1.\" Copyright (c) 1993 Paul Kranenburg 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Paul Kranenburg. 15.\" 3. The name of the author may not be used to endorse or promote products 16.\" derived from this software without specific prior written permission 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28.\" 29.\" $Id: link.5,v 1.4 1996/01/30 13:51:35 mpp Exp $ 30.\" 31.Dd October 23, 1993 32.Dt LINK 5 33.Os 34.Sh NAME 35.Nm link 36.Nd dynamic loader and link editor interface 37.Sh SYNOPSIS 38.Fd #include <link.h> 39.Sh DESCRIPTION 40The include file 41.Aq Pa link.h 42declares several structures that are present in dynamically linked 43programs and libraries. 44The structures define the interface between several components of the 45link-editor and loader mechanism. The layout of a number of these 46structures within the binaries resembles the a.out format in many places 47as it serves such similar functions as symbol definitions (including the 48accompanying string table) and relocation records needed to resolve 49references to external entities. It also records a number of data structures 50unique to the dynamic loading and linking process. These include references 51to other objects that are required to complete the link-editing process and 52indirection tables to facilitate 53.Em Position Independent Code 54(PIC for short) to improve sharing of code pages among different processes. 55The collection of data structures described here will be referred to as the 56.Em Run-time Relocation Section (RRS) 57and is embedded in the standard text and data segments of the dynamically 58linked program or shared object image as the existing 59.Xr a.out 5 60format offers no room for it elsewhere. 61.Pp 62Several utilities cooperate to ensure that the task of getting a program 63ready to run can complete successfully in a way that optimizes the use 64of system resources. The compiler emits PIC code from which shared libraries 65can be built by 66.Xr ld 1 . 67The compiler also includes size information of any initialized data items 68through the .size assembler directive. PIC code differs from conventional code 69in that it accesses data variables through an indirection table, the 70Global Offset Table, by convention accessible by the reserved name 71.Em _GLOBAL_OFFSET_TABLE_. 72The exact mechanism used for this is machine dependent, usually a machine 73register is reserved for the purpose. The rational behind this construct 74is to generate code that is independent of the actual load address. Only 75the values contained in the Global Offset Table may need updating at run-time 76depending on the load addresses of the various shared objects in the address 77space. 78.Pp 79Likewise, procedure calls to globally defined functions are redirected through 80the Procedure Linkage Table (PLT) residing in the data segment of the core 81image. Again, this is done to avoid run-time modifications to the text segment. 82.Pp 83The linker-editor allocates the Global Offset Table and Procedure Linkage Table 84when combining PIC object files into an image suitable for mapping into the 85process address space. It also collects all symbols that may be needed by the 86run-time link-editor and stores these along with the image's text and data bits. 87Another reserved symbol, 88.Em _DYNAMIC 89is used to indicate the presence of the run-time linker structures. Whenever 90_DYNAMIC is relocated to 0, there is no need to invoke the run-time 91link-editor. If this symbol is non-zero, it points at a data structure from 92which the location of the necessary relocation- and symbol information can 93be derived. This is most notably used by the start-up module, 94.Em crt0. 95The _DYNAMIC structure is conventionally located at the start of the data 96segment of the image to which it pertains. 97.Pp 98.Sh DATA STRUCTURES 99The data structures supporting dynamic linking and run-time relocation 100reside both in the text and data segments of the image they apply to. 101The text segments contain read-only data such as symbols descriptions and 102names, while the data segments contain the tables that need to be modified by 103during the relocation process. 104.Pp 105The _DYNAMIC symbol references a 106.Fa _dynamic 107structure: 108.Bd -literal -offset indent 109struct _dynamic { 110 int d_version; 111 struct so_debug *d_debug; 112 union { 113 struct section_dispatch_table *d_sdt; 114 } d_un; 115 struct ld_entry *d_entry; 116}; 117.Ed 118.Bl -tag -width d_version 119.It Fa d_version 120This field provides for different versions of the dynamic linking 121implementation. The current version numbers understood by 122.Xr ld 1 123and 124.Xr ld.so 1 125are 126.Em LD_VERSION_SUN (3), 127which is used by the SunOS 4.x releases, and 128.Em LD_VERSION_BSD (8), 129which is currently in use by FreeBSD since release 1.1. 130.It Fa d_un 131Refers to a 132.Em d_version 133dependent data structure. 134.It Fa so_debug 135this field provides debuggers with a hook to access symbol tables of shared 136objects loaded as a result of the actions of the run-time link-editor. 137.El 138.Pp 139The 140.Fa section_dispatch_table 141structure is the main 142.Dq dispatcher 143table, containing offsets into the image's segments where various symbol 144and relocation information is located. 145.Bd -literal -offset indent 146struct section_dispatch_table { 147 struct so_map *sdt_loaded; 148 long sdt_sods; 149 long sdt_filler1; 150 long sdt_got; 151 long sdt_plt; 152 long sdt_rel; 153 long sdt_hash; 154 long sdt_nzlist; 155 long sdt_filler2; 156 long sdt_buckets; 157 long sdt_strings; 158 long sdt_str_sz; 159 long sdt_text_sz; 160 long sdt_plt_sz; 161}; 162.Ed 163.Pp 164.Bl -tag -width sdt_filler1 165.It Fa sdt_loaded 166A pointer to the first link map loaded (see below). This field is set by 167.Nm ld.so 168.It Fa sdt_sods 169The start of a (linked) list of shared object descriptors needed by 170.Em this 171object. 172.It Fa sdt_filler1 173Deprecated (used by SunOS to specify library search rules). 174.It Fa sdt_got 175The location of the Global Offset Table within this image. 176.It Fa sdt_plt 177The location of the Procedure Linkage Table within this image. 178.It Fa sdt_rel 179The location of an array of 180.Fa relocation_info 181structures 182.Po 183see 184.Xr a.out 5 185.Pc 186specifying run-time relocations. 187.It Fa sdt_hash 188The location of the hash table for fast symbol lookup in this object's 189symbol table. 190.It Fa sdt_nzlist 191The location of the symbol table. 192.It Fa sdt_filler2 193Currently unused. 194.It Fa sdt_buckets 195The number of buckets in 196.Fa sdt_hash 197.It Fa sdt_strings 198The location of the symbol string table that goes with 199.Fa sdt_nzlist. 200.It Fa sdt_str_sz 201The size of the string table. 202.It Fa sdt_text_sz 203The size of the object's text segment. 204.It Fa sdt_plt_sz 205The size of the Procedure Linkage Table. 206.El 207.Pp 208A 209.Fa sod 210structure describes a shared object that is needed 211to complete the link edit process of the object containing it. 212A list of such objects 213.Po 214chained through 215.Fa sod_next 216.Pc 217is pointed at 218by the 219.Fa sdt_sods 220in the section_dispatch_table structure. 221.Bd -literal -offset indent 222struct sod { 223 long sod_name; 224 u_int sod_library : 1, 225 sod_reserved : 31; 226 short sod_major; 227 short sod_minor; 228 long sod_next; 229}; 230.Ed 231.Pp 232.Bl -tag -width sod_library 233.It Fa sod_name 234The offset in the text segment of a string describing this link object. 235.It Fa sod_library 236If set, 237.Fa sod_name 238specifies a library that is to be searched for by 239.Nm ld.so . 240The path name 241is obtained by searching a set of directories 242.Po 243see also 244.Xr ldconfig 8 245.Pc 246for a shared object matching 247.Em lib\&<sod_name>\&.so.n.m. 248If not set, 249.Fa sod_name 250should point at a full path name for the desired shared object. 251.It Fa sod_major 252Specifies the major version number of the shared object to load. 253.It Fa sod_minor 254Specifies the prefered minor version number of the shared object to load. 255.El 256.Pp 257The run-time link-editor maintains a list of structures called 258.Em link maps 259to keep track of all shared objects loaded into a process' address space. 260These structures are only used at run-time and do not occur within 261the text or data segment of an executable or shared library. 262.Bd -literal -offset indent 263struct so_map { 264 caddr_t som_addr; 265 char *som_path; 266 struct so_map *som_next; 267 struct sod *som_sod; 268 caddr_t som_sodbase; 269 u_int som_write : 1; 270 struct _dynamic *som_dynamic; 271 caddr_t som_spd; 272}; 273.Ed 274.Bl -tag -width som_dynamic 275.It Fa som_addr 276The address at which the shared object associated with this link map has 277been loaded. 278.It Fa som_path 279The full path name of the loaded object. 280.It Fa som_next 281Pointer to the next link map. 282.It Fa som_sod 283The 284.Fa sod 285structure that was responsible for loading this shared object. 286.It Fa som_sodbase 287Tossed in later versions the run-time linker. 288.It Fa som_write 289Set if (some portion of) this object's text segment is currently writable. 290.It Fa som_dynamic 291Pointer to this object's 292.Fa _dynamic 293structure. 294.It Fa som_spd 295Hook for attaching private data maintained by the run-time link-editor. 296.El 297.Pp 298Symbol description with size. This is simply an 299.Fa nlist 300structure with one field 301.Pq Fa nz_size 302added. Used to convey size information on items in the data segment 303of shared objects. An array of these lives in the shared object's 304text segment and is addressed by the 305.Fa sdt_nzlist 306field of 307.Fa section_dispatch_table. 308.Bd -literal -offset indent 309struct nzlist { 310 struct nlist nlist; 311 u_long nz_size; 312#define nz_un nlist.n_un 313#define nz_strx nlist.n_un.n_strx 314#define nz_name nlist.n_un.n_name 315#define nz_type nlist.n_type 316#define nz_value nlist.n_value 317#define nz_desc nlist.n_desc 318#define nz_other nlist.n_other 319}; 320.Ed 321.Bl -tag -width nz_size 322.It Fa nlist 323.Po 324see 325.Xr nlist 3 326.Pc . 327.It Fa nz_size 328The size of the data represented by this symbol. 329.El 330.Pp 331A hash table is included within the text segment of shared object to 332to facilitate quick lookup of symbols during run-time link-editing. 333The 334.Fa sdt_hash 335field of the 336.Fa section_dispatch_table 337structure points at an array of 338.Fa rrs_hash 339structures: 340.Bd -literal -offset indent 341struct rrs_hash { 342 int rh_symbolnum; /* symbol number */ 343 int rh_next; /* next hash entry */ 344}; 345.Ed 346.Pp 347.Bl -tag -width rh_symbolnum 348.It Fa rh_symbolnum 349The index of the symbol in the shared object's symbol table (as given by the 350.Fa ld_symbols 351field). 352.It Fa rh_next 353In case of collisions, this field is the offset of the next entry in this 354hash table bucket. It is zero for the last bucket element. 355.El 356The 357.Fa rt_symbol 358structure is used to keep track of run-time allocated commons 359and data items copied from shared objects. These items are kept on linked list 360and is exported through the 361.Fa dd_cc 362field in the 363.Fa so_debug 364structure (see below) for use by debuggers. 365.Bd -literal -offset indent 366struct rt_symbol { 367 struct nzlist *rt_sp; 368 struct rt_symbol *rt_next; 369 struct rt_symbol *rt_link; 370 caddr_t rt_srcaddr; 371 struct so_map *rt_smp; 372}; 373.Ed 374.Pp 375.Bl -tag -width rt_scraddr 376.It Fa rt_sp 377The symbol description. 378.It Fa rt_next 379Virtual address of next rt_symbol. 380.It Fa rt_link 381Next in hash bucket. Used by internally by 382.Nm ld.so . 383.It Fa rt_srcaddr 384Location of the source of initialized data within a shared object. 385.It Fa rt_smp 386The shared object which is the original source of the data that this 387run-time symbol describes. 388.El 389.Pp 390The 391.Fa so_debug 392structure is used by debuggers to gain knowledge of any shared objects 393that have been loaded in the process's address space as a result of run-time 394link-editing. Since the run-time link-editor runs as a part of process 395initialization, a debugger that wishes to access symbols from shared objects 396can only do so after the link-editor has been called from crt0. 397A dynamically linked binary contains a 398.Fa so_debug 399structure which can be located by means of the 400.Fa d_debug 401field in 402.Fa _dynamic. 403.Bd -literal -offset indent 404struct so_debug { 405 int dd_version; 406 int dd_in_debugger; 407 int dd_sym_loaded; 408 char *dd_bpt_addr; 409 int dd_bpt_shadow; 410 struct rt_symbol *dd_cc; 411}; 412.Ed 413.Pp 414.Bl -tag -width dd_in_debugger 415.It Fa dd_version 416Version number of this interface. 417.It Fa dd_in_debugger 418Set by the debugger to indicate to the run-time linker that the program is 419run under control of a debugger. 420.It Fa dd_sym_loaded 421Set by the run-time linker whenever it adds symbols by loading shared objects. 422.It Fa dd_bpt_addr 423The address were a breakpoint will be set by the the run-time linker to 424divert control to the debugger. This address is determined by the start-up 425module, 426.Em crt0.o, 427to be some convenient place before the call to _main.<.It Fa dd_bpt_shadow 428Contains the original instruction that was at 429.Fa dd_bpt_addr. 430The debugger is expected to put this instruction back before continuing the 431program. 432.It Fa dd_cc 433A pointer to the linked list of run-time allocated symbols that the debugger 434may be interested in. 435.El 436.Pp 437The 438.Em ld_entry 439structure defines a set of service routines within 440.Nm ld.so . 441.\" See 442.\" .Xr libdl.a 443.\" for more information. 444.Bd -literal -offset indent 445struct ld_entry { 446 void *(*dlopen)(char *, int); 447 int (*dlclose)(void *); 448 void *(*dlsym)(void *, char *); 449 char *(*dlerror)(void); 450}; 451.Ed 452 453The 454.Fa crt_ldso 455structure defines the interface between the start-up code in crt0 and 456.Nm ld.so . 457.Bd -literal -offset indent 458struct crt_ldso { 459 int crt_ba; 460 int crt_dzfd; 461 int crt_ldfd; 462 struct _dynamic *crt_dp; 463 char **crt_ep; 464 caddr_t crt_bp; 465 char *crt_prog; 466 char *crt_ldso; 467 struct ld_entry *crt_ldentry; 468}; 469#define CRT_VERSION_SUN 1 470#define CRT_VERSION_BSD_2 2 471#define CRT_VERSION_BSD_3 3 472#define CRT_VERSION_BSD_4 4 473.Ed 474.Bl -tag -width crt_dzfd 475.It Fa crt_ba 476The virtual address at which 477.Nm ld.so 478was loaded by crt0. 479.It Fa crt_dzfd 480On SunOS systems, this field contains an open file descriptor to 481.Dq Pa /dev/zero 482used to get demand paged zeroed pages. On FreeBSD systems it contains -1. 483.It Fa crt_ldfd 484Contains an open file descriptor that was used by crt0 to load 485.Nm ld.so . 486.It Fa crt_dp 487A pointer to main's 488.Fa _dynamic 489structure. 490.It Fa crt_ep 491A pointer to the environment strings. 492.It Fa crt_bp 493The address at which a breakpoint will be placed by the run-time linker 494if the main program is run by a debugger. 495See 496.Fa so_debug 497.It Fa crt_prog 498The name of the main program as determined by crt0 (CRT_VERSION_BSD3 only). 499.It Fa crt_ldso 500The path of the run-time linker as mapped by crt0 (CRT_VERSION_BSD4 only). 501.El 502.Pp 503The 504.Fa hints_header 505and 506.Fa hints_bucket 507structures define the layout of the library hints, normally found in 508.Dq Pa /var/run/ld.so.hints , 509which is used by 510.Nm ld.so 511to quickly locate the shared object images in the 512filesystem. 513The organization of the hints file is not unlike that of an 514.Dq a.out 515object file, in that it contains a header determining the offset and size 516of a table of fixed sized hash buckets and a common string pool. 517.Bd -literal -offset indent 518struct hints_header { 519 long hh_magic; 520#define HH_MAGIC 011421044151 521 long hh_version; 522#define LD_HINTS_VERSION_1 1 523 long hh_hashtab; 524 long hh_nbucket; 525 long hh_strtab; 526 long hh_strtab_sz; 527 long hh_ehints; 528}; 529.Ed 530.Bl -tag -width hh_strtab_sz 531.It Fa hh_magic 532Hints file magic number. 533.It Fa hh_version 534Interface version number. 535.It Fa hh_hashtab 536Offset of hash table. 537.It Fa hh_strtab 538Offset of string table. 539.It Fa hh_strtab_sz 540Size of strings. 541.It Fa hh_ehints 542Maximum usable offset in hints file. 543.El 544.Pp 545.Bd -literal -offset indent 546/* 547 * Hash table element in hints file. 548 */ 549struct hints_bucket { 550 int hi_namex; 551 int hi_pathx; 552 int hi_dewey[MAXDEWEY]; 553 int hi_ndewey; 554#define hi_major hi_dewey[0] 555#define hi_minor hi_dewey[1] 556 int hi_next; 557}; 558.Ed 559.Bl -tag -width hi_ndewey 560.It Fa hi_namex 561Index of the string identifying the library. 562.It Fa hi_pathx 563Index of the string representing the full path name of the library. 564.It Fa hi_dewey 565The version numbers of the shared library. 566.It Fa hi_ndewey 567The number of valid entries in 568.Fa hi_dewey. 569.It Fa hi_next 570Next bucket in case of hashing collisions. 571.El 572 573.Sh CAVEATS 574Only the (GNU) C compiler currently supports the creation of shared libraries. 575Other programming languages can not be used. 576 577