1 /*- 2 * Copyright 1996-1998 John D. Polstra. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * $Id: rtld.c,v 1.6 1998/09/02 02:51:12 jdp Exp $ 26 */ 27 28 /* 29 * Dynamic linker for ELF. 30 * 31 * John Polstra <jdp@polstra.com>. 32 */ 33 34 #ifndef __GNUC__ 35 #error "GCC is needed to compile this file" 36 #endif 37 38 #include <sys/param.h> 39 #include <sys/mman.h> 40 41 #include <dlfcn.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <stdarg.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <unistd.h> 50 51 #include "debug.h" 52 #include "rtld.h" 53 54 /* 55 * Debugging support. 56 */ 57 58 #define assert(cond) ((cond) ? (void) 0 :\ 59 (msg("oops: " __XSTRING(__LINE__) "\n"), abort())) 60 #define msg(s) (write(1, s, strlen(s))) 61 #define trace() msg("trace: " __XSTRING(__LINE__) "\n"); 62 63 #define END_SYM "end" 64 65 /* Types. */ 66 typedef void (*func_ptr_type)(); 67 68 /* 69 * Function declarations. 70 */ 71 static void call_fini_functions(Obj_Entry *); 72 static void call_init_functions(Obj_Entry *); 73 static void die(void); 74 static void digest_dynamic(Obj_Entry *); 75 static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t); 76 static Obj_Entry *dlcheck(void *); 77 static char *find_library(const char *, const Obj_Entry *); 78 static void init_rtld(caddr_t); 79 static bool is_exported(const Elf_Sym *); 80 static void linkmap_add(Obj_Entry *); 81 static void linkmap_delete(Obj_Entry *); 82 static int load_needed_objects(Obj_Entry *); 83 static Obj_Entry *load_object(char *); 84 static Obj_Entry *obj_from_addr(const void *); 85 static int relocate_objects(Obj_Entry *, bool); 86 static void rtld_exit(void); 87 static char *search_library_path(const char *, const char *); 88 static void unref_object_dag(Obj_Entry *); 89 static void trace_loaded_objects(Obj_Entry *obj); 90 91 void r_debug_state(void); 92 void xprintf(const char *, ...); 93 94 #ifdef DEBUG 95 static const char *basename(const char *); 96 #endif 97 98 /* Assembly language entry point for lazy binding. */ 99 extern void _rtld_bind_start(void); 100 101 /* 102 * Assembly language macro for getting the GOT pointer. 103 */ 104 #ifdef __i386__ 105 #define get_got_address() \ 106 ({ Elf_Addr *thegot; \ 107 __asm__("movl %%ebx,%0" : "=rm"(thegot)); \ 108 thegot; }) 109 #elif __alpha__ 110 #define get_got_address() NULL 111 #else 112 #error "This file only supports the i386 and alpha architectures" 113 #endif 114 115 /* 116 * Data declarations. 117 */ 118 static char *error_message; /* Message for dlerror(), or NULL */ 119 struct r_debug r_debug; /* for GDB; */ 120 static bool trust; /* False for setuid and setgid programs */ 121 static char *ld_bind_now; /* Environment variable for immediate binding */ 122 static char *ld_debug; /* Environment variable for debugging */ 123 static char *ld_library_path; /* Environment variable for search path */ 124 static char *ld_tracing; /* Called from ldd to print libs */ 125 static Obj_Entry **main_tail; /* Value of obj_tail after loading main and 126 its needed shared libraries */ 127 static Obj_Entry *obj_list; /* Head of linked list of shared objects */ 128 static Obj_Entry **obj_tail; /* Link field of last object in list */ 129 static Obj_Entry *obj_main; /* The main program shared object */ 130 static Obj_Entry obj_rtld; /* The dynamic linker shared object */ 131 132 #define GDB_STATE(s) r_debug.r_state = s; r_debug_state(); 133 134 extern Elf_Dyn _DYNAMIC; 135 136 /* 137 * These are the functions the dynamic linker exports to application 138 * programs. They are the only symbols the dynamic linker is willing 139 * to export from itself. 140 */ 141 static func_ptr_type exports[] = { 142 (func_ptr_type) &_rtld_error, 143 (func_ptr_type) &dlclose, 144 (func_ptr_type) &dlerror, 145 (func_ptr_type) &dlopen, 146 (func_ptr_type) &dlsym, 147 NULL 148 }; 149 150 /* 151 * Global declarations normally provided by crt1. The dynamic linker is 152 * not build with crt1, so we have to provide them ourselves. 153 */ 154 char *__progname; 155 char **environ; 156 157 /* 158 * Main entry point for dynamic linking. The first argument is the 159 * stack pointer. The stack is expected to be laid out as described 160 * in the SVR4 ABI specification, Intel 386 Processor Supplement. 161 * Specifically, the stack pointer points to a word containing 162 * ARGC. Following that in the stack is a null-terminated sequence 163 * of pointers to argument strings. Then comes a null-terminated 164 * sequence of pointers to environment strings. Finally, there is a 165 * sequence of "auxiliary vector" entries. 166 * 167 * The second argument points to a place to store the dynamic linker's 168 * exit procedure pointer and the third to a place to store the main 169 * program's object. 170 * 171 * The return value is the main program's entry point. 172 */ 173 func_ptr_type 174 _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) 175 { 176 Elf_Auxinfo *aux_info[AT_COUNT]; 177 int i; 178 int argc; 179 char **argv; 180 char **env; 181 Elf_Auxinfo *aux; 182 Elf_Auxinfo *auxp; 183 184 /* 185 * On entry, the dynamic linker itself has not been relocated yet. 186 * Be very careful not to reference any global data until after 187 * init_rtld has returned. It is OK to reference file-scope statics 188 * and string constants, and to call static and global functions. 189 */ 190 191 /* Find the auxiliary vector on the stack. */ 192 argc = *sp++; 193 argv = (char **) sp; 194 sp += argc + 1; /* Skip over arguments and NULL terminator */ 195 env = (char **) sp; 196 while (*sp++ != 0) /* Skip over environment, and NULL terminator */ 197 ; 198 aux = (Elf_Auxinfo *) sp; 199 200 /* Digest the auxiliary vector. */ 201 for (i = 0; i < AT_COUNT; i++) 202 aux_info[i] = NULL; 203 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) { 204 if (auxp->a_type < AT_COUNT) 205 aux_info[auxp->a_type] = auxp; 206 } 207 208 /* Initialize and relocate ourselves. */ 209 assert(aux_info[AT_BASE] != NULL); 210 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 211 212 __progname = obj_rtld.path; 213 environ = env; 214 215 trust = geteuid() == getuid() && getegid() == getgid(); 216 217 ld_bind_now = getenv("LD_BIND_NOW"); 218 if (trust) { 219 ld_debug = getenv("LD_DEBUG"); 220 ld_library_path = getenv("LD_LIBRARY_PATH"); 221 } 222 ld_tracing = getenv("LD_TRACE_LOADED_OBJECTS"); 223 224 if (ld_debug != NULL && *ld_debug != '\0') 225 debug = 1; 226 dbg("%s is initialized, base address = %p", __progname, 227 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 228 229 /* 230 * Load the main program, or process its program header if it is 231 * already loaded. 232 */ 233 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */ 234 int fd = aux_info[AT_EXECFD]->a_un.a_val; 235 dbg("loading main program"); 236 obj_main = map_object(fd); 237 close(fd); 238 if (obj_main == NULL) 239 die(); 240 } else { /* Main program already loaded. */ 241 const Elf_Phdr *phdr; 242 int phnum; 243 caddr_t entry; 244 245 dbg("processing main program's program header"); 246 assert(aux_info[AT_PHDR] != NULL); 247 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr; 248 assert(aux_info[AT_PHNUM] != NULL); 249 phnum = aux_info[AT_PHNUM]->a_un.a_val; 250 assert(aux_info[AT_PHENT] != NULL); 251 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr)); 252 assert(aux_info[AT_ENTRY] != NULL); 253 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr; 254 obj_main = digest_phdr(phdr, phnum, entry); 255 } 256 257 obj_main->path = xstrdup(argv[0]); 258 obj_main->mainprog = true; 259 digest_dynamic(obj_main); 260 261 linkmap_add(obj_main); 262 linkmap_add(&obj_rtld); 263 264 /* Link the main program into the list of objects. */ 265 *obj_tail = obj_main; 266 obj_tail = &obj_main->next; 267 obj_main->refcount++; 268 269 dbg("loading needed objects"); 270 if (load_needed_objects(obj_main) == -1) 271 die(); 272 main_tail = obj_tail; 273 274 if (ld_tracing) { /* We're done */ 275 trace_loaded_objects(obj_main); 276 exit(0); 277 } 278 279 dbg("relocating objects"); 280 if (relocate_objects(obj_main, 281 ld_bind_now != NULL && *ld_bind_now != '\0') == -1) 282 die(); 283 284 dbg("doing copy relocations"); 285 if (do_copy_relocations(obj_main) == -1) 286 die(); 287 288 dbg("calling _init functions"); 289 call_init_functions(obj_main->next); 290 291 dbg("transferring control to program entry point = %p", obj_main->entry); 292 293 r_debug_state(); /* say hello to gdb! */ 294 295 /* Return the exit procedure and the program entry point. */ 296 *exit_proc = rtld_exit; 297 *objp = obj_main; 298 return (func_ptr_type) obj_main->entry; 299 } 300 301 caddr_t 302 _rtld_bind(const Obj_Entry *obj, Elf_Word reloff) 303 { 304 const Elf_Rel *rel; 305 const Elf_Sym *def; 306 const Obj_Entry *defobj; 307 Elf_Addr *where; 308 caddr_t target; 309 310 if (obj->pltrel) 311 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff); 312 else 313 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff); 314 315 where = (Elf_Addr *) (obj->relocbase + rel->r_offset); 316 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true); 317 if (def == NULL) 318 die(); 319 320 target = (caddr_t) (defobj->relocbase + def->st_value); 321 322 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"", 323 defobj->strtab + def->st_name, basename(obj->path), 324 target, basename(defobj->path)); 325 326 *where = (Elf_Addr) target; 327 return target; 328 } 329 330 /* 331 * Error reporting function. Use it like printf. If formats the message 332 * into a buffer, and sets things up so that the next call to dlerror() 333 * will return the message. 334 */ 335 void 336 _rtld_error(const char *fmt, ...) 337 { 338 static char buf[512]; 339 va_list ap; 340 341 va_start(ap, fmt); 342 vsnprintf(buf, sizeof buf, fmt, ap); 343 error_message = buf; 344 va_end(ap); 345 } 346 347 #ifdef DEBUG 348 static const char * 349 basename(const char *name) 350 { 351 const char *p = strrchr(name, '/'); 352 return p != NULL ? p + 1 : name; 353 } 354 #endif 355 356 static void 357 call_fini_functions(Obj_Entry *first) 358 { 359 Obj_Entry *obj; 360 361 for (obj = first; obj != NULL; obj = obj->next) 362 if (obj->fini != NULL) 363 (*obj->fini)(); 364 } 365 366 static void 367 call_init_functions(Obj_Entry *first) 368 { 369 if (first != NULL) { 370 call_init_functions(first->next); 371 if (first->init != NULL) 372 (*first->init)(); 373 } 374 } 375 376 static void 377 die(void) 378 { 379 const char *msg = dlerror(); 380 381 if (msg == NULL) 382 msg = "Fatal error"; 383 errx(1, "%s", msg); 384 } 385 386 /* 387 * Process a shared object's DYNAMIC section, and save the important 388 * information in its Obj_Entry structure. 389 */ 390 static void 391 digest_dynamic(Obj_Entry *obj) 392 { 393 const Elf_Dyn *dynp; 394 Needed_Entry **needed_tail = &obj->needed; 395 const Elf_Dyn *dyn_rpath = NULL; 396 int plttype = DT_REL; 397 398 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { 399 switch (dynp->d_tag) { 400 401 case DT_REL: 402 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr); 403 break; 404 405 case DT_RELSZ: 406 obj->relsize = dynp->d_un.d_val; 407 break; 408 409 case DT_RELENT: 410 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 411 break; 412 413 case DT_JMPREL: 414 obj->pltrel = (const Elf_Rel *) 415 (obj->relocbase + dynp->d_un.d_ptr); 416 break; 417 418 case DT_PLTRELSZ: 419 obj->pltrelsize = dynp->d_un.d_val; 420 break; 421 422 case DT_RELA: 423 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr); 424 break; 425 426 case DT_RELASZ: 427 obj->relasize = dynp->d_un.d_val; 428 break; 429 430 case DT_RELAENT: 431 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 432 break; 433 434 case DT_PLTREL: 435 plttype = dynp->d_un.d_val; 436 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA); 437 break; 438 439 case DT_SYMTAB: 440 obj->symtab = (const Elf_Sym *) 441 (obj->relocbase + dynp->d_un.d_ptr); 442 break; 443 444 case DT_SYMENT: 445 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 446 break; 447 448 case DT_STRTAB: 449 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr); 450 break; 451 452 case DT_STRSZ: 453 obj->strsize = dynp->d_un.d_val; 454 break; 455 456 case DT_HASH: 457 { 458 const Elf_Addr *hashtab = (const Elf_Addr *) 459 (obj->relocbase + dynp->d_un.d_ptr); 460 obj->nbuckets = hashtab[0]; 461 obj->nchains = hashtab[1]; 462 obj->buckets = hashtab + 2; 463 obj->chains = obj->buckets + obj->nbuckets; 464 } 465 break; 466 467 case DT_NEEDED: 468 assert(!obj->rtld); 469 { 470 Needed_Entry *nep = NEW(Needed_Entry); 471 nep->name = dynp->d_un.d_val; 472 nep->obj = NULL; 473 nep->next = NULL; 474 475 *needed_tail = nep; 476 needed_tail = &nep->next; 477 } 478 break; 479 480 case DT_PLTGOT: 481 obj->got = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr); 482 break; 483 484 case DT_TEXTREL: 485 obj->textrel = true; 486 break; 487 488 case DT_SYMBOLIC: 489 obj->symbolic = true; 490 break; 491 492 case DT_RPATH: 493 /* 494 * We have to wait until later to process this, because we 495 * might not have gotten the address of the string table yet. 496 */ 497 dyn_rpath = dynp; 498 break; 499 500 case DT_SONAME: 501 /* Not used by the dynamic linker. */ 502 break; 503 504 case DT_INIT: 505 obj->init = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 506 break; 507 508 case DT_FINI: 509 obj->fini = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 510 break; 511 512 case DT_DEBUG: 513 /* XXX - not implemented yet */ 514 dbg("Filling in DT_DEBUG entry"); 515 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug; 516 break; 517 518 default: 519 xprintf("Ignored d_tag %d\n",dynp->d_tag); 520 break; 521 } 522 } 523 524 obj->traced = false; 525 526 if (plttype == DT_RELA) { 527 obj->pltrela = (const Elf_Rela *) obj->pltrel; 528 obj->pltrel = NULL; 529 obj->pltrelasize = obj->pltrelsize; 530 obj->pltrelsize = 0; 531 } 532 533 if (dyn_rpath != NULL) 534 obj->rpath = obj->strtab + dyn_rpath->d_un.d_val; 535 } 536 537 /* 538 * Process a shared object's program header. This is used only for the 539 * main program, when the kernel has already loaded the main program 540 * into memory before calling the dynamic linker. It creates and 541 * returns an Obj_Entry structure. 542 */ 543 static Obj_Entry * 544 digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 545 { 546 Obj_Entry *obj = CNEW(Obj_Entry); 547 const Elf_Phdr *phlimit = phdr + phnum; 548 const Elf_Phdr *ph; 549 int nsegs = 0; 550 551 for (ph = phdr; ph < phlimit; ph++) { 552 switch (ph->p_type) { 553 554 case PT_PHDR: 555 assert((const Elf_Phdr *) ph->p_vaddr == phdr); 556 obj->phdr = (const Elf_Phdr *) ph->p_vaddr; 557 obj->phsize = ph->p_memsz; 558 break; 559 560 case PT_LOAD: 561 assert(nsegs < 2); 562 if (nsegs == 0) { /* First load segment */ 563 obj->vaddrbase = trunc_page(ph->p_vaddr); 564 obj->mapbase = (caddr_t) obj->vaddrbase; 565 obj->relocbase = obj->mapbase - obj->vaddrbase; 566 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) - 567 obj->vaddrbase; 568 } else { /* Last load segment */ 569 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) - 570 obj->vaddrbase; 571 } 572 nsegs++; 573 break; 574 575 case PT_DYNAMIC: 576 obj->dynamic = (const Elf_Dyn *) ph->p_vaddr; 577 break; 578 } 579 } 580 assert(nsegs == 2); 581 582 obj->entry = entry; 583 return obj; 584 } 585 586 static Obj_Entry * 587 dlcheck(void *handle) 588 { 589 Obj_Entry *obj; 590 591 for (obj = obj_list; obj != NULL; obj = obj->next) 592 if (obj == (Obj_Entry *) handle) 593 break; 594 595 if (obj == NULL || obj->dl_refcount == 0) { 596 _rtld_error("Invalid shared object handle %p", handle); 597 return NULL; 598 } 599 return obj; 600 } 601 602 /* 603 * Hash function for symbol table lookup. Don't even think about changing 604 * this. It is specified by the System V ABI. 605 */ 606 unsigned long 607 elf_hash(const char *name) 608 { 609 const unsigned char *p = (const unsigned char *) name; 610 unsigned long h = 0; 611 unsigned long g; 612 613 while (*p != '\0') { 614 h = (h << 4) + *p++; 615 if ((g = h & 0xf0000000) != 0) 616 h ^= g >> 24; 617 h &= ~g; 618 } 619 return h; 620 } 621 622 /* 623 * Find the library with the given name, and return its full pathname. 624 * The returned string is dynamically allocated. Generates an error 625 * message and returns NULL if the library cannot be found. 626 * 627 * If the second argument is non-NULL, then it refers to an already- 628 * loaded shared object, whose library search path will be searched. 629 */ 630 static char * 631 find_library(const char *name, const Obj_Entry *refobj) 632 { 633 char *pathname; 634 635 if (strchr(name, '/') != NULL) { /* Hard coded pathname */ 636 if (name[0] != '/' && !trust) { 637 _rtld_error("Absolute pathname required for shared object \"%s\"", 638 name); 639 return NULL; 640 } 641 return xstrdup(name); 642 } 643 644 dbg(" Searching for \"%s\"", name); 645 646 if ((refobj != NULL && 647 (pathname = search_library_path(name, refobj->rpath)) != NULL) || 648 (pathname = search_library_path(name, ld_library_path)) != NULL || 649 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL) 650 return pathname; 651 652 _rtld_error("Shared object \"%s\" not found", name); 653 return NULL; 654 } 655 656 /* 657 * Given a symbol number in a referencing object, find the corresponding 658 * definition of the symbol. Returns a pointer to the symbol, or NULL if 659 * no definition was found. Returns a pointer to the Obj_Entry of the 660 * defining object via the reference parameter DEFOBJ_OUT. 661 */ 662 const Elf_Sym * 663 find_symdef(unsigned long symnum, const Obj_Entry *refobj, 664 const Obj_Entry **defobj_out, bool in_plt) 665 { 666 const Elf_Sym *ref; 667 const Elf_Sym *strongdef; 668 const Elf_Sym *weakdef; 669 const Obj_Entry *obj; 670 const Obj_Entry *strongobj; 671 const Obj_Entry *weakobj; 672 const char *name; 673 unsigned long hash; 674 675 ref = refobj->symtab + symnum; 676 name = refobj->strtab + ref->st_name; 677 hash = elf_hash(name); 678 679 if (refobj->symbolic) { /* Look first in the referencing object */ 680 const Elf_Sym *def = symlook_obj(name, hash, refobj, in_plt); 681 if (def != NULL) { 682 *defobj_out = refobj; 683 return def; 684 } 685 } 686 687 /* 688 * Look in all loaded objects. Skip the referencing object, if 689 * we have already searched it. We keep track of the first weak 690 * definition and the first strong definition we encounter. If 691 * we find a strong definition we stop searching, because there 692 * won't be anything better than that. 693 */ 694 strongdef = weakdef = NULL; 695 strongobj = weakobj = NULL; 696 for (obj = obj_list; obj != NULL; obj = obj->next) { 697 if (obj != refobj || !refobj->symbolic) { 698 const Elf_Sym *def = symlook_obj(name, hash, obj, in_plt); 699 if (def != NULL) { 700 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 701 if (weakdef == NULL) { 702 weakdef = def; 703 weakobj = obj; 704 } 705 } else { 706 strongdef = def; 707 strongobj = obj; 708 break; /* We are done. */ 709 } 710 } 711 } 712 } 713 714 /* 715 * If we still don't have a strong definition, search the dynamic 716 * linker itself, and possibly resolve the symbol from there. 717 * This is how the application links to dynamic linker services 718 * such as dlopen. Only the values listed in the "exports" array 719 * can be resolved from the dynamic linker. 720 */ 721 if (strongdef == NULL) { 722 const Elf_Sym *def = symlook_obj(name, hash, &obj_rtld, in_plt); 723 if (def != NULL && is_exported(def)) { 724 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 725 if (weakdef == NULL) { 726 weakdef = def; 727 weakobj = &obj_rtld; 728 } 729 } else { 730 strongdef = def; 731 strongobj = &obj_rtld; 732 } 733 } 734 } 735 736 if (strongdef != NULL) { 737 *defobj_out = strongobj; 738 return strongdef; 739 } 740 if (weakdef != NULL) { 741 *defobj_out = weakobj; 742 return weakdef; 743 } 744 745 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name); 746 return NULL; 747 } 748 749 /* 750 * Initialize the dynamic linker. The argument is the address at which 751 * the dynamic linker has been mapped into memory. The primary task of 752 * this function is to relocate the dynamic linker. 753 */ 754 static void 755 init_rtld(caddr_t mapbase) 756 { 757 /* Conjure up an Obj_Entry structure for the dynamic linker. */ 758 759 obj_rtld.path = "/usr/libexec/ld-elf.so.1"; 760 obj_rtld.rtld = true; 761 obj_rtld.mapbase = mapbase; 762 obj_rtld.relocbase = mapbase; 763 obj_rtld.got = get_got_address(); 764 #ifdef __alpha__ 765 obj_rtld.dynamic = (const Elf_Dyn *) &_DYNAMIC; 766 #else 767 obj_rtld.dynamic = (const Elf_Dyn *) (obj_rtld.mapbase + obj_rtld.got[0]); 768 #endif 769 770 digest_dynamic(&obj_rtld); 771 #ifdef __alpha__ 772 /* XXX XXX XXX */ 773 obj_rtld.got = NULL; 774 #endif 775 assert(obj_rtld.needed == NULL); 776 assert(!obj_rtld.textrel); 777 778 /* 779 * Temporarily put the dynamic linker entry into the object list, so 780 * that symbols can be found. 781 */ 782 obj_list = &obj_rtld; 783 obj_tail = &obj_rtld.next; 784 785 relocate_objects(&obj_rtld, true); 786 787 /* Make the object list empty again. */ 788 obj_list = NULL; 789 obj_tail = &obj_list; 790 791 r_debug.r_brk = r_debug_state; 792 r_debug.r_state = RT_CONSISTENT; 793 } 794 795 static bool 796 is_exported(const Elf_Sym *def) 797 { 798 func_ptr_type value; 799 const func_ptr_type *p; 800 801 value = (func_ptr_type)(obj_rtld.relocbase + def->st_value); 802 for (p = exports; *p != NULL; p++) 803 if (*p == value) 804 return true; 805 return false; 806 } 807 808 /* 809 * Given a shared object, traverse its list of needed objects, and load 810 * each of them. Returns 0 on success. Generates an error message and 811 * returns -1 on failure. 812 */ 813 static int 814 load_needed_objects(Obj_Entry *first) 815 { 816 Obj_Entry *obj; 817 818 for (obj = first; obj != NULL; obj = obj->next) { 819 Needed_Entry *needed; 820 821 for (needed = obj->needed; needed != NULL; needed = needed->next) { 822 const char *name = obj->strtab + needed->name; 823 char *path = find_library(name, obj); 824 825 needed->obj = NULL; 826 if (path == NULL && !ld_tracing) 827 return -1; 828 829 if (path) { 830 needed->obj = load_object(path); 831 if (needed->obj == NULL && !ld_tracing) 832 return -1; /* XXX - cleanup */ 833 } 834 } 835 } 836 837 return 0; 838 } 839 840 /* 841 * Load a shared object into memory, if it is not already loaded. The 842 * argument must be a string allocated on the heap. This function assumes 843 * responsibility for freeing it when necessary. 844 * 845 * Returns a pointer to the Obj_Entry for the object. Returns NULL 846 * on failure. 847 */ 848 static Obj_Entry * 849 load_object(char *path) 850 { 851 Obj_Entry *obj; 852 853 for (obj = obj_list->next; obj != NULL; obj = obj->next) 854 if (strcmp(obj->path, path) == 0) 855 break; 856 857 if (obj == NULL) { /* First use of this object, so we must map it in */ 858 int fd; 859 860 if ((fd = open(path, O_RDONLY)) == -1) { 861 _rtld_error("Cannot open \"%s\"", path); 862 return NULL; 863 } 864 obj = map_object(fd); 865 close(fd); 866 if (obj == NULL) { 867 free(path); 868 return NULL; 869 } 870 871 obj->path = path; 872 digest_dynamic(obj); 873 874 *obj_tail = obj; 875 obj_tail = &obj->next; 876 linkmap_add(obj); /* for GDB */ 877 878 dbg(" %p .. %p: %s", obj->mapbase, 879 obj->mapbase + obj->mapsize - 1, obj->path); 880 if (obj->textrel) 881 dbg(" WARNING: %s has impure text", obj->path); 882 } else 883 free(path); 884 885 obj->refcount++; 886 return obj; 887 } 888 889 static Obj_Entry * 890 obj_from_addr(const void *addr) 891 { 892 unsigned long endhash; 893 Obj_Entry *obj; 894 895 endhash = elf_hash(END_SYM); 896 for (obj = obj_list; obj != NULL; obj = obj->next) { 897 const Elf_Sym *endsym; 898 899 if (addr < (void *) obj->mapbase) 900 continue; 901 if ((endsym = symlook_obj(END_SYM, endhash, obj, true)) == NULL) 902 continue; /* No "end" symbol?! */ 903 if (addr < (void *) (obj->relocbase + endsym->st_value)) 904 return obj; 905 } 906 return NULL; 907 } 908 909 /* 910 * Relocate newly-loaded shared objects. The argument is a pointer to 911 * the Obj_Entry for the first such object. All objects from the first 912 * to the end of the list of objects are relocated. Returns 0 on success, 913 * or -1 on failure. 914 */ 915 static int 916 relocate_objects(Obj_Entry *first, bool bind_now) 917 { 918 Obj_Entry *obj; 919 920 for (obj = first; obj != NULL; obj = obj->next) { 921 if (obj->nbuckets == 0 || obj->nchains == 0 || obj->buckets == NULL || 922 obj->symtab == NULL || obj->strtab == NULL) { 923 _rtld_error("%s: Shared object has no run-time symbol table", 924 obj->path); 925 return -1; 926 } 927 928 if (obj->textrel) { 929 /* There are relocations to the write-protected text segment. */ 930 if (mprotect(obj->mapbase, obj->textsize, 931 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { 932 _rtld_error("%s: Cannot write-enable text segment: %s", 933 obj->path, strerror(errno)); 934 return -1; 935 } 936 } 937 938 /* Process the non-PLT relocations. */ 939 if (reloc_non_plt(obj, &obj_rtld)) 940 return -1; 941 942 if (obj->textrel) { /* Re-protected the text segment. */ 943 if (mprotect(obj->mapbase, obj->textsize, 944 PROT_READ|PROT_EXEC) == -1) { 945 _rtld_error("%s: Cannot write-protect text segment: %s", 946 obj->path, strerror(errno)); 947 return -1; 948 } 949 } 950 951 /* Process the PLT relocations. */ 952 if (reloc_plt(obj, bind_now)) 953 return -1; 954 955 /* 956 * Set up the magic number and version in the Obj_Entry. These 957 * were checked in the crt1.o from the original ElfKit, so we 958 * set them for backward compatibility. 959 */ 960 obj->magic = RTLD_MAGIC; 961 obj->version = RTLD_VERSION; 962 963 /* Set the special GOT entries. */ 964 if (obj->got) { 965 #ifdef __i386__ 966 obj->got[1] = (Elf_Addr) obj; 967 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 968 #endif 969 #ifdef __alpha__ 970 /* This function will be called to perform the relocation. */ 971 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 972 /* Identify this shared object */ 973 obj->got[3] = (Elf_Addr) obj; 974 #endif 975 } 976 } 977 978 return 0; 979 } 980 981 /* 982 * Cleanup procedure. It will be called (by the atexit mechanism) just 983 * before the process exits. 984 */ 985 static void 986 rtld_exit(void) 987 { 988 dbg("rtld_exit()"); 989 call_fini_functions(obj_list->next); 990 } 991 992 static char * 993 search_library_path(const char *name, const char *path) 994 { 995 size_t namelen = strlen(name); 996 const char *p = path; 997 998 if (p == NULL) 999 return NULL; 1000 1001 p += strspn(p, ":;"); 1002 while (*p != '\0') { 1003 size_t len = strcspn(p, ":;"); 1004 1005 if (*p == '/' || trust) { 1006 char *pathname; 1007 const char *dir = p; 1008 size_t dirlen = len; 1009 1010 pathname = xmalloc(dirlen + 1 + namelen + 1); 1011 strncpy(pathname, dir, dirlen); 1012 pathname[dirlen] = '/'; 1013 strcpy(pathname + dirlen + 1, name); 1014 1015 dbg(" Trying \"%s\"", pathname); 1016 if (access(pathname, F_OK) == 0) /* We found it */ 1017 return pathname; 1018 1019 free(pathname); 1020 } 1021 p += len; 1022 p += strspn(p, ":;"); 1023 } 1024 1025 return NULL; 1026 } 1027 1028 int 1029 dlclose(void *handle) 1030 { 1031 Obj_Entry *root = dlcheck(handle); 1032 1033 if (root == NULL) 1034 return -1; 1035 1036 GDB_STATE(RT_DELETE); 1037 1038 root->dl_refcount--; 1039 unref_object_dag(root); 1040 if (root->refcount == 0) { /* We are finished with some objects. */ 1041 Obj_Entry *obj; 1042 Obj_Entry **linkp; 1043 1044 /* Finalize objects that are about to be unmapped. */ 1045 for (obj = obj_list->next; obj != NULL; obj = obj->next) 1046 if (obj->refcount == 0 && obj->fini != NULL) 1047 (*obj->fini)(); 1048 1049 /* Unmap all objects that are no longer referenced. */ 1050 linkp = &obj_list->next; 1051 while ((obj = *linkp) != NULL) { 1052 if (obj->refcount == 0) { 1053 munmap(obj->mapbase, obj->mapsize); 1054 free(obj->path); 1055 while (obj->needed != NULL) { 1056 Needed_Entry *needed = obj->needed; 1057 obj->needed = needed->next; 1058 free(needed); 1059 } 1060 linkmap_delete(obj); 1061 *linkp = obj->next; 1062 free(obj); 1063 } else 1064 linkp = &obj->next; 1065 } 1066 } 1067 1068 GDB_STATE(RT_CONSISTENT); 1069 1070 return 0; 1071 } 1072 1073 const char * 1074 dlerror(void) 1075 { 1076 char *msg = error_message; 1077 error_message = NULL; 1078 return msg; 1079 } 1080 1081 void * 1082 dlopen(const char *name, int mode) 1083 { 1084 Obj_Entry **old_obj_tail = obj_tail; 1085 Obj_Entry *obj = NULL; 1086 1087 GDB_STATE(RT_ADD); 1088 1089 if (name == NULL) 1090 obj = obj_main; 1091 else { 1092 char *path = find_library(name, NULL); 1093 if (path != NULL) 1094 obj = load_object(path); 1095 } 1096 1097 if (obj) { 1098 obj->dl_refcount++; 1099 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1100 assert(*old_obj_tail == obj); 1101 1102 /* XXX - Clean up properly after an error. */ 1103 if (load_needed_objects(obj) == -1) { 1104 obj->dl_refcount--; 1105 obj = NULL; 1106 } else if (relocate_objects(obj, mode == RTLD_NOW) == -1) { 1107 obj->dl_refcount--; 1108 obj = NULL; 1109 } else 1110 call_init_functions(obj); 1111 } 1112 } 1113 1114 GDB_STATE(RT_CONSISTENT); 1115 1116 return obj; 1117 } 1118 1119 void * 1120 dlsym(void *handle, const char *name) 1121 { 1122 const Obj_Entry *obj; 1123 unsigned long hash; 1124 const Elf_Sym *def; 1125 1126 hash = elf_hash(name); 1127 def = NULL; 1128 1129 if (handle == NULL || handle == RTLD_NEXT) { 1130 void *retaddr; 1131 1132 retaddr = __builtin_return_address(0); /* __GNUC__ only */ 1133 if ((obj = obj_from_addr(retaddr)) == NULL) { 1134 _rtld_error("Cannot determine caller's shared object"); 1135 return NULL; 1136 } 1137 if (handle == NULL) /* Just the caller's shared object. */ 1138 def = symlook_obj(name, hash, obj, true); 1139 else { /* All the shared objects after the caller's */ 1140 while ((obj = obj->next) != NULL) 1141 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1142 break; 1143 } 1144 } else { 1145 if ((obj = dlcheck(handle)) == NULL) 1146 return NULL; 1147 1148 if (obj->mainprog) { 1149 /* Search main program and all libraries loaded by it. */ 1150 for ( ; obj != *main_tail; obj = obj->next) 1151 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1152 break; 1153 } else { 1154 /* 1155 * XXX - This isn't correct. The search should include the whole 1156 * DAG rooted at the given object. 1157 */ 1158 def = symlook_obj(name, hash, obj, true); 1159 } 1160 } 1161 1162 if (def != NULL) 1163 return obj->relocbase + def->st_value; 1164 1165 _rtld_error("Undefined symbol \"%s\"", name); 1166 return NULL; 1167 } 1168 1169 static void 1170 linkmap_add(Obj_Entry *obj) 1171 { 1172 struct link_map *l = &obj->linkmap; 1173 struct link_map *prev; 1174 1175 obj->linkmap.l_name = obj->path; 1176 obj->linkmap.l_addr = obj->mapbase; 1177 obj->linkmap.l_ld = obj->dynamic; 1178 #ifdef __mips__ 1179 /* GDB needs load offset on MIPS to use the symbols */ 1180 obj->linkmap.l_offs = obj->relocbase; 1181 #endif 1182 1183 if (r_debug.r_map == NULL) { 1184 r_debug.r_map = l; 1185 return; 1186 } 1187 1188 for (prev = r_debug.r_map; prev->l_next != NULL; prev = prev->l_next) 1189 ; 1190 l->l_prev = prev; 1191 prev->l_next = l; 1192 l->l_next = NULL; 1193 } 1194 1195 static void 1196 linkmap_delete(Obj_Entry *obj) 1197 { 1198 struct link_map *l = &obj->linkmap; 1199 1200 if (l->l_prev == NULL) { 1201 if ((r_debug.r_map = l->l_next) != NULL) 1202 l->l_next->l_prev = NULL; 1203 return; 1204 } 1205 1206 if ((l->l_prev->l_next = l->l_next) != NULL) 1207 l->l_next->l_prev = l->l_prev; 1208 } 1209 1210 /* 1211 * Function for the debugger to set a breakpoint on to gain control. 1212 */ 1213 void 1214 r_debug_state(void) 1215 { 1216 } 1217 1218 /* 1219 * Search the symbol table of a single shared object for a symbol of 1220 * the given name. Returns a pointer to the symbol, or NULL if no 1221 * definition was found. 1222 * 1223 * The symbol's hash value is passed in for efficiency reasons; that 1224 * eliminates many recomputations of the hash value. 1225 */ 1226 const Elf_Sym * 1227 symlook_obj(const char *name, unsigned long hash, const Obj_Entry *obj, 1228 bool in_plt) 1229 { 1230 unsigned long symnum = obj->buckets[hash % obj->nbuckets]; 1231 1232 while (symnum != STN_UNDEF) { 1233 const Elf_Sym *symp; 1234 const char *strp; 1235 1236 assert(symnum < obj->nchains); 1237 symp = obj->symtab + symnum; 1238 assert(symp->st_name != 0); 1239 strp = obj->strtab + symp->st_name; 1240 1241 if (strcmp(name, strp) == 0) 1242 return symp->st_shndx != SHN_UNDEF || 1243 (!in_plt && symp->st_value != 0 && 1244 ELF_ST_TYPE(symp->st_info) == STT_FUNC) ? symp : NULL; 1245 1246 symnum = obj->chains[symnum]; 1247 } 1248 1249 return NULL; 1250 } 1251 1252 static void 1253 trace_loaded_objects(Obj_Entry *obj) 1254 { 1255 char *fmt1, *fmt2, *fmt, *main_local; 1256 int c; 1257 1258 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL) 1259 main_local = ""; 1260 1261 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL) 1262 fmt1 = "\t%o => %p (%x)\n"; 1263 1264 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL) 1265 fmt2 = "\t%o (%x)\n"; 1266 1267 for (; obj; obj = obj->next) { 1268 Needed_Entry *needed; 1269 char *name, *path; 1270 bool is_lib; 1271 1272 for (needed = obj->needed; needed; needed = needed->next) { 1273 if (needed->obj != NULL) { 1274 if (needed->obj->traced) 1275 continue; 1276 needed->obj->traced = true; 1277 path = needed->obj->path; 1278 } else 1279 path = "not found"; 1280 1281 name = (char *)obj->strtab + needed->name; 1282 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */ 1283 1284 fmt = is_lib ? fmt1 : fmt2; 1285 while ((c = *fmt++) != '\0') { 1286 switch (c) { 1287 default: 1288 putchar(c); 1289 continue; 1290 case '\\': 1291 switch (c = *fmt) { 1292 case '\0': 1293 continue; 1294 case 'n': 1295 putchar('\n'); 1296 break; 1297 case 't': 1298 putchar('\t'); 1299 break; 1300 } 1301 break; 1302 case '%': 1303 switch (c = *fmt) { 1304 case '\0': 1305 continue; 1306 case '%': 1307 default: 1308 putchar(c); 1309 break; 1310 case 'A': 1311 printf("%s", main_local); 1312 break; 1313 case 'a': 1314 printf("%s", obj_main->path); 1315 break; 1316 case 'o': 1317 printf("%s", name); 1318 break; 1319 #if 0 1320 case 'm': 1321 printf("%d", sodp->sod_major); 1322 break; 1323 case 'n': 1324 printf("%d", sodp->sod_minor); 1325 break; 1326 #endif 1327 case 'p': 1328 printf("%s", path); 1329 break; 1330 case 'x': 1331 printf("%p", needed->obj ? needed->obj->mapbase : 0); 1332 break; 1333 } 1334 break; 1335 } 1336 ++fmt; 1337 } 1338 } 1339 } 1340 } 1341 1342 static void 1343 unref_object_dag(Obj_Entry *root) 1344 { 1345 assert(root->refcount != 0); 1346 root->refcount--; 1347 if (root->refcount == 0) { 1348 const Needed_Entry *needed; 1349 1350 for (needed = root->needed; needed != NULL; needed = needed->next) 1351 unref_object_dag(needed->obj); 1352 } 1353 } 1354 1355 /* 1356 * Non-mallocing printf, for use by malloc itself. 1357 * XXX - This doesn't belong in this module. 1358 */ 1359 void 1360 xprintf(const char *fmt, ...) 1361 { 1362 char buf[256]; 1363 va_list ap; 1364 1365 va_start(ap, fmt); 1366 vsprintf(buf, fmt, ap); 1367 (void)write(1, buf, strlen(buf)); 1368 va_end(ap); 1369 } 1370