1 /* $NetBSD: ppc_reloc.c,v 1.10 2001/09/10 06:09:41 mycroft Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-2-Clause-NetBSD 5 * 6 * Copyright (C) 1998 Tsubai Masanari 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * $FreeBSD$ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/mman.h> 36 37 #include <errno.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 #include <machine/cpu.h> 43 #include <machine/atomic.h> 44 #include <machine/md_var.h> 45 46 #include "debug.h" 47 #include "rtld.h" 48 49 #define _ppc_ha(x) ((((u_int32_t)(x) & 0x8000) ? \ 50 ((u_int32_t)(x) + 0x10000) : (u_int32_t)(x)) >> 16) 51 #define _ppc_la(x) ((u_int32_t)(x) & 0xffff) 52 53 #define min(a,b) (((a) < (b)) ? (a) : (b)) 54 #define max(a,b) (((a) > (b)) ? (a) : (b)) 55 56 #define PLT_EXTENDED_BEGIN (1 << 13) 57 #define JMPTAB_BASE(N) (18 + N*2 + ((N > PLT_EXTENDED_BEGIN) ? \ 58 (N - PLT_EXTENDED_BEGIN)*2 : 0)) 59 60 /* 61 * Process the R_PPC_COPY relocations 62 */ 63 int 64 do_copy_relocations(Obj_Entry *dstobj) 65 { 66 const Elf_Rela *relalim; 67 const Elf_Rela *rela; 68 69 /* 70 * COPY relocs are invalid outside of the main program 71 */ 72 assert(dstobj->mainprog); 73 74 relalim = (const Elf_Rela *)((const char *) dstobj->rela + 75 dstobj->relasize); 76 for (rela = dstobj->rela; rela < relalim; rela++) { 77 void *dstaddr; 78 const Elf_Sym *dstsym; 79 const char *name; 80 size_t size; 81 const void *srcaddr; 82 const Elf_Sym *srcsym = NULL; 83 const Obj_Entry *srcobj, *defobj; 84 SymLook req; 85 int res; 86 87 if (ELF_R_TYPE(rela->r_info) != R_PPC_COPY) { 88 continue; 89 } 90 91 dstaddr = (void *)(dstobj->relocbase + rela->r_offset); 92 dstsym = dstobj->symtab + ELF_R_SYM(rela->r_info); 93 name = dstobj->strtab + dstsym->st_name; 94 size = dstsym->st_size; 95 symlook_init(&req, name); 96 req.ventry = fetch_ventry(dstobj, ELF_R_SYM(rela->r_info)); 97 req.flags = SYMLOOK_EARLY; 98 99 for (srcobj = globallist_next(dstobj); srcobj != NULL; 100 srcobj = globallist_next(srcobj)) { 101 res = symlook_obj(&req, srcobj); 102 if (res == 0) { 103 srcsym = req.sym_out; 104 defobj = req.defobj_out; 105 break; 106 } 107 } 108 109 if (srcobj == NULL) { 110 _rtld_error("Undefined symbol \"%s\" " 111 " referenced from COPY" 112 " relocation in %s", name, dstobj->path); 113 return (-1); 114 } 115 116 srcaddr = (const void *)(defobj->relocbase+srcsym->st_value); 117 memcpy(dstaddr, srcaddr, size); 118 dbg("copy_reloc: src=%p,dst=%p,size=%d\n",srcaddr,dstaddr,size); 119 } 120 121 return (0); 122 } 123 124 125 /* 126 * Perform early relocation of the run-time linker image 127 */ 128 void 129 reloc_non_plt_self(Elf_Dyn *dynp, Elf_Addr relocbase) 130 { 131 const Elf_Rela *rela = NULL, *relalim; 132 Elf_Addr relasz = 0; 133 Elf_Addr *where; 134 135 /* 136 * Extract the rela/relasz values from the dynamic section 137 */ 138 for (; dynp->d_tag != DT_NULL; dynp++) { 139 switch (dynp->d_tag) { 140 case DT_RELA: 141 rela = (const Elf_Rela *)(relocbase+dynp->d_un.d_ptr); 142 break; 143 case DT_RELASZ: 144 relasz = dynp->d_un.d_val; 145 break; 146 } 147 } 148 149 /* 150 * Relocate these values 151 */ 152 relalim = (const Elf_Rela *)((const char *)rela + relasz); 153 for (; rela < relalim; rela++) { 154 where = (Elf_Addr *)(relocbase + rela->r_offset); 155 *where = (Elf_Addr)(relocbase + rela->r_addend); 156 } 157 } 158 159 160 /* 161 * Relocate a non-PLT object with addend. 162 */ 163 static int 164 reloc_nonplt_object(Obj_Entry *obj_rtld __unused, Obj_Entry *obj, 165 const Elf_Rela *rela, SymCache *cache, int flags, RtldLockState *lockstate) 166 { 167 Elf_Addr *where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 168 const Elf_Sym *def; 169 const Obj_Entry *defobj; 170 Elf_Addr tmp; 171 172 switch (ELF_R_TYPE(rela->r_info)) { 173 174 case R_PPC_NONE: 175 break; 176 177 case R_PPC_ADDR32: /* word32 S + A */ 178 case R_PPC_GLOB_DAT: /* word32 S + A */ 179 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 180 flags, cache, lockstate); 181 if (def == NULL) { 182 return (-1); 183 } 184 185 tmp = (Elf_Addr)(defobj->relocbase + def->st_value + 186 rela->r_addend); 187 188 /* Don't issue write if unnecessary; avoid COW page fault */ 189 if (*where != tmp) { 190 *where = tmp; 191 } 192 break; 193 194 case R_PPC_RELATIVE: /* word32 B + A */ 195 tmp = (Elf_Addr)(obj->relocbase + rela->r_addend); 196 197 /* As above, don't issue write unnecessarily */ 198 if (*where != tmp) { 199 *where = tmp; 200 } 201 break; 202 203 case R_PPC_COPY: 204 /* 205 * These are deferred until all other relocations 206 * have been done. All we do here is make sure 207 * that the COPY relocation is not in a shared 208 * library. They are allowed only in executable 209 * files. 210 */ 211 if (!obj->mainprog) { 212 _rtld_error("%s: Unexpected R_COPY " 213 " relocation in shared library", 214 obj->path); 215 return (-1); 216 } 217 break; 218 219 case R_PPC_JMP_SLOT: 220 /* 221 * These will be handled by the plt/jmpslot routines 222 */ 223 break; 224 225 case R_PPC_DTPMOD32: 226 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 227 flags, cache, lockstate); 228 229 if (def == NULL) 230 return (-1); 231 232 *where = (Elf_Addr) defobj->tlsindex; 233 234 break; 235 236 case R_PPC_TPREL32: 237 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 238 flags, cache, lockstate); 239 240 if (def == NULL) 241 return (-1); 242 243 /* 244 * We lazily allocate offsets for static TLS as we 245 * see the first relocation that references the 246 * TLS block. This allows us to support (small 247 * amounts of) static TLS in dynamically loaded 248 * modules. If we run out of space, we generate an 249 * error. 250 */ 251 if (!defobj->tls_done) { 252 if (!allocate_tls_offset( 253 __DECONST(Obj_Entry *, defobj))) { 254 _rtld_error("%s: No space available for static " 255 "Thread Local Storage", obj->path); 256 return (-1); 257 } 258 } 259 260 *(Elf_Addr **)where = *where * sizeof(Elf_Addr) 261 + (Elf_Addr *)(def->st_value + rela->r_addend 262 + defobj->tlsoffset - TLS_TP_OFFSET - TLS_TCB_SIZE); 263 264 break; 265 266 case R_PPC_DTPREL32: 267 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 268 flags, cache, lockstate); 269 270 if (def == NULL) 271 return (-1); 272 273 *where += (Elf_Addr)(def->st_value + rela->r_addend 274 - TLS_DTV_OFFSET); 275 276 break; 277 278 default: 279 _rtld_error("%s: Unsupported relocation type %d" 280 " in non-PLT relocations\n", obj->path, 281 ELF_R_TYPE(rela->r_info)); 282 return (-1); 283 } 284 return (0); 285 } 286 287 288 /* 289 * Process non-PLT relocations 290 */ 291 int 292 reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, int flags, 293 RtldLockState *lockstate) 294 { 295 const Elf_Rela *relalim; 296 const Elf_Rela *rela; 297 const Elf_Phdr *phdr; 298 SymCache *cache; 299 int r = -1; 300 301 if ((flags & SYMLOOK_IFUNC) != 0) 302 /* XXX not implemented */ 303 return (0); 304 305 /* 306 * The dynamic loader may be called from a thread, we have 307 * limited amounts of stack available so we cannot use alloca(). 308 */ 309 if (obj != obj_rtld) { 310 cache = calloc(obj->dynsymcount, sizeof(SymCache)); 311 /* No need to check for NULL here */ 312 } else 313 cache = NULL; 314 315 /* 316 * From the SVR4 PPC ABI: 317 * "The PowerPC family uses only the Elf32_Rela relocation 318 * entries with explicit addends." 319 */ 320 relalim = (const Elf_Rela *)((const char *)obj->rela + obj->relasize); 321 for (rela = obj->rela; rela < relalim; rela++) { 322 if (reloc_nonplt_object(obj_rtld, obj, rela, cache, flags, 323 lockstate) < 0) 324 goto done; 325 } 326 r = 0; 327 done: 328 if (cache != NULL) 329 free(cache); 330 331 /* 332 * Synchronize icache for executable segments in case we made 333 * any changes. 334 */ 335 for (phdr = obj->phdr; 336 (const char *)phdr < (const char *)obj->phdr + obj->phsize; 337 phdr++) { 338 if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X) != 0) { 339 __syncicache(obj->relocbase + phdr->p_vaddr, 340 phdr->p_memsz); 341 } 342 } 343 344 return (r); 345 } 346 347 /* 348 * Initialise a PLT slot to the resolving trampoline 349 */ 350 static int 351 reloc_plt_object(Obj_Entry *obj, const Elf_Rela *rela) 352 { 353 Elf_Word *where = (Elf_Word *)(obj->relocbase + rela->r_offset); 354 Elf_Addr *pltresolve, *pltlongresolve, *jmptab; 355 Elf_Addr distance; 356 int N = obj->pltrelasize / sizeof(Elf_Rela); 357 int reloff; 358 359 reloff = rela - obj->pltrela; 360 361 if (reloff < 0) 362 return (-1); 363 364 pltlongresolve = obj->pltgot + 5; 365 pltresolve = pltlongresolve + 5; 366 367 distance = (Elf_Addr)pltresolve - (Elf_Addr)(where + 1); 368 369 dbg(" reloc_plt_object: where=%p,pltres=%p,reloff=%x,distance=%x", 370 (void *)where, (void *)pltresolve, reloff, distance); 371 372 if (reloff < PLT_EXTENDED_BEGIN) { 373 /* li r11,reloff */ 374 /* b pltresolve */ 375 where[0] = 0x39600000 | reloff; 376 where[1] = 0x48000000 | (distance & 0x03fffffc); 377 } else { 378 jmptab = obj->pltgot + JMPTAB_BASE(N); 379 jmptab[reloff] = (u_int)pltlongresolve; 380 381 /* lis r11,jmptab[reloff]@ha */ 382 /* lwzu r12,jmptab[reloff]@l(r11) */ 383 /* mtctr r12 */ 384 /* bctr */ 385 where[0] = 0x3d600000 | _ppc_ha(&jmptab[reloff]); 386 where[1] = 0x858b0000 | _ppc_la(&jmptab[reloff]); 387 where[2] = 0x7d8903a6; 388 where[3] = 0x4e800420; 389 } 390 391 392 /* 393 * The icache will be sync'd in reloc_plt, which is called 394 * after all the slots have been updated 395 */ 396 397 return (0); 398 } 399 400 401 /* 402 * Process the PLT relocations. 403 */ 404 int 405 reloc_plt(Obj_Entry *obj, int flags __unused, RtldLockState *lockstate __unused) 406 { 407 const Elf_Rela *relalim; 408 const Elf_Rela *rela; 409 int N = obj->pltrelasize / sizeof(Elf_Rela); 410 411 if (obj->pltrelasize != 0) { 412 413 relalim = (const Elf_Rela *)((const char *)obj->pltrela + 414 obj->pltrelasize); 415 for (rela = obj->pltrela; rela < relalim; rela++) { 416 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 417 418 if (reloc_plt_object(obj, rela) < 0) { 419 return (-1); 420 } 421 } 422 } 423 424 /* 425 * Sync the icache for the byte range represented by the 426 * trampoline routines and call slots. 427 */ 428 if (obj->pltgot != NULL) 429 __syncicache(obj->pltgot, JMPTAB_BASE(N)*4); 430 431 return (0); 432 } 433 434 435 /* 436 * LD_BIND_NOW was set - force relocation for all jump slots 437 */ 438 int 439 reloc_jmpslots(Obj_Entry *obj, int flags, RtldLockState *lockstate) 440 { 441 const Obj_Entry *defobj; 442 const Elf_Rela *relalim; 443 const Elf_Rela *rela; 444 const Elf_Sym *def; 445 Elf_Addr *where; 446 Elf_Addr target; 447 448 relalim = (const Elf_Rela *)((const char *)obj->pltrela + 449 obj->pltrelasize); 450 for (rela = obj->pltrela; rela < relalim; rela++) { 451 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 452 where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 453 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 454 SYMLOOK_IN_PLT | flags, NULL, lockstate); 455 if (def == NULL) { 456 dbg("reloc_jmpslots: sym not found"); 457 return (-1); 458 } 459 460 target = (Elf_Addr)(defobj->relocbase + def->st_value); 461 462 #if 0 463 /* PG XXX */ 464 dbg("\"%s\" in \"%s\" --> %p in \"%s\"", 465 defobj->strtab + def->st_name, basename(obj->path), 466 (void *)target, basename(defobj->path)); 467 #endif 468 469 reloc_jmpslot(where, target, defobj, obj, 470 (const Elf_Rel *) rela); 471 } 472 473 obj->jmpslots_done = true; 474 475 return (0); 476 } 477 478 479 /* 480 * Update the value of a PLT jump slot. Branch directly to the target if 481 * it is within +/- 32Mb, otherwise go indirectly via the pltcall 482 * trampoline call and jump table. 483 */ 484 Elf_Addr 485 reloc_jmpslot(Elf_Addr *wherep, Elf_Addr target, 486 const Obj_Entry *defobj __unused, const Obj_Entry *obj, const Elf_Rel *rel) 487 { 488 Elf_Addr offset; 489 const Elf_Rela *rela = (const Elf_Rela *) rel; 490 491 dbg(" reloc_jmpslot: where=%p, target=%p", 492 (void *)wherep, (void *)target); 493 494 if (ld_bind_not) 495 goto out; 496 497 /* 498 * At the PLT entry pointed at by `wherep', construct 499 * a direct transfer to the now fully resolved function 500 * address. 501 */ 502 offset = target - (Elf_Addr)wherep; 503 504 if (abs((int)offset) < 32*1024*1024) { /* inside 32MB? */ 505 /* b value # branch directly */ 506 *wherep = 0x48000000 | (offset & 0x03fffffc); 507 __syncicache(wherep, 4); 508 } else { 509 Elf_Addr *pltcall, *jmptab; 510 int distance; 511 int N = obj->pltrelasize / sizeof(Elf_Rela); 512 int reloff = rela - obj->pltrela; 513 514 if (reloff < 0) 515 return (-1); 516 517 pltcall = obj->pltgot; 518 519 dbg(" reloc_jmpslot: indir, reloff=%x, N=%x\n", 520 reloff, N); 521 522 jmptab = obj->pltgot + JMPTAB_BASE(N); 523 jmptab[reloff] = target; 524 mb(); /* Order jmptab update before next changes */ 525 526 if (reloff < PLT_EXTENDED_BEGIN) { 527 /* for extended PLT entries, we keep the old code */ 528 529 distance = (Elf_Addr)pltcall - (Elf_Addr)(wherep + 1); 530 531 /* li r11,reloff */ 532 /* b pltcall # use indirect pltcall routine */ 533 534 /* first instruction same as before */ 535 wherep[1] = 0x48000000 | (distance & 0x03fffffc); 536 __syncicache(wherep, 8); 537 } 538 } 539 540 out: 541 return (target); 542 } 543 544 int 545 reloc_iresolve(Obj_Entry *obj __unused, 546 struct Struct_RtldLockState *lockstate __unused) 547 { 548 549 /* XXX not implemented */ 550 return (0); 551 } 552 553 int 554 reloc_gnu_ifunc(Obj_Entry *obj __unused, int flags __unused, 555 struct Struct_RtldLockState *lockstate __unused) 556 { 557 558 /* XXX not implemented */ 559 return (0); 560 } 561 562 /* 563 * Setup the plt glue routines. 564 */ 565 #define PLTCALL_SIZE 20 566 #define PLTLONGRESOLVE_SIZE 20 567 #define PLTRESOLVE_SIZE 24 568 569 void 570 init_pltgot(Obj_Entry *obj) 571 { 572 Elf_Word *pltcall, *pltresolve, *pltlongresolve; 573 Elf_Word *jmptab; 574 int N = obj->pltrelasize / sizeof(Elf_Rela); 575 576 pltcall = obj->pltgot; 577 578 if (pltcall == NULL) { 579 return; 580 } 581 582 /* 583 * From the SVR4 PPC ABI: 584 * 585 * 'The first 18 words (72 bytes) of the PLT are reserved for 586 * use by the dynamic linker. 587 * ... 588 * 'If the executable or shared object requires N procedure 589 * linkage table entries, the link editor shall reserve 3*N 590 * words (12*N bytes) following the 18 reserved words. The 591 * first 2*N of these words are the procedure linkage table 592 * entries themselves. The static linker directs calls to bytes 593 * (72 + (i-1)*8), for i between 1 and N inclusive. The remaining 594 * N words (4*N bytes) are reserved for use by the dynamic linker.' 595 */ 596 597 /* 598 * Copy the absolute-call assembler stub into the first part of 599 * the reserved PLT area. 600 */ 601 memcpy(pltcall, _rtld_powerpc_pltcall, PLTCALL_SIZE); 602 603 /* 604 * Determine the address of the jumptable, which is the dyn-linker 605 * reserved area after the call cells. Write the absolute address 606 * of the jumptable into the absolute-call assembler code so it 607 * can determine this address. 608 */ 609 jmptab = obj->pltgot + JMPTAB_BASE(N); 610 pltcall[1] |= _ppc_ha(jmptab); /* addis 11,11,jmptab@ha */ 611 pltcall[2] |= _ppc_la(jmptab); /* lwz 11,jmptab@l(11) */ 612 613 /* 614 * Skip down 20 bytes into the initial reserved area and copy 615 * in the standard resolving assembler call. Into this assembler, 616 * insert the absolute address of the _rtld_bind_start routine 617 * and the address of the relocation object. 618 * 619 * We place pltlongresolve first, so it can fix up its arguments 620 * and then fall through to the regular PLT resolver. 621 */ 622 pltlongresolve = obj->pltgot + 5; 623 624 memcpy(pltlongresolve, _rtld_powerpc_pltlongresolve, 625 PLTLONGRESOLVE_SIZE); 626 pltlongresolve[0] |= _ppc_ha(jmptab); /* lis 12,jmptab@ha */ 627 pltlongresolve[1] |= _ppc_la(jmptab); /* addi 12,12,jmptab@l */ 628 629 pltresolve = pltlongresolve + PLTLONGRESOLVE_SIZE/sizeof(uint32_t); 630 memcpy(pltresolve, _rtld_powerpc_pltresolve, PLTRESOLVE_SIZE); 631 pltresolve[0] |= _ppc_ha(_rtld_bind_start); 632 pltresolve[1] |= _ppc_la(_rtld_bind_start); 633 pltresolve[3] |= _ppc_ha(obj); 634 pltresolve[4] |= _ppc_la(obj); 635 636 /* 637 * The icache will be sync'd in reloc_plt, which is called 638 * after all the slots have been updated 639 */ 640 } 641 642 void 643 ifunc_init(Elf_Auxinfo aux_info[__min_size(AT_COUNT)] __unused) 644 { 645 646 } 647 648 void 649 pre_init(void) 650 { 651 652 } 653 654 void 655 allocate_initial_tls(Obj_Entry *list) 656 { 657 Elf_Addr **tp; 658 659 /* 660 * Fix the size of the static TLS block by using the maximum 661 * offset allocated so far and adding a bit for dynamic modules to 662 * use. 663 */ 664 665 tls_static_space = tls_last_offset + tls_last_size + RTLD_STATIC_TLS_EXTRA; 666 667 tp = (Elf_Addr **)((char *) allocate_tls(list, NULL, TLS_TCB_SIZE, 8) 668 + TLS_TP_OFFSET + TLS_TCB_SIZE); 669 670 /* 671 * XXX gcc seems to ignore 'tp = _tp;' 672 */ 673 674 __asm __volatile("mr 2,%0" :: "r"(tp)); 675 } 676 677 void* 678 __tls_get_addr(tls_index* ti) 679 { 680 register Elf_Addr **tp; 681 char *p; 682 683 __asm __volatile("mr %0,2" : "=r"(tp)); 684 p = tls_get_addr_common((Elf_Addr**)((Elf_Addr)tp - TLS_TP_OFFSET 685 - TLS_TCB_SIZE), ti->ti_module, ti->ti_offset); 686 687 return (p + TLS_DTV_OFFSET); 688 } 689