1 /* $NetBSD: ppc_reloc.c,v 1.10 2001/09/10 06:09:41 mycroft Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-2-Clause-NetBSD 5 * 6 * Copyright (C) 1998 Tsubai Masanari 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * $FreeBSD$ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/mman.h> 36 37 #include <errno.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <unistd.h> 42 #include <machine/cpu.h> 43 #include <machine/atomic.h> 44 #include <machine/md_var.h> 45 46 #include "debug.h" 47 #include "rtld.h" 48 49 #define _ppc_ha(x) ((((u_int32_t)(x) & 0x8000) ? \ 50 ((u_int32_t)(x) + 0x10000) : (u_int32_t)(x)) >> 16) 51 #define _ppc_la(x) ((u_int32_t)(x) & 0xffff) 52 53 #define min(a,b) (((a) < (b)) ? (a) : (b)) 54 #define max(a,b) (((a) > (b)) ? (a) : (b)) 55 56 #define PLT_EXTENDED_BEGIN (1 << 13) 57 #define JMPTAB_BASE(N) (18 + N*2 + ((N > PLT_EXTENDED_BEGIN) ? \ 58 (N - PLT_EXTENDED_BEGIN)*2 : 0)) 59 60 /* 61 * Process the R_PPC_COPY relocations 62 */ 63 int 64 do_copy_relocations(Obj_Entry *dstobj) 65 { 66 const Elf_Rela *relalim; 67 const Elf_Rela *rela; 68 69 /* 70 * COPY relocs are invalid outside of the main program 71 */ 72 assert(dstobj->mainprog); 73 74 relalim = (const Elf_Rela *) ((caddr_t) dstobj->rela + 75 dstobj->relasize); 76 for (rela = dstobj->rela; rela < relalim; rela++) { 77 void *dstaddr; 78 const Elf_Sym *dstsym; 79 const char *name; 80 size_t size; 81 const void *srcaddr; 82 const Elf_Sym *srcsym = NULL; 83 const Obj_Entry *srcobj, *defobj; 84 SymLook req; 85 int res; 86 87 if (ELF_R_TYPE(rela->r_info) != R_PPC_COPY) { 88 continue; 89 } 90 91 dstaddr = (void *) (dstobj->relocbase + rela->r_offset); 92 dstsym = dstobj->symtab + ELF_R_SYM(rela->r_info); 93 name = dstobj->strtab + dstsym->st_name; 94 size = dstsym->st_size; 95 symlook_init(&req, name); 96 req.ventry = fetch_ventry(dstobj, ELF_R_SYM(rela->r_info)); 97 req.flags = SYMLOOK_EARLY; 98 99 for (srcobj = globallist_next(dstobj); srcobj != NULL; 100 srcobj = globallist_next(srcobj)) { 101 res = symlook_obj(&req, srcobj); 102 if (res == 0) { 103 srcsym = req.sym_out; 104 defobj = req.defobj_out; 105 break; 106 } 107 } 108 109 if (srcobj == NULL) { 110 _rtld_error("Undefined symbol \"%s\" " 111 " referenced from COPY" 112 " relocation in %s", name, dstobj->path); 113 return (-1); 114 } 115 116 srcaddr = (const void *) (defobj->relocbase+srcsym->st_value); 117 memcpy(dstaddr, srcaddr, size); 118 dbg("copy_reloc: src=%p,dst=%p,size=%d\n",srcaddr,dstaddr,size); 119 } 120 121 return (0); 122 } 123 124 125 /* 126 * Perform early relocation of the run-time linker image 127 */ 128 void 129 reloc_non_plt_self(Elf_Dyn *dynp, Elf_Addr relocbase) 130 { 131 const Elf_Rela *rela = NULL, *relalim; 132 Elf_Addr relasz = 0; 133 Elf_Addr *where; 134 135 /* 136 * Extract the rela/relasz values from the dynamic section 137 */ 138 for (; dynp->d_tag != DT_NULL; dynp++) { 139 switch (dynp->d_tag) { 140 case DT_RELA: 141 rela = (const Elf_Rela *)(relocbase+dynp->d_un.d_ptr); 142 break; 143 case DT_RELASZ: 144 relasz = dynp->d_un.d_val; 145 break; 146 } 147 } 148 149 /* 150 * Relocate these values 151 */ 152 relalim = (const Elf_Rela *)((caddr_t)rela + relasz); 153 for (; rela < relalim; rela++) { 154 where = (Elf_Addr *)(relocbase + rela->r_offset); 155 *where = (Elf_Addr)(relocbase + rela->r_addend); 156 } 157 } 158 159 160 /* 161 * Relocate a non-PLT object with addend. 162 */ 163 static int 164 reloc_nonplt_object(Obj_Entry *obj_rtld, Obj_Entry *obj, const Elf_Rela *rela, 165 SymCache *cache, int flags, RtldLockState *lockstate) 166 { 167 Elf_Addr *where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 168 const Elf_Sym *def; 169 const Obj_Entry *defobj; 170 Elf_Addr tmp; 171 172 switch (ELF_R_TYPE(rela->r_info)) { 173 174 case R_PPC_NONE: 175 break; 176 177 case R_PPC_ADDR32: /* word32 S + A */ 178 case R_PPC_GLOB_DAT: /* word32 S + A */ 179 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 180 flags, cache, lockstate); 181 if (def == NULL) { 182 return (-1); 183 } 184 185 tmp = (Elf_Addr)(defobj->relocbase + def->st_value + 186 rela->r_addend); 187 188 /* Don't issue write if unnecessary; avoid COW page fault */ 189 if (*where != tmp) { 190 *where = tmp; 191 } 192 break; 193 194 case R_PPC_RELATIVE: /* word32 B + A */ 195 tmp = (Elf_Addr)(obj->relocbase + rela->r_addend); 196 197 /* As above, don't issue write unnecessarily */ 198 if (*where != tmp) { 199 *where = tmp; 200 } 201 break; 202 203 case R_PPC_COPY: 204 /* 205 * These are deferred until all other relocations 206 * have been done. All we do here is make sure 207 * that the COPY relocation is not in a shared 208 * library. They are allowed only in executable 209 * files. 210 */ 211 if (!obj->mainprog) { 212 _rtld_error("%s: Unexpected R_COPY " 213 " relocation in shared library", 214 obj->path); 215 return (-1); 216 } 217 break; 218 219 case R_PPC_JMP_SLOT: 220 /* 221 * These will be handled by the plt/jmpslot routines 222 */ 223 break; 224 225 case R_PPC_DTPMOD32: 226 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 227 flags, cache, lockstate); 228 229 if (def == NULL) 230 return (-1); 231 232 *where = (Elf_Addr) defobj->tlsindex; 233 234 break; 235 236 case R_PPC_TPREL32: 237 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 238 flags, cache, lockstate); 239 240 if (def == NULL) 241 return (-1); 242 243 /* 244 * We lazily allocate offsets for static TLS as we 245 * see the first relocation that references the 246 * TLS block. This allows us to support (small 247 * amounts of) static TLS in dynamically loaded 248 * modules. If we run out of space, we generate an 249 * error. 250 */ 251 if (!defobj->tls_done) { 252 if (!allocate_tls_offset((Obj_Entry*) defobj)) { 253 _rtld_error("%s: No space available for static " 254 "Thread Local Storage", obj->path); 255 return (-1); 256 } 257 } 258 259 *(Elf_Addr **)where = *where * sizeof(Elf_Addr) 260 + (Elf_Addr *)(def->st_value + rela->r_addend 261 + defobj->tlsoffset - TLS_TP_OFFSET - TLS_TCB_SIZE); 262 263 break; 264 265 case R_PPC_DTPREL32: 266 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 267 flags, cache, lockstate); 268 269 if (def == NULL) 270 return (-1); 271 272 *where += (Elf_Addr)(def->st_value + rela->r_addend 273 - TLS_DTV_OFFSET); 274 275 break; 276 277 default: 278 _rtld_error("%s: Unsupported relocation type %d" 279 " in non-PLT relocations\n", obj->path, 280 ELF_R_TYPE(rela->r_info)); 281 return (-1); 282 } 283 return (0); 284 } 285 286 287 /* 288 * Process non-PLT relocations 289 */ 290 int 291 reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, int flags, 292 RtldLockState *lockstate) 293 { 294 const Elf_Rela *relalim; 295 const Elf_Rela *rela; 296 SymCache *cache; 297 int r = -1; 298 299 if ((flags & SYMLOOK_IFUNC) != 0) 300 /* XXX not implemented */ 301 return (0); 302 303 /* 304 * The dynamic loader may be called from a thread, we have 305 * limited amounts of stack available so we cannot use alloca(). 306 */ 307 if (obj != obj_rtld) { 308 cache = calloc(obj->dynsymcount, sizeof(SymCache)); 309 /* No need to check for NULL here */ 310 } else 311 cache = NULL; 312 313 /* 314 * From the SVR4 PPC ABI: 315 * "The PowerPC family uses only the Elf32_Rela relocation 316 * entries with explicit addends." 317 */ 318 relalim = (const Elf_Rela *)((caddr_t)obj->rela + obj->relasize); 319 for (rela = obj->rela; rela < relalim; rela++) { 320 if (reloc_nonplt_object(obj_rtld, obj, rela, cache, flags, 321 lockstate) < 0) 322 goto done; 323 } 324 r = 0; 325 done: 326 if (cache != NULL) 327 free(cache); 328 329 /* Synchronize icache for text seg in case we made any changes */ 330 __syncicache(obj->mapbase, obj->textsize); 331 332 return (r); 333 } 334 335 /* 336 * Initialise a PLT slot to the resolving trampoline 337 */ 338 static int 339 reloc_plt_object(Obj_Entry *obj, const Elf_Rela *rela) 340 { 341 Elf_Word *where = (Elf_Word *)(obj->relocbase + rela->r_offset); 342 Elf_Addr *pltresolve, *pltlongresolve, *jmptab; 343 Elf_Addr distance; 344 int N = obj->pltrelasize / sizeof(Elf_Rela); 345 int reloff; 346 347 reloff = rela - obj->pltrela; 348 349 if (reloff < 0) 350 return (-1); 351 352 pltlongresolve = obj->pltgot + 5; 353 pltresolve = pltlongresolve + 5; 354 355 distance = (Elf_Addr)pltresolve - (Elf_Addr)(where + 1); 356 357 dbg(" reloc_plt_object: where=%p,pltres=%p,reloff=%x,distance=%x", 358 (void *)where, (void *)pltresolve, reloff, distance); 359 360 if (reloff < PLT_EXTENDED_BEGIN) { 361 /* li r11,reloff */ 362 /* b pltresolve */ 363 where[0] = 0x39600000 | reloff; 364 where[1] = 0x48000000 | (distance & 0x03fffffc); 365 } else { 366 jmptab = obj->pltgot + JMPTAB_BASE(N); 367 jmptab[reloff] = (u_int)pltlongresolve; 368 369 /* lis r11,jmptab[reloff]@ha */ 370 /* lwzu r12,jmptab[reloff]@l(r11) */ 371 /* mtctr r12 */ 372 /* bctr */ 373 where[0] = 0x3d600000 | _ppc_ha(&jmptab[reloff]); 374 where[1] = 0x858b0000 | _ppc_la(&jmptab[reloff]); 375 where[2] = 0x7d8903a6; 376 where[3] = 0x4e800420; 377 } 378 379 380 /* 381 * The icache will be sync'd in reloc_plt, which is called 382 * after all the slots have been updated 383 */ 384 385 return (0); 386 } 387 388 389 /* 390 * Process the PLT relocations. 391 */ 392 int 393 reloc_plt(Obj_Entry *obj) 394 { 395 const Elf_Rela *relalim; 396 const Elf_Rela *rela; 397 int N = obj->pltrelasize / sizeof(Elf_Rela); 398 399 if (obj->pltrelasize != 0) { 400 401 relalim = (const Elf_Rela *)((char *)obj->pltrela + 402 obj->pltrelasize); 403 for (rela = obj->pltrela; rela < relalim; rela++) { 404 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 405 406 if (reloc_plt_object(obj, rela) < 0) { 407 return (-1); 408 } 409 } 410 } 411 412 /* 413 * Sync the icache for the byte range represented by the 414 * trampoline routines and call slots. 415 */ 416 if (obj->pltgot != NULL) 417 __syncicache(obj->pltgot, JMPTAB_BASE(N)*4); 418 419 return (0); 420 } 421 422 423 /* 424 * LD_BIND_NOW was set - force relocation for all jump slots 425 */ 426 int 427 reloc_jmpslots(Obj_Entry *obj, int flags, RtldLockState *lockstate) 428 { 429 const Obj_Entry *defobj; 430 const Elf_Rela *relalim; 431 const Elf_Rela *rela; 432 const Elf_Sym *def; 433 Elf_Addr *where; 434 Elf_Addr target; 435 436 relalim = (const Elf_Rela *)((char *)obj->pltrela + obj->pltrelasize); 437 for (rela = obj->pltrela; rela < relalim; rela++) { 438 assert(ELF_R_TYPE(rela->r_info) == R_PPC_JMP_SLOT); 439 where = (Elf_Addr *)(obj->relocbase + rela->r_offset); 440 def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, 441 SYMLOOK_IN_PLT | flags, NULL, lockstate); 442 if (def == NULL) { 443 dbg("reloc_jmpslots: sym not found"); 444 return (-1); 445 } 446 447 target = (Elf_Addr)(defobj->relocbase + def->st_value); 448 449 #if 0 450 /* PG XXX */ 451 dbg("\"%s\" in \"%s\" --> %p in \"%s\"", 452 defobj->strtab + def->st_name, basename(obj->path), 453 (void *)target, basename(defobj->path)); 454 #endif 455 456 reloc_jmpslot(where, target, defobj, obj, 457 (const Elf_Rel *) rela); 458 } 459 460 obj->jmpslots_done = true; 461 462 return (0); 463 } 464 465 466 /* 467 * Update the value of a PLT jump slot. Branch directly to the target if 468 * it is within +/- 32Mb, otherwise go indirectly via the pltcall 469 * trampoline call and jump table. 470 */ 471 Elf_Addr 472 reloc_jmpslot(Elf_Addr *wherep, Elf_Addr target, const Obj_Entry *defobj, 473 const Obj_Entry *obj, const Elf_Rel *rel) 474 { 475 Elf_Addr offset; 476 const Elf_Rela *rela = (const Elf_Rela *) rel; 477 478 dbg(" reloc_jmpslot: where=%p, target=%p", 479 (void *)wherep, (void *)target); 480 481 if (ld_bind_not) 482 goto out; 483 484 /* 485 * At the PLT entry pointed at by `wherep', construct 486 * a direct transfer to the now fully resolved function 487 * address. 488 */ 489 offset = target - (Elf_Addr)wherep; 490 491 if (abs((int)offset) < 32*1024*1024) { /* inside 32MB? */ 492 /* b value # branch directly */ 493 *wherep = 0x48000000 | (offset & 0x03fffffc); 494 __syncicache(wherep, 4); 495 } else { 496 Elf_Addr *pltcall, *jmptab; 497 int distance; 498 int N = obj->pltrelasize / sizeof(Elf_Rela); 499 int reloff = rela - obj->pltrela; 500 501 if (reloff < 0) 502 return (-1); 503 504 pltcall = obj->pltgot; 505 506 dbg(" reloc_jmpslot: indir, reloff=%x, N=%x\n", 507 reloff, N); 508 509 jmptab = obj->pltgot + JMPTAB_BASE(N); 510 jmptab[reloff] = target; 511 mb(); /* Order jmptab update before next changes */ 512 513 if (reloff < PLT_EXTENDED_BEGIN) { 514 /* for extended PLT entries, we keep the old code */ 515 516 distance = (Elf_Addr)pltcall - (Elf_Addr)(wherep + 1); 517 518 /* li r11,reloff */ 519 /* b pltcall # use indirect pltcall routine */ 520 521 /* first instruction same as before */ 522 wherep[1] = 0x48000000 | (distance & 0x03fffffc); 523 __syncicache(wherep, 8); 524 } 525 } 526 527 out: 528 return (target); 529 } 530 531 int 532 reloc_iresolve(Obj_Entry *obj, struct Struct_RtldLockState *lockstate) 533 { 534 535 /* XXX not implemented */ 536 return (0); 537 } 538 539 int 540 reloc_gnu_ifunc(Obj_Entry *obj, int flags, 541 struct Struct_RtldLockState *lockstate) 542 { 543 544 /* XXX not implemented */ 545 return (0); 546 } 547 548 /* 549 * Setup the plt glue routines. 550 */ 551 #define PLTCALL_SIZE 20 552 #define PLTLONGRESOLVE_SIZE 20 553 #define PLTRESOLVE_SIZE 24 554 555 void 556 init_pltgot(Obj_Entry *obj) 557 { 558 Elf_Word *pltcall, *pltresolve, *pltlongresolve; 559 Elf_Word *jmptab; 560 int N = obj->pltrelasize / sizeof(Elf_Rela); 561 562 pltcall = obj->pltgot; 563 564 if (pltcall == NULL) { 565 return; 566 } 567 568 /* 569 * From the SVR4 PPC ABI: 570 * 571 * 'The first 18 words (72 bytes) of the PLT are reserved for 572 * use by the dynamic linker. 573 * ... 574 * 'If the executable or shared object requires N procedure 575 * linkage table entries, the link editor shall reserve 3*N 576 * words (12*N bytes) following the 18 reserved words. The 577 * first 2*N of these words are the procedure linkage table 578 * entries themselves. The static linker directs calls to bytes 579 * (72 + (i-1)*8), for i between 1 and N inclusive. The remaining 580 * N words (4*N bytes) are reserved for use by the dynamic linker.' 581 */ 582 583 /* 584 * Copy the absolute-call assembler stub into the first part of 585 * the reserved PLT area. 586 */ 587 memcpy(pltcall, _rtld_powerpc_pltcall, PLTCALL_SIZE); 588 589 /* 590 * Determine the address of the jumptable, which is the dyn-linker 591 * reserved area after the call cells. Write the absolute address 592 * of the jumptable into the absolute-call assembler code so it 593 * can determine this address. 594 */ 595 jmptab = obj->pltgot + JMPTAB_BASE(N); 596 pltcall[1] |= _ppc_ha(jmptab); /* addis 11,11,jmptab@ha */ 597 pltcall[2] |= _ppc_la(jmptab); /* lwz 11,jmptab@l(11) */ 598 599 /* 600 * Skip down 20 bytes into the initial reserved area and copy 601 * in the standard resolving assembler call. Into this assembler, 602 * insert the absolute address of the _rtld_bind_start routine 603 * and the address of the relocation object. 604 * 605 * We place pltlongresolve first, so it can fix up its arguments 606 * and then fall through to the regular PLT resolver. 607 */ 608 pltlongresolve = obj->pltgot + 5; 609 610 memcpy(pltlongresolve, _rtld_powerpc_pltlongresolve, 611 PLTLONGRESOLVE_SIZE); 612 pltlongresolve[0] |= _ppc_ha(jmptab); /* lis 12,jmptab@ha */ 613 pltlongresolve[1] |= _ppc_la(jmptab); /* addi 12,12,jmptab@l */ 614 615 pltresolve = pltlongresolve + PLTLONGRESOLVE_SIZE/sizeof(uint32_t); 616 memcpy(pltresolve, _rtld_powerpc_pltresolve, PLTRESOLVE_SIZE); 617 pltresolve[0] |= _ppc_ha(_rtld_bind_start); 618 pltresolve[1] |= _ppc_la(_rtld_bind_start); 619 pltresolve[3] |= _ppc_ha(obj); 620 pltresolve[4] |= _ppc_la(obj); 621 622 /* 623 * The icache will be sync'd in reloc_plt, which is called 624 * after all the slots have been updated 625 */ 626 } 627 628 void 629 ifunc_init(Elf_Auxinfo aux_info[__min_size(AT_COUNT)] __unused) 630 { 631 632 } 633 634 void 635 pre_init(void) 636 { 637 638 } 639 640 void 641 allocate_initial_tls(Obj_Entry *list) 642 { 643 Elf_Addr **tp; 644 645 /* 646 * Fix the size of the static TLS block by using the maximum 647 * offset allocated so far and adding a bit for dynamic modules to 648 * use. 649 */ 650 651 tls_static_space = tls_last_offset + tls_last_size + RTLD_STATIC_TLS_EXTRA; 652 653 tp = (Elf_Addr **) ((char *) allocate_tls(list, NULL, TLS_TCB_SIZE, 8) 654 + TLS_TP_OFFSET + TLS_TCB_SIZE); 655 656 /* 657 * XXX gcc seems to ignore 'tp = _tp;' 658 */ 659 660 __asm __volatile("mr 2,%0" :: "r"(tp)); 661 } 662 663 void* 664 __tls_get_addr(tls_index* ti) 665 { 666 register Elf_Addr **tp; 667 char *p; 668 669 __asm __volatile("mr %0,2" : "=r"(tp)); 670 p = tls_get_addr_common((Elf_Addr**)((Elf_Addr)tp - TLS_TP_OFFSET 671 - TLS_TCB_SIZE), ti->ti_module, ti->ti_offset); 672 673 return (p + TLS_DTV_OFFSET); 674 } 675