1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 2015, Joyent, Inc. All rights reserved. 29 */ 30 31 /* 32 * Dump an elf file. 33 */ 34 #include <stddef.h> 35 #include <sys/elf_386.h> 36 #include <sys/elf_amd64.h> 37 #include <sys/elf_SPARC.h> 38 #include <_libelf.h> 39 #include <dwarf.h> 40 #include <stdio.h> 41 #include <unistd.h> 42 #include <errno.h> 43 #include <strings.h> 44 #include <debug.h> 45 #include <conv.h> 46 #include <msg.h> 47 #include <_elfdump.h> 48 49 50 /* 51 * VERSYM_STATE is used to maintain information about the VERSYM section 52 * in the object being analyzed. It is filled in by versions(), and used 53 * by init_symtbl_state() when displaying symbol information. 54 * 55 * There are three forms of symbol versioning known to us: 56 * 57 * 1) The original form, introduced with Solaris 2.5, in which 58 * the Versym contains indexes to Verdef records, and the 59 * Versym values for UNDEF symbols resolved by other objects 60 * are all set to 0. 61 * 2) The GNU form, which is backward compatible with the original 62 * Solaris form, but which adds several extensions: 63 * - The Versym also contains indexes to Verneed records, recording 64 * which object/version contributed the external symbol at 65 * link time. These indexes start with the next value following 66 * the final Verdef index. The index is written to the previously 67 * reserved vna_other field of the ELF Vernaux structure. 68 * - The top bit of the Versym value is no longer part of the index, 69 * but is used as a "hidden bit" to prevent binding to the symbol. 70 * - Multiple implementations of a given symbol, contained in varying 71 * versions are allowed, using special assembler pseudo ops, 72 * and encoded in the symbol name using '@' characters. 73 * 3) Modified Solaris form, in which we adopt the first GNU extension 74 * (Versym indexes to Verneed records), but not the others. 75 * 76 * elfdump can handle any of these cases. The presence of a DT_VERSYM 77 * dynamic element indicates a full GNU object. An object that lacks 78 * a DT_VERSYM entry, but which has non-zero vna_other fields in the Vernaux 79 * structures is a modified Solaris object. An object that has neither of 80 * these uses the original form. 81 * 82 * max_verndx contains the largest version index that can appear 83 * in a Versym entry. This can never be less than 1: In the case where 84 * there is no verdef/verneed sections, the [0] index is reserved 85 * for local symbols, and the [1] index for globals. If the original 86 * Solaris versioning rules are in effect and there is a verdef section, 87 * then max_verndex is the number of defined versions. If one of the 88 * other versioning forms is in effect, then: 89 * 1) If there is no verneed section, it is the same as for 90 * original Solaris versioning. 91 * 2) If there is a verneed section, the vna_other field of the 92 * Vernaux structs contain versions, and max_verndx is the 93 * largest such index. 94 * 95 * If gnu_full is True, the object uses the full GNU form of versioning. 96 * The value of the gnu_full field is based on the presence of 97 * a DT_VERSYM entry in the dynamic section: GNU ld produces these, and 98 * Solaris ld does not. 99 * 100 * The gnu_needed field is True if the Versym contains indexes to 101 * Verneed records, as indicated by non-zero vna_other fields in the Verneed 102 * section. If gnu_full is True, then gnu_needed will always be true. 103 * However, gnu_needed can be true without gnu_full. This is the modified 104 * Solaris form. 105 */ 106 typedef struct { 107 Cache *cache; /* Pointer to cache entry for VERSYM */ 108 Versym *data; /* Pointer to versym array */ 109 int gnu_full; /* True if object uses GNU versioning rules */ 110 int gnu_needed; /* True if object uses VERSYM indexes for */ 111 /* VERNEED (subset of gnu_full) */ 112 int max_verndx; /* largest versym index value */ 113 } VERSYM_STATE; 114 115 /* 116 * SYMTBL_STATE is used to maintain information about a single symbol 117 * table section, for use by the routines that display symbol information. 118 */ 119 typedef struct { 120 const char *file; /* Name of file */ 121 Ehdr *ehdr; /* ELF header for file */ 122 Cache *cache; /* Cache of all section headers */ 123 uchar_t osabi; /* OSABI to use */ 124 Word shnum; /* # of sections in cache */ 125 Cache *seccache; /* Cache of symbol table section hdr */ 126 Word secndx; /* Index of symbol table section hdr */ 127 const char *secname; /* Name of section */ 128 uint_t flags; /* Command line option flags */ 129 struct { /* Extended section index data */ 130 int checked; /* TRUE if already checked for shxndx */ 131 Word *data; /* NULL, or extended section index */ 132 /* used for symbol table entries */ 133 uint_t n; /* # items in shxndx.data */ 134 } shxndx; 135 VERSYM_STATE *versym; /* NULL, or associated VERSYM section */ 136 Sym *sym; /* Array of symbols */ 137 Word symn; /* # of symbols */ 138 } SYMTBL_STATE; 139 140 /* 141 * A variable of this type is used to track information related to 142 * .eh_frame and .eh_frame_hdr sections across calls to unwind_eh_frame(). 143 */ 144 typedef struct { 145 Word frame_cnt; /* # .eh_frame sections seen */ 146 Word frame_ndx; /* Section index of 1st .eh_frame */ 147 Word hdr_cnt; /* # .eh_frame_hdr sections seen */ 148 Word hdr_ndx; /* Section index of 1st .eh_frame_hdr */ 149 uint64_t frame_ptr; /* Value of FramePtr field from first */ 150 /* .eh_frame_hdr section */ 151 uint64_t frame_base; /* Data addr of 1st .eh_frame */ 152 } gnu_eh_state_t; 153 154 /* 155 * C++ .exception_ranges entries make use of the signed ptrdiff_t 156 * type to record self-relative pointer values. We need a type 157 * for this that is matched to the ELFCLASS being processed. 158 */ 159 #if defined(_ELF64) 160 typedef int64_t PTRDIFF_T; 161 #else 162 typedef int32_t PTRDIFF_T; 163 #endif 164 165 /* 166 * The Sun C++ ABI uses this struct to define each .exception_ranges 167 * entry. From the ABI: 168 * 169 * The field ret_addr is a self relative pointer to the start of the address 170 * range. The name was chosen because in the current implementation the range 171 * typically starts at the return address for a call site. 172 * 173 * The field length is the difference, in bytes, between the pc of the last 174 * instruction covered by the exception range and the first. When only a 175 * single call site is represented without optimization, this will equal zero. 176 * 177 * The field handler_addr is a relative pointer which stores the difference 178 * between the start of the exception range and the address of all code to 179 * catch exceptions and perform the cleanup for stack unwinding. 180 * 181 * The field type_block is a relative pointer which stores the difference 182 * between the start of the exception range and the address of an array used 183 * for storing a list of the types of exceptions which can be caught within 184 * the exception range. 185 */ 186 typedef struct { 187 PTRDIFF_T ret_addr; 188 Xword length; 189 PTRDIFF_T handler_addr; 190 PTRDIFF_T type_block; 191 Xword reserved; 192 } exception_range_entry; 193 194 /* 195 * Focal point for verifying symbol names. 196 */ 197 static const char * 198 string(Cache *refsec, Word ndx, Cache *strsec, const char *file, Word name) 199 { 200 /* 201 * If an error in this routine is due to a property of the string 202 * section, as opposed to a bad offset into the section (a property of 203 * the referencing section), then we will detect the same error on 204 * every call involving those sections. We use these static variables 205 * to retain the information needed to only issue each such error once. 206 */ 207 static Cache *last_refsec; /* Last referencing section seen */ 208 static int strsec_err; /* True if error issued */ 209 210 const char *strs; 211 Word strn; 212 213 if ((strsec->c_data == NULL) || (strsec->c_data->d_buf == NULL)) 214 return (NULL); 215 216 strs = (char *)strsec->c_data->d_buf; 217 strn = strsec->c_data->d_size; 218 219 /* 220 * We only print a diagnostic regarding a bad string table once per 221 * input section being processed. If the refsec has changed, reset 222 * our retained error state. 223 */ 224 if (last_refsec != refsec) { 225 last_refsec = refsec; 226 strsec_err = 0; 227 } 228 229 /* Verify that strsec really is a string table */ 230 if (strsec->c_shdr->sh_type != SHT_STRTAB) { 231 if (!strsec_err) { 232 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOTSTRTAB), 233 file, strsec->c_ndx, refsec->c_ndx); 234 strsec_err = 1; 235 } 236 return (MSG_INTL(MSG_STR_UNKNOWN)); 237 } 238 239 /* 240 * Is the string table offset within range of the available strings? 241 */ 242 if (name >= strn) { 243 /* 244 * Do we have a empty string table? 245 */ 246 if (strs == NULL) { 247 if (!strsec_err) { 248 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 249 file, strsec->c_name); 250 strsec_err = 1; 251 } 252 } else { 253 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSTOFF), 254 file, refsec->c_name, EC_WORD(ndx), strsec->c_name, 255 EC_WORD(name), EC_WORD(strn - 1)); 256 } 257 258 /* 259 * Return the empty string so that the calling function can 260 * continue it's output diagnostics. 261 */ 262 return (MSG_INTL(MSG_STR_UNKNOWN)); 263 } 264 return (strs + name); 265 } 266 267 /* 268 * Relocations can reference section symbols and standard symbols. If the 269 * former, establish the section name. 270 */ 271 static const char * 272 relsymname(Cache *cache, Cache *csec, Cache *strsec, Word symndx, Word symnum, 273 Word relndx, Sym *syms, char *secstr, size_t secsz, const char *file) 274 { 275 Sym *sym; 276 const char *name; 277 278 if (symndx >= symnum) { 279 (void) fprintf(stderr, MSG_INTL(MSG_ERR_RELBADSYMNDX), 280 file, EC_WORD(symndx), EC_WORD(relndx)); 281 return (MSG_INTL(MSG_STR_UNKNOWN)); 282 } 283 284 sym = (Sym *)(syms + symndx); 285 name = string(csec, symndx, strsec, file, sym->st_name); 286 287 /* 288 * If the symbol represents a section offset construct an appropriate 289 * string. Note, although section symbol table entries typically have 290 * a NULL name pointer, entries do exist that point into the string 291 * table to their own NULL strings. 292 */ 293 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION) && 294 ((sym->st_name == 0) || (*name == '\0'))) { 295 (void) snprintf(secstr, secsz, MSG_INTL(MSG_STR_SECTION), 296 cache[sym->st_shndx].c_name); 297 return ((const char *)secstr); 298 } 299 300 return (name); 301 } 302 303 /* 304 * Focal point for establishing a string table section. Data such as the 305 * dynamic information simply points to a string table. Data such as 306 * relocations, reference a symbol table, which in turn is associated with a 307 * string table. 308 */ 309 static int 310 stringtbl(Cache *cache, int symtab, Word ndx, Word shnum, const char *file, 311 Word *symnum, Cache **symsec, Cache **strsec) 312 { 313 Shdr *shdr = cache[ndx].c_shdr; 314 315 /* 316 * If symtab is non-zero, the ndx we are called with represents a 317 * shdr which links to a symbol table (which then links to a string 318 * table) 319 */ 320 if (symtab != 0) { 321 /* 322 * Validate the symbol table linkage. 323 */ 324 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 325 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 326 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 327 return (0); 328 } 329 330 /* 331 * Establish the symbol table index. 332 */ 333 ndx = shdr->sh_link; 334 shdr = cache[ndx].c_shdr; 335 336 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 337 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 338 file, cache[ndx].c_name); 339 return (0); 340 } 341 342 /* 343 * Obtain, and verify the symbol table data. 344 */ 345 if ((cache[ndx].c_data == NULL) || 346 (cache[ndx].c_data->d_buf == NULL)) { 347 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 348 file, cache[ndx].c_name); 349 return (0); 350 } 351 352 /* 353 * Return symbol table information. 354 */ 355 if (symnum) 356 *symnum = (shdr->sh_size / shdr->sh_entsize); 357 if (symsec) 358 *symsec = &cache[ndx]; 359 } 360 361 /* 362 * Validate the string table linkage. 363 */ 364 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 365 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 366 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 367 return (0); 368 } 369 370 if (strsec) 371 *strsec = &cache[shdr->sh_link]; 372 373 return (1); 374 } 375 376 /* 377 * Lookup a symbol and set Sym accordingly. 378 * 379 * entry: 380 * name - Name of symbol to lookup 381 * cache - Cache of all section headers 382 * shnum - # of sections in cache 383 * sym - Address of pointer to receive symbol 384 * target - NULL, or section to which the symbol must be associated. 385 * symtab - Symbol table to search for symbol 386 * file - Name of file 387 * 388 * exit: 389 * If the symbol is found, *sym is set to reference it, and True is 390 * returned. If target is non-NULL, the symbol must reference the given 391 * section --- otherwise the section is not checked. 392 * 393 * If no symbol is found, False is returned. 394 */ 395 static int 396 symlookup(const char *name, Cache *cache, Word shnum, Sym **sym, 397 Cache *target, Cache *symtab, const char *file) 398 { 399 Shdr *shdr; 400 Word symn, cnt; 401 Sym *syms; 402 403 if (symtab == 0) 404 return (0); 405 406 shdr = symtab->c_shdr; 407 408 /* 409 * Determine the symbol data and number. 410 */ 411 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 412 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 413 file, symtab->c_name); 414 return (0); 415 } 416 if ((symtab->c_data == NULL) || (symtab->c_data->d_buf == NULL)) 417 return (0); 418 419 /* LINTED */ 420 symn = (Word)(shdr->sh_size / shdr->sh_entsize); 421 syms = (Sym *)symtab->c_data->d_buf; 422 423 /* 424 * Get the associated string table section. 425 */ 426 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 427 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 428 file, symtab->c_name, EC_WORD(shdr->sh_link)); 429 return (0); 430 } 431 432 /* 433 * Loop through the symbol table to find a match. 434 */ 435 *sym = NULL; 436 for (cnt = 0; cnt < symn; syms++, cnt++) { 437 const char *symname; 438 439 symname = string(symtab, cnt, &cache[shdr->sh_link], file, 440 syms->st_name); 441 442 if (symname && (strcmp(name, symname) == 0) && 443 ((target == NULL) || (target->c_ndx == syms->st_shndx))) { 444 /* 445 * It is possible, though rare, for a local and 446 * global symbol of the same name to exist, each 447 * contributed by a different input object. If the 448 * symbol just found is local, remember it, but 449 * continue looking. 450 */ 451 *sym = syms; 452 if (ELF_ST_BIND(syms->st_info) != STB_LOCAL) 453 break; 454 } 455 } 456 457 return (*sym != NULL); 458 } 459 460 /* 461 * Print section headers. 462 */ 463 static void 464 sections(const char *file, Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi) 465 { 466 size_t seccnt; 467 468 for (seccnt = 1; seccnt < shnum; seccnt++) { 469 Cache *_cache = &cache[seccnt]; 470 Shdr *shdr = _cache->c_shdr; 471 const char *secname = _cache->c_name; 472 473 /* 474 * Although numerous section header entries can be zero, it's 475 * usually a sign of trouble if the type is zero. 476 */ 477 if (shdr->sh_type == 0) { 478 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHTYPE), 479 file, secname, EC_WORD(shdr->sh_type)); 480 } 481 482 if (!match(MATCH_F_ALL, secname, seccnt, shdr->sh_type)) 483 continue; 484 485 /* 486 * Identify any sections that are suspicious. A .got section 487 * shouldn't exist in a relocatable object. 488 */ 489 if (ehdr->e_type == ET_REL) { 490 if (strncmp(secname, MSG_ORIG(MSG_ELF_GOT), 491 MSG_ELF_GOT_SIZE) == 0) { 492 (void) fprintf(stderr, 493 MSG_INTL(MSG_GOT_UNEXPECTED), file, 494 secname); 495 } 496 } 497 498 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 499 dbg_print(0, MSG_INTL(MSG_ELF_SHDR), EC_WORD(seccnt), secname); 500 Elf_shdr(0, osabi, ehdr->e_machine, shdr); 501 } 502 } 503 504 /* 505 * Obtain a specified Phdr entry. 506 */ 507 static Phdr * 508 getphdr(Word phnum, Word *type_arr, Word type_cnt, const char *file, Elf *elf, 509 size_t *phndx) 510 { 511 Word cnt, tcnt; 512 Phdr *phdr; 513 514 if (phndx != NULL) 515 *phndx = 0; 516 517 if ((phdr = elf_getphdr(elf)) == NULL) { 518 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 519 return (NULL); 520 } 521 522 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 523 for (tcnt = 0; tcnt < type_cnt; tcnt++) { 524 if (phdr->p_type == type_arr[tcnt]) { 525 if (phndx != NULL) { 526 *phndx = cnt; 527 } 528 return (phdr); 529 } 530 } 531 } 532 return (NULL); 533 } 534 535 /* 536 * Display the contents of GNU/amd64 .eh_frame and .eh_frame_hdr 537 * sections. 538 * 539 * entry: 540 * cache - Cache of all section headers 541 * shndx - Index of .eh_frame or .eh_frame_hdr section to be displayed 542 * shnum - Total number of sections which exist 543 * uphdr - NULL, or unwind program header associated with 544 * the .eh_frame_hdr section. 545 * ehdr - ELF header for file 546 * eh_state - Data used across calls to this routine. The 547 * caller should zero it before the first call, and 548 * pass it on every call. 549 * osabi - OSABI to use in displaying information 550 * file - Name of file 551 * flags - Command line option flags 552 */ 553 static void 554 unwind_eh_frame(Cache *cache, Word shndx, Word shnum, Phdr *uphdr, Ehdr *ehdr, 555 gnu_eh_state_t *eh_state, uchar_t osabi, const char *file, uint_t flags) 556 { 557 #if defined(_ELF64) 558 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_64 559 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_64 560 #else 561 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_32 562 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_32 563 #endif 564 565 Cache *_cache = &cache[shndx]; 566 Shdr *shdr = _cache->c_shdr; 567 uchar_t *data = (uchar_t *)(_cache->c_data->d_buf); 568 size_t datasize = _cache->c_data->d_size; 569 Conv_dwarf_ehe_buf_t dwarf_ehe_buf; 570 uint64_t ndx, frame_ptr, fde_cnt, tabndx; 571 uint_t vers, frame_ptr_enc, fde_cnt_enc, table_enc; 572 uint64_t initloc, initloc0 = 0; 573 uint64_t gotaddr = 0; 574 int cnt; 575 576 for (cnt = 1; cnt < shnum; cnt++) { 577 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 578 MSG_ELF_GOT_SIZE) == 0) { 579 gotaddr = cache[cnt].c_shdr->sh_addr; 580 break; 581 } 582 } 583 584 if ((data == NULL) || (datasize == 0)) { 585 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 586 file, _cache ->c_name); 587 return; 588 } 589 590 /* 591 * Is this a .eh_frame_hdr? 592 */ 593 if ((uphdr && (shdr->sh_addr == uphdr->p_vaddr)) || 594 (strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRMHDR), 595 MSG_SCN_FRMHDR_SIZE) == 0)) { 596 /* 597 * There can only be a single .eh_frame_hdr. 598 * Flag duplicates. 599 */ 600 if (++eh_state->hdr_cnt > 1) 601 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTEHFRMHDR), 602 file, EC_WORD(shndx), _cache->c_name); 603 604 dbg_print(0, MSG_ORIG(MSG_UNW_FRMHDR)); 605 ndx = 0; 606 607 vers = data[ndx++]; 608 frame_ptr_enc = data[ndx++]; 609 fde_cnt_enc = data[ndx++]; 610 table_enc = data[ndx++]; 611 612 dbg_print(0, MSG_ORIG(MSG_UNW_FRMVERS), vers); 613 614 switch (dwarf_ehe_extract(data, datasize, &ndx, 615 &frame_ptr, frame_ptr_enc, ehdr->e_ident, B_TRUE, 616 shdr->sh_addr, ndx, gotaddr)) { 617 case DW_OVERFLOW: 618 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW), 619 file, _cache->c_name); 620 return; 621 case DW_BAD_ENCODING: 622 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC), 623 file, _cache->c_name, frame_ptr_enc); 624 return; 625 case DW_SUCCESS: 626 break; 627 } 628 if (eh_state->hdr_cnt == 1) { 629 eh_state->hdr_ndx = shndx; 630 eh_state->frame_ptr = frame_ptr; 631 } 632 633 dbg_print(0, MSG_ORIG(MSG_UNW_FRPTRENC), 634 conv_dwarf_ehe(frame_ptr_enc, &dwarf_ehe_buf), 635 EC_XWORD(frame_ptr)); 636 637 switch (dwarf_ehe_extract(data, datasize, &ndx, &fde_cnt, 638 fde_cnt_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr, ndx, 639 gotaddr)) { 640 case DW_OVERFLOW: 641 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW), 642 file, _cache->c_name); 643 return; 644 case DW_BAD_ENCODING: 645 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC), 646 file, _cache->c_name, fde_cnt_enc); 647 return; 648 case DW_SUCCESS: 649 break; 650 } 651 652 dbg_print(0, MSG_ORIG(MSG_UNW_FDCNENC), 653 conv_dwarf_ehe(fde_cnt_enc, &dwarf_ehe_buf), 654 EC_XWORD(fde_cnt)); 655 dbg_print(0, MSG_ORIG(MSG_UNW_TABENC), 656 conv_dwarf_ehe(table_enc, &dwarf_ehe_buf)); 657 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB1)); 658 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB2)); 659 660 for (tabndx = 0; tabndx < fde_cnt; tabndx++) { 661 uint64_t table; 662 663 switch (dwarf_ehe_extract(data, datasize, &ndx, 664 &initloc, table_enc, ehdr->e_ident, B_TRUE, 665 shdr->sh_addr, ndx, gotaddr)) { 666 case DW_OVERFLOW: 667 (void) fprintf(stderr, 668 MSG_INTL(MSG_ERR_DWOVRFLW), file, 669 _cache->c_name); 670 return; 671 case DW_BAD_ENCODING: 672 (void) fprintf(stderr, 673 MSG_INTL(MSG_ERR_DWBADENC), file, 674 _cache->c_name, table_enc); 675 return; 676 case DW_SUCCESS: 677 break; 678 } 679 if ((tabndx != 0) && (initloc0 > initloc)) 680 (void) fprintf(stderr, 681 MSG_INTL(MSG_ERR_BADSORT), file, 682 _cache->c_name, EC_WORD(tabndx)); 683 switch (dwarf_ehe_extract(data, datasize, &ndx, &table, 684 table_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr, 685 ndx, gotaddr)) { 686 case DW_OVERFLOW: 687 (void) fprintf(stderr, 688 MSG_INTL(MSG_ERR_DWOVRFLW), file, 689 _cache->c_name); 690 return; 691 case DW_BAD_ENCODING: 692 (void) fprintf(stderr, 693 MSG_INTL(MSG_ERR_DWBADENC), file, 694 _cache->c_name, table_enc); 695 return; 696 case DW_SUCCESS: 697 break; 698 } 699 700 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTABENT), 701 EC_XWORD(initloc), 702 EC_XWORD(table)); 703 initloc0 = initloc; 704 } 705 } else { /* Display the .eh_frame section */ 706 eh_state->frame_cnt++; 707 if (eh_state->frame_cnt == 1) { 708 eh_state->frame_ndx = shndx; 709 eh_state->frame_base = shdr->sh_addr; 710 } else if ((eh_state->frame_cnt > 1) && 711 (ehdr->e_type != ET_REL)) { 712 Conv_inv_buf_t inv_buf; 713 714 (void) fprintf(stderr, MSG_INTL(MSG_WARN_MULTEHFRM), 715 file, EC_WORD(shndx), _cache->c_name, 716 conv_ehdr_type(osabi, ehdr->e_type, 0, &inv_buf)); 717 } 718 dump_eh_frame(file, _cache->c_name, data, datasize, 719 shdr->sh_addr, ehdr->e_machine, ehdr->e_ident, gotaddr); 720 } 721 722 /* 723 * If we've seen the .eh_frame_hdr and the first .eh_frame section, 724 * compare the header frame_ptr to the address of the actual frame 725 * section to ensure the link-editor got this right. Note, this 726 * diagnostic is only produced when unwind information is explicitly 727 * asked for, as shared objects built with an older ld(1) may reveal 728 * this inconsistency. Although an inconsistency, it doesn't seem to 729 * have any adverse effect on existing tools. 730 */ 731 if (((flags & FLG_MASK_SHOW) != FLG_MASK_SHOW) && 732 (eh_state->hdr_cnt > 0) && (eh_state->frame_cnt > 0) && 733 (eh_state->frame_ptr != eh_state->frame_base)) 734 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADEHFRMPTR), 735 file, EC_WORD(eh_state->hdr_ndx), 736 cache[eh_state->hdr_ndx].c_name, 737 EC_XWORD(eh_state->frame_ptr), 738 EC_WORD(eh_state->frame_ndx), 739 cache[eh_state->frame_ndx].c_name, 740 EC_XWORD(eh_state->frame_base)); 741 #undef MSG_UNW_BINSRTAB2 742 #undef MSG_UNW_BINSRTABENT 743 } 744 745 /* 746 * Convert a self relative pointer into an address. A self relative 747 * pointer adds the address where the pointer resides to the offset 748 * contained in the pointer. The benefit is that the value of the 749 * pointer does not require relocation. 750 * 751 * entry: 752 * base_addr - Address of the pointer. 753 * delta - Offset relative to base_addr giving desired address 754 * 755 * exit: 756 * The computed address is returned. 757 * 758 * note: 759 * base_addr is an unsigned value, while ret_addr is signed. This routine 760 * used explicit testing and casting to explicitly control type 761 * conversion, and ensure that we handle the maximum possible range. 762 */ 763 static Addr 764 srelptr(Addr base_addr, PTRDIFF_T delta) 765 { 766 if (delta < 0) 767 return (base_addr - (Addr) (-delta)); 768 769 return (base_addr + (Addr) delta); 770 } 771 772 /* 773 * Byte swap a PTRDIFF_T value. 774 */ 775 static PTRDIFF_T 776 swap_ptrdiff(PTRDIFF_T value) 777 { 778 PTRDIFF_T r; 779 uchar_t *dst = (uchar_t *)&r; 780 uchar_t *src = (uchar_t *)&value; 781 782 UL_ASSIGN_BSWAP_XWORD(dst, src); 783 return (r); 784 } 785 786 /* 787 * Display exception_range_entry items from the .exception_ranges section 788 * of a Sun C++ object. 789 */ 790 static void 791 unwind_exception_ranges(Cache *_cache, const char *file, int do_swap) 792 { 793 /* 794 * Translate a PTRDIFF_T self-relative address field of 795 * an exception_range_entry struct into an address. 796 * 797 * entry: 798 * exc_addr - Address of base of exception_range_entry struct 799 * cur_ent - Pointer to data in the struct to be translated 800 * 801 * _f - Field of struct to be translated 802 */ 803 #define SRELPTR(_f) \ 804 srelptr(exc_addr + offsetof(exception_range_entry, _f), cur_ent->_f) 805 806 #if defined(_ELF64) 807 #define MSG_EXR_TITLE MSG_EXR_TITLE_64 808 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_64 809 #else 810 #define MSG_EXR_TITLE MSG_EXR_TITLE_32 811 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_32 812 #endif 813 814 exception_range_entry scratch, *ent, *cur_ent = &scratch; 815 char index[MAXNDXSIZE]; 816 Word i, nelts; 817 Addr addr, addr0 = 0, offset = 0; 818 Addr exc_addr = _cache->c_shdr->sh_addr; 819 820 dbg_print(0, MSG_INTL(MSG_EXR_TITLE)); 821 ent = (exception_range_entry *)(_cache->c_data->d_buf); 822 nelts = _cache->c_data->d_size / sizeof (exception_range_entry); 823 824 for (i = 0; i < nelts; i++, ent++) { 825 if (do_swap) { 826 /* 827 * Copy byte swapped values into the scratch buffer. 828 * The reserved field is not used, so we skip it. 829 */ 830 scratch.ret_addr = swap_ptrdiff(ent->ret_addr); 831 scratch.length = BSWAP_XWORD(ent->length); 832 scratch.handler_addr = swap_ptrdiff(ent->handler_addr); 833 scratch.type_block = swap_ptrdiff(ent->type_block); 834 } else { 835 cur_ent = ent; 836 } 837 838 /* 839 * The table is required to be sorted by the address 840 * derived from ret_addr, to allow binary searching. Ensure 841 * that addresses grow monotonically. 842 */ 843 addr = SRELPTR(ret_addr); 844 if ((i != 0) && (addr0 > addr)) 845 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSORT), 846 file, _cache->c_name, EC_WORD(i)); 847 848 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 849 EC_XWORD(i)); 850 dbg_print(0, MSG_INTL(MSG_EXR_ENTRY), index, EC_ADDR(offset), 851 EC_ADDR(addr), EC_ADDR(cur_ent->length), 852 EC_ADDR(SRELPTR(handler_addr)), 853 EC_ADDR(SRELPTR(type_block))); 854 855 addr0 = addr; 856 exc_addr += sizeof (exception_range_entry); 857 offset += sizeof (exception_range_entry); 858 } 859 860 #undef SRELPTR 861 #undef MSG_EXR_TITLE 862 #undef MSG_EXR_ENTRY 863 } 864 865 866 /* 867 * For program headers which reflect a single section, check that their values 868 * and that of the section match. 869 */ 870 static void 871 check_phdr_v_shdr(Phdr *phdr, size_t phndx, 872 uchar_t osabi, Half mach, Cache *cache, const char *file) 873 { 874 Conv_inv_buf_t inv_buf; 875 876 #define CHECK(str, pfield, sfield) \ 877 if (phdr->pfield != cache->c_shdr->sfield) { \ 878 fprintf(stderr, MSG_INTL(MSG_SHDR_PHDR_MISMATCH), \ 879 file, \ 880 cache->c_ndx, \ 881 cache->c_name, \ 882 str, \ 883 conv_phdr_type(osabi, mach, phdr->p_type, \ 884 CONV_FMT_ALT_CF, &inv_buf), \ 885 #sfield, \ 886 cache->c_shdr->sfield, \ 887 phndx, \ 888 #pfield, \ 889 phdr->pfield); \ 890 } 891 892 CHECK(MSG_INTL(MSG_STR_VADDR), p_vaddr, sh_addr); 893 CHECK(MSG_INTL(MSG_STR_OFFSET), p_offset, sh_offset); 894 CHECK(MSG_INTL(MSG_STR_FILESIZE), p_filesz, sh_size); 895 CHECK(MSG_INTL(MSG_STR_MEMSIZE), p_memsz, sh_size); 896 CHECK(MSG_INTL(MSG_STR_ALIGNMENT), p_align, sh_addralign); 897 898 #undef CHECK 899 } 900 901 902 /* 903 * Display information from unwind/exception sections: 904 * 905 * - GNU/amd64 .eh_frame and .eh_frame_hdr 906 * - Sun C++ .exception_ranges 907 * 908 */ 909 static void 910 unwind(Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, uchar_t osabi, 911 const char *file, Elf *elf, uint_t flags) 912 { 913 static Word phdr_types[] = { PT_SUNW_UNWIND, PT_SUNW_EH_FRAME }; 914 915 Word cnt; 916 Phdr *uphdr = NULL; 917 size_t phndx; 918 gnu_eh_state_t eh_state; 919 920 /* 921 * Historical background: .eh_frame and .eh_frame_hdr sections 922 * come from the GNU compilers (particularly C++), and are used 923 * under all architectures. Their format is based on DWARF. When 924 * the amd64 ABI was defined, these sections were adopted wholesale 925 * from the existing practice. 926 * 927 * When amd64 support was added to Solaris, support for these 928 * sections was added, using the SHT_AMD64_UNWIND section type 929 * to identify them. At first, we ignored them in objects for 930 * non-amd64 targets, but later broadened our support to include 931 * other architectures in order to better support gcc-generated 932 * objects. 933 * 934 * .exception_ranges implement the same basic concepts, but 935 * were invented at Sun for the Sun C++ compiler. 936 * 937 * We match these sections by name, rather than section type, 938 * because they can come in as either SHT_AMD64_UNWIND, or as 939 * SHT_PROGBITS, and because the type isn't enough to determine 940 * how they should be interpreted. 941 */ 942 /* Find the program header for .eh_frame_hdr if present */ 943 if (phnum) { 944 uphdr = getphdr(phnum, phdr_types, 945 sizeof (phdr_types) / sizeof (*phdr_types), file, elf, 946 &phndx); 947 } 948 949 /* 950 * eh_state is used to retain data used by unwind_eh_frame() 951 * across calls. 952 */ 953 bzero(&eh_state, sizeof (eh_state)); 954 955 for (cnt = 1; cnt < shnum; cnt++) { 956 Cache *_cache = &cache[cnt]; 957 Shdr *shdr = _cache->c_shdr; 958 int is_exrange; 959 960 /* 961 * Skip sections of the wrong type. On amd64, they 962 * can be SHT_AMD64_UNWIND. On all platforms, they 963 * can be SHT_PROGBITS (including amd64, if using 964 * the GNU compilers). 965 * 966 * Skip anything other than these two types. The name 967 * test below will thin out the SHT_PROGBITS that don't apply. 968 */ 969 if ((shdr->sh_type != SHT_PROGBITS) && 970 (shdr->sh_type != SHT_AMD64_UNWIND)) 971 continue; 972 973 /* 974 * Only sections with certain well known names are of interest. 975 * These are: 976 * 977 * .eh_frame - amd64/GNU-compiler unwind sections 978 * .eh_frame_hdr - Sorted table referencing .eh_frame 979 * .exception_ranges - Sun C++ unwind sections 980 * 981 * We do a prefix comparison, allowing for naming conventions 982 * like .eh_frame.foo, hence the use of strncmp() rather than 983 * strcmp(). This means that we only really need to test for 984 * .eh_frame, as it's a prefix of .eh_frame_hdr. 985 */ 986 is_exrange = strncmp(_cache->c_name, 987 MSG_ORIG(MSG_SCN_EXRANGE), MSG_SCN_EXRANGE_SIZE) == 0; 988 if ((strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRM), 989 MSG_SCN_FRM_SIZE) != 0) && !is_exrange) 990 continue; 991 992 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 993 continue; 994 995 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 996 continue; 997 998 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 999 dbg_print(0, MSG_INTL(MSG_ELF_SCN_UNWIND), _cache->c_name); 1000 1001 if (is_exrange) { 1002 unwind_exception_ranges(_cache, file, 1003 _elf_sys_encoding() != ehdr->e_ident[EI_DATA]); 1004 } else { 1005 if ((uphdr != NULL) && (strcmp(_cache->c_name, 1006 MSG_ORIG(MSG_SCN_FRMHDR)) == 0)) { 1007 check_phdr_v_shdr(uphdr, phndx, osabi, 1008 ehdr->e_machine, _cache, file); 1009 } 1010 1011 unwind_eh_frame(cache, cnt, shnum, uphdr, ehdr, 1012 &eh_state, osabi, file, flags); 1013 } 1014 } 1015 } 1016 1017 /* 1018 * Initialize a symbol table state structure 1019 * 1020 * entry: 1021 * state - State structure to be initialized 1022 * cache - Cache of all section headers 1023 * shnum - # of sections in cache 1024 * secndx - Index of symbol table section 1025 * ehdr - ELF header for file 1026 * versym - Information about versym section 1027 * file - Name of file 1028 * flags - Command line option flags 1029 */ 1030 static int 1031 init_symtbl_state(SYMTBL_STATE *state, Cache *cache, Word shnum, Word secndx, 1032 Ehdr *ehdr, uchar_t osabi, VERSYM_STATE *versym, const char *file, 1033 uint_t flags) 1034 { 1035 Shdr *shdr; 1036 1037 state->file = file; 1038 state->ehdr = ehdr; 1039 state->cache = cache; 1040 state->osabi = osabi; 1041 state->shnum = shnum; 1042 state->seccache = &cache[secndx]; 1043 state->secndx = secndx; 1044 state->secname = state->seccache->c_name; 1045 state->flags = flags; 1046 state->shxndx.checked = 0; 1047 state->shxndx.data = NULL; 1048 state->shxndx.n = 0; 1049 1050 shdr = state->seccache->c_shdr; 1051 1052 /* 1053 * Check the symbol data and per-item size. 1054 */ 1055 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 1056 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1057 file, state->secname); 1058 return (0); 1059 } 1060 if ((state->seccache->c_data == NULL) || 1061 (state->seccache->c_data->d_buf == NULL)) 1062 return (0); 1063 1064 /* LINTED */ 1065 state->symn = (Word)(shdr->sh_size / shdr->sh_entsize); 1066 state->sym = (Sym *)state->seccache->c_data->d_buf; 1067 1068 /* 1069 * Check associated string table section. 1070 */ 1071 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 1072 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1073 file, state->secname, EC_WORD(shdr->sh_link)); 1074 return (0); 1075 } 1076 1077 /* 1078 * Determine if there is a associated Versym section 1079 * with this Symbol Table. 1080 */ 1081 if (versym && versym->cache && 1082 (versym->cache->c_shdr->sh_link == state->secndx)) 1083 state->versym = versym; 1084 else 1085 state->versym = NULL; 1086 1087 1088 return (1); 1089 } 1090 1091 /* 1092 * Determine the extended section index used for symbol tables entries. 1093 */ 1094 static void 1095 symbols_getxindex(SYMTBL_STATE *state) 1096 { 1097 uint_t symn; 1098 Word symcnt; 1099 1100 state->shxndx.checked = 1; /* Note that we've been called */ 1101 for (symcnt = 1; symcnt < state->shnum; symcnt++) { 1102 Cache *_cache = &state->cache[symcnt]; 1103 Shdr *shdr = _cache->c_shdr; 1104 1105 if ((shdr->sh_type != SHT_SYMTAB_SHNDX) || 1106 (shdr->sh_link != state->secndx)) 1107 continue; 1108 1109 if (shdr->sh_entsize == 0) 1110 symn = 0; 1111 else 1112 symn = (uint_t)(shdr->sh_size / shdr->sh_entsize); 1113 1114 if (symn == 0) 1115 continue; 1116 1117 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 1118 continue; 1119 1120 state->shxndx.data = _cache->c_data->d_buf; 1121 state->shxndx.n = symn; 1122 return; 1123 } 1124 } 1125 1126 /* 1127 * Produce a line of output for the given symbol 1128 * 1129 * entry: 1130 * state - Symbol table state 1131 * symndx - Index of symbol within the table 1132 * info - Value of st_info (indicates local/global range) 1133 * symndx_disp - Index to display. This may not be the same 1134 * as symndx if the display is relative to the logical 1135 * combination of the SUNW_ldynsym/dynsym tables. 1136 * sym - Symbol to display 1137 */ 1138 static void 1139 output_symbol(SYMTBL_STATE *state, Word symndx, Word info, Word disp_symndx, 1140 Sym *sym) 1141 { 1142 /* 1143 * Symbol types for which we check that the specified 1144 * address/size land inside the target section. 1145 */ 1146 static const int addr_symtype[] = { 1147 0, /* STT_NOTYPE */ 1148 1, /* STT_OBJECT */ 1149 1, /* STT_FUNC */ 1150 0, /* STT_SECTION */ 1151 0, /* STT_FILE */ 1152 1, /* STT_COMMON */ 1153 0, /* STT_TLS */ 1154 0, /* 7 */ 1155 0, /* 8 */ 1156 0, /* 9 */ 1157 0, /* 10 */ 1158 0, /* 11 */ 1159 0, /* 12 */ 1160 0, /* STT_SPARC_REGISTER */ 1161 0, /* 14 */ 1162 0, /* 15 */ 1163 }; 1164 #if STT_NUM != (STT_TLS + 1) 1165 #error "STT_NUM has grown. Update addr_symtype[]" 1166 #endif 1167 1168 char index[MAXNDXSIZE]; 1169 const char *symname, *sec; 1170 Versym verndx; 1171 int gnuver; 1172 uchar_t type; 1173 Shdr *tshdr; 1174 Word shndx = 0; 1175 Conv_inv_buf_t inv_buf; 1176 1177 /* Ensure symbol index is in range */ 1178 if (symndx >= state->symn) { 1179 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSYMNDX), 1180 state->file, state->secname, EC_WORD(symndx)); 1181 return; 1182 } 1183 1184 /* 1185 * If we are using extended symbol indexes, find the 1186 * corresponding SHN_SYMTAB_SHNDX table. 1187 */ 1188 if ((sym->st_shndx == SHN_XINDEX) && (state->shxndx.checked == 0)) 1189 symbols_getxindex(state); 1190 1191 /* LINTED */ 1192 symname = string(state->seccache, symndx, 1193 &state->cache[state->seccache->c_shdr->sh_link], state->file, 1194 sym->st_name); 1195 1196 tshdr = NULL; 1197 sec = NULL; 1198 1199 if (state->ehdr->e_type == ET_CORE) { 1200 sec = (char *)MSG_INTL(MSG_STR_UNKNOWN); 1201 } else if (state->flags & FLG_CTL_FAKESHDR) { 1202 /* 1203 * If we are using fake section headers derived from 1204 * the program headers, then the section indexes 1205 * in the symbols do not correspond to these headers. 1206 * The section names are not available, so all we can 1207 * do is to display them in numeric form. 1208 */ 1209 sec = conv_sym_shndx(state->osabi, state->ehdr->e_machine, 1210 sym->st_shndx, CONV_FMT_DECIMAL, &inv_buf); 1211 } else if ((sym->st_shndx < SHN_LORESERVE) && 1212 (sym->st_shndx < state->shnum)) { 1213 shndx = sym->st_shndx; 1214 tshdr = state->cache[shndx].c_shdr; 1215 sec = state->cache[shndx].c_name; 1216 } else if (sym->st_shndx == SHN_XINDEX) { 1217 if (state->shxndx.data) { 1218 Word _shxndx; 1219 1220 if (symndx > state->shxndx.n) { 1221 (void) fprintf(stderr, 1222 MSG_INTL(MSG_ERR_BADSYMXINDEX1), 1223 state->file, state->secname, 1224 EC_WORD(symndx)); 1225 } else if ((_shxndx = 1226 state->shxndx.data[symndx]) > state->shnum) { 1227 (void) fprintf(stderr, 1228 MSG_INTL(MSG_ERR_BADSYMXINDEX2), 1229 state->file, state->secname, 1230 EC_WORD(symndx), EC_WORD(_shxndx)); 1231 } else { 1232 shndx = _shxndx; 1233 tshdr = state->cache[shndx].c_shdr; 1234 sec = state->cache[shndx].c_name; 1235 } 1236 } else { 1237 (void) fprintf(stderr, 1238 MSG_INTL(MSG_ERR_BADSYMXINDEX3), 1239 state->file, state->secname, EC_WORD(symndx)); 1240 } 1241 } else if ((sym->st_shndx < SHN_LORESERVE) && 1242 (sym->st_shndx >= state->shnum)) { 1243 (void) fprintf(stderr, 1244 MSG_INTL(MSG_ERR_BADSYM5), state->file, 1245 state->secname, EC_WORD(symndx), 1246 demangle(symname, state->flags), sym->st_shndx); 1247 } 1248 1249 /* 1250 * If versioning is available display the 1251 * version index. If not, then use 0. 1252 */ 1253 if (state->versym) { 1254 Versym test_verndx; 1255 1256 verndx = test_verndx = state->versym->data[symndx]; 1257 gnuver = state->versym->gnu_full; 1258 1259 /* 1260 * Check to see if this is a defined symbol with a 1261 * version index that is outside the valid range for 1262 * the file. The interpretation of this depends on 1263 * the style of versioning used by the object. 1264 * 1265 * Versions >= VER_NDX_LORESERVE have special meanings, 1266 * and are exempt from this checking. 1267 * 1268 * GNU style version indexes use the top bit of the 1269 * 16-bit index value (0x8000) as the "hidden bit". 1270 * We must mask off this bit in order to compare 1271 * the version against the maximum value. 1272 */ 1273 if (gnuver) 1274 test_verndx &= ~0x8000; 1275 1276 if ((test_verndx > state->versym->max_verndx) && 1277 (verndx < VER_NDX_LORESERVE)) 1278 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADVER), 1279 state->file, state->secname, EC_WORD(symndx), 1280 EC_HALF(test_verndx), state->versym->max_verndx); 1281 } else { 1282 verndx = 0; 1283 gnuver = 0; 1284 } 1285 1286 /* 1287 * Error checking for TLS. 1288 */ 1289 type = ELF_ST_TYPE(sym->st_info); 1290 if (type == STT_TLS) { 1291 if (tshdr && 1292 (sym->st_shndx != SHN_UNDEF) && 1293 ((tshdr->sh_flags & SHF_TLS) == 0)) { 1294 (void) fprintf(stderr, 1295 MSG_INTL(MSG_ERR_BADSYM3), state->file, 1296 state->secname, EC_WORD(symndx), 1297 demangle(symname, state->flags)); 1298 } 1299 } else if ((type != STT_SECTION) && sym->st_size && 1300 tshdr && (tshdr->sh_flags & SHF_TLS)) { 1301 (void) fprintf(stderr, 1302 MSG_INTL(MSG_ERR_BADSYM4), state->file, 1303 state->secname, EC_WORD(symndx), 1304 demangle(symname, state->flags)); 1305 } 1306 1307 /* 1308 * If a symbol with non-zero size has a type that 1309 * specifies an address, then make sure the location 1310 * it references is actually contained within the 1311 * section. UNDEF symbols don't count in this case, 1312 * so we ignore them. 1313 * 1314 * The meaning of the st_value field in a symbol 1315 * depends on the type of object. For a relocatable 1316 * object, it is the offset within the section. 1317 * For sharable objects, it is the offset relative to 1318 * the base of the object, and for other types, it is 1319 * the virtual address. To get an offset within the 1320 * section for non-ET_REL files, we subtract the 1321 * base address of the section. 1322 */ 1323 if (addr_symtype[type] && (sym->st_size > 0) && 1324 (sym->st_shndx != SHN_UNDEF) && ((sym->st_shndx < SHN_LORESERVE) || 1325 (sym->st_shndx == SHN_XINDEX)) && (tshdr != NULL)) { 1326 Word v = sym->st_value; 1327 if (state->ehdr->e_type != ET_REL) 1328 v -= tshdr->sh_addr; 1329 if (((v + sym->st_size) > tshdr->sh_size)) { 1330 (void) fprintf(stderr, 1331 MSG_INTL(MSG_ERR_BADSYM6), state->file, 1332 state->secname, EC_WORD(symndx), 1333 demangle(symname, state->flags), 1334 EC_WORD(shndx), EC_XWORD(tshdr->sh_size), 1335 EC_XWORD(sym->st_value), EC_XWORD(sym->st_size)); 1336 } 1337 } 1338 1339 /* 1340 * A typical symbol table uses the sh_info field to indicate one greater 1341 * than the symbol table index of the last local symbol, STB_LOCAL. 1342 * Therefore, symbol indexes less than sh_info should have local 1343 * binding. Symbol indexes greater than, or equal to sh_info, should 1344 * have global binding. Note, we exclude UNDEF/NOTY symbols with zero 1345 * value and size, as these symbols may be the result of an mcs(1) 1346 * section deletion. 1347 */ 1348 if (info) { 1349 uchar_t bind = ELF_ST_BIND(sym->st_info); 1350 1351 if ((symndx < info) && (bind != STB_LOCAL)) { 1352 (void) fprintf(stderr, 1353 MSG_INTL(MSG_ERR_BADSYM7), state->file, 1354 state->secname, EC_WORD(symndx), 1355 demangle(symname, state->flags), EC_XWORD(info)); 1356 1357 } else if ((symndx >= info) && (bind == STB_LOCAL) && 1358 ((sym->st_shndx != SHN_UNDEF) || 1359 (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE) || 1360 (sym->st_size != 0) || (sym->st_value != 0))) { 1361 (void) fprintf(stderr, 1362 MSG_INTL(MSG_ERR_BADSYM8), state->file, 1363 state->secname, EC_WORD(symndx), 1364 demangle(symname, state->flags), EC_XWORD(info)); 1365 } 1366 } 1367 1368 (void) snprintf(index, MAXNDXSIZE, 1369 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(disp_symndx)); 1370 Elf_syms_table_entry(0, ELF_DBG_ELFDUMP, index, state->osabi, 1371 state->ehdr->e_machine, sym, verndx, gnuver, sec, symname); 1372 } 1373 1374 /* 1375 * Process a SHT_SUNW_cap capabilities section. 1376 */ 1377 static int 1378 cap_section(const char *file, Cache *cache, Word shnum, Cache *ccache, 1379 uchar_t osabi, Ehdr *ehdr, uint_t flags) 1380 { 1381 SYMTBL_STATE state; 1382 Word cnum, capnum, nulls, symcaps; 1383 int descapndx, objcap, title; 1384 Cap *cap = (Cap *)ccache->c_data->d_buf; 1385 Shdr *cishdr = NULL, *cshdr = ccache->c_shdr; 1386 Cache *cicache = NULL, *strcache = NULL; 1387 Capinfo *capinfo = NULL; 1388 Word capinfonum = 0; 1389 const char *strs = NULL; 1390 size_t strs_size = 0; 1391 1392 if ((cshdr->sh_entsize == 0) || (cshdr->sh_size == 0)) { 1393 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1394 file, ccache->c_name); 1395 return (0); 1396 } 1397 1398 /* 1399 * If this capabilities section is associated with symbols, then the 1400 * sh_link field points to the associated capabilities information 1401 * section. The sh_link field of the capabilities information section 1402 * points to the associated symbol table. 1403 */ 1404 if (cshdr->sh_link) { 1405 Cache *scache; 1406 Shdr *sshdr; 1407 1408 /* 1409 * Validate that the sh_link field points to a capabilities 1410 * information section. 1411 */ 1412 if (cshdr->sh_link >= shnum) { 1413 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1414 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1415 return (0); 1416 } 1417 1418 cicache = &cache[cshdr->sh_link]; 1419 cishdr = cicache->c_shdr; 1420 1421 if (cishdr->sh_type != SHT_SUNW_capinfo) { 1422 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1423 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1424 return (0); 1425 } 1426 1427 capinfo = cicache->c_data->d_buf; 1428 capinfonum = (Word)(cishdr->sh_size / cishdr->sh_entsize); 1429 1430 /* 1431 * Validate that the sh_link field of the capabilities 1432 * information section points to a valid symbol table. 1433 */ 1434 if ((cishdr->sh_link == 0) || (cishdr->sh_link >= shnum)) { 1435 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1436 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1437 return (0); 1438 } 1439 scache = &cache[cishdr->sh_link]; 1440 sshdr = scache->c_shdr; 1441 1442 if ((sshdr->sh_type != SHT_SYMTAB) && 1443 (sshdr->sh_type != SHT_DYNSYM)) { 1444 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO1), 1445 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1446 return (0); 1447 } 1448 1449 if (!init_symtbl_state(&state, cache, shnum, 1450 cishdr->sh_link, ehdr, osabi, NULL, file, flags)) 1451 return (0); 1452 } 1453 1454 /* 1455 * If this capabilities section contains capability string entries, 1456 * then determine the associated string table. Capabilities entries 1457 * that define names require that the capability section indicate 1458 * which string table to use via sh_info. 1459 */ 1460 if (cshdr->sh_info) { 1461 Shdr *strshdr; 1462 1463 /* 1464 * Validate that the sh_info field points to a string table. 1465 */ 1466 if (cshdr->sh_info >= shnum) { 1467 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1468 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1469 return (0); 1470 } 1471 1472 strcache = &cache[cshdr->sh_info]; 1473 strshdr = strcache->c_shdr; 1474 1475 if (strshdr->sh_type != SHT_STRTAB) { 1476 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1477 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1478 return (0); 1479 } 1480 strs = (const char *)strcache->c_data->d_buf; 1481 strs_size = strcache->c_data->d_size; 1482 } 1483 1484 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1485 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAP), ccache->c_name); 1486 1487 capnum = (Word)(cshdr->sh_size / cshdr->sh_entsize); 1488 1489 nulls = symcaps = 0; 1490 objcap = title = 1; 1491 descapndx = -1; 1492 1493 /* 1494 * Traverse the capabilities section printing each capability group. 1495 * The first capabilities group defines any object capabilities. Any 1496 * following groups define symbol capabilities. In the case where no 1497 * object capabilities exist, but symbol capabilities do, a single 1498 * CA_SUNW_NULL terminator for the object capabilities exists. 1499 */ 1500 for (cnum = 0; cnum < capnum; cap++, cnum++) { 1501 if (cap->c_tag == CA_SUNW_NULL) { 1502 /* 1503 * A CA_SUNW_NULL tag terminates a capabilities group. 1504 * If the first capabilities tag is CA_SUNW_NULL, then 1505 * no object capabilities exist. 1506 */ 1507 if ((nulls++ == 0) && (cnum == 0)) 1508 objcap = 0; 1509 title = 1; 1510 } else { 1511 if (title) { 1512 if (nulls == 0) { 1513 /* 1514 * If this capabilities group represents 1515 * the object capabilities (i.e., no 1516 * CA_SUNW_NULL tag has been processed 1517 * yet), then display an object 1518 * capabilities title. 1519 */ 1520 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1521 dbg_print(0, 1522 MSG_INTL(MSG_OBJ_CAP_TITLE)); 1523 } else { 1524 /* 1525 * If this is a symbols capabilities 1526 * group (i.e., a CA_SUNW_NULL tag has 1527 * already be found that terminates 1528 * the object capabilities group), then 1529 * display a symbol capabilities title, 1530 * and retain this capabilities index 1531 * for later processing. 1532 */ 1533 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1534 dbg_print(0, 1535 MSG_INTL(MSG_SYM_CAP_TITLE)); 1536 descapndx = cnum; 1537 } 1538 Elf_cap_title(0); 1539 title = 0; 1540 } 1541 1542 /* 1543 * Print the capabilities data. 1544 * 1545 * Note that CA_SUNW_PLAT, CA_SUNW_MACH and CA_SUNW_ID 1546 * entries require a string table, which should have 1547 * already been established. 1548 */ 1549 if ((strs == NULL) && ((cap->c_tag == CA_SUNW_PLAT) || 1550 (cap->c_tag == CA_SUNW_MACH) || 1551 (cap->c_tag == CA_SUNW_ID))) { 1552 (void) fprintf(stderr, 1553 MSG_INTL(MSG_WARN_INVCAP3), file, 1554 EC_WORD(elf_ndxscn(ccache->c_scn)), 1555 ccache->c_name, EC_WORD(cshdr->sh_info)); 1556 } 1557 Elf_cap_entry(0, cap, cnum, strs, strs_size, 1558 ehdr->e_machine); 1559 } 1560 1561 /* 1562 * If this CA_SUNW_NULL tag terminates a symbol capabilities 1563 * group, determine the associated symbols. 1564 */ 1565 if ((cap->c_tag == CA_SUNW_NULL) && (nulls > 1) && 1566 (descapndx != -1)) { 1567 Capinfo *cip; 1568 Word inum; 1569 1570 symcaps++; 1571 1572 /* 1573 * Make sure we've discovered a SHT_SUNW_capinfo table. 1574 */ 1575 if ((cip = capinfo) == NULL) { 1576 (void) fprintf(stderr, 1577 MSG_INTL(MSG_ERR_INVCAP), file, 1578 ccache->c_name, EC_WORD(cshdr->sh_link)); 1579 return (0); 1580 } 1581 1582 /* 1583 * Determine what symbols reference this capabilities 1584 * group. 1585 */ 1586 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1587 dbg_print(0, MSG_INTL(MSG_CAPINFO_ENTRIES)); 1588 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 1589 1590 for (inum = 1, cip++; inum < capinfonum; 1591 inum++, cip++) { 1592 Word gndx = (Word)ELF_C_GROUP(*cip); 1593 1594 if (gndx && (gndx == descapndx)) { 1595 output_symbol(&state, inum, 0, 1596 inum, state.sym + inum); 1597 } 1598 } 1599 descapndx = -1; 1600 continue; 1601 } 1602 1603 /* 1604 * An SF1_SUNW_ADDR32 software capability tag in a 32-bit 1605 * object is suspicious as it has no effect. 1606 */ 1607 if ((cap->c_tag == CA_SUNW_SF_1) && 1608 (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 1609 (cap->c_un.c_val & SF1_SUNW_ADDR32)) { 1610 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INADDR32SF1), 1611 file, ccache->c_name); 1612 } 1613 } 1614 1615 /* 1616 * If this is a dynamic object, with symbol capabilities, then a 1617 * .SUNW_capchain section should exist. This section contains a chain 1618 * of symbol indexes for each capabilities family. This is the list 1619 * that is searched by ld.so.1 to determine the best capabilities 1620 * candidate. 1621 * 1622 * Note, more than one capabilities lead symbol can point to the same 1623 * family chain. For example, a weak/global pair of symbols can both 1624 * represent the same family of capabilities symbols. Therefore, to 1625 * display all possible families we traverse the capabilities 1626 * information section looking for CAPINFO_SUNW_GLOB lead symbols. 1627 * From these we determine the associated capabilities chain to inspect. 1628 */ 1629 if (symcaps && 1630 ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1631 Capinfo *cip; 1632 Capchain *chain; 1633 Cache *chcache; 1634 Shdr *chshdr; 1635 Word chainnum, inum; 1636 1637 /* 1638 * Validate that the sh_info field of the capabilities 1639 * information section points to a capabilities chain section. 1640 */ 1641 if (cishdr->sh_info >= shnum) { 1642 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1643 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1644 return (0); 1645 } 1646 1647 chcache = &cache[cishdr->sh_info]; 1648 chshdr = chcache->c_shdr; 1649 1650 if (chshdr->sh_type != SHT_SUNW_capchain) { 1651 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO2), 1652 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1653 return (0); 1654 } 1655 1656 chainnum = (Word)(chshdr->sh_size / chshdr->sh_entsize); 1657 chain = (Capchain *)chcache->c_data->d_buf; 1658 1659 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1660 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAPCHAIN), chcache->c_name); 1661 1662 /* 1663 * Traverse the capabilities information section looking for 1664 * CAPINFO_SUNW_GLOB lead capabilities symbols. 1665 */ 1666 cip = capinfo; 1667 for (inum = 1, cip++; inum < capinfonum; inum++, cip++) { 1668 const char *name; 1669 Sym *sym; 1670 Word sndx, cndx; 1671 Word gndx = (Word)ELF_C_GROUP(*cip); 1672 1673 if ((gndx == 0) || (gndx != CAPINFO_SUNW_GLOB)) 1674 continue; 1675 1676 /* 1677 * Determine the symbol that is associated with this 1678 * capability information entry, and use this to 1679 * identify this capability family. 1680 */ 1681 sym = (Sym *)(state.sym + inum); 1682 name = string(cicache, inum, strcache, file, 1683 sym->st_name); 1684 1685 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1686 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_TITLE), name); 1687 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_ENTRY)); 1688 1689 cndx = (Word)ELF_C_SYM(*cip); 1690 1691 /* 1692 * Traverse this families chain and identify each 1693 * family member. 1694 */ 1695 for (;;) { 1696 char _chain[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 1697 1698 if (cndx >= chainnum) { 1699 (void) fprintf(stderr, 1700 MSG_INTL(MSG_ERR_INVCAPINFO3), file, 1701 cicache->c_name, EC_WORD(inum), 1702 EC_WORD(cndx)); 1703 break; 1704 } 1705 if ((sndx = chain[cndx]) == 0) 1706 break; 1707 1708 /* 1709 * Determine this entries symbol reference. 1710 */ 1711 if (sndx > state.symn) { 1712 (void) fprintf(stderr, 1713 MSG_INTL(MSG_ERR_CHBADSYMNDX), file, 1714 EC_WORD(sndx), chcache->c_name, 1715 EC_WORD(cndx)); 1716 name = MSG_INTL(MSG_STR_UNKNOWN); 1717 } else { 1718 sym = (Sym *)(state.sym + sndx); 1719 name = string(chcache, sndx, 1720 strcache, file, sym->st_name); 1721 } 1722 1723 /* 1724 * Display the family member. 1725 */ 1726 (void) snprintf(_chain, MAXNDXSIZE, 1727 MSG_ORIG(MSG_FMT_INTEGER), cndx); 1728 (void) snprintf(_symndx, MAXNDXSIZE, 1729 MSG_ORIG(MSG_FMT_INDEX2), EC_WORD(sndx)); 1730 dbg_print(0, MSG_ORIG(MSG_FMT_CHAIN_INFO), 1731 _chain, _symndx, demangle(name, flags)); 1732 1733 cndx++; 1734 } 1735 } 1736 } 1737 return (objcap); 1738 } 1739 1740 /* 1741 * Print the capabilities. 1742 * 1743 * A .SUNW_cap section can contain one or more, CA_SUNW_NULL terminated, 1744 * capabilities groups. The first group defines the object capabilities. 1745 * This group defines the minimum capability requirements of the entire 1746 * object file. If this is a dynamic object, this group should be associated 1747 * with a PT_SUNWCAP program header. 1748 * 1749 * Additional capabilities groups define the association of individual symbols 1750 * to specific capabilities. 1751 */ 1752 static void 1753 cap(const char *file, Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, 1754 uchar_t osabi, Elf *elf, uint_t flags) 1755 { 1756 Word cnt; 1757 Shdr *cshdr = NULL; 1758 Cache *ccache = NULL; 1759 Phdr *uphdr = NULL; 1760 size_t phndx; 1761 1762 /* 1763 * Determine if a global capabilities header exists. 1764 */ 1765 if (phnum) { 1766 Phdr *phdr; 1767 1768 if ((phdr = elf_getphdr(elf)) == NULL) { 1769 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 1770 return; 1771 } 1772 1773 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 1774 if (phdr->p_type == PT_SUNWCAP) { 1775 uphdr = phdr; 1776 phndx = cnt; 1777 break; 1778 } 1779 } 1780 } 1781 1782 /* 1783 * Determine if a capabilities section exists. 1784 */ 1785 for (cnt = 1; cnt < shnum; cnt++) { 1786 Cache *_cache = &cache[cnt]; 1787 Shdr *shdr = _cache->c_shdr; 1788 1789 /* 1790 * Process any capabilities information. 1791 */ 1792 if (shdr->sh_type == SHT_SUNW_cap) { 1793 if (cap_section(file, cache, shnum, _cache, osabi, 1794 ehdr, flags)) { 1795 /* 1796 * If this section defined an object capability 1797 * group, retain the section information for 1798 * program header validation. 1799 */ 1800 ccache = _cache; 1801 cshdr = shdr; 1802 } 1803 continue; 1804 } 1805 } 1806 1807 if ((cshdr == NULL) && (uphdr == NULL)) 1808 return; 1809 1810 if ((uphdr != NULL) && (cshdr == NULL)) 1811 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP1), file); 1812 1813 /* 1814 * If this object is an executable or shared object, and it provided 1815 * an object capabilities group, then the group should have an 1816 * accompanying PT_SUNWCAP program header. 1817 */ 1818 if (cshdr && ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1819 if (uphdr == NULL) { 1820 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP2), 1821 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1822 ccache->c_name); 1823 } else { 1824 check_phdr_v_shdr(uphdr, phndx, osabi, ehdr->e_machine, 1825 ccache, file); 1826 } 1827 } 1828 } 1829 1830 /* 1831 * Print the interpreter. 1832 */ 1833 static void 1834 interp(const char *file, Cache *cache, Word shnum, Word phnum, Elf *elf, 1835 Ehdr *ehdr) 1836 { 1837 static Word phdr_types[] = { PT_INTERP }; 1838 1839 1840 Word cnt; 1841 Shdr *ishdr = NULL; 1842 Cache *icache = NULL; 1843 Phdr *iphdr = NULL; 1844 size_t phndx; 1845 1846 /* 1847 * Determine if an interp header exists. 1848 */ 1849 if (phnum) { 1850 iphdr = getphdr(phnum, phdr_types, 1851 sizeof (phdr_types) / sizeof (*phdr_types), file, elf, 1852 &phndx); 1853 } 1854 1855 if (iphdr == NULL) 1856 return; 1857 1858 /* 1859 * Determine if an interp section exists. 1860 */ 1861 for (cnt = 1; cnt < shnum; cnt++) { 1862 Cache *_cache = &cache[cnt]; 1863 Shdr *shdr = _cache->c_shdr; 1864 1865 /* 1866 * Scan sections to find a section which contains the PT_INTERP 1867 * string. The target section can't be in a NOBITS section. 1868 */ 1869 if ((shdr->sh_type == SHT_NOBITS) || 1870 (iphdr->p_offset < shdr->sh_offset) || 1871 (iphdr->p_offset + iphdr->p_filesz) > 1872 (shdr->sh_offset + shdr->sh_size)) 1873 continue; 1874 1875 icache = _cache; 1876 ishdr = shdr; 1877 break; 1878 } 1879 1880 /* 1881 * Print the interpreter string based on the offset defined in the 1882 * program header, as this is the offset used by the kernel. 1883 */ 1884 if ((ishdr != NULL) && 1885 (icache != NULL) && 1886 (icache->c_data != NULL) && 1887 (icache->c_data->d_buf != NULL) && 1888 (icache->c_data->d_size > 0)) { 1889 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1890 dbg_print(0, MSG_INTL(MSG_ELF_SCN_INTERP), icache->c_name); 1891 dbg_print(0, MSG_ORIG(MSG_FMT_INDENT), 1892 (char *)icache->c_data->d_buf + 1893 (iphdr->p_offset - ishdr->sh_offset)); 1894 } else { 1895 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP1), file); 1896 } 1897 1898 /* 1899 * If there are any inconsistences between the program header and 1900 * section information, flag them. 1901 */ 1902 if (icache != NULL) { 1903 check_phdr_v_shdr(iphdr, phndx, ELFOSABI_SOLARIS, 1904 ehdr->e_machine, icache, file); 1905 } 1906 } 1907 1908 /* 1909 * Print the syminfo section. 1910 */ 1911 static void 1912 syminfo(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 1913 { 1914 Shdr *infoshdr; 1915 Syminfo *info; 1916 Sym *syms; 1917 Dyn *dyns; 1918 Word infonum, cnt, ndx, symnum, dynnum; 1919 Cache *infocache = NULL, *dyncache = NULL, *symsec, *strsec; 1920 Boolean *dynerr = NULL; 1921 1922 for (cnt = 1; cnt < shnum; cnt++) { 1923 if (cache[cnt].c_shdr->sh_type == SHT_SUNW_syminfo) { 1924 infocache = &cache[cnt]; 1925 break; 1926 } 1927 } 1928 if (infocache == NULL) 1929 return; 1930 1931 infoshdr = infocache->c_shdr; 1932 if ((infoshdr->sh_entsize == 0) || (infoshdr->sh_size == 0)) { 1933 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1934 file, infocache->c_name); 1935 return; 1936 } 1937 if ((infocache->c_data == NULL) || (infocache->c_data->d_buf == NULL)) 1938 return; 1939 1940 infonum = (Word)(infoshdr->sh_size / infoshdr->sh_entsize); 1941 info = (Syminfo *)infocache->c_data->d_buf; 1942 1943 /* 1944 * If there is no associated dynamic section, determine if one 1945 * is needed, and if so issue a warning. If there is an 1946 * associated dynamic section, validate it and get the data buffer 1947 * for it. 1948 */ 1949 dyns = NULL; 1950 dynnum = 0; 1951 if (infoshdr->sh_info == 0) { 1952 Syminfo *_info = info + 1; 1953 1954 for (ndx = 1; ndx < infonum; ndx++, _info++) { 1955 if ((_info->si_flags == 0) && (_info->si_boundto == 0)) 1956 continue; 1957 1958 if (_info->si_boundto < SYMINFO_BT_LOWRESERVE) 1959 (void) fprintf(stderr, 1960 MSG_INTL(MSG_ERR_BADSHINFO), file, 1961 infocache->c_name, 1962 EC_WORD(infoshdr->sh_info)); 1963 } 1964 } else if ((infoshdr->sh_info >= shnum) || 1965 (cache[infoshdr->sh_info].c_shdr->sh_type != SHT_DYNAMIC)) { 1966 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 1967 file, infocache->c_name, EC_WORD(infoshdr->sh_info)); 1968 } else { 1969 dyncache = &cache[infoshdr->sh_info]; 1970 if ((dyncache->c_data == NULL) || 1971 ((dyns = dyncache->c_data->d_buf) == NULL)) { 1972 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1973 file, dyncache->c_name); 1974 } 1975 if (dyns != NULL) { 1976 if ((dyncache->c_shdr->sh_entsize == 0) || 1977 (dyncache->c_shdr->sh_size == 0)) { 1978 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1979 file, dyncache->c_name); 1980 return; 1981 } 1982 1983 dynnum = dyncache->c_shdr->sh_size / 1984 dyncache->c_shdr->sh_entsize; 1985 1986 /* 1987 * We validate the type of dynamic elements referenced 1988 * from the syminfo. This array is used report any 1989 * bad dynamic entries. 1990 */ 1991 if ((dynerr = calloc(dynnum, sizeof (*dynerr))) == 1992 NULL) { 1993 int err = errno; 1994 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 1995 file, strerror(err)); 1996 return; 1997 } 1998 } 1999 } 2000 2001 /* 2002 * Get the data buffer for the associated symbol table and string table. 2003 */ 2004 if (stringtbl(cache, 1, cnt, shnum, file, 2005 &symnum, &symsec, &strsec) == 0) 2006 return; 2007 2008 syms = symsec->c_data->d_buf; 2009 2010 /* 2011 * Loop through the syminfo entries. 2012 */ 2013 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2014 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMINFO), infocache->c_name); 2015 Elf_syminfo_title(0); 2016 2017 for (ndx = 1, info++; ndx < infonum; ndx++, info++) { 2018 Sym *sym; 2019 const char *needed, *name; 2020 Word expect_dt; 2021 Word boundto = info->si_boundto; 2022 2023 if ((info->si_flags == 0) && (boundto == 0)) 2024 continue; 2025 2026 sym = &syms[ndx]; 2027 name = string(infocache, ndx, strsec, file, sym->st_name); 2028 2029 /* Is si_boundto set to one of the reserved values? */ 2030 if (boundto >= SYMINFO_BT_LOWRESERVE) { 2031 Elf_syminfo_entry(0, ndx, info, name, NULL); 2032 continue; 2033 } 2034 2035 /* 2036 * si_boundto is referencing a dynamic section. If we don't 2037 * have one, an error was already issued above, so it suffices 2038 * to display an empty string. If we are out of bounds, then 2039 * report that and then display an empty string. 2040 */ 2041 if ((dyns == NULL) || (boundto >= dynnum)) { 2042 if (dyns != NULL) 2043 (void) fprintf(stderr, 2044 MSG_INTL(MSG_ERR_BADSIDYNNDX), file, 2045 infocache->c_ndx, infocache->c_name, 2046 EC_WORD(ndx), EC_WORD(dynnum - 1), 2047 EC_WORD(boundto)); 2048 Elf_syminfo_entry(0, ndx, info, name, 2049 MSG_ORIG(MSG_STR_EMPTY)); 2050 continue; 2051 } 2052 2053 /* 2054 * The si_boundto reference expects a specific dynamic element 2055 * type at the given index. The dynamic element is always a 2056 * string that gives an object name. The specific type depends 2057 * on the si_flags present. Ensure that we've got the right 2058 * type. 2059 */ 2060 if (info->si_flags & SYMINFO_FLG_FILTER) 2061 expect_dt = DT_SUNW_FILTER; 2062 else if (info->si_flags & SYMINFO_FLG_AUXILIARY) 2063 expect_dt = DT_SUNW_AUXILIARY; 2064 else if (info->si_flags & (SYMINFO_FLG_DIRECT | 2065 SYMINFO_FLG_LAZYLOAD | SYMINFO_FLG_DIRECTBIND)) 2066 expect_dt = DT_NEEDED; 2067 else 2068 expect_dt = DT_NULL; /* means we ignore the type */ 2069 2070 if ((dyns[boundto].d_tag != expect_dt) && 2071 (expect_dt != DT_NULL)) { 2072 Conv_inv_buf_t buf1, buf2; 2073 2074 /* Only complain about each dynamic element once */ 2075 if (!dynerr[boundto]) { 2076 (void) fprintf(stderr, 2077 MSG_INTL(MSG_ERR_BADSIDYNTAG), 2078 file, infocache->c_ndx, infocache->c_name, 2079 EC_WORD(ndx), dyncache->c_ndx, 2080 dyncache->c_name, EC_WORD(boundto), 2081 conv_dyn_tag(expect_dt, osabi, 2082 ehdr->e_machine, CONV_FMT_ALT_CF, &buf1), 2083 conv_dyn_tag(dyns[boundto].d_tag, osabi, 2084 ehdr->e_machine, CONV_FMT_ALT_CF, &buf2)); 2085 dynerr[boundto] = TRUE; 2086 } 2087 } 2088 2089 /* 2090 * Whether or not the DT item we're pointing at is 2091 * of the right type, if it's a type we recognize as 2092 * providing a string, go ahead and show it. Otherwise 2093 * an empty string. 2094 */ 2095 switch (dyns[boundto].d_tag) { 2096 case DT_NEEDED: 2097 case DT_SONAME: 2098 case DT_RPATH: 2099 case DT_RUNPATH: 2100 case DT_CONFIG: 2101 case DT_DEPAUDIT: 2102 case DT_USED: 2103 case DT_AUDIT: 2104 case DT_SUNW_AUXILIARY: 2105 case DT_SUNW_FILTER: 2106 case DT_FILTER: 2107 case DT_AUXILIARY: 2108 needed = string(infocache, boundto, 2109 strsec, file, dyns[boundto].d_un.d_val); 2110 break; 2111 default: 2112 needed = MSG_ORIG(MSG_STR_EMPTY); 2113 } 2114 Elf_syminfo_entry(0, ndx, info, name, needed); 2115 } 2116 if (dyns != NULL) 2117 free(dynerr); 2118 } 2119 2120 /* 2121 * Print version definition section entries. 2122 */ 2123 static void 2124 version_def(Verdef *vdf, Word vdf_num, Cache *vcache, Cache *scache, 2125 const char *file) 2126 { 2127 Word cnt; 2128 char index[MAXNDXSIZE]; 2129 2130 Elf_ver_def_title(0); 2131 2132 for (cnt = 1; cnt <= vdf_num; cnt++, 2133 vdf = (Verdef *)((uintptr_t)vdf + vdf->vd_next)) { 2134 Conv_ver_flags_buf_t ver_flags_buf; 2135 const char *name, *dep; 2136 Half vcnt = vdf->vd_cnt - 1; 2137 Half ndx = vdf->vd_ndx; 2138 Verdaux *vdap = (Verdaux *)((uintptr_t)vdf + vdf->vd_aux); 2139 2140 /* 2141 * Obtain the name and first dependency (if any). 2142 */ 2143 name = string(vcache, cnt, scache, file, vdap->vda_name); 2144 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 2145 if (vcnt) 2146 dep = string(vcache, cnt, scache, file, vdap->vda_name); 2147 else 2148 dep = MSG_ORIG(MSG_STR_EMPTY); 2149 2150 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 2151 EC_XWORD(ndx)); 2152 Elf_ver_line_1(0, index, name, dep, 2153 conv_ver_flags(vdf->vd_flags, 0, &ver_flags_buf)); 2154 2155 /* 2156 * Print any additional dependencies. 2157 */ 2158 if (vcnt) { 2159 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 2160 for (vcnt--; vcnt; vcnt--, 2161 vdap = (Verdaux *)((uintptr_t)vdap + 2162 vdap->vda_next)) { 2163 dep = string(vcache, cnt, scache, file, 2164 vdap->vda_name); 2165 Elf_ver_line_2(0, MSG_ORIG(MSG_STR_EMPTY), dep); 2166 } 2167 } 2168 } 2169 } 2170 2171 /* 2172 * Print version needed section entries. 2173 * 2174 * entry: 2175 * vnd - Address of verneed data 2176 * vnd_num - # of Verneed entries 2177 * vcache - Cache of verneed section being processed 2178 * scache - Cache of associated string table section 2179 * file - Name of object being processed. 2180 * versym - Information about versym section 2181 * 2182 * exit: 2183 * The versions have been printed. If GNU style versioning 2184 * is in effect, versym->max_verndx has been updated to 2185 * contain the largest version index seen. 2186 * 2187 * note: 2188 * The versym section of an object that follows the original 2189 * Solaris versioning rules only contains indexes into the verdef 2190 * section. Symbols defined in other objects (UNDEF) are given 2191 * a version of 0, indicating that they are not defined by 2192 * this file, and the Verneed entries do not have associated version 2193 * indexes. For these reasons, we do not display a version index 2194 * for original-style Verneed sections. 2195 * 2196 * The GNU versioning extensions alter this: Symbols defined in other 2197 * objects receive a version index in the range above those defined 2198 * by the Verdef section, and the vna_other field of the Vernaux 2199 * structs inside the Verneed section contain the version index for 2200 * that item. We therefore display the index when showing the 2201 * contents of a GNU style Verneed section. You should not 2202 * necessarily expect these indexes to appear in sorted 2203 * order --- it seems that the GNU ld assigns the versions as 2204 * symbols are encountered during linking, and then the results 2205 * are assembled into the Verneed section afterwards. 2206 */ 2207 static void 2208 version_need(Verneed *vnd, Word vnd_num, Cache *vcache, Cache *scache, 2209 const char *file, VERSYM_STATE *versym) 2210 { 2211 Word cnt; 2212 char index[MAXNDXSIZE]; 2213 const char *index_str; 2214 2215 Elf_ver_need_title(0, versym->gnu_needed); 2216 2217 for (cnt = 1; cnt <= vnd_num; cnt++, 2218 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2219 Conv_ver_flags_buf_t ver_flags_buf; 2220 const char *name, *dep; 2221 Half vcnt = vnd->vn_cnt; 2222 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2223 2224 /* 2225 * Obtain the name of the needed file and the version name 2226 * within it that we're dependent on. Note that the count 2227 * should be at least one, otherwise this is a pretty bogus 2228 * entry. 2229 */ 2230 name = string(vcache, cnt, scache, file, vnd->vn_file); 2231 if (vcnt) 2232 dep = string(vcache, cnt, scache, file, vnap->vna_name); 2233 else 2234 dep = MSG_INTL(MSG_STR_NULL); 2235 2236 if (vnap->vna_other == 0) { /* Traditional form */ 2237 index_str = MSG_ORIG(MSG_STR_EMPTY); 2238 } else { /* GNU form */ 2239 index_str = index; 2240 /* Format the version index value */ 2241 (void) snprintf(index, MAXNDXSIZE, 2242 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(vnap->vna_other)); 2243 if (vnap->vna_other > versym->max_verndx) 2244 versym->max_verndx = vnap->vna_other; 2245 } 2246 Elf_ver_line_1(0, index_str, name, dep, 2247 conv_ver_flags(vnap->vna_flags, 0, &ver_flags_buf)); 2248 2249 /* 2250 * Print any additional version dependencies. 2251 */ 2252 if (vcnt) { 2253 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2254 for (vcnt--; vcnt; vcnt--, 2255 vnap = (Vernaux *)((uintptr_t)vnap + 2256 vnap->vna_next)) { 2257 dep = string(vcache, cnt, scache, file, 2258 vnap->vna_name); 2259 if (vnap->vna_other > 0) { 2260 /* Format the next index value */ 2261 (void) snprintf(index, MAXNDXSIZE, 2262 MSG_ORIG(MSG_FMT_INDEX), 2263 EC_XWORD(vnap->vna_other)); 2264 Elf_ver_line_1(0, index, 2265 MSG_ORIG(MSG_STR_EMPTY), dep, 2266 conv_ver_flags(vnap->vna_flags, 2267 0, &ver_flags_buf)); 2268 if (vnap->vna_other > 2269 versym->max_verndx) 2270 versym->max_verndx = 2271 vnap->vna_other; 2272 } else { 2273 Elf_ver_line_3(0, 2274 MSG_ORIG(MSG_STR_EMPTY), dep, 2275 conv_ver_flags(vnap->vna_flags, 2276 0, &ver_flags_buf)); 2277 } 2278 } 2279 } 2280 } 2281 } 2282 2283 /* 2284 * Examine the Verneed section for information related to GNU 2285 * style Versym indexing: 2286 * - A non-zero vna_other field indicates that Versym indexes can 2287 * reference Verneed records. 2288 * - If the object uses GNU style Versym indexing, the 2289 * maximum index value is needed to detect bad Versym entries. 2290 * 2291 * entry: 2292 * vnd - Address of verneed data 2293 * vnd_num - # of Verneed entries 2294 * versym - Information about versym section 2295 * 2296 * exit: 2297 * If a non-zero vna_other field is seen, versym->gnu_needed is set. 2298 * 2299 * versym->max_verndx has been updated to contain the largest 2300 * version index seen. 2301 */ 2302 static void 2303 update_gnu_verndx(Verneed *vnd, Word vnd_num, VERSYM_STATE *versym) 2304 { 2305 Word cnt; 2306 2307 for (cnt = 1; cnt <= vnd_num; cnt++, 2308 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2309 Half vcnt = vnd->vn_cnt; 2310 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2311 2312 /* 2313 * A non-zero value of vna_other indicates that this 2314 * object references VERNEED items from the VERSYM 2315 * array. 2316 */ 2317 if (vnap->vna_other != 0) { 2318 versym->gnu_needed = 1; 2319 if (vnap->vna_other > versym->max_verndx) 2320 versym->max_verndx = vnap->vna_other; 2321 } 2322 2323 /* 2324 * Check any additional version dependencies. 2325 */ 2326 if (vcnt) { 2327 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2328 for (vcnt--; vcnt; vcnt--, 2329 vnap = (Vernaux *)((uintptr_t)vnap + 2330 vnap->vna_next)) { 2331 if (vnap->vna_other == 0) 2332 continue; 2333 2334 versym->gnu_needed = 1; 2335 if (vnap->vna_other > versym->max_verndx) 2336 versym->max_verndx = vnap->vna_other; 2337 } 2338 } 2339 } 2340 } 2341 2342 /* 2343 * Display version section information if the flags require it. 2344 * Return version information needed by other output. 2345 * 2346 * entry: 2347 * cache - Cache of all section headers 2348 * shnum - # of sections in cache 2349 * file - Name of file 2350 * flags - Command line option flags 2351 * versym - VERSYM_STATE block to be filled in. 2352 */ 2353 static void 2354 versions(Cache *cache, Word shnum, const char *file, uint_t flags, 2355 VERSYM_STATE *versym) 2356 { 2357 GElf_Word cnt; 2358 Cache *verdef_cache = NULL, *verneed_cache = NULL; 2359 2360 2361 /* Gather information about the version sections */ 2362 versym->max_verndx = 1; 2363 for (cnt = 1; cnt < shnum; cnt++) { 2364 Cache *_cache = &cache[cnt]; 2365 Shdr *shdr = _cache->c_shdr; 2366 Dyn *dyn; 2367 ulong_t numdyn; 2368 2369 switch (shdr->sh_type) { 2370 case SHT_DYNAMIC: 2371 /* 2372 * The GNU ld puts a DT_VERSYM entry in the dynamic 2373 * section so that the runtime linker can use it to 2374 * implement their versioning rules. They allow multiple 2375 * incompatible functions with the same name to exist 2376 * in different versions. The Solaris ld does not 2377 * support this mechanism, and as such, does not 2378 * produce DT_VERSYM. We use this fact to determine 2379 * which ld produced this object, and how to interpret 2380 * the version values. 2381 */ 2382 if ((shdr->sh_entsize == 0) || 2383 (shdr->sh_size == 0) || 2384 (_cache->c_data == NULL) || 2385 (_cache->c_data->d_buf == NULL)) 2386 continue; 2387 numdyn = shdr->sh_size / shdr->sh_entsize; 2388 dyn = (Dyn *)_cache->c_data->d_buf; 2389 for (; numdyn-- > 0; dyn++) 2390 if (dyn->d_tag == DT_VERSYM) { 2391 versym->gnu_full = 2392 versym->gnu_needed = 1; 2393 break; 2394 } 2395 break; 2396 2397 case SHT_SUNW_versym: 2398 /* Record data address for later symbol processing */ 2399 if (_cache->c_data != NULL) { 2400 versym->cache = _cache; 2401 versym->data = _cache->c_data->d_buf; 2402 continue; 2403 } 2404 break; 2405 2406 case SHT_SUNW_verdef: 2407 case SHT_SUNW_verneed: 2408 /* 2409 * Ensure the data is non-NULL and the number 2410 * of items is non-zero. Otherwise, we don't 2411 * understand the section, and will not use it. 2412 */ 2413 if ((_cache->c_data == NULL) || 2414 (_cache->c_data->d_buf == NULL)) { 2415 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2416 file, _cache->c_name); 2417 continue; 2418 } 2419 if (shdr->sh_info == 0) { 2420 (void) fprintf(stderr, 2421 MSG_INTL(MSG_ERR_BADSHINFO), 2422 file, _cache->c_name, 2423 EC_WORD(shdr->sh_info)); 2424 continue; 2425 } 2426 2427 /* Make sure the string table index is in range */ 2428 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 2429 (void) fprintf(stderr, 2430 MSG_INTL(MSG_ERR_BADSHLINK), file, 2431 _cache->c_name, EC_WORD(shdr->sh_link)); 2432 continue; 2433 } 2434 2435 /* 2436 * The section is usable. Save the cache entry. 2437 */ 2438 if (shdr->sh_type == SHT_SUNW_verdef) { 2439 verdef_cache = _cache; 2440 /* 2441 * Under Solaris rules, if there is a verdef 2442 * section, the max versym index is number 2443 * of version definitions it supplies. 2444 */ 2445 versym->max_verndx = shdr->sh_info; 2446 } else { 2447 verneed_cache = _cache; 2448 } 2449 break; 2450 } 2451 } 2452 2453 /* 2454 * If there is a Verneed section, examine it for information 2455 * related to GNU style versioning. 2456 */ 2457 if (verneed_cache != NULL) 2458 update_gnu_verndx((Verneed *)verneed_cache->c_data->d_buf, 2459 verneed_cache->c_shdr->sh_info, versym); 2460 2461 /* 2462 * Now that all the information is available, display the 2463 * Verdef and Verneed section contents, if requested. 2464 */ 2465 if ((flags & FLG_SHOW_VERSIONS) == 0) 2466 return; 2467 if (verdef_cache != NULL) { 2468 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2469 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERDEF), 2470 verdef_cache->c_name); 2471 version_def((Verdef *)verdef_cache->c_data->d_buf, 2472 verdef_cache->c_shdr->sh_info, verdef_cache, 2473 &cache[verdef_cache->c_shdr->sh_link], file); 2474 } 2475 if (verneed_cache != NULL) { 2476 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2477 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERNEED), 2478 verneed_cache->c_name); 2479 /* 2480 * If GNU versioning applies to this object, version_need() 2481 * will update versym->max_verndx, and it is not 2482 * necessary to call update_gnu_verndx(). 2483 */ 2484 version_need((Verneed *)verneed_cache->c_data->d_buf, 2485 verneed_cache->c_shdr->sh_info, verneed_cache, 2486 &cache[verneed_cache->c_shdr->sh_link], file, versym); 2487 } 2488 } 2489 2490 /* 2491 * Search for and process any symbol tables. 2492 */ 2493 void 2494 symbols(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2495 VERSYM_STATE *versym, const char *file, uint_t flags) 2496 { 2497 SYMTBL_STATE state; 2498 Cache *_cache; 2499 Word secndx; 2500 2501 for (secndx = 1; secndx < shnum; secndx++) { 2502 Word symcnt; 2503 Shdr *shdr; 2504 2505 _cache = &cache[secndx]; 2506 shdr = _cache->c_shdr; 2507 2508 if ((shdr->sh_type != SHT_SYMTAB) && 2509 (shdr->sh_type != SHT_DYNSYM) && 2510 ((shdr->sh_type != SHT_SUNW_LDYNSYM) || 2511 (osabi != ELFOSABI_SOLARIS))) 2512 continue; 2513 if (!match(MATCH_F_ALL, _cache->c_name, secndx, shdr->sh_type)) 2514 continue; 2515 2516 if (!init_symtbl_state(&state, cache, shnum, secndx, ehdr, 2517 osabi, versym, file, flags)) 2518 continue; 2519 /* 2520 * Loop through the symbol tables entries. 2521 */ 2522 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2523 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMTAB), state.secname); 2524 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2525 2526 for (symcnt = 0; symcnt < state.symn; symcnt++) 2527 output_symbol(&state, symcnt, shdr->sh_info, symcnt, 2528 state.sym + symcnt); 2529 } 2530 } 2531 2532 /* 2533 * Search for and process any SHT_SUNW_symsort or SHT_SUNW_tlssort sections. 2534 * These sections are always associated with the .SUNW_ldynsym./.dynsym pair. 2535 */ 2536 static void 2537 sunw_sort(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2538 VERSYM_STATE *versym, const char *file, uint_t flags) 2539 { 2540 SYMTBL_STATE ldynsym_state, dynsym_state; 2541 Cache *sortcache, *symcache; 2542 Shdr *sortshdr, *symshdr; 2543 Word sortsecndx, symsecndx; 2544 Word ldynsym_cnt; 2545 Word *ndx; 2546 Word ndxn; 2547 int output_cnt = 0; 2548 Conv_inv_buf_t inv_buf; 2549 2550 for (sortsecndx = 1; sortsecndx < shnum; sortsecndx++) { 2551 2552 sortcache = &cache[sortsecndx]; 2553 sortshdr = sortcache->c_shdr; 2554 2555 if ((sortshdr->sh_type != SHT_SUNW_symsort) && 2556 (sortshdr->sh_type != SHT_SUNW_tlssort)) 2557 continue; 2558 if (!match(MATCH_F_ALL, sortcache->c_name, sortsecndx, 2559 sortshdr->sh_type)) 2560 continue; 2561 2562 /* 2563 * If the section references a SUNW_ldynsym, then we 2564 * expect to see the associated .dynsym immediately 2565 * following. If it references a .dynsym, there is no 2566 * SUNW_ldynsym. If it is any other type, then we don't 2567 * know what to do with it. 2568 */ 2569 if ((sortshdr->sh_link == 0) || (sortshdr->sh_link >= shnum)) { 2570 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 2571 file, sortcache->c_name, 2572 EC_WORD(sortshdr->sh_link)); 2573 continue; 2574 } 2575 symcache = &cache[sortshdr->sh_link]; 2576 symshdr = symcache->c_shdr; 2577 symsecndx = sortshdr->sh_link; 2578 ldynsym_cnt = 0; 2579 switch (symshdr->sh_type) { 2580 case SHT_SUNW_LDYNSYM: 2581 if (!init_symtbl_state(&ldynsym_state, cache, shnum, 2582 symsecndx, ehdr, osabi, versym, file, flags)) 2583 continue; 2584 ldynsym_cnt = ldynsym_state.symn; 2585 /* 2586 * We know that the dynsym follows immediately 2587 * after the SUNW_ldynsym, and so, should be at 2588 * (sortshdr->sh_link + 1). However, elfdump is a 2589 * diagnostic tool, so we do the full paranoid 2590 * search instead. 2591 */ 2592 for (symsecndx = 1; symsecndx < shnum; symsecndx++) { 2593 symcache = &cache[symsecndx]; 2594 symshdr = symcache->c_shdr; 2595 if (symshdr->sh_type == SHT_DYNSYM) 2596 break; 2597 } 2598 if (symsecndx >= shnum) { /* Dynsym not found! */ 2599 (void) fprintf(stderr, 2600 MSG_INTL(MSG_ERR_NODYNSYM), 2601 file, sortcache->c_name); 2602 continue; 2603 } 2604 /* Fallthrough to process associated dynsym */ 2605 /* FALLTHROUGH */ 2606 case SHT_DYNSYM: 2607 if (!init_symtbl_state(&dynsym_state, cache, shnum, 2608 symsecndx, ehdr, osabi, versym, file, flags)) 2609 continue; 2610 break; 2611 default: 2612 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADNDXSEC), 2613 file, sortcache->c_name, 2614 conv_sec_type(osabi, ehdr->e_machine, 2615 symshdr->sh_type, 0, &inv_buf)); 2616 continue; 2617 } 2618 2619 /* 2620 * Output header 2621 */ 2622 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2623 if (ldynsym_cnt > 0) { 2624 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT2), 2625 sortcache->c_name, ldynsym_state.secname, 2626 dynsym_state.secname); 2627 /* 2628 * The data for .SUNW_ldynsym and dynsym sections 2629 * is supposed to be adjacent with SUNW_ldynsym coming 2630 * first. Check, and issue a warning if it isn't so. 2631 */ 2632 if (((ldynsym_state.sym + ldynsym_state.symn) 2633 != dynsym_state.sym) && 2634 ((flags & FLG_CTL_FAKESHDR) == 0)) 2635 (void) fprintf(stderr, 2636 MSG_INTL(MSG_ERR_LDYNNOTADJ), file, 2637 ldynsym_state.secname, 2638 dynsym_state.secname); 2639 } else { 2640 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT1), 2641 sortcache->c_name, dynsym_state.secname); 2642 } 2643 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2644 2645 /* If not first one, insert a line of white space */ 2646 if (output_cnt++ > 0) 2647 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2648 2649 /* 2650 * SUNW_dynsymsort and SUNW_dyntlssort are arrays of 2651 * symbol indices. Iterate over the array entries, 2652 * dispaying the referenced symbols. 2653 */ 2654 ndxn = sortshdr->sh_size / sortshdr->sh_entsize; 2655 ndx = (Word *)sortcache->c_data->d_buf; 2656 for (; ndxn-- > 0; ndx++) { 2657 if (*ndx >= ldynsym_cnt) { 2658 Word sec_ndx = *ndx - ldynsym_cnt; 2659 2660 output_symbol(&dynsym_state, sec_ndx, 0, 2661 *ndx, dynsym_state.sym + sec_ndx); 2662 } else { 2663 output_symbol(&ldynsym_state, *ndx, 0, 2664 *ndx, ldynsym_state.sym + *ndx); 2665 } 2666 } 2667 } 2668 } 2669 2670 /* 2671 * Search for and process any relocation sections. 2672 */ 2673 static void 2674 reloc(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 2675 { 2676 Word cnt; 2677 2678 for (cnt = 1; cnt < shnum; cnt++) { 2679 Word type, symnum; 2680 Xword relndx, relnum, relsize; 2681 void *rels; 2682 Sym *syms; 2683 Cache *symsec, *strsec; 2684 Cache *_cache = &cache[cnt]; 2685 Shdr *shdr = _cache->c_shdr; 2686 char *relname = _cache->c_name; 2687 Conv_inv_buf_t inv_buf; 2688 2689 if (((type = shdr->sh_type) != SHT_RELA) && 2690 (type != SHT_REL)) 2691 continue; 2692 if (!match(MATCH_F_ALL, relname, cnt, type)) 2693 continue; 2694 2695 /* 2696 * Decide entry size. 2697 */ 2698 if (((relsize = shdr->sh_entsize) == 0) || 2699 (relsize > shdr->sh_size)) { 2700 if (type == SHT_RELA) 2701 relsize = sizeof (Rela); 2702 else 2703 relsize = sizeof (Rel); 2704 } 2705 2706 /* 2707 * Determine the number of relocations available. 2708 */ 2709 if (shdr->sh_size == 0) { 2710 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2711 file, relname); 2712 continue; 2713 } 2714 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 2715 continue; 2716 2717 rels = _cache->c_data->d_buf; 2718 relnum = shdr->sh_size / relsize; 2719 2720 /* 2721 * Get the data buffer for the associated symbol table and 2722 * string table. 2723 */ 2724 if (stringtbl(cache, 1, cnt, shnum, file, 2725 &symnum, &symsec, &strsec) == 0) 2726 continue; 2727 2728 syms = symsec->c_data->d_buf; 2729 2730 /* 2731 * Loop through the relocation entries. 2732 */ 2733 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2734 dbg_print(0, MSG_INTL(MSG_ELF_SCN_RELOC), _cache->c_name); 2735 Elf_reloc_title(0, ELF_DBG_ELFDUMP, type); 2736 2737 for (relndx = 0; relndx < relnum; relndx++, 2738 rels = (void *)((char *)rels + relsize)) { 2739 Half mach = ehdr->e_machine; 2740 char section[BUFSIZ]; 2741 const char *symname; 2742 Word symndx, reltype; 2743 Rela *rela; 2744 Rel *rel; 2745 2746 /* 2747 * Unravel the relocation and determine the symbol with 2748 * which this relocation is associated. 2749 */ 2750 if (type == SHT_RELA) { 2751 rela = (Rela *)rels; 2752 symndx = ELF_R_SYM(rela->r_info); 2753 reltype = ELF_R_TYPE(rela->r_info, mach); 2754 } else { 2755 rel = (Rel *)rels; 2756 symndx = ELF_R_SYM(rel->r_info); 2757 reltype = ELF_R_TYPE(rel->r_info, mach); 2758 } 2759 2760 symname = relsymname(cache, _cache, strsec, symndx, 2761 symnum, relndx, syms, section, BUFSIZ, file); 2762 2763 /* 2764 * A zero symbol index is only valid for a few 2765 * relocations. 2766 */ 2767 if (symndx == 0) { 2768 int badrel = 0; 2769 2770 if ((mach == EM_SPARC) || 2771 (mach == EM_SPARC32PLUS) || 2772 (mach == EM_SPARCV9)) { 2773 if ((reltype != R_SPARC_NONE) && 2774 (reltype != R_SPARC_REGISTER) && 2775 (reltype != R_SPARC_RELATIVE)) 2776 badrel++; 2777 } else if (mach == EM_386) { 2778 if ((reltype != R_386_NONE) && 2779 (reltype != R_386_RELATIVE)) 2780 badrel++; 2781 } else if (mach == EM_AMD64) { 2782 if ((reltype != R_AMD64_NONE) && 2783 (reltype != R_AMD64_RELATIVE)) 2784 badrel++; 2785 } 2786 2787 if (badrel) { 2788 (void) fprintf(stderr, 2789 MSG_INTL(MSG_ERR_BADREL1), file, 2790 conv_reloc_type(mach, reltype, 2791 0, &inv_buf)); 2792 } 2793 } 2794 2795 Elf_reloc_entry_1(0, ELF_DBG_ELFDUMP, 2796 MSG_ORIG(MSG_STR_EMPTY), ehdr->e_machine, type, 2797 rels, relname, symname, 0); 2798 } 2799 } 2800 } 2801 2802 2803 /* 2804 * This value controls which test dyn_test() performs. 2805 */ 2806 typedef enum { DYN_TEST_ADDR, DYN_TEST_SIZE, DYN_TEST_ENTSIZE } dyn_test_t; 2807 2808 /* 2809 * Used by dynamic() to compare the value of a dynamic element against 2810 * the starting address of the section it references. 2811 * 2812 * entry: 2813 * test_type - Specify which dyn item is being tested. 2814 * sh_type - SHT_* type value for required section. 2815 * sec_cache - Cache entry for section, or NULL if the object lacks 2816 * a section of this type. 2817 * dyn - Dyn entry to be tested 2818 * dynsec_cnt - # of dynamic section being examined. The first 2819 * dynamic section is 1, the next is 2, and so on... 2820 * ehdr - ELF header for file 2821 * file - Name of file 2822 */ 2823 static void 2824 dyn_test(dyn_test_t test_type, Word sh_type, Cache *sec_cache, Dyn *dyn, 2825 Word dynsec_cnt, Ehdr *ehdr, uchar_t osabi, const char *file) 2826 { 2827 Conv_inv_buf_t buf1, buf2; 2828 2829 /* 2830 * These tests are based around the implicit assumption that 2831 * there is only one dynamic section in an object, and also only 2832 * one of the sections it references. We have therefore gathered 2833 * all of the necessary information to test this in a single pass 2834 * over the section headers, which is very efficient. We are not 2835 * aware of any case where more than one dynamic section would 2836 * be meaningful in an ELF object, so this is a reasonable solution. 2837 * 2838 * To test multiple dynamic sections correctly would be more 2839 * expensive in code and time. We would have to build a data structure 2840 * containing all the dynamic elements. Then, we would use the address 2841 * to locate the section it references and ensure the section is of 2842 * the right type and that the address in the dynamic element is 2843 * to the start of the section. Then, we could check the size and 2844 * entsize values against those same sections. This is O(n^2), and 2845 * also complicated. 2846 * 2847 * In the highly unlikely case that there is more than one dynamic 2848 * section, we only test the first one, and simply allow the values 2849 * of the subsequent one to be displayed unchallenged. 2850 */ 2851 if (dynsec_cnt != 1) 2852 return; 2853 2854 /* 2855 * A DT_ item that references a section address should always find 2856 * the section in the file. 2857 */ 2858 if (sec_cache == NULL) { 2859 const char *name; 2860 2861 /* 2862 * Supply section names instead of section types for 2863 * things that reference progbits so that the error 2864 * message will make more sense. 2865 */ 2866 switch (dyn->d_tag) { 2867 case DT_INIT: 2868 name = MSG_ORIG(MSG_ELF_INIT); 2869 break; 2870 case DT_FINI: 2871 name = MSG_ORIG(MSG_ELF_FINI); 2872 break; 2873 default: 2874 name = conv_sec_type(osabi, ehdr->e_machine, 2875 sh_type, 0, &buf1); 2876 break; 2877 } 2878 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNNOBCKSEC), file, 2879 name, conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2880 CONV_FMT_ALT_CF, &buf2)); 2881 return; 2882 } 2883 2884 2885 switch (test_type) { 2886 case DYN_TEST_ADDR: 2887 /* The section address should match the DT_ item value */ 2888 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_addr) 2889 (void) fprintf(stderr, 2890 MSG_INTL(MSG_ERR_DYNBADADDR), file, 2891 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2892 CONV_FMT_ALT_CF, &buf1), EC_ADDR(dyn->d_un.d_val), 2893 sec_cache->c_ndx, sec_cache->c_name, 2894 EC_ADDR(sec_cache->c_shdr->sh_addr)); 2895 break; 2896 2897 case DYN_TEST_SIZE: 2898 /* The section size should match the DT_ item value */ 2899 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_size) 2900 (void) fprintf(stderr, 2901 MSG_INTL(MSG_ERR_DYNBADSIZE), file, 2902 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2903 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2904 sec_cache->c_ndx, sec_cache->c_name, 2905 EC_XWORD(sec_cache->c_shdr->sh_size)); 2906 break; 2907 2908 case DYN_TEST_ENTSIZE: 2909 /* The sh_entsize value should match the DT_ item value */ 2910 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_entsize) 2911 (void) fprintf(stderr, 2912 MSG_INTL(MSG_ERR_DYNBADENTSIZE), file, 2913 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2914 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2915 sec_cache->c_ndx, sec_cache->c_name, 2916 EC_XWORD(sec_cache->c_shdr->sh_entsize)); 2917 break; 2918 } 2919 } 2920 2921 /* 2922 * There are some DT_ entries that have corresponding symbols 2923 * (e.g. DT_INIT and _init). It is expected that these items will 2924 * both have the same value if both are present. This routine 2925 * examines the well known symbol tables for such symbols and 2926 * issues warnings for any that don't match. 2927 * 2928 * entry: 2929 * dyn - Dyn entry to be tested 2930 * symname - Name of symbol that corresponds to dyn 2931 * symtab_cache, dynsym_cache, ldynsym_cache - Symbol tables to check 2932 * target_cache - Section the symname section is expected to be 2933 * associated with. 2934 * cache - Cache of all section headers 2935 * shnum - # of sections in cache 2936 * ehdr - ELF header for file 2937 * osabi - OSABI to apply when interpreting object 2938 * file - Name of file 2939 */ 2940 static void 2941 dyn_symtest(Dyn *dyn, const char *symname, Cache *symtab_cache, 2942 Cache *dynsym_cache, Cache *ldynsym_cache, Cache *target_cache, 2943 Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2944 { 2945 Conv_inv_buf_t buf; 2946 int i; 2947 Sym *sym; 2948 Cache *_cache = NULL; 2949 2950 for (i = 0; i < 3; i++) { 2951 switch (i) { 2952 case 0: 2953 _cache = symtab_cache; 2954 break; 2955 case 1: 2956 _cache = dynsym_cache; 2957 break; 2958 case 2: 2959 _cache = ldynsym_cache; 2960 break; 2961 } 2962 2963 if ((_cache != NULL) && 2964 symlookup(symname, cache, shnum, &sym, target_cache, 2965 _cache, file) && (sym->st_value != dyn->d_un.d_val)) 2966 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNSYMVAL), 2967 file, _cache->c_name, conv_dyn_tag(dyn->d_tag, 2968 osabi, ehdr->e_machine, CONV_FMT_ALT_CF, &buf), 2969 symname, EC_ADDR(sym->st_value)); 2970 } 2971 } 2972 2973 /* 2974 * Search for and process a .dynamic section. 2975 */ 2976 static void 2977 dynamic(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file, 2978 Word phnum, Elf *elf) 2979 { 2980 struct { 2981 Cache *symtab; 2982 Cache *dynstr; 2983 Cache *dynsym; 2984 Cache *hash; 2985 Cache *fini; 2986 Cache *fini_array; 2987 Cache *init; 2988 Cache *init_array; 2989 Cache *preinit_array; 2990 Cache *rel; 2991 Cache *rela; 2992 Cache *sunw_cap; 2993 Cache *sunw_capinfo; 2994 Cache *sunw_capchain; 2995 Cache *sunw_ldynsym; 2996 Cache *sunw_move; 2997 Cache *sunw_syminfo; 2998 Cache *sunw_symsort; 2999 Cache *sunw_tlssort; 3000 Cache *sunw_verdef; 3001 Cache *sunw_verneed; 3002 Cache *sunw_versym; 3003 } sec; 3004 Word dynsec_ndx; 3005 Word dynsec_num; 3006 int dynsec_cnt; 3007 Word cnt; 3008 int osabi_solaris = osabi == ELFOSABI_SOLARIS; 3009 Phdr *pt_dynamic = NULL; 3010 size_t phndx; 3011 static Word phdr_type[] = { PT_DYNAMIC }; 3012 3013 /* 3014 * Make a pass over all the sections, gathering section information 3015 * we'll need below. 3016 */ 3017 dynsec_num = 0; 3018 bzero(&sec, sizeof (sec)); 3019 for (cnt = 1; cnt < shnum; cnt++) { 3020 Cache *_cache = &cache[cnt]; 3021 3022 switch (_cache->c_shdr->sh_type) { 3023 case SHT_DYNAMIC: 3024 if (dynsec_num == 0) { 3025 dynsec_ndx = cnt; 3026 3027 /* Does it have a valid string table? */ 3028 (void) stringtbl(cache, 0, cnt, shnum, file, 3029 0, 0, &sec.dynstr); 3030 } 3031 dynsec_num++; 3032 break; 3033 3034 3035 case SHT_PROGBITS: 3036 /* 3037 * We want to detect the .init and .fini sections, 3038 * if present. These are SHT_PROGBITS, so all we 3039 * have to go on is the section name. Normally comparing 3040 * names is a bad idea, but there are some special 3041 * names (i.e. .init/.fini/.interp) that are very 3042 * difficult to use in any other context, and for 3043 * these symbols, we do the heuristic match. 3044 */ 3045 if (strcmp(_cache->c_name, 3046 MSG_ORIG(MSG_ELF_INIT)) == 0) { 3047 if (sec.init == NULL) 3048 sec.init = _cache; 3049 } else if (strcmp(_cache->c_name, 3050 MSG_ORIG(MSG_ELF_FINI)) == 0) { 3051 if (sec.fini == NULL) 3052 sec.fini = _cache; 3053 } 3054 break; 3055 3056 case SHT_REL: 3057 /* 3058 * We want the SHT_REL section with the lowest 3059 * offset. The linker gathers them together, 3060 * and puts the address of the first one 3061 * into the DT_REL dynamic element. 3062 */ 3063 if ((sec.rel == NULL) || 3064 (_cache->c_shdr->sh_offset < 3065 sec.rel->c_shdr->sh_offset)) 3066 sec.rel = _cache; 3067 break; 3068 3069 case SHT_RELA: 3070 /* RELA is handled just like RELA above */ 3071 if ((sec.rela == NULL) || 3072 (_cache->c_shdr->sh_offset < 3073 sec.rela->c_shdr->sh_offset)) 3074 sec.rela = _cache; 3075 break; 3076 3077 /* 3078 * The GRAB macro is used for the simple case in which 3079 * we simply grab the first section of the desired type. 3080 */ 3081 #define GRAB(_sec_type, _sec_field) \ 3082 case _sec_type: \ 3083 if (sec._sec_field == NULL) \ 3084 sec._sec_field = _cache; \ 3085 break 3086 GRAB(SHT_SYMTAB, symtab); 3087 GRAB(SHT_DYNSYM, dynsym); 3088 GRAB(SHT_FINI_ARRAY, fini_array); 3089 GRAB(SHT_HASH, hash); 3090 GRAB(SHT_INIT_ARRAY, init_array); 3091 GRAB(SHT_SUNW_move, sunw_move); 3092 GRAB(SHT_PREINIT_ARRAY, preinit_array); 3093 GRAB(SHT_SUNW_cap, sunw_cap); 3094 GRAB(SHT_SUNW_capinfo, sunw_capinfo); 3095 GRAB(SHT_SUNW_capchain, sunw_capchain); 3096 GRAB(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3097 GRAB(SHT_SUNW_syminfo, sunw_syminfo); 3098 GRAB(SHT_SUNW_symsort, sunw_symsort); 3099 GRAB(SHT_SUNW_tlssort, sunw_tlssort); 3100 GRAB(SHT_SUNW_verdef, sunw_verdef); 3101 GRAB(SHT_SUNW_verneed, sunw_verneed); 3102 GRAB(SHT_SUNW_versym, sunw_versym); 3103 #undef GRAB 3104 } 3105 } 3106 3107 if (phnum) { 3108 pt_dynamic = getphdr(phnum, phdr_type, 1, file, elf, &phndx); 3109 } 3110 3111 /* 3112 * If no dynamic section, return immediately. If more than one 3113 * dynamic section, then something odd is going on and an error 3114 * is in order, but then continue on and display them all. 3115 */ 3116 if (dynsec_num == 0) { 3117 return; 3118 } 3119 if (dynsec_num > 1) 3120 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTDYN), 3121 file, EC_WORD(dynsec_num)); 3122 3123 3124 dynsec_cnt = 0; 3125 for (cnt = dynsec_ndx; (cnt < shnum) && (dynsec_cnt < dynsec_num); 3126 cnt++) { 3127 Dyn *dyn; 3128 ulong_t numdyn; 3129 int ndx, end_ndx; 3130 Cache *_cache = &cache[cnt], *strsec; 3131 Shdr *shdr = _cache->c_shdr; 3132 int dumped = 0; 3133 3134 if (shdr->sh_type != SHT_DYNAMIC) 3135 continue; 3136 dynsec_cnt++; 3137 3138 /* 3139 * Verify the associated string table section. 3140 */ 3141 if (stringtbl(cache, 0, cnt, shnum, file, 0, 0, &strsec) == 0) 3142 continue; 3143 3144 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3145 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3146 file, _cache->c_name); 3147 continue; 3148 } 3149 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3150 continue; 3151 3152 /* The first time through, check v. PT_DYNAMIC */ 3153 if (dynsec_cnt == 1) { 3154 Conv_inv_buf_t inv_buf; 3155 3156 if ((pt_dynamic == NULL) && (ehdr->e_type != ET_REL)) { 3157 fprintf(stderr, MSG_INTL(MSG_SHDR_NO_PHDR), 3158 file, _cache->c_ndx, _cache->c_name, 3159 conv_phdr_type(osabi, ehdr->e_machine, 3160 PT_DYNAMIC, CONV_FMT_ALT_CF, &inv_buf)); 3161 } 3162 3163 if (pt_dynamic != NULL) { 3164 check_phdr_v_shdr(pt_dynamic, phndx, 3165 osabi, ehdr->e_machine, _cache, file); 3166 } 3167 } 3168 3169 numdyn = shdr->sh_size / shdr->sh_entsize; 3170 dyn = (Dyn *)_cache->c_data->d_buf; 3171 3172 /* 3173 * We expect the REL/RELA entries to reference the reloc 3174 * section with the lowest address. However, this is 3175 * not true for dumped objects. Detect if this object has 3176 * been dumped so that we can skip the reloc address test 3177 * in that case. 3178 */ 3179 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 3180 if (dyn->d_tag == DT_FLAGS_1) { 3181 dumped = (dyn->d_un.d_val & DF_1_CONFALT) != 0; 3182 break; 3183 } 3184 } 3185 dyn = (Dyn *)_cache->c_data->d_buf; 3186 3187 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3188 dbg_print(0, MSG_INTL(MSG_ELF_SCN_DYNAMIC), _cache->c_name); 3189 3190 Elf_dyn_title(0); 3191 3192 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 3193 union { 3194 Conv_inv_buf_t inv; 3195 Conv_dyn_flag_buf_t flag; 3196 Conv_dyn_flag1_buf_t flag1; 3197 Conv_dyn_posflag1_buf_t posflag1; 3198 Conv_dyn_feature1_buf_t feature1; 3199 } c_buf; 3200 const char *name = NULL; 3201 3202 /* 3203 * Print the information numerically, and if possible 3204 * as a string. If a string is available, name is 3205 * set to reference it. 3206 * 3207 * Also, take this opportunity to sanity check 3208 * the values of DT elements. In the code above, 3209 * we gathered information on sections that are 3210 * referenced by the dynamic section. Here, we 3211 * compare the attributes of those sections to 3212 * the DT_ items that reference them and report 3213 * on inconsistencies. 3214 * 3215 * Things not currently tested that could be improved 3216 * in later revisions include: 3217 * - We don't check PLT or GOT related items 3218 * - We don't handle computing the lengths of 3219 * relocation arrays. To handle this 3220 * requires examining data that spans 3221 * across sections, in a contiguous span 3222 * within a single segment. 3223 * - DT_VERDEFNUM and DT_VERNEEDNUM can't be 3224 * verified without parsing the sections. 3225 * - We don't handle DT_SUNW_SYMSZ, which would 3226 * be the sum of the lengths of .dynsym and 3227 * .SUNW_ldynsym 3228 * - DT_SUNW_STRPAD can't be verified other than 3229 * to check that it's not larger than 3230 * the string table. 3231 * - Some items come in "all or none" clusters 3232 * that give an address, element size, 3233 * and data length in bytes. We don't 3234 * verify that there are no missing items 3235 * in such groups. 3236 */ 3237 switch (dyn->d_tag) { 3238 case DT_NULL: 3239 /* 3240 * Special case: DT_NULLs can come in groups 3241 * that we prefer to reduce to a single line. 3242 */ 3243 end_ndx = ndx; 3244 while ((end_ndx < (numdyn - 1)) && 3245 ((dyn + 1)->d_tag == DT_NULL)) { 3246 dyn++; 3247 end_ndx++; 3248 } 3249 Elf_dyn_null_entry(0, dyn, ndx, end_ndx); 3250 ndx = end_ndx; 3251 continue; 3252 3253 /* 3254 * String items all reference the dynstr. The string() 3255 * function does the necessary sanity checking. 3256 */ 3257 case DT_NEEDED: 3258 case DT_SONAME: 3259 case DT_FILTER: 3260 case DT_AUXILIARY: 3261 case DT_CONFIG: 3262 case DT_RPATH: 3263 case DT_RUNPATH: 3264 case DT_USED: 3265 case DT_DEPAUDIT: 3266 case DT_AUDIT: 3267 name = string(_cache, ndx, strsec, 3268 file, dyn->d_un.d_ptr); 3269 break; 3270 3271 case DT_SUNW_AUXILIARY: 3272 case DT_SUNW_FILTER: 3273 if (osabi_solaris) 3274 name = string(_cache, ndx, strsec, 3275 file, dyn->d_un.d_ptr); 3276 break; 3277 3278 case DT_FLAGS: 3279 name = conv_dyn_flag(dyn->d_un.d_val, 3280 0, &c_buf.flag); 3281 break; 3282 case DT_FLAGS_1: 3283 name = conv_dyn_flag1(dyn->d_un.d_val, 0, 3284 &c_buf.flag1); 3285 break; 3286 case DT_POSFLAG_1: 3287 name = conv_dyn_posflag1(dyn->d_un.d_val, 0, 3288 &c_buf.posflag1); 3289 break; 3290 case DT_FEATURE_1: 3291 name = conv_dyn_feature1(dyn->d_un.d_val, 0, 3292 &c_buf.feature1); 3293 break; 3294 case DT_DEPRECATED_SPARC_REGISTER: 3295 name = MSG_INTL(MSG_STR_DEPRECATED); 3296 break; 3297 3298 case DT_SUNW_LDMACH: 3299 if (!osabi_solaris) 3300 break; 3301 name = conv_ehdr_mach((Half)dyn->d_un.d_val, 3302 0, &c_buf.inv); 3303 break; 3304 3305 /* 3306 * Cases below this point are strictly sanity checking, 3307 * and do not generate a name string. The TEST_ macros 3308 * are used to hide the boiler plate arguments neeeded 3309 * by dyn_test(). 3310 */ 3311 #define TEST_ADDR(_sh_type, _sec_field) \ 3312 dyn_test(DYN_TEST_ADDR, _sh_type, \ 3313 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3314 osabi, file) 3315 #define TEST_SIZE(_sh_type, _sec_field) \ 3316 dyn_test(DYN_TEST_SIZE, _sh_type, \ 3317 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3318 osabi, file) 3319 #define TEST_ENTSIZE(_sh_type, _sec_field) \ 3320 dyn_test(DYN_TEST_ENTSIZE, _sh_type, \ 3321 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3322 osabi, file) 3323 3324 case DT_FINI: 3325 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_FINI), 3326 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3327 sec.fini, cache, shnum, ehdr, osabi, file); 3328 TEST_ADDR(SHT_PROGBITS, fini); 3329 break; 3330 3331 case DT_FINI_ARRAY: 3332 TEST_ADDR(SHT_FINI_ARRAY, fini_array); 3333 break; 3334 3335 case DT_FINI_ARRAYSZ: 3336 TEST_SIZE(SHT_FINI_ARRAY, fini_array); 3337 break; 3338 3339 case DT_HASH: 3340 TEST_ADDR(SHT_HASH, hash); 3341 break; 3342 3343 case DT_INIT: 3344 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_INIT), 3345 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3346 sec.init, cache, shnum, ehdr, osabi, file); 3347 TEST_ADDR(SHT_PROGBITS, init); 3348 break; 3349 3350 case DT_INIT_ARRAY: 3351 TEST_ADDR(SHT_INIT_ARRAY, init_array); 3352 break; 3353 3354 case DT_INIT_ARRAYSZ: 3355 TEST_SIZE(SHT_INIT_ARRAY, init_array); 3356 break; 3357 3358 case DT_MOVEENT: 3359 TEST_ENTSIZE(SHT_SUNW_move, sunw_move); 3360 break; 3361 3362 case DT_MOVESZ: 3363 TEST_SIZE(SHT_SUNW_move, sunw_move); 3364 break; 3365 3366 case DT_MOVETAB: 3367 TEST_ADDR(SHT_SUNW_move, sunw_move); 3368 break; 3369 3370 case DT_PREINIT_ARRAY: 3371 TEST_ADDR(SHT_PREINIT_ARRAY, preinit_array); 3372 break; 3373 3374 case DT_PREINIT_ARRAYSZ: 3375 TEST_SIZE(SHT_PREINIT_ARRAY, preinit_array); 3376 break; 3377 3378 case DT_REL: 3379 if (!dumped) 3380 TEST_ADDR(SHT_REL, rel); 3381 break; 3382 3383 case DT_RELENT: 3384 TEST_ENTSIZE(SHT_REL, rel); 3385 break; 3386 3387 case DT_RELA: 3388 if (!dumped) 3389 TEST_ADDR(SHT_RELA, rela); 3390 break; 3391 3392 case DT_RELAENT: 3393 TEST_ENTSIZE(SHT_RELA, rela); 3394 break; 3395 3396 case DT_STRTAB: 3397 TEST_ADDR(SHT_STRTAB, dynstr); 3398 break; 3399 3400 case DT_STRSZ: 3401 TEST_SIZE(SHT_STRTAB, dynstr); 3402 break; 3403 3404 case DT_SUNW_CAP: 3405 if (osabi_solaris) 3406 TEST_ADDR(SHT_SUNW_cap, sunw_cap); 3407 break; 3408 3409 case DT_SUNW_CAPINFO: 3410 if (osabi_solaris) 3411 TEST_ADDR(SHT_SUNW_capinfo, 3412 sunw_capinfo); 3413 break; 3414 3415 case DT_SUNW_CAPCHAIN: 3416 if (osabi_solaris) 3417 TEST_ADDR(SHT_SUNW_capchain, 3418 sunw_capchain); 3419 break; 3420 3421 case DT_SUNW_SYMTAB: 3422 TEST_ADDR(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3423 break; 3424 3425 case DT_SYMENT: 3426 TEST_ENTSIZE(SHT_DYNSYM, dynsym); 3427 break; 3428 3429 case DT_SYMINENT: 3430 TEST_ENTSIZE(SHT_SUNW_syminfo, sunw_syminfo); 3431 break; 3432 3433 case DT_SYMINFO: 3434 TEST_ADDR(SHT_SUNW_syminfo, sunw_syminfo); 3435 break; 3436 3437 case DT_SYMINSZ: 3438 TEST_SIZE(SHT_SUNW_syminfo, sunw_syminfo); 3439 break; 3440 3441 case DT_SYMTAB: 3442 TEST_ADDR(SHT_DYNSYM, dynsym); 3443 break; 3444 3445 case DT_SUNW_SORTENT: 3446 /* 3447 * This entry is related to both the symsort and 3448 * tlssort sections. 3449 */ 3450 if (osabi_solaris) { 3451 int test_tls = 3452 (sec.sunw_tlssort != NULL); 3453 int test_sym = 3454 (sec.sunw_symsort != NULL) || 3455 !test_tls; 3456 if (test_sym) 3457 TEST_ENTSIZE(SHT_SUNW_symsort, 3458 sunw_symsort); 3459 if (test_tls) 3460 TEST_ENTSIZE(SHT_SUNW_tlssort, 3461 sunw_tlssort); 3462 } 3463 break; 3464 3465 3466 case DT_SUNW_SYMSORT: 3467 if (osabi_solaris) 3468 TEST_ADDR(SHT_SUNW_symsort, 3469 sunw_symsort); 3470 break; 3471 3472 case DT_SUNW_SYMSORTSZ: 3473 if (osabi_solaris) 3474 TEST_SIZE(SHT_SUNW_symsort, 3475 sunw_symsort); 3476 break; 3477 3478 case DT_SUNW_TLSSORT: 3479 if (osabi_solaris) 3480 TEST_ADDR(SHT_SUNW_tlssort, 3481 sunw_tlssort); 3482 break; 3483 3484 case DT_SUNW_TLSSORTSZ: 3485 if (osabi_solaris) 3486 TEST_SIZE(SHT_SUNW_tlssort, 3487 sunw_tlssort); 3488 break; 3489 3490 case DT_VERDEF: 3491 TEST_ADDR(SHT_SUNW_verdef, sunw_verdef); 3492 break; 3493 3494 case DT_VERNEED: 3495 TEST_ADDR(SHT_SUNW_verneed, sunw_verneed); 3496 break; 3497 3498 case DT_VERSYM: 3499 TEST_ADDR(SHT_SUNW_versym, sunw_versym); 3500 break; 3501 #undef TEST_ADDR 3502 #undef TEST_SIZE 3503 #undef TEST_ENTSIZE 3504 } 3505 3506 if (name == NULL) 3507 name = MSG_ORIG(MSG_STR_EMPTY); 3508 Elf_dyn_entry(0, dyn, ndx, name, 3509 osabi, ehdr->e_machine); 3510 } 3511 } 3512 } 3513 3514 /* 3515 * Search for and process a MOVE section. 3516 */ 3517 static void 3518 move(Cache *cache, Word shnum, const char *file, uint_t flags) 3519 { 3520 Word cnt; 3521 const char *fmt = NULL; 3522 3523 for (cnt = 1; cnt < shnum; cnt++) { 3524 Word movenum, symnum, ndx; 3525 Sym *syms; 3526 Cache *_cache = &cache[cnt]; 3527 Shdr *shdr = _cache->c_shdr; 3528 Cache *symsec, *strsec; 3529 Move *move; 3530 3531 if (shdr->sh_type != SHT_SUNW_move) 3532 continue; 3533 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3534 continue; 3535 3536 /* 3537 * Determine the move data and number. 3538 */ 3539 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3540 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3541 file, _cache->c_name); 3542 continue; 3543 } 3544 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3545 continue; 3546 3547 move = (Move *)_cache->c_data->d_buf; 3548 movenum = shdr->sh_size / shdr->sh_entsize; 3549 3550 /* 3551 * Get the data buffer for the associated symbol table and 3552 * string table. 3553 */ 3554 if (stringtbl(cache, 1, cnt, shnum, file, 3555 &symnum, &symsec, &strsec) == 0) 3556 return; 3557 3558 syms = (Sym *)symsec->c_data->d_buf; 3559 3560 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3561 dbg_print(0, MSG_INTL(MSG_ELF_SCN_MOVE), _cache->c_name); 3562 dbg_print(0, MSG_INTL(MSG_MOVE_TITLE)); 3563 3564 if (fmt == NULL) 3565 fmt = MSG_INTL(MSG_MOVE_ENTRY); 3566 3567 for (ndx = 0; ndx < movenum; move++, ndx++) { 3568 const char *symname; 3569 char index[MAXNDXSIZE], section[BUFSIZ]; 3570 Word symndx, shndx; 3571 Sym *sym; 3572 3573 /* 3574 * Check for null entries 3575 */ 3576 if ((move->m_info == 0) && (move->m_value == 0) && 3577 (move->m_poffset == 0) && (move->m_repeat == 0) && 3578 (move->m_stride == 0)) { 3579 dbg_print(0, fmt, MSG_ORIG(MSG_STR_EMPTY), 3580 EC_XWORD(move->m_poffset), 0, 0, 0, 3581 EC_LWORD(0), MSG_ORIG(MSG_STR_EMPTY)); 3582 continue; 3583 } 3584 if (((symndx = ELF_M_SYM(move->m_info)) == 0) || 3585 (symndx >= symnum)) { 3586 (void) fprintf(stderr, 3587 MSG_INTL(MSG_ERR_BADMINFO), file, 3588 _cache->c_name, EC_XWORD(move->m_info)); 3589 3590 (void) snprintf(index, MAXNDXSIZE, 3591 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3592 dbg_print(0, fmt, index, 3593 EC_XWORD(move->m_poffset), 3594 ELF_M_SIZE(move->m_info), move->m_repeat, 3595 move->m_stride, move->m_value, 3596 MSG_INTL(MSG_STR_UNKNOWN)); 3597 continue; 3598 } 3599 3600 symname = relsymname(cache, _cache, strsec, 3601 symndx, symnum, ndx, syms, section, BUFSIZ, file); 3602 sym = (Sym *)(syms + symndx); 3603 3604 /* 3605 * Additional sanity check. 3606 */ 3607 shndx = sym->st_shndx; 3608 if (!((shndx == SHN_COMMON) || 3609 (((shndx >= 1) && (shndx <= shnum)) && 3610 (cache[shndx].c_shdr)->sh_type == SHT_NOBITS))) { 3611 (void) fprintf(stderr, 3612 MSG_INTL(MSG_ERR_BADSYM2), file, 3613 _cache->c_name, EC_WORD(symndx), 3614 demangle(symname, flags)); 3615 } 3616 3617 (void) snprintf(index, MAXNDXSIZE, 3618 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3619 dbg_print(0, fmt, index, EC_XWORD(move->m_poffset), 3620 ELF_M_SIZE(move->m_info), move->m_repeat, 3621 move->m_stride, move->m_value, 3622 demangle(symname, flags)); 3623 } 3624 } 3625 } 3626 3627 /* 3628 * parse_note_t is used to track the state used by parse_note_entry() 3629 * between calls, and also to return the results of each call. 3630 */ 3631 typedef struct { 3632 /* pns_ fields track progress through the data */ 3633 const char *pns_file; /* File name */ 3634 Cache *pns_cache; /* Note section cache entry */ 3635 size_t pns_size; /* # unprocessed data bytes */ 3636 Word *pns_data; /* # to next unused data byte */ 3637 3638 /* pn_ fields return the results for a single call */ 3639 Word pn_namesz; /* Value of note namesz field */ 3640 Word pn_descsz; /* Value of note descsz field */ 3641 Word pn_type; /* Value of note type field */ 3642 const char *pn_name; /* if (namesz > 0) ptr to name bytes */ 3643 const char *pn_desc; /* if (descsx > 0) ptr to data bytes */ 3644 } parse_note_t; 3645 3646 /* 3647 * Extract the various sub-parts of a note entry, and advance the 3648 * data pointer past it. 3649 * 3650 * entry: 3651 * The state pns_ fields contain current values for the Note section 3652 * 3653 * exit: 3654 * On success, True (1) is returned, the state pns_ fields have been 3655 * advanced to point at the start of the next entry, and the information 3656 * for the recovered note entry is found in the state pn_ fields. 3657 * 3658 * On failure, False (0) is returned. The values contained in state 3659 * are undefined. 3660 */ 3661 static int 3662 parse_note_entry(parse_note_t *state) 3663 { 3664 size_t pad, noteoff; 3665 3666 noteoff = (Word)state->pns_cache->c_data->d_size - state->pns_size; 3667 /* 3668 * Make sure we can at least reference the 3 initial entries 3669 * (4-byte words) of the note information block. 3670 */ 3671 if (state->pns_size >= (sizeof (Word) * 3)) { 3672 state->pns_size -= (sizeof (Word) * 3); 3673 } else { 3674 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDATASZ), 3675 state->pns_file, state->pns_cache->c_name, 3676 EC_WORD(noteoff)); 3677 return (0); 3678 } 3679 3680 /* 3681 * Make sure any specified name string can be referenced. 3682 */ 3683 if ((state->pn_namesz = *state->pns_data++) != 0) { 3684 if (state->pns_size >= state->pn_namesz) { 3685 state->pns_size -= state->pn_namesz; 3686 } else { 3687 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADNMSZ), 3688 state->pns_file, state->pns_cache->c_name, 3689 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3690 return (0); 3691 } 3692 } 3693 3694 /* 3695 * Make sure any specified descriptor can be referenced. 3696 */ 3697 if ((state->pn_descsz = *state->pns_data++) != 0) { 3698 /* 3699 * If namesz isn't a 4-byte multiple, account for any 3700 * padding that must exist before the descriptor. 3701 */ 3702 if ((pad = (state->pn_namesz & (sizeof (Word) - 1))) != 0) { 3703 pad = sizeof (Word) - pad; 3704 state->pns_size -= pad; 3705 } 3706 if (state->pns_size >= state->pn_descsz) { 3707 state->pns_size -= state->pn_descsz; 3708 } else { 3709 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDESZ), 3710 state->pns_file, state->pns_cache->c_name, 3711 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3712 return (0); 3713 } 3714 } 3715 3716 state->pn_type = *state->pns_data++; 3717 3718 /* Name */ 3719 if (state->pn_namesz) { 3720 state->pn_name = (char *)state->pns_data; 3721 pad = (state->pn_namesz + 3722 (sizeof (Word) - 1)) & ~(sizeof (Word) - 1); 3723 /* LINTED */ 3724 state->pns_data = (Word *)(state->pn_name + pad); 3725 } 3726 3727 /* 3728 * If multiple information blocks exist within a .note section 3729 * account for any padding that must exist before the next 3730 * information block. 3731 */ 3732 if ((pad = (state->pn_descsz & (sizeof (Word) - 1))) != 0) { 3733 pad = sizeof (Word) - pad; 3734 if (state->pns_size > pad) 3735 state->pns_size -= pad; 3736 } 3737 3738 /* Data */ 3739 if (state->pn_descsz) { 3740 state->pn_desc = (const char *)state->pns_data; 3741 /* LINTED */ 3742 state->pns_data = (Word *)(state->pn_desc + 3743 state->pn_descsz + pad); 3744 } 3745 3746 return (1); 3747 } 3748 3749 /* 3750 * Callback function for use with conv_str_to_c_literal() below. 3751 */ 3752 /*ARGSUSED2*/ 3753 static void 3754 c_literal_cb(const void *ptr, size_t size, void *uvalue) 3755 { 3756 (void) fwrite(ptr, size, 1, stdout); 3757 } 3758 3759 /* 3760 * Traverse a note section analyzing each note information block. 3761 * The data buffers size is used to validate references before they are made, 3762 * and is decremented as each element is processed. 3763 */ 3764 void 3765 note_entry(Cache *cache, Word *data, size_t size, Ehdr *ehdr, const char *file) 3766 { 3767 int cnt = 0; 3768 int is_corenote; 3769 int do_swap; 3770 Conv_inv_buf_t inv_buf; 3771 parse_note_t pnstate; 3772 3773 pnstate.pns_file = file; 3774 pnstate.pns_cache = cache; 3775 pnstate.pns_size = size; 3776 pnstate.pns_data = data; 3777 do_swap = _elf_sys_encoding() != ehdr->e_ident[EI_DATA]; 3778 3779 /* 3780 * Print out a single `note' information block. 3781 */ 3782 while (pnstate.pns_size > 0) { 3783 3784 if (parse_note_entry(&pnstate) == 0) 3785 return; 3786 3787 /* 3788 * Is this a Solaris core note? Such notes all have 3789 * the name "CORE". 3790 */ 3791 is_corenote = (ehdr->e_type == ET_CORE) && 3792 (pnstate.pn_namesz == (MSG_STR_CORE_SIZE + 1)) && 3793 (strncmp(MSG_ORIG(MSG_STR_CORE), pnstate.pn_name, 3794 MSG_STR_CORE_SIZE + 1) == 0); 3795 3796 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3797 dbg_print(0, MSG_INTL(MSG_FMT_NOTEENTNDX), EC_WORD(cnt)); 3798 cnt++; 3799 dbg_print(0, MSG_ORIG(MSG_NOTE_NAMESZ), 3800 EC_WORD(pnstate.pn_namesz)); 3801 dbg_print(0, MSG_ORIG(MSG_NOTE_DESCSZ), 3802 EC_WORD(pnstate.pn_descsz)); 3803 3804 if (is_corenote) 3805 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE_STR), 3806 conv_cnote_type(pnstate.pn_type, 0, &inv_buf)); 3807 else 3808 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE), 3809 EC_WORD(pnstate.pn_type)); 3810 if (pnstate.pn_namesz) { 3811 dbg_print(0, MSG_ORIG(MSG_NOTE_NAME)); 3812 /* 3813 * The name string can contain embedded 'null' 3814 * bytes and/or unprintable characters. Also, 3815 * the final NULL is documented in the ELF ABI 3816 * as being included in the namesz. So, display 3817 * the name using C literal string notation, and 3818 * include the terminating NULL in the output. 3819 * We don't show surrounding double quotes, as 3820 * that implies the termination that we are showing 3821 * explicitly. 3822 */ 3823 (void) fwrite(MSG_ORIG(MSG_STR_8SP), 3824 MSG_STR_8SP_SIZE, 1, stdout); 3825 conv_str_to_c_literal(pnstate.pn_name, 3826 pnstate.pn_namesz, c_literal_cb, NULL); 3827 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3828 } 3829 3830 if (pnstate.pn_descsz) { 3831 int hexdump = 1; 3832 3833 /* 3834 * If this is a core note, let the corenote() 3835 * function handle it. 3836 */ 3837 if (is_corenote) { 3838 /* We only issue the bad arch error once */ 3839 static int badnote_done = 0; 3840 corenote_ret_t corenote_ret; 3841 3842 corenote_ret = corenote(ehdr->e_machine, 3843 do_swap, pnstate.pn_type, pnstate.pn_desc, 3844 pnstate.pn_descsz); 3845 switch (corenote_ret) { 3846 case CORENOTE_R_OK_DUMP: 3847 hexdump = 1; 3848 break; 3849 case CORENOTE_R_OK: 3850 hexdump = 0; 3851 break; 3852 case CORENOTE_R_BADDATA: 3853 (void) fprintf(stderr, 3854 MSG_INTL(MSG_NOTE_BADCOREDATA), 3855 file); 3856 break; 3857 case CORENOTE_R_BADARCH: 3858 if (badnote_done) 3859 break; 3860 (void) fprintf(stderr, 3861 MSG_INTL(MSG_NOTE_BADCOREARCH), 3862 file, 3863 conv_ehdr_mach(ehdr->e_machine, 3864 0, &inv_buf)); 3865 break; 3866 case CORENOTE_R_BADTYPE: 3867 (void) fprintf(stderr, 3868 MSG_INTL(MSG_NOTE_BADCORETYPE), 3869 file, 3870 EC_WORD(pnstate.pn_type)); 3871 break; 3872 3873 } 3874 } 3875 3876 /* 3877 * The default thing when we don't understand 3878 * the note data is to display it as hex bytes. 3879 */ 3880 if (hexdump) { 3881 dbg_print(0, MSG_ORIG(MSG_NOTE_DESC)); 3882 dump_hex_bytes(pnstate.pn_desc, 3883 pnstate.pn_descsz, 8, 4, 4); 3884 } 3885 } 3886 } 3887 } 3888 3889 /* 3890 * Search for and process .note sections. 3891 * 3892 * Returns the number of note sections seen. 3893 */ 3894 static Word 3895 note(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3896 { 3897 Word cnt, note_cnt = 0; 3898 3899 /* 3900 * Otherwise look for any .note sections. 3901 */ 3902 for (cnt = 1; cnt < shnum; cnt++) { 3903 Cache *_cache = &cache[cnt]; 3904 Shdr *shdr = _cache->c_shdr; 3905 3906 if (shdr->sh_type != SHT_NOTE) 3907 continue; 3908 note_cnt++; 3909 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3910 continue; 3911 3912 /* 3913 * As these sections are often hand rolled, make sure they're 3914 * properly aligned before proceeding, and issue an error 3915 * as necessary. 3916 * 3917 * Note that we will continue on to display the note even 3918 * if it has bad alignment. We can do this safely, because 3919 * libelf knows the alignment required for SHT_NOTE, and 3920 * takes steps to deliver a properly aligned buffer to us 3921 * even if the actual file is misaligned. 3922 */ 3923 if (shdr->sh_offset & (sizeof (Word) - 1)) 3924 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADALIGN), 3925 file, _cache->c_name); 3926 3927 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3928 continue; 3929 3930 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3931 dbg_print(0, MSG_INTL(MSG_ELF_SCN_NOTE), _cache->c_name); 3932 note_entry(_cache, (Word *)_cache->c_data->d_buf, 3933 /* LINTED */ 3934 (Word)_cache->c_data->d_size, ehdr, file); 3935 } 3936 3937 return (note_cnt); 3938 } 3939 3940 /* 3941 * The Linux Standard Base defines a special note named .note.ABI-tag 3942 * that is used to maintain Linux ABI information. Presence of this section 3943 * is a strong indication that the object should be considered to be 3944 * ELFOSABI_LINUX. 3945 * 3946 * This function returns True (1) if such a note is seen, and False (0) 3947 * otherwise. 3948 */ 3949 static int 3950 has_linux_abi_note(Cache *cache, Word shnum, const char *file) 3951 { 3952 Word cnt; 3953 3954 for (cnt = 1; cnt < shnum; cnt++) { 3955 parse_note_t pnstate; 3956 Cache *_cache = &cache[cnt]; 3957 Shdr *shdr = _cache->c_shdr; 3958 3959 /* 3960 * Section must be SHT_NOTE, must have the name 3961 * .note.ABI-tag, and must have data. 3962 */ 3963 if ((shdr->sh_type != SHT_NOTE) || 3964 (strcmp(MSG_ORIG(MSG_STR_NOTEABITAG), 3965 _cache->c_name) != 0) || 3966 (_cache->c_data == NULL) || 3967 (_cache->c_data->d_buf == NULL)) 3968 continue; 3969 3970 pnstate.pns_file = file; 3971 pnstate.pns_cache = _cache; 3972 pnstate.pns_size = _cache->c_data->d_size; 3973 pnstate.pns_data = (Word *)_cache->c_data->d_buf; 3974 3975 while (pnstate.pns_size > 0) { 3976 Word *w; 3977 3978 if (parse_note_entry(&pnstate) == 0) 3979 break; 3980 3981 /* 3982 * The type must be 1, and the name must be "GNU". 3983 * The descsz must be at least 16 bytes. 3984 */ 3985 if ((pnstate.pn_type != 1) || 3986 (pnstate.pn_namesz != (MSG_STR_GNU_SIZE + 1)) || 3987 (strncmp(MSG_ORIG(MSG_STR_GNU), pnstate.pn_name, 3988 MSG_STR_CORE_SIZE + 1) != 0) || 3989 (pnstate.pn_descsz < 16)) 3990 continue; 3991 3992 /* 3993 * desc contains 4 32-bit fields. Field 0 must be 0, 3994 * indicating Linux. The second, third, and fourth 3995 * fields represent the earliest Linux kernel 3996 * version compatible with this object. 3997 */ 3998 /*LINTED*/ 3999 w = (Word *) pnstate.pn_desc; 4000 if (*w == 0) 4001 return (1); 4002 } 4003 } 4004 4005 return (0); 4006 } 4007 4008 /* 4009 * Determine an individual hash entry. This may be the initial hash entry, 4010 * or an associated chain entry. 4011 */ 4012 static void 4013 hash_entry(Cache *refsec, Cache *strsec, const char *hsecname, Word hashndx, 4014 Word symndx, Word symn, Sym *syms, const char *file, ulong_t bkts, 4015 uint_t flags, int chain) 4016 { 4017 Sym *sym; 4018 const char *symname, *str; 4019 char _bucket[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 4020 ulong_t nbkt, nhash; 4021 4022 if (symndx > symn) { 4023 (void) fprintf(stderr, MSG_INTL(MSG_ERR_HSBADSYMNDX), file, 4024 EC_WORD(symndx), EC_WORD(hashndx)); 4025 symname = MSG_INTL(MSG_STR_UNKNOWN); 4026 } else { 4027 sym = (Sym *)(syms + symndx); 4028 symname = string(refsec, symndx, strsec, file, sym->st_name); 4029 } 4030 4031 if (chain == 0) { 4032 (void) snprintf(_bucket, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 4033 hashndx); 4034 str = (const char *)_bucket; 4035 } else 4036 str = MSG_ORIG(MSG_STR_EMPTY); 4037 4038 (void) snprintf(_symndx, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX2), 4039 EC_WORD(symndx)); 4040 dbg_print(0, MSG_ORIG(MSG_FMT_HASH_INFO), str, _symndx, 4041 demangle(symname, flags)); 4042 4043 /* 4044 * Determine if this string is in the correct bucket. 4045 */ 4046 nhash = elf_hash(symname); 4047 nbkt = nhash % bkts; 4048 4049 if (nbkt != hashndx) { 4050 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADHASH), file, 4051 hsecname, symname, EC_WORD(hashndx), nbkt); 4052 } 4053 } 4054 4055 #define MAXCOUNT 500 4056 4057 static void 4058 hash(Cache *cache, Word shnum, const char *file, uint_t flags) 4059 { 4060 static int count[MAXCOUNT]; 4061 Word cnt; 4062 Word ndx, bkts, nchain; 4063 char number[MAXNDXSIZE]; 4064 4065 for (cnt = 1; cnt < shnum; cnt++) { 4066 Word *hash, *chain; 4067 Cache *_cache = &cache[cnt]; 4068 Shdr *sshdr, *hshdr = _cache->c_shdr; 4069 char *ssecname, *hsecname = _cache->c_name; 4070 Sym *syms; 4071 Word symn; 4072 4073 if (hshdr->sh_type != SHT_HASH) 4074 continue; 4075 4076 /* 4077 * Check the hash table data and size. 4078 */ 4079 if ((hshdr->sh_entsize == 0) || (hshdr->sh_size == 0)) { 4080 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4081 file, hsecname); 4082 continue; 4083 } 4084 if ((_cache->c_data == NULL) || 4085 (_cache->c_data->d_buf == NULL)) { 4086 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4087 file, hsecname); 4088 continue; 4089 } 4090 4091 hash = (Word *)_cache->c_data->d_buf; 4092 bkts = *hash++; 4093 nchain = *hash++; 4094 chain = hash + bkts; 4095 4096 /* 4097 * The section holds the sizes in addition to the buckets and 4098 * chains. 4099 */ 4100 if (_cache->c_data->d_size < 4101 (bkts + nchain + 2) * sizeof (uint_t)) { 4102 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4103 file, hsecname); 4104 continue; 4105 } 4106 4107 /* 4108 * Get the data buffer for the associated symbol table. 4109 */ 4110 if ((hshdr->sh_link == 0) || (hshdr->sh_link >= shnum)) { 4111 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 4112 file, hsecname, EC_WORD(hshdr->sh_link)); 4113 continue; 4114 } 4115 4116 _cache = &cache[hshdr->sh_link]; 4117 ssecname = _cache->c_name; 4118 4119 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 4120 continue; 4121 4122 if ((syms = (Sym *)_cache->c_data->d_buf) == NULL) { 4123 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4124 file, ssecname); 4125 continue; 4126 } 4127 4128 sshdr = _cache->c_shdr; 4129 4130 if ((sshdr->sh_entsize == 0) || (sshdr->sh_size == 0)) { 4131 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4132 file, ssecname); 4133 continue; 4134 } 4135 4136 /* LINTED */ 4137 symn = (Word)(sshdr->sh_size / sshdr->sh_entsize); 4138 4139 /* 4140 * Check that there is a chain for each symbol. 4141 */ 4142 if (symn > nchain) { 4143 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4144 file, ssecname); 4145 continue; 4146 } 4147 4148 /* 4149 * Get the associated string table section. 4150 */ 4151 if ((sshdr->sh_link == 0) || (sshdr->sh_link >= shnum)) { 4152 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 4153 file, ssecname, EC_WORD(sshdr->sh_link)); 4154 continue; 4155 } 4156 4157 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4158 dbg_print(0, MSG_INTL(MSG_ELF_SCN_HASH), hsecname); 4159 dbg_print(0, MSG_INTL(MSG_ELF_HASH_INFO)); 4160 4161 /* 4162 * Loop through the hash buckets, printing the appropriate 4163 * symbols. 4164 */ 4165 for (ndx = 0; ndx < bkts; ndx++, hash++) { 4166 Word _ndx, _cnt; 4167 4168 if (*hash == 0) { 4169 count[0]++; 4170 continue; 4171 } 4172 4173 /* 4174 * Each hash bucket must contain to a valid chain index. 4175 * Because the symbol table is checked to be the same 4176 * length as the chain array, this also implicitly 4177 * checks those bounds. 4178 */ 4179 if (*hash > nchain) { 4180 (void) fprintf(stderr, 4181 MSG_INTL(MSG_ERR_BADCHAINIDX), file, 4182 ssecname, EC_WORD(*hash), EC_WORD(ndx), 4183 EC_WORD(nchain)); 4184 continue; 4185 } 4186 4187 hash_entry(_cache, &cache[sshdr->sh_link], hsecname, 4188 ndx, *hash, symn, syms, file, bkts, flags, 0); 4189 4190 /* 4191 * Determine if any other symbols are chained to this 4192 * bucket. 4193 */ 4194 _ndx = chain[*hash]; 4195 _cnt = 1; 4196 while (_ndx) { 4197 if (_ndx > nchain) { 4198 (void) fprintf(stderr, 4199 MSG_INTL(MSG_ERR_BADCHAINIDX), file, 4200 ssecname, EC_WORD(_ndx), 4201 EC_WORD(ndx), EC_WORD(nchain)); 4202 break; 4203 } 4204 hash_entry(_cache, &cache[sshdr->sh_link], 4205 hsecname, ndx, _ndx, symn, syms, file, 4206 bkts, flags, 1); 4207 _ndx = chain[_ndx]; 4208 _cnt++; 4209 } 4210 4211 if (_cnt >= MAXCOUNT) { 4212 (void) fprintf(stderr, 4213 MSG_INTL(MSG_HASH_OVERFLW), file, 4214 _cache->c_name, EC_WORD(ndx), 4215 EC_WORD(_cnt)); 4216 } else 4217 count[_cnt]++; 4218 } 4219 break; 4220 } 4221 4222 /* 4223 * Print out the count information. 4224 */ 4225 bkts = cnt = 0; 4226 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4227 4228 for (ndx = 0; ndx < MAXCOUNT; ndx++) { 4229 Word _cnt; 4230 4231 if ((_cnt = count[ndx]) == 0) 4232 continue; 4233 4234 (void) snprintf(number, MAXNDXSIZE, 4235 MSG_ORIG(MSG_FMT_INTEGER), _cnt); 4236 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS1), number, 4237 EC_WORD(ndx)); 4238 bkts += _cnt; 4239 cnt += (Word)(ndx * _cnt); 4240 } 4241 if (cnt) { 4242 (void) snprintf(number, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 4243 bkts); 4244 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS2), number, 4245 EC_WORD(cnt)); 4246 } 4247 } 4248 4249 static void 4250 group(Cache *cache, Word shnum, const char *file, uint_t flags) 4251 { 4252 Word scnt; 4253 4254 for (scnt = 1; scnt < shnum; scnt++) { 4255 Cache *_cache = &cache[scnt]; 4256 Shdr *shdr = _cache->c_shdr; 4257 Word *grpdata, gcnt, grpcnt, symnum, unknown; 4258 Cache *symsec, *strsec; 4259 Sym *syms, *sym; 4260 char flgstrbuf[MSG_GRP_COMDAT_SIZE + 10]; 4261 const char *grpnam; 4262 4263 if (shdr->sh_type != SHT_GROUP) 4264 continue; 4265 if (!match(MATCH_F_ALL, _cache->c_name, scnt, shdr->sh_type)) 4266 continue; 4267 if ((_cache->c_data == NULL) || 4268 ((grpdata = (Word *)_cache->c_data->d_buf) == NULL)) 4269 continue; 4270 grpcnt = shdr->sh_size / sizeof (Word); 4271 4272 /* 4273 * Get the data buffer for the associated symbol table and 4274 * string table. 4275 */ 4276 if (stringtbl(cache, 1, scnt, shnum, file, 4277 &symnum, &symsec, &strsec) == 0) 4278 return; 4279 4280 syms = symsec->c_data->d_buf; 4281 4282 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4283 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GRP), _cache->c_name); 4284 dbg_print(0, MSG_INTL(MSG_GRP_TITLE)); 4285 4286 /* 4287 * The first element of the group defines the group. The 4288 * associated symbol is defined by the sh_link field. 4289 */ 4290 if ((shdr->sh_info == SHN_UNDEF) || (shdr->sh_info > symnum)) { 4291 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 4292 file, _cache->c_name, EC_WORD(shdr->sh_info)); 4293 return; 4294 } 4295 4296 (void) strcpy(flgstrbuf, MSG_ORIG(MSG_STR_OSQBRKT)); 4297 if (grpdata[0] & GRP_COMDAT) { 4298 (void) strcat(flgstrbuf, MSG_ORIG(MSG_GRP_COMDAT)); 4299 } 4300 if ((unknown = (grpdata[0] & ~GRP_COMDAT)) != 0) { 4301 size_t len = strlen(flgstrbuf); 4302 4303 (void) snprintf(&flgstrbuf[len], 4304 (MSG_GRP_COMDAT_SIZE + 10 - len), 4305 MSG_ORIG(MSG_GRP_UNKNOWN), unknown); 4306 } 4307 (void) strcat(flgstrbuf, MSG_ORIG(MSG_STR_CSQBRKT)); 4308 sym = (Sym *)(syms + shdr->sh_info); 4309 4310 /* 4311 * The GNU assembler can use section symbols as the signature 4312 * symbol as described by this comment in the gold linker 4313 * (found via google): 4314 * 4315 * It seems that some versions of gas will create a 4316 * section group associated with a section symbol, and 4317 * then fail to give a name to the section symbol. In 4318 * such a case, use the name of the section. 4319 * 4320 * In order to support such objects, we do the same. 4321 */ 4322 grpnam = string(_cache, 0, strsec, file, sym->st_name); 4323 if (((sym->st_name == 0) || (*grpnam == '\0')) && 4324 (ELF_ST_TYPE(sym->st_info) == STT_SECTION)) 4325 grpnam = cache[sym->st_shndx].c_name; 4326 4327 dbg_print(0, MSG_INTL(MSG_GRP_SIGNATURE), flgstrbuf, 4328 demangle(grpnam, flags)); 4329 4330 for (gcnt = 1; gcnt < grpcnt; gcnt++) { 4331 char index[MAXNDXSIZE]; 4332 const char *name; 4333 4334 (void) snprintf(index, MAXNDXSIZE, 4335 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(gcnt)); 4336 4337 if ((grpdata[gcnt] == 0) || (grpdata[gcnt] >= shnum)) 4338 name = MSG_INTL(MSG_GRP_INVALSCN); 4339 else 4340 name = cache[grpdata[gcnt]].c_name; 4341 4342 (void) printf(MSG_ORIG(MSG_GRP_ENTRY), index, name, 4343 EC_XWORD(grpdata[gcnt])); 4344 } 4345 } 4346 } 4347 4348 static void 4349 got(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 4350 { 4351 Cache *gotcache = NULL, *symtab = NULL; 4352 Addr gotbgn, gotend; 4353 Shdr *gotshdr; 4354 Word cnt, gotents, gotndx; 4355 size_t gentsize; 4356 Got_info *gottable; 4357 char *gotdata; 4358 Sym *gotsym; 4359 Xword gotsymaddr; 4360 uint_t sys_encoding; 4361 4362 /* 4363 * First, find the got. 4364 */ 4365 for (cnt = 1; cnt < shnum; cnt++) { 4366 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 4367 MSG_ELF_GOT_SIZE) == 0) { 4368 gotcache = &cache[cnt]; 4369 break; 4370 } 4371 } 4372 if (gotcache == NULL) 4373 return; 4374 4375 /* 4376 * A got section within a relocatable object is suspicious. 4377 */ 4378 if (ehdr->e_type == ET_REL) { 4379 (void) fprintf(stderr, MSG_INTL(MSG_GOT_UNEXPECTED), file, 4380 gotcache->c_name); 4381 } 4382 4383 gotshdr = gotcache->c_shdr; 4384 if (gotshdr->sh_size == 0) { 4385 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4386 file, gotcache->c_name); 4387 return; 4388 } 4389 4390 gotbgn = gotshdr->sh_addr; 4391 gotend = gotbgn + gotshdr->sh_size; 4392 4393 /* 4394 * Some architectures don't properly set the sh_entsize for the GOT 4395 * table. If it's not set, default to a size of a pointer. 4396 */ 4397 if ((gentsize = gotshdr->sh_entsize) == 0) 4398 gentsize = sizeof (Xword); 4399 4400 if ((gotcache->c_data == NULL) || (gotcache->c_data->d_buf == NULL)) 4401 return; 4402 4403 /* LINTED */ 4404 gotents = (Word)(gotshdr->sh_size / gentsize); 4405 gotdata = gotcache->c_data->d_buf; 4406 4407 if ((gottable = calloc(gotents, sizeof (Got_info))) == 0) { 4408 int err = errno; 4409 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), file, 4410 strerror(err)); 4411 return; 4412 } 4413 4414 /* 4415 * Now we scan through all the sections looking for any relocations 4416 * that may be against the GOT. Since these may not be isolated to a 4417 * .rel[a].got section we check them all. 4418 * While scanning sections save the symbol table entry (a symtab 4419 * overriding a dynsym) so that we can lookup _GLOBAL_OFFSET_TABLE_. 4420 */ 4421 for (cnt = 1; cnt < shnum; cnt++) { 4422 Word type, symnum; 4423 Xword relndx, relnum, relsize; 4424 void *rels; 4425 Sym *syms; 4426 Cache *symsec, *strsec; 4427 Cache *_cache = &cache[cnt]; 4428 Shdr *shdr; 4429 4430 shdr = _cache->c_shdr; 4431 type = shdr->sh_type; 4432 4433 if ((symtab == 0) && (type == SHT_DYNSYM)) { 4434 symtab = _cache; 4435 continue; 4436 } 4437 if (type == SHT_SYMTAB) { 4438 symtab = _cache; 4439 continue; 4440 } 4441 if ((type != SHT_RELA) && (type != SHT_REL)) 4442 continue; 4443 4444 /* 4445 * Decide entry size. 4446 */ 4447 if (((relsize = shdr->sh_entsize) == 0) || 4448 (relsize > shdr->sh_size)) { 4449 if (type == SHT_RELA) 4450 relsize = sizeof (Rela); 4451 else 4452 relsize = sizeof (Rel); 4453 } 4454 4455 /* 4456 * Determine the number of relocations available. 4457 */ 4458 if (shdr->sh_size == 0) { 4459 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4460 file, _cache->c_name); 4461 continue; 4462 } 4463 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 4464 continue; 4465 4466 rels = _cache->c_data->d_buf; 4467 relnum = shdr->sh_size / relsize; 4468 4469 /* 4470 * Get the data buffer for the associated symbol table and 4471 * string table. 4472 */ 4473 if (stringtbl(cache, 1, cnt, shnum, file, 4474 &symnum, &symsec, &strsec) == 0) 4475 continue; 4476 4477 syms = symsec->c_data->d_buf; 4478 4479 /* 4480 * Loop through the relocation entries. 4481 */ 4482 for (relndx = 0; relndx < relnum; relndx++, 4483 rels = (void *)((char *)rels + relsize)) { 4484 char section[BUFSIZ]; 4485 Addr offset; 4486 Got_info *gip; 4487 Word symndx, reltype; 4488 Rela *rela; 4489 Rel *rel; 4490 4491 /* 4492 * Unravel the relocation. 4493 */ 4494 if (type == SHT_RELA) { 4495 rela = (Rela *)rels; 4496 symndx = ELF_R_SYM(rela->r_info); 4497 reltype = ELF_R_TYPE(rela->r_info, 4498 ehdr->e_machine); 4499 offset = rela->r_offset; 4500 } else { 4501 rel = (Rel *)rels; 4502 symndx = ELF_R_SYM(rel->r_info); 4503 reltype = ELF_R_TYPE(rel->r_info, 4504 ehdr->e_machine); 4505 offset = rel->r_offset; 4506 } 4507 4508 /* 4509 * Only pay attention to relocations against the GOT. 4510 */ 4511 if ((offset < gotbgn) || (offset >= gotend)) 4512 continue; 4513 4514 if ((gotshdr->sh_entsize == 0) || 4515 (gotshdr->sh_size == 0)) { 4516 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4517 file, gotcache->c_name); 4518 continue; 4519 } 4520 4521 /* LINTED */ 4522 gotndx = (Word)((offset - gotbgn) / 4523 gotshdr->sh_entsize); 4524 gip = &gottable[gotndx]; 4525 4526 if (gip->g_reltype != 0) { 4527 (void) fprintf(stderr, 4528 MSG_INTL(MSG_GOT_MULTIPLE), file, 4529 EC_WORD(gotndx), EC_ADDR(offset)); 4530 continue; 4531 } 4532 4533 if (symndx) 4534 gip->g_symname = relsymname(cache, _cache, 4535 strsec, symndx, symnum, relndx, syms, 4536 section, BUFSIZ, file); 4537 gip->g_reltype = reltype; 4538 gip->g_rel = rels; 4539 } 4540 } 4541 4542 if (symlookup(MSG_ORIG(MSG_SYM_GOT), cache, shnum, &gotsym, NULL, 4543 symtab, file)) 4544 gotsymaddr = gotsym->st_value; 4545 else 4546 gotsymaddr = gotbgn; 4547 4548 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4549 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GOT), gotcache->c_name); 4550 Elf_got_title(0); 4551 4552 sys_encoding = _elf_sys_encoding(); 4553 for (gotndx = 0; gotndx < gotents; gotndx++) { 4554 Got_info *gip; 4555 Sword gindex; 4556 Addr gaddr; 4557 Xword gotentry; 4558 4559 gip = &gottable[gotndx]; 4560 4561 gaddr = gotbgn + (gotndx * gentsize); 4562 gindex = (Sword)(gaddr - gotsymaddr) / (Sword)gentsize; 4563 4564 if (gentsize == sizeof (Word)) 4565 /* LINTED */ 4566 gotentry = (Xword)(*((Word *)(gotdata) + gotndx)); 4567 else 4568 /* LINTED */ 4569 gotentry = *((Xword *)(gotdata) + gotndx); 4570 4571 Elf_got_entry(0, gindex, gaddr, gotentry, ehdr->e_machine, 4572 ehdr->e_ident[EI_DATA], sys_encoding, 4573 gip->g_reltype, gip->g_rel, gip->g_symname); 4574 } 4575 free(gottable); 4576 } 4577 4578 void 4579 checksum(Elf *elf) 4580 { 4581 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4582 dbg_print(0, MSG_INTL(MSG_STR_CHECKSUM), elf_checksum(elf)); 4583 } 4584 4585 /* 4586 * This variable is used by regular() to communicate the address of 4587 * the section header cache to sort_shdr_ndx_arr(). Unfortunately, 4588 * the qsort() interface does not include a userdata argument by which 4589 * such arbitrary data can be passed, so we are stuck using global data. 4590 */ 4591 static Cache *sort_shdr_ndx_arr_cache; 4592 4593 4594 /* 4595 * Used with qsort() to sort the section indices so that they can be 4596 * used to access the section headers in order of increasing data offset. 4597 * 4598 * entry: 4599 * sort_shdr_ndx_arr_cache - Contains address of 4600 * section header cache. 4601 * v1, v2 - Point at elements of sort_shdr_bits array to be compared. 4602 * 4603 * exit: 4604 * Returns -1 (less than), 0 (equal) or 1 (greater than). 4605 */ 4606 static int 4607 sort_shdr_ndx_arr(const void *v1, const void *v2) 4608 { 4609 Cache *cache1 = sort_shdr_ndx_arr_cache + *((size_t *)v1); 4610 Cache *cache2 = sort_shdr_ndx_arr_cache + *((size_t *)v2); 4611 4612 if (cache1->c_shdr->sh_offset < cache2->c_shdr->sh_offset) 4613 return (-1); 4614 4615 if (cache1->c_shdr->sh_offset > cache2->c_shdr->sh_offset) 4616 return (1); 4617 4618 return (0); 4619 } 4620 4621 4622 static int 4623 shdr_cache(const char *file, Elf *elf, Ehdr *ehdr, size_t shstrndx, 4624 size_t shnum, Cache **cache_ret, Word flags) 4625 { 4626 Elf_Scn *scn; 4627 Elf_Data *data; 4628 size_t ndx; 4629 Shdr *nameshdr = NULL; 4630 char *names = NULL; 4631 Cache *cache, *_cache; 4632 size_t *shdr_ndx_arr, shdr_ndx_arr_cnt; 4633 4634 4635 /* 4636 * Obtain the .shstrtab data buffer to provide the required section 4637 * name strings. 4638 */ 4639 if (shstrndx == SHN_UNDEF) { 4640 /* 4641 * It is rare, but legal, for an object to lack a 4642 * header string table section. 4643 */ 4644 names = NULL; 4645 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHSTRSEC), file); 4646 } else if ((scn = elf_getscn(elf, shstrndx)) == NULL) { 4647 failure(file, MSG_ORIG(MSG_ELF_GETSCN)); 4648 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SHDR), 4649 EC_XWORD(shstrndx)); 4650 4651 } else if ((data = elf_getdata(scn, NULL)) == NULL) { 4652 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4653 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_DATA), 4654 EC_XWORD(shstrndx)); 4655 4656 } else if ((nameshdr = elf_getshdr(scn)) == NULL) { 4657 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4658 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4659 EC_WORD(elf_ndxscn(scn))); 4660 4661 } else if ((names = data->d_buf) == NULL) 4662 (void) fprintf(stderr, MSG_INTL(MSG_ERR_SHSTRNULL), file); 4663 4664 /* 4665 * Allocate a cache to maintain a descriptor for each section. 4666 */ 4667 if ((*cache_ret = cache = malloc(shnum * sizeof (Cache))) == NULL) { 4668 int err = errno; 4669 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4670 file, strerror(err)); 4671 return (0); 4672 } 4673 4674 *cache = cache_init; 4675 _cache = cache; 4676 _cache++; 4677 4678 /* 4679 * Allocate an array that will hold the section index for 4680 * each section that has data in the ELF file: 4681 * 4682 * - Is not a NOBITS section 4683 * - Data has non-zero length 4684 * 4685 * Note that shnum is an upper bound on the size required. It 4686 * is likely that we won't use a few of these array elements. 4687 * Allocating a modest amount of extra memory in this case means 4688 * that we can avoid an extra loop to count the number of needed 4689 * items, and can fill this array immediately in the first loop 4690 * below. 4691 */ 4692 if ((shdr_ndx_arr = malloc(shnum * sizeof (*shdr_ndx_arr))) == NULL) { 4693 int err = errno; 4694 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4695 file, strerror(err)); 4696 return (0); 4697 } 4698 shdr_ndx_arr_cnt = 0; 4699 4700 /* 4701 * Traverse the sections of the file. This gathering of data is 4702 * carried out in two passes. First, the section headers are captured 4703 * and the section header names are evaluated. A verification pass is 4704 * then carried out over the section information. Files have been 4705 * known to exhibit overlapping (and hence erroneous) section header 4706 * information. 4707 * 4708 * Finally, the data for each section is obtained. This processing is 4709 * carried out after section verification because should any section 4710 * header overlap occur, and a file needs translating (ie. xlate'ing 4711 * information from a non-native architecture file), then the process 4712 * of translation can corrupt the section header information. Of 4713 * course, if there is any section overlap, the data related to the 4714 * sections is going to be compromised. However, it is the translation 4715 * of this data that has caused problems with elfdump()'s ability to 4716 * extract the data. 4717 */ 4718 for (ndx = 1, scn = NULL; (scn = elf_nextscn(elf, scn)) != NULL; 4719 ndx++, _cache++) { 4720 char scnndxnm[100]; 4721 4722 _cache->c_ndx = ndx; 4723 _cache->c_scn = scn; 4724 4725 if ((_cache->c_shdr = elf_getshdr(scn)) == NULL) { 4726 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4727 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4728 EC_WORD(elf_ndxscn(scn))); 4729 } 4730 4731 /* 4732 * If this section has data in the file, include it in 4733 * the array of sections to check for address overlap. 4734 */ 4735 if (_cache->c_shdr != NULL && 4736 (_cache->c_shdr->sh_size != 0) && 4737 (_cache->c_shdr->sh_type != SHT_NOBITS)) 4738 shdr_ndx_arr[shdr_ndx_arr_cnt++] = ndx; 4739 4740 /* 4741 * If a shstrtab exists, assign the section name. 4742 */ 4743 if (names && _cache->c_shdr) { 4744 if (_cache->c_shdr->sh_name != 0 && 4745 (nameshdr != NULL && 4746 nameshdr->sh_size > _cache->c_shdr->sh_name)) { 4747 const char *symname; 4748 char *secname; 4749 4750 secname = names + _cache->c_shdr->sh_name; 4751 4752 /* 4753 * A SUN naming convention employs a "%" within 4754 * a section name to indicate a section/symbol 4755 * name. This originated from the compilers 4756 * -xF option, that places functions into their 4757 * own sections. This convention (which has no 4758 * formal standard) has also been followed for 4759 * COMDAT sections. To demangle the symbol 4760 * name, the name must be separated from the 4761 * section name. 4762 */ 4763 if (((flags & FLG_CTL_DEMANGLE) == 0) || 4764 ((symname = strchr(secname, '%')) == NULL)) 4765 _cache->c_name = secname; 4766 else { 4767 size_t secsz = ++symname - secname; 4768 size_t strsz; 4769 4770 symname = demangle(symname, flags); 4771 strsz = secsz + strlen(symname) + 1; 4772 4773 if ((_cache->c_name = 4774 malloc(strsz)) == NULL) { 4775 int err = errno; 4776 (void) fprintf(stderr, 4777 MSG_INTL(MSG_ERR_MALLOC), 4778 file, strerror(err)); 4779 free(shdr_ndx_arr); 4780 return (0); 4781 } 4782 (void) snprintf(_cache->c_name, strsz, 4783 MSG_ORIG(MSG_FMT_SECSYM), 4784 EC_WORD(secsz), secname, symname); 4785 } 4786 4787 continue; 4788 } 4789 4790 /* 4791 * Generate an error if the section name index is zero 4792 * or exceeds the shstrtab data. Fall through to 4793 * fabricate a section name. 4794 */ 4795 if ((_cache->c_shdr->sh_name == 0) || 4796 /* LINTED */ 4797 (nameshdr->sh_size <= _cache->c_shdr->sh_name)) { 4798 (void) fprintf(stderr, 4799 MSG_INTL(MSG_ERR_BADSHNAME), file, 4800 EC_WORD(ndx), 4801 EC_XWORD(_cache->c_shdr->sh_name)); 4802 } 4803 } 4804 4805 /* 4806 * If there exists no shstrtab data, or a section header has no 4807 * name (an invalid index of 0), then compose a name for the 4808 * section. 4809 */ 4810 (void) snprintf(scnndxnm, sizeof (scnndxnm), 4811 MSG_INTL(MSG_FMT_SCNNDX), ndx); 4812 4813 if ((_cache->c_name = malloc(strlen(scnndxnm) + 1)) == NULL) { 4814 int err = errno; 4815 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4816 file, strerror(err)); 4817 free(shdr_ndx_arr); 4818 return (0); 4819 } 4820 (void) strcpy(_cache->c_name, scnndxnm); 4821 } 4822 4823 /* 4824 * Having collected all the sections, validate their address range. 4825 * Cases have existed where the section information has been invalid. 4826 * This can lead to all sorts of other, hard to diagnose errors, as 4827 * each section is processed individually (ie. with elf_getdata()). 4828 * Here, we carry out some address comparisons to catch a family of 4829 * overlapping memory issues we have observed (likely, there are others 4830 * that we have yet to discover). 4831 * 4832 * Note, should any memory overlap occur, obtaining any additional 4833 * data from the file is questionable. However, it might still be 4834 * possible to inspect the ELF header, Programs headers, or individual 4835 * sections, so rather than bailing on an error condition, continue 4836 * processing to see if any data can be salvaged. 4837 */ 4838 if (shdr_ndx_arr_cnt > 1) { 4839 sort_shdr_ndx_arr_cache = cache; 4840 qsort(shdr_ndx_arr, shdr_ndx_arr_cnt, 4841 sizeof (*shdr_ndx_arr), sort_shdr_ndx_arr); 4842 } 4843 for (ndx = 0; ndx < shdr_ndx_arr_cnt; ndx++) { 4844 Cache *_cache = cache + shdr_ndx_arr[ndx]; 4845 Shdr *shdr = _cache->c_shdr; 4846 Off bgn1, bgn = shdr->sh_offset; 4847 Off end1, end = shdr->sh_offset + shdr->sh_size; 4848 size_t ndx1; 4849 4850 /* 4851 * Check the section against all following ones, reporting 4852 * any overlaps. Since we've sorted the sections by offset, 4853 * we can stop after the first comparison that fails. There 4854 * are no overlaps in a properly formed ELF file, in which 4855 * case this algorithm runs in O(n) time. This will degenerate 4856 * to O(n^2) for a completely broken file. Such a file is 4857 * (1) highly unlikely, and (2) unusable, so it is reasonable 4858 * for the analysis to take longer. 4859 */ 4860 for (ndx1 = ndx + 1; ndx1 < shdr_ndx_arr_cnt; ndx1++) { 4861 Cache *_cache1 = cache + shdr_ndx_arr[ndx1]; 4862 Shdr *shdr1 = _cache1->c_shdr; 4863 4864 bgn1 = shdr1->sh_offset; 4865 end1 = shdr1->sh_offset + shdr1->sh_size; 4866 4867 if (((bgn1 <= bgn) && (end1 > bgn)) || 4868 ((bgn1 < end) && (end1 >= end))) { 4869 (void) fprintf(stderr, 4870 MSG_INTL(MSG_ERR_SECMEMOVER), file, 4871 EC_WORD(elf_ndxscn(_cache->c_scn)), 4872 _cache->c_name, EC_OFF(bgn), EC_OFF(end), 4873 EC_WORD(elf_ndxscn(_cache1->c_scn)), 4874 _cache1->c_name, EC_OFF(bgn1), 4875 EC_OFF(end1)); 4876 } else { /* No overlap, so can stop */ 4877 break; 4878 } 4879 } 4880 4881 /* 4882 * In addition to checking for sections overlapping 4883 * each other (done above), we should also make sure 4884 * the section doesn't overlap the section header array. 4885 */ 4886 bgn1 = ehdr->e_shoff; 4887 end1 = ehdr->e_shoff + (ehdr->e_shentsize * ehdr->e_shnum); 4888 4889 if (((bgn1 <= bgn) && (end1 > bgn)) || 4890 ((bgn1 < end) && (end1 >= end))) { 4891 (void) fprintf(stderr, 4892 MSG_INTL(MSG_ERR_SHDRMEMOVER), file, EC_OFF(bgn1), 4893 EC_OFF(end1), 4894 EC_WORD(elf_ndxscn(_cache->c_scn)), 4895 _cache->c_name, EC_OFF(bgn), EC_OFF(end)); 4896 } 4897 } 4898 4899 /* 4900 * Obtain the data for each section. 4901 */ 4902 for (ndx = 1; ndx < shnum; ndx++) { 4903 Cache *_cache = &cache[ndx]; 4904 Elf_Scn *scn = _cache->c_scn; 4905 4906 if ((_cache->c_data = elf_getdata(scn, NULL)) == NULL) { 4907 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4908 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCNDATA), 4909 EC_WORD(elf_ndxscn(scn))); 4910 } 4911 4912 /* 4913 * If a string table, verify that it has NULL first and 4914 * final bytes. 4915 */ 4916 if ((_cache->c_shdr->sh_type == SHT_STRTAB) && 4917 (_cache->c_data != NULL) && 4918 (_cache->c_data->d_buf != NULL) && 4919 (_cache->c_data->d_size > 0)) { 4920 const char *s = _cache->c_data->d_buf; 4921 4922 if ((*s != '\0') || 4923 (*(s + _cache->c_data->d_size - 1) != '\0')) 4924 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALSTR), 4925 file, _cache->c_name); 4926 } 4927 } 4928 4929 free(shdr_ndx_arr); 4930 return (1); 4931 } 4932 4933 4934 4935 /* 4936 * Generate a cache of section headers and related information 4937 * for use by the rest of elfdump. If requested (or the file 4938 * contains no section headers), we generate a fake set of 4939 * headers from the information accessible from the program headers. 4940 * Otherwise, we use the real section headers contained in the file. 4941 */ 4942 static int 4943 create_cache(const char *file, int fd, Elf *elf, Ehdr *ehdr, Cache **cache, 4944 size_t shstrndx, size_t *shnum, uint_t *flags) 4945 { 4946 /* 4947 * If there are no section headers, then resort to synthesizing 4948 * section headers from the program headers. This is normally 4949 * only done by explicit request, but in this case there's no 4950 * reason not to go ahead, since the alternative is simply to quit. 4951 */ 4952 if ((*shnum <= 1) && ((*flags & FLG_CTL_FAKESHDR) == 0)) { 4953 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHDR), file); 4954 *flags |= FLG_CTL_FAKESHDR; 4955 } 4956 4957 if (*flags & FLG_CTL_FAKESHDR) { 4958 if (fake_shdr_cache(file, fd, elf, ehdr, cache, shnum) == 0) 4959 return (0); 4960 } else { 4961 if (shdr_cache(file, elf, ehdr, shstrndx, *shnum, 4962 cache, *flags) == 0) 4963 return (0); 4964 } 4965 4966 return (1); 4967 } 4968 4969 int 4970 regular(const char *file, int fd, Elf *elf, uint_t flags, 4971 const char *wname, int wfd, uchar_t osabi) 4972 { 4973 enum { CACHE_NEEDED, CACHE_OK, CACHE_FAIL} cache_state = CACHE_NEEDED; 4974 Elf_Scn *scn; 4975 Ehdr *ehdr; 4976 size_t ndx, shstrndx, shnum, phnum; 4977 Shdr *shdr; 4978 Cache *cache; 4979 VERSYM_STATE versym = { 0 }; 4980 int ret = 0; 4981 int addr_align; 4982 4983 if ((ehdr = elf_getehdr(elf)) == NULL) { 4984 failure(file, MSG_ORIG(MSG_ELF_GETEHDR)); 4985 return (ret); 4986 } 4987 4988 if (elf_getshdrnum(elf, &shnum) == -1) { 4989 failure(file, MSG_ORIG(MSG_ELF_GETSHDRNUM)); 4990 return (ret); 4991 } 4992 4993 if (elf_getshdrstrndx(elf, &shstrndx) == -1) { 4994 failure(file, MSG_ORIG(MSG_ELF_GETSHDRSTRNDX)); 4995 return (ret); 4996 } 4997 4998 if (elf_getphdrnum(elf, &phnum) == -1) { 4999 failure(file, MSG_ORIG(MSG_ELF_GETPHDRNUM)); 5000 return (ret); 5001 } 5002 /* 5003 * If the user requested section headers derived from the 5004 * program headers (-P option) and this file doesn't have 5005 * any program headers (i.e. ET_REL), then we can't do it. 5006 */ 5007 if ((phnum == 0) && (flags & FLG_CTL_FAKESHDR)) { 5008 (void) fprintf(stderr, MSG_INTL(MSG_ERR_PNEEDSPH), file); 5009 return (ret); 5010 } 5011 5012 5013 if ((scn = elf_getscn(elf, 0)) != NULL) { 5014 if ((shdr = elf_getshdr(scn)) == NULL) { 5015 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 5016 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 0); 5017 return (ret); 5018 } 5019 } else 5020 shdr = NULL; 5021 5022 /* 5023 * Print the elf header. 5024 */ 5025 if (flags & FLG_SHOW_EHDR) 5026 Elf_ehdr(0, ehdr, shdr); 5027 5028 /* 5029 * If the section headers or program headers have inadequate 5030 * alignment for the class of object, print a warning. libelf 5031 * can handle such files, but programs that use them can crash 5032 * when they dereference unaligned items. 5033 * 5034 * Note that the AMD64 ABI, although it is a 64-bit architecture, 5035 * allows access to data types smaller than 128-bits to be on 5036 * word alignment. 5037 */ 5038 if (ehdr->e_machine == EM_AMD64) 5039 addr_align = sizeof (Word); 5040 else 5041 addr_align = sizeof (Addr); 5042 5043 if (ehdr->e_phoff & (addr_align - 1)) 5044 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADPHDRALIGN), file); 5045 if (ehdr->e_shoff & (addr_align - 1)) 5046 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHDRALIGN), file); 5047 5048 5049 /* 5050 * Determine the Operating System ABI (osabi) we will use to 5051 * interpret the object. 5052 */ 5053 if (flags & FLG_CTL_OSABI) { 5054 /* 5055 * If the user explicitly specifies '-O none', we need 5056 * to display a completely generic view of the file. 5057 * However, libconv is written to assume that ELFOSABI_NONE 5058 * is equivalent to ELFOSABI_SOLARIS. To get the desired 5059 * effect, we use an osabi that libconv has no knowledge of. 5060 */ 5061 if (osabi == ELFOSABI_NONE) 5062 osabi = ELFOSABI_UNKNOWN4; 5063 } else { 5064 /* Determine osabi from file */ 5065 osabi = ehdr->e_ident[EI_OSABI]; 5066 if (osabi == ELFOSABI_NONE) { 5067 /* 5068 * Chicken/Egg scenario: 5069 * 5070 * Ideally, we wait to create the section header cache 5071 * until after the program headers are printed. If we 5072 * only output program headers, we can skip building 5073 * the cache entirely. 5074 * 5075 * Proper interpretation of program headers requires 5076 * the osabi, which is supposed to be in the ELF header. 5077 * However, many systems (Solaris and Linux included) 5078 * have a history of setting the osabi to the generic 5079 * SysV ABI (ELFOSABI_NONE). We assume ELFOSABI_SOLARIS 5080 * in such cases, but would like to check the object 5081 * to see if it has a Linux .note.ABI-tag section, 5082 * which implies ELFOSABI_LINUX. This requires a 5083 * section header cache. 5084 * 5085 * To break the cycle, we create section headers now 5086 * if osabi is ELFOSABI_NONE, and later otherwise. 5087 * If it succeeds, we use them, if not, we defer 5088 * exiting until after the program headers are out. 5089 */ 5090 if (create_cache(file, fd, elf, ehdr, &cache, 5091 shstrndx, &shnum, &flags) == 0) { 5092 cache_state = CACHE_FAIL; 5093 } else { 5094 cache_state = CACHE_OK; 5095 if (has_linux_abi_note(cache, shnum, file)) { 5096 Conv_inv_buf_t ibuf1, ibuf2; 5097 5098 (void) fprintf(stderr, 5099 MSG_INTL(MSG_INFO_LINUXOSABI), file, 5100 conv_ehdr_osabi(osabi, 0, &ibuf1), 5101 conv_ehdr_osabi(ELFOSABI_LINUX, 5102 0, &ibuf2)); 5103 osabi = ELFOSABI_LINUX; 5104 } 5105 } 5106 } 5107 /* 5108 * We treat ELFOSABI_NONE identically to ELFOSABI_SOLARIS. 5109 * Mapping NONE to SOLARIS simplifies the required test. 5110 */ 5111 if (osabi == ELFOSABI_NONE) 5112 osabi = ELFOSABI_SOLARIS; 5113 } 5114 5115 /* 5116 * Print the program headers. 5117 */ 5118 if ((flags & FLG_SHOW_PHDR) && (phnum != 0)) { 5119 Phdr *phdr; 5120 5121 if ((phdr = elf_getphdr(elf)) == NULL) { 5122 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 5123 return (ret); 5124 } 5125 5126 for (ndx = 0; ndx < phnum; phdr++, ndx++) { 5127 if (!match(MATCH_F_PHDR| MATCH_F_NDX | MATCH_F_TYPE, 5128 NULL, ndx, phdr->p_type)) 5129 continue; 5130 5131 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 5132 dbg_print(0, MSG_INTL(MSG_ELF_PHDR), EC_WORD(ndx)); 5133 5134 Elf_phdr(0, osabi, ehdr->e_machine, phdr); 5135 } 5136 } 5137 5138 /* 5139 * If we have flag bits set that explicitly require a show or calc 5140 * operation, but none of them require the section headers, then 5141 * we are done and can return now. 5142 */ 5143 if (((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) != 0) && 5144 ((flags & (FLG_MASK_SHOW_SHDR | FLG_MASK_CALC_SHDR)) == 0)) 5145 return (ret); 5146 5147 /* 5148 * Everything from this point on requires section headers. 5149 * If we have no section headers, there is no reason to continue. 5150 * 5151 * If we tried above to create the section header cache and failed, 5152 * it is time to exit. Otherwise, create it if needed. 5153 */ 5154 switch (cache_state) { 5155 case CACHE_NEEDED: 5156 if (create_cache(file, fd, elf, ehdr, &cache, shstrndx, 5157 &shnum, &flags) == 0) 5158 return (ret); 5159 break; 5160 case CACHE_OK: 5161 break; 5162 case CACHE_FAIL: 5163 return (ret); 5164 } 5165 if (shnum <= 1) 5166 goto done; 5167 5168 /* 5169 * If -w was specified, find and write out the section(s) data. 5170 */ 5171 if (wfd) { 5172 for (ndx = 1; ndx < shnum; ndx++) { 5173 Cache *_cache = &cache[ndx]; 5174 5175 if (match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 5176 ndx, _cache->c_shdr->sh_type) && 5177 _cache->c_data && _cache->c_data->d_buf) { 5178 if (write(wfd, _cache->c_data->d_buf, 5179 _cache->c_data->d_size) != 5180 _cache->c_data->d_size) { 5181 int err = errno; 5182 (void) fprintf(stderr, 5183 MSG_INTL(MSG_ERR_WRITE), wname, 5184 strerror(err)); 5185 /* 5186 * Return an exit status of 1, because 5187 * the failure is not related to the 5188 * ELF file, but by system resources. 5189 */ 5190 ret = 1; 5191 goto done; 5192 } 5193 } 5194 } 5195 } 5196 5197 /* 5198 * If we have no flag bits set that explicitly require a show or calc 5199 * operation, but match options (-I, -N, -T) were used, then run 5200 * through the section headers and see if we can't deduce show flags 5201 * from the match options given. 5202 * 5203 * We don't do this if -w was specified, because (-I, -N, -T) used 5204 * with -w in lieu of some other option is supposed to be quiet. 5205 */ 5206 if ((wfd == 0) && (flags & FLG_CTL_MATCH) && 5207 ((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) == 0)) { 5208 for (ndx = 1; ndx < shnum; ndx++) { 5209 Cache *_cache = &cache[ndx]; 5210 5211 if (!match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 5212 ndx, _cache->c_shdr->sh_type)) 5213 continue; 5214 5215 switch (_cache->c_shdr->sh_type) { 5216 case SHT_PROGBITS: 5217 /* 5218 * Heuristic time: It is usually bad form 5219 * to assume the meaning/format of a PROGBITS 5220 * section based on its name. However, there 5221 * are ABI mandated exceptions. Check for 5222 * these special names. 5223 */ 5224 5225 /* The ELF ABI specifies .interp and .got */ 5226 if (strcmp(_cache->c_name, 5227 MSG_ORIG(MSG_ELF_INTERP)) == 0) { 5228 flags |= FLG_SHOW_INTERP; 5229 break; 5230 } 5231 if (strcmp(_cache->c_name, 5232 MSG_ORIG(MSG_ELF_GOT)) == 0) { 5233 flags |= FLG_SHOW_GOT; 5234 break; 5235 } 5236 /* 5237 * The GNU compilers, and amd64 ABI, define 5238 * .eh_frame and .eh_frame_hdr. The Sun 5239 * C++ ABI defines .exception_ranges. 5240 */ 5241 if ((strncmp(_cache->c_name, 5242 MSG_ORIG(MSG_SCN_FRM), 5243 MSG_SCN_FRM_SIZE) == 0) || 5244 (strncmp(_cache->c_name, 5245 MSG_ORIG(MSG_SCN_EXRANGE), 5246 MSG_SCN_EXRANGE_SIZE) == 0)) { 5247 flags |= FLG_SHOW_UNWIND; 5248 break; 5249 } 5250 break; 5251 5252 case SHT_SYMTAB: 5253 case SHT_DYNSYM: 5254 case SHT_SUNW_LDYNSYM: 5255 case SHT_SUNW_versym: 5256 case SHT_SYMTAB_SHNDX: 5257 flags |= FLG_SHOW_SYMBOLS; 5258 break; 5259 5260 case SHT_RELA: 5261 case SHT_REL: 5262 flags |= FLG_SHOW_RELOC; 5263 break; 5264 5265 case SHT_HASH: 5266 flags |= FLG_SHOW_HASH; 5267 break; 5268 5269 case SHT_DYNAMIC: 5270 flags |= FLG_SHOW_DYNAMIC; 5271 break; 5272 5273 case SHT_NOTE: 5274 flags |= FLG_SHOW_NOTE; 5275 break; 5276 5277 case SHT_GROUP: 5278 flags |= FLG_SHOW_GROUP; 5279 break; 5280 5281 case SHT_SUNW_symsort: 5282 case SHT_SUNW_tlssort: 5283 flags |= FLG_SHOW_SORT; 5284 break; 5285 5286 case SHT_SUNW_cap: 5287 flags |= FLG_SHOW_CAP; 5288 break; 5289 5290 case SHT_SUNW_move: 5291 flags |= FLG_SHOW_MOVE; 5292 break; 5293 5294 case SHT_SUNW_syminfo: 5295 flags |= FLG_SHOW_SYMINFO; 5296 break; 5297 5298 case SHT_SUNW_verdef: 5299 case SHT_SUNW_verneed: 5300 flags |= FLG_SHOW_VERSIONS; 5301 break; 5302 5303 case SHT_AMD64_UNWIND: 5304 flags |= FLG_SHOW_UNWIND; 5305 break; 5306 } 5307 } 5308 } 5309 5310 5311 if (flags & FLG_SHOW_SHDR) 5312 sections(file, cache, shnum, ehdr, osabi); 5313 5314 if (flags & FLG_SHOW_INTERP) 5315 interp(file, cache, shnum, phnum, elf, ehdr); 5316 5317 if ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX)) 5318 versions(cache, shnum, file, flags, &versym); 5319 5320 if (flags & FLG_SHOW_SYMBOLS) 5321 symbols(cache, shnum, ehdr, osabi, &versym, file, flags); 5322 5323 if ((flags & FLG_SHOW_SORT) && (osabi == ELFOSABI_SOLARIS)) 5324 sunw_sort(cache, shnum, ehdr, osabi, &versym, file, flags); 5325 5326 if (flags & FLG_SHOW_HASH) 5327 hash(cache, shnum, file, flags); 5328 5329 if (flags & FLG_SHOW_GOT) 5330 got(cache, shnum, ehdr, file); 5331 5332 if (flags & FLG_SHOW_GROUP) 5333 group(cache, shnum, file, flags); 5334 5335 if (flags & FLG_SHOW_SYMINFO) 5336 syminfo(cache, shnum, ehdr, osabi, file); 5337 5338 if (flags & FLG_SHOW_RELOC) 5339 reloc(cache, shnum, ehdr, file); 5340 5341 if (flags & FLG_SHOW_DYNAMIC) 5342 dynamic(cache, shnum, ehdr, osabi, file, phnum, elf); 5343 5344 if (flags & FLG_SHOW_NOTE) { 5345 Word note_cnt; 5346 size_t note_shnum; 5347 Cache *note_cache; 5348 5349 note_cnt = note(cache, shnum, ehdr, file); 5350 5351 /* 5352 * Solaris core files have section headers, but these 5353 * headers do not include SHT_NOTE sections that reference 5354 * the core note sections. This means that note() won't 5355 * find the core notes. Fake section headers (-P option) 5356 * recover these sections, but it is inconvenient to require 5357 * users to specify -P in this situation. If the following 5358 * are all true: 5359 * 5360 * - No note sections were found 5361 * - This is a core file 5362 * - We are not already using fake section headers 5363 * 5364 * then we will automatically generate fake section headers 5365 * and then process them in a second call to note(). 5366 */ 5367 if ((note_cnt == 0) && (ehdr->e_type == ET_CORE) && 5368 !(flags & FLG_CTL_FAKESHDR) && 5369 (fake_shdr_cache(file, fd, elf, ehdr, 5370 ¬e_cache, ¬e_shnum) != 0)) { 5371 (void) note(note_cache, note_shnum, ehdr, file); 5372 fake_shdr_cache_free(note_cache, note_shnum); 5373 } 5374 } 5375 5376 if ((flags & FLG_SHOW_MOVE) && (osabi == ELFOSABI_SOLARIS)) 5377 move(cache, shnum, file, flags); 5378 5379 if (flags & FLG_CALC_CHECKSUM) 5380 checksum(elf); 5381 5382 if ((flags & FLG_SHOW_CAP) && (osabi == ELFOSABI_SOLARIS)) 5383 cap(file, cache, shnum, phnum, ehdr, osabi, elf, flags); 5384 5385 if ((flags & FLG_SHOW_UNWIND) && 5386 ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX))) 5387 unwind(cache, shnum, phnum, ehdr, osabi, file, elf, flags); 5388 5389 5390 /* Release the memory used to cache section headers */ 5391 done: 5392 if (flags & FLG_CTL_FAKESHDR) 5393 fake_shdr_cache_free(cache, shnum); 5394 else 5395 free(cache); 5396 5397 return (ret); 5398 } 5399