1 /*- 2 * Copyright 1996-1998 John D. Polstra. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * $Id: rtld.c,v 1.12 1998/10/13 03:31:59 jdp Exp $ 26 */ 27 28 /* 29 * Dynamic linker for ELF. 30 * 31 * John Polstra <jdp@polstra.com>. 32 */ 33 34 #ifndef __GNUC__ 35 #error "GCC is needed to compile this file" 36 #endif 37 38 #include <sys/param.h> 39 #include <sys/mman.h> 40 41 #include <dlfcn.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <stdarg.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <unistd.h> 50 51 #include "debug.h" 52 #include "rtld.h" 53 54 /* 55 * Debugging support. 56 */ 57 58 #define assert(cond) ((cond) ? (void) 0 :\ 59 (msg("oops: " __XSTRING(__LINE__) "\n"), abort())) 60 #define msg(s) (write(1, s, strlen(s))) 61 #define trace() msg("trace: " __XSTRING(__LINE__) "\n"); 62 63 #define END_SYM "end" 64 65 /* Types. */ 66 typedef void (*func_ptr_type)(); 67 68 /* 69 * Function declarations. 70 */ 71 static void call_fini_functions(Obj_Entry *); 72 static void call_init_functions(Obj_Entry *); 73 static void die(void); 74 static void digest_dynamic(Obj_Entry *); 75 static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t); 76 static Obj_Entry *dlcheck(void *); 77 static char *find_library(const char *, const Obj_Entry *); 78 static const char *gethints(void); 79 static void init_rtld(caddr_t); 80 static bool is_exported(const Elf_Sym *); 81 static void linkmap_add(Obj_Entry *); 82 static void linkmap_delete(Obj_Entry *); 83 static int load_needed_objects(Obj_Entry *); 84 static int load_preload_objects(void); 85 static Obj_Entry *load_object(char *); 86 static Obj_Entry *obj_from_addr(const void *); 87 static int relocate_objects(Obj_Entry *, bool); 88 static void rtld_exit(void); 89 static char *search_library_path(const char *, const char *); 90 static void unref_object_dag(Obj_Entry *); 91 static void trace_loaded_objects(Obj_Entry *obj); 92 93 void r_debug_state(void); 94 void xprintf(const char *, ...); 95 96 #ifdef DEBUG 97 static const char *basename(const char *); 98 #endif 99 100 /* Assembly language entry point for lazy binding. */ 101 extern void _rtld_bind_start(void); 102 103 /* 104 * Assembly language macro for getting the GOT pointer. 105 */ 106 #ifdef __i386__ 107 #define get_got_address() \ 108 ({ Elf_Addr *thegot; \ 109 __asm__("movl %%ebx,%0" : "=rm"(thegot)); \ 110 thegot; }) 111 #elif __alpha__ 112 #define get_got_address() NULL 113 #else 114 #error "This file only supports the i386 and alpha architectures" 115 #endif 116 117 /* 118 * Data declarations. 119 */ 120 static char *error_message; /* Message for dlerror(), or NULL */ 121 struct r_debug r_debug; /* for GDB; */ 122 static bool trust; /* False for setuid and setgid programs */ 123 static char *ld_bind_now; /* Environment variable for immediate binding */ 124 static char *ld_debug; /* Environment variable for debugging */ 125 static char *ld_library_path; /* Environment variable for search path */ 126 static char *ld_preload; /* Environment variable for libraries to 127 load first */ 128 static char *ld_tracing; /* Called from ldd to print libs */ 129 static Obj_Entry **main_tail; /* Value of obj_tail after loading main and 130 its needed shared libraries */ 131 static Obj_Entry *obj_list; /* Head of linked list of shared objects */ 132 static Obj_Entry **obj_tail; /* Link field of last object in list */ 133 static Obj_Entry *obj_main; /* The main program shared object */ 134 static Obj_Entry obj_rtld; /* The dynamic linker shared object */ 135 136 #define GDB_STATE(s) r_debug.r_state = s; r_debug_state(); 137 138 extern Elf_Dyn _DYNAMIC; 139 140 /* 141 * These are the functions the dynamic linker exports to application 142 * programs. They are the only symbols the dynamic linker is willing 143 * to export from itself. 144 */ 145 static func_ptr_type exports[] = { 146 (func_ptr_type) &_rtld_error, 147 (func_ptr_type) &dlclose, 148 (func_ptr_type) &dlerror, 149 (func_ptr_type) &dlopen, 150 (func_ptr_type) &dlsym, 151 NULL 152 }; 153 154 /* 155 * Global declarations normally provided by crt1. The dynamic linker is 156 * not build with crt1, so we have to provide them ourselves. 157 */ 158 char *__progname; 159 char **environ; 160 161 /* 162 * Main entry point for dynamic linking. The first argument is the 163 * stack pointer. The stack is expected to be laid out as described 164 * in the SVR4 ABI specification, Intel 386 Processor Supplement. 165 * Specifically, the stack pointer points to a word containing 166 * ARGC. Following that in the stack is a null-terminated sequence 167 * of pointers to argument strings. Then comes a null-terminated 168 * sequence of pointers to environment strings. Finally, there is a 169 * sequence of "auxiliary vector" entries. 170 * 171 * The second argument points to a place to store the dynamic linker's 172 * exit procedure pointer and the third to a place to store the main 173 * program's object. 174 * 175 * The return value is the main program's entry point. 176 */ 177 func_ptr_type 178 _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) 179 { 180 Elf_Auxinfo *aux_info[AT_COUNT]; 181 int i; 182 int argc; 183 char **argv; 184 char **env; 185 Elf_Auxinfo *aux; 186 Elf_Auxinfo *auxp; 187 188 /* 189 * On entry, the dynamic linker itself has not been relocated yet. 190 * Be very careful not to reference any global data until after 191 * init_rtld has returned. It is OK to reference file-scope statics 192 * and string constants, and to call static and global functions. 193 */ 194 195 /* Find the auxiliary vector on the stack. */ 196 argc = *sp++; 197 argv = (char **) sp; 198 sp += argc + 1; /* Skip over arguments and NULL terminator */ 199 env = (char **) sp; 200 while (*sp++ != 0) /* Skip over environment, and NULL terminator */ 201 ; 202 aux = (Elf_Auxinfo *) sp; 203 204 /* Digest the auxiliary vector. */ 205 for (i = 0; i < AT_COUNT; i++) 206 aux_info[i] = NULL; 207 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) { 208 if (auxp->a_type < AT_COUNT) 209 aux_info[auxp->a_type] = auxp; 210 } 211 212 /* Initialize and relocate ourselves. */ 213 assert(aux_info[AT_BASE] != NULL); 214 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 215 216 __progname = obj_rtld.path; 217 environ = env; 218 219 trust = geteuid() == getuid() && getegid() == getgid(); 220 221 ld_bind_now = getenv("LD_BIND_NOW"); 222 if (trust) { 223 ld_debug = getenv("LD_DEBUG"); 224 ld_library_path = getenv("LD_LIBRARY_PATH"); 225 ld_preload = getenv("LD_PRELOAD"); 226 } 227 ld_tracing = getenv("LD_TRACE_LOADED_OBJECTS"); 228 229 if (ld_debug != NULL && *ld_debug != '\0') 230 debug = 1; 231 dbg("%s is initialized, base address = %p", __progname, 232 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 233 234 /* 235 * Load the main program, or process its program header if it is 236 * already loaded. 237 */ 238 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */ 239 int fd = aux_info[AT_EXECFD]->a_un.a_val; 240 dbg("loading main program"); 241 obj_main = map_object(fd); 242 close(fd); 243 if (obj_main == NULL) 244 die(); 245 } else { /* Main program already loaded. */ 246 const Elf_Phdr *phdr; 247 int phnum; 248 caddr_t entry; 249 250 dbg("processing main program's program header"); 251 assert(aux_info[AT_PHDR] != NULL); 252 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr; 253 assert(aux_info[AT_PHNUM] != NULL); 254 phnum = aux_info[AT_PHNUM]->a_un.a_val; 255 assert(aux_info[AT_PHENT] != NULL); 256 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr)); 257 assert(aux_info[AT_ENTRY] != NULL); 258 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr; 259 obj_main = digest_phdr(phdr, phnum, entry); 260 } 261 262 obj_main->path = xstrdup(argv[0]); 263 obj_main->mainprog = true; 264 digest_dynamic(obj_main); 265 266 linkmap_add(obj_main); 267 linkmap_add(&obj_rtld); 268 269 /* Link the main program into the list of objects. */ 270 *obj_tail = obj_main; 271 obj_tail = &obj_main->next; 272 obj_main->refcount++; 273 274 dbg("loading LD_PRELOAD libraries"); 275 if (load_preload_objects() == -1) 276 die(); 277 278 dbg("loading needed objects"); 279 if (load_needed_objects(obj_main) == -1) 280 die(); 281 main_tail = obj_tail; 282 283 if (ld_tracing) { /* We're done */ 284 trace_loaded_objects(obj_main); 285 exit(0); 286 } 287 288 dbg("relocating objects"); 289 if (relocate_objects(obj_main, 290 ld_bind_now != NULL && *ld_bind_now != '\0') == -1) 291 die(); 292 293 dbg("doing copy relocations"); 294 if (do_copy_relocations(obj_main) == -1) 295 die(); 296 297 dbg("calling _init functions"); 298 call_init_functions(obj_main->next); 299 300 dbg("transferring control to program entry point = %p", obj_main->entry); 301 302 r_debug_state(); /* say hello to gdb! */ 303 304 /* Return the exit procedure and the program entry point. */ 305 *exit_proc = rtld_exit; 306 *objp = obj_main; 307 return (func_ptr_type) obj_main->entry; 308 } 309 310 caddr_t 311 _rtld_bind(const Obj_Entry *obj, Elf_Word reloff) 312 { 313 const Elf_Rel *rel; 314 const Elf_Sym *def; 315 const Obj_Entry *defobj; 316 Elf_Addr *where; 317 caddr_t target; 318 319 if (obj->pltrel) 320 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff); 321 else 322 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff); 323 324 where = (Elf_Addr *) (obj->relocbase + rel->r_offset); 325 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true); 326 if (def == NULL) 327 die(); 328 329 target = (caddr_t) (defobj->relocbase + def->st_value); 330 331 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"", 332 defobj->strtab + def->st_name, basename(obj->path), 333 target, basename(defobj->path)); 334 335 *where = (Elf_Addr) target; 336 return target; 337 } 338 339 /* 340 * Error reporting function. Use it like printf. If formats the message 341 * into a buffer, and sets things up so that the next call to dlerror() 342 * will return the message. 343 */ 344 void 345 _rtld_error(const char *fmt, ...) 346 { 347 static char buf[512]; 348 va_list ap; 349 350 va_start(ap, fmt); 351 vsnprintf(buf, sizeof buf, fmt, ap); 352 error_message = buf; 353 va_end(ap); 354 } 355 356 #ifdef DEBUG 357 static const char * 358 basename(const char *name) 359 { 360 const char *p = strrchr(name, '/'); 361 return p != NULL ? p + 1 : name; 362 } 363 #endif 364 365 static void 366 call_fini_functions(Obj_Entry *first) 367 { 368 Obj_Entry *obj; 369 370 for (obj = first; obj != NULL; obj = obj->next) 371 if (obj->fini != NULL) 372 (*obj->fini)(); 373 } 374 375 static void 376 call_init_functions(Obj_Entry *first) 377 { 378 if (first != NULL) { 379 call_init_functions(first->next); 380 if (first->init != NULL) 381 (*first->init)(); 382 } 383 } 384 385 static void 386 die(void) 387 { 388 const char *msg = dlerror(); 389 390 if (msg == NULL) 391 msg = "Fatal error"; 392 errx(1, "%s", msg); 393 } 394 395 /* 396 * Process a shared object's DYNAMIC section, and save the important 397 * information in its Obj_Entry structure. 398 */ 399 static void 400 digest_dynamic(Obj_Entry *obj) 401 { 402 const Elf_Dyn *dynp; 403 Needed_Entry **needed_tail = &obj->needed; 404 const Elf_Dyn *dyn_rpath = NULL; 405 int plttype = DT_REL; 406 407 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { 408 switch (dynp->d_tag) { 409 410 case DT_REL: 411 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr); 412 break; 413 414 case DT_RELSZ: 415 obj->relsize = dynp->d_un.d_val; 416 break; 417 418 case DT_RELENT: 419 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 420 break; 421 422 case DT_JMPREL: 423 obj->pltrel = (const Elf_Rel *) 424 (obj->relocbase + dynp->d_un.d_ptr); 425 break; 426 427 case DT_PLTRELSZ: 428 obj->pltrelsize = dynp->d_un.d_val; 429 break; 430 431 case DT_RELA: 432 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr); 433 break; 434 435 case DT_RELASZ: 436 obj->relasize = dynp->d_un.d_val; 437 break; 438 439 case DT_RELAENT: 440 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 441 break; 442 443 case DT_PLTREL: 444 plttype = dynp->d_un.d_val; 445 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA); 446 break; 447 448 case DT_SYMTAB: 449 obj->symtab = (const Elf_Sym *) 450 (obj->relocbase + dynp->d_un.d_ptr); 451 break; 452 453 case DT_SYMENT: 454 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 455 break; 456 457 case DT_STRTAB: 458 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr); 459 break; 460 461 case DT_STRSZ: 462 obj->strsize = dynp->d_un.d_val; 463 break; 464 465 case DT_HASH: 466 { 467 const Elf_Addr *hashtab = (const Elf_Addr *) 468 (obj->relocbase + dynp->d_un.d_ptr); 469 obj->nbuckets = hashtab[0]; 470 obj->nchains = hashtab[1]; 471 obj->buckets = hashtab + 2; 472 obj->chains = obj->buckets + obj->nbuckets; 473 } 474 break; 475 476 case DT_NEEDED: 477 assert(!obj->rtld); 478 { 479 Needed_Entry *nep = NEW(Needed_Entry); 480 nep->name = dynp->d_un.d_val; 481 nep->obj = NULL; 482 nep->next = NULL; 483 484 *needed_tail = nep; 485 needed_tail = &nep->next; 486 } 487 break; 488 489 case DT_PLTGOT: 490 obj->got = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr); 491 break; 492 493 case DT_TEXTREL: 494 obj->textrel = true; 495 break; 496 497 case DT_SYMBOLIC: 498 obj->symbolic = true; 499 break; 500 501 case DT_RPATH: 502 /* 503 * We have to wait until later to process this, because we 504 * might not have gotten the address of the string table yet. 505 */ 506 dyn_rpath = dynp; 507 break; 508 509 case DT_SONAME: 510 /* Not used by the dynamic linker. */ 511 break; 512 513 case DT_INIT: 514 obj->init = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 515 break; 516 517 case DT_FINI: 518 obj->fini = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 519 break; 520 521 case DT_DEBUG: 522 /* XXX - not implemented yet */ 523 dbg("Filling in DT_DEBUG entry"); 524 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug; 525 break; 526 527 default: 528 xprintf("Ignored d_tag %d\n",dynp->d_tag); 529 break; 530 } 531 } 532 533 obj->traced = false; 534 535 if (plttype == DT_RELA) { 536 obj->pltrela = (const Elf_Rela *) obj->pltrel; 537 obj->pltrel = NULL; 538 obj->pltrelasize = obj->pltrelsize; 539 obj->pltrelsize = 0; 540 } 541 542 if (dyn_rpath != NULL) 543 obj->rpath = obj->strtab + dyn_rpath->d_un.d_val; 544 } 545 546 /* 547 * Process a shared object's program header. This is used only for the 548 * main program, when the kernel has already loaded the main program 549 * into memory before calling the dynamic linker. It creates and 550 * returns an Obj_Entry structure. 551 */ 552 static Obj_Entry * 553 digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 554 { 555 Obj_Entry *obj = CNEW(Obj_Entry); 556 const Elf_Phdr *phlimit = phdr + phnum; 557 const Elf_Phdr *ph; 558 int nsegs = 0; 559 560 for (ph = phdr; ph < phlimit; ph++) { 561 switch (ph->p_type) { 562 563 case PT_PHDR: 564 assert((const Elf_Phdr *) ph->p_vaddr == phdr); 565 obj->phdr = (const Elf_Phdr *) ph->p_vaddr; 566 obj->phsize = ph->p_memsz; 567 break; 568 569 case PT_LOAD: 570 assert(nsegs < 2); 571 if (nsegs == 0) { /* First load segment */ 572 obj->vaddrbase = trunc_page(ph->p_vaddr); 573 obj->mapbase = (caddr_t) obj->vaddrbase; 574 obj->relocbase = obj->mapbase - obj->vaddrbase; 575 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) - 576 obj->vaddrbase; 577 } else { /* Last load segment */ 578 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) - 579 obj->vaddrbase; 580 } 581 nsegs++; 582 break; 583 584 case PT_DYNAMIC: 585 obj->dynamic = (const Elf_Dyn *) ph->p_vaddr; 586 break; 587 } 588 } 589 assert(nsegs == 2); 590 591 obj->entry = entry; 592 return obj; 593 } 594 595 static Obj_Entry * 596 dlcheck(void *handle) 597 { 598 Obj_Entry *obj; 599 600 for (obj = obj_list; obj != NULL; obj = obj->next) 601 if (obj == (Obj_Entry *) handle) 602 break; 603 604 if (obj == NULL || obj->dl_refcount == 0) { 605 _rtld_error("Invalid shared object handle %p", handle); 606 return NULL; 607 } 608 return obj; 609 } 610 611 /* 612 * Hash function for symbol table lookup. Don't even think about changing 613 * this. It is specified by the System V ABI. 614 */ 615 unsigned long 616 elf_hash(const char *name) 617 { 618 const unsigned char *p = (const unsigned char *) name; 619 unsigned long h = 0; 620 unsigned long g; 621 622 while (*p != '\0') { 623 h = (h << 4) + *p++; 624 if ((g = h & 0xf0000000) != 0) 625 h ^= g >> 24; 626 h &= ~g; 627 } 628 return h; 629 } 630 631 /* 632 * Find the library with the given name, and return its full pathname. 633 * The returned string is dynamically allocated. Generates an error 634 * message and returns NULL if the library cannot be found. 635 * 636 * If the second argument is non-NULL, then it refers to an already- 637 * loaded shared object, whose library search path will be searched. 638 * 639 * The search order is: 640 * LD_LIBRARY_PATH 641 * ldconfig hints 642 * rpath in the referencing file 643 * /usr/lib 644 */ 645 static char * 646 find_library(const char *name, const Obj_Entry *refobj) 647 { 648 char *pathname; 649 650 if (strchr(name, '/') != NULL) { /* Hard coded pathname */ 651 if (name[0] != '/' && !trust) { 652 _rtld_error("Absolute pathname required for shared object \"%s\"", 653 name); 654 return NULL; 655 } 656 return xstrdup(name); 657 } 658 659 dbg(" Searching for \"%s\"", name); 660 661 if ((pathname = search_library_path(name, ld_library_path)) != NULL || 662 (pathname = search_library_path(name, gethints())) != NULL || 663 (refobj != NULL && 664 (pathname = search_library_path(name, refobj->rpath)) != NULL) || 665 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL) 666 return pathname; 667 668 _rtld_error("Shared object \"%s\" not found", name); 669 return NULL; 670 } 671 672 /* 673 * Given a symbol number in a referencing object, find the corresponding 674 * definition of the symbol. Returns a pointer to the symbol, or NULL if 675 * no definition was found. Returns a pointer to the Obj_Entry of the 676 * defining object via the reference parameter DEFOBJ_OUT. 677 */ 678 const Elf_Sym * 679 find_symdef(unsigned long symnum, const Obj_Entry *refobj, 680 const Obj_Entry **defobj_out, bool in_plt) 681 { 682 const Elf_Sym *ref; 683 const Elf_Sym *strongdef; 684 const Elf_Sym *weakdef; 685 const Obj_Entry *obj; 686 const Obj_Entry *strongobj; 687 const Obj_Entry *weakobj; 688 const char *name; 689 unsigned long hash; 690 691 ref = refobj->symtab + symnum; 692 name = refobj->strtab + ref->st_name; 693 hash = elf_hash(name); 694 695 if (refobj->symbolic) { /* Look first in the referencing object */ 696 const Elf_Sym *def = symlook_obj(name, hash, refobj, in_plt); 697 if (def != NULL) { 698 *defobj_out = refobj; 699 return def; 700 } 701 } 702 703 /* 704 * Look in all loaded objects. Skip the referencing object, if 705 * we have already searched it. We keep track of the first weak 706 * definition and the first strong definition we encounter. If 707 * we find a strong definition we stop searching, because there 708 * won't be anything better than that. 709 */ 710 strongdef = weakdef = NULL; 711 strongobj = weakobj = NULL; 712 for (obj = obj_list; obj != NULL; obj = obj->next) { 713 if (obj != refobj || !refobj->symbolic) { 714 const Elf_Sym *def = symlook_obj(name, hash, obj, in_plt); 715 if (def != NULL) { 716 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 717 if (weakdef == NULL) { 718 weakdef = def; 719 weakobj = obj; 720 } 721 } else { 722 strongdef = def; 723 strongobj = obj; 724 break; /* We are done. */ 725 } 726 } 727 } 728 } 729 730 /* 731 * If we still don't have a strong definition, search the dynamic 732 * linker itself, and possibly resolve the symbol from there. 733 * This is how the application links to dynamic linker services 734 * such as dlopen. Only the values listed in the "exports" array 735 * can be resolved from the dynamic linker. 736 */ 737 if (strongdef == NULL) { 738 const Elf_Sym *def = symlook_obj(name, hash, &obj_rtld, in_plt); 739 if (def != NULL && is_exported(def)) { 740 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 741 if (weakdef == NULL) { 742 weakdef = def; 743 weakobj = &obj_rtld; 744 } 745 } else { 746 strongdef = def; 747 strongobj = &obj_rtld; 748 } 749 } 750 } 751 752 if (strongdef != NULL) { 753 *defobj_out = strongobj; 754 return strongdef; 755 } 756 if (weakdef != NULL) { 757 *defobj_out = weakobj; 758 return weakdef; 759 } 760 761 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name); 762 return NULL; 763 } 764 765 /* 766 * Return the search path from the ldconfig hints file, reading it if 767 * necessary. Returns NULL if there are problems with the hints file, 768 * or if the search path there is empty. 769 */ 770 static const char * 771 gethints(void) 772 { 773 static char *hints; 774 775 if (hints == NULL) { 776 int fd; 777 struct elfhints_hdr hdr; 778 char *p; 779 780 /* Keep from trying again in case the hints file is bad. */ 781 hints = ""; 782 783 if ((fd = open(_PATH_ELF_HINTS, O_RDONLY)) == -1) 784 return NULL; 785 if (read(fd, &hdr, sizeof hdr) != sizeof hdr || 786 hdr.magic != ELFHINTS_MAGIC || 787 hdr.version != 1) { 788 close(fd); 789 return NULL; 790 } 791 p = xmalloc(hdr.dirlistlen + 1); 792 if (lseek(fd, hdr.strtab + hdr.dirlist, SEEK_SET) == -1 || 793 read(fd, p, hdr.dirlistlen + 1) != hdr.dirlistlen + 1) { 794 free(p); 795 close(fd); 796 return NULL; 797 } 798 hints = p; 799 close(fd); 800 } 801 return hints[0] != '\0' ? hints : NULL; 802 } 803 804 /* 805 * Initialize the dynamic linker. The argument is the address at which 806 * the dynamic linker has been mapped into memory. The primary task of 807 * this function is to relocate the dynamic linker. 808 */ 809 static void 810 init_rtld(caddr_t mapbase) 811 { 812 /* 813 * Conjure up an Obj_Entry structure for the dynamic linker. 814 * 815 * The "path" member is supposed to be dynamically-allocated, but we 816 * aren't yet initialized sufficiently to do that. Below we will 817 * replace the static version with a dynamically-allocated copy. 818 */ 819 obj_rtld.path = "/usr/libexec/ld-elf.so.1"; 820 obj_rtld.rtld = true; 821 obj_rtld.mapbase = mapbase; 822 obj_rtld.relocbase = mapbase; 823 obj_rtld.got = get_got_address(); 824 #ifdef __alpha__ 825 obj_rtld.dynamic = (const Elf_Dyn *) &_DYNAMIC; 826 #else 827 obj_rtld.dynamic = (const Elf_Dyn *) (obj_rtld.mapbase + obj_rtld.got[0]); 828 #endif 829 830 digest_dynamic(&obj_rtld); 831 #ifdef __alpha__ 832 /* XXX XXX XXX */ 833 obj_rtld.got = NULL; 834 #endif 835 assert(obj_rtld.needed == NULL); 836 assert(!obj_rtld.textrel); 837 838 /* 839 * Temporarily put the dynamic linker entry into the object list, so 840 * that symbols can be found. 841 */ 842 obj_list = &obj_rtld; 843 obj_tail = &obj_rtld.next; 844 845 relocate_objects(&obj_rtld, true); 846 847 /* Make the object list empty again. */ 848 obj_list = NULL; 849 obj_tail = &obj_list; 850 851 /* Replace the path with a dynamically allocated copy. */ 852 obj_rtld.path = xstrdup(obj_rtld.path); 853 854 r_debug.r_brk = r_debug_state; 855 r_debug.r_state = RT_CONSISTENT; 856 } 857 858 static bool 859 is_exported(const Elf_Sym *def) 860 { 861 func_ptr_type value; 862 const func_ptr_type *p; 863 864 value = (func_ptr_type)(obj_rtld.relocbase + def->st_value); 865 for (p = exports; *p != NULL; p++) 866 if (*p == value) 867 return true; 868 return false; 869 } 870 871 /* 872 * Given a shared object, traverse its list of needed objects, and load 873 * each of them. Returns 0 on success. Generates an error message and 874 * returns -1 on failure. 875 */ 876 static int 877 load_needed_objects(Obj_Entry *first) 878 { 879 Obj_Entry *obj; 880 881 for (obj = first; obj != NULL; obj = obj->next) { 882 Needed_Entry *needed; 883 884 for (needed = obj->needed; needed != NULL; needed = needed->next) { 885 const char *name = obj->strtab + needed->name; 886 char *path = find_library(name, obj); 887 888 needed->obj = NULL; 889 if (path == NULL && !ld_tracing) 890 return -1; 891 892 if (path) { 893 needed->obj = load_object(path); 894 if (needed->obj == NULL && !ld_tracing) 895 return -1; /* XXX - cleanup */ 896 } 897 } 898 } 899 900 return 0; 901 } 902 903 static int 904 load_preload_objects(void) 905 { 906 char *p = ld_preload; 907 908 if (p == NULL) 909 return NULL; 910 911 p += strspn(p, ":;"); 912 while (*p != '\0') { 913 size_t len = strcspn(p, ":;"); 914 char *path; 915 char savech; 916 917 savech = p[len]; 918 p[len] = '\0'; 919 if ((path = find_library(p, NULL)) == NULL) 920 return -1; 921 if (load_object(path) == NULL) 922 return -1; /* XXX - cleanup */ 923 p[len] = savech; 924 p += len; 925 p += strspn(p, ":;"); 926 } 927 return 0; 928 } 929 930 /* 931 * Load a shared object into memory, if it is not already loaded. The 932 * argument must be a string allocated on the heap. This function assumes 933 * responsibility for freeing it when necessary. 934 * 935 * Returns a pointer to the Obj_Entry for the object. Returns NULL 936 * on failure. 937 */ 938 static Obj_Entry * 939 load_object(char *path) 940 { 941 Obj_Entry *obj; 942 943 for (obj = obj_list->next; obj != NULL; obj = obj->next) 944 if (strcmp(obj->path, path) == 0) 945 break; 946 947 if (obj == NULL) { /* First use of this object, so we must map it in */ 948 int fd; 949 950 if ((fd = open(path, O_RDONLY)) == -1) { 951 _rtld_error("Cannot open \"%s\"", path); 952 return NULL; 953 } 954 obj = map_object(fd); 955 close(fd); 956 if (obj == NULL) { 957 free(path); 958 return NULL; 959 } 960 961 obj->path = path; 962 digest_dynamic(obj); 963 964 *obj_tail = obj; 965 obj_tail = &obj->next; 966 linkmap_add(obj); /* for GDB */ 967 968 dbg(" %p .. %p: %s", obj->mapbase, 969 obj->mapbase + obj->mapsize - 1, obj->path); 970 if (obj->textrel) 971 dbg(" WARNING: %s has impure text", obj->path); 972 } else 973 free(path); 974 975 obj->refcount++; 976 return obj; 977 } 978 979 static Obj_Entry * 980 obj_from_addr(const void *addr) 981 { 982 unsigned long endhash; 983 Obj_Entry *obj; 984 985 endhash = elf_hash(END_SYM); 986 for (obj = obj_list; obj != NULL; obj = obj->next) { 987 const Elf_Sym *endsym; 988 989 if (addr < (void *) obj->mapbase) 990 continue; 991 if ((endsym = symlook_obj(END_SYM, endhash, obj, true)) == NULL) 992 continue; /* No "end" symbol?! */ 993 if (addr < (void *) (obj->relocbase + endsym->st_value)) 994 return obj; 995 } 996 return NULL; 997 } 998 999 /* 1000 * Relocate newly-loaded shared objects. The argument is a pointer to 1001 * the Obj_Entry for the first such object. All objects from the first 1002 * to the end of the list of objects are relocated. Returns 0 on success, 1003 * or -1 on failure. 1004 */ 1005 static int 1006 relocate_objects(Obj_Entry *first, bool bind_now) 1007 { 1008 Obj_Entry *obj; 1009 1010 for (obj = first; obj != NULL; obj = obj->next) { 1011 if (obj != &obj_rtld) 1012 dbg("relocating \"%s\"", obj->path); 1013 if (obj->nbuckets == 0 || obj->nchains == 0 || obj->buckets == NULL || 1014 obj->symtab == NULL || obj->strtab == NULL) { 1015 _rtld_error("%s: Shared object has no run-time symbol table", 1016 obj->path); 1017 return -1; 1018 } 1019 1020 if (obj->textrel) { 1021 /* There are relocations to the write-protected text segment. */ 1022 if (mprotect(obj->mapbase, obj->textsize, 1023 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { 1024 _rtld_error("%s: Cannot write-enable text segment: %s", 1025 obj->path, strerror(errno)); 1026 return -1; 1027 } 1028 } 1029 1030 /* Process the non-PLT relocations. */ 1031 if (reloc_non_plt(obj, &obj_rtld)) 1032 return -1; 1033 1034 if (obj->textrel) { /* Re-protected the text segment. */ 1035 if (mprotect(obj->mapbase, obj->textsize, 1036 PROT_READ|PROT_EXEC) == -1) { 1037 _rtld_error("%s: Cannot write-protect text segment: %s", 1038 obj->path, strerror(errno)); 1039 return -1; 1040 } 1041 } 1042 1043 /* Process the PLT relocations. */ 1044 if (reloc_plt(obj, bind_now)) 1045 return -1; 1046 1047 /* 1048 * Set up the magic number and version in the Obj_Entry. These 1049 * were checked in the crt1.o from the original ElfKit, so we 1050 * set them for backward compatibility. 1051 */ 1052 obj->magic = RTLD_MAGIC; 1053 obj->version = RTLD_VERSION; 1054 1055 /* Set the special GOT entries. */ 1056 if (obj->got) { 1057 #ifdef __i386__ 1058 obj->got[1] = (Elf_Addr) obj; 1059 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 1060 #endif 1061 #ifdef __alpha__ 1062 /* This function will be called to perform the relocation. */ 1063 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 1064 /* Identify this shared object */ 1065 obj->got[3] = (Elf_Addr) obj; 1066 #endif 1067 } 1068 } 1069 1070 return 0; 1071 } 1072 1073 /* 1074 * Cleanup procedure. It will be called (by the atexit mechanism) just 1075 * before the process exits. 1076 */ 1077 static void 1078 rtld_exit(void) 1079 { 1080 dbg("rtld_exit()"); 1081 call_fini_functions(obj_list->next); 1082 } 1083 1084 static char * 1085 search_library_path(const char *name, const char *path) 1086 { 1087 size_t namelen = strlen(name); 1088 const char *p = path; 1089 1090 if (p == NULL) 1091 return NULL; 1092 1093 p += strspn(p, ":;"); 1094 while (*p != '\0') { 1095 size_t len = strcspn(p, ":;"); 1096 1097 if (*p == '/' || trust) { 1098 char *pathname; 1099 const char *dir = p; 1100 size_t dirlen = len; 1101 1102 pathname = xmalloc(dirlen + 1 + namelen + 1); 1103 strncpy(pathname, dir, dirlen); 1104 pathname[dirlen] = '/'; 1105 strcpy(pathname + dirlen + 1, name); 1106 1107 dbg(" Trying \"%s\"", pathname); 1108 if (access(pathname, F_OK) == 0) /* We found it */ 1109 return pathname; 1110 1111 free(pathname); 1112 } 1113 p += len; 1114 p += strspn(p, ":;"); 1115 } 1116 1117 return NULL; 1118 } 1119 1120 int 1121 dlclose(void *handle) 1122 { 1123 Obj_Entry *root = dlcheck(handle); 1124 1125 if (root == NULL) 1126 return -1; 1127 1128 GDB_STATE(RT_DELETE); 1129 1130 root->dl_refcount--; 1131 unref_object_dag(root); 1132 if (root->refcount == 0) { /* We are finished with some objects. */ 1133 Obj_Entry *obj; 1134 Obj_Entry **linkp; 1135 1136 /* Finalize objects that are about to be unmapped. */ 1137 for (obj = obj_list->next; obj != NULL; obj = obj->next) 1138 if (obj->refcount == 0 && obj->fini != NULL) 1139 (*obj->fini)(); 1140 1141 /* Unmap all objects that are no longer referenced. */ 1142 linkp = &obj_list->next; 1143 while ((obj = *linkp) != NULL) { 1144 if (obj->refcount == 0) { 1145 munmap(obj->mapbase, obj->mapsize); 1146 free(obj->path); 1147 while (obj->needed != NULL) { 1148 Needed_Entry *needed = obj->needed; 1149 obj->needed = needed->next; 1150 free(needed); 1151 } 1152 linkmap_delete(obj); 1153 *linkp = obj->next; 1154 free(obj); 1155 } else 1156 linkp = &obj->next; 1157 } 1158 obj_tail = linkp; 1159 } 1160 1161 GDB_STATE(RT_CONSISTENT); 1162 1163 return 0; 1164 } 1165 1166 const char * 1167 dlerror(void) 1168 { 1169 char *msg = error_message; 1170 error_message = NULL; 1171 return msg; 1172 } 1173 1174 void * 1175 dlopen(const char *name, int mode) 1176 { 1177 Obj_Entry **old_obj_tail = obj_tail; 1178 Obj_Entry *obj = NULL; 1179 1180 GDB_STATE(RT_ADD); 1181 1182 if (name == NULL) 1183 obj = obj_main; 1184 else { 1185 char *path = find_library(name, obj_main); 1186 if (path != NULL) 1187 obj = load_object(path); 1188 } 1189 1190 if (obj) { 1191 obj->dl_refcount++; 1192 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1193 assert(*old_obj_tail == obj); 1194 1195 /* XXX - Clean up properly after an error. */ 1196 if (load_needed_objects(obj) == -1) { 1197 obj->dl_refcount--; 1198 obj = NULL; 1199 } else if (relocate_objects(obj, mode == RTLD_NOW) == -1) { 1200 obj->dl_refcount--; 1201 obj = NULL; 1202 } else 1203 call_init_functions(obj); 1204 } 1205 } 1206 1207 GDB_STATE(RT_CONSISTENT); 1208 1209 return obj; 1210 } 1211 1212 void * 1213 dlsym(void *handle, const char *name) 1214 { 1215 const Obj_Entry *obj; 1216 unsigned long hash; 1217 const Elf_Sym *def; 1218 1219 hash = elf_hash(name); 1220 def = NULL; 1221 1222 if (handle == NULL || handle == RTLD_NEXT) { 1223 void *retaddr; 1224 1225 retaddr = __builtin_return_address(0); /* __GNUC__ only */ 1226 if ((obj = obj_from_addr(retaddr)) == NULL) { 1227 _rtld_error("Cannot determine caller's shared object"); 1228 return NULL; 1229 } 1230 if (handle == NULL) /* Just the caller's shared object. */ 1231 def = symlook_obj(name, hash, obj, true); 1232 else { /* All the shared objects after the caller's */ 1233 while ((obj = obj->next) != NULL) 1234 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1235 break; 1236 } 1237 } else { 1238 if ((obj = dlcheck(handle)) == NULL) 1239 return NULL; 1240 1241 if (obj->mainprog) { 1242 /* Search main program and all libraries loaded by it. */ 1243 for ( ; obj != *main_tail; obj = obj->next) 1244 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1245 break; 1246 } else { 1247 /* 1248 * XXX - This isn't correct. The search should include the whole 1249 * DAG rooted at the given object. 1250 */ 1251 def = symlook_obj(name, hash, obj, true); 1252 } 1253 } 1254 1255 if (def != NULL) 1256 return obj->relocbase + def->st_value; 1257 1258 _rtld_error("Undefined symbol \"%s\"", name); 1259 return NULL; 1260 } 1261 1262 static void 1263 linkmap_add(Obj_Entry *obj) 1264 { 1265 struct link_map *l = &obj->linkmap; 1266 struct link_map *prev; 1267 1268 obj->linkmap.l_name = obj->path; 1269 obj->linkmap.l_addr = obj->mapbase; 1270 obj->linkmap.l_ld = obj->dynamic; 1271 #ifdef __mips__ 1272 /* GDB needs load offset on MIPS to use the symbols */ 1273 obj->linkmap.l_offs = obj->relocbase; 1274 #endif 1275 1276 if (r_debug.r_map == NULL) { 1277 r_debug.r_map = l; 1278 return; 1279 } 1280 1281 /* 1282 * Scan to the end of the list, but not past the entry for the 1283 * dynamic linker, which we want to keep at the very end. 1284 */ 1285 for (prev = r_debug.r_map; 1286 prev->l_next != NULL && prev->l_next != &obj_rtld.linkmap; 1287 prev = prev->l_next) 1288 ; 1289 1290 /* Link in the new entry. */ 1291 l->l_prev = prev; 1292 l->l_next = prev->l_next; 1293 if (l->l_next != NULL) 1294 l->l_next->l_prev = l; 1295 prev->l_next = l; 1296 } 1297 1298 static void 1299 linkmap_delete(Obj_Entry *obj) 1300 { 1301 struct link_map *l = &obj->linkmap; 1302 1303 if (l->l_prev == NULL) { 1304 if ((r_debug.r_map = l->l_next) != NULL) 1305 l->l_next->l_prev = NULL; 1306 return; 1307 } 1308 1309 if ((l->l_prev->l_next = l->l_next) != NULL) 1310 l->l_next->l_prev = l->l_prev; 1311 } 1312 1313 /* 1314 * Function for the debugger to set a breakpoint on to gain control. 1315 */ 1316 void 1317 r_debug_state(void) 1318 { 1319 } 1320 1321 /* 1322 * Search the symbol table of a single shared object for a symbol of 1323 * the given name. Returns a pointer to the symbol, or NULL if no 1324 * definition was found. 1325 * 1326 * The symbol's hash value is passed in for efficiency reasons; that 1327 * eliminates many recomputations of the hash value. 1328 */ 1329 const Elf_Sym * 1330 symlook_obj(const char *name, unsigned long hash, const Obj_Entry *obj, 1331 bool in_plt) 1332 { 1333 unsigned long symnum = obj->buckets[hash % obj->nbuckets]; 1334 1335 while (symnum != STN_UNDEF) { 1336 const Elf_Sym *symp; 1337 const char *strp; 1338 1339 assert(symnum < obj->nchains); 1340 symp = obj->symtab + symnum; 1341 assert(symp->st_name != 0); 1342 strp = obj->strtab + symp->st_name; 1343 1344 if (strcmp(name, strp) == 0) 1345 return symp->st_shndx != SHN_UNDEF || 1346 (!in_plt && symp->st_value != 0 && 1347 ELF_ST_TYPE(symp->st_info) == STT_FUNC) ? symp : NULL; 1348 1349 symnum = obj->chains[symnum]; 1350 } 1351 1352 return NULL; 1353 } 1354 1355 static void 1356 trace_loaded_objects(Obj_Entry *obj) 1357 { 1358 char *fmt1, *fmt2, *fmt, *main_local; 1359 int c; 1360 1361 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL) 1362 main_local = ""; 1363 1364 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL) 1365 fmt1 = "\t%o => %p (%x)\n"; 1366 1367 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL) 1368 fmt2 = "\t%o (%x)\n"; 1369 1370 for (; obj; obj = obj->next) { 1371 Needed_Entry *needed; 1372 char *name, *path; 1373 bool is_lib; 1374 1375 for (needed = obj->needed; needed; needed = needed->next) { 1376 if (needed->obj != NULL) { 1377 if (needed->obj->traced) 1378 continue; 1379 needed->obj->traced = true; 1380 path = needed->obj->path; 1381 } else 1382 path = "not found"; 1383 1384 name = (char *)obj->strtab + needed->name; 1385 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */ 1386 1387 fmt = is_lib ? fmt1 : fmt2; 1388 while ((c = *fmt++) != '\0') { 1389 switch (c) { 1390 default: 1391 putchar(c); 1392 continue; 1393 case '\\': 1394 switch (c = *fmt) { 1395 case '\0': 1396 continue; 1397 case 'n': 1398 putchar('\n'); 1399 break; 1400 case 't': 1401 putchar('\t'); 1402 break; 1403 } 1404 break; 1405 case '%': 1406 switch (c = *fmt) { 1407 case '\0': 1408 continue; 1409 case '%': 1410 default: 1411 putchar(c); 1412 break; 1413 case 'A': 1414 printf("%s", main_local); 1415 break; 1416 case 'a': 1417 printf("%s", obj_main->path); 1418 break; 1419 case 'o': 1420 printf("%s", name); 1421 break; 1422 #if 0 1423 case 'm': 1424 printf("%d", sodp->sod_major); 1425 break; 1426 case 'n': 1427 printf("%d", sodp->sod_minor); 1428 break; 1429 #endif 1430 case 'p': 1431 printf("%s", path); 1432 break; 1433 case 'x': 1434 printf("%p", needed->obj ? needed->obj->mapbase : 0); 1435 break; 1436 } 1437 break; 1438 } 1439 ++fmt; 1440 } 1441 } 1442 } 1443 } 1444 1445 static void 1446 unref_object_dag(Obj_Entry *root) 1447 { 1448 assert(root->refcount != 0); 1449 root->refcount--; 1450 if (root->refcount == 0) { 1451 const Needed_Entry *needed; 1452 1453 for (needed = root->needed; needed != NULL; needed = needed->next) 1454 unref_object_dag(needed->obj); 1455 } 1456 } 1457 1458 /* 1459 * Non-mallocing printf, for use by malloc itself. 1460 * XXX - This doesn't belong in this module. 1461 */ 1462 void 1463 xprintf(const char *fmt, ...) 1464 { 1465 char buf[256]; 1466 va_list ap; 1467 1468 va_start(ap, fmt); 1469 vsprintf(buf, fmt, ap); 1470 (void)write(1, buf, strlen(buf)); 1471 va_end(ap); 1472 } 1473