL(MSG_ERR_BADSHNAME), file,
4800 EC_WORD(ndx),
4801 EC_XWORD(_cache->c_shdr->sh_name));
4802 }
4803 }
4804
4805 /*
4806 * If there exists no shstrtab data, or a section header has no
4807 * name (an invalid index of 0), then compose a name for the
4808 * section.
4809 */
4810 (void) snprintf(scnndxnm, sizeof (scnndxnm),
4811 MSG_INTL(MSG_FMT_SCNNDX), ndx);
4812
4813 if ((_cache->c_name = malloc(strlen(scnndxnm) + 1)) == NULL) {
4814 int err = errno;
4815 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC),
4816 file, strerror(err));
4817 free(shdr_ndx_arr);
4818 return (0);
4819 }
4820 (void) strcpy(_cache->c_name, scnndxnm);
4821 }
4822
4823 /*
4824 * Having collected all the sections, validate their address range.
4825 * Cases have existed where the section information has been invalid.
4826 * This can lead to all sorts of other, hard to diagnose errors, as
4827 * each section is processed individually (ie. with elf_getdata()).
4828 * Here, we carry out some address comparisons to catch a family of
4829 * overlapping memory issues we have observed (likely, there are others
4830 * that we have yet to discover).
4831 *
4832 * Note, should any memory overlap occur, obtaining any additional
4833 * data from the file is questionable. However, it might still be
4834 * possible to inspect the ELF header, Programs headers, or individual
4835 * sections, so rather than bailing on an error condition, continue
4836 * processing to see if any data can be salvaged.
4837 */
4838 if (shdr_ndx_arr_cnt > 1) {
4839 sort_shdr_ndx_arr_cache = cache;
4840 qsort(shdr_ndx_arr, shdr_ndx_arr_cnt,
4841 sizeof (*shdr_ndx_arr), sort_shdr_ndx_arr);
4842 }
4843 for (ndx = 0; ndx < shdr_ndx_arr_cnt; ndx++) {
4844 Cache *_cache = cache + shdr_ndx_arr[ndx];
4845 Shdr *shdr = _cache->c_shdr;
4846 Off bgn1, bgn = shdr->sh_offset;
4847 Off end1, end = shdr->sh_offset + shdr->sh_size;
4848 size_t ndx1;
4849
4850 /*
4851 * Check the section against all following ones, reporting
4852 * any overlaps. Since we've sorted the sections by offset,
4853 * we can stop after the first comparison that fails. There
4854 * are no overlaps in a properly formed ELF file, in which
4855 * case this algorithm runs in O(n) time. This will degenerate
4856 * to O(n^2) for a completely broken file. Such a file is
4857 * (1) highly unlikely, and (2) unusable, so it is reasonable
4858 * for the analysis to take longer.
4859 */
4860 for (ndx1 = ndx + 1; ndx1 < shdr_ndx_arr_cnt; ndx1++) {
4861 Cache *_cache1 = cache + shdr_ndx_arr[ndx1];
4862 Shdr *shdr1 = _cache1->c_shdr;
4863
4864 bgn1 = shdr1->sh_offset;
4865 end1 = shdr1->sh_offset + shdr1->sh_size;
4866
4867 if (((bgn1 <= bgn) && (end1 > bgn)) ||
4868 ((bgn1 < end) && (end1 >= end))) {
4869 (void) fprintf(stderr,
4870 MSG_INTL(MSG_ERR_SECMEMOVER), file,
4871 EC_WORD(elf_ndxscn(_cache->c_scn)),
4872 _cache->c_name, EC_OFF(bgn), EC_OFF(end),
4873 EC_WORD(elf_ndxscn(_cache1->c_scn)),
4874 _cache1->c_name, EC_OFF(bgn1),
4875 EC_OFF(end1));
4876 } else { /* No overlap, so can stop */
4877 break;
4878 }
4879 }
4880
4881 /*
4882 * In addition to checking for sections overlapping
4883 * each other (done above), we should also make sure
4884 * the section doesn't overlap the section header array.
4885 */
4886 bgn1 = ehdr->e_shoff;
4887 end1 = ehdr->e_shoff + (ehdr->e_shentsize * ehdr->e_shnum);
4888
4889 if (((bgn1 <= bgn) && (end1 > bgn)) ||
4890 ((bgn1 < end) && (end1 >= end))) {
4891 (void) fprintf(stderr,
4892 MSG_INTL(MSG_ERR_SHDRMEMOVER), file, EC_OFF(bgn1),
4893 EC_OFF(end1),
4894 EC_WORD(elf_ndxscn(_cache->c_scn)),
4895 _cache->c_name, EC_OFF(bgn), EC_OFF(end));
4896 }
4897 }
4898
4899 /*
4900 * Obtain the data for each section.
4901 */
4902 for (ndx = 1; ndx < shnum; ndx++) {
4903 Cache *_cache = &cache[ndx];
4904 Elf_Scn *scn = _cache->c_scn;
4905
4906 if ((_cache->c_data = elf_getdata(scn, NULL)) == NULL) {
4907 failure(file, MSG_ORIG(MSG_ELF_GETDATA));
4908 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCNDATA),
4909 EC_WORD(elf_ndxscn(scn)));
4910 }
4911
4912 /*
4913 * If a string table, verify that it has NULL first and
4914 * final bytes.
4915 */
4916 if ((_cache->c_shdr->sh_type == SHT_STRTAB) &&
4917 (_cache->c_data != NULL) &&
4918 (_cache->c_data->d_buf != NULL) &&
4919 (_cache->c_data->d_size > 0)) {
4920 const char *s = _cache->c_data->d_buf;
4921
4922 if ((*s != '\0') ||
4923 (*(s + _cache->c_data->d_size - 1) != '\0'))
4924 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALSTR),
4925 file, _cache->c_name);
4926 }
4927 }
4928
4929 free(shdr_ndx_arr);
4930 return (1);
4931 }
4932
4933
4934
4935 /*
4936 * Generate a cache of section headers and related information
4937 * for use by the rest of elfdump. If requested (or the file
4938 * contains no section headers), we generate a fake set of
4939 * headers from the information accessible from the program headers.
4940 * Otherwise, we use the real section headers contained in the file.
4941 */
4942 static int
create_cache(const char * file,int fd,Elf * elf,Ehdr * ehdr,Cache ** cache,size_t shstrndx,size_t * shnum,uint_t * flags)4943 create_cache(const char *file, int fd, Elf *elf, Ehdr *ehdr, Cache **cache,
4944 size_t shstrndx, size_t *shnum, uint_t *flags)
4945 {
4946 /*
4947 * If there are no section headers, then resort to synthesizing
4948 * section headers from the program headers. This is normally
4949 * only done by explicit request, but in this case there's no
4950 * reason not to go ahead, since the alternative is simply to quit.
4951 */
4952 if ((*shnum <= 1) && ((*flags & FLG_CTL_FAKESHDR) == 0)) {
4953 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHDR), file);
4954 *flags |= FLG_CTL_FAKESHDR;
4955 }
4956
4957 if (*flags & FLG_CTL_FAKESHDR) {
4958 if (fake_shdr_cache(file, fd, elf, ehdr, cache, shnum) == 0)
4959 return (0);
4960 } else {
4961 if (shdr_cache(file, elf, ehdr, shstrndx, *shnum,
4962 cache, *flags) == 0)
4963 return (0);
4964 }
4965
4966 return (1);
4967 }
4968
4969 int
regular(const char * file,int fd,Elf * elf,uint_t flags,const char * wname,int wfd,uchar_t osabi)4970 regular(const char *file, int fd, Elf *elf, uint_t flags,
4971 const char *wname, int wfd, uchar_t osabi)
4972 {
4973 enum { CACHE_NEEDED, CACHE_OK, CACHE_FAIL} cache_state = CACHE_NEEDED;
4974 Elf_Scn *scn;
4975 Ehdr *ehdr;
4976 size_t ndx, shstrndx, shnum, phnum;
4977 Shdr *shdr;
4978 Cache *cache;
4979 VERSYM_STATE versym = { 0 };
4980 int ret = 0;
4981 int addr_align;
4982
4983 if ((ehdr = elf_getehdr(elf)) == NULL) {
4984 failure(file, MSG_ORIG(MSG_ELF_GETEHDR));
4985 return (ret);
4986 }
4987
4988 if (elf_getshdrnum(elf, &shnum) == -1) {
4989 failure(file, MSG_ORIG(MSG_ELF_GETSHDRNUM));
4990 return (ret);
4991 }
4992
4993 if (elf_getshdrstrndx(elf, &shstrndx) == -1) {
4994 failure(file, MSG_ORIG(MSG_ELF_GETSHDRSTRNDX));
4995 return (ret);
4996 }
4997
4998 if (elf_getphdrnum(elf, &phnum) == -1) {
4999 failure(file, MSG_ORIG(MSG_ELF_GETPHDRNUM));
5000 return (ret);
5001 }
5002 /*
5003 * If the user requested section headers derived from the
5004 * program headers (-P option) and this file doesn't have
5005 * any program headers (i.e. ET_REL), then we can't do it.
5006 */
5007 if ((phnum == 0) && (flags & FLG_CTL_FAKESHDR)) {
5008 (void) fprintf(stderr, MSG_INTL(MSG_ERR_PNEEDSPH), file);
5009 return (ret);
5010 }
5011
5012
5013 if ((scn = elf_getscn(elf, 0)) != NULL) {
5014 if ((shdr = elf_getshdr(scn)) == NULL) {
5015 failure(file, MSG_ORIG(MSG_ELF_GETSHDR));
5016 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 0);
5017 return (ret);
5018 }
5019 } else
5020 shdr = NULL;
5021
5022 /*
5023 * Print the elf header.
5024 */
5025 if (flags & FLG_SHOW_EHDR)
5026 Elf_ehdr(0, ehdr, shdr);
5027
5028 /*
5029 * If the section headers or program headers have inadequate
5030 * alignment for the class of object, print a warning. libelf
5031 * can handle such files, but programs that use them can crash
5032 * when they dereference unaligned items.
5033 *
5034 * Note that the AMD64 ABI, although it is a 64-bit architecture,
5035 * allows access to data types smaller than 128-bits to be on
5036 * word alignment.
5037 */
5038 if (ehdr->e_machine == EM_AMD64)
5039 addr_align = sizeof (Word);
5040 else
5041 addr_align = sizeof (Addr);
5042
5043 if (ehdr->e_phoff & (addr_align - 1))
5044 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADPHDRALIGN), file);
5045 if (ehdr->e_shoff & (addr_align - 1))
5046 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHDRALIGN), file);
5047
5048
5049 /*
5050 * Determine the Operating System ABI (osabi) we will use to
5051 * interpret the object.
5052 */
5053 if (flags & FLG_CTL_OSABI) {
5054 /*
5055 * If the user explicitly specifies '-O none', we need
5056 * to display a completely generic view of the file.
5057 * However, libconv is written to assume that ELFOSABI_NONE
5058 * is equivalent to ELFOSABI_SOLARIS. To get the desired
5059 * effect, we use an osabi that libconv has no knowledge of.
5060 */
5061 if (osabi == ELFOSABI_NONE)
5062 osabi = ELFOSABI_UNKNOWN4;
5063 } else {
5064 /* Determine osabi from file */
5065 osabi = ehdr->e_ident[EI_OSABI];
5066 if (osabi == ELFOSABI_NONE) {
5067 /*
5068 * Chicken/Egg scenario:
5069 *
5070 * Ideally, we wait to create the section header cache
5071 * until after the program headers are printed. If we
5072 * only output program headers, we can skip building
5073 * the cache entirely.
5074 *
5075 * Proper interpretation of program headers requires
5076 * the osabi, which is supposed to be in the ELF header.
5077 * However, many systems (Solaris and Linux included)
5078 * have a history of setting the osabi to the generic
5079 * SysV ABI (ELFOSABI_NONE). We assume ELFOSABI_SOLARIS
5080 * in such cases, but would like to check the object
5081 * to see if it has a Linux .note.ABI-tag section,
5082 * which implies ELFOSABI_LINUX. This requires a
5083 * section header cache.
5084 *
5085 * To break the cycle, we create section headers now
5086 * if osabi is ELFOSABI_NONE, and later otherwise.
5087 * If it succeeds, we use them, if not, we defer
5088 * exiting until after the program headers are out.
5089 */
5090 if (create_cache(file, fd, elf, ehdr, &cache,
5091 shstrndx, &shnum, &flags) == 0) {
5092 cache_state = CACHE_FAIL;
5093 } else {
5094 cache_state = CACHE_OK;
5095 if (has_linux_abi_note(cache, shnum, file)) {
5096 Conv_inv_buf_t ibuf1, ibuf2;
5097
5098 (void) fprintf(stderr,
5099 MSG_INTL(MSG_INFO_LINUXOSABI), file,
5100 conv_ehdr_osabi(osabi, 0, &ibuf1),
5101 conv_ehdr_osabi(ELFOSABI_LINUX,
5102 0, &ibuf2));
5103 osabi = ELFOSABI_LINUX;
5104 }
5105 }
5106 }
5107 /*
5108 * We treat ELFOSABI_NONE identically to ELFOSABI_SOLARIS.
5109 * Mapping NONE to SOLARIS simplifies the required test.
5110 */
5111 if (osabi == ELFOSABI_NONE)
5112 osabi = ELFOSABI_SOLARIS;
5113 }
5114
5115 /*
5116 * Print the program headers.
5117 */
5118 if ((flags & FLG_SHOW_PHDR) && (phnum != 0)) {
5119 Phdr *phdr;
5120
5121 if ((phdr = elf_getphdr(elf)) == NULL) {
5122 failure(file, MSG_ORIG(MSG_ELF_GETPHDR));
5123 return (ret);
5124 }
5125
5126 for (ndx = 0; ndx < phnum; phdr++, ndx++) {
5127 if (!match(MATCH_F_PHDR| MATCH_F_NDX | MATCH_F_TYPE,
5128 NULL, ndx, phdr->p_type))
5129 continue;
5130
5131 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY));
5132 dbg_print(0, MSG_INTL(MSG_ELF_PHDR), EC_WORD(ndx));
5133
5134 Elf_phdr(0, osabi, ehdr->e_machine, phdr);
5135 }
5136 }
5137
5138 /*
5139 * If we have flag bits set that explicitly require a show or calc
5140 * operation, but none of them require the section headers, then
5141 * we are done and can return now.
5142 */
5143 if (((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) != 0) &&
5144 ((flags & (FLG_MASK_SHOW_SHDR | FLG_MASK_CALC_SHDR)) == 0))
5145 return (ret);
5146
5147 /*
5148 * Everything from this point on requires section headers.
5149 * If we have no section headers, there is no reason to continue.
5150 *
5151 * If we tried above to create the section header cache and failed,
5152 * it is time to exit. Otherwise, create it if needed.
5153 */
5154 switch (cache_state) {
5155 case CACHE_NEEDED:
5156 if (create_cache(file, fd, elf, ehdr, &cache, shstrndx,
5157 &shnum, &flags) == 0)
5158 return (ret);
5159 break;
5160 case CACHE_OK:
5161 break;
5162 case CACHE_FAIL:
5163 return (ret);
5164 }
5165 if (shnum <= 1)
5166 goto done;
5167
5168 /*
5169 * If -w was specified, find and write out the section(s) data.
5170 */
5171 if (wfd) {
5172 for (ndx = 1; ndx < shnum; ndx++) {
5173 Cache *_cache = &cache[ndx];
5174
5175 if (match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name,
5176 ndx, _cache->c_shdr->sh_type) &&
5177 _cache->c_data && _cache->c_data->d_buf) {
5178 if (write(wfd, _cache->c_data->d_buf,
5179 _cache->c_data->d_size) !=
5180 _cache->c_data->d_size) {
5181 int err = errno;
5182 (void) fprintf(stderr,
5183 MSG_INTL(MSG_ERR_WRITE), wname,
5184 strerror(err));
5185 /*
5186 * Return an exit status of 1, because
5187 * the failure is not related to the
5188 * ELF file, but by system resources.
5189 */
5190 ret = 1;
5191 goto done;
5192 }
5193 }
5194 }
5195 }
5196
5197 /*
5198 * If we have no flag bits set that explicitly require a show or calc
5199 * operation, but match options (-I, -N, -T) were used, then run
5200 * through the section headers and see if we can't deduce show flags
5201 * from the match options given.
5202 *
5203 * We don't do this if -w was specified, because (-I, -N, -T) used
5204 * with -w in lieu of some other option is supposed to be quiet.
5205 */
5206 if ((wfd == 0) && (flags & FLG_CTL_MATCH) &&
5207 ((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) == 0)) {
5208 for (ndx = 1; ndx < shnum; ndx++) {
5209 Cache *_cache = &cache[ndx];
5210
5211 if (!match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name,
5212 ndx, _cache->c_shdr->sh_type))
5213 continue;
5214
5215 switch (_cache->c_shdr->sh_type) {
5216 case SHT_PROGBITS:
5217 /*
5218 * Heuristic time: It is usually bad form
5219 * to assume the meaning/format of a PROGBITS
5220 * section based on its name. However, there
5221 * are ABI mandated exceptions. Check for
5222 * these special names.
5223 */
5224
5225 /* The ELF ABI specifies .interp and .got */
5226 if (strcmp(_cache->c_name,
5227 MSG_ORIG(MSG_ELF_INTERP)) == 0) {
5228 flags |= FLG_SHOW_INTERP;
5229 break;
5230 }
5231 if (strcmp(_cache->c_name,
5232 MSG_ORIG(MSG_ELF_GOT)) == 0) {
5233 flags |= FLG_SHOW_GOT;
5234 break;
5235 }
5236 /*
5237 * The GNU compilers, and amd64 ABI, define
5238 * .eh_frame and .eh_frame_hdr. The Sun
5239 * C++ ABI defines .exception_ranges.
5240 */
5241 if ((strncmp(_cache->c_name,
5242 MSG_ORIG(MSG_SCN_FRM),
5243 MSG_SCN_FRM_SIZE) == 0) ||
5244 (strncmp(_cache->c_name,
5245 MSG_ORIG(MSG_SCN_EXRANGE),
5246 MSG_SCN_EXRANGE_SIZE) == 0)) {
5247 flags |= FLG_SHOW_UNWIND;
5248 break;
5249 }
5250 break;
5251
5252 case SHT_SYMTAB:
5253 case SHT_DYNSYM:
5254 case SHT_SUNW_LDYNSYM:
5255 case SHT_SUNW_versym:
5256 case SHT_SYMTAB_SHNDX:
5257 flags |= FLG_SHOW_SYMBOLS;
5258 break;
5259
5260 case SHT_RELA:
5261 case SHT_REL:
5262 flags |= FLG_SHOW_RELOC;
5263 break;
5264
5265 case SHT_HASH:
5266 flags |= FLG_SHOW_HASH;
5267 break;
5268
5269 case SHT_DYNAMIC:
5270 flags |= FLG_SHOW_DYNAMIC;
5271 break;
5272
5273 case SHT_NOTE:
5274 flags |= FLG_SHOW_NOTE;
5275 break;
5276
5277 case SHT_GROUP:
5278 flags |= FLG_SHOW_GROUP;
5279 break;
5280
5281 case SHT_SUNW_symsort:
5282 case SHT_SUNW_tlssort:
5283 flags |= FLG_SHOW_SORT;
5284 break;
5285
5286 case SHT_SUNW_cap:
5287 flags |= FLG_SHOW_CAP;
5288 break;
5289
5290 case SHT_SUNW_move:
5291 flags |= FLG_SHOW_MOVE;
5292 break;
5293
5294 case SHT_SUNW_syminfo:
5295 flags |= FLG_SHOW_SYMINFO;
5296 break;
5297
5298 case SHT_SUNW_verdef:
5299 case SHT_SUNW_verneed:
5300 flags |= FLG_SHOW_VERSIONS;
5301 break;
5302
5303 case SHT_AMD64_UNWIND:
5304 flags |= FLG_SHOW_UNWIND;
5305 break;
5306 }
5307 }
5308 }
5309
5310
5311 if (flags & FLG_SHOW_SHDR)
5312 sections(file, cache, shnum, ehdr, osabi);
5313
5314 if (flags & FLG_SHOW_INTERP)
5315 interp(file, cache, shnum, phnum, elf, ehdr);
5316
5317 if ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX))
5318 versions(cache, shnum, file, flags, &versym);
5319
5320 if (flags & FLG_SHOW_SYMBOLS)
5321 symbols(cache, shnum, ehdr, osabi, &versym, file, flags);
5322
5323 if ((flags & FLG_SHOW_SORT) && (osabi == ELFOSABI_SOLARIS))
5324 sunw_sort(cache, shnum, ehdr, osabi, &versym, file, flags);
5325
5326 if (flags & FLG_SHOW_HASH)
5327 hash(cache, shnum, file, flags);
5328
5329 if (flags & FLG_SHOW_GOT)
5330 got(cache, shnum, ehdr, file);
5331
5332 if (flags & FLG_SHOW_GROUP)
5333 group(cache, shnum, file, flags);
5334
5335 if (flags & FLG_SHOW_SYMINFO)
5336 syminfo(cache, shnum, ehdr, osabi, file);
5337
5338 if (flags & FLG_SHOW_RELOC)
5339 reloc(cache, shnum, ehdr, file);
5340
5341 if (flags & FLG_SHOW_DYNAMIC)
5342 dynamic(cache, shnum, ehdr, osabi, file, phnum, elf);
5343
5344 if (flags & FLG_SHOW_NOTE) {
5345 Word note_cnt;
5346 size_t note_shnum;
5347 Cache *note_cache;
5348
5349 note_cnt = note(cache, shnum, ehdr, file);
5350
5351 /*
5352 * Solaris core files have section headers, but these
5353 * headers do not include SHT_NOTE sections that reference
5354 * the core note sections. This means that note() won't
5355 * find the core notes. Fake section headers (-P option)
5356 * recover these sections, but it is inconvenient to require
5357 * users to specify -P in this situation. If the following
5358 * are all true:
5359 *
5360 * - No note sections were found
5361 * - This is a core file
5362 * - We are not already using fake section headers
5363 *
5364 * then we will automatically generate fake section headers
5365 * and then process them in a second call to note().
5366 */
5367 if ((note_cnt == 0) && (ehdr->e_type == ET_CORE) &&
5368 !(flags & FLG_CTL_FAKESHDR) &&
5369 (fake_shdr_cache(file, fd, elf, ehdr,
5370 ¬e_cache, ¬e_shnum) != 0)) {
5371 (void) note(note_cache, note_shnum, ehdr, file);
5372 fake_shdr_cache_free(note_cache, note_shnum);
5373 }
5374 }
5375
5376 if ((flags & FLG_SHOW_MOVE) && (osabi == ELFOSABI_SOLARIS))
5377 move(cache, shnum, file, flags);
5378
5379 if (flags & FLG_CALC_CHECKSUM)
5380 checksum(elf);
5381
5382 if ((flags & FLG_SHOW_CAP) && (osabi == ELFOSABI_SOLARIS))
5383 cap(file, cache, shnum, phnum, ehdr, osabi, elf, flags);
5384
5385 if ((flags & FLG_SHOW_UNWIND) &&
5386 ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX)))
5387 unwind(cache, shnum, phnum, ehdr, osabi, file, elf, flags);
5388
5389
5390 /* Release the memory used to cache section headers */
5391 done:
5392 if (flags & FLG_CTL_FAKESHDR)
5393 fake_shdr_cache_free(cache, shnum);
5394 else
5395 free(cache);
5396
5397 return (ret);
5398 }
5399