1 /*- 2 * Copyright 1996-1998 John D. Polstra. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * $Id: rtld.c,v 1.7 1998/09/04 19:03:57 dfr Exp $ 26 */ 27 28 /* 29 * Dynamic linker for ELF. 30 * 31 * John Polstra <jdp@polstra.com>. 32 */ 33 34 #ifndef __GNUC__ 35 #error "GCC is needed to compile this file" 36 #endif 37 38 #include <sys/param.h> 39 #include <sys/mman.h> 40 41 #include <dlfcn.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <stdarg.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <unistd.h> 50 51 #include "debug.h" 52 #include "rtld.h" 53 54 /* 55 * Debugging support. 56 */ 57 58 #define assert(cond) ((cond) ? (void) 0 :\ 59 (msg("oops: " __XSTRING(__LINE__) "\n"), abort())) 60 #define msg(s) (write(1, s, strlen(s))) 61 #define trace() msg("trace: " __XSTRING(__LINE__) "\n"); 62 63 #define END_SYM "end" 64 65 /* Types. */ 66 typedef void (*func_ptr_type)(); 67 68 /* 69 * Function declarations. 70 */ 71 static void call_fini_functions(Obj_Entry *); 72 static void call_init_functions(Obj_Entry *); 73 static void die(void); 74 static void digest_dynamic(Obj_Entry *); 75 static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t); 76 static Obj_Entry *dlcheck(void *); 77 static char *find_library(const char *, const Obj_Entry *); 78 static const char *gethints(void); 79 static void init_rtld(caddr_t); 80 static bool is_exported(const Elf_Sym *); 81 static void linkmap_add(Obj_Entry *); 82 static void linkmap_delete(Obj_Entry *); 83 static int load_needed_objects(Obj_Entry *); 84 static Obj_Entry *load_object(char *); 85 static Obj_Entry *obj_from_addr(const void *); 86 static int relocate_objects(Obj_Entry *, bool); 87 static void rtld_exit(void); 88 static char *search_library_path(const char *, const char *); 89 static void unref_object_dag(Obj_Entry *); 90 static void trace_loaded_objects(Obj_Entry *obj); 91 92 void r_debug_state(void); 93 void xprintf(const char *, ...); 94 95 #ifdef DEBUG 96 static const char *basename(const char *); 97 #endif 98 99 /* Assembly language entry point for lazy binding. */ 100 extern void _rtld_bind_start(void); 101 102 /* 103 * Assembly language macro for getting the GOT pointer. 104 */ 105 #ifdef __i386__ 106 #define get_got_address() \ 107 ({ Elf_Addr *thegot; \ 108 __asm__("movl %%ebx,%0" : "=rm"(thegot)); \ 109 thegot; }) 110 #elif __alpha__ 111 #define get_got_address() NULL 112 #else 113 #error "This file only supports the i386 and alpha architectures" 114 #endif 115 116 /* 117 * Data declarations. 118 */ 119 static char *error_message; /* Message for dlerror(), or NULL */ 120 struct r_debug r_debug; /* for GDB; */ 121 static bool trust; /* False for setuid and setgid programs */ 122 static char *ld_bind_now; /* Environment variable for immediate binding */ 123 static char *ld_debug; /* Environment variable for debugging */ 124 static char *ld_library_path; /* Environment variable for search path */ 125 static char *ld_tracing; /* Called from ldd to print libs */ 126 static Obj_Entry **main_tail; /* Value of obj_tail after loading main and 127 its needed shared libraries */ 128 static Obj_Entry *obj_list; /* Head of linked list of shared objects */ 129 static Obj_Entry **obj_tail; /* Link field of last object in list */ 130 static Obj_Entry *obj_main; /* The main program shared object */ 131 static Obj_Entry obj_rtld; /* The dynamic linker shared object */ 132 133 #define GDB_STATE(s) r_debug.r_state = s; r_debug_state(); 134 135 extern Elf_Dyn _DYNAMIC; 136 137 /* 138 * These are the functions the dynamic linker exports to application 139 * programs. They are the only symbols the dynamic linker is willing 140 * to export from itself. 141 */ 142 static func_ptr_type exports[] = { 143 (func_ptr_type) &_rtld_error, 144 (func_ptr_type) &dlclose, 145 (func_ptr_type) &dlerror, 146 (func_ptr_type) &dlopen, 147 (func_ptr_type) &dlsym, 148 NULL 149 }; 150 151 /* 152 * Global declarations normally provided by crt1. The dynamic linker is 153 * not build with crt1, so we have to provide them ourselves. 154 */ 155 char *__progname; 156 char **environ; 157 158 /* 159 * Main entry point for dynamic linking. The first argument is the 160 * stack pointer. The stack is expected to be laid out as described 161 * in the SVR4 ABI specification, Intel 386 Processor Supplement. 162 * Specifically, the stack pointer points to a word containing 163 * ARGC. Following that in the stack is a null-terminated sequence 164 * of pointers to argument strings. Then comes a null-terminated 165 * sequence of pointers to environment strings. Finally, there is a 166 * sequence of "auxiliary vector" entries. 167 * 168 * The second argument points to a place to store the dynamic linker's 169 * exit procedure pointer and the third to a place to store the main 170 * program's object. 171 * 172 * The return value is the main program's entry point. 173 */ 174 func_ptr_type 175 _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) 176 { 177 Elf_Auxinfo *aux_info[AT_COUNT]; 178 int i; 179 int argc; 180 char **argv; 181 char **env; 182 Elf_Auxinfo *aux; 183 Elf_Auxinfo *auxp; 184 185 /* 186 * On entry, the dynamic linker itself has not been relocated yet. 187 * Be very careful not to reference any global data until after 188 * init_rtld has returned. It is OK to reference file-scope statics 189 * and string constants, and to call static and global functions. 190 */ 191 192 /* Find the auxiliary vector on the stack. */ 193 argc = *sp++; 194 argv = (char **) sp; 195 sp += argc + 1; /* Skip over arguments and NULL terminator */ 196 env = (char **) sp; 197 while (*sp++ != 0) /* Skip over environment, and NULL terminator */ 198 ; 199 aux = (Elf_Auxinfo *) sp; 200 201 /* Digest the auxiliary vector. */ 202 for (i = 0; i < AT_COUNT; i++) 203 aux_info[i] = NULL; 204 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) { 205 if (auxp->a_type < AT_COUNT) 206 aux_info[auxp->a_type] = auxp; 207 } 208 209 /* Initialize and relocate ourselves. */ 210 assert(aux_info[AT_BASE] != NULL); 211 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 212 213 __progname = obj_rtld.path; 214 environ = env; 215 216 trust = geteuid() == getuid() && getegid() == getgid(); 217 218 ld_bind_now = getenv("LD_BIND_NOW"); 219 if (trust) { 220 ld_debug = getenv("LD_DEBUG"); 221 ld_library_path = getenv("LD_LIBRARY_PATH"); 222 } 223 ld_tracing = getenv("LD_TRACE_LOADED_OBJECTS"); 224 225 if (ld_debug != NULL && *ld_debug != '\0') 226 debug = 1; 227 dbg("%s is initialized, base address = %p", __progname, 228 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 229 230 /* 231 * Load the main program, or process its program header if it is 232 * already loaded. 233 */ 234 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */ 235 int fd = aux_info[AT_EXECFD]->a_un.a_val; 236 dbg("loading main program"); 237 obj_main = map_object(fd); 238 close(fd); 239 if (obj_main == NULL) 240 die(); 241 } else { /* Main program already loaded. */ 242 const Elf_Phdr *phdr; 243 int phnum; 244 caddr_t entry; 245 246 dbg("processing main program's program header"); 247 assert(aux_info[AT_PHDR] != NULL); 248 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr; 249 assert(aux_info[AT_PHNUM] != NULL); 250 phnum = aux_info[AT_PHNUM]->a_un.a_val; 251 assert(aux_info[AT_PHENT] != NULL); 252 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr)); 253 assert(aux_info[AT_ENTRY] != NULL); 254 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr; 255 obj_main = digest_phdr(phdr, phnum, entry); 256 } 257 258 obj_main->path = xstrdup(argv[0]); 259 obj_main->mainprog = true; 260 digest_dynamic(obj_main); 261 262 linkmap_add(obj_main); 263 linkmap_add(&obj_rtld); 264 265 /* Link the main program into the list of objects. */ 266 *obj_tail = obj_main; 267 obj_tail = &obj_main->next; 268 obj_main->refcount++; 269 270 dbg("loading needed objects"); 271 if (load_needed_objects(obj_main) == -1) 272 die(); 273 main_tail = obj_tail; 274 275 if (ld_tracing) { /* We're done */ 276 trace_loaded_objects(obj_main); 277 exit(0); 278 } 279 280 dbg("relocating objects"); 281 if (relocate_objects(obj_main, 282 ld_bind_now != NULL && *ld_bind_now != '\0') == -1) 283 die(); 284 285 dbg("doing copy relocations"); 286 if (do_copy_relocations(obj_main) == -1) 287 die(); 288 289 dbg("calling _init functions"); 290 call_init_functions(obj_main->next); 291 292 dbg("transferring control to program entry point = %p", obj_main->entry); 293 294 r_debug_state(); /* say hello to gdb! */ 295 296 /* Return the exit procedure and the program entry point. */ 297 *exit_proc = rtld_exit; 298 *objp = obj_main; 299 return (func_ptr_type) obj_main->entry; 300 } 301 302 caddr_t 303 _rtld_bind(const Obj_Entry *obj, Elf_Word reloff) 304 { 305 const Elf_Rel *rel; 306 const Elf_Sym *def; 307 const Obj_Entry *defobj; 308 Elf_Addr *where; 309 caddr_t target; 310 311 if (obj->pltrel) 312 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff); 313 else 314 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff); 315 316 where = (Elf_Addr *) (obj->relocbase + rel->r_offset); 317 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true); 318 if (def == NULL) 319 die(); 320 321 target = (caddr_t) (defobj->relocbase + def->st_value); 322 323 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"", 324 defobj->strtab + def->st_name, basename(obj->path), 325 target, basename(defobj->path)); 326 327 *where = (Elf_Addr) target; 328 return target; 329 } 330 331 /* 332 * Error reporting function. Use it like printf. If formats the message 333 * into a buffer, and sets things up so that the next call to dlerror() 334 * will return the message. 335 */ 336 void 337 _rtld_error(const char *fmt, ...) 338 { 339 static char buf[512]; 340 va_list ap; 341 342 va_start(ap, fmt); 343 vsnprintf(buf, sizeof buf, fmt, ap); 344 error_message = buf; 345 va_end(ap); 346 } 347 348 #ifdef DEBUG 349 static const char * 350 basename(const char *name) 351 { 352 const char *p = strrchr(name, '/'); 353 return p != NULL ? p + 1 : name; 354 } 355 #endif 356 357 static void 358 call_fini_functions(Obj_Entry *first) 359 { 360 Obj_Entry *obj; 361 362 for (obj = first; obj != NULL; obj = obj->next) 363 if (obj->fini != NULL) 364 (*obj->fini)(); 365 } 366 367 static void 368 call_init_functions(Obj_Entry *first) 369 { 370 if (first != NULL) { 371 call_init_functions(first->next); 372 if (first->init != NULL) 373 (*first->init)(); 374 } 375 } 376 377 static void 378 die(void) 379 { 380 const char *msg = dlerror(); 381 382 if (msg == NULL) 383 msg = "Fatal error"; 384 errx(1, "%s", msg); 385 } 386 387 /* 388 * Process a shared object's DYNAMIC section, and save the important 389 * information in its Obj_Entry structure. 390 */ 391 static void 392 digest_dynamic(Obj_Entry *obj) 393 { 394 const Elf_Dyn *dynp; 395 Needed_Entry **needed_tail = &obj->needed; 396 const Elf_Dyn *dyn_rpath = NULL; 397 int plttype = DT_REL; 398 399 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { 400 switch (dynp->d_tag) { 401 402 case DT_REL: 403 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr); 404 break; 405 406 case DT_RELSZ: 407 obj->relsize = dynp->d_un.d_val; 408 break; 409 410 case DT_RELENT: 411 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 412 break; 413 414 case DT_JMPREL: 415 obj->pltrel = (const Elf_Rel *) 416 (obj->relocbase + dynp->d_un.d_ptr); 417 break; 418 419 case DT_PLTRELSZ: 420 obj->pltrelsize = dynp->d_un.d_val; 421 break; 422 423 case DT_RELA: 424 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr); 425 break; 426 427 case DT_RELASZ: 428 obj->relasize = dynp->d_un.d_val; 429 break; 430 431 case DT_RELAENT: 432 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 433 break; 434 435 case DT_PLTREL: 436 plttype = dynp->d_un.d_val; 437 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA); 438 break; 439 440 case DT_SYMTAB: 441 obj->symtab = (const Elf_Sym *) 442 (obj->relocbase + dynp->d_un.d_ptr); 443 break; 444 445 case DT_SYMENT: 446 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 447 break; 448 449 case DT_STRTAB: 450 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr); 451 break; 452 453 case DT_STRSZ: 454 obj->strsize = dynp->d_un.d_val; 455 break; 456 457 case DT_HASH: 458 { 459 const Elf_Addr *hashtab = (const Elf_Addr *) 460 (obj->relocbase + dynp->d_un.d_ptr); 461 obj->nbuckets = hashtab[0]; 462 obj->nchains = hashtab[1]; 463 obj->buckets = hashtab + 2; 464 obj->chains = obj->buckets + obj->nbuckets; 465 } 466 break; 467 468 case DT_NEEDED: 469 assert(!obj->rtld); 470 { 471 Needed_Entry *nep = NEW(Needed_Entry); 472 nep->name = dynp->d_un.d_val; 473 nep->obj = NULL; 474 nep->next = NULL; 475 476 *needed_tail = nep; 477 needed_tail = &nep->next; 478 } 479 break; 480 481 case DT_PLTGOT: 482 obj->got = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr); 483 break; 484 485 case DT_TEXTREL: 486 obj->textrel = true; 487 break; 488 489 case DT_SYMBOLIC: 490 obj->symbolic = true; 491 break; 492 493 case DT_RPATH: 494 /* 495 * We have to wait until later to process this, because we 496 * might not have gotten the address of the string table yet. 497 */ 498 dyn_rpath = dynp; 499 break; 500 501 case DT_SONAME: 502 /* Not used by the dynamic linker. */ 503 break; 504 505 case DT_INIT: 506 obj->init = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 507 break; 508 509 case DT_FINI: 510 obj->fini = (void (*)(void)) (obj->relocbase + dynp->d_un.d_ptr); 511 break; 512 513 case DT_DEBUG: 514 /* XXX - not implemented yet */ 515 dbg("Filling in DT_DEBUG entry"); 516 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug; 517 break; 518 519 default: 520 xprintf("Ignored d_tag %d\n",dynp->d_tag); 521 break; 522 } 523 } 524 525 obj->traced = false; 526 527 if (plttype == DT_RELA) { 528 obj->pltrela = (const Elf_Rela *) obj->pltrel; 529 obj->pltrel = NULL; 530 obj->pltrelasize = obj->pltrelsize; 531 obj->pltrelsize = 0; 532 } 533 534 if (dyn_rpath != NULL) 535 obj->rpath = obj->strtab + dyn_rpath->d_un.d_val; 536 } 537 538 /* 539 * Process a shared object's program header. This is used only for the 540 * main program, when the kernel has already loaded the main program 541 * into memory before calling the dynamic linker. It creates and 542 * returns an Obj_Entry structure. 543 */ 544 static Obj_Entry * 545 digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 546 { 547 Obj_Entry *obj = CNEW(Obj_Entry); 548 const Elf_Phdr *phlimit = phdr + phnum; 549 const Elf_Phdr *ph; 550 int nsegs = 0; 551 552 for (ph = phdr; ph < phlimit; ph++) { 553 switch (ph->p_type) { 554 555 case PT_PHDR: 556 assert((const Elf_Phdr *) ph->p_vaddr == phdr); 557 obj->phdr = (const Elf_Phdr *) ph->p_vaddr; 558 obj->phsize = ph->p_memsz; 559 break; 560 561 case PT_LOAD: 562 assert(nsegs < 2); 563 if (nsegs == 0) { /* First load segment */ 564 obj->vaddrbase = trunc_page(ph->p_vaddr); 565 obj->mapbase = (caddr_t) obj->vaddrbase; 566 obj->relocbase = obj->mapbase - obj->vaddrbase; 567 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) - 568 obj->vaddrbase; 569 } else { /* Last load segment */ 570 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) - 571 obj->vaddrbase; 572 } 573 nsegs++; 574 break; 575 576 case PT_DYNAMIC: 577 obj->dynamic = (const Elf_Dyn *) ph->p_vaddr; 578 break; 579 } 580 } 581 assert(nsegs == 2); 582 583 obj->entry = entry; 584 return obj; 585 } 586 587 static Obj_Entry * 588 dlcheck(void *handle) 589 { 590 Obj_Entry *obj; 591 592 for (obj = obj_list; obj != NULL; obj = obj->next) 593 if (obj == (Obj_Entry *) handle) 594 break; 595 596 if (obj == NULL || obj->dl_refcount == 0) { 597 _rtld_error("Invalid shared object handle %p", handle); 598 return NULL; 599 } 600 return obj; 601 } 602 603 /* 604 * Hash function for symbol table lookup. Don't even think about changing 605 * this. It is specified by the System V ABI. 606 */ 607 unsigned long 608 elf_hash(const char *name) 609 { 610 const unsigned char *p = (const unsigned char *) name; 611 unsigned long h = 0; 612 unsigned long g; 613 614 while (*p != '\0') { 615 h = (h << 4) + *p++; 616 if ((g = h & 0xf0000000) != 0) 617 h ^= g >> 24; 618 h &= ~g; 619 } 620 return h; 621 } 622 623 /* 624 * Find the library with the given name, and return its full pathname. 625 * The returned string is dynamically allocated. Generates an error 626 * message and returns NULL if the library cannot be found. 627 * 628 * If the second argument is non-NULL, then it refers to an already- 629 * loaded shared object, whose library search path will be searched. 630 * 631 * The search order is: 632 * LD_LIBRARY_PATH 633 * ldconfig hints 634 * rpath in the referencing file 635 * /usr/lib 636 */ 637 static char * 638 find_library(const char *name, const Obj_Entry *refobj) 639 { 640 char *pathname; 641 642 if (strchr(name, '/') != NULL) { /* Hard coded pathname */ 643 if (name[0] != '/' && !trust) { 644 _rtld_error("Absolute pathname required for shared object \"%s\"", 645 name); 646 return NULL; 647 } 648 return xstrdup(name); 649 } 650 651 dbg(" Searching for \"%s\"", name); 652 653 if ((pathname = search_library_path(name, ld_library_path)) != NULL || 654 (pathname = search_library_path(name, gethints())) != NULL || 655 (refobj != NULL && 656 (pathname = search_library_path(name, refobj->rpath)) != NULL) || 657 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL) 658 return pathname; 659 660 _rtld_error("Shared object \"%s\" not found", name); 661 return NULL; 662 } 663 664 /* 665 * Given a symbol number in a referencing object, find the corresponding 666 * definition of the symbol. Returns a pointer to the symbol, or NULL if 667 * no definition was found. Returns a pointer to the Obj_Entry of the 668 * defining object via the reference parameter DEFOBJ_OUT. 669 */ 670 const Elf_Sym * 671 find_symdef(unsigned long symnum, const Obj_Entry *refobj, 672 const Obj_Entry **defobj_out, bool in_plt) 673 { 674 const Elf_Sym *ref; 675 const Elf_Sym *strongdef; 676 const Elf_Sym *weakdef; 677 const Obj_Entry *obj; 678 const Obj_Entry *strongobj; 679 const Obj_Entry *weakobj; 680 const char *name; 681 unsigned long hash; 682 683 ref = refobj->symtab + symnum; 684 name = refobj->strtab + ref->st_name; 685 hash = elf_hash(name); 686 687 if (refobj->symbolic) { /* Look first in the referencing object */ 688 const Elf_Sym *def = symlook_obj(name, hash, refobj, in_plt); 689 if (def != NULL) { 690 *defobj_out = refobj; 691 return def; 692 } 693 } 694 695 /* 696 * Look in all loaded objects. Skip the referencing object, if 697 * we have already searched it. We keep track of the first weak 698 * definition and the first strong definition we encounter. If 699 * we find a strong definition we stop searching, because there 700 * won't be anything better than that. 701 */ 702 strongdef = weakdef = NULL; 703 strongobj = weakobj = NULL; 704 for (obj = obj_list; obj != NULL; obj = obj->next) { 705 if (obj != refobj || !refobj->symbolic) { 706 const Elf_Sym *def = symlook_obj(name, hash, obj, in_plt); 707 if (def != NULL) { 708 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 709 if (weakdef == NULL) { 710 weakdef = def; 711 weakobj = obj; 712 } 713 } else { 714 strongdef = def; 715 strongobj = obj; 716 break; /* We are done. */ 717 } 718 } 719 } 720 } 721 722 /* 723 * If we still don't have a strong definition, search the dynamic 724 * linker itself, and possibly resolve the symbol from there. 725 * This is how the application links to dynamic linker services 726 * such as dlopen. Only the values listed in the "exports" array 727 * can be resolved from the dynamic linker. 728 */ 729 if (strongdef == NULL) { 730 const Elf_Sym *def = symlook_obj(name, hash, &obj_rtld, in_plt); 731 if (def != NULL && is_exported(def)) { 732 if (ELF_ST_BIND(def->st_info) == STB_WEAK) { 733 if (weakdef == NULL) { 734 weakdef = def; 735 weakobj = &obj_rtld; 736 } 737 } else { 738 strongdef = def; 739 strongobj = &obj_rtld; 740 } 741 } 742 } 743 744 if (strongdef != NULL) { 745 *defobj_out = strongobj; 746 return strongdef; 747 } 748 if (weakdef != NULL) { 749 *defobj_out = weakobj; 750 return weakdef; 751 } 752 753 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name); 754 return NULL; 755 } 756 757 /* 758 * Return the search path from the ldconfig hints file, reading it if 759 * necessary. Returns NULL if there are problems with the hints file, 760 * or if the search path there is empty. 761 */ 762 static const char * 763 gethints(void) 764 { 765 static char *hints; 766 767 if (hints == NULL) { 768 int fd; 769 struct elfhints_hdr hdr; 770 char *p; 771 772 /* Keep from trying again in case the hints file is bad. */ 773 hints = ""; 774 775 if ((fd = open(_PATH_ELF_HINTS, O_RDONLY)) == -1) 776 return NULL; 777 if (read(fd, &hdr, sizeof hdr) != sizeof hdr || 778 hdr.magic != ELFHINTS_MAGIC || 779 hdr.version != 1) { 780 close(fd); 781 return NULL; 782 } 783 p = xmalloc(hdr.dirlistlen + 1); 784 if (lseek(fd, hdr.strtab + hdr.dirlist, SEEK_SET) == -1 || 785 read(fd, p, hdr.dirlistlen + 1) != hdr.dirlistlen + 1) { 786 free(p); 787 close(fd); 788 return NULL; 789 } 790 hints = p; 791 close(fd); 792 } 793 return hints[0] != '\0' ? hints : NULL; 794 } 795 796 /* 797 * Initialize the dynamic linker. The argument is the address at which 798 * the dynamic linker has been mapped into memory. The primary task of 799 * this function is to relocate the dynamic linker. 800 */ 801 static void 802 init_rtld(caddr_t mapbase) 803 { 804 /* Conjure up an Obj_Entry structure for the dynamic linker. */ 805 806 obj_rtld.path = "/usr/libexec/ld-elf.so.1"; 807 obj_rtld.rtld = true; 808 obj_rtld.mapbase = mapbase; 809 obj_rtld.relocbase = mapbase; 810 obj_rtld.got = get_got_address(); 811 #ifdef __alpha__ 812 obj_rtld.dynamic = (const Elf_Dyn *) &_DYNAMIC; 813 #else 814 obj_rtld.dynamic = (const Elf_Dyn *) (obj_rtld.mapbase + obj_rtld.got[0]); 815 #endif 816 817 digest_dynamic(&obj_rtld); 818 #ifdef __alpha__ 819 /* XXX XXX XXX */ 820 obj_rtld.got = NULL; 821 #endif 822 assert(obj_rtld.needed == NULL); 823 assert(!obj_rtld.textrel); 824 825 /* 826 * Temporarily put the dynamic linker entry into the object list, so 827 * that symbols can be found. 828 */ 829 obj_list = &obj_rtld; 830 obj_tail = &obj_rtld.next; 831 832 relocate_objects(&obj_rtld, true); 833 834 /* Make the object list empty again. */ 835 obj_list = NULL; 836 obj_tail = &obj_list; 837 838 r_debug.r_brk = r_debug_state; 839 r_debug.r_state = RT_CONSISTENT; 840 } 841 842 static bool 843 is_exported(const Elf_Sym *def) 844 { 845 func_ptr_type value; 846 const func_ptr_type *p; 847 848 value = (func_ptr_type)(obj_rtld.relocbase + def->st_value); 849 for (p = exports; *p != NULL; p++) 850 if (*p == value) 851 return true; 852 return false; 853 } 854 855 /* 856 * Given a shared object, traverse its list of needed objects, and load 857 * each of them. Returns 0 on success. Generates an error message and 858 * returns -1 on failure. 859 */ 860 static int 861 load_needed_objects(Obj_Entry *first) 862 { 863 Obj_Entry *obj; 864 865 for (obj = first; obj != NULL; obj = obj->next) { 866 Needed_Entry *needed; 867 868 for (needed = obj->needed; needed != NULL; needed = needed->next) { 869 const char *name = obj->strtab + needed->name; 870 char *path = find_library(name, obj); 871 872 needed->obj = NULL; 873 if (path == NULL && !ld_tracing) 874 return -1; 875 876 if (path) { 877 needed->obj = load_object(path); 878 if (needed->obj == NULL && !ld_tracing) 879 return -1; /* XXX - cleanup */ 880 } 881 } 882 } 883 884 return 0; 885 } 886 887 /* 888 * Load a shared object into memory, if it is not already loaded. The 889 * argument must be a string allocated on the heap. This function assumes 890 * responsibility for freeing it when necessary. 891 * 892 * Returns a pointer to the Obj_Entry for the object. Returns NULL 893 * on failure. 894 */ 895 static Obj_Entry * 896 load_object(char *path) 897 { 898 Obj_Entry *obj; 899 900 for (obj = obj_list->next; obj != NULL; obj = obj->next) 901 if (strcmp(obj->path, path) == 0) 902 break; 903 904 if (obj == NULL) { /* First use of this object, so we must map it in */ 905 int fd; 906 907 if ((fd = open(path, O_RDONLY)) == -1) { 908 _rtld_error("Cannot open \"%s\"", path); 909 return NULL; 910 } 911 obj = map_object(fd); 912 close(fd); 913 if (obj == NULL) { 914 free(path); 915 return NULL; 916 } 917 918 obj->path = path; 919 digest_dynamic(obj); 920 921 *obj_tail = obj; 922 obj_tail = &obj->next; 923 linkmap_add(obj); /* for GDB */ 924 925 dbg(" %p .. %p: %s", obj->mapbase, 926 obj->mapbase + obj->mapsize - 1, obj->path); 927 if (obj->textrel) 928 dbg(" WARNING: %s has impure text", obj->path); 929 } else 930 free(path); 931 932 obj->refcount++; 933 return obj; 934 } 935 936 static Obj_Entry * 937 obj_from_addr(const void *addr) 938 { 939 unsigned long endhash; 940 Obj_Entry *obj; 941 942 endhash = elf_hash(END_SYM); 943 for (obj = obj_list; obj != NULL; obj = obj->next) { 944 const Elf_Sym *endsym; 945 946 if (addr < (void *) obj->mapbase) 947 continue; 948 if ((endsym = symlook_obj(END_SYM, endhash, obj, true)) == NULL) 949 continue; /* No "end" symbol?! */ 950 if (addr < (void *) (obj->relocbase + endsym->st_value)) 951 return obj; 952 } 953 return NULL; 954 } 955 956 /* 957 * Relocate newly-loaded shared objects. The argument is a pointer to 958 * the Obj_Entry for the first such object. All objects from the first 959 * to the end of the list of objects are relocated. Returns 0 on success, 960 * or -1 on failure. 961 */ 962 static int 963 relocate_objects(Obj_Entry *first, bool bind_now) 964 { 965 Obj_Entry *obj; 966 967 for (obj = first; obj != NULL; obj = obj->next) { 968 if (obj->nbuckets == 0 || obj->nchains == 0 || obj->buckets == NULL || 969 obj->symtab == NULL || obj->strtab == NULL) { 970 _rtld_error("%s: Shared object has no run-time symbol table", 971 obj->path); 972 return -1; 973 } 974 975 if (obj->textrel) { 976 /* There are relocations to the write-protected text segment. */ 977 if (mprotect(obj->mapbase, obj->textsize, 978 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { 979 _rtld_error("%s: Cannot write-enable text segment: %s", 980 obj->path, strerror(errno)); 981 return -1; 982 } 983 } 984 985 /* Process the non-PLT relocations. */ 986 if (reloc_non_plt(obj, &obj_rtld)) 987 return -1; 988 989 if (obj->textrel) { /* Re-protected the text segment. */ 990 if (mprotect(obj->mapbase, obj->textsize, 991 PROT_READ|PROT_EXEC) == -1) { 992 _rtld_error("%s: Cannot write-protect text segment: %s", 993 obj->path, strerror(errno)); 994 return -1; 995 } 996 } 997 998 /* Process the PLT relocations. */ 999 if (reloc_plt(obj, bind_now)) 1000 return -1; 1001 1002 /* 1003 * Set up the magic number and version in the Obj_Entry. These 1004 * were checked in the crt1.o from the original ElfKit, so we 1005 * set them for backward compatibility. 1006 */ 1007 obj->magic = RTLD_MAGIC; 1008 obj->version = RTLD_VERSION; 1009 1010 /* Set the special GOT entries. */ 1011 if (obj->got) { 1012 #ifdef __i386__ 1013 obj->got[1] = (Elf_Addr) obj; 1014 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 1015 #endif 1016 #ifdef __alpha__ 1017 /* This function will be called to perform the relocation. */ 1018 obj->got[2] = (Elf_Addr) &_rtld_bind_start; 1019 /* Identify this shared object */ 1020 obj->got[3] = (Elf_Addr) obj; 1021 #endif 1022 } 1023 } 1024 1025 return 0; 1026 } 1027 1028 /* 1029 * Cleanup procedure. It will be called (by the atexit mechanism) just 1030 * before the process exits. 1031 */ 1032 static void 1033 rtld_exit(void) 1034 { 1035 dbg("rtld_exit()"); 1036 call_fini_functions(obj_list->next); 1037 } 1038 1039 static char * 1040 search_library_path(const char *name, const char *path) 1041 { 1042 size_t namelen = strlen(name); 1043 const char *p = path; 1044 1045 if (p == NULL) 1046 return NULL; 1047 1048 p += strspn(p, ":;"); 1049 while (*p != '\0') { 1050 size_t len = strcspn(p, ":;"); 1051 1052 if (*p == '/' || trust) { 1053 char *pathname; 1054 const char *dir = p; 1055 size_t dirlen = len; 1056 1057 pathname = xmalloc(dirlen + 1 + namelen + 1); 1058 strncpy(pathname, dir, dirlen); 1059 pathname[dirlen] = '/'; 1060 strcpy(pathname + dirlen + 1, name); 1061 1062 dbg(" Trying \"%s\"", pathname); 1063 if (access(pathname, F_OK) == 0) /* We found it */ 1064 return pathname; 1065 1066 free(pathname); 1067 } 1068 p += len; 1069 p += strspn(p, ":;"); 1070 } 1071 1072 return NULL; 1073 } 1074 1075 int 1076 dlclose(void *handle) 1077 { 1078 Obj_Entry *root = dlcheck(handle); 1079 1080 if (root == NULL) 1081 return -1; 1082 1083 GDB_STATE(RT_DELETE); 1084 1085 root->dl_refcount--; 1086 unref_object_dag(root); 1087 if (root->refcount == 0) { /* We are finished with some objects. */ 1088 Obj_Entry *obj; 1089 Obj_Entry **linkp; 1090 1091 /* Finalize objects that are about to be unmapped. */ 1092 for (obj = obj_list->next; obj != NULL; obj = obj->next) 1093 if (obj->refcount == 0 && obj->fini != NULL) 1094 (*obj->fini)(); 1095 1096 /* Unmap all objects that are no longer referenced. */ 1097 linkp = &obj_list->next; 1098 while ((obj = *linkp) != NULL) { 1099 if (obj->refcount == 0) { 1100 munmap(obj->mapbase, obj->mapsize); 1101 free(obj->path); 1102 while (obj->needed != NULL) { 1103 Needed_Entry *needed = obj->needed; 1104 obj->needed = needed->next; 1105 free(needed); 1106 } 1107 linkmap_delete(obj); 1108 *linkp = obj->next; 1109 free(obj); 1110 } else 1111 linkp = &obj->next; 1112 } 1113 } 1114 1115 GDB_STATE(RT_CONSISTENT); 1116 1117 return 0; 1118 } 1119 1120 const char * 1121 dlerror(void) 1122 { 1123 char *msg = error_message; 1124 error_message = NULL; 1125 return msg; 1126 } 1127 1128 void * 1129 dlopen(const char *name, int mode) 1130 { 1131 Obj_Entry **old_obj_tail = obj_tail; 1132 Obj_Entry *obj = NULL; 1133 1134 GDB_STATE(RT_ADD); 1135 1136 if (name == NULL) 1137 obj = obj_main; 1138 else { 1139 char *path = find_library(name, NULL); 1140 if (path != NULL) 1141 obj = load_object(path); 1142 } 1143 1144 if (obj) { 1145 obj->dl_refcount++; 1146 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1147 assert(*old_obj_tail == obj); 1148 1149 /* XXX - Clean up properly after an error. */ 1150 if (load_needed_objects(obj) == -1) { 1151 obj->dl_refcount--; 1152 obj = NULL; 1153 } else if (relocate_objects(obj, mode == RTLD_NOW) == -1) { 1154 obj->dl_refcount--; 1155 obj = NULL; 1156 } else 1157 call_init_functions(obj); 1158 } 1159 } 1160 1161 GDB_STATE(RT_CONSISTENT); 1162 1163 return obj; 1164 } 1165 1166 void * 1167 dlsym(void *handle, const char *name) 1168 { 1169 const Obj_Entry *obj; 1170 unsigned long hash; 1171 const Elf_Sym *def; 1172 1173 hash = elf_hash(name); 1174 def = NULL; 1175 1176 if (handle == NULL || handle == RTLD_NEXT) { 1177 void *retaddr; 1178 1179 retaddr = __builtin_return_address(0); /* __GNUC__ only */ 1180 if ((obj = obj_from_addr(retaddr)) == NULL) { 1181 _rtld_error("Cannot determine caller's shared object"); 1182 return NULL; 1183 } 1184 if (handle == NULL) /* Just the caller's shared object. */ 1185 def = symlook_obj(name, hash, obj, true); 1186 else { /* All the shared objects after the caller's */ 1187 while ((obj = obj->next) != NULL) 1188 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1189 break; 1190 } 1191 } else { 1192 if ((obj = dlcheck(handle)) == NULL) 1193 return NULL; 1194 1195 if (obj->mainprog) { 1196 /* Search main program and all libraries loaded by it. */ 1197 for ( ; obj != *main_tail; obj = obj->next) 1198 if ((def = symlook_obj(name, hash, obj, true)) != NULL) 1199 break; 1200 } else { 1201 /* 1202 * XXX - This isn't correct. The search should include the whole 1203 * DAG rooted at the given object. 1204 */ 1205 def = symlook_obj(name, hash, obj, true); 1206 } 1207 } 1208 1209 if (def != NULL) 1210 return obj->relocbase + def->st_value; 1211 1212 _rtld_error("Undefined symbol \"%s\"", name); 1213 return NULL; 1214 } 1215 1216 static void 1217 linkmap_add(Obj_Entry *obj) 1218 { 1219 struct link_map *l = &obj->linkmap; 1220 struct link_map *prev; 1221 1222 obj->linkmap.l_name = obj->path; 1223 obj->linkmap.l_addr = obj->mapbase; 1224 obj->linkmap.l_ld = obj->dynamic; 1225 #ifdef __mips__ 1226 /* GDB needs load offset on MIPS to use the symbols */ 1227 obj->linkmap.l_offs = obj->relocbase; 1228 #endif 1229 1230 if (r_debug.r_map == NULL) { 1231 r_debug.r_map = l; 1232 return; 1233 } 1234 1235 for (prev = r_debug.r_map; prev->l_next != NULL; prev = prev->l_next) 1236 ; 1237 l->l_prev = prev; 1238 prev->l_next = l; 1239 l->l_next = NULL; 1240 } 1241 1242 static void 1243 linkmap_delete(Obj_Entry *obj) 1244 { 1245 struct link_map *l = &obj->linkmap; 1246 1247 if (l->l_prev == NULL) { 1248 if ((r_debug.r_map = l->l_next) != NULL) 1249 l->l_next->l_prev = NULL; 1250 return; 1251 } 1252 1253 if ((l->l_prev->l_next = l->l_next) != NULL) 1254 l->l_next->l_prev = l->l_prev; 1255 } 1256 1257 /* 1258 * Function for the debugger to set a breakpoint on to gain control. 1259 */ 1260 void 1261 r_debug_state(void) 1262 { 1263 } 1264 1265 /* 1266 * Search the symbol table of a single shared object for a symbol of 1267 * the given name. Returns a pointer to the symbol, or NULL if no 1268 * definition was found. 1269 * 1270 * The symbol's hash value is passed in for efficiency reasons; that 1271 * eliminates many recomputations of the hash value. 1272 */ 1273 const Elf_Sym * 1274 symlook_obj(const char *name, unsigned long hash, const Obj_Entry *obj, 1275 bool in_plt) 1276 { 1277 unsigned long symnum = obj->buckets[hash % obj->nbuckets]; 1278 1279 while (symnum != STN_UNDEF) { 1280 const Elf_Sym *symp; 1281 const char *strp; 1282 1283 assert(symnum < obj->nchains); 1284 symp = obj->symtab + symnum; 1285 assert(symp->st_name != 0); 1286 strp = obj->strtab + symp->st_name; 1287 1288 if (strcmp(name, strp) == 0) 1289 return symp->st_shndx != SHN_UNDEF || 1290 (!in_plt && symp->st_value != 0 && 1291 ELF_ST_TYPE(symp->st_info) == STT_FUNC) ? symp : NULL; 1292 1293 symnum = obj->chains[symnum]; 1294 } 1295 1296 return NULL; 1297 } 1298 1299 static void 1300 trace_loaded_objects(Obj_Entry *obj) 1301 { 1302 char *fmt1, *fmt2, *fmt, *main_local; 1303 int c; 1304 1305 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL) 1306 main_local = ""; 1307 1308 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL) 1309 fmt1 = "\t%o => %p (%x)\n"; 1310 1311 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL) 1312 fmt2 = "\t%o (%x)\n"; 1313 1314 for (; obj; obj = obj->next) { 1315 Needed_Entry *needed; 1316 char *name, *path; 1317 bool is_lib; 1318 1319 for (needed = obj->needed; needed; needed = needed->next) { 1320 if (needed->obj != NULL) { 1321 if (needed->obj->traced) 1322 continue; 1323 needed->obj->traced = true; 1324 path = needed->obj->path; 1325 } else 1326 path = "not found"; 1327 1328 name = (char *)obj->strtab + needed->name; 1329 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */ 1330 1331 fmt = is_lib ? fmt1 : fmt2; 1332 while ((c = *fmt++) != '\0') { 1333 switch (c) { 1334 default: 1335 putchar(c); 1336 continue; 1337 case '\\': 1338 switch (c = *fmt) { 1339 case '\0': 1340 continue; 1341 case 'n': 1342 putchar('\n'); 1343 break; 1344 case 't': 1345 putchar('\t'); 1346 break; 1347 } 1348 break; 1349 case '%': 1350 switch (c = *fmt) { 1351 case '\0': 1352 continue; 1353 case '%': 1354 default: 1355 putchar(c); 1356 break; 1357 case 'A': 1358 printf("%s", main_local); 1359 break; 1360 case 'a': 1361 printf("%s", obj_main->path); 1362 break; 1363 case 'o': 1364 printf("%s", name); 1365 break; 1366 #if 0 1367 case 'm': 1368 printf("%d", sodp->sod_major); 1369 break; 1370 case 'n': 1371 printf("%d", sodp->sod_minor); 1372 break; 1373 #endif 1374 case 'p': 1375 printf("%s", path); 1376 break; 1377 case 'x': 1378 printf("%p", needed->obj ? needed->obj->mapbase : 0); 1379 break; 1380 } 1381 break; 1382 } 1383 ++fmt; 1384 } 1385 } 1386 } 1387 } 1388 1389 static void 1390 unref_object_dag(Obj_Entry *root) 1391 { 1392 assert(root->refcount != 0); 1393 root->refcount--; 1394 if (root->refcount == 0) { 1395 const Needed_Entry *needed; 1396 1397 for (needed = root->needed; needed != NULL; needed = needed->next) 1398 unref_object_dag(needed->obj); 1399 } 1400 } 1401 1402 /* 1403 * Non-mallocing printf, for use by malloc itself. 1404 * XXX - This doesn't belong in this module. 1405 */ 1406 void 1407 xprintf(const char *fmt, ...) 1408 { 1409 char buf[256]; 1410 va_list ap; 1411 1412 va_start(ap, fmt); 1413 vsprintf(buf, fmt, ap); 1414 (void)write(1, buf, strlen(buf)); 1415 va_end(ap); 1416 } 1417