1 /*- 2 * Copyright 1996, 1997, 1998, 1999, 2000 John D. Polstra. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28 /* 29 * Dynamic linker for ELF. 30 * 31 * John Polstra <jdp@polstra.com>. 32 */ 33 34 #ifndef __GNUC__ 35 #error "GCC is needed to compile this file" 36 #endif 37 38 #include <sys/param.h> 39 #include <sys/mman.h> 40 #include <sys/stat.h> 41 42 #include <dlfcn.h> 43 #include <err.h> 44 #include <errno.h> 45 #include <fcntl.h> 46 #include <stdarg.h> 47 #include <stdio.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <unistd.h> 51 52 #include "debug.h" 53 #include "rtld.h" 54 55 #define END_SYM "_end" 56 #define PATH_RTLD "/usr/libexec/ld-elf.so.1" 57 58 /* Types. */ 59 typedef void (*func_ptr_type)(); 60 61 /* 62 * This structure provides a reentrant way to keep a list of objects and 63 * check which ones have already been processed in some way. 64 */ 65 typedef struct Struct_DoneList { 66 const Obj_Entry **objs; /* Array of object pointers */ 67 unsigned int num_alloc; /* Allocated size of the array */ 68 unsigned int num_used; /* Number of array slots used */ 69 } DoneList; 70 71 /* 72 * Function declarations. 73 */ 74 static const char *basename(const char *); 75 static void die(void); 76 static void digest_dynamic(Obj_Entry *); 77 static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t, const char *); 78 static Obj_Entry *dlcheck(void *); 79 static bool donelist_check(DoneList *, const Obj_Entry *); 80 static char *find_library(const char *, const Obj_Entry *); 81 static const char *gethints(void); 82 static void init_dag(Obj_Entry *); 83 static void init_dag1(Obj_Entry *root, Obj_Entry *obj, DoneList *); 84 static void init_rtld(caddr_t); 85 static void initlist_add_neededs(Needed_Entry *needed, Objlist *list); 86 static void initlist_add_objects(Obj_Entry *obj, Obj_Entry **tail, 87 Objlist *list); 88 static bool is_exported(const Elf_Sym *); 89 static void linkmap_add(Obj_Entry *); 90 static void linkmap_delete(Obj_Entry *); 91 static int load_needed_objects(Obj_Entry *); 92 static int load_preload_objects(void); 93 static Obj_Entry *load_object(char *); 94 static void lock_check(void); 95 static Obj_Entry *obj_from_addr(const void *); 96 static void objlist_call_fini(Objlist *); 97 static void objlist_call_init(Objlist *); 98 static void objlist_clear(Objlist *); 99 static Objlist_Entry *objlist_find(Objlist *, const Obj_Entry *); 100 static void objlist_init(Objlist *); 101 static void objlist_push_head(Objlist *, Obj_Entry *); 102 static void objlist_push_tail(Objlist *, Obj_Entry *); 103 static void objlist_remove(Objlist *, Obj_Entry *); 104 static void objlist_remove_unref(Objlist *); 105 static int relocate_objects(Obj_Entry *, bool); 106 static void rtld_exit(void); 107 static char *search_library_path(const char *, const char *); 108 static void set_program_var(const char *, const void *); 109 static const Elf_Sym *symlook_default(const char *, unsigned long hash, 110 const Obj_Entry *refobj, const Obj_Entry **defobj_out, bool in_plt); 111 static const Elf_Sym *symlook_list(const char *, unsigned long, 112 Objlist *, const Obj_Entry **, bool in_plt, DoneList *); 113 static void trace_loaded_objects(Obj_Entry *obj); 114 static void unload_object(Obj_Entry *); 115 static void unref_dag(Obj_Entry *); 116 117 void r_debug_state(struct r_debug*, struct link_map*); 118 void xprintf(const char *, ...); 119 120 /* 121 * Data declarations. 122 */ 123 static char *error_message; /* Message for dlerror(), or NULL */ 124 struct r_debug r_debug; /* for GDB; */ 125 static bool trust; /* False for setuid and setgid programs */ 126 static char *ld_bind_now; /* Environment variable for immediate binding */ 127 static char *ld_debug; /* Environment variable for debugging */ 128 static char *ld_library_path; /* Environment variable for search path */ 129 static char *ld_preload; /* Environment variable for libraries to 130 load first */ 131 static char *ld_tracing; /* Called from ldd to print libs */ 132 static Obj_Entry *obj_list; /* Head of linked list of shared objects */ 133 static Obj_Entry **obj_tail; /* Link field of last object in list */ 134 static Obj_Entry *obj_main; /* The main program shared object */ 135 static Obj_Entry obj_rtld; /* The dynamic linker shared object */ 136 static unsigned int obj_count; /* Number of objects in obj_list */ 137 138 static Objlist list_global = /* Objects dlopened with RTLD_GLOBAL */ 139 STAILQ_HEAD_INITIALIZER(list_global); 140 static Objlist list_main = /* Objects loaded at program startup */ 141 STAILQ_HEAD_INITIALIZER(list_main); 142 static Objlist list_fini = /* Objects needing fini() calls */ 143 STAILQ_HEAD_INITIALIZER(list_fini); 144 145 static LockInfo lockinfo; 146 147 static Elf_Sym sym_zero; /* For resolving undefined weak refs. */ 148 149 #define GDB_STATE(s,m) r_debug.r_state = s; r_debug_state(&r_debug,m); 150 151 extern Elf_Dyn _DYNAMIC; 152 #pragma weak _DYNAMIC 153 154 /* 155 * These are the functions the dynamic linker exports to application 156 * programs. They are the only symbols the dynamic linker is willing 157 * to export from itself. 158 */ 159 static func_ptr_type exports[] = { 160 (func_ptr_type) &_rtld_error, 161 (func_ptr_type) &dlclose, 162 (func_ptr_type) &dlerror, 163 (func_ptr_type) &dlopen, 164 (func_ptr_type) &dlsym, 165 (func_ptr_type) &dladdr, 166 (func_ptr_type) &dllockinit, 167 NULL 168 }; 169 170 /* 171 * Global declarations normally provided by crt1. The dynamic linker is 172 * not built with crt1, so we have to provide them ourselves. 173 */ 174 char *__progname; 175 char **environ; 176 177 /* 178 * Fill in a DoneList with an allocation large enough to hold all of 179 * the currently-loaded objects. Keep this as a macro since it calls 180 * alloca and we want that to occur within the scope of the caller. 181 */ 182 #define donelist_init(dlp) \ 183 ((dlp)->objs = alloca(obj_count * sizeof (dlp)->objs[0]), \ 184 assert((dlp)->objs != NULL), \ 185 (dlp)->num_alloc = obj_count, \ 186 (dlp)->num_used = 0) 187 188 static __inline void 189 rlock_acquire(void) 190 { 191 lockinfo.rlock_acquire(lockinfo.thelock); 192 atomic_incr_int(&lockinfo.rcount); 193 lock_check(); 194 } 195 196 static __inline void 197 wlock_acquire(void) 198 { 199 lockinfo.wlock_acquire(lockinfo.thelock); 200 atomic_incr_int(&lockinfo.wcount); 201 lock_check(); 202 } 203 204 static __inline void 205 rlock_release(void) 206 { 207 atomic_decr_int(&lockinfo.rcount); 208 lockinfo.rlock_release(lockinfo.thelock); 209 } 210 211 static __inline void 212 wlock_release(void) 213 { 214 atomic_decr_int(&lockinfo.wcount); 215 lockinfo.wlock_release(lockinfo.thelock); 216 } 217 218 /* 219 * Main entry point for dynamic linking. The first argument is the 220 * stack pointer. The stack is expected to be laid out as described 221 * in the SVR4 ABI specification, Intel 386 Processor Supplement. 222 * Specifically, the stack pointer points to a word containing 223 * ARGC. Following that in the stack is a null-terminated sequence 224 * of pointers to argument strings. Then comes a null-terminated 225 * sequence of pointers to environment strings. Finally, there is a 226 * sequence of "auxiliary vector" entries. 227 * 228 * The second argument points to a place to store the dynamic linker's 229 * exit procedure pointer and the third to a place to store the main 230 * program's object. 231 * 232 * The return value is the main program's entry point. 233 */ 234 func_ptr_type 235 _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) 236 { 237 Elf_Auxinfo *aux_info[AT_COUNT]; 238 int i; 239 int argc; 240 char **argv; 241 char **env; 242 Elf_Auxinfo *aux; 243 Elf_Auxinfo *auxp; 244 const char *argv0; 245 Obj_Entry *obj; 246 Obj_Entry **preload_tail; 247 Objlist initlist; 248 249 /* 250 * On entry, the dynamic linker itself has not been relocated yet. 251 * Be very careful not to reference any global data until after 252 * init_rtld has returned. It is OK to reference file-scope statics 253 * and string constants, and to call static and global functions. 254 */ 255 256 /* Find the auxiliary vector on the stack. */ 257 argc = *sp++; 258 argv = (char **) sp; 259 sp += argc + 1; /* Skip over arguments and NULL terminator */ 260 env = (char **) sp; 261 while (*sp++ != 0) /* Skip over environment, and NULL terminator */ 262 ; 263 aux = (Elf_Auxinfo *) sp; 264 265 /* Digest the auxiliary vector. */ 266 for (i = 0; i < AT_COUNT; i++) 267 aux_info[i] = NULL; 268 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) { 269 if (auxp->a_type < AT_COUNT) 270 aux_info[auxp->a_type] = auxp; 271 } 272 273 /* Initialize and relocate ourselves. */ 274 assert(aux_info[AT_BASE] != NULL); 275 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 276 277 __progname = obj_rtld.path; 278 argv0 = argv[0] != NULL ? argv[0] : "(null)"; 279 environ = env; 280 281 trust = geteuid() == getuid() && getegid() == getgid(); 282 283 ld_bind_now = getenv("LD_BIND_NOW"); 284 if (trust) { 285 ld_debug = getenv("LD_DEBUG"); 286 ld_library_path = getenv("LD_LIBRARY_PATH"); 287 ld_preload = getenv("LD_PRELOAD"); 288 } 289 ld_tracing = getenv("LD_TRACE_LOADED_OBJECTS"); 290 291 if (ld_debug != NULL && *ld_debug != '\0') 292 debug = 1; 293 dbg("%s is initialized, base address = %p", __progname, 294 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 295 dbg("RTLD dynamic = %p", obj_rtld.dynamic); 296 dbg("RTLD pltgot = %p", obj_rtld.pltgot); 297 298 /* 299 * Load the main program, or process its program header if it is 300 * already loaded. 301 */ 302 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */ 303 int fd = aux_info[AT_EXECFD]->a_un.a_val; 304 dbg("loading main program"); 305 obj_main = map_object(fd, argv0, NULL); 306 close(fd); 307 if (obj_main == NULL) 308 die(); 309 } else { /* Main program already loaded. */ 310 const Elf_Phdr *phdr; 311 int phnum; 312 caddr_t entry; 313 314 dbg("processing main program's program header"); 315 assert(aux_info[AT_PHDR] != NULL); 316 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr; 317 assert(aux_info[AT_PHNUM] != NULL); 318 phnum = aux_info[AT_PHNUM]->a_un.a_val; 319 assert(aux_info[AT_PHENT] != NULL); 320 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr)); 321 assert(aux_info[AT_ENTRY] != NULL); 322 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr; 323 if ((obj_main = digest_phdr(phdr, phnum, entry, argv0)) == NULL) 324 die(); 325 } 326 327 obj_main->path = xstrdup(argv0); 328 obj_main->mainprog = true; 329 330 /* 331 * Get the actual dynamic linker pathname from the executable if 332 * possible. (It should always be possible.) That ensures that 333 * gdb will find the right dynamic linker even if a non-standard 334 * one is being used. 335 */ 336 if (obj_main->interp != NULL && 337 strcmp(obj_main->interp, obj_rtld.path) != 0) { 338 free(obj_rtld.path); 339 obj_rtld.path = xstrdup(obj_main->interp); 340 } 341 342 digest_dynamic(obj_main); 343 344 linkmap_add(obj_main); 345 linkmap_add(&obj_rtld); 346 347 /* Link the main program into the list of objects. */ 348 *obj_tail = obj_main; 349 obj_tail = &obj_main->next; 350 obj_count++; 351 obj_main->refcount++; 352 /* Make sure we don't call the main program's init and fini functions. */ 353 obj_main->init = obj_main->fini = NULL; 354 355 /* Initialize a fake symbol for resolving undefined weak references. */ 356 sym_zero.st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE); 357 sym_zero.st_shndx = SHN_ABS; 358 359 dbg("loading LD_PRELOAD libraries"); 360 if (load_preload_objects() == -1) 361 die(); 362 preload_tail = obj_tail; 363 364 dbg("loading needed objects"); 365 if (load_needed_objects(obj_main) == -1) 366 die(); 367 368 /* Make a list of all objects loaded at startup. */ 369 for (obj = obj_list; obj != NULL; obj = obj->next) 370 objlist_push_tail(&list_main, obj); 371 372 if (ld_tracing) { /* We're done */ 373 trace_loaded_objects(obj_main); 374 exit(0); 375 } 376 377 if (relocate_objects(obj_main, 378 ld_bind_now != NULL && *ld_bind_now != '\0') == -1) 379 die(); 380 381 dbg("doing copy relocations"); 382 if (do_copy_relocations(obj_main) == -1) 383 die(); 384 385 dbg("initializing key program variables"); 386 set_program_var("__progname", argv[0] != NULL ? basename(argv[0]) : ""); 387 set_program_var("environ", env); 388 389 dbg("initializing thread locks"); 390 lockdflt_init(&lockinfo); 391 lockinfo.thelock = lockinfo.lock_create(lockinfo.context); 392 393 /* Make a list of init functions to call. */ 394 objlist_init(&initlist); 395 initlist_add_objects(obj_list, preload_tail, &initlist); 396 397 r_debug_state(NULL, &obj_main->linkmap); /* say hello to gdb! */ 398 399 objlist_call_init(&initlist); 400 wlock_acquire(); 401 objlist_clear(&initlist); 402 wlock_release(); 403 404 dbg("transferring control to program entry point = %p", obj_main->entry); 405 406 /* Return the exit procedure and the program entry point. */ 407 *exit_proc = rtld_exit; 408 *objp = obj_main; 409 return (func_ptr_type) obj_main->entry; 410 } 411 412 Elf_Addr 413 _rtld_bind(Obj_Entry *obj, Elf_Word reloff) 414 { 415 const Elf_Rel *rel; 416 const Elf_Sym *def; 417 const Obj_Entry *defobj; 418 Elf_Addr *where; 419 Elf_Addr target; 420 421 rlock_acquire(); 422 if (obj->pltrel) 423 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff); 424 else 425 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff); 426 427 where = (Elf_Addr *) (obj->relocbase + rel->r_offset); 428 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true); 429 if (def == NULL) 430 die(); 431 432 target = (Elf_Addr)(defobj->relocbase + def->st_value); 433 434 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"", 435 defobj->strtab + def->st_name, basename(obj->path), 436 (void *)target, basename(defobj->path)); 437 438 reloc_jmpslot(where, target); 439 rlock_release(); 440 return target; 441 } 442 443 /* 444 * Error reporting function. Use it like printf. If formats the message 445 * into a buffer, and sets things up so that the next call to dlerror() 446 * will return the message. 447 */ 448 void 449 _rtld_error(const char *fmt, ...) 450 { 451 static char buf[512]; 452 va_list ap; 453 454 va_start(ap, fmt); 455 vsnprintf(buf, sizeof buf, fmt, ap); 456 error_message = buf; 457 va_end(ap); 458 } 459 460 static const char * 461 basename(const char *name) 462 { 463 const char *p = strrchr(name, '/'); 464 return p != NULL ? p + 1 : name; 465 } 466 467 static void 468 die(void) 469 { 470 const char *msg = dlerror(); 471 472 if (msg == NULL) 473 msg = "Fatal error"; 474 errx(1, "%s", msg); 475 } 476 477 /* 478 * Process a shared object's DYNAMIC section, and save the important 479 * information in its Obj_Entry structure. 480 */ 481 static void 482 digest_dynamic(Obj_Entry *obj) 483 { 484 const Elf_Dyn *dynp; 485 Needed_Entry **needed_tail = &obj->needed; 486 const Elf_Dyn *dyn_rpath = NULL; 487 int plttype = DT_REL; 488 489 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { 490 switch (dynp->d_tag) { 491 492 case DT_REL: 493 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr); 494 break; 495 496 case DT_RELSZ: 497 obj->relsize = dynp->d_un.d_val; 498 break; 499 500 case DT_RELENT: 501 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 502 break; 503 504 case DT_JMPREL: 505 obj->pltrel = (const Elf_Rel *) 506 (obj->relocbase + dynp->d_un.d_ptr); 507 break; 508 509 case DT_PLTRELSZ: 510 obj->pltrelsize = dynp->d_un.d_val; 511 break; 512 513 case DT_RELA: 514 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr); 515 break; 516 517 case DT_RELASZ: 518 obj->relasize = dynp->d_un.d_val; 519 break; 520 521 case DT_RELAENT: 522 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 523 break; 524 525 case DT_PLTREL: 526 plttype = dynp->d_un.d_val; 527 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA); 528 break; 529 530 case DT_SYMTAB: 531 obj->symtab = (const Elf_Sym *) 532 (obj->relocbase + dynp->d_un.d_ptr); 533 break; 534 535 case DT_SYMENT: 536 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 537 break; 538 539 case DT_STRTAB: 540 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr); 541 break; 542 543 case DT_STRSZ: 544 obj->strsize = dynp->d_un.d_val; 545 break; 546 547 case DT_HASH: 548 { 549 const Elf_Addr *hashtab = (const Elf_Addr *) 550 (obj->relocbase + dynp->d_un.d_ptr); 551 obj->nbuckets = hashtab[0]; 552 obj->nchains = hashtab[1]; 553 obj->buckets = hashtab + 2; 554 obj->chains = obj->buckets + obj->nbuckets; 555 } 556 break; 557 558 case DT_NEEDED: 559 if (!obj->rtld) { 560 Needed_Entry *nep = NEW(Needed_Entry); 561 nep->name = dynp->d_un.d_val; 562 nep->obj = NULL; 563 nep->next = NULL; 564 565 *needed_tail = nep; 566 needed_tail = &nep->next; 567 } 568 break; 569 570 case DT_PLTGOT: 571 obj->pltgot = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr); 572 break; 573 574 case DT_TEXTREL: 575 obj->textrel = true; 576 break; 577 578 case DT_SYMBOLIC: 579 obj->symbolic = true; 580 break; 581 582 case DT_RPATH: 583 /* 584 * We have to wait until later to process this, because we 585 * might not have gotten the address of the string table yet. 586 */ 587 dyn_rpath = dynp; 588 break; 589 590 case DT_SONAME: 591 /* Not used by the dynamic linker. */ 592 break; 593 594 case DT_INIT: 595 obj->init = (InitFunc) (obj->relocbase + dynp->d_un.d_ptr); 596 break; 597 598 case DT_FINI: 599 obj->fini = (InitFunc) (obj->relocbase + dynp->d_un.d_ptr); 600 break; 601 602 case DT_DEBUG: 603 /* XXX - not implemented yet */ 604 dbg("Filling in DT_DEBUG entry"); 605 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug; 606 break; 607 608 default: 609 dbg("Ignoring d_tag %d = %#x", dynp->d_tag, dynp->d_tag); 610 break; 611 } 612 } 613 614 obj->traced = false; 615 616 if (plttype == DT_RELA) { 617 obj->pltrela = (const Elf_Rela *) obj->pltrel; 618 obj->pltrel = NULL; 619 obj->pltrelasize = obj->pltrelsize; 620 obj->pltrelsize = 0; 621 } 622 623 if (dyn_rpath != NULL) 624 obj->rpath = obj->strtab + dyn_rpath->d_un.d_val; 625 } 626 627 /* 628 * Process a shared object's program header. This is used only for the 629 * main program, when the kernel has already loaded the main program 630 * into memory before calling the dynamic linker. It creates and 631 * returns an Obj_Entry structure. 632 */ 633 static Obj_Entry * 634 digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry, const char *path) 635 { 636 Obj_Entry *obj; 637 const Elf_Phdr *phlimit = phdr + phnum; 638 const Elf_Phdr *ph; 639 int nsegs = 0; 640 641 obj = obj_new(); 642 for (ph = phdr; ph < phlimit; ph++) { 643 switch (ph->p_type) { 644 645 case PT_PHDR: 646 if ((const Elf_Phdr *)ph->p_vaddr != phdr) { 647 _rtld_error("%s: invalid PT_PHDR", path); 648 return NULL; 649 } 650 obj->phdr = (const Elf_Phdr *) ph->p_vaddr; 651 obj->phsize = ph->p_memsz; 652 break; 653 654 case PT_INTERP: 655 obj->interp = (const char *) ph->p_vaddr; 656 break; 657 658 case PT_LOAD: 659 if (nsegs >= 2) { 660 _rtld_error("%s: too many PT_LOAD segments", path); 661 return NULL; 662 } 663 if (nsegs == 0) { /* First load segment */ 664 obj->vaddrbase = trunc_page(ph->p_vaddr); 665 obj->mapbase = (caddr_t) obj->vaddrbase; 666 obj->relocbase = obj->mapbase - obj->vaddrbase; 667 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) - 668 obj->vaddrbase; 669 } else { /* Last load segment */ 670 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) - 671 obj->vaddrbase; 672 } 673 nsegs++; 674 break; 675 676 case PT_DYNAMIC: 677 obj->dynamic = (const Elf_Dyn *) ph->p_vaddr; 678 break; 679 } 680 } 681 if (nsegs < 2) { 682 _rtld_error("%s: too few PT_LOAD segments", path); 683 return NULL; 684 } 685 686 obj->entry = entry; 687 return obj; 688 } 689 690 static Obj_Entry * 691 dlcheck(void *handle) 692 { 693 Obj_Entry *obj; 694 695 for (obj = obj_list; obj != NULL; obj = obj->next) 696 if (obj == (Obj_Entry *) handle) 697 break; 698 699 if (obj == NULL || obj->dl_refcount == 0) { 700 _rtld_error("Invalid shared object handle %p", handle); 701 return NULL; 702 } 703 return obj; 704 } 705 706 /* 707 * If the given object is already in the donelist, return true. Otherwise 708 * add the object to the list and return false. 709 */ 710 static bool 711 donelist_check(DoneList *dlp, const Obj_Entry *obj) 712 { 713 unsigned int i; 714 715 for (i = 0; i < dlp->num_used; i++) 716 if (dlp->objs[i] == obj) 717 return true; 718 /* 719 * Our donelist allocation should always be sufficient. But if 720 * our threads locking isn't working properly, more shared objects 721 * could have been loaded since we allocated the list. That should 722 * never happen, but we'll handle it properly just in case it does. 723 */ 724 if (dlp->num_used < dlp->num_alloc) 725 dlp->objs[dlp->num_used++] = obj; 726 return false; 727 } 728 729 /* 730 * Hash function for symbol table lookup. Don't even think about changing 731 * this. It is specified by the System V ABI. 732 */ 733 unsigned long 734 elf_hash(const char *name) 735 { 736 const unsigned char *p = (const unsigned char *) name; 737 unsigned long h = 0; 738 unsigned long g; 739 740 while (*p != '\0') { 741 h = (h << 4) + *p++; 742 if ((g = h & 0xf0000000) != 0) 743 h ^= g >> 24; 744 h &= ~g; 745 } 746 return h; 747 } 748 749 /* 750 * Find the library with the given name, and return its full pathname. 751 * The returned string is dynamically allocated. Generates an error 752 * message and returns NULL if the library cannot be found. 753 * 754 * If the second argument is non-NULL, then it refers to an already- 755 * loaded shared object, whose library search path will be searched. 756 * 757 * The search order is: 758 * rpath in the referencing file 759 * LD_LIBRARY_PATH 760 * ldconfig hints 761 * /usr/lib 762 */ 763 static char * 764 find_library(const char *name, const Obj_Entry *refobj) 765 { 766 char *pathname; 767 768 if (strchr(name, '/') != NULL) { /* Hard coded pathname */ 769 if (name[0] != '/' && !trust) { 770 _rtld_error("Absolute pathname required for shared object \"%s\"", 771 name); 772 return NULL; 773 } 774 return xstrdup(name); 775 } 776 777 dbg(" Searching for \"%s\"", name); 778 779 if ((refobj != NULL && 780 (pathname = search_library_path(name, refobj->rpath)) != NULL) || 781 (pathname = search_library_path(name, ld_library_path)) != NULL || 782 (pathname = search_library_path(name, gethints())) != NULL || 783 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL) 784 return pathname; 785 786 _rtld_error("Shared object \"%s\" not found", name); 787 return NULL; 788 } 789 790 /* 791 * Given a symbol number in a referencing object, find the corresponding 792 * definition of the symbol. Returns a pointer to the symbol, or NULL if 793 * no definition was found. Returns a pointer to the Obj_Entry of the 794 * defining object via the reference parameter DEFOBJ_OUT. 795 */ 796 const Elf_Sym * 797 find_symdef(unsigned long symnum, const Obj_Entry *refobj, 798 const Obj_Entry **defobj_out, bool in_plt) 799 { 800 const Elf_Sym *ref; 801 const Elf_Sym *def; 802 const Obj_Entry *defobj; 803 const char *name; 804 unsigned long hash; 805 806 ref = refobj->symtab + symnum; 807 name = refobj->strtab + ref->st_name; 808 hash = elf_hash(name); 809 defobj = NULL; 810 811 def = symlook_default(name, hash, refobj, &defobj, in_plt); 812 813 /* 814 * If we found no definition and the reference is weak, treat the 815 * symbol as having the value zero. 816 */ 817 if (def == NULL && ELF_ST_BIND(ref->st_info) == STB_WEAK) { 818 def = &sym_zero; 819 defobj = obj_main; 820 } 821 822 if (def != NULL) 823 *defobj_out = defobj; 824 else 825 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name); 826 return def; 827 } 828 829 /* 830 * Return the search path from the ldconfig hints file, reading it if 831 * necessary. Returns NULL if there are problems with the hints file, 832 * or if the search path there is empty. 833 */ 834 static const char * 835 gethints(void) 836 { 837 static char *hints; 838 839 if (hints == NULL) { 840 int fd; 841 struct elfhints_hdr hdr; 842 char *p; 843 844 /* Keep from trying again in case the hints file is bad. */ 845 hints = ""; 846 847 if ((fd = open(_PATH_ELF_HINTS, O_RDONLY)) == -1) 848 return NULL; 849 if (read(fd, &hdr, sizeof hdr) != sizeof hdr || 850 hdr.magic != ELFHINTS_MAGIC || 851 hdr.version != 1) { 852 close(fd); 853 return NULL; 854 } 855 p = xmalloc(hdr.dirlistlen + 1); 856 if (lseek(fd, hdr.strtab + hdr.dirlist, SEEK_SET) == -1 || 857 read(fd, p, hdr.dirlistlen + 1) != hdr.dirlistlen + 1) { 858 free(p); 859 close(fd); 860 return NULL; 861 } 862 hints = p; 863 close(fd); 864 } 865 return hints[0] != '\0' ? hints : NULL; 866 } 867 868 static void 869 init_dag(Obj_Entry *root) 870 { 871 DoneList donelist; 872 873 donelist_init(&donelist); 874 init_dag1(root, root, &donelist); 875 } 876 877 static void 878 init_dag1(Obj_Entry *root, Obj_Entry *obj, DoneList *dlp) 879 { 880 const Needed_Entry *needed; 881 882 if (donelist_check(dlp, obj)) 883 return; 884 objlist_push_tail(&obj->dldags, root); 885 objlist_push_tail(&root->dagmembers, obj); 886 for (needed = obj->needed; needed != NULL; needed = needed->next) 887 if (needed->obj != NULL) 888 init_dag1(root, needed->obj, dlp); 889 } 890 891 /* 892 * Initialize the dynamic linker. The argument is the address at which 893 * the dynamic linker has been mapped into memory. The primary task of 894 * this function is to relocate the dynamic linker. 895 */ 896 static void 897 init_rtld(caddr_t mapbase) 898 { 899 /* 900 * Conjure up an Obj_Entry structure for the dynamic linker. 901 * 902 * The "path" member is supposed to be dynamically-allocated, but we 903 * aren't yet initialized sufficiently to do that. Below we will 904 * replace the static version with a dynamically-allocated copy. 905 */ 906 obj_rtld.path = PATH_RTLD; 907 obj_rtld.rtld = true; 908 obj_rtld.mapbase = mapbase; 909 #ifdef PIC 910 obj_rtld.relocbase = mapbase; 911 #endif 912 if (&_DYNAMIC != 0) { 913 obj_rtld.dynamic = rtld_dynamic(&obj_rtld); 914 digest_dynamic(&obj_rtld); 915 assert(obj_rtld.needed == NULL); 916 assert(!obj_rtld.textrel); 917 918 /* 919 * Temporarily put the dynamic linker entry into the object list, so 920 * that symbols can be found. 921 */ 922 obj_list = &obj_rtld; 923 obj_tail = &obj_rtld.next; 924 obj_count = 1; 925 926 relocate_objects(&obj_rtld, true); 927 } 928 929 /* Make the object list empty again. */ 930 obj_list = NULL; 931 obj_tail = &obj_list; 932 obj_count = 0; 933 934 /* Replace the path with a dynamically allocated copy. */ 935 obj_rtld.path = xstrdup(obj_rtld.path); 936 937 r_debug.r_brk = r_debug_state; 938 r_debug.r_state = RT_CONSISTENT; 939 } 940 941 /* 942 * Add the init functions from a needed object list (and its recursive 943 * needed objects) to "list". This is not used directly; it is a helper 944 * function for initlist_add_objects(). The write lock must be held 945 * when this function is called. 946 */ 947 static void 948 initlist_add_neededs(Needed_Entry *needed, Objlist *list) 949 { 950 /* Recursively process the successor needed objects. */ 951 if (needed->next != NULL) 952 initlist_add_neededs(needed->next, list); 953 954 /* Process the current needed object. */ 955 if (needed->obj != NULL) 956 initlist_add_objects(needed->obj, &needed->obj->next, list); 957 } 958 959 /* 960 * Scan all of the DAGs rooted in the range of objects from "obj" to 961 * "tail" and add their init functions to "list". This recurses over 962 * the DAGs and ensure the proper init ordering such that each object's 963 * needed libraries are initialized before the object itself. At the 964 * same time, this function adds the objects to the global finalization 965 * list "list_fini" in the opposite order. The write lock must be 966 * held when this function is called. 967 */ 968 static void 969 initlist_add_objects(Obj_Entry *obj, Obj_Entry **tail, Objlist *list) 970 { 971 if (obj->init_done) 972 return; 973 obj->init_done = true; 974 975 /* Recursively process the successor objects. */ 976 if (&obj->next != tail) 977 initlist_add_objects(obj->next, tail, list); 978 979 /* Recursively process the needed objects. */ 980 if (obj->needed != NULL) 981 initlist_add_neededs(obj->needed, list); 982 983 /* Add the object to the init list. */ 984 if (obj->init != NULL) 985 objlist_push_tail(list, obj); 986 987 /* Add the object to the global fini list in the reverse order. */ 988 if (obj->fini != NULL) 989 objlist_push_head(&list_fini, obj); 990 } 991 992 static bool 993 is_exported(const Elf_Sym *def) 994 { 995 func_ptr_type value; 996 const func_ptr_type *p; 997 998 value = (func_ptr_type)(obj_rtld.relocbase + def->st_value); 999 for (p = exports; *p != NULL; p++) 1000 if (*p == value) 1001 return true; 1002 return false; 1003 } 1004 1005 /* 1006 * Given a shared object, traverse its list of needed objects, and load 1007 * each of them. Returns 0 on success. Generates an error message and 1008 * returns -1 on failure. 1009 */ 1010 static int 1011 load_needed_objects(Obj_Entry *first) 1012 { 1013 Obj_Entry *obj; 1014 1015 for (obj = first; obj != NULL; obj = obj->next) { 1016 Needed_Entry *needed; 1017 1018 for (needed = obj->needed; needed != NULL; needed = needed->next) { 1019 const char *name = obj->strtab + needed->name; 1020 char *path = find_library(name, obj); 1021 1022 needed->obj = NULL; 1023 if (path == NULL && !ld_tracing) 1024 return -1; 1025 1026 if (path) { 1027 needed->obj = load_object(path); 1028 if (needed->obj == NULL && !ld_tracing) 1029 return -1; /* XXX - cleanup */ 1030 } 1031 } 1032 } 1033 1034 return 0; 1035 } 1036 1037 static int 1038 load_preload_objects(void) 1039 { 1040 char *p = ld_preload; 1041 static const char delim[] = " \t:;"; 1042 1043 if (p == NULL) 1044 return NULL; 1045 1046 p += strspn(p, delim); 1047 while (*p != '\0') { 1048 size_t len = strcspn(p, delim); 1049 char *path; 1050 char savech; 1051 1052 savech = p[len]; 1053 p[len] = '\0'; 1054 if ((path = find_library(p, NULL)) == NULL) 1055 return -1; 1056 if (load_object(path) == NULL) 1057 return -1; /* XXX - cleanup */ 1058 p[len] = savech; 1059 p += len; 1060 p += strspn(p, delim); 1061 } 1062 return 0; 1063 } 1064 1065 /* 1066 * Load a shared object into memory, if it is not already loaded. The 1067 * argument must be a string allocated on the heap. This function assumes 1068 * responsibility for freeing it when necessary. 1069 * 1070 * Returns a pointer to the Obj_Entry for the object. Returns NULL 1071 * on failure. 1072 */ 1073 static Obj_Entry * 1074 load_object(char *path) 1075 { 1076 Obj_Entry *obj; 1077 int fd = -1; 1078 struct stat sb; 1079 1080 for (obj = obj_list->next; obj != NULL; obj = obj->next) 1081 if (strcmp(obj->path, path) == 0) 1082 break; 1083 1084 /* 1085 * If we didn't find a match by pathname, open the file and check 1086 * again by device and inode. This avoids false mismatches caused 1087 * by multiple links or ".." in pathnames. 1088 * 1089 * To avoid a race, we open the file and use fstat() rather than 1090 * using stat(). 1091 */ 1092 if (obj == NULL) { 1093 if ((fd = open(path, O_RDONLY)) == -1) { 1094 _rtld_error("Cannot open \"%s\"", path); 1095 return NULL; 1096 } 1097 if (fstat(fd, &sb) == -1) { 1098 _rtld_error("Cannot fstat \"%s\"", path); 1099 close(fd); 1100 return NULL; 1101 } 1102 for (obj = obj_list->next; obj != NULL; obj = obj->next) { 1103 if (obj->ino == sb.st_ino && obj->dev == sb.st_dev) { 1104 close(fd); 1105 break; 1106 } 1107 } 1108 } 1109 1110 if (obj == NULL) { /* First use of this object, so we must map it in */ 1111 dbg("loading \"%s\"", path); 1112 obj = map_object(fd, path, &sb); 1113 close(fd); 1114 if (obj == NULL) { 1115 free(path); 1116 return NULL; 1117 } 1118 1119 obj->path = path; 1120 digest_dynamic(obj); 1121 1122 *obj_tail = obj; 1123 obj_tail = &obj->next; 1124 obj_count++; 1125 linkmap_add(obj); /* for GDB */ 1126 1127 dbg(" %p .. %p: %s", obj->mapbase, 1128 obj->mapbase + obj->mapsize - 1, obj->path); 1129 if (obj->textrel) 1130 dbg(" WARNING: %s has impure text", obj->path); 1131 } else 1132 free(path); 1133 1134 obj->refcount++; 1135 return obj; 1136 } 1137 1138 /* 1139 * Check for locking violations and die if one is found. 1140 */ 1141 static void 1142 lock_check(void) 1143 { 1144 int rcount, wcount; 1145 1146 rcount = lockinfo.rcount; 1147 wcount = lockinfo.wcount; 1148 assert(rcount >= 0); 1149 assert(wcount >= 0); 1150 if (wcount > 1 || (wcount != 0 && rcount != 0)) { 1151 _rtld_error("Application locking error: %d readers and %d writers" 1152 " in dynamic linker. See DLLOCKINIT(3) in manual pages.", 1153 rcount, wcount); 1154 die(); 1155 } 1156 } 1157 1158 static Obj_Entry * 1159 obj_from_addr(const void *addr) 1160 { 1161 unsigned long endhash; 1162 Obj_Entry *obj; 1163 1164 endhash = elf_hash(END_SYM); 1165 for (obj = obj_list; obj != NULL; obj = obj->next) { 1166 const Elf_Sym *endsym; 1167 1168 if (addr < (void *) obj->mapbase) 1169 continue; 1170 if ((endsym = symlook_obj(END_SYM, endhash, obj, true)) == NULL) 1171 continue; /* No "end" symbol?! */ 1172 if (addr < (void *) (obj->relocbase + endsym->st_value)) 1173 return obj; 1174 } 1175 return NULL; 1176 } 1177 1178 /* 1179 * Call the finalization functions for each of the objects in "list" 1180 * which are unreferenced. All of the objects are expected to have 1181 * non-NULL fini functions. 1182 */ 1183 static void 1184 objlist_call_fini(Objlist *list) 1185 { 1186 Objlist_Entry *elm; 1187 1188 STAILQ_FOREACH(elm, list, link) { 1189 if (elm->obj->refcount == 0) { 1190 dbg("calling fini function for %s", elm->obj->path); 1191 (*elm->obj->fini)(); 1192 } 1193 } 1194 } 1195 1196 /* 1197 * Call the initialization functions for each of the objects in 1198 * "list". All of the objects are expected to have non-NULL init 1199 * functions. 1200 */ 1201 static void 1202 objlist_call_init(Objlist *list) 1203 { 1204 Objlist_Entry *elm; 1205 1206 STAILQ_FOREACH(elm, list, link) { 1207 dbg("calling init function for %s", elm->obj->path); 1208 (*elm->obj->init)(); 1209 } 1210 } 1211 1212 static void 1213 objlist_clear(Objlist *list) 1214 { 1215 Objlist_Entry *elm; 1216 1217 while (!STAILQ_EMPTY(list)) { 1218 elm = STAILQ_FIRST(list); 1219 STAILQ_REMOVE_HEAD(list, link); 1220 free(elm); 1221 } 1222 } 1223 1224 static Objlist_Entry * 1225 objlist_find(Objlist *list, const Obj_Entry *obj) 1226 { 1227 Objlist_Entry *elm; 1228 1229 STAILQ_FOREACH(elm, list, link) 1230 if (elm->obj == obj) 1231 return elm; 1232 return NULL; 1233 } 1234 1235 static void 1236 objlist_init(Objlist *list) 1237 { 1238 STAILQ_INIT(list); 1239 } 1240 1241 static void 1242 objlist_push_head(Objlist *list, Obj_Entry *obj) 1243 { 1244 Objlist_Entry *elm; 1245 1246 elm = NEW(Objlist_Entry); 1247 elm->obj = obj; 1248 STAILQ_INSERT_HEAD(list, elm, link); 1249 } 1250 1251 static void 1252 objlist_push_tail(Objlist *list, Obj_Entry *obj) 1253 { 1254 Objlist_Entry *elm; 1255 1256 elm = NEW(Objlist_Entry); 1257 elm->obj = obj; 1258 STAILQ_INSERT_TAIL(list, elm, link); 1259 } 1260 1261 static void 1262 objlist_remove(Objlist *list, Obj_Entry *obj) 1263 { 1264 Objlist_Entry *elm; 1265 1266 if ((elm = objlist_find(list, obj)) != NULL) { 1267 STAILQ_REMOVE(list, elm, Struct_Objlist_Entry, link); 1268 free(elm); 1269 } 1270 } 1271 1272 /* 1273 * Remove all of the unreferenced objects from "list". 1274 */ 1275 static void 1276 objlist_remove_unref(Objlist *list) 1277 { 1278 Objlist newlist; 1279 Objlist_Entry *elm; 1280 1281 STAILQ_INIT(&newlist); 1282 while (!STAILQ_EMPTY(list)) { 1283 elm = STAILQ_FIRST(list); 1284 STAILQ_REMOVE_HEAD(list, link); 1285 if (elm->obj->refcount == 0) 1286 free(elm); 1287 else 1288 STAILQ_INSERT_TAIL(&newlist, elm, link); 1289 } 1290 *list = newlist; 1291 } 1292 1293 /* 1294 * Relocate newly-loaded shared objects. The argument is a pointer to 1295 * the Obj_Entry for the first such object. All objects from the first 1296 * to the end of the list of objects are relocated. Returns 0 on success, 1297 * or -1 on failure. 1298 */ 1299 static int 1300 relocate_objects(Obj_Entry *first, bool bind_now) 1301 { 1302 Obj_Entry *obj; 1303 1304 for (obj = first; obj != NULL; obj = obj->next) { 1305 if (obj != &obj_rtld) 1306 dbg("relocating \"%s\"", obj->path); 1307 if (obj->nbuckets == 0 || obj->nchains == 0 || obj->buckets == NULL || 1308 obj->symtab == NULL || obj->strtab == NULL) { 1309 _rtld_error("%s: Shared object has no run-time symbol table", 1310 obj->path); 1311 return -1; 1312 } 1313 1314 if (obj->textrel) { 1315 /* There are relocations to the write-protected text segment. */ 1316 if (mprotect(obj->mapbase, obj->textsize, 1317 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { 1318 _rtld_error("%s: Cannot write-enable text segment: %s", 1319 obj->path, strerror(errno)); 1320 return -1; 1321 } 1322 } 1323 1324 /* Process the non-PLT relocations. */ 1325 if (reloc_non_plt(obj, &obj_rtld)) 1326 return -1; 1327 1328 if (obj->textrel) { /* Re-protected the text segment. */ 1329 if (mprotect(obj->mapbase, obj->textsize, 1330 PROT_READ|PROT_EXEC) == -1) { 1331 _rtld_error("%s: Cannot write-protect text segment: %s", 1332 obj->path, strerror(errno)); 1333 return -1; 1334 } 1335 } 1336 1337 /* Process the PLT relocations. */ 1338 if (reloc_plt(obj) == -1) 1339 return -1; 1340 /* Relocate the jump slots if we are doing immediate binding. */ 1341 if (bind_now) 1342 if (reloc_jmpslots(obj) == -1) 1343 return -1; 1344 1345 1346 /* 1347 * Set up the magic number and version in the Obj_Entry. These 1348 * were checked in the crt1.o from the original ElfKit, so we 1349 * set them for backward compatibility. 1350 */ 1351 obj->magic = RTLD_MAGIC; 1352 obj->version = RTLD_VERSION; 1353 1354 /* Set the special PLT or GOT entries. */ 1355 init_pltgot(obj); 1356 } 1357 1358 return 0; 1359 } 1360 1361 /* 1362 * Cleanup procedure. It will be called (by the atexit mechanism) just 1363 * before the process exits. 1364 */ 1365 static void 1366 rtld_exit(void) 1367 { 1368 Obj_Entry *obj; 1369 1370 dbg("rtld_exit()"); 1371 wlock_acquire(); 1372 /* Clear all the reference counts so the fini functions will be called. */ 1373 for (obj = obj_list; obj != NULL; obj = obj->next) 1374 obj->refcount = 0; 1375 wlock_release(); 1376 objlist_call_fini(&list_fini); 1377 /* No need to remove the items from the list, since we are exiting. */ 1378 } 1379 1380 static char * 1381 search_library_path(const char *name, const char *path) 1382 { 1383 size_t namelen = strlen(name); 1384 const char *p = path; 1385 1386 if (p == NULL) 1387 return NULL; 1388 1389 p += strspn(p, ":;"); 1390 while (*p != '\0') { 1391 size_t len = strcspn(p, ":;"); 1392 1393 if (*p == '/' || trust) { 1394 char *pathname; 1395 const char *dir = p; 1396 size_t dirlen = len; 1397 1398 pathname = xmalloc(dirlen + 1 + namelen + 1); 1399 strncpy(pathname, dir, dirlen); 1400 pathname[dirlen] = '/'; 1401 strcpy(pathname + dirlen + 1, name); 1402 1403 dbg(" Trying \"%s\"", pathname); 1404 if (access(pathname, F_OK) == 0) /* We found it */ 1405 return pathname; 1406 1407 free(pathname); 1408 } 1409 p += len; 1410 p += strspn(p, ":;"); 1411 } 1412 1413 return NULL; 1414 } 1415 1416 int 1417 dlclose(void *handle) 1418 { 1419 Obj_Entry *root; 1420 1421 wlock_acquire(); 1422 root = dlcheck(handle); 1423 if (root == NULL) { 1424 wlock_release(); 1425 return -1; 1426 } 1427 1428 /* Unreference the object and its dependencies. */ 1429 root->dl_refcount--; 1430 unref_dag(root); 1431 1432 if (root->refcount == 0) { 1433 /* 1434 * The object is no longer referenced, so we must unload it. 1435 * First, call the fini functions with no locks held. 1436 */ 1437 wlock_release(); 1438 objlist_call_fini(&list_fini); 1439 wlock_acquire(); 1440 objlist_remove_unref(&list_fini); 1441 1442 /* Finish cleaning up the newly-unreferenced objects. */ 1443 GDB_STATE(RT_DELETE,&root->linkmap); 1444 unload_object(root); 1445 GDB_STATE(RT_CONSISTENT,NULL); 1446 } 1447 wlock_release(); 1448 return 0; 1449 } 1450 1451 const char * 1452 dlerror(void) 1453 { 1454 char *msg = error_message; 1455 error_message = NULL; 1456 return msg; 1457 } 1458 1459 /* 1460 * This function is deprecated and has no effect. 1461 */ 1462 void 1463 dllockinit(void *context, 1464 void *(*lock_create)(void *context), 1465 void (*rlock_acquire)(void *lock), 1466 void (*wlock_acquire)(void *lock), 1467 void (*lock_release)(void *lock), 1468 void (*lock_destroy)(void *lock), 1469 void (*context_destroy)(void *context)) 1470 { 1471 static void *cur_context; 1472 static void (*cur_context_destroy)(void *); 1473 1474 /* Just destroy the context from the previous call, if necessary. */ 1475 if (cur_context_destroy != NULL) 1476 cur_context_destroy(cur_context); 1477 cur_context = context; 1478 cur_context_destroy = context_destroy; 1479 } 1480 1481 void * 1482 dlopen(const char *name, int mode) 1483 { 1484 Obj_Entry **old_obj_tail; 1485 Obj_Entry *obj; 1486 Objlist initlist; 1487 1488 objlist_init(&initlist); 1489 1490 wlock_acquire(); 1491 GDB_STATE(RT_ADD,NULL); 1492 1493 old_obj_tail = obj_tail; 1494 obj = NULL; 1495 if (name == NULL) { 1496 obj = obj_main; 1497 obj->refcount++; 1498 } else { 1499 char *path = find_library(name, obj_main); 1500 if (path != NULL) 1501 obj = load_object(path); 1502 } 1503 1504 if (obj) { 1505 obj->dl_refcount++; 1506 if (mode & RTLD_GLOBAL && objlist_find(&list_global, obj) == NULL) 1507 objlist_push_tail(&list_global, obj); 1508 mode &= RTLD_MODEMASK; 1509 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1510 assert(*old_obj_tail == obj); 1511 1512 if (load_needed_objects(obj) == -1 || 1513 (init_dag(obj), relocate_objects(obj, mode == RTLD_NOW)) == -1) { 1514 obj->dl_refcount--; 1515 unref_dag(obj); 1516 if (obj->refcount == 0) 1517 unload_object(obj); 1518 obj = NULL; 1519 } else { 1520 /* Make list of init functions to call. */ 1521 initlist_add_objects(obj, &obj->next, &initlist); 1522 } 1523 } 1524 } 1525 1526 GDB_STATE(RT_CONSISTENT,obj ? &obj->linkmap : NULL); 1527 1528 /* Call the init functions with no locks held. */ 1529 wlock_release(); 1530 objlist_call_init(&initlist); 1531 wlock_acquire(); 1532 objlist_clear(&initlist); 1533 wlock_release(); 1534 return obj; 1535 } 1536 1537 void * 1538 dlsym(void *handle, const char *name) 1539 { 1540 const Obj_Entry *obj; 1541 unsigned long hash; 1542 const Elf_Sym *def; 1543 const Obj_Entry *defobj; 1544 1545 hash = elf_hash(name); 1546 def = NULL; 1547 defobj = NULL; 1548 1549 rlock_acquire(); 1550 if (handle == NULL || handle == RTLD_NEXT || handle == RTLD_DEFAULT) { 1551 void *retaddr; 1552 1553 retaddr = __builtin_return_address(0); /* __GNUC__ only */ 1554 if ((obj = obj_from_addr(retaddr)) == NULL) { 1555 _rtld_error("Cannot determine caller's shared object"); 1556 rlock_release(); 1557 return NULL; 1558 } 1559 if (handle == NULL) { /* Just the caller's shared object. */ 1560 def = symlook_obj(name, hash, obj, true); 1561 defobj = obj; 1562 } else if (handle == RTLD_NEXT) { /* Objects after caller's */ 1563 while ((obj = obj->next) != NULL) { 1564 if ((def = symlook_obj(name, hash, obj, true)) != NULL) { 1565 defobj = obj; 1566 break; 1567 } 1568 } 1569 } else { 1570 assert(handle == RTLD_DEFAULT); 1571 def = symlook_default(name, hash, obj, &defobj, true); 1572 } 1573 } else { 1574 if ((obj = dlcheck(handle)) == NULL) { 1575 rlock_release(); 1576 return NULL; 1577 } 1578 1579 if (obj->mainprog) { 1580 DoneList donelist; 1581 1582 /* Search main program and all libraries loaded by it. */ 1583 donelist_init(&donelist); 1584 def = symlook_list(name, hash, &list_main, &defobj, true, 1585 &donelist); 1586 } else { 1587 /* 1588 * XXX - This isn't correct. The search should include the whole 1589 * DAG rooted at the given object. 1590 */ 1591 def = symlook_obj(name, hash, obj, true); 1592 defobj = obj; 1593 } 1594 } 1595 1596 if (def != NULL) { 1597 rlock_release(); 1598 return defobj->relocbase + def->st_value; 1599 } 1600 1601 _rtld_error("Undefined symbol \"%s\"", name); 1602 rlock_release(); 1603 return NULL; 1604 } 1605 1606 int 1607 dladdr(const void *addr, Dl_info *info) 1608 { 1609 const Obj_Entry *obj; 1610 const Elf_Sym *def; 1611 void *symbol_addr; 1612 unsigned long symoffset; 1613 1614 rlock_acquire(); 1615 obj = obj_from_addr(addr); 1616 if (obj == NULL) { 1617 _rtld_error("No shared object contains address"); 1618 rlock_release(); 1619 return 0; 1620 } 1621 info->dli_fname = obj->path; 1622 info->dli_fbase = obj->mapbase; 1623 info->dli_saddr = (void *)0; 1624 info->dli_sname = NULL; 1625 1626 /* 1627 * Walk the symbol list looking for the symbol whose address is 1628 * closest to the address sent in. 1629 */ 1630 for (symoffset = 0; symoffset < obj->nchains; symoffset++) { 1631 def = obj->symtab + symoffset; 1632 1633 /* 1634 * For skip the symbol if st_shndx is either SHN_UNDEF or 1635 * SHN_COMMON. 1636 */ 1637 if (def->st_shndx == SHN_UNDEF || def->st_shndx == SHN_COMMON) 1638 continue; 1639 1640 /* 1641 * If the symbol is greater than the specified address, or if it 1642 * is further away from addr than the current nearest symbol, 1643 * then reject it. 1644 */ 1645 symbol_addr = obj->relocbase + def->st_value; 1646 if (symbol_addr > addr || symbol_addr < info->dli_saddr) 1647 continue; 1648 1649 /* Update our idea of the nearest symbol. */ 1650 info->dli_sname = obj->strtab + def->st_name; 1651 info->dli_saddr = symbol_addr; 1652 1653 /* Exact match? */ 1654 if (info->dli_saddr == addr) 1655 break; 1656 } 1657 rlock_release(); 1658 return 1; 1659 } 1660 1661 static void 1662 linkmap_add(Obj_Entry *obj) 1663 { 1664 struct link_map *l = &obj->linkmap; 1665 struct link_map *prev; 1666 1667 obj->linkmap.l_name = obj->path; 1668 obj->linkmap.l_addr = obj->mapbase; 1669 obj->linkmap.l_ld = obj->dynamic; 1670 #ifdef __mips__ 1671 /* GDB needs load offset on MIPS to use the symbols */ 1672 obj->linkmap.l_offs = obj->relocbase; 1673 #endif 1674 1675 if (r_debug.r_map == NULL) { 1676 r_debug.r_map = l; 1677 return; 1678 } 1679 1680 /* 1681 * Scan to the end of the list, but not past the entry for the 1682 * dynamic linker, which we want to keep at the very end. 1683 */ 1684 for (prev = r_debug.r_map; 1685 prev->l_next != NULL && prev->l_next != &obj_rtld.linkmap; 1686 prev = prev->l_next) 1687 ; 1688 1689 /* Link in the new entry. */ 1690 l->l_prev = prev; 1691 l->l_next = prev->l_next; 1692 if (l->l_next != NULL) 1693 l->l_next->l_prev = l; 1694 prev->l_next = l; 1695 } 1696 1697 static void 1698 linkmap_delete(Obj_Entry *obj) 1699 { 1700 struct link_map *l = &obj->linkmap; 1701 1702 if (l->l_prev == NULL) { 1703 if ((r_debug.r_map = l->l_next) != NULL) 1704 l->l_next->l_prev = NULL; 1705 return; 1706 } 1707 1708 if ((l->l_prev->l_next = l->l_next) != NULL) 1709 l->l_next->l_prev = l->l_prev; 1710 } 1711 1712 /* 1713 * Function for the debugger to set a breakpoint on to gain control. 1714 * 1715 * The two parameters allow the debugger to easily find and determine 1716 * what the runtime loader is doing and to whom it is doing it. 1717 * 1718 * When the loadhook trap is hit (r_debug_state, set at program 1719 * initialization), the arguments can be found on the stack: 1720 * 1721 * +8 struct link_map *m 1722 * +4 struct r_debug *rd 1723 * +0 RetAddr 1724 */ 1725 void 1726 r_debug_state(struct r_debug* rd, struct link_map *m) 1727 { 1728 } 1729 1730 /* 1731 * Set a pointer variable in the main program to the given value. This 1732 * is used to set key variables such as "environ" before any of the 1733 * init functions are called. 1734 */ 1735 static void 1736 set_program_var(const char *name, const void *value) 1737 { 1738 const Obj_Entry *obj; 1739 unsigned long hash; 1740 1741 hash = elf_hash(name); 1742 for (obj = obj_main; obj != NULL; obj = obj->next) { 1743 const Elf_Sym *def; 1744 1745 if ((def = symlook_obj(name, hash, obj, false)) != NULL) { 1746 const void **addr; 1747 1748 addr = (const void **)(obj->relocbase + def->st_value); 1749 dbg("\"%s\": *%p <-- %p", name, addr, value); 1750 *addr = value; 1751 break; 1752 } 1753 } 1754 } 1755 1756 /* 1757 * Given a symbol name in a referencing object, find the corresponding 1758 * definition of the symbol. Returns a pointer to the symbol, or NULL if 1759 * no definition was found. Returns a pointer to the Obj_Entry of the 1760 * defining object via the reference parameter DEFOBJ_OUT. 1761 */ 1762 static const Elf_Sym * 1763 symlook_default(const char *name, unsigned long hash, 1764 const Obj_Entry *refobj, const Obj_Entry **defobj_out, bool in_plt) 1765 { 1766 DoneList donelist; 1767 const Elf_Sym *def; 1768 const Elf_Sym *symp; 1769 const Obj_Entry *obj; 1770 const Obj_Entry *defobj; 1771 const Objlist_Entry *elm; 1772 def = NULL; 1773 defobj = NULL; 1774 donelist_init(&donelist); 1775 1776 /* Look first in the referencing object if linked symbolically. */ 1777 if (refobj->symbolic && !donelist_check(&donelist, refobj)) { 1778 symp = symlook_obj(name, hash, refobj, in_plt); 1779 if (symp != NULL) { 1780 def = symp; 1781 defobj = refobj; 1782 } 1783 } 1784 1785 /* Search all objects loaded at program start up. */ 1786 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1787 symp = symlook_list(name, hash, &list_main, &obj, in_plt, &donelist); 1788 if (symp != NULL && 1789 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1790 def = symp; 1791 defobj = obj; 1792 } 1793 } 1794 1795 /* Search all dlopened DAGs containing the referencing object. */ 1796 STAILQ_FOREACH(elm, &refobj->dldags, link) { 1797 if (def != NULL && ELF_ST_BIND(def->st_info) != STB_WEAK) 1798 break; 1799 symp = symlook_list(name, hash, &elm->obj->dagmembers, &obj, in_plt, 1800 &donelist); 1801 if (symp != NULL && 1802 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1803 def = symp; 1804 defobj = obj; 1805 } 1806 } 1807 1808 /* Search all RTLD_GLOBAL objects. */ 1809 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1810 symp = symlook_list(name, hash, &list_global, &obj, in_plt, &donelist); 1811 if (symp != NULL && 1812 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1813 def = symp; 1814 defobj = obj; 1815 } 1816 } 1817 1818 /* 1819 * Search the dynamic linker itself, and possibly resolve the 1820 * symbol from there. This is how the application links to 1821 * dynamic linker services such as dlopen. Only the values listed 1822 * in the "exports" array can be resolved from the dynamic linker. 1823 */ 1824 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1825 symp = symlook_obj(name, hash, &obj_rtld, in_plt); 1826 if (symp != NULL && is_exported(symp)) { 1827 def = symp; 1828 defobj = &obj_rtld; 1829 } 1830 } 1831 1832 if (def != NULL) 1833 *defobj_out = defobj; 1834 return def; 1835 } 1836 1837 static const Elf_Sym * 1838 symlook_list(const char *name, unsigned long hash, Objlist *objlist, 1839 const Obj_Entry **defobj_out, bool in_plt, DoneList *dlp) 1840 { 1841 const Elf_Sym *symp; 1842 const Elf_Sym *def; 1843 const Obj_Entry *defobj; 1844 const Objlist_Entry *elm; 1845 1846 def = NULL; 1847 defobj = NULL; 1848 STAILQ_FOREACH(elm, objlist, link) { 1849 if (donelist_check(dlp, elm->obj)) 1850 continue; 1851 if ((symp = symlook_obj(name, hash, elm->obj, in_plt)) != NULL) { 1852 if (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK) { 1853 def = symp; 1854 defobj = elm->obj; 1855 if (ELF_ST_BIND(def->st_info) != STB_WEAK) 1856 break; 1857 } 1858 } 1859 } 1860 if (def != NULL) 1861 *defobj_out = defobj; 1862 return def; 1863 } 1864 1865 /* 1866 * Search the symbol table of a single shared object for a symbol of 1867 * the given name. Returns a pointer to the symbol, or NULL if no 1868 * definition was found. 1869 * 1870 * The symbol's hash value is passed in for efficiency reasons; that 1871 * eliminates many recomputations of the hash value. 1872 */ 1873 const Elf_Sym * 1874 symlook_obj(const char *name, unsigned long hash, const Obj_Entry *obj, 1875 bool in_plt) 1876 { 1877 if (obj->buckets != NULL) { 1878 unsigned long symnum = obj->buckets[hash % obj->nbuckets]; 1879 1880 while (symnum != STN_UNDEF) { 1881 const Elf_Sym *symp; 1882 const char *strp; 1883 1884 if (symnum >= obj->nchains) 1885 return NULL; /* Bad object */ 1886 symp = obj->symtab + symnum; 1887 strp = obj->strtab + symp->st_name; 1888 1889 if (strcmp(name, strp) == 0) 1890 return symp->st_shndx != SHN_UNDEF || 1891 (!in_plt && symp->st_value != 0 && 1892 ELF_ST_TYPE(symp->st_info) == STT_FUNC) ? symp : NULL; 1893 1894 symnum = obj->chains[symnum]; 1895 } 1896 } 1897 return NULL; 1898 } 1899 1900 static void 1901 trace_loaded_objects(Obj_Entry *obj) 1902 { 1903 char *fmt1, *fmt2, *fmt, *main_local; 1904 int c; 1905 1906 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL) 1907 main_local = ""; 1908 1909 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL) 1910 fmt1 = "\t%o => %p (%x)\n"; 1911 1912 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL) 1913 fmt2 = "\t%o (%x)\n"; 1914 1915 for (; obj; obj = obj->next) { 1916 Needed_Entry *needed; 1917 char *name, *path; 1918 bool is_lib; 1919 1920 for (needed = obj->needed; needed; needed = needed->next) { 1921 if (needed->obj != NULL) { 1922 if (needed->obj->traced) 1923 continue; 1924 needed->obj->traced = true; 1925 path = needed->obj->path; 1926 } else 1927 path = "not found"; 1928 1929 name = (char *)obj->strtab + needed->name; 1930 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */ 1931 1932 fmt = is_lib ? fmt1 : fmt2; 1933 while ((c = *fmt++) != '\0') { 1934 switch (c) { 1935 default: 1936 putchar(c); 1937 continue; 1938 case '\\': 1939 switch (c = *fmt) { 1940 case '\0': 1941 continue; 1942 case 'n': 1943 putchar('\n'); 1944 break; 1945 case 't': 1946 putchar('\t'); 1947 break; 1948 } 1949 break; 1950 case '%': 1951 switch (c = *fmt) { 1952 case '\0': 1953 continue; 1954 case '%': 1955 default: 1956 putchar(c); 1957 break; 1958 case 'A': 1959 printf("%s", main_local); 1960 break; 1961 case 'a': 1962 printf("%s", obj_main->path); 1963 break; 1964 case 'o': 1965 printf("%s", name); 1966 break; 1967 #if 0 1968 case 'm': 1969 printf("%d", sodp->sod_major); 1970 break; 1971 case 'n': 1972 printf("%d", sodp->sod_minor); 1973 break; 1974 #endif 1975 case 'p': 1976 printf("%s", path); 1977 break; 1978 case 'x': 1979 printf("%p", needed->obj ? needed->obj->mapbase : 0); 1980 break; 1981 } 1982 break; 1983 } 1984 ++fmt; 1985 } 1986 } 1987 } 1988 } 1989 1990 /* 1991 * Unload a dlopened object and its dependencies from memory and from 1992 * our data structures. It is assumed that the DAG rooted in the 1993 * object has already been unreferenced, and that the object has a 1994 * reference count of 0. 1995 */ 1996 static void 1997 unload_object(Obj_Entry *root) 1998 { 1999 Obj_Entry *obj; 2000 Obj_Entry **linkp; 2001 Objlist_Entry *elm; 2002 2003 assert(root->refcount == 0); 2004 2005 /* Remove the DAG from all objects' DAG lists. */ 2006 STAILQ_FOREACH(elm, &root->dagmembers , link) 2007 objlist_remove(&elm->obj->dldags, root); 2008 2009 /* Remove the DAG from the RTLD_GLOBAL list. */ 2010 objlist_remove(&list_global, root); 2011 2012 /* Unmap all objects that are no longer referenced. */ 2013 linkp = &obj_list->next; 2014 while ((obj = *linkp) != NULL) { 2015 if (obj->refcount == 0) { 2016 dbg("unloading \"%s\"", obj->path); 2017 munmap(obj->mapbase, obj->mapsize); 2018 linkmap_delete(obj); 2019 *linkp = obj->next; 2020 obj_count--; 2021 obj_free(obj); 2022 } else 2023 linkp = &obj->next; 2024 } 2025 obj_tail = linkp; 2026 } 2027 2028 static void 2029 unref_dag(Obj_Entry *root) 2030 { 2031 const Needed_Entry *needed; 2032 2033 assert(root->refcount != 0); 2034 root->refcount--; 2035 if (root->refcount == 0) 2036 for (needed = root->needed; needed != NULL; needed = needed->next) 2037 if (needed->obj != NULL) 2038 unref_dag(needed->obj); 2039 } 2040 2041 /* 2042 * Non-mallocing printf, for use by malloc itself. 2043 * XXX - This doesn't belong in this module. 2044 */ 2045 void 2046 xprintf(const char *fmt, ...) 2047 { 2048 char buf[256]; 2049 va_list ap; 2050 2051 va_start(ap, fmt); 2052 vsprintf(buf, fmt, ap); 2053 (void)write(1, buf, strlen(buf)); 2054 va_end(ap); 2055 } 2056