1 /* $NetBSD: ppc_reloc.c,v 1.10 2001/09/10 06:09:41 mycroft Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-2-Clause-NetBSD 5 * 6 * Copyright (C) 1998 Tsubai Masanari 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * $FreeBSD$ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/mman.h> 36 37 #include <errno.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 #include <machine/cpu.h> 43 #include <machine/atomic.h> 44 #include <machine/md_var.h> 45 46 #include "debug.h" 47 #include "rtld.h" 48 49 #define _ppc_ha(x) ((((u_int32_t)(x) & 0x8000) ? \ 50 ((u_int32_t)(x) + 0x10000) : (u_int32_t)(x)) >> 16) 51 #define _ppc_la(x) ((u_int32_t)(x) & 0xffff) 52 53 #define min(a,b) (((a) < (b)) ? (a) : (b)) 54 #define max(a,b) (((a) > (b)) ? (a) : (b)) 55 56 #define PLT_EXTENDED_BEGIN (1 << 13) 57 #define JMPTAB_BASE(N) (18 + N*2 + ((N > PLT_EXTENDED_BEGIN) ? \ 58 (N - PLT_EXTENDED_BEGIN)*2 : 0)) 59 60 /* 61 * Process the R_PPC_COPY relocations 62 */ 63 int 64 do_copy_relocations(Obj_Entry *dstobj) 65 { 66 const Elf_Rela *relalim; 67 const Elf_Rela *rela; 68 69 /* 70 * COPY relocs are invalid outside of the main program 71 */ 72 assert(dstobj->mainprog); 73 74 relalim = (const Elf_Rela *)((const char *) dstobj->rela + 75 dstobj->relasize); 76 for (rela = dstobj->rela; rela < relalim; rela++) { 77 void *dstaddr; 78 const Elf_Sym *dstsym; 79 const char *name; 80 size_t size; 81 const void *srcaddr; 82 const Elf_Sym *srcsym = NULL; 83 const Obj_Entry *srcobj, *defobj; 84 SymLook req; 85 int res; 86 87 if (ELF_R_TYPE(rela->r_info) != R_PPC_COPY) { 88 continue; 89 } 90 91 dstaddr = (void *)(dstobj->relocbase + rela->r_offset); 92 dstsym = dstobj->symtab + ELF_R_SYM(rela->r_info); 93 name = dstobj->strtab + dstsym->st_name; 94 size = dstsym->st_size; 95 symlook_init(&req, name); 96 req.ventry = fetch_ventry(dstobj, ELF_R_SYM(rela->r_info)); 97 req.flags = SYMLOOK_EARLY; 98 99 for (srcobj = globallist_next(dstobj); srcobj != NULL; 100 srcobj = globallist_next(srcobj)) { 101 res = symlook_obj(&req, srcobj); 102 if (res == 0) { 103 srcsym = req.sym_out; 104 defobj = req.defobj_out; 105 break; 106 } 107 } 108 109 if (srcobj == NULL) { 110 _rtld_error("Undefined symbol \"%s\" " 111 " referenced from COPY" 112 " relocation in %s", name, dstobj->path); 113 return (-1); 114 } 115 116 srcaddr = (const void *)(defobj->relocbase+srcsym->st_value); 117 memcpy(dstaddr, srcaddr, size); 118 dbg("copy_reloc: src=%p,dst=%p,size=%d\n",srcaddr,dstaddr,size); 119 } 120 121 return (0); 122 } 123 124 125 /* 126 * Perform early relocation of the run-time linker image 127 */ 128 void 129 reloc_non_plt_self(Elf_Dyn *dynp, Elf_Addr relocbase) 130 { 131 const Elf_Rela *rela = NULL, *relalim; 132 Elf_Addr relasz = 0; 133 Elf_Addr *where; 134 135 /* 136 * Extract the rela/relasz values from the dynamic section 137 */ 138 for (; dynp->d_tag != DT_NULL; dynp++) { 139 switch (dynp->d_tag) { 140 case DT_RELA: 141 rela = (const Elf_Rela *)(relocbase+dynp->d_un.d_ptr); 142 break; 143 case DT_RELASZ: 144 relasz = dynp->d_un.d_val; 145 break; 146 } 147 } 148 149 /* 150 * Relocate these values 151 */ 152 relalim = (const Elf_Rela *)((const char *)rela + relasz); 153 for (; rela < relalim; rela++) { 154 where = (Elf_Addr *)(relocbase + rela->r_offset); 155 *where = (Elf_Addr)(relocbase + rela->r_addend); 156 } 157 } 158 159 160 /* 161 * Relocate a non-PLT object with addend. 162 */ 163 static int 164 reloc_nonplt_object(Obj_Entry *obj_rtld __unused, Obj_Entry *obj, 165 const Elf_Rela *rela, SymCache *cache, int flags, RtldLockState *lockstate) 166 { 167 Elf_Addr *where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 168 const Elf_Sym *def; 169 const Obj_Entry *defobj; 170 Elf_Addr tmp; 171 172 switch (ELF_R_TYPE(rela->r_info)) { 173 174 case R_PPC_NONE: 175 break; 176 177 case R_PPC_ADDR32: /* word32 S + A */ 178 case R_PPC_GLOB_DAT: /* word32 S + A */ 179 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 180 flags, cache, lockstate); 181 if (def == NULL) { 182 return (-1); 183 } 184 185 tmp = (Elf_Addr)(defobj->relocbase + def->st_value + 186 rela->r_addend); 187 188 /* Don't issue write if unnecessary; avoid COW page fault */ 189 if (*where != tmp) { 190 *where = tmp; 191 } 192 break; 193 194 case R_PPC_RELATIVE: /* word32 B + A */ 195 tmp = (Elf_Addr)(obj->relocbase + rela->r_addend); 196 197 /* As above, don't issue write unnecessarily */ 198 if (*where != tmp) { 199 *where = tmp; 200 } 201 break; 202 203 case R_PPC_COPY: 204 /* 205 * These are deferred until all other relocations 206 * have been done. All we do here is make sure 207 * that the COPY relocation is not in a shared 208 * library. They are allowed only in executable 209 * files. 210 */ 211 if (!obj->mainprog) { 212 _rtld_error("%s: Unexpected R_COPY " 213 " relocation in shared library", 214 obj->path); 215 return (-1); 216 } 217 break; 218 219 case R_PPC_JMP_SLOT: 220 /* 221 * These will be handled by the plt/jmpslot routines 222 */ 223 break; 224 225 case R_PPC_DTPMOD32: 226 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 227 flags, cache, lockstate); 228 229 if (def == NULL) 230 return (-1); 231 232 *where = (Elf_Addr) defobj->tlsindex; 233 234 break; 235 236 case R_PPC_TPREL32: 237 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 238 flags, cache, lockstate); 239 240 if (def == NULL) 241 return (-1); 242 243 /* 244 * We lazily allocate offsets for static TLS as we 245 * see the first relocation that references the 246 * TLS block. This allows us to support (small 247 * amounts of) static TLS in dynamically loaded 248 * modules. If we run out of space, we generate an 249 * error. 250 */ 251 if (!defobj->tls_done) { 252 if (!allocate_tls_offset( 253 __DECONST(Obj_Entry *, defobj))) { 254 _rtld_error("%s: No space available for static " 255 "Thread Local Storage", obj->path); 256 return (-1); 257 } 258 } 259 260 *(Elf_Addr **)where = *where * sizeof(Elf_Addr) 261 + (Elf_Addr *)(def->st_value + rela->r_addend 262 + defobj->tlsoffset - TLS_TP_OFFSET - TLS_TCB_SIZE); 263 264 break; 265 266 case R_PPC_DTPREL32: 267 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 268 flags, cache, lockstate); 269 270 if (def == NULL) 271 return (-1); 272 273 *where += (Elf_Addr)(def->st_value + rela->r_addend 274 - TLS_DTV_OFFSET); 275 276 break; 277 278 default: 279 _rtld_error("%s: Unsupported relocation type %d" 280 " in non-PLT relocations\n", obj->path, 281 ELF_R_TYPE(rela->r_info)); 282 return (-1); 283 } 284 return (0); 285 } 286 287 288 /* 289 * Process non-PLT relocations 290 */ 291 int 292 reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, int flags, 293 RtldLockState *lockstate) 294 { 295 const Elf_Rela *relalim; 296 const Elf_Rela *rela; 297 SymCache *cache; 298 int r = -1; 299 300 if ((flags & SYMLOOK_IFUNC) != 0) 301 /* XXX not implemented */ 302 return (0); 303 304 /* 305 * The dynamic loader may be called from a thread, we have 306 * limited amounts of stack available so we cannot use alloca(). 307 */ 308 if (obj != obj_rtld) { 309 cache = calloc(obj->dynsymcount, sizeof(SymCache)); 310 /* No need to check for NULL here */ 311 } else 312 cache = NULL; 313 314 /* 315 * From the SVR4 PPC ABI: 316 * "The PowerPC family uses only the Elf32_Rela relocation 317 * entries with explicit addends." 318 */ 319 relalim = (const Elf_Rela *)((const char *)obj->rela + obj->relasize); 320 for (rela = obj->rela; rela < relalim; rela++) { 321 if (reloc_nonplt_object(obj_rtld, obj, rela, cache, flags, 322 lockstate) < 0) 323 goto done; 324 } 325 r = 0; 326 done: 327 if (cache != NULL) 328 free(cache); 329 330 /* Synchronize icache for text seg in case we made any changes */ 331 __syncicache(obj->mapbase, obj->textsize); 332 333 return (r); 334 } 335 336 /* 337 * Initialise a PLT slot to the resolving trampoline 338 */ 339 static int 340 reloc_plt_object(Obj_Entry *obj, const Elf_Rela *rela) 341 { 342 Elf_Word *where = (Elf_Word *)(obj->relocbase + rela->r_offset); 343 Elf_Addr *pltresolve, *pltlongresolve, *jmptab; 344 Elf_Addr distance; 345 int N = obj->pltrelasize / sizeof(Elf_Rela); 346 int reloff; 347 348 reloff = rela - obj->pltrela; 349 350 if (reloff < 0) 351 return (-1); 352 353 pltlongresolve = obj->pltgot + 5; 354 pltresolve = pltlongresolve + 5; 355 356 distance = (Elf_Addr)pltresolve - (Elf_Addr)(where + 1); 357 358 dbg(" reloc_plt_object: where=%p,pltres=%p,reloff=%x,distance=%x", 359 (void *)where, (void *)pltresolve, reloff, distance); 360 361 if (reloff < PLT_EXTENDED_BEGIN) { 362 /* li r11,reloff */ 363 /* b pltresolve */ 364 where[0] = 0x39600000 | reloff; 365 where[1] = 0x48000000 | (distance & 0x03fffffc); 366 } else { 367 jmptab = obj->pltgot + JMPTAB_BASE(N); 368 jmptab[reloff] = (u_int)pltlongresolve; 369 370 /* lis r11,jmptab[reloff]@ha */ 371 /* lwzu r12,jmptab[reloff]@l(r11) */ 372 /* mtctr r12 */ 373 /* bctr */ 374 where[0] = 0x3d600000 | _ppc_ha(&jmptab[reloff]); 375 where[1] = 0x858b0000 | _ppc_la(&jmptab[reloff]); 376 where[2] = 0x7d8903a6; 377 where[3] = 0x4e800420; 378 } 379 380 381 /* 382 * The icache will be sync'd in reloc_plt, which is called 383 * after all the slots have been updated 384 */ 385 386 return (0); 387 } 388 389 390 /* 391 * Process the PLT relocations. 392 */ 393 int 394 reloc_plt(Obj_Entry *obj) 395 { 396 const Elf_Rela *relalim; 397 const Elf_Rela *rela; 398 int N = obj->pltrelasize / sizeof(Elf_Rela); 399 400 if (obj->pltrelasize != 0) { 401 402 relalim = (const Elf_Rela *)((const char *)obj->pltrela + 403 obj->pltrelasize); 404 for (rela = obj->pltrela; rela < relalim; rela++) { 405 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 406 407 if (reloc_plt_object(obj, rela) < 0) { 408 return (-1); 409 } 410 } 411 } 412 413 /* 414 * Sync the icache for the byte range represented by the 415 * trampoline routines and call slots. 416 */ 417 if (obj->pltgot != NULL) 418 __syncicache(obj->pltgot, JMPTAB_BASE(N)*4); 419 420 return (0); 421 } 422 423 424 /* 425 * LD_BIND_NOW was set - force relocation for all jump slots 426 */ 427 int 428 reloc_jmpslots(Obj_Entry *obj, int flags, RtldLockState *lockstate) 429 { 430 const Obj_Entry *defobj; 431 const Elf_Rela *relalim; 432 const Elf_Rela *rela; 433 const Elf_Sym *def; 434 Elf_Addr *where; 435 Elf_Addr target; 436 437 relalim = (const Elf_Rela *)((const char *)obj->pltrela + 438 obj->pltrelasize); 439 for (rela = obj->pltrela; rela < relalim; rela++) { 440 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 441 where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 442 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 443 SYMLOOK_IN_PLT | flags, NULL, lockstate); 444 if (def == NULL) { 445 dbg("reloc_jmpslots: sym not found"); 446 return (-1); 447 } 448 449 target = (Elf_Addr)(defobj->relocbase + def->st_value); 450 451 #if 0 452 /* PG XXX */ 453 dbg("\"%s\" in \"%s\" --> %p in \"%s\"", 454 defobj->strtab + def->st_name, basename(obj->path), 455 (void *)target, basename(defobj->path)); 456 #endif 457 458 reloc_jmpslot(where, target, defobj, obj, 459 (const Elf_Rel *) rela); 460 } 461 462 obj->jmpslots_done = true; 463 464 return (0); 465 } 466 467 468 /* 469 * Update the value of a PLT jump slot. Branch directly to the target if 470 * it is within +/- 32Mb, otherwise go indirectly via the pltcall 471 * trampoline call and jump table. 472 */ 473 Elf_Addr 474 reloc_jmpslot(Elf_Addr *wherep, Elf_Addr target, 475 const Obj_Entry *defobj __unused, const Obj_Entry *obj, const Elf_Rel *rel) 476 { 477 Elf_Addr offset; 478 const Elf_Rela *rela = (const Elf_Rela *) rel; 479 480 dbg(" reloc_jmpslot: where=%p, target=%p", 481 (void *)wherep, (void *)target); 482 483 if (ld_bind_not) 484 goto out; 485 486 /* 487 * At the PLT entry pointed at by `wherep', construct 488 * a direct transfer to the now fully resolved function 489 * address. 490 */ 491 offset = target - (Elf_Addr)wherep; 492 493 if (abs((int)offset) < 32*1024*1024) { /* inside 32MB? */ 494 /* b value # branch directly */ 495 *wherep = 0x48000000 | (offset & 0x03fffffc); 496 __syncicache(wherep, 4); 497 } else { 498 Elf_Addr *pltcall, *jmptab; 499 int distance; 500 int N = obj->pltrelasize / sizeof(Elf_Rela); 501 int reloff = rela - obj->pltrela; 502 503 if (reloff < 0) 504 return (-1); 505 506 pltcall = obj->pltgot; 507 508 dbg(" reloc_jmpslot: indir, reloff=%x, N=%x\n", 509 reloff, N); 510 511 jmptab = obj->pltgot + JMPTAB_BASE(N); 512 jmptab[reloff] = target; 513 mb(); /* Order jmptab update before next changes */ 514 515 if (reloff < PLT_EXTENDED_BEGIN) { 516 /* for extended PLT entries, we keep the old code */ 517 518 distance = (Elf_Addr)pltcall - (Elf_Addr)(wherep + 1); 519 520 /* li r11,reloff */ 521 /* b pltcall # use indirect pltcall routine */ 522 523 /* first instruction same as before */ 524 wherep[1] = 0x48000000 | (distance & 0x03fffffc); 525 __syncicache(wherep, 8); 526 } 527 } 528 529 out: 530 return (target); 531 } 532 533 int 534 reloc_iresolve(Obj_Entry *obj __unused, 535 struct Struct_RtldLockState *lockstate __unused) 536 { 537 538 /* XXX not implemented */ 539 return (0); 540 } 541 542 int 543 reloc_gnu_ifunc(Obj_Entry *obj __unused, int flags __unused, 544 struct Struct_RtldLockState *lockstate __unused) 545 { 546 547 /* XXX not implemented */ 548 return (0); 549 } 550 551 /* 552 * Setup the plt glue routines. 553 */ 554 #define PLTCALL_SIZE 20 555 #define PLTLONGRESOLVE_SIZE 20 556 #define PLTRESOLVE_SIZE 24 557 558 void 559 init_pltgot(Obj_Entry *obj) 560 { 561 Elf_Word *pltcall, *pltresolve, *pltlongresolve; 562 Elf_Word *jmptab; 563 int N = obj->pltrelasize / sizeof(Elf_Rela); 564 565 pltcall = obj->pltgot; 566 567 if (pltcall == NULL) { 568 return; 569 } 570 571 /* 572 * From the SVR4 PPC ABI: 573 * 574 * 'The first 18 words (72 bytes) of the PLT are reserved for 575 * use by the dynamic linker. 576 * ... 577 * 'If the executable or shared object requires N procedure 578 * linkage table entries, the link editor shall reserve 3*N 579 * words (12*N bytes) following the 18 reserved words. The 580 * first 2*N of these words are the procedure linkage table 581 * entries themselves. The static linker directs calls to bytes 582 * (72 + (i-1)*8), for i between 1 and N inclusive. The remaining 583 * N words (4*N bytes) are reserved for use by the dynamic linker.' 584 */ 585 586 /* 587 * Copy the absolute-call assembler stub into the first part of 588 * the reserved PLT area. 589 */ 590 memcpy(pltcall, _rtld_powerpc_pltcall, PLTCALL_SIZE); 591 592 /* 593 * Determine the address of the jumptable, which is the dyn-linker 594 * reserved area after the call cells. Write the absolute address 595 * of the jumptable into the absolute-call assembler code so it 596 * can determine this address. 597 */ 598 jmptab = obj->pltgot + JMPTAB_BASE(N); 599 pltcall[1] |= _ppc_ha(jmptab); /* addis 11,11,jmptab@ha */ 600 pltcall[2] |= _ppc_la(jmptab); /* lwz 11,jmptab@l(11) */ 601 602 /* 603 * Skip down 20 bytes into the initial reserved area and copy 604 * in the standard resolving assembler call. Into this assembler, 605 * insert the absolute address of the _rtld_bind_start routine 606 * and the address of the relocation object. 607 * 608 * We place pltlongresolve first, so it can fix up its arguments 609 * and then fall through to the regular PLT resolver. 610 */ 611 pltlongresolve = obj->pltgot + 5; 612 613 memcpy(pltlongresolve, _rtld_powerpc_pltlongresolve, 614 PLTLONGRESOLVE_SIZE); 615 pltlongresolve[0] |= _ppc_ha(jmptab); /* lis 12,jmptab@ha */ 616 pltlongresolve[1] |= _ppc_la(jmptab); /* addi 12,12,jmptab@l */ 617 618 pltresolve = pltlongresolve + PLTLONGRESOLVE_SIZE/sizeof(uint32_t); 619 memcpy(pltresolve, _rtld_powerpc_pltresolve, PLTRESOLVE_SIZE); 620 pltresolve[0] |= _ppc_ha(_rtld_bind_start); 621 pltresolve[1] |= _ppc_la(_rtld_bind_start); 622 pltresolve[3] |= _ppc_ha(obj); 623 pltresolve[4] |= _ppc_la(obj); 624 625 /* 626 * The icache will be sync'd in reloc_plt, which is called 627 * after all the slots have been updated 628 */ 629 } 630 631 void 632 ifunc_init(Elf_Auxinfo aux_info[__min_size(AT_COUNT)] __unused) 633 { 634 635 } 636 637 void 638 pre_init(void) 639 { 640 641 } 642 643 void 644 allocate_initial_tls(Obj_Entry *list) 645 { 646 Elf_Addr **tp; 647 648 /* 649 * Fix the size of the static TLS block by using the maximum 650 * offset allocated so far and adding a bit for dynamic modules to 651 * use. 652 */ 653 654 tls_static_space = tls_last_offset + tls_last_size + RTLD_STATIC_TLS_EXTRA; 655 656 tp = (Elf_Addr **)((char *) allocate_tls(list, NULL, TLS_TCB_SIZE, 8) 657 + TLS_TP_OFFSET + TLS_TCB_SIZE); 658 659 /* 660 * XXX gcc seems to ignore 'tp = _tp;' 661 */ 662 663 __asm __volatile("mr 2,%0" :: "r"(tp)); 664 } 665 666 void* 667 __tls_get_addr(tls_index* ti) 668 { 669 register Elf_Addr **tp; 670 char *p; 671 672 __asm __volatile("mr %0,2" : "=r"(tp)); 673 p = tls_get_addr_common((Elf_Addr**)((Elf_Addr)tp - TLS_TP_OFFSET 674 - TLS_TCB_SIZE), ti->ti_module, ti->ti_offset); 675 676 return (p + TLS_DTV_OFFSET); 677 } 678