1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 2015, Joyent, Inc. All rights reserved. 29 */ 30 31 /* 32 * Dump an elf file. 33 */ 34 #include <stddef.h> 35 #include <sys/elf_386.h> 36 #include <sys/elf_amd64.h> 37 #include <sys/elf_SPARC.h> 38 #include <_libelf.h> 39 #include <dwarf.h> 40 #include <stdio.h> 41 #include <unistd.h> 42 #include <errno.h> 43 #include <strings.h> 44 #include <debug.h> 45 #include <conv.h> 46 #include <msg.h> 47 #include <_elfdump.h> 48 49 50 /* 51 * VERSYM_STATE is used to maintain information about the VERSYM section 52 * in the object being analyzed. It is filled in by versions(), and used 53 * by init_symtbl_state() when displaying symbol information. 54 * 55 * There are three forms of symbol versioning known to us: 56 * 57 * 1) The original form, introduced with Solaris 2.5, in which 58 * the Versym contains indexes to Verdef records, and the 59 * Versym values for UNDEF symbols resolved by other objects 60 * are all set to 0. 61 * 2) The GNU form, which is backward compatible with the original 62 * Solaris form, but which adds several extensions: 63 * - The Versym also contains indexes to Verneed records, recording 64 * which object/version contributed the external symbol at 65 * link time. These indexes start with the next value following 66 * the final Verdef index. The index is written to the previously 67 * reserved vna_other field of the ELF Vernaux structure. 68 * - The top bit of the Versym value is no longer part of the index, 69 * but is used as a "hidden bit" to prevent binding to the symbol. 70 * - Multiple implementations of a given symbol, contained in varying 71 * versions are allowed, using special assembler pseudo ops, 72 * and encoded in the symbol name using '@' characters. 73 * 3) Modified Solaris form, in which we adopt the first GNU extension 74 * (Versym indexes to Verneed records), but not the others. 75 * 76 * elfdump can handle any of these cases. The presence of a DT_VERSYM 77 * dynamic element indicates a full GNU object. An object that lacks 78 * a DT_VERSYM entry, but which has non-zero vna_other fields in the Vernaux 79 * structures is a modified Solaris object. An object that has neither of 80 * these uses the original form. 81 * 82 * max_verndx contains the largest version index that can appear 83 * in a Versym entry. This can never be less than 1: In the case where 84 * there is no verdef/verneed sections, the [0] index is reserved 85 * for local symbols, and the [1] index for globals. If the original 86 * Solaris versioning rules are in effect and there is a verdef section, 87 * then max_verndex is the number of defined versions. If one of the 88 * other versioning forms is in effect, then: 89 * 1) If there is no verneed section, it is the same as for 90 * original Solaris versioning. 91 * 2) If there is a verneed section, the vna_other field of the 92 * Vernaux structs contain versions, and max_verndx is the 93 * largest such index. 94 * 95 * If gnu_full is True, the object uses the full GNU form of versioning. 96 * The value of the gnu_full field is based on the presence of 97 * a DT_VERSYM entry in the dynamic section: GNU ld produces these, and 98 * Solaris ld does not. 99 * 100 * The gnu_needed field is True if the Versym contains indexes to 101 * Verneed records, as indicated by non-zero vna_other fields in the Verneed 102 * section. If gnu_full is True, then gnu_needed will always be true. 103 * However, gnu_needed can be true without gnu_full. This is the modified 104 * Solaris form. 105 */ 106 typedef struct { 107 Cache *cache; /* Pointer to cache entry for VERSYM */ 108 Versym *data; /* Pointer to versym array */ 109 int gnu_full; /* True if object uses GNU versioning rules */ 110 int gnu_needed; /* True if object uses VERSYM indexes for */ 111 /* VERNEED (subset of gnu_full) */ 112 int max_verndx; /* largest versym index value */ 113 } VERSYM_STATE; 114 115 /* 116 * SYMTBL_STATE is used to maintain information about a single symbol 117 * table section, for use by the routines that display symbol information. 118 */ 119 typedef struct { 120 const char *file; /* Name of file */ 121 Ehdr *ehdr; /* ELF header for file */ 122 Cache *cache; /* Cache of all section headers */ 123 uchar_t osabi; /* OSABI to use */ 124 Word shnum; /* # of sections in cache */ 125 Cache *seccache; /* Cache of symbol table section hdr */ 126 Word secndx; /* Index of symbol table section hdr */ 127 const char *secname; /* Name of section */ 128 uint_t flags; /* Command line option flags */ 129 struct { /* Extended section index data */ 130 int checked; /* TRUE if already checked for shxndx */ 131 Word *data; /* NULL, or extended section index */ 132 /* used for symbol table entries */ 133 uint_t n; /* # items in shxndx.data */ 134 } shxndx; 135 VERSYM_STATE *versym; /* NULL, or associated VERSYM section */ 136 Sym *sym; /* Array of symbols */ 137 Word symn; /* # of symbols */ 138 } SYMTBL_STATE; 139 140 /* 141 * A variable of this type is used to track information related to 142 * .eh_frame and .eh_frame_hdr sections across calls to unwind_eh_frame(). 143 */ 144 typedef struct { 145 Word frame_cnt; /* # .eh_frame sections seen */ 146 Word frame_ndx; /* Section index of 1st .eh_frame */ 147 Word hdr_cnt; /* # .eh_frame_hdr sections seen */ 148 Word hdr_ndx; /* Section index of 1st .eh_frame_hdr */ 149 uint64_t frame_ptr; /* Value of FramePtr field from first */ 150 /* .eh_frame_hdr section */ 151 uint64_t frame_base; /* Data addr of 1st .eh_frame */ 152 } gnu_eh_state_t; 153 154 /* 155 * C++ .exception_ranges entries make use of the signed ptrdiff_t 156 * type to record self-relative pointer values. We need a type 157 * for this that is matched to the ELFCLASS being processed. 158 */ 159 #if defined(_ELF64) 160 typedef int64_t PTRDIFF_T; 161 #else 162 typedef int32_t PTRDIFF_T; 163 #endif 164 165 /* 166 * The Sun C++ ABI uses this struct to define each .exception_ranges 167 * entry. From the ABI: 168 * 169 * The field ret_addr is a self relative pointer to the start of the address 170 * range. The name was chosen because in the current implementation the range 171 * typically starts at the return address for a call site. 172 * 173 * The field length is the difference, in bytes, between the pc of the last 174 * instruction covered by the exception range and the first. When only a 175 * single call site is represented without optimization, this will equal zero. 176 * 177 * The field handler_addr is a relative pointer which stores the difference 178 * between the start of the exception range and the address of all code to 179 * catch exceptions and perform the cleanup for stack unwinding. 180 * 181 * The field type_block is a relative pointer which stores the difference 182 * between the start of the exception range and the address of an array used 183 * for storing a list of the types of exceptions which can be caught within 184 * the exception range. 185 */ 186 typedef struct { 187 PTRDIFF_T ret_addr; 188 Xword length; 189 PTRDIFF_T handler_addr; 190 PTRDIFF_T type_block; 191 Xword reserved; 192 } exception_range_entry; 193 194 /* 195 * Focal point for verifying symbol names. 196 */ 197 static const char * 198 string(Cache *refsec, Word ndx, Cache *strsec, const char *file, Word name) 199 { 200 /* 201 * If an error in this routine is due to a property of the string 202 * section, as opposed to a bad offset into the section (a property of 203 * the referencing section), then we will detect the same error on 204 * every call involving those sections. We use these static variables 205 * to retain the information needed to only issue each such error once. 206 */ 207 static Cache *last_refsec; /* Last referencing section seen */ 208 static int strsec_err; /* True if error issued */ 209 210 const char *strs; 211 Word strn; 212 213 if ((strsec->c_data == NULL) || (strsec->c_data->d_buf == NULL)) 214 return (NULL); 215 216 strs = (char *)strsec->c_data->d_buf; 217 strn = strsec->c_data->d_size; 218 219 /* 220 * We only print a diagnostic regarding a bad string table once per 221 * input section being processed. If the refsec has changed, reset 222 * our retained error state. 223 */ 224 if (last_refsec != refsec) { 225 last_refsec = refsec; 226 strsec_err = 0; 227 } 228 229 /* Verify that strsec really is a string table */ 230 if (strsec->c_shdr->sh_type != SHT_STRTAB) { 231 if (!strsec_err) { 232 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOTSTRTAB), 233 file, strsec->c_ndx, refsec->c_ndx); 234 strsec_err = 1; 235 } 236 return (MSG_INTL(MSG_STR_UNKNOWN)); 237 } 238 239 /* 240 * Is the string table offset within range of the available strings? 241 */ 242 if (name >= strn) { 243 /* 244 * Do we have a empty string table? 245 */ 246 if (strs == NULL) { 247 if (!strsec_err) { 248 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 249 file, strsec->c_name); 250 strsec_err = 1; 251 } 252 } else { 253 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSTOFF), 254 file, refsec->c_name, EC_WORD(ndx), strsec->c_name, 255 EC_WORD(name), EC_WORD(strn - 1)); 256 } 257 258 /* 259 * Return the empty string so that the calling function can 260 * continue it's output diagnostics. 261 */ 262 return (MSG_INTL(MSG_STR_UNKNOWN)); 263 } 264 return (strs + name); 265 } 266 267 /* 268 * Relocations can reference section symbols and standard symbols. If the 269 * former, establish the section name. 270 */ 271 static const char * 272 relsymname(Cache *cache, Cache *csec, Cache *strsec, Word symndx, Word symnum, 273 Word relndx, Sym *syms, char *secstr, size_t secsz, const char *file) 274 { 275 Sym *sym; 276 const char *name; 277 278 if (symndx >= symnum) { 279 (void) fprintf(stderr, MSG_INTL(MSG_ERR_RELBADSYMNDX), 280 file, EC_WORD(symndx), EC_WORD(relndx)); 281 return (MSG_INTL(MSG_STR_UNKNOWN)); 282 } 283 284 sym = (Sym *)(syms + symndx); 285 name = string(csec, symndx, strsec, file, sym->st_name); 286 287 /* 288 * If the symbol represents a section offset construct an appropriate 289 * string. Note, although section symbol table entries typically have 290 * a NULL name pointer, entries do exist that point into the string 291 * table to their own NULL strings. 292 */ 293 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION) && 294 ((sym->st_name == 0) || (*name == '\0'))) { 295 (void) snprintf(secstr, secsz, MSG_INTL(MSG_STR_SECTION), 296 cache[sym->st_shndx].c_name); 297 return ((const char *)secstr); 298 } 299 300 return (name); 301 } 302 303 /* 304 * Focal point for establishing a string table section. Data such as the 305 * dynamic information simply points to a string table. Data such as 306 * relocations, reference a symbol table, which in turn is associated with a 307 * string table. 308 */ 309 static int 310 stringtbl(Cache *cache, int symtab, Word ndx, Word shnum, const char *file, 311 Word *symnum, Cache **symsec, Cache **strsec) 312 { 313 Shdr *shdr = cache[ndx].c_shdr; 314 315 /* 316 * If symtab is non-zero, the ndx we are called with represents a 317 * shdr which links to a symbol table (which then links to a string 318 * table) 319 */ 320 if (symtab != 0) { 321 /* 322 * Validate the symbol table linkage. 323 */ 324 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 325 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 326 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 327 return (0); 328 } 329 330 /* 331 * Establish the symbol table index. 332 */ 333 ndx = shdr->sh_link; 334 shdr = cache[ndx].c_shdr; 335 336 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 337 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 338 file, cache[ndx].c_name); 339 return (0); 340 } 341 342 /* 343 * Obtain, and verify the symbol table data. 344 */ 345 if ((cache[ndx].c_data == NULL) || 346 (cache[ndx].c_data->d_buf == NULL)) { 347 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 348 file, cache[ndx].c_name); 349 return (0); 350 } 351 352 /* 353 * Return symbol table information. 354 */ 355 if (symnum) 356 *symnum = (shdr->sh_size / shdr->sh_entsize); 357 if (symsec) 358 *symsec = &cache[ndx]; 359 } 360 361 /* 362 * Validate the string table linkage. 363 */ 364 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 365 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 366 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 367 return (0); 368 } 369 370 if (strsec) 371 *strsec = &cache[shdr->sh_link]; 372 373 return (1); 374 } 375 376 /* 377 * Lookup a symbol and set Sym accordingly. 378 * 379 * entry: 380 * name - Name of symbol to lookup 381 * cache - Cache of all section headers 382 * shnum - # of sections in cache 383 * sym - Address of pointer to receive symbol 384 * target - NULL, or section to which the symbol must be associated. 385 * symtab - Symbol table to search for symbol 386 * file - Name of file 387 * 388 * exit: 389 * If the symbol is found, *sym is set to reference it, and True is 390 * returned. If target is non-NULL, the symbol must reference the given 391 * section --- otherwise the section is not checked. 392 * 393 * If no symbol is found, False is returned. 394 */ 395 static int 396 symlookup(const char *name, Cache *cache, Word shnum, Sym **sym, 397 Cache *target, Cache *symtab, const char *file) 398 { 399 Shdr *shdr; 400 Word symn, cnt; 401 Sym *syms; 402 403 if (symtab == 0) 404 return (0); 405 406 shdr = symtab->c_shdr; 407 408 /* 409 * Determine the symbol data and number. 410 */ 411 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 412 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 413 file, symtab->c_name); 414 return (0); 415 } 416 if ((symtab->c_data == NULL) || (symtab->c_data->d_buf == NULL)) 417 return (0); 418 419 /* LINTED */ 420 symn = (Word)(shdr->sh_size / shdr->sh_entsize); 421 syms = (Sym *)symtab->c_data->d_buf; 422 423 /* 424 * Get the associated string table section. 425 */ 426 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 427 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 428 file, symtab->c_name, EC_WORD(shdr->sh_link)); 429 return (0); 430 } 431 432 /* 433 * Loop through the symbol table to find a match. 434 */ 435 *sym = NULL; 436 for (cnt = 0; cnt < symn; syms++, cnt++) { 437 const char *symname; 438 439 symname = string(symtab, cnt, &cache[shdr->sh_link], file, 440 syms->st_name); 441 442 if (symname && (strcmp(name, symname) == 0) && 443 ((target == NULL) || (target->c_ndx == syms->st_shndx))) { 444 /* 445 * It is possible, though rare, for a local and 446 * global symbol of the same name to exist, each 447 * contributed by a different input object. If the 448 * symbol just found is local, remember it, but 449 * continue looking. 450 */ 451 *sym = syms; 452 if (ELF_ST_BIND(syms->st_info) != STB_LOCAL) 453 break; 454 } 455 } 456 457 return (*sym != NULL); 458 } 459 460 /* 461 * Print section headers. 462 */ 463 static void 464 sections(const char *file, Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi) 465 { 466 size_t seccnt; 467 468 for (seccnt = 1; seccnt < shnum; seccnt++) { 469 Cache *_cache = &cache[seccnt]; 470 Shdr *shdr = _cache->c_shdr; 471 const char *secname = _cache->c_name; 472 473 /* 474 * Although numerous section header entries can be zero, it's 475 * usually a sign of trouble if the type is zero. 476 */ 477 if (shdr->sh_type == 0) { 478 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHTYPE), 479 file, secname, EC_WORD(shdr->sh_type)); 480 } 481 482 if (!match(MATCH_F_ALL, secname, seccnt, shdr->sh_type)) 483 continue; 484 485 /* 486 * Identify any sections that are suspicious. A .got section 487 * shouldn't exist in a relocatable object. 488 */ 489 if (ehdr->e_type == ET_REL) { 490 if (strncmp(secname, MSG_ORIG(MSG_ELF_GOT), 491 MSG_ELF_GOT_SIZE) == 0) { 492 (void) fprintf(stderr, 493 MSG_INTL(MSG_GOT_UNEXPECTED), file, 494 secname); 495 } 496 } 497 498 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 499 dbg_print(0, MSG_INTL(MSG_ELF_SHDR), EC_WORD(seccnt), secname); 500 Elf_shdr(0, osabi, ehdr->e_machine, shdr); 501 } 502 } 503 504 /* 505 * Obtain a specified Phdr entry. 506 */ 507 static Phdr * 508 getphdr(Word phnum, Word *type_arr, Word type_cnt, const char *file, Elf *elf) 509 { 510 Word cnt, tcnt; 511 Phdr *phdr; 512 513 if ((phdr = elf_getphdr(elf)) == NULL) { 514 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 515 return (NULL); 516 } 517 518 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 519 for (tcnt = 0; tcnt < type_cnt; tcnt++) { 520 if (phdr->p_type == type_arr[tcnt]) 521 return (phdr); 522 } 523 } 524 return (NULL); 525 } 526 527 /* 528 * Display the contents of GNU/amd64 .eh_frame and .eh_frame_hdr 529 * sections. 530 * 531 * entry: 532 * cache - Cache of all section headers 533 * shndx - Index of .eh_frame or .eh_frame_hdr section to be displayed 534 * shnum - Total number of sections which exist 535 * uphdr - NULL, or unwind program header associated with 536 * the .eh_frame_hdr section. 537 * ehdr - ELF header for file 538 * eh_state - Data used across calls to this routine. The 539 * caller should zero it before the first call, and 540 * pass it on every call. 541 * osabi - OSABI to use in displaying information 542 * file - Name of file 543 * flags - Command line option flags 544 */ 545 static void 546 unwind_eh_frame(Cache *cache, Word shndx, Word shnum, Phdr *uphdr, Ehdr *ehdr, 547 gnu_eh_state_t *eh_state, uchar_t osabi, const char *file, uint_t flags) 548 { 549 #if defined(_ELF64) 550 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_64 551 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_64 552 #else 553 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_32 554 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_32 555 #endif 556 557 Cache *_cache = &cache[shndx]; 558 Shdr *shdr = _cache->c_shdr; 559 uchar_t *data = (uchar_t *)(_cache->c_data->d_buf); 560 size_t datasize = _cache->c_data->d_size; 561 Conv_dwarf_ehe_buf_t dwarf_ehe_buf; 562 uint64_t ndx, frame_ptr, fde_cnt, tabndx; 563 uint_t vers, frame_ptr_enc, fde_cnt_enc, table_enc; 564 uint64_t initloc, initloc0 = 0; 565 uint64_t gotaddr = 0; 566 int cnt; 567 568 for (cnt = 1; cnt < shnum; cnt++) { 569 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 570 MSG_ELF_GOT_SIZE) == 0) { 571 gotaddr = cache[cnt].c_shdr->sh_addr; 572 break; 573 } 574 } 575 576 if ((data == NULL) || (datasize == 0)) { 577 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 578 file, _cache ->c_name); 579 return; 580 } 581 582 /* 583 * Is this a .eh_frame_hdr? 584 */ 585 if ((uphdr && (shdr->sh_addr == uphdr->p_vaddr)) || 586 (strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRMHDR), 587 MSG_SCN_FRMHDR_SIZE) == 0)) { 588 /* 589 * There can only be a single .eh_frame_hdr. 590 * Flag duplicates. 591 */ 592 if (++eh_state->hdr_cnt > 1) 593 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTEHFRMHDR), 594 file, EC_WORD(shndx), _cache->c_name); 595 596 dbg_print(0, MSG_ORIG(MSG_UNW_FRMHDR)); 597 ndx = 0; 598 599 vers = data[ndx++]; 600 frame_ptr_enc = data[ndx++]; 601 fde_cnt_enc = data[ndx++]; 602 table_enc = data[ndx++]; 603 604 dbg_print(0, MSG_ORIG(MSG_UNW_FRMVERS), vers); 605 606 switch (dwarf_ehe_extract(data, datasize, &ndx, 607 &frame_ptr, frame_ptr_enc, ehdr->e_ident, B_TRUE, 608 shdr->sh_addr, ndx, gotaddr)) { 609 case DW_OVERFLOW: 610 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW), 611 file, _cache->c_name); 612 return; 613 case DW_BAD_ENCODING: 614 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC), 615 file, _cache->c_name, frame_ptr_enc); 616 return; 617 case DW_SUCCESS: 618 break; 619 } 620 if (eh_state->hdr_cnt == 1) { 621 eh_state->hdr_ndx = shndx; 622 eh_state->frame_ptr = frame_ptr; 623 } 624 625 dbg_print(0, MSG_ORIG(MSG_UNW_FRPTRENC), 626 conv_dwarf_ehe(frame_ptr_enc, &dwarf_ehe_buf), 627 EC_XWORD(frame_ptr)); 628 629 switch (dwarf_ehe_extract(data, datasize, &ndx, &fde_cnt, 630 fde_cnt_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr, ndx, 631 gotaddr)) { 632 case DW_OVERFLOW: 633 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWOVRFLW), 634 file, _cache->c_name); 635 return; 636 case DW_BAD_ENCODING: 637 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DWBADENC), 638 file, _cache->c_name, fde_cnt_enc); 639 return; 640 case DW_SUCCESS: 641 break; 642 } 643 644 dbg_print(0, MSG_ORIG(MSG_UNW_FDCNENC), 645 conv_dwarf_ehe(fde_cnt_enc, &dwarf_ehe_buf), 646 EC_XWORD(fde_cnt)); 647 dbg_print(0, MSG_ORIG(MSG_UNW_TABENC), 648 conv_dwarf_ehe(table_enc, &dwarf_ehe_buf)); 649 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB1)); 650 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB2)); 651 652 for (tabndx = 0; tabndx < fde_cnt; tabndx++) { 653 uint64_t table; 654 655 switch (dwarf_ehe_extract(data, datasize, &ndx, 656 &initloc, table_enc, ehdr->e_ident, B_TRUE, 657 shdr->sh_addr, ndx, gotaddr)) { 658 case DW_OVERFLOW: 659 (void) fprintf(stderr, 660 MSG_INTL(MSG_ERR_DWOVRFLW), file, 661 _cache->c_name); 662 return; 663 case DW_BAD_ENCODING: 664 (void) fprintf(stderr, 665 MSG_INTL(MSG_ERR_DWBADENC), file, 666 _cache->c_name, table_enc); 667 return; 668 case DW_SUCCESS: 669 break; 670 } 671 if ((tabndx != 0) && (initloc0 > initloc)) 672 (void) fprintf(stderr, 673 MSG_INTL(MSG_ERR_BADSORT), file, 674 _cache->c_name, EC_WORD(tabndx)); 675 switch (dwarf_ehe_extract(data, datasize, &ndx, &table, 676 table_enc, ehdr->e_ident, B_TRUE, shdr->sh_addr, 677 ndx, gotaddr)) { 678 case DW_OVERFLOW: 679 (void) fprintf(stderr, 680 MSG_INTL(MSG_ERR_DWOVRFLW), file, 681 _cache->c_name); 682 return; 683 case DW_BAD_ENCODING: 684 (void) fprintf(stderr, 685 MSG_INTL(MSG_ERR_DWBADENC), file, 686 _cache->c_name, table_enc); 687 return; 688 case DW_SUCCESS: 689 break; 690 } 691 692 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTABENT), 693 EC_XWORD(initloc), 694 EC_XWORD(table)); 695 initloc0 = initloc; 696 } 697 } else { /* Display the .eh_frame section */ 698 eh_state->frame_cnt++; 699 if (eh_state->frame_cnt == 1) { 700 eh_state->frame_ndx = shndx; 701 eh_state->frame_base = shdr->sh_addr; 702 } else if ((eh_state->frame_cnt > 1) && 703 (ehdr->e_type != ET_REL)) { 704 Conv_inv_buf_t inv_buf; 705 706 (void) fprintf(stderr, MSG_INTL(MSG_WARN_MULTEHFRM), 707 file, EC_WORD(shndx), _cache->c_name, 708 conv_ehdr_type(osabi, ehdr->e_type, 0, &inv_buf)); 709 } 710 dump_eh_frame(file, _cache->c_name, data, datasize, 711 shdr->sh_addr, ehdr->e_machine, ehdr->e_ident, gotaddr); 712 } 713 714 /* 715 * If we've seen the .eh_frame_hdr and the first .eh_frame section, 716 * compare the header frame_ptr to the address of the actual frame 717 * section to ensure the link-editor got this right. Note, this 718 * diagnostic is only produced when unwind information is explicitly 719 * asked for, as shared objects built with an older ld(1) may reveal 720 * this inconsistency. Although an inconsistency, it doesn't seem to 721 * have any adverse effect on existing tools. 722 */ 723 if (((flags & FLG_MASK_SHOW) != FLG_MASK_SHOW) && 724 (eh_state->hdr_cnt > 0) && (eh_state->frame_cnt > 0) && 725 (eh_state->frame_ptr != eh_state->frame_base)) 726 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADEHFRMPTR), 727 file, EC_WORD(eh_state->hdr_ndx), 728 cache[eh_state->hdr_ndx].c_name, 729 EC_XWORD(eh_state->frame_ptr), 730 EC_WORD(eh_state->frame_ndx), 731 cache[eh_state->frame_ndx].c_name, 732 EC_XWORD(eh_state->frame_base)); 733 #undef MSG_UNW_BINSRTAB2 734 #undef MSG_UNW_BINSRTABENT 735 } 736 737 /* 738 * Convert a self relative pointer into an address. A self relative 739 * pointer adds the address where the pointer resides to the offset 740 * contained in the pointer. The benefit is that the value of the 741 * pointer does not require relocation. 742 * 743 * entry: 744 * base_addr - Address of the pointer. 745 * delta - Offset relative to base_addr giving desired address 746 * 747 * exit: 748 * The computed address is returned. 749 * 750 * note: 751 * base_addr is an unsigned value, while ret_addr is signed. This routine 752 * used explicit testing and casting to explicitly control type 753 * conversion, and ensure that we handle the maximum possible range. 754 */ 755 static Addr 756 srelptr(Addr base_addr, PTRDIFF_T delta) 757 { 758 if (delta < 0) 759 return (base_addr - (Addr) (-delta)); 760 761 return (base_addr + (Addr) delta); 762 } 763 764 /* 765 * Byte swap a PTRDIFF_T value. 766 */ 767 static PTRDIFF_T 768 swap_ptrdiff(PTRDIFF_T value) 769 { 770 PTRDIFF_T r; 771 uchar_t *dst = (uchar_t *)&r; 772 uchar_t *src = (uchar_t *)&value; 773 774 UL_ASSIGN_BSWAP_XWORD(dst, src); 775 return (r); 776 } 777 778 /* 779 * Display exception_range_entry items from the .exception_ranges section 780 * of a Sun C++ object. 781 */ 782 static void 783 unwind_exception_ranges(Cache *_cache, const char *file, int do_swap) 784 { 785 /* 786 * Translate a PTRDIFF_T self-relative address field of 787 * an exception_range_entry struct into an address. 788 * 789 * entry: 790 * exc_addr - Address of base of exception_range_entry struct 791 * cur_ent - Pointer to data in the struct to be translated 792 * 793 * _f - Field of struct to be translated 794 */ 795 #define SRELPTR(_f) \ 796 srelptr(exc_addr + offsetof(exception_range_entry, _f), cur_ent->_f) 797 798 #if defined(_ELF64) 799 #define MSG_EXR_TITLE MSG_EXR_TITLE_64 800 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_64 801 #else 802 #define MSG_EXR_TITLE MSG_EXR_TITLE_32 803 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_32 804 #endif 805 806 exception_range_entry scratch, *ent, *cur_ent = &scratch; 807 char index[MAXNDXSIZE]; 808 Word i, nelts; 809 Addr addr, addr0 = 0, offset = 0; 810 Addr exc_addr = _cache->c_shdr->sh_addr; 811 812 dbg_print(0, MSG_INTL(MSG_EXR_TITLE)); 813 ent = (exception_range_entry *)(_cache->c_data->d_buf); 814 nelts = _cache->c_data->d_size / sizeof (exception_range_entry); 815 816 for (i = 0; i < nelts; i++, ent++) { 817 if (do_swap) { 818 /* 819 * Copy byte swapped values into the scratch buffer. 820 * The reserved field is not used, so we skip it. 821 */ 822 scratch.ret_addr = swap_ptrdiff(ent->ret_addr); 823 scratch.length = BSWAP_XWORD(ent->length); 824 scratch.handler_addr = swap_ptrdiff(ent->handler_addr); 825 scratch.type_block = swap_ptrdiff(ent->type_block); 826 } else { 827 cur_ent = ent; 828 } 829 830 /* 831 * The table is required to be sorted by the address 832 * derived from ret_addr, to allow binary searching. Ensure 833 * that addresses grow monotonically. 834 */ 835 addr = SRELPTR(ret_addr); 836 if ((i != 0) && (addr0 > addr)) 837 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSORT), 838 file, _cache->c_name, EC_WORD(i)); 839 840 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 841 EC_XWORD(i)); 842 dbg_print(0, MSG_INTL(MSG_EXR_ENTRY), index, EC_ADDR(offset), 843 EC_ADDR(addr), EC_ADDR(cur_ent->length), 844 EC_ADDR(SRELPTR(handler_addr)), 845 EC_ADDR(SRELPTR(type_block))); 846 847 addr0 = addr; 848 exc_addr += sizeof (exception_range_entry); 849 offset += sizeof (exception_range_entry); 850 } 851 852 #undef SRELPTR 853 #undef MSG_EXR_TITLE 854 #undef MSG_EXR_ENTRY 855 } 856 857 /* 858 * Display information from unwind/exception sections: 859 * 860 * - GNU/amd64 .eh_frame and .eh_frame_hdr 861 * - Sun C++ .exception_ranges 862 * 863 */ 864 static void 865 unwind(Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, uchar_t osabi, 866 const char *file, Elf *elf, uint_t flags) 867 { 868 static Word phdr_types[] = { PT_SUNW_UNWIND, PT_SUNW_EH_FRAME }; 869 870 Word cnt; 871 Phdr *uphdr = NULL; 872 gnu_eh_state_t eh_state; 873 874 /* 875 * Historical background: .eh_frame and .eh_frame_hdr sections 876 * come from the GNU compilers (particularly C++), and are used 877 * under all architectures. Their format is based on DWARF. When 878 * the amd64 ABI was defined, these sections were adopted wholesale 879 * from the existing practice. 880 * 881 * When amd64 support was added to Solaris, support for these 882 * sections was added, using the SHT_AMD64_UNWIND section type 883 * to identify them. At first, we ignored them in objects for 884 * non-amd64 targets, but later broadened our support to include 885 * other architectures in order to better support gcc-generated 886 * objects. 887 * 888 * .exception_ranges implement the same basic concepts, but 889 * were invented at Sun for the Sun C++ compiler. 890 * 891 * We match these sections by name, rather than section type, 892 * because they can come in as either SHT_AMD64_UNWIND, or as 893 * SHT_PROGBITS, and because the type isn't enough to determine 894 * how they should be interpreted. 895 */ 896 /* Find the program header for .eh_frame_hdr if present */ 897 if (phnum) 898 uphdr = getphdr(phnum, phdr_types, 899 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 900 901 /* 902 * eh_state is used to retain data used by unwind_eh_frame() 903 * across calls. 904 */ 905 bzero(&eh_state, sizeof (eh_state)); 906 907 for (cnt = 1; cnt < shnum; cnt++) { 908 Cache *_cache = &cache[cnt]; 909 Shdr *shdr = _cache->c_shdr; 910 int is_exrange; 911 912 /* 913 * Skip sections of the wrong type. On amd64, they 914 * can be SHT_AMD64_UNWIND. On all platforms, they 915 * can be SHT_PROGBITS (including amd64, if using 916 * the GNU compilers). 917 * 918 * Skip anything other than these two types. The name 919 * test below will thin out the SHT_PROGBITS that don't apply. 920 */ 921 if ((shdr->sh_type != SHT_PROGBITS) && 922 (shdr->sh_type != SHT_AMD64_UNWIND)) 923 continue; 924 925 /* 926 * Only sections with certain well known names are of interest. 927 * These are: 928 * 929 * .eh_frame - amd64/GNU-compiler unwind sections 930 * .eh_frame_hdr - Sorted table referencing .eh_frame 931 * .exception_ranges - Sun C++ unwind sections 932 * 933 * We do a prefix comparison, allowing for naming conventions 934 * like .eh_frame.foo, hence the use of strncmp() rather than 935 * strcmp(). This means that we only really need to test for 936 * .eh_frame, as it's a prefix of .eh_frame_hdr. 937 */ 938 is_exrange = strncmp(_cache->c_name, 939 MSG_ORIG(MSG_SCN_EXRANGE), MSG_SCN_EXRANGE_SIZE) == 0; 940 if ((strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRM), 941 MSG_SCN_FRM_SIZE) != 0) && !is_exrange) 942 continue; 943 944 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 945 continue; 946 947 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 948 continue; 949 950 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 951 dbg_print(0, MSG_INTL(MSG_ELF_SCN_UNWIND), _cache->c_name); 952 953 if (is_exrange) 954 unwind_exception_ranges(_cache, file, 955 _elf_sys_encoding() != ehdr->e_ident[EI_DATA]); 956 else 957 unwind_eh_frame(cache, cnt, shnum, uphdr, ehdr, 958 &eh_state, osabi, file, flags); 959 } 960 } 961 962 /* 963 * Initialize a symbol table state structure 964 * 965 * entry: 966 * state - State structure to be initialized 967 * cache - Cache of all section headers 968 * shnum - # of sections in cache 969 * secndx - Index of symbol table section 970 * ehdr - ELF header for file 971 * versym - Information about versym section 972 * file - Name of file 973 * flags - Command line option flags 974 */ 975 static int 976 init_symtbl_state(SYMTBL_STATE *state, Cache *cache, Word shnum, Word secndx, 977 Ehdr *ehdr, uchar_t osabi, VERSYM_STATE *versym, const char *file, 978 uint_t flags) 979 { 980 Shdr *shdr; 981 982 state->file = file; 983 state->ehdr = ehdr; 984 state->cache = cache; 985 state->osabi = osabi; 986 state->shnum = shnum; 987 state->seccache = &cache[secndx]; 988 state->secndx = secndx; 989 state->secname = state->seccache->c_name; 990 state->flags = flags; 991 state->shxndx.checked = 0; 992 state->shxndx.data = NULL; 993 state->shxndx.n = 0; 994 995 shdr = state->seccache->c_shdr; 996 997 /* 998 * Check the symbol data and per-item size. 999 */ 1000 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 1001 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1002 file, state->secname); 1003 return (0); 1004 } 1005 if ((state->seccache->c_data == NULL) || 1006 (state->seccache->c_data->d_buf == NULL)) 1007 return (0); 1008 1009 /* LINTED */ 1010 state->symn = (Word)(shdr->sh_size / shdr->sh_entsize); 1011 state->sym = (Sym *)state->seccache->c_data->d_buf; 1012 1013 /* 1014 * Check associated string table section. 1015 */ 1016 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 1017 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1018 file, state->secname, EC_WORD(shdr->sh_link)); 1019 return (0); 1020 } 1021 1022 /* 1023 * Determine if there is a associated Versym section 1024 * with this Symbol Table. 1025 */ 1026 if (versym && versym->cache && 1027 (versym->cache->c_shdr->sh_link == state->secndx)) 1028 state->versym = versym; 1029 else 1030 state->versym = NULL; 1031 1032 1033 return (1); 1034 } 1035 1036 /* 1037 * Determine the extended section index used for symbol tables entries. 1038 */ 1039 static void 1040 symbols_getxindex(SYMTBL_STATE *state) 1041 { 1042 uint_t symn; 1043 Word symcnt; 1044 1045 state->shxndx.checked = 1; /* Note that we've been called */ 1046 for (symcnt = 1; symcnt < state->shnum; symcnt++) { 1047 Cache *_cache = &state->cache[symcnt]; 1048 Shdr *shdr = _cache->c_shdr; 1049 1050 if ((shdr->sh_type != SHT_SYMTAB_SHNDX) || 1051 (shdr->sh_link != state->secndx)) 1052 continue; 1053 1054 if (shdr->sh_entsize == 0) 1055 symn = 0; 1056 else 1057 symn = (uint_t)(shdr->sh_size / shdr->sh_entsize); 1058 1059 if (symn == 0) 1060 continue; 1061 1062 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 1063 continue; 1064 1065 state->shxndx.data = _cache->c_data->d_buf; 1066 state->shxndx.n = symn; 1067 return; 1068 } 1069 } 1070 1071 /* 1072 * Produce a line of output for the given symbol 1073 * 1074 * entry: 1075 * state - Symbol table state 1076 * symndx - Index of symbol within the table 1077 * info - Value of st_info (indicates local/global range) 1078 * symndx_disp - Index to display. This may not be the same 1079 * as symndx if the display is relative to the logical 1080 * combination of the SUNW_ldynsym/dynsym tables. 1081 * sym - Symbol to display 1082 */ 1083 static void 1084 output_symbol(SYMTBL_STATE *state, Word symndx, Word info, Word disp_symndx, 1085 Sym *sym) 1086 { 1087 /* 1088 * Symbol types for which we check that the specified 1089 * address/size land inside the target section. 1090 */ 1091 static const int addr_symtype[] = { 1092 0, /* STT_NOTYPE */ 1093 1, /* STT_OBJECT */ 1094 1, /* STT_FUNC */ 1095 0, /* STT_SECTION */ 1096 0, /* STT_FILE */ 1097 1, /* STT_COMMON */ 1098 0, /* STT_TLS */ 1099 0, /* 7 */ 1100 0, /* 8 */ 1101 0, /* 9 */ 1102 0, /* 10 */ 1103 0, /* 11 */ 1104 0, /* 12 */ 1105 0, /* STT_SPARC_REGISTER */ 1106 0, /* 14 */ 1107 0, /* 15 */ 1108 }; 1109 #if STT_NUM != (STT_TLS + 1) 1110 #error "STT_NUM has grown. Update addr_symtype[]" 1111 #endif 1112 1113 char index[MAXNDXSIZE]; 1114 const char *symname, *sec; 1115 Versym verndx; 1116 int gnuver; 1117 uchar_t type; 1118 Shdr *tshdr; 1119 Word shndx = 0; 1120 Conv_inv_buf_t inv_buf; 1121 1122 /* Ensure symbol index is in range */ 1123 if (symndx >= state->symn) { 1124 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSYMNDX), 1125 state->file, state->secname, EC_WORD(symndx)); 1126 return; 1127 } 1128 1129 /* 1130 * If we are using extended symbol indexes, find the 1131 * corresponding SHN_SYMTAB_SHNDX table. 1132 */ 1133 if ((sym->st_shndx == SHN_XINDEX) && (state->shxndx.checked == 0)) 1134 symbols_getxindex(state); 1135 1136 /* LINTED */ 1137 symname = string(state->seccache, symndx, 1138 &state->cache[state->seccache->c_shdr->sh_link], state->file, 1139 sym->st_name); 1140 1141 tshdr = NULL; 1142 sec = NULL; 1143 1144 if (state->ehdr->e_type == ET_CORE) { 1145 sec = (char *)MSG_INTL(MSG_STR_UNKNOWN); 1146 } else if (state->flags & FLG_CTL_FAKESHDR) { 1147 /* 1148 * If we are using fake section headers derived from 1149 * the program headers, then the section indexes 1150 * in the symbols do not correspond to these headers. 1151 * The section names are not available, so all we can 1152 * do is to display them in numeric form. 1153 */ 1154 sec = conv_sym_shndx(state->osabi, state->ehdr->e_machine, 1155 sym->st_shndx, CONV_FMT_DECIMAL, &inv_buf); 1156 } else if ((sym->st_shndx < SHN_LORESERVE) && 1157 (sym->st_shndx < state->shnum)) { 1158 shndx = sym->st_shndx; 1159 tshdr = state->cache[shndx].c_shdr; 1160 sec = state->cache[shndx].c_name; 1161 } else if (sym->st_shndx == SHN_XINDEX) { 1162 if (state->shxndx.data) { 1163 Word _shxndx; 1164 1165 if (symndx > state->shxndx.n) { 1166 (void) fprintf(stderr, 1167 MSG_INTL(MSG_ERR_BADSYMXINDEX1), 1168 state->file, state->secname, 1169 EC_WORD(symndx)); 1170 } else if ((_shxndx = 1171 state->shxndx.data[symndx]) > state->shnum) { 1172 (void) fprintf(stderr, 1173 MSG_INTL(MSG_ERR_BADSYMXINDEX2), 1174 state->file, state->secname, 1175 EC_WORD(symndx), EC_WORD(_shxndx)); 1176 } else { 1177 shndx = _shxndx; 1178 tshdr = state->cache[shndx].c_shdr; 1179 sec = state->cache[shndx].c_name; 1180 } 1181 } else { 1182 (void) fprintf(stderr, 1183 MSG_INTL(MSG_ERR_BADSYMXINDEX3), 1184 state->file, state->secname, EC_WORD(symndx)); 1185 } 1186 } else if ((sym->st_shndx < SHN_LORESERVE) && 1187 (sym->st_shndx >= state->shnum)) { 1188 (void) fprintf(stderr, 1189 MSG_INTL(MSG_ERR_BADSYM5), state->file, 1190 state->secname, EC_WORD(symndx), 1191 demangle(symname, state->flags), sym->st_shndx); 1192 } 1193 1194 /* 1195 * If versioning is available display the 1196 * version index. If not, then use 0. 1197 */ 1198 if (state->versym) { 1199 Versym test_verndx; 1200 1201 verndx = test_verndx = state->versym->data[symndx]; 1202 gnuver = state->versym->gnu_full; 1203 1204 /* 1205 * Check to see if this is a defined symbol with a 1206 * version index that is outside the valid range for 1207 * the file. The interpretation of this depends on 1208 * the style of versioning used by the object. 1209 * 1210 * Versions >= VER_NDX_LORESERVE have special meanings, 1211 * and are exempt from this checking. 1212 * 1213 * GNU style version indexes use the top bit of the 1214 * 16-bit index value (0x8000) as the "hidden bit". 1215 * We must mask off this bit in order to compare 1216 * the version against the maximum value. 1217 */ 1218 if (gnuver) 1219 test_verndx &= ~0x8000; 1220 1221 if ((test_verndx > state->versym->max_verndx) && 1222 (verndx < VER_NDX_LORESERVE)) 1223 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADVER), 1224 state->file, state->secname, EC_WORD(symndx), 1225 EC_HALF(test_verndx), state->versym->max_verndx); 1226 } else { 1227 verndx = 0; 1228 gnuver = 0; 1229 } 1230 1231 /* 1232 * Error checking for TLS. 1233 */ 1234 type = ELF_ST_TYPE(sym->st_info); 1235 if (type == STT_TLS) { 1236 if (tshdr && 1237 (sym->st_shndx != SHN_UNDEF) && 1238 ((tshdr->sh_flags & SHF_TLS) == 0)) { 1239 (void) fprintf(stderr, 1240 MSG_INTL(MSG_ERR_BADSYM3), state->file, 1241 state->secname, EC_WORD(symndx), 1242 demangle(symname, state->flags)); 1243 } 1244 } else if ((type != STT_SECTION) && sym->st_size && 1245 tshdr && (tshdr->sh_flags & SHF_TLS)) { 1246 (void) fprintf(stderr, 1247 MSG_INTL(MSG_ERR_BADSYM4), state->file, 1248 state->secname, EC_WORD(symndx), 1249 demangle(symname, state->flags)); 1250 } 1251 1252 /* 1253 * If a symbol with non-zero size has a type that 1254 * specifies an address, then make sure the location 1255 * it references is actually contained within the 1256 * section. UNDEF symbols don't count in this case, 1257 * so we ignore them. 1258 * 1259 * The meaning of the st_value field in a symbol 1260 * depends on the type of object. For a relocatable 1261 * object, it is the offset within the section. 1262 * For sharable objects, it is the offset relative to 1263 * the base of the object, and for other types, it is 1264 * the virtual address. To get an offset within the 1265 * section for non-ET_REL files, we subtract the 1266 * base address of the section. 1267 */ 1268 if (addr_symtype[type] && (sym->st_size > 0) && 1269 (sym->st_shndx != SHN_UNDEF) && ((sym->st_shndx < SHN_LORESERVE) || 1270 (sym->st_shndx == SHN_XINDEX)) && (tshdr != NULL)) { 1271 Word v = sym->st_value; 1272 if (state->ehdr->e_type != ET_REL) 1273 v -= tshdr->sh_addr; 1274 if (((v + sym->st_size) > tshdr->sh_size)) { 1275 (void) fprintf(stderr, 1276 MSG_INTL(MSG_ERR_BADSYM6), state->file, 1277 state->secname, EC_WORD(symndx), 1278 demangle(symname, state->flags), 1279 EC_WORD(shndx), EC_XWORD(tshdr->sh_size), 1280 EC_XWORD(sym->st_value), EC_XWORD(sym->st_size)); 1281 } 1282 } 1283 1284 /* 1285 * A typical symbol table uses the sh_info field to indicate one greater 1286 * than the symbol table index of the last local symbol, STB_LOCAL. 1287 * Therefore, symbol indexes less than sh_info should have local 1288 * binding. Symbol indexes greater than, or equal to sh_info, should 1289 * have global binding. Note, we exclude UNDEF/NOTY symbols with zero 1290 * value and size, as these symbols may be the result of an mcs(1) 1291 * section deletion. 1292 */ 1293 if (info) { 1294 uchar_t bind = ELF_ST_BIND(sym->st_info); 1295 1296 if ((symndx < info) && (bind != STB_LOCAL)) { 1297 (void) fprintf(stderr, 1298 MSG_INTL(MSG_ERR_BADSYM7), state->file, 1299 state->secname, EC_WORD(symndx), 1300 demangle(symname, state->flags), EC_XWORD(info)); 1301 1302 } else if ((symndx >= info) && (bind == STB_LOCAL) && 1303 ((sym->st_shndx != SHN_UNDEF) || 1304 (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE) || 1305 (sym->st_size != 0) || (sym->st_value != 0))) { 1306 (void) fprintf(stderr, 1307 MSG_INTL(MSG_ERR_BADSYM8), state->file, 1308 state->secname, EC_WORD(symndx), 1309 demangle(symname, state->flags), EC_XWORD(info)); 1310 } 1311 } 1312 1313 (void) snprintf(index, MAXNDXSIZE, 1314 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(disp_symndx)); 1315 Elf_syms_table_entry(0, ELF_DBG_ELFDUMP, index, state->osabi, 1316 state->ehdr->e_machine, sym, verndx, gnuver, sec, symname); 1317 } 1318 1319 /* 1320 * Process a SHT_SUNW_cap capabilities section. 1321 */ 1322 static int 1323 cap_section(const char *file, Cache *cache, Word shnum, Cache *ccache, 1324 uchar_t osabi, Ehdr *ehdr, uint_t flags) 1325 { 1326 SYMTBL_STATE state; 1327 Word cnum, capnum, nulls, symcaps; 1328 int descapndx, objcap, title; 1329 Cap *cap = (Cap *)ccache->c_data->d_buf; 1330 Shdr *cishdr = NULL, *cshdr = ccache->c_shdr; 1331 Cache *cicache = NULL, *strcache = NULL; 1332 Capinfo *capinfo = NULL; 1333 Word capinfonum = 0; 1334 const char *strs = NULL; 1335 size_t strs_size = 0; 1336 1337 if ((cshdr->sh_entsize == 0) || (cshdr->sh_size == 0)) { 1338 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1339 file, ccache->c_name); 1340 return (0); 1341 } 1342 1343 /* 1344 * If this capabilities section is associated with symbols, then the 1345 * sh_link field points to the associated capabilities information 1346 * section. The sh_link field of the capabilities information section 1347 * points to the associated symbol table. 1348 */ 1349 if (cshdr->sh_link) { 1350 Cache *scache; 1351 Shdr *sshdr; 1352 1353 /* 1354 * Validate that the sh_link field points to a capabilities 1355 * information section. 1356 */ 1357 if (cshdr->sh_link >= shnum) { 1358 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1359 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1360 return (0); 1361 } 1362 1363 cicache = &cache[cshdr->sh_link]; 1364 cishdr = cicache->c_shdr; 1365 1366 if (cishdr->sh_type != SHT_SUNW_capinfo) { 1367 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1368 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1369 return (0); 1370 } 1371 1372 capinfo = cicache->c_data->d_buf; 1373 capinfonum = (Word)(cishdr->sh_size / cishdr->sh_entsize); 1374 1375 /* 1376 * Validate that the sh_link field of the capabilities 1377 * information section points to a valid symbol table. 1378 */ 1379 if ((cishdr->sh_link == 0) || (cishdr->sh_link >= shnum)) { 1380 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1381 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1382 return (0); 1383 } 1384 scache = &cache[cishdr->sh_link]; 1385 sshdr = scache->c_shdr; 1386 1387 if ((sshdr->sh_type != SHT_SYMTAB) && 1388 (sshdr->sh_type != SHT_DYNSYM)) { 1389 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO1), 1390 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1391 return (0); 1392 } 1393 1394 if (!init_symtbl_state(&state, cache, shnum, 1395 cishdr->sh_link, ehdr, osabi, NULL, file, flags)) 1396 return (0); 1397 } 1398 1399 /* 1400 * If this capabilities section contains capability string entries, 1401 * then determine the associated string table. Capabilities entries 1402 * that define names require that the capability section indicate 1403 * which string table to use via sh_info. 1404 */ 1405 if (cshdr->sh_info) { 1406 Shdr *strshdr; 1407 1408 /* 1409 * Validate that the sh_info field points to a string table. 1410 */ 1411 if (cshdr->sh_info >= shnum) { 1412 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1413 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1414 return (0); 1415 } 1416 1417 strcache = &cache[cshdr->sh_info]; 1418 strshdr = strcache->c_shdr; 1419 1420 if (strshdr->sh_type != SHT_STRTAB) { 1421 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1422 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1423 return (0); 1424 } 1425 strs = (const char *)strcache->c_data->d_buf; 1426 strs_size = strcache->c_data->d_size; 1427 } 1428 1429 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1430 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAP), ccache->c_name); 1431 1432 capnum = (Word)(cshdr->sh_size / cshdr->sh_entsize); 1433 1434 nulls = symcaps = 0; 1435 objcap = title = 1; 1436 descapndx = -1; 1437 1438 /* 1439 * Traverse the capabilities section printing each capability group. 1440 * The first capabilities group defines any object capabilities. Any 1441 * following groups define symbol capabilities. In the case where no 1442 * object capabilities exist, but symbol capabilities do, a single 1443 * CA_SUNW_NULL terminator for the object capabilities exists. 1444 */ 1445 for (cnum = 0; cnum < capnum; cap++, cnum++) { 1446 if (cap->c_tag == CA_SUNW_NULL) { 1447 /* 1448 * A CA_SUNW_NULL tag terminates a capabilities group. 1449 * If the first capabilities tag is CA_SUNW_NULL, then 1450 * no object capabilities exist. 1451 */ 1452 if ((nulls++ == 0) && (cnum == 0)) 1453 objcap = 0; 1454 title = 1; 1455 } else { 1456 if (title) { 1457 if (nulls == 0) { 1458 /* 1459 * If this capabilities group represents 1460 * the object capabilities (i.e., no 1461 * CA_SUNW_NULL tag has been processed 1462 * yet), then display an object 1463 * capabilities title. 1464 */ 1465 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1466 dbg_print(0, 1467 MSG_INTL(MSG_OBJ_CAP_TITLE)); 1468 } else { 1469 /* 1470 * If this is a symbols capabilities 1471 * group (i.e., a CA_SUNW_NULL tag has 1472 * already be found that terminates 1473 * the object capabilities group), then 1474 * display a symbol capabilities title, 1475 * and retain this capabilities index 1476 * for later processing. 1477 */ 1478 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1479 dbg_print(0, 1480 MSG_INTL(MSG_SYM_CAP_TITLE)); 1481 descapndx = cnum; 1482 } 1483 Elf_cap_title(0); 1484 title = 0; 1485 } 1486 1487 /* 1488 * Print the capabilities data. 1489 * 1490 * Note that CA_SUNW_PLAT, CA_SUNW_MACH and CA_SUNW_ID 1491 * entries require a string table, which should have 1492 * already been established. 1493 */ 1494 if ((strs == NULL) && ((cap->c_tag == CA_SUNW_PLAT) || 1495 (cap->c_tag == CA_SUNW_MACH) || 1496 (cap->c_tag == CA_SUNW_ID))) { 1497 (void) fprintf(stderr, 1498 MSG_INTL(MSG_WARN_INVCAP4), file, 1499 EC_WORD(elf_ndxscn(ccache->c_scn)), 1500 ccache->c_name, EC_WORD(cshdr->sh_info)); 1501 } 1502 Elf_cap_entry(0, cap, cnum, strs, strs_size, 1503 ehdr->e_machine); 1504 } 1505 1506 /* 1507 * If this CA_SUNW_NULL tag terminates a symbol capabilities 1508 * group, determine the associated symbols. 1509 */ 1510 if ((cap->c_tag == CA_SUNW_NULL) && (nulls > 1) && 1511 (descapndx != -1)) { 1512 Capinfo *cip; 1513 Word inum; 1514 1515 symcaps++; 1516 1517 /* 1518 * Make sure we've discovered a SHT_SUNW_capinfo table. 1519 */ 1520 if ((cip = capinfo) == NULL) { 1521 (void) fprintf(stderr, 1522 MSG_INTL(MSG_ERR_INVCAP), file, 1523 ccache->c_name, EC_WORD(cshdr->sh_link)); 1524 return (0); 1525 } 1526 1527 /* 1528 * Determine what symbols reference this capabilities 1529 * group. 1530 */ 1531 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1532 dbg_print(0, MSG_INTL(MSG_CAPINFO_ENTRIES)); 1533 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 1534 1535 for (inum = 1, cip++; inum < capinfonum; 1536 inum++, cip++) { 1537 Word gndx = (Word)ELF_C_GROUP(*cip); 1538 1539 if (gndx && (gndx == descapndx)) { 1540 output_symbol(&state, inum, 0, 1541 inum, state.sym + inum); 1542 } 1543 } 1544 descapndx = -1; 1545 continue; 1546 } 1547 1548 /* 1549 * An SF1_SUNW_ADDR32 software capability tag in a 32-bit 1550 * object is suspicious as it has no effect. 1551 */ 1552 if ((cap->c_tag == CA_SUNW_SF_1) && 1553 (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 1554 (cap->c_un.c_val & SF1_SUNW_ADDR32)) { 1555 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INADDR32SF1), 1556 file, ccache->c_name); 1557 } 1558 } 1559 1560 /* 1561 * If this is a dynamic object, with symbol capabilities, then a 1562 * .SUNW_capchain section should exist. This section contains a chain 1563 * of symbol indexes for each capabilities family. This is the list 1564 * that is searched by ld.so.1 to determine the best capabilities 1565 * candidate. 1566 * 1567 * Note, more than one capabilities lead symbol can point to the same 1568 * family chain. For example, a weak/global pair of symbols can both 1569 * represent the same family of capabilities symbols. Therefore, to 1570 * display all possible families we traverse the capabilities 1571 * information section looking for CAPINFO_SUNW_GLOB lead symbols. 1572 * From these we determine the associated capabilities chain to inspect. 1573 */ 1574 if (symcaps && 1575 ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1576 Capinfo *cip; 1577 Capchain *chain; 1578 Cache *chcache; 1579 Shdr *chshdr; 1580 Word chainnum, inum; 1581 1582 /* 1583 * Validate that the sh_info field of the capabilities 1584 * information section points to a capabilities chain section. 1585 */ 1586 if (cishdr->sh_info >= shnum) { 1587 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1588 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1589 return (0); 1590 } 1591 1592 chcache = &cache[cishdr->sh_info]; 1593 chshdr = chcache->c_shdr; 1594 1595 if (chshdr->sh_type != SHT_SUNW_capchain) { 1596 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO2), 1597 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1598 return (0); 1599 } 1600 1601 chainnum = (Word)(chshdr->sh_size / chshdr->sh_entsize); 1602 chain = (Capchain *)chcache->c_data->d_buf; 1603 1604 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1605 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAPCHAIN), chcache->c_name); 1606 1607 /* 1608 * Traverse the capabilities information section looking for 1609 * CAPINFO_SUNW_GLOB lead capabilities symbols. 1610 */ 1611 cip = capinfo; 1612 for (inum = 1, cip++; inum < capinfonum; inum++, cip++) { 1613 const char *name; 1614 Sym *sym; 1615 Word sndx, cndx; 1616 Word gndx = (Word)ELF_C_GROUP(*cip); 1617 1618 if ((gndx == 0) || (gndx != CAPINFO_SUNW_GLOB)) 1619 continue; 1620 1621 /* 1622 * Determine the symbol that is associated with this 1623 * capability information entry, and use this to 1624 * identify this capability family. 1625 */ 1626 sym = (Sym *)(state.sym + inum); 1627 name = string(cicache, inum, strcache, file, 1628 sym->st_name); 1629 1630 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1631 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_TITLE), name); 1632 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_ENTRY)); 1633 1634 cndx = (Word)ELF_C_SYM(*cip); 1635 1636 /* 1637 * Traverse this families chain and identify each 1638 * family member. 1639 */ 1640 for (;;) { 1641 char _chain[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 1642 1643 if (cndx >= chainnum) { 1644 (void) fprintf(stderr, 1645 MSG_INTL(MSG_ERR_INVCAPINFO3), file, 1646 cicache->c_name, EC_WORD(inum), 1647 EC_WORD(cndx)); 1648 break; 1649 } 1650 if ((sndx = chain[cndx]) == 0) 1651 break; 1652 1653 /* 1654 * Determine this entries symbol reference. 1655 */ 1656 if (sndx > state.symn) { 1657 (void) fprintf(stderr, 1658 MSG_INTL(MSG_ERR_CHBADSYMNDX), file, 1659 EC_WORD(sndx), chcache->c_name, 1660 EC_WORD(cndx)); 1661 name = MSG_INTL(MSG_STR_UNKNOWN); 1662 } else { 1663 sym = (Sym *)(state.sym + sndx); 1664 name = string(chcache, sndx, 1665 strcache, file, sym->st_name); 1666 } 1667 1668 /* 1669 * Display the family member. 1670 */ 1671 (void) snprintf(_chain, MAXNDXSIZE, 1672 MSG_ORIG(MSG_FMT_INTEGER), cndx); 1673 (void) snprintf(_symndx, MAXNDXSIZE, 1674 MSG_ORIG(MSG_FMT_INDEX2), EC_WORD(sndx)); 1675 dbg_print(0, MSG_ORIG(MSG_FMT_CHAIN_INFO), 1676 _chain, _symndx, demangle(name, flags)); 1677 1678 cndx++; 1679 } 1680 } 1681 } 1682 return (objcap); 1683 } 1684 1685 /* 1686 * Print the capabilities. 1687 * 1688 * A .SUNW_cap section can contain one or more, CA_SUNW_NULL terminated, 1689 * capabilities groups. The first group defines the object capabilities. 1690 * This group defines the minimum capability requirements of the entire 1691 * object file. If this is a dynamic object, this group should be associated 1692 * with a PT_SUNWCAP program header. 1693 * 1694 * Additional capabilities groups define the association of individual symbols 1695 * to specific capabilities. 1696 */ 1697 static void 1698 cap(const char *file, Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, 1699 uchar_t osabi, Elf *elf, uint_t flags) 1700 { 1701 Word cnt; 1702 Shdr *cshdr = NULL; 1703 Cache *ccache = NULL; 1704 Off cphdr_off = 0; 1705 Xword cphdr_sz = 0; 1706 1707 /* 1708 * Determine if a global capabilities header exists. 1709 */ 1710 if (phnum) { 1711 Phdr *phdr; 1712 1713 if ((phdr = elf_getphdr(elf)) == NULL) { 1714 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 1715 return; 1716 } 1717 1718 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 1719 if (phdr->p_type == PT_SUNWCAP) { 1720 cphdr_off = phdr->p_offset; 1721 cphdr_sz = phdr->p_filesz; 1722 break; 1723 } 1724 } 1725 } 1726 1727 /* 1728 * Determine if a capabilities section exists. 1729 */ 1730 for (cnt = 1; cnt < shnum; cnt++) { 1731 Cache *_cache = &cache[cnt]; 1732 Shdr *shdr = _cache->c_shdr; 1733 1734 /* 1735 * Process any capabilities information. 1736 */ 1737 if (shdr->sh_type == SHT_SUNW_cap) { 1738 if (cap_section(file, cache, shnum, _cache, osabi, 1739 ehdr, flags)) { 1740 /* 1741 * If this section defined an object capability 1742 * group, retain the section information for 1743 * program header validation. 1744 */ 1745 ccache = _cache; 1746 cshdr = shdr; 1747 } 1748 continue; 1749 } 1750 } 1751 1752 if ((cshdr == NULL) && (cphdr_off == 0)) 1753 return; 1754 1755 if (cphdr_off && (cshdr == NULL)) 1756 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP1), file); 1757 1758 /* 1759 * If this object is an executable or shared object, and it provided 1760 * an object capabilities group, then the group should have an 1761 * accompanying PT_SUNWCAP program header. 1762 */ 1763 if (cshdr && ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1764 if (cphdr_off == 0) { 1765 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP2), 1766 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1767 ccache->c_name); 1768 } else if ((cphdr_off != cshdr->sh_offset) || 1769 (cphdr_sz != cshdr->sh_size)) { 1770 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP3), 1771 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1772 ccache->c_name); 1773 } 1774 } 1775 } 1776 1777 /* 1778 * Print the interpretor. 1779 */ 1780 static void 1781 interp(const char *file, Cache *cache, Word shnum, Word phnum, Elf *elf) 1782 { 1783 static Word phdr_types[] = { PT_INTERP }; 1784 1785 1786 Word cnt; 1787 Shdr *ishdr = NULL; 1788 Cache *icache = NULL; 1789 Off iphdr_off = 0; 1790 Xword iphdr_fsz; 1791 1792 /* 1793 * Determine if an interp header exists. 1794 */ 1795 if (phnum) { 1796 Phdr *phdr; 1797 1798 phdr = getphdr(phnum, phdr_types, 1799 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 1800 if (phdr != NULL) { 1801 iphdr_off = phdr->p_offset; 1802 iphdr_fsz = phdr->p_filesz; 1803 } 1804 } 1805 1806 if (iphdr_off == 0) 1807 return; 1808 1809 /* 1810 * Determine if an interp section exists. 1811 */ 1812 for (cnt = 1; cnt < shnum; cnt++) { 1813 Cache *_cache = &cache[cnt]; 1814 Shdr *shdr = _cache->c_shdr; 1815 1816 /* 1817 * Scan sections to find a section which contains the PT_INTERP 1818 * string. The target section can't be in a NOBITS section. 1819 */ 1820 if ((shdr->sh_type == SHT_NOBITS) || 1821 (iphdr_off < shdr->sh_offset) || 1822 (iphdr_off + iphdr_fsz) > (shdr->sh_offset + shdr->sh_size)) 1823 continue; 1824 1825 icache = _cache; 1826 ishdr = shdr; 1827 break; 1828 } 1829 1830 /* 1831 * Print the interpreter string based on the offset defined in the 1832 * program header, as this is the offset used by the kernel. 1833 */ 1834 if ((ishdr != NULL) && 1835 (icache != NULL) && 1836 (icache->c_data != NULL) && 1837 (icache->c_data->d_buf != NULL) && 1838 (icache->c_data->d_size > 0)) { 1839 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1840 dbg_print(0, MSG_INTL(MSG_ELF_SCN_INTERP), icache->c_name); 1841 dbg_print(0, MSG_ORIG(MSG_FMT_INDENT), 1842 (char *)icache->c_data->d_buf + 1843 (iphdr_off - ishdr->sh_offset)); 1844 } else 1845 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP1), file); 1846 1847 /* 1848 * If there are any inconsistences between the program header and 1849 * section information, flag them. 1850 */ 1851 if (ishdr && ((iphdr_off != ishdr->sh_offset) || 1852 (iphdr_fsz != ishdr->sh_size))) { 1853 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP2), file, 1854 icache->c_name); 1855 } 1856 } 1857 1858 /* 1859 * Print the syminfo section. 1860 */ 1861 static void 1862 syminfo(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 1863 { 1864 Shdr *infoshdr; 1865 Syminfo *info; 1866 Sym *syms; 1867 Dyn *dyns; 1868 Word infonum, cnt, ndx, symnum, dynnum; 1869 Cache *infocache = NULL, *dyncache = NULL, *symsec, *strsec; 1870 Boolean *dynerr = NULL; 1871 1872 for (cnt = 1; cnt < shnum; cnt++) { 1873 if (cache[cnt].c_shdr->sh_type == SHT_SUNW_syminfo) { 1874 infocache = &cache[cnt]; 1875 break; 1876 } 1877 } 1878 if (infocache == NULL) 1879 return; 1880 1881 infoshdr = infocache->c_shdr; 1882 if ((infoshdr->sh_entsize == 0) || (infoshdr->sh_size == 0)) { 1883 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1884 file, infocache->c_name); 1885 return; 1886 } 1887 if ((infocache->c_data == NULL) || (infocache->c_data->d_buf == NULL)) 1888 return; 1889 1890 infonum = (Word)(infoshdr->sh_size / infoshdr->sh_entsize); 1891 info = (Syminfo *)infocache->c_data->d_buf; 1892 1893 /* 1894 * If there is no associated dynamic section, determine if one 1895 * is needed, and if so issue a warning. If there is an 1896 * associated dynamic section, validate it and get the data buffer 1897 * for it. 1898 */ 1899 dyns = NULL; 1900 dynnum = 0; 1901 if (infoshdr->sh_info == 0) { 1902 Syminfo *_info = info + 1; 1903 1904 for (ndx = 1; ndx < infonum; ndx++, _info++) { 1905 if ((_info->si_flags == 0) && (_info->si_boundto == 0)) 1906 continue; 1907 1908 if (_info->si_boundto < SYMINFO_BT_LOWRESERVE) 1909 (void) fprintf(stderr, 1910 MSG_INTL(MSG_ERR_BADSHINFO), file, 1911 infocache->c_name, 1912 EC_WORD(infoshdr->sh_info)); 1913 } 1914 } else if ((infoshdr->sh_info >= shnum) || 1915 (cache[infoshdr->sh_info].c_shdr->sh_type != SHT_DYNAMIC)) { 1916 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 1917 file, infocache->c_name, EC_WORD(infoshdr->sh_info)); 1918 } else { 1919 dyncache = &cache[infoshdr->sh_info]; 1920 if ((dyncache->c_data == NULL) || 1921 ((dyns = dyncache->c_data->d_buf) == NULL)) { 1922 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1923 file, dyncache->c_name); 1924 } 1925 if (dyns != NULL) { 1926 if ((dyncache->c_shdr->sh_entsize == 0) || 1927 (dyncache->c_shdr->sh_size == 0)) { 1928 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1929 file, dyncache->c_name); 1930 return; 1931 } 1932 1933 dynnum = dyncache->c_shdr->sh_size / 1934 dyncache->c_shdr->sh_entsize; 1935 1936 /* 1937 * We validate the type of dynamic elements referenced 1938 * from the syminfo. This array is used report any 1939 * bad dynamic entries. 1940 */ 1941 if ((dynerr = calloc(dynnum, sizeof (*dynerr))) == 1942 NULL) { 1943 int err = errno; 1944 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 1945 file, strerror(err)); 1946 return; 1947 } 1948 } 1949 } 1950 1951 /* 1952 * Get the data buffer for the associated symbol table and string table. 1953 */ 1954 if (stringtbl(cache, 1, cnt, shnum, file, 1955 &symnum, &symsec, &strsec) == 0) 1956 return; 1957 1958 syms = symsec->c_data->d_buf; 1959 1960 /* 1961 * Loop through the syminfo entries. 1962 */ 1963 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1964 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMINFO), infocache->c_name); 1965 Elf_syminfo_title(0); 1966 1967 for (ndx = 1, info++; ndx < infonum; ndx++, info++) { 1968 Sym *sym; 1969 const char *needed, *name; 1970 Word expect_dt; 1971 Word boundto = info->si_boundto; 1972 1973 if ((info->si_flags == 0) && (boundto == 0)) 1974 continue; 1975 1976 sym = &syms[ndx]; 1977 name = string(infocache, ndx, strsec, file, sym->st_name); 1978 1979 /* Is si_boundto set to one of the reserved values? */ 1980 if (boundto >= SYMINFO_BT_LOWRESERVE) { 1981 Elf_syminfo_entry(0, ndx, info, name, NULL); 1982 continue; 1983 } 1984 1985 /* 1986 * si_boundto is referencing a dynamic section. If we don't 1987 * have one, an error was already issued above, so it suffices 1988 * to display an empty string. If we are out of bounds, then 1989 * report that and then display an empty string. 1990 */ 1991 if ((dyns == NULL) || (boundto >= dynnum)) { 1992 if (dyns != NULL) 1993 (void) fprintf(stderr, 1994 MSG_INTL(MSG_ERR_BADSIDYNNDX), file, 1995 infocache->c_ndx, infocache->c_name, 1996 EC_WORD(ndx), EC_WORD(dynnum - 1), 1997 EC_WORD(boundto)); 1998 Elf_syminfo_entry(0, ndx, info, name, 1999 MSG_ORIG(MSG_STR_EMPTY)); 2000 continue; 2001 } 2002 2003 /* 2004 * The si_boundto reference expects a specific dynamic element 2005 * type at the given index. The dynamic element is always a 2006 * string that gives an object name. The specific type depends 2007 * on the si_flags present. Ensure that we've got the right 2008 * type. 2009 */ 2010 if (info->si_flags & SYMINFO_FLG_FILTER) 2011 expect_dt = DT_SUNW_FILTER; 2012 else if (info->si_flags & SYMINFO_FLG_AUXILIARY) 2013 expect_dt = DT_SUNW_AUXILIARY; 2014 else if (info->si_flags & (SYMINFO_FLG_DIRECT | 2015 SYMINFO_FLG_LAZYLOAD | SYMINFO_FLG_DIRECTBIND)) 2016 expect_dt = DT_NEEDED; 2017 else 2018 expect_dt = DT_NULL; /* means we ignore the type */ 2019 2020 if ((dyns[boundto].d_tag != expect_dt) && 2021 (expect_dt != DT_NULL)) { 2022 Conv_inv_buf_t buf1, buf2; 2023 2024 /* Only complain about each dynamic element once */ 2025 if (!dynerr[boundto]) { 2026 (void) fprintf(stderr, 2027 MSG_INTL(MSG_ERR_BADSIDYNTAG), 2028 file, infocache->c_ndx, infocache->c_name, 2029 EC_WORD(ndx), dyncache->c_ndx, 2030 dyncache->c_name, EC_WORD(boundto), 2031 conv_dyn_tag(expect_dt, osabi, 2032 ehdr->e_machine, CONV_FMT_ALT_CF, &buf1), 2033 conv_dyn_tag(dyns[boundto].d_tag, osabi, 2034 ehdr->e_machine, CONV_FMT_ALT_CF, &buf2)); 2035 dynerr[boundto] = TRUE; 2036 } 2037 } 2038 2039 /* 2040 * Whether or not the DT item we're pointing at is 2041 * of the right type, if it's a type we recognize as 2042 * providing a string, go ahead and show it. Otherwise 2043 * an empty string. 2044 */ 2045 switch (dyns[boundto].d_tag) { 2046 case DT_NEEDED: 2047 case DT_SONAME: 2048 case DT_RPATH: 2049 case DT_RUNPATH: 2050 case DT_CONFIG: 2051 case DT_DEPAUDIT: 2052 case DT_USED: 2053 case DT_AUDIT: 2054 case DT_SUNW_AUXILIARY: 2055 case DT_SUNW_FILTER: 2056 case DT_FILTER: 2057 case DT_AUXILIARY: 2058 needed = string(infocache, boundto, 2059 strsec, file, dyns[boundto].d_un.d_val); 2060 break; 2061 default: 2062 needed = MSG_ORIG(MSG_STR_EMPTY); 2063 } 2064 Elf_syminfo_entry(0, ndx, info, name, needed); 2065 } 2066 if (dyns != NULL) 2067 free(dynerr); 2068 } 2069 2070 /* 2071 * Print version definition section entries. 2072 */ 2073 static void 2074 version_def(Verdef *vdf, Word vdf_num, Cache *vcache, Cache *scache, 2075 const char *file) 2076 { 2077 Word cnt; 2078 char index[MAXNDXSIZE]; 2079 2080 Elf_ver_def_title(0); 2081 2082 for (cnt = 1; cnt <= vdf_num; cnt++, 2083 vdf = (Verdef *)((uintptr_t)vdf + vdf->vd_next)) { 2084 Conv_ver_flags_buf_t ver_flags_buf; 2085 const char *name, *dep; 2086 Half vcnt = vdf->vd_cnt - 1; 2087 Half ndx = vdf->vd_ndx; 2088 Verdaux *vdap = (Verdaux *)((uintptr_t)vdf + vdf->vd_aux); 2089 2090 /* 2091 * Obtain the name and first dependency (if any). 2092 */ 2093 name = string(vcache, cnt, scache, file, vdap->vda_name); 2094 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 2095 if (vcnt) 2096 dep = string(vcache, cnt, scache, file, vdap->vda_name); 2097 else 2098 dep = MSG_ORIG(MSG_STR_EMPTY); 2099 2100 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 2101 EC_XWORD(ndx)); 2102 Elf_ver_line_1(0, index, name, dep, 2103 conv_ver_flags(vdf->vd_flags, 0, &ver_flags_buf)); 2104 2105 /* 2106 * Print any additional dependencies. 2107 */ 2108 if (vcnt) { 2109 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 2110 for (vcnt--; vcnt; vcnt--, 2111 vdap = (Verdaux *)((uintptr_t)vdap + 2112 vdap->vda_next)) { 2113 dep = string(vcache, cnt, scache, file, 2114 vdap->vda_name); 2115 Elf_ver_line_2(0, MSG_ORIG(MSG_STR_EMPTY), dep); 2116 } 2117 } 2118 } 2119 } 2120 2121 /* 2122 * Print version needed section entries. 2123 * 2124 * entry: 2125 * vnd - Address of verneed data 2126 * vnd_num - # of Verneed entries 2127 * vcache - Cache of verneed section being processed 2128 * scache - Cache of associated string table section 2129 * file - Name of object being processed. 2130 * versym - Information about versym section 2131 * 2132 * exit: 2133 * The versions have been printed. If GNU style versioning 2134 * is in effect, versym->max_verndx has been updated to 2135 * contain the largest version index seen. 2136 * 2137 * note: 2138 * The versym section of an object that follows the original 2139 * Solaris versioning rules only contains indexes into the verdef 2140 * section. Symbols defined in other objects (UNDEF) are given 2141 * a version of 0, indicating that they are not defined by 2142 * this file, and the Verneed entries do not have associated version 2143 * indexes. For these reasons, we do not display a version index 2144 * for original-style Verneed sections. 2145 * 2146 * The GNU versioning extensions alter this: Symbols defined in other 2147 * objects receive a version index in the range above those defined 2148 * by the Verdef section, and the vna_other field of the Vernaux 2149 * structs inside the Verneed section contain the version index for 2150 * that item. We therefore display the index when showing the 2151 * contents of a GNU style Verneed section. You should not 2152 * necessarily expect these indexes to appear in sorted 2153 * order --- it seems that the GNU ld assigns the versions as 2154 * symbols are encountered during linking, and then the results 2155 * are assembled into the Verneed section afterwards. 2156 */ 2157 static void 2158 version_need(Verneed *vnd, Word vnd_num, Cache *vcache, Cache *scache, 2159 const char *file, VERSYM_STATE *versym) 2160 { 2161 Word cnt; 2162 char index[MAXNDXSIZE]; 2163 const char *index_str; 2164 2165 Elf_ver_need_title(0, versym->gnu_needed); 2166 2167 for (cnt = 1; cnt <= vnd_num; cnt++, 2168 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2169 Conv_ver_flags_buf_t ver_flags_buf; 2170 const char *name, *dep; 2171 Half vcnt = vnd->vn_cnt; 2172 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2173 2174 /* 2175 * Obtain the name of the needed file and the version name 2176 * within it that we're dependent on. Note that the count 2177 * should be at least one, otherwise this is a pretty bogus 2178 * entry. 2179 */ 2180 name = string(vcache, cnt, scache, file, vnd->vn_file); 2181 if (vcnt) 2182 dep = string(vcache, cnt, scache, file, vnap->vna_name); 2183 else 2184 dep = MSG_INTL(MSG_STR_NULL); 2185 2186 if (vnap->vna_other == 0) { /* Traditional form */ 2187 index_str = MSG_ORIG(MSG_STR_EMPTY); 2188 } else { /* GNU form */ 2189 index_str = index; 2190 /* Format the version index value */ 2191 (void) snprintf(index, MAXNDXSIZE, 2192 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(vnap->vna_other)); 2193 if (vnap->vna_other > versym->max_verndx) 2194 versym->max_verndx = vnap->vna_other; 2195 } 2196 Elf_ver_line_1(0, index_str, name, dep, 2197 conv_ver_flags(vnap->vna_flags, 0, &ver_flags_buf)); 2198 2199 /* 2200 * Print any additional version dependencies. 2201 */ 2202 if (vcnt) { 2203 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2204 for (vcnt--; vcnt; vcnt--, 2205 vnap = (Vernaux *)((uintptr_t)vnap + 2206 vnap->vna_next)) { 2207 dep = string(vcache, cnt, scache, file, 2208 vnap->vna_name); 2209 if (vnap->vna_other > 0) { 2210 /* Format the next index value */ 2211 (void) snprintf(index, MAXNDXSIZE, 2212 MSG_ORIG(MSG_FMT_INDEX), 2213 EC_XWORD(vnap->vna_other)); 2214 Elf_ver_line_1(0, index, 2215 MSG_ORIG(MSG_STR_EMPTY), dep, 2216 conv_ver_flags(vnap->vna_flags, 2217 0, &ver_flags_buf)); 2218 if (vnap->vna_other > 2219 versym->max_verndx) 2220 versym->max_verndx = 2221 vnap->vna_other; 2222 } else { 2223 Elf_ver_line_3(0, 2224 MSG_ORIG(MSG_STR_EMPTY), dep, 2225 conv_ver_flags(vnap->vna_flags, 2226 0, &ver_flags_buf)); 2227 } 2228 } 2229 } 2230 } 2231 } 2232 2233 /* 2234 * Examine the Verneed section for information related to GNU 2235 * style Versym indexing: 2236 * - A non-zero vna_other field indicates that Versym indexes can 2237 * reference Verneed records. 2238 * - If the object uses GNU style Versym indexing, the 2239 * maximum index value is needed to detect bad Versym entries. 2240 * 2241 * entry: 2242 * vnd - Address of verneed data 2243 * vnd_num - # of Verneed entries 2244 * versym - Information about versym section 2245 * 2246 * exit: 2247 * If a non-zero vna_other field is seen, versym->gnu_needed is set. 2248 * 2249 * versym->max_verndx has been updated to contain the largest 2250 * version index seen. 2251 */ 2252 static void 2253 update_gnu_verndx(Verneed *vnd, Word vnd_num, VERSYM_STATE *versym) 2254 { 2255 Word cnt; 2256 2257 for (cnt = 1; cnt <= vnd_num; cnt++, 2258 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2259 Half vcnt = vnd->vn_cnt; 2260 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2261 2262 /* 2263 * A non-zero value of vna_other indicates that this 2264 * object references VERNEED items from the VERSYM 2265 * array. 2266 */ 2267 if (vnap->vna_other != 0) { 2268 versym->gnu_needed = 1; 2269 if (vnap->vna_other > versym->max_verndx) 2270 versym->max_verndx = vnap->vna_other; 2271 } 2272 2273 /* 2274 * Check any additional version dependencies. 2275 */ 2276 if (vcnt) { 2277 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2278 for (vcnt--; vcnt; vcnt--, 2279 vnap = (Vernaux *)((uintptr_t)vnap + 2280 vnap->vna_next)) { 2281 if (vnap->vna_other == 0) 2282 continue; 2283 2284 versym->gnu_needed = 1; 2285 if (vnap->vna_other > versym->max_verndx) 2286 versym->max_verndx = vnap->vna_other; 2287 } 2288 } 2289 } 2290 } 2291 2292 /* 2293 * Display version section information if the flags require it. 2294 * Return version information needed by other output. 2295 * 2296 * entry: 2297 * cache - Cache of all section headers 2298 * shnum - # of sections in cache 2299 * file - Name of file 2300 * flags - Command line option flags 2301 * versym - VERSYM_STATE block to be filled in. 2302 */ 2303 static void 2304 versions(Cache *cache, Word shnum, const char *file, uint_t flags, 2305 VERSYM_STATE *versym) 2306 { 2307 GElf_Word cnt; 2308 Cache *verdef_cache = NULL, *verneed_cache = NULL; 2309 2310 2311 /* Gather information about the version sections */ 2312 versym->max_verndx = 1; 2313 for (cnt = 1; cnt < shnum; cnt++) { 2314 Cache *_cache = &cache[cnt]; 2315 Shdr *shdr = _cache->c_shdr; 2316 Dyn *dyn; 2317 ulong_t numdyn; 2318 2319 switch (shdr->sh_type) { 2320 case SHT_DYNAMIC: 2321 /* 2322 * The GNU ld puts a DT_VERSYM entry in the dynamic 2323 * section so that the runtime linker can use it to 2324 * implement their versioning rules. They allow multiple 2325 * incompatible functions with the same name to exist 2326 * in different versions. The Solaris ld does not 2327 * support this mechanism, and as such, does not 2328 * produce DT_VERSYM. We use this fact to determine 2329 * which ld produced this object, and how to interpret 2330 * the version values. 2331 */ 2332 if ((shdr->sh_entsize == 0) || 2333 (shdr->sh_size == 0) || 2334 (_cache->c_data == NULL) || 2335 (_cache->c_data->d_buf == NULL)) 2336 continue; 2337 numdyn = shdr->sh_size / shdr->sh_entsize; 2338 dyn = (Dyn *)_cache->c_data->d_buf; 2339 for (; numdyn-- > 0; dyn++) 2340 if (dyn->d_tag == DT_VERSYM) { 2341 versym->gnu_full = 2342 versym->gnu_needed = 1; 2343 break; 2344 } 2345 break; 2346 2347 case SHT_SUNW_versym: 2348 /* Record data address for later symbol processing */ 2349 if (_cache->c_data != NULL) { 2350 versym->cache = _cache; 2351 versym->data = _cache->c_data->d_buf; 2352 continue; 2353 } 2354 break; 2355 2356 case SHT_SUNW_verdef: 2357 case SHT_SUNW_verneed: 2358 /* 2359 * Ensure the data is non-NULL and the number 2360 * of items is non-zero. Otherwise, we don't 2361 * understand the section, and will not use it. 2362 */ 2363 if ((_cache->c_data == NULL) || 2364 (_cache->c_data->d_buf == NULL)) { 2365 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2366 file, _cache->c_name); 2367 continue; 2368 } 2369 if (shdr->sh_info == 0) { 2370 (void) fprintf(stderr, 2371 MSG_INTL(MSG_ERR_BADSHINFO), 2372 file, _cache->c_name, 2373 EC_WORD(shdr->sh_info)); 2374 continue; 2375 } 2376 2377 /* Make sure the string table index is in range */ 2378 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 2379 (void) fprintf(stderr, 2380 MSG_INTL(MSG_ERR_BADSHLINK), file, 2381 _cache->c_name, EC_WORD(shdr->sh_link)); 2382 continue; 2383 } 2384 2385 /* 2386 * The section is usable. Save the cache entry. 2387 */ 2388 if (shdr->sh_type == SHT_SUNW_verdef) { 2389 verdef_cache = _cache; 2390 /* 2391 * Under Solaris rules, if there is a verdef 2392 * section, the max versym index is number 2393 * of version definitions it supplies. 2394 */ 2395 versym->max_verndx = shdr->sh_info; 2396 } else { 2397 verneed_cache = _cache; 2398 } 2399 break; 2400 } 2401 } 2402 2403 /* 2404 * If there is a Verneed section, examine it for information 2405 * related to GNU style versioning. 2406 */ 2407 if (verneed_cache != NULL) 2408 update_gnu_verndx((Verneed *)verneed_cache->c_data->d_buf, 2409 verneed_cache->c_shdr->sh_info, versym); 2410 2411 /* 2412 * Now that all the information is available, display the 2413 * Verdef and Verneed section contents, if requested. 2414 */ 2415 if ((flags & FLG_SHOW_VERSIONS) == 0) 2416 return; 2417 if (verdef_cache != NULL) { 2418 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2419 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERDEF), 2420 verdef_cache->c_name); 2421 version_def((Verdef *)verdef_cache->c_data->d_buf, 2422 verdef_cache->c_shdr->sh_info, verdef_cache, 2423 &cache[verdef_cache->c_shdr->sh_link], file); 2424 } 2425 if (verneed_cache != NULL) { 2426 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2427 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERNEED), 2428 verneed_cache->c_name); 2429 /* 2430 * If GNU versioning applies to this object, version_need() 2431 * will update versym->max_verndx, and it is not 2432 * necessary to call update_gnu_verndx(). 2433 */ 2434 version_need((Verneed *)verneed_cache->c_data->d_buf, 2435 verneed_cache->c_shdr->sh_info, verneed_cache, 2436 &cache[verneed_cache->c_shdr->sh_link], file, versym); 2437 } 2438 } 2439 2440 /* 2441 * Search for and process any symbol tables. 2442 */ 2443 void 2444 symbols(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2445 VERSYM_STATE *versym, const char *file, uint_t flags) 2446 { 2447 SYMTBL_STATE state; 2448 Cache *_cache; 2449 Word secndx; 2450 2451 for (secndx = 1; secndx < shnum; secndx++) { 2452 Word symcnt; 2453 Shdr *shdr; 2454 2455 _cache = &cache[secndx]; 2456 shdr = _cache->c_shdr; 2457 2458 if ((shdr->sh_type != SHT_SYMTAB) && 2459 (shdr->sh_type != SHT_DYNSYM) && 2460 ((shdr->sh_type != SHT_SUNW_LDYNSYM) || 2461 (osabi != ELFOSABI_SOLARIS))) 2462 continue; 2463 if (!match(MATCH_F_ALL, _cache->c_name, secndx, shdr->sh_type)) 2464 continue; 2465 2466 if (!init_symtbl_state(&state, cache, shnum, secndx, ehdr, 2467 osabi, versym, file, flags)) 2468 continue; 2469 /* 2470 * Loop through the symbol tables entries. 2471 */ 2472 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2473 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMTAB), state.secname); 2474 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2475 2476 for (symcnt = 0; symcnt < state.symn; symcnt++) 2477 output_symbol(&state, symcnt, shdr->sh_info, symcnt, 2478 state.sym + symcnt); 2479 } 2480 } 2481 2482 /* 2483 * Search for and process any SHT_SUNW_symsort or SHT_SUNW_tlssort sections. 2484 * These sections are always associated with the .SUNW_ldynsym./.dynsym pair. 2485 */ 2486 static void 2487 sunw_sort(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2488 VERSYM_STATE *versym, const char *file, uint_t flags) 2489 { 2490 SYMTBL_STATE ldynsym_state, dynsym_state; 2491 Cache *sortcache, *symcache; 2492 Shdr *sortshdr, *symshdr; 2493 Word sortsecndx, symsecndx; 2494 Word ldynsym_cnt; 2495 Word *ndx; 2496 Word ndxn; 2497 int output_cnt = 0; 2498 Conv_inv_buf_t inv_buf; 2499 2500 for (sortsecndx = 1; sortsecndx < shnum; sortsecndx++) { 2501 2502 sortcache = &cache[sortsecndx]; 2503 sortshdr = sortcache->c_shdr; 2504 2505 if ((sortshdr->sh_type != SHT_SUNW_symsort) && 2506 (sortshdr->sh_type != SHT_SUNW_tlssort)) 2507 continue; 2508 if (!match(MATCH_F_ALL, sortcache->c_name, sortsecndx, 2509 sortshdr->sh_type)) 2510 continue; 2511 2512 /* 2513 * If the section references a SUNW_ldynsym, then we 2514 * expect to see the associated .dynsym immediately 2515 * following. If it references a .dynsym, there is no 2516 * SUNW_ldynsym. If it is any other type, then we don't 2517 * know what to do with it. 2518 */ 2519 if ((sortshdr->sh_link == 0) || (sortshdr->sh_link >= shnum)) { 2520 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 2521 file, sortcache->c_name, 2522 EC_WORD(sortshdr->sh_link)); 2523 continue; 2524 } 2525 symcache = &cache[sortshdr->sh_link]; 2526 symshdr = symcache->c_shdr; 2527 symsecndx = sortshdr->sh_link; 2528 ldynsym_cnt = 0; 2529 switch (symshdr->sh_type) { 2530 case SHT_SUNW_LDYNSYM: 2531 if (!init_symtbl_state(&ldynsym_state, cache, shnum, 2532 symsecndx, ehdr, osabi, versym, file, flags)) 2533 continue; 2534 ldynsym_cnt = ldynsym_state.symn; 2535 /* 2536 * We know that the dynsym follows immediately 2537 * after the SUNW_ldynsym, and so, should be at 2538 * (sortshdr->sh_link + 1). However, elfdump is a 2539 * diagnostic tool, so we do the full paranoid 2540 * search instead. 2541 */ 2542 for (symsecndx = 1; symsecndx < shnum; symsecndx++) { 2543 symcache = &cache[symsecndx]; 2544 symshdr = symcache->c_shdr; 2545 if (symshdr->sh_type == SHT_DYNSYM) 2546 break; 2547 } 2548 if (symsecndx >= shnum) { /* Dynsym not found! */ 2549 (void) fprintf(stderr, 2550 MSG_INTL(MSG_ERR_NODYNSYM), 2551 file, sortcache->c_name); 2552 continue; 2553 } 2554 /* Fallthrough to process associated dynsym */ 2555 /* FALLTHROUGH */ 2556 case SHT_DYNSYM: 2557 if (!init_symtbl_state(&dynsym_state, cache, shnum, 2558 symsecndx, ehdr, osabi, versym, file, flags)) 2559 continue; 2560 break; 2561 default: 2562 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADNDXSEC), 2563 file, sortcache->c_name, 2564 conv_sec_type(osabi, ehdr->e_machine, 2565 symshdr->sh_type, 0, &inv_buf)); 2566 continue; 2567 } 2568 2569 /* 2570 * Output header 2571 */ 2572 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2573 if (ldynsym_cnt > 0) { 2574 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT2), 2575 sortcache->c_name, ldynsym_state.secname, 2576 dynsym_state.secname); 2577 /* 2578 * The data for .SUNW_ldynsym and dynsym sections 2579 * is supposed to be adjacent with SUNW_ldynsym coming 2580 * first. Check, and issue a warning if it isn't so. 2581 */ 2582 if (((ldynsym_state.sym + ldynsym_state.symn) 2583 != dynsym_state.sym) && 2584 ((flags & FLG_CTL_FAKESHDR) == 0)) 2585 (void) fprintf(stderr, 2586 MSG_INTL(MSG_ERR_LDYNNOTADJ), file, 2587 ldynsym_state.secname, 2588 dynsym_state.secname); 2589 } else { 2590 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT1), 2591 sortcache->c_name, dynsym_state.secname); 2592 } 2593 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2594 2595 /* If not first one, insert a line of white space */ 2596 if (output_cnt++ > 0) 2597 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2598 2599 /* 2600 * SUNW_dynsymsort and SUNW_dyntlssort are arrays of 2601 * symbol indices. Iterate over the array entries, 2602 * dispaying the referenced symbols. 2603 */ 2604 ndxn = sortshdr->sh_size / sortshdr->sh_entsize; 2605 ndx = (Word *)sortcache->c_data->d_buf; 2606 for (; ndxn-- > 0; ndx++) { 2607 if (*ndx >= ldynsym_cnt) { 2608 Word sec_ndx = *ndx - ldynsym_cnt; 2609 2610 output_symbol(&dynsym_state, sec_ndx, 0, 2611 *ndx, dynsym_state.sym + sec_ndx); 2612 } else { 2613 output_symbol(&ldynsym_state, *ndx, 0, 2614 *ndx, ldynsym_state.sym + *ndx); 2615 } 2616 } 2617 } 2618 } 2619 2620 /* 2621 * Search for and process any relocation sections. 2622 */ 2623 static void 2624 reloc(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 2625 { 2626 Word cnt; 2627 2628 for (cnt = 1; cnt < shnum; cnt++) { 2629 Word type, symnum; 2630 Xword relndx, relnum, relsize; 2631 void *rels; 2632 Sym *syms; 2633 Cache *symsec, *strsec; 2634 Cache *_cache = &cache[cnt]; 2635 Shdr *shdr = _cache->c_shdr; 2636 char *relname = _cache->c_name; 2637 Conv_inv_buf_t inv_buf; 2638 2639 if (((type = shdr->sh_type) != SHT_RELA) && 2640 (type != SHT_REL)) 2641 continue; 2642 if (!match(MATCH_F_ALL, relname, cnt, type)) 2643 continue; 2644 2645 /* 2646 * Decide entry size. 2647 */ 2648 if (((relsize = shdr->sh_entsize) == 0) || 2649 (relsize > shdr->sh_size)) { 2650 if (type == SHT_RELA) 2651 relsize = sizeof (Rela); 2652 else 2653 relsize = sizeof (Rel); 2654 } 2655 2656 /* 2657 * Determine the number of relocations available. 2658 */ 2659 if (shdr->sh_size == 0) { 2660 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2661 file, relname); 2662 continue; 2663 } 2664 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 2665 continue; 2666 2667 rels = _cache->c_data->d_buf; 2668 relnum = shdr->sh_size / relsize; 2669 2670 /* 2671 * Get the data buffer for the associated symbol table and 2672 * string table. 2673 */ 2674 if (stringtbl(cache, 1, cnt, shnum, file, 2675 &symnum, &symsec, &strsec) == 0) 2676 continue; 2677 2678 syms = symsec->c_data->d_buf; 2679 2680 /* 2681 * Loop through the relocation entries. 2682 */ 2683 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2684 dbg_print(0, MSG_INTL(MSG_ELF_SCN_RELOC), _cache->c_name); 2685 Elf_reloc_title(0, ELF_DBG_ELFDUMP, type); 2686 2687 for (relndx = 0; relndx < relnum; relndx++, 2688 rels = (void *)((char *)rels + relsize)) { 2689 Half mach = ehdr->e_machine; 2690 char section[BUFSIZ]; 2691 const char *symname; 2692 Word symndx, reltype; 2693 Rela *rela; 2694 Rel *rel; 2695 2696 /* 2697 * Unravel the relocation and determine the symbol with 2698 * which this relocation is associated. 2699 */ 2700 if (type == SHT_RELA) { 2701 rela = (Rela *)rels; 2702 symndx = ELF_R_SYM(rela->r_info); 2703 reltype = ELF_R_TYPE(rela->r_info, mach); 2704 } else { 2705 rel = (Rel *)rels; 2706 symndx = ELF_R_SYM(rel->r_info); 2707 reltype = ELF_R_TYPE(rel->r_info, mach); 2708 } 2709 2710 symname = relsymname(cache, _cache, strsec, symndx, 2711 symnum, relndx, syms, section, BUFSIZ, file); 2712 2713 /* 2714 * A zero symbol index is only valid for a few 2715 * relocations. 2716 */ 2717 if (symndx == 0) { 2718 int badrel = 0; 2719 2720 if ((mach == EM_SPARC) || 2721 (mach == EM_SPARC32PLUS) || 2722 (mach == EM_SPARCV9)) { 2723 if ((reltype != R_SPARC_NONE) && 2724 (reltype != R_SPARC_REGISTER) && 2725 (reltype != R_SPARC_RELATIVE)) 2726 badrel++; 2727 } else if (mach == EM_386) { 2728 if ((reltype != R_386_NONE) && 2729 (reltype != R_386_RELATIVE)) 2730 badrel++; 2731 } else if (mach == EM_AMD64) { 2732 if ((reltype != R_AMD64_NONE) && 2733 (reltype != R_AMD64_RELATIVE)) 2734 badrel++; 2735 } 2736 2737 if (badrel) { 2738 (void) fprintf(stderr, 2739 MSG_INTL(MSG_ERR_BADREL1), file, 2740 conv_reloc_type(mach, reltype, 2741 0, &inv_buf)); 2742 } 2743 } 2744 2745 Elf_reloc_entry_1(0, ELF_DBG_ELFDUMP, 2746 MSG_ORIG(MSG_STR_EMPTY), ehdr->e_machine, type, 2747 rels, relname, symname, 0); 2748 } 2749 } 2750 } 2751 2752 2753 /* 2754 * This value controls which test dyn_test() performs. 2755 */ 2756 typedef enum { DYN_TEST_ADDR, DYN_TEST_SIZE, DYN_TEST_ENTSIZE } dyn_test_t; 2757 2758 /* 2759 * Used by dynamic() to compare the value of a dynamic element against 2760 * the starting address of the section it references. 2761 * 2762 * entry: 2763 * test_type - Specify which dyn item is being tested. 2764 * sh_type - SHT_* type value for required section. 2765 * sec_cache - Cache entry for section, or NULL if the object lacks 2766 * a section of this type. 2767 * dyn - Dyn entry to be tested 2768 * dynsec_cnt - # of dynamic section being examined. The first 2769 * dynamic section is 1, the next is 2, and so on... 2770 * ehdr - ELF header for file 2771 * file - Name of file 2772 */ 2773 static void 2774 dyn_test(dyn_test_t test_type, Word sh_type, Cache *sec_cache, Dyn *dyn, 2775 Word dynsec_cnt, Ehdr *ehdr, uchar_t osabi, const char *file) 2776 { 2777 Conv_inv_buf_t buf1, buf2; 2778 2779 /* 2780 * These tests are based around the implicit assumption that 2781 * there is only one dynamic section in an object, and also only 2782 * one of the sections it references. We have therefore gathered 2783 * all of the necessary information to test this in a single pass 2784 * over the section headers, which is very efficient. We are not 2785 * aware of any case where more than one dynamic section would 2786 * be meaningful in an ELF object, so this is a reasonable solution. 2787 * 2788 * To test multiple dynamic sections correctly would be more 2789 * expensive in code and time. We would have to build a data structure 2790 * containing all the dynamic elements. Then, we would use the address 2791 * to locate the section it references and ensure the section is of 2792 * the right type and that the address in the dynamic element is 2793 * to the start of the section. Then, we could check the size and 2794 * entsize values against those same sections. This is O(n^2), and 2795 * also complicated. 2796 * 2797 * In the highly unlikely case that there is more than one dynamic 2798 * section, we only test the first one, and simply allow the values 2799 * of the subsequent one to be displayed unchallenged. 2800 */ 2801 if (dynsec_cnt != 1) 2802 return; 2803 2804 /* 2805 * A DT_ item that references a section address should always find 2806 * the section in the file. 2807 */ 2808 if (sec_cache == NULL) { 2809 const char *name; 2810 2811 /* 2812 * Supply section names instead of section types for 2813 * things that reference progbits so that the error 2814 * message will make more sense. 2815 */ 2816 switch (dyn->d_tag) { 2817 case DT_INIT: 2818 name = MSG_ORIG(MSG_ELF_INIT); 2819 break; 2820 case DT_FINI: 2821 name = MSG_ORIG(MSG_ELF_FINI); 2822 break; 2823 default: 2824 name = conv_sec_type(osabi, ehdr->e_machine, 2825 sh_type, 0, &buf1); 2826 break; 2827 } 2828 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNNOBCKSEC), file, 2829 name, conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2830 CONV_FMT_ALT_CF, &buf2)); 2831 return; 2832 } 2833 2834 2835 switch (test_type) { 2836 case DYN_TEST_ADDR: 2837 /* The section address should match the DT_ item value */ 2838 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_addr) 2839 (void) fprintf(stderr, 2840 MSG_INTL(MSG_ERR_DYNBADADDR), file, 2841 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2842 CONV_FMT_ALT_CF, &buf1), EC_ADDR(dyn->d_un.d_val), 2843 sec_cache->c_ndx, sec_cache->c_name, 2844 EC_ADDR(sec_cache->c_shdr->sh_addr)); 2845 break; 2846 2847 case DYN_TEST_SIZE: 2848 /* The section size should match the DT_ item value */ 2849 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_size) 2850 (void) fprintf(stderr, 2851 MSG_INTL(MSG_ERR_DYNBADSIZE), file, 2852 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2853 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2854 sec_cache->c_ndx, sec_cache->c_name, 2855 EC_XWORD(sec_cache->c_shdr->sh_size)); 2856 break; 2857 2858 case DYN_TEST_ENTSIZE: 2859 /* The sh_entsize value should match the DT_ item value */ 2860 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_entsize) 2861 (void) fprintf(stderr, 2862 MSG_INTL(MSG_ERR_DYNBADENTSIZE), file, 2863 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2864 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2865 sec_cache->c_ndx, sec_cache->c_name, 2866 EC_XWORD(sec_cache->c_shdr->sh_entsize)); 2867 break; 2868 } 2869 } 2870 2871 /* 2872 * There are some DT_ entries that have corresponding symbols 2873 * (e.g. DT_INIT and _init). It is expected that these items will 2874 * both have the same value if both are present. This routine 2875 * examines the well known symbol tables for such symbols and 2876 * issues warnings for any that don't match. 2877 * 2878 * entry: 2879 * dyn - Dyn entry to be tested 2880 * symname - Name of symbol that corresponds to dyn 2881 * symtab_cache, dynsym_cache, ldynsym_cache - Symbol tables to check 2882 * target_cache - Section the symname section is expected to be 2883 * associated with. 2884 * cache - Cache of all section headers 2885 * shnum - # of sections in cache 2886 * ehdr - ELF header for file 2887 * osabi - OSABI to apply when interpreting object 2888 * file - Name of file 2889 */ 2890 static void 2891 dyn_symtest(Dyn *dyn, const char *symname, Cache *symtab_cache, 2892 Cache *dynsym_cache, Cache *ldynsym_cache, Cache *target_cache, 2893 Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2894 { 2895 Conv_inv_buf_t buf; 2896 int i; 2897 Sym *sym; 2898 Cache *_cache = NULL; 2899 2900 for (i = 0; i < 3; i++) { 2901 switch (i) { 2902 case 0: 2903 _cache = symtab_cache; 2904 break; 2905 case 1: 2906 _cache = dynsym_cache; 2907 break; 2908 case 2: 2909 _cache = ldynsym_cache; 2910 break; 2911 } 2912 2913 if ((_cache != NULL) && 2914 symlookup(symname, cache, shnum, &sym, target_cache, 2915 _cache, file) && (sym->st_value != dyn->d_un.d_val)) 2916 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNSYMVAL), 2917 file, _cache->c_name, conv_dyn_tag(dyn->d_tag, 2918 osabi, ehdr->e_machine, CONV_FMT_ALT_CF, &buf), 2919 symname, EC_ADDR(sym->st_value)); 2920 } 2921 } 2922 2923 /* 2924 * Search for and process a .dynamic section. 2925 */ 2926 static void 2927 dynamic(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2928 { 2929 struct { 2930 Cache *symtab; 2931 Cache *dynstr; 2932 Cache *dynsym; 2933 Cache *hash; 2934 Cache *fini; 2935 Cache *fini_array; 2936 Cache *init; 2937 Cache *init_array; 2938 Cache *preinit_array; 2939 Cache *rel; 2940 Cache *rela; 2941 Cache *sunw_cap; 2942 Cache *sunw_capinfo; 2943 Cache *sunw_capchain; 2944 Cache *sunw_ldynsym; 2945 Cache *sunw_move; 2946 Cache *sunw_syminfo; 2947 Cache *sunw_symsort; 2948 Cache *sunw_tlssort; 2949 Cache *sunw_verdef; 2950 Cache *sunw_verneed; 2951 Cache *sunw_versym; 2952 } sec; 2953 Word dynsec_ndx; 2954 Word dynsec_num; 2955 int dynsec_cnt; 2956 Word cnt; 2957 int osabi_solaris = osabi == ELFOSABI_SOLARIS; 2958 2959 /* 2960 * Make a pass over all the sections, gathering section information 2961 * we'll need below. 2962 */ 2963 dynsec_num = 0; 2964 bzero(&sec, sizeof (sec)); 2965 for (cnt = 1; cnt < shnum; cnt++) { 2966 Cache *_cache = &cache[cnt]; 2967 2968 switch (_cache->c_shdr->sh_type) { 2969 case SHT_DYNAMIC: 2970 if (dynsec_num == 0) { 2971 dynsec_ndx = cnt; 2972 2973 /* Does it have a valid string table? */ 2974 (void) stringtbl(cache, 0, cnt, shnum, file, 2975 0, 0, &sec.dynstr); 2976 } 2977 dynsec_num++; 2978 break; 2979 2980 2981 case SHT_PROGBITS: 2982 /* 2983 * We want to detect the .init and .fini sections, 2984 * if present. These are SHT_PROGBITS, so all we 2985 * have to go on is the section name. Normally comparing 2986 * names is a bad idea, but there are some special 2987 * names (i.e. .init/.fini/.interp) that are very 2988 * difficult to use in any other context, and for 2989 * these symbols, we do the heuristic match. 2990 */ 2991 if (strcmp(_cache->c_name, 2992 MSG_ORIG(MSG_ELF_INIT)) == 0) { 2993 if (sec.init == NULL) 2994 sec.init = _cache; 2995 } else if (strcmp(_cache->c_name, 2996 MSG_ORIG(MSG_ELF_FINI)) == 0) { 2997 if (sec.fini == NULL) 2998 sec.fini = _cache; 2999 } 3000 break; 3001 3002 case SHT_REL: 3003 /* 3004 * We want the SHT_REL section with the lowest 3005 * offset. The linker gathers them together, 3006 * and puts the address of the first one 3007 * into the DT_REL dynamic element. 3008 */ 3009 if ((sec.rel == NULL) || 3010 (_cache->c_shdr->sh_offset < 3011 sec.rel->c_shdr->sh_offset)) 3012 sec.rel = _cache; 3013 break; 3014 3015 case SHT_RELA: 3016 /* RELA is handled just like RELA above */ 3017 if ((sec.rela == NULL) || 3018 (_cache->c_shdr->sh_offset < 3019 sec.rela->c_shdr->sh_offset)) 3020 sec.rela = _cache; 3021 break; 3022 3023 /* 3024 * The GRAB macro is used for the simple case in which 3025 * we simply grab the first section of the desired type. 3026 */ 3027 #define GRAB(_sec_type, _sec_field) \ 3028 case _sec_type: \ 3029 if (sec._sec_field == NULL) \ 3030 sec._sec_field = _cache; \ 3031 break 3032 GRAB(SHT_SYMTAB, symtab); 3033 GRAB(SHT_DYNSYM, dynsym); 3034 GRAB(SHT_FINI_ARRAY, fini_array); 3035 GRAB(SHT_HASH, hash); 3036 GRAB(SHT_INIT_ARRAY, init_array); 3037 GRAB(SHT_SUNW_move, sunw_move); 3038 GRAB(SHT_PREINIT_ARRAY, preinit_array); 3039 GRAB(SHT_SUNW_cap, sunw_cap); 3040 GRAB(SHT_SUNW_capinfo, sunw_capinfo); 3041 GRAB(SHT_SUNW_capchain, sunw_capchain); 3042 GRAB(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3043 GRAB(SHT_SUNW_syminfo, sunw_syminfo); 3044 GRAB(SHT_SUNW_symsort, sunw_symsort); 3045 GRAB(SHT_SUNW_tlssort, sunw_tlssort); 3046 GRAB(SHT_SUNW_verdef, sunw_verdef); 3047 GRAB(SHT_SUNW_verneed, sunw_verneed); 3048 GRAB(SHT_SUNW_versym, sunw_versym); 3049 #undef GRAB 3050 } 3051 } 3052 3053 /* 3054 * If no dynamic section, return immediately. If more than one 3055 * dynamic section, then something odd is going on and an error 3056 * is in order, but then continue on and display them all. 3057 */ 3058 if (dynsec_num == 0) 3059 return; 3060 if (dynsec_num > 1) 3061 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTDYN), 3062 file, EC_WORD(dynsec_num)); 3063 3064 3065 dynsec_cnt = 0; 3066 for (cnt = dynsec_ndx; (cnt < shnum) && (dynsec_cnt < dynsec_num); 3067 cnt++) { 3068 Dyn *dyn; 3069 ulong_t numdyn; 3070 int ndx, end_ndx; 3071 Cache *_cache = &cache[cnt], *strsec; 3072 Shdr *shdr = _cache->c_shdr; 3073 int dumped = 0; 3074 3075 if (shdr->sh_type != SHT_DYNAMIC) 3076 continue; 3077 dynsec_cnt++; 3078 3079 /* 3080 * Verify the associated string table section. 3081 */ 3082 if (stringtbl(cache, 0, cnt, shnum, file, 0, 0, &strsec) == 0) 3083 continue; 3084 3085 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3086 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3087 file, _cache->c_name); 3088 continue; 3089 } 3090 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3091 continue; 3092 3093 numdyn = shdr->sh_size / shdr->sh_entsize; 3094 dyn = (Dyn *)_cache->c_data->d_buf; 3095 3096 /* 3097 * We expect the REL/RELA entries to reference the reloc 3098 * section with the lowest address. However, this is 3099 * not true for dumped objects. Detect if this object has 3100 * been dumped so that we can skip the reloc address test 3101 * in that case. 3102 */ 3103 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 3104 if (dyn->d_tag == DT_FLAGS_1) { 3105 dumped = (dyn->d_un.d_val & DF_1_CONFALT) != 0; 3106 break; 3107 } 3108 } 3109 dyn = (Dyn *)_cache->c_data->d_buf; 3110 3111 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3112 dbg_print(0, MSG_INTL(MSG_ELF_SCN_DYNAMIC), _cache->c_name); 3113 3114 Elf_dyn_title(0); 3115 3116 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 3117 union { 3118 Conv_inv_buf_t inv; 3119 Conv_dyn_flag_buf_t flag; 3120 Conv_dyn_flag1_buf_t flag1; 3121 Conv_dyn_posflag1_buf_t posflag1; 3122 Conv_dyn_feature1_buf_t feature1; 3123 } c_buf; 3124 const char *name = NULL; 3125 3126 /* 3127 * Print the information numerically, and if possible 3128 * as a string. If a string is available, name is 3129 * set to reference it. 3130 * 3131 * Also, take this opportunity to sanity check 3132 * the values of DT elements. In the code above, 3133 * we gathered information on sections that are 3134 * referenced by the dynamic section. Here, we 3135 * compare the attributes of those sections to 3136 * the DT_ items that reference them and report 3137 * on inconsistencies. 3138 * 3139 * Things not currently tested that could be improved 3140 * in later revisions include: 3141 * - We don't check PLT or GOT related items 3142 * - We don't handle computing the lengths of 3143 * relocation arrays. To handle this 3144 * requires examining data that spans 3145 * across sections, in a contiguous span 3146 * within a single segment. 3147 * - DT_VERDEFNUM and DT_VERNEEDNUM can't be 3148 * verified without parsing the sections. 3149 * - We don't handle DT_SUNW_SYMSZ, which would 3150 * be the sum of the lengths of .dynsym and 3151 * .SUNW_ldynsym 3152 * - DT_SUNW_STRPAD can't be verified other than 3153 * to check that it's not larger than 3154 * the string table. 3155 * - Some items come in "all or none" clusters 3156 * that give an address, element size, 3157 * and data length in bytes. We don't 3158 * verify that there are no missing items 3159 * in such groups. 3160 */ 3161 switch (dyn->d_tag) { 3162 case DT_NULL: 3163 /* 3164 * Special case: DT_NULLs can come in groups 3165 * that we prefer to reduce to a single line. 3166 */ 3167 end_ndx = ndx; 3168 while ((end_ndx < (numdyn - 1)) && 3169 ((dyn + 1)->d_tag == DT_NULL)) { 3170 dyn++; 3171 end_ndx++; 3172 } 3173 Elf_dyn_null_entry(0, dyn, ndx, end_ndx); 3174 ndx = end_ndx; 3175 continue; 3176 3177 /* 3178 * String items all reference the dynstr. The string() 3179 * function does the necessary sanity checking. 3180 */ 3181 case DT_NEEDED: 3182 case DT_SONAME: 3183 case DT_FILTER: 3184 case DT_AUXILIARY: 3185 case DT_CONFIG: 3186 case DT_RPATH: 3187 case DT_RUNPATH: 3188 case DT_USED: 3189 case DT_DEPAUDIT: 3190 case DT_AUDIT: 3191 name = string(_cache, ndx, strsec, 3192 file, dyn->d_un.d_ptr); 3193 break; 3194 3195 case DT_SUNW_AUXILIARY: 3196 case DT_SUNW_FILTER: 3197 if (osabi_solaris) 3198 name = string(_cache, ndx, strsec, 3199 file, dyn->d_un.d_ptr); 3200 break; 3201 3202 case DT_FLAGS: 3203 name = conv_dyn_flag(dyn->d_un.d_val, 3204 0, &c_buf.flag); 3205 break; 3206 case DT_FLAGS_1: 3207 name = conv_dyn_flag1(dyn->d_un.d_val, 0, 3208 &c_buf.flag1); 3209 break; 3210 case DT_POSFLAG_1: 3211 name = conv_dyn_posflag1(dyn->d_un.d_val, 0, 3212 &c_buf.posflag1); 3213 break; 3214 case DT_FEATURE_1: 3215 name = conv_dyn_feature1(dyn->d_un.d_val, 0, 3216 &c_buf.feature1); 3217 break; 3218 case DT_DEPRECATED_SPARC_REGISTER: 3219 name = MSG_INTL(MSG_STR_DEPRECATED); 3220 break; 3221 3222 case DT_SUNW_LDMACH: 3223 if (!osabi_solaris) 3224 break; 3225 name = conv_ehdr_mach((Half)dyn->d_un.d_val, 3226 0, &c_buf.inv); 3227 break; 3228 3229 /* 3230 * Cases below this point are strictly sanity checking, 3231 * and do not generate a name string. The TEST_ macros 3232 * are used to hide the boiler plate arguments neeeded 3233 * by dyn_test(). 3234 */ 3235 #define TEST_ADDR(_sh_type, _sec_field) \ 3236 dyn_test(DYN_TEST_ADDR, _sh_type, \ 3237 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3238 osabi, file) 3239 #define TEST_SIZE(_sh_type, _sec_field) \ 3240 dyn_test(DYN_TEST_SIZE, _sh_type, \ 3241 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3242 osabi, file) 3243 #define TEST_ENTSIZE(_sh_type, _sec_field) \ 3244 dyn_test(DYN_TEST_ENTSIZE, _sh_type, \ 3245 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3246 osabi, file) 3247 3248 case DT_FINI: 3249 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_FINI), 3250 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3251 sec.fini, cache, shnum, ehdr, osabi, file); 3252 TEST_ADDR(SHT_PROGBITS, fini); 3253 break; 3254 3255 case DT_FINI_ARRAY: 3256 TEST_ADDR(SHT_FINI_ARRAY, fini_array); 3257 break; 3258 3259 case DT_FINI_ARRAYSZ: 3260 TEST_SIZE(SHT_FINI_ARRAY, fini_array); 3261 break; 3262 3263 case DT_HASH: 3264 TEST_ADDR(SHT_HASH, hash); 3265 break; 3266 3267 case DT_INIT: 3268 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_INIT), 3269 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3270 sec.init, cache, shnum, ehdr, osabi, file); 3271 TEST_ADDR(SHT_PROGBITS, init); 3272 break; 3273 3274 case DT_INIT_ARRAY: 3275 TEST_ADDR(SHT_INIT_ARRAY, init_array); 3276 break; 3277 3278 case DT_INIT_ARRAYSZ: 3279 TEST_SIZE(SHT_INIT_ARRAY, init_array); 3280 break; 3281 3282 case DT_MOVEENT: 3283 TEST_ENTSIZE(SHT_SUNW_move, sunw_move); 3284 break; 3285 3286 case DT_MOVESZ: 3287 TEST_SIZE(SHT_SUNW_move, sunw_move); 3288 break; 3289 3290 case DT_MOVETAB: 3291 TEST_ADDR(SHT_SUNW_move, sunw_move); 3292 break; 3293 3294 case DT_PREINIT_ARRAY: 3295 TEST_ADDR(SHT_PREINIT_ARRAY, preinit_array); 3296 break; 3297 3298 case DT_PREINIT_ARRAYSZ: 3299 TEST_SIZE(SHT_PREINIT_ARRAY, preinit_array); 3300 break; 3301 3302 case DT_REL: 3303 if (!dumped) 3304 TEST_ADDR(SHT_REL, rel); 3305 break; 3306 3307 case DT_RELENT: 3308 TEST_ENTSIZE(SHT_REL, rel); 3309 break; 3310 3311 case DT_RELA: 3312 if (!dumped) 3313 TEST_ADDR(SHT_RELA, rela); 3314 break; 3315 3316 case DT_RELAENT: 3317 TEST_ENTSIZE(SHT_RELA, rela); 3318 break; 3319 3320 case DT_STRTAB: 3321 TEST_ADDR(SHT_STRTAB, dynstr); 3322 break; 3323 3324 case DT_STRSZ: 3325 TEST_SIZE(SHT_STRTAB, dynstr); 3326 break; 3327 3328 case DT_SUNW_CAP: 3329 if (osabi_solaris) 3330 TEST_ADDR(SHT_SUNW_cap, sunw_cap); 3331 break; 3332 3333 case DT_SUNW_CAPINFO: 3334 if (osabi_solaris) 3335 TEST_ADDR(SHT_SUNW_capinfo, 3336 sunw_capinfo); 3337 break; 3338 3339 case DT_SUNW_CAPCHAIN: 3340 if (osabi_solaris) 3341 TEST_ADDR(SHT_SUNW_capchain, 3342 sunw_capchain); 3343 break; 3344 3345 case DT_SUNW_SYMTAB: 3346 TEST_ADDR(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3347 break; 3348 3349 case DT_SYMENT: 3350 TEST_ENTSIZE(SHT_DYNSYM, dynsym); 3351 break; 3352 3353 case DT_SYMINENT: 3354 TEST_ENTSIZE(SHT_SUNW_syminfo, sunw_syminfo); 3355 break; 3356 3357 case DT_SYMINFO: 3358 TEST_ADDR(SHT_SUNW_syminfo, sunw_syminfo); 3359 break; 3360 3361 case DT_SYMINSZ: 3362 TEST_SIZE(SHT_SUNW_syminfo, sunw_syminfo); 3363 break; 3364 3365 case DT_SYMTAB: 3366 TEST_ADDR(SHT_DYNSYM, dynsym); 3367 break; 3368 3369 case DT_SUNW_SORTENT: 3370 /* 3371 * This entry is related to both the symsort and 3372 * tlssort sections. 3373 */ 3374 if (osabi_solaris) { 3375 int test_tls = 3376 (sec.sunw_tlssort != NULL); 3377 int test_sym = 3378 (sec.sunw_symsort != NULL) || 3379 !test_tls; 3380 if (test_sym) 3381 TEST_ENTSIZE(SHT_SUNW_symsort, 3382 sunw_symsort); 3383 if (test_tls) 3384 TEST_ENTSIZE(SHT_SUNW_tlssort, 3385 sunw_tlssort); 3386 } 3387 break; 3388 3389 3390 case DT_SUNW_SYMSORT: 3391 if (osabi_solaris) 3392 TEST_ADDR(SHT_SUNW_symsort, 3393 sunw_symsort); 3394 break; 3395 3396 case DT_SUNW_SYMSORTSZ: 3397 if (osabi_solaris) 3398 TEST_SIZE(SHT_SUNW_symsort, 3399 sunw_symsort); 3400 break; 3401 3402 case DT_SUNW_TLSSORT: 3403 if (osabi_solaris) 3404 TEST_ADDR(SHT_SUNW_tlssort, 3405 sunw_tlssort); 3406 break; 3407 3408 case DT_SUNW_TLSSORTSZ: 3409 if (osabi_solaris) 3410 TEST_SIZE(SHT_SUNW_tlssort, 3411 sunw_tlssort); 3412 break; 3413 3414 case DT_VERDEF: 3415 TEST_ADDR(SHT_SUNW_verdef, sunw_verdef); 3416 break; 3417 3418 case DT_VERNEED: 3419 TEST_ADDR(SHT_SUNW_verneed, sunw_verneed); 3420 break; 3421 3422 case DT_VERSYM: 3423 TEST_ADDR(SHT_SUNW_versym, sunw_versym); 3424 break; 3425 #undef TEST_ADDR 3426 #undef TEST_SIZE 3427 #undef TEST_ENTSIZE 3428 } 3429 3430 if (name == NULL) 3431 name = MSG_ORIG(MSG_STR_EMPTY); 3432 Elf_dyn_entry(0, dyn, ndx, name, 3433 osabi, ehdr->e_machine); 3434 } 3435 } 3436 } 3437 3438 /* 3439 * Search for and process a MOVE section. 3440 */ 3441 static void 3442 move(Cache *cache, Word shnum, const char *file, uint_t flags) 3443 { 3444 Word cnt; 3445 const char *fmt = NULL; 3446 3447 for (cnt = 1; cnt < shnum; cnt++) { 3448 Word movenum, symnum, ndx; 3449 Sym *syms; 3450 Cache *_cache = &cache[cnt]; 3451 Shdr *shdr = _cache->c_shdr; 3452 Cache *symsec, *strsec; 3453 Move *move; 3454 3455 if (shdr->sh_type != SHT_SUNW_move) 3456 continue; 3457 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3458 continue; 3459 3460 /* 3461 * Determine the move data and number. 3462 */ 3463 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3464 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3465 file, _cache->c_name); 3466 continue; 3467 } 3468 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3469 continue; 3470 3471 move = (Move *)_cache->c_data->d_buf; 3472 movenum = shdr->sh_size / shdr->sh_entsize; 3473 3474 /* 3475 * Get the data buffer for the associated symbol table and 3476 * string table. 3477 */ 3478 if (stringtbl(cache, 1, cnt, shnum, file, 3479 &symnum, &symsec, &strsec) == 0) 3480 return; 3481 3482 syms = (Sym *)symsec->c_data->d_buf; 3483 3484 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3485 dbg_print(0, MSG_INTL(MSG_ELF_SCN_MOVE), _cache->c_name); 3486 dbg_print(0, MSG_INTL(MSG_MOVE_TITLE)); 3487 3488 if (fmt == NULL) 3489 fmt = MSG_INTL(MSG_MOVE_ENTRY); 3490 3491 for (ndx = 0; ndx < movenum; move++, ndx++) { 3492 const char *symname; 3493 char index[MAXNDXSIZE], section[BUFSIZ]; 3494 Word symndx, shndx; 3495 Sym *sym; 3496 3497 /* 3498 * Check for null entries 3499 */ 3500 if ((move->m_info == 0) && (move->m_value == 0) && 3501 (move->m_poffset == 0) && (move->m_repeat == 0) && 3502 (move->m_stride == 0)) { 3503 dbg_print(0, fmt, MSG_ORIG(MSG_STR_EMPTY), 3504 EC_XWORD(move->m_poffset), 0, 0, 0, 3505 EC_LWORD(0), MSG_ORIG(MSG_STR_EMPTY)); 3506 continue; 3507 } 3508 if (((symndx = ELF_M_SYM(move->m_info)) == 0) || 3509 (symndx >= symnum)) { 3510 (void) fprintf(stderr, 3511 MSG_INTL(MSG_ERR_BADMINFO), file, 3512 _cache->c_name, EC_XWORD(move->m_info)); 3513 3514 (void) snprintf(index, MAXNDXSIZE, 3515 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3516 dbg_print(0, fmt, index, 3517 EC_XWORD(move->m_poffset), 3518 ELF_M_SIZE(move->m_info), move->m_repeat, 3519 move->m_stride, move->m_value, 3520 MSG_INTL(MSG_STR_UNKNOWN)); 3521 continue; 3522 } 3523 3524 symname = relsymname(cache, _cache, strsec, 3525 symndx, symnum, ndx, syms, section, BUFSIZ, file); 3526 sym = (Sym *)(syms + symndx); 3527 3528 /* 3529 * Additional sanity check. 3530 */ 3531 shndx = sym->st_shndx; 3532 if (!((shndx == SHN_COMMON) || 3533 (((shndx >= 1) && (shndx <= shnum)) && 3534 (cache[shndx].c_shdr)->sh_type == SHT_NOBITS))) { 3535 (void) fprintf(stderr, 3536 MSG_INTL(MSG_ERR_BADSYM2), file, 3537 _cache->c_name, EC_WORD(symndx), 3538 demangle(symname, flags)); 3539 } 3540 3541 (void) snprintf(index, MAXNDXSIZE, 3542 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3543 dbg_print(0, fmt, index, EC_XWORD(move->m_poffset), 3544 ELF_M_SIZE(move->m_info), move->m_repeat, 3545 move->m_stride, move->m_value, 3546 demangle(symname, flags)); 3547 } 3548 } 3549 } 3550 3551 /* 3552 * parse_note_t is used to track the state used by parse_note_entry() 3553 * between calls, and also to return the results of each call. 3554 */ 3555 typedef struct { 3556 /* pns_ fields track progress through the data */ 3557 const char *pns_file; /* File name */ 3558 Cache *pns_cache; /* Note section cache entry */ 3559 size_t pns_size; /* # unprocessed data bytes */ 3560 Word *pns_data; /* # to next unused data byte */ 3561 3562 /* pn_ fields return the results for a single call */ 3563 Word pn_namesz; /* Value of note namesz field */ 3564 Word pn_descsz; /* Value of note descsz field */ 3565 Word pn_type; /* Value of note type field */ 3566 const char *pn_name; /* if (namesz > 0) ptr to name bytes */ 3567 const char *pn_desc; /* if (descsx > 0) ptr to data bytes */ 3568 } parse_note_t; 3569 3570 /* 3571 * Extract the various sub-parts of a note entry, and advance the 3572 * data pointer past it. 3573 * 3574 * entry: 3575 * The state pns_ fields contain current values for the Note section 3576 * 3577 * exit: 3578 * On success, True (1) is returned, the state pns_ fields have been 3579 * advanced to point at the start of the next entry, and the information 3580 * for the recovered note entry is found in the state pn_ fields. 3581 * 3582 * On failure, False (0) is returned. The values contained in state 3583 * are undefined. 3584 */ 3585 static int 3586 parse_note_entry(parse_note_t *state) 3587 { 3588 size_t pad, noteoff; 3589 3590 noteoff = (Word)state->pns_cache->c_data->d_size - state->pns_size; 3591 /* 3592 * Make sure we can at least reference the 3 initial entries 3593 * (4-byte words) of the note information block. 3594 */ 3595 if (state->pns_size >= (sizeof (Word) * 3)) { 3596 state->pns_size -= (sizeof (Word) * 3); 3597 } else { 3598 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDATASZ), 3599 state->pns_file, state->pns_cache->c_name, 3600 EC_WORD(noteoff)); 3601 return (0); 3602 } 3603 3604 /* 3605 * Make sure any specified name string can be referenced. 3606 */ 3607 if ((state->pn_namesz = *state->pns_data++) != 0) { 3608 if (state->pns_size >= state->pn_namesz) { 3609 state->pns_size -= state->pn_namesz; 3610 } else { 3611 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADNMSZ), 3612 state->pns_file, state->pns_cache->c_name, 3613 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3614 return (0); 3615 } 3616 } 3617 3618 /* 3619 * Make sure any specified descriptor can be referenced. 3620 */ 3621 if ((state->pn_descsz = *state->pns_data++) != 0) { 3622 /* 3623 * If namesz isn't a 4-byte multiple, account for any 3624 * padding that must exist before the descriptor. 3625 */ 3626 if ((pad = (state->pn_namesz & (sizeof (Word) - 1))) != 0) { 3627 pad = sizeof (Word) - pad; 3628 state->pns_size -= pad; 3629 } 3630 if (state->pns_size >= state->pn_descsz) { 3631 state->pns_size -= state->pn_descsz; 3632 } else { 3633 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDESZ), 3634 state->pns_file, state->pns_cache->c_name, 3635 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3636 return (0); 3637 } 3638 } 3639 3640 state->pn_type = *state->pns_data++; 3641 3642 /* Name */ 3643 if (state->pn_namesz) { 3644 state->pn_name = (char *)state->pns_data; 3645 pad = (state->pn_namesz + 3646 (sizeof (Word) - 1)) & ~(sizeof (Word) - 1); 3647 /* LINTED */ 3648 state->pns_data = (Word *)(state->pn_name + pad); 3649 } 3650 3651 /* 3652 * If multiple information blocks exist within a .note section 3653 * account for any padding that must exist before the next 3654 * information block. 3655 */ 3656 if ((pad = (state->pn_descsz & (sizeof (Word) - 1))) != 0) { 3657 pad = sizeof (Word) - pad; 3658 if (state->pns_size > pad) 3659 state->pns_size -= pad; 3660 } 3661 3662 /* Data */ 3663 if (state->pn_descsz) { 3664 state->pn_desc = (const char *)state->pns_data; 3665 /* LINTED */ 3666 state->pns_data = (Word *)(state->pn_desc + 3667 state->pn_descsz + pad); 3668 } 3669 3670 return (1); 3671 } 3672 3673 /* 3674 * Callback function for use with conv_str_to_c_literal() below. 3675 */ 3676 /*ARGSUSED2*/ 3677 static void 3678 c_literal_cb(const void *ptr, size_t size, void *uvalue) 3679 { 3680 (void) fwrite(ptr, size, 1, stdout); 3681 } 3682 3683 /* 3684 * Traverse a note section analyzing each note information block. 3685 * The data buffers size is used to validate references before they are made, 3686 * and is decremented as each element is processed. 3687 */ 3688 void 3689 note_entry(Cache *cache, Word *data, size_t size, Ehdr *ehdr, const char *file) 3690 { 3691 int cnt = 0; 3692 int is_corenote; 3693 int do_swap; 3694 Conv_inv_buf_t inv_buf; 3695 parse_note_t pnstate; 3696 3697 pnstate.pns_file = file; 3698 pnstate.pns_cache = cache; 3699 pnstate.pns_size = size; 3700 pnstate.pns_data = data; 3701 do_swap = _elf_sys_encoding() != ehdr->e_ident[EI_DATA]; 3702 3703 /* 3704 * Print out a single `note' information block. 3705 */ 3706 while (pnstate.pns_size > 0) { 3707 3708 if (parse_note_entry(&pnstate) == 0) 3709 return; 3710 3711 /* 3712 * Is this a Solaris core note? Such notes all have 3713 * the name "CORE". 3714 */ 3715 is_corenote = (ehdr->e_type == ET_CORE) && 3716 (pnstate.pn_namesz == (MSG_STR_CORE_SIZE + 1)) && 3717 (strncmp(MSG_ORIG(MSG_STR_CORE), pnstate.pn_name, 3718 MSG_STR_CORE_SIZE + 1) == 0); 3719 3720 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3721 dbg_print(0, MSG_INTL(MSG_FMT_NOTEENTNDX), EC_WORD(cnt)); 3722 cnt++; 3723 dbg_print(0, MSG_ORIG(MSG_NOTE_NAMESZ), 3724 EC_WORD(pnstate.pn_namesz)); 3725 dbg_print(0, MSG_ORIG(MSG_NOTE_DESCSZ), 3726 EC_WORD(pnstate.pn_descsz)); 3727 3728 if (is_corenote) 3729 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE_STR), 3730 conv_cnote_type(pnstate.pn_type, 0, &inv_buf)); 3731 else 3732 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE), 3733 EC_WORD(pnstate.pn_type)); 3734 if (pnstate.pn_namesz) { 3735 dbg_print(0, MSG_ORIG(MSG_NOTE_NAME)); 3736 /* 3737 * The name string can contain embedded 'null' 3738 * bytes and/or unprintable characters. Also, 3739 * the final NULL is documented in the ELF ABI 3740 * as being included in the namesz. So, display 3741 * the name using C literal string notation, and 3742 * include the terminating NULL in the output. 3743 * We don't show surrounding double quotes, as 3744 * that implies the termination that we are showing 3745 * explicitly. 3746 */ 3747 (void) fwrite(MSG_ORIG(MSG_STR_8SP), 3748 MSG_STR_8SP_SIZE, 1, stdout); 3749 conv_str_to_c_literal(pnstate.pn_name, 3750 pnstate.pn_namesz, c_literal_cb, NULL); 3751 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3752 } 3753 3754 if (pnstate.pn_descsz) { 3755 int hexdump = 1; 3756 3757 /* 3758 * If this is a core note, let the corenote() 3759 * function handle it. 3760 */ 3761 if (is_corenote) { 3762 /* We only issue the bad arch error once */ 3763 static int badnote_done = 0; 3764 corenote_ret_t corenote_ret; 3765 3766 corenote_ret = corenote(ehdr->e_machine, 3767 do_swap, pnstate.pn_type, pnstate.pn_desc, 3768 pnstate.pn_descsz); 3769 switch (corenote_ret) { 3770 case CORENOTE_R_OK_DUMP: 3771 hexdump = 1; 3772 break; 3773 case CORENOTE_R_OK: 3774 hexdump = 0; 3775 break; 3776 case CORENOTE_R_BADDATA: 3777 (void) fprintf(stderr, 3778 MSG_INTL(MSG_NOTE_BADCOREDATA), 3779 file); 3780 break; 3781 case CORENOTE_R_BADARCH: 3782 if (badnote_done) 3783 break; 3784 (void) fprintf(stderr, 3785 MSG_INTL(MSG_NOTE_BADCOREARCH), 3786 file, 3787 conv_ehdr_mach(ehdr->e_machine, 3788 0, &inv_buf)); 3789 break; 3790 case CORENOTE_R_BADTYPE: 3791 (void) fprintf(stderr, 3792 MSG_INTL(MSG_NOTE_BADCORETYPE), 3793 file, 3794 EC_WORD(pnstate.pn_type)); 3795 break; 3796 3797 } 3798 } 3799 3800 /* 3801 * The default thing when we don't understand 3802 * the note data is to display it as hex bytes. 3803 */ 3804 if (hexdump) { 3805 dbg_print(0, MSG_ORIG(MSG_NOTE_DESC)); 3806 dump_hex_bytes(pnstate.pn_desc, 3807 pnstate.pn_descsz, 8, 4, 4); 3808 } 3809 } 3810 } 3811 } 3812 3813 /* 3814 * Search for and process .note sections. 3815 * 3816 * Returns the number of note sections seen. 3817 */ 3818 static Word 3819 note(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3820 { 3821 Word cnt, note_cnt = 0; 3822 3823 /* 3824 * Otherwise look for any .note sections. 3825 */ 3826 for (cnt = 1; cnt < shnum; cnt++) { 3827 Cache *_cache = &cache[cnt]; 3828 Shdr *shdr = _cache->c_shdr; 3829 3830 if (shdr->sh_type != SHT_NOTE) 3831 continue; 3832 note_cnt++; 3833 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3834 continue; 3835 3836 /* 3837 * As these sections are often hand rolled, make sure they're 3838 * properly aligned before proceeding, and issue an error 3839 * as necessary. 3840 * 3841 * Note that we will continue on to display the note even 3842 * if it has bad alignment. We can do this safely, because 3843 * libelf knows the alignment required for SHT_NOTE, and 3844 * takes steps to deliver a properly aligned buffer to us 3845 * even if the actual file is misaligned. 3846 */ 3847 if (shdr->sh_offset & (sizeof (Word) - 1)) 3848 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADALIGN), 3849 file, _cache->c_name); 3850 3851 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 3852 continue; 3853 3854 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3855 dbg_print(0, MSG_INTL(MSG_ELF_SCN_NOTE), _cache->c_name); 3856 note_entry(_cache, (Word *)_cache->c_data->d_buf, 3857 /* LINTED */ 3858 (Word)_cache->c_data->d_size, ehdr, file); 3859 } 3860 3861 return (note_cnt); 3862 } 3863 3864 /* 3865 * The Linux Standard Base defines a special note named .note.ABI-tag 3866 * that is used to maintain Linux ABI information. Presence of this section 3867 * is a strong indication that the object should be considered to be 3868 * ELFOSABI_LINUX. 3869 * 3870 * This function returns True (1) if such a note is seen, and False (0) 3871 * otherwise. 3872 */ 3873 static int 3874 has_linux_abi_note(Cache *cache, Word shnum, const char *file) 3875 { 3876 Word cnt; 3877 3878 for (cnt = 1; cnt < shnum; cnt++) { 3879 parse_note_t pnstate; 3880 Cache *_cache = &cache[cnt]; 3881 Shdr *shdr = _cache->c_shdr; 3882 3883 /* 3884 * Section must be SHT_NOTE, must have the name 3885 * .note.ABI-tag, and must have data. 3886 */ 3887 if ((shdr->sh_type != SHT_NOTE) || 3888 (strcmp(MSG_ORIG(MSG_STR_NOTEABITAG), 3889 _cache->c_name) != 0) || 3890 (_cache->c_data == NULL) || 3891 (_cache->c_data->d_buf == NULL)) 3892 continue; 3893 3894 pnstate.pns_file = file; 3895 pnstate.pns_cache = _cache; 3896 pnstate.pns_size = _cache->c_data->d_size; 3897 pnstate.pns_data = (Word *)_cache->c_data->d_buf; 3898 3899 while (pnstate.pns_size > 0) { 3900 Word *w; 3901 3902 if (parse_note_entry(&pnstate) == 0) 3903 break; 3904 3905 /* 3906 * The type must be 1, and the name must be "GNU". 3907 * The descsz must be at least 16 bytes. 3908 */ 3909 if ((pnstate.pn_type != 1) || 3910 (pnstate.pn_namesz != (MSG_STR_GNU_SIZE + 1)) || 3911 (strncmp(MSG_ORIG(MSG_STR_GNU), pnstate.pn_name, 3912 MSG_STR_CORE_SIZE + 1) != 0) || 3913 (pnstate.pn_descsz < 16)) 3914 continue; 3915 3916 /* 3917 * desc contains 4 32-bit fields. Field 0 must be 0, 3918 * indicating Linux. The second, third, and fourth 3919 * fields represent the earliest Linux kernel 3920 * version compatible with this object. 3921 */ 3922 /*LINTED*/ 3923 w = (Word *) pnstate.pn_desc; 3924 if (*w == 0) 3925 return (1); 3926 } 3927 } 3928 3929 return (0); 3930 } 3931 3932 /* 3933 * Determine an individual hash entry. This may be the initial hash entry, 3934 * or an associated chain entry. 3935 */ 3936 static void 3937 hash_entry(Cache *refsec, Cache *strsec, const char *hsecname, Word hashndx, 3938 Word symndx, Word symn, Sym *syms, const char *file, ulong_t bkts, 3939 uint_t flags, int chain) 3940 { 3941 Sym *sym; 3942 const char *symname, *str; 3943 char _bucket[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 3944 ulong_t nbkt, nhash; 3945 3946 if (symndx > symn) { 3947 (void) fprintf(stderr, MSG_INTL(MSG_ERR_HSBADSYMNDX), file, 3948 EC_WORD(symndx), EC_WORD(hashndx)); 3949 symname = MSG_INTL(MSG_STR_UNKNOWN); 3950 } else { 3951 sym = (Sym *)(syms + symndx); 3952 symname = string(refsec, symndx, strsec, file, sym->st_name); 3953 } 3954 3955 if (chain == 0) { 3956 (void) snprintf(_bucket, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 3957 hashndx); 3958 str = (const char *)_bucket; 3959 } else 3960 str = MSG_ORIG(MSG_STR_EMPTY); 3961 3962 (void) snprintf(_symndx, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX2), 3963 EC_WORD(symndx)); 3964 dbg_print(0, MSG_ORIG(MSG_FMT_HASH_INFO), str, _symndx, 3965 demangle(symname, flags)); 3966 3967 /* 3968 * Determine if this string is in the correct bucket. 3969 */ 3970 nhash = elf_hash(symname); 3971 nbkt = nhash % bkts; 3972 3973 if (nbkt != hashndx) { 3974 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADHASH), file, 3975 hsecname, symname, EC_WORD(hashndx), nbkt); 3976 } 3977 } 3978 3979 #define MAXCOUNT 500 3980 3981 static void 3982 hash(Cache *cache, Word shnum, const char *file, uint_t flags) 3983 { 3984 static int count[MAXCOUNT]; 3985 Word cnt; 3986 Word ndx, bkts, nchain; 3987 char number[MAXNDXSIZE]; 3988 3989 for (cnt = 1; cnt < shnum; cnt++) { 3990 Word *hash, *chain; 3991 Cache *_cache = &cache[cnt]; 3992 Shdr *sshdr, *hshdr = _cache->c_shdr; 3993 char *ssecname, *hsecname = _cache->c_name; 3994 Sym *syms; 3995 Word symn; 3996 3997 if (hshdr->sh_type != SHT_HASH) 3998 continue; 3999 4000 /* 4001 * Check the hash table data and size. 4002 */ 4003 if ((hshdr->sh_entsize == 0) || (hshdr->sh_size == 0)) { 4004 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4005 file, hsecname); 4006 continue; 4007 } 4008 if ((_cache->c_data == NULL) || 4009 (_cache->c_data->d_buf == NULL)) { 4010 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4011 file, hsecname); 4012 continue; 4013 } 4014 4015 hash = (Word *)_cache->c_data->d_buf; 4016 bkts = *hash++; 4017 nchain = *hash++; 4018 chain = hash + bkts; 4019 4020 /* 4021 * The section holds the sizes in addition to the buckets and 4022 * chains. 4023 */ 4024 if (_cache->c_data->d_size < 4025 (bkts + nchain + 2) * sizeof (uint_t)) { 4026 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4027 file, hsecname); 4028 continue; 4029 } 4030 4031 /* 4032 * Get the data buffer for the associated symbol table. 4033 */ 4034 if ((hshdr->sh_link == 0) || (hshdr->sh_link >= shnum)) { 4035 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 4036 file, hsecname, EC_WORD(hshdr->sh_link)); 4037 continue; 4038 } 4039 4040 _cache = &cache[hshdr->sh_link]; 4041 ssecname = _cache->c_name; 4042 4043 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 4044 continue; 4045 4046 if ((syms = (Sym *)_cache->c_data->d_buf) == NULL) { 4047 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4048 file, ssecname); 4049 continue; 4050 } 4051 4052 sshdr = _cache->c_shdr; 4053 4054 if ((sshdr->sh_entsize == 0) || (sshdr->sh_size == 0)) { 4055 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4056 file, ssecname); 4057 continue; 4058 } 4059 4060 /* LINTED */ 4061 symn = (Word)(sshdr->sh_size / sshdr->sh_entsize); 4062 4063 /* 4064 * Check that there is a chain for each symbol. 4065 */ 4066 if (symn > nchain) { 4067 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4068 file, ssecname); 4069 continue; 4070 } 4071 4072 /* 4073 * Get the associated string table section. 4074 */ 4075 if ((sshdr->sh_link == 0) || (sshdr->sh_link >= shnum)) { 4076 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 4077 file, ssecname, EC_WORD(sshdr->sh_link)); 4078 continue; 4079 } 4080 4081 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4082 dbg_print(0, MSG_INTL(MSG_ELF_SCN_HASH), hsecname); 4083 dbg_print(0, MSG_INTL(MSG_ELF_HASH_INFO)); 4084 4085 /* 4086 * Loop through the hash buckets, printing the appropriate 4087 * symbols. 4088 */ 4089 for (ndx = 0; ndx < bkts; ndx++, hash++) { 4090 Word _ndx, _cnt; 4091 4092 if (*hash == 0) { 4093 count[0]++; 4094 continue; 4095 } 4096 4097 /* 4098 * Each hash bucket must contain to a valid chain index. 4099 * Because the symbol table is checked to be the same 4100 * length as the chain array, this also implicitly 4101 * checks those bounds. 4102 */ 4103 if (*hash > nchain) { 4104 (void) fprintf(stderr, 4105 MSG_INTL(MSG_ERR_BADCHAINIDX), file, 4106 ssecname, EC_WORD(*hash), EC_WORD(ndx), 4107 EC_WORD(nchain)); 4108 continue; 4109 } 4110 4111 hash_entry(_cache, &cache[sshdr->sh_link], hsecname, 4112 ndx, *hash, symn, syms, file, bkts, flags, 0); 4113 4114 /* 4115 * Determine if any other symbols are chained to this 4116 * bucket. 4117 */ 4118 _ndx = chain[*hash]; 4119 _cnt = 1; 4120 while (_ndx) { 4121 if (_ndx > nchain) { 4122 (void) fprintf(stderr, 4123 MSG_INTL(MSG_ERR_BADCHAINIDX), file, 4124 ssecname, EC_WORD(_ndx), 4125 EC_WORD(ndx), EC_WORD(nchain)); 4126 break; 4127 } 4128 hash_entry(_cache, &cache[sshdr->sh_link], 4129 hsecname, ndx, _ndx, symn, syms, file, 4130 bkts, flags, 1); 4131 _ndx = chain[_ndx]; 4132 _cnt++; 4133 } 4134 4135 if (_cnt >= MAXCOUNT) { 4136 (void) fprintf(stderr, 4137 MSG_INTL(MSG_HASH_OVERFLW), file, 4138 _cache->c_name, EC_WORD(ndx), 4139 EC_WORD(_cnt)); 4140 } else 4141 count[_cnt]++; 4142 } 4143 break; 4144 } 4145 4146 /* 4147 * Print out the count information. 4148 */ 4149 bkts = cnt = 0; 4150 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4151 4152 for (ndx = 0; ndx < MAXCOUNT; ndx++) { 4153 Word _cnt; 4154 4155 if ((_cnt = count[ndx]) == 0) 4156 continue; 4157 4158 (void) snprintf(number, MAXNDXSIZE, 4159 MSG_ORIG(MSG_FMT_INTEGER), _cnt); 4160 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS1), number, 4161 EC_WORD(ndx)); 4162 bkts += _cnt; 4163 cnt += (Word)(ndx * _cnt); 4164 } 4165 if (cnt) { 4166 (void) snprintf(number, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 4167 bkts); 4168 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS2), number, 4169 EC_WORD(cnt)); 4170 } 4171 } 4172 4173 static void 4174 group(Cache *cache, Word shnum, const char *file, uint_t flags) 4175 { 4176 Word scnt; 4177 4178 for (scnt = 1; scnt < shnum; scnt++) { 4179 Cache *_cache = &cache[scnt]; 4180 Shdr *shdr = _cache->c_shdr; 4181 Word *grpdata, gcnt, grpcnt, symnum, unknown; 4182 Cache *symsec, *strsec; 4183 Sym *syms, *sym; 4184 char flgstrbuf[MSG_GRP_COMDAT_SIZE + 10]; 4185 const char *grpnam; 4186 4187 if (shdr->sh_type != SHT_GROUP) 4188 continue; 4189 if (!match(MATCH_F_ALL, _cache->c_name, scnt, shdr->sh_type)) 4190 continue; 4191 if ((_cache->c_data == NULL) || 4192 ((grpdata = (Word *)_cache->c_data->d_buf) == NULL)) 4193 continue; 4194 grpcnt = shdr->sh_size / sizeof (Word); 4195 4196 /* 4197 * Get the data buffer for the associated symbol table and 4198 * string table. 4199 */ 4200 if (stringtbl(cache, 1, scnt, shnum, file, 4201 &symnum, &symsec, &strsec) == 0) 4202 return; 4203 4204 syms = symsec->c_data->d_buf; 4205 4206 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4207 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GRP), _cache->c_name); 4208 dbg_print(0, MSG_INTL(MSG_GRP_TITLE)); 4209 4210 /* 4211 * The first element of the group defines the group. The 4212 * associated symbol is defined by the sh_link field. 4213 */ 4214 if ((shdr->sh_info == SHN_UNDEF) || (shdr->sh_info > symnum)) { 4215 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 4216 file, _cache->c_name, EC_WORD(shdr->sh_info)); 4217 return; 4218 } 4219 4220 (void) strcpy(flgstrbuf, MSG_ORIG(MSG_STR_OSQBRKT)); 4221 if (grpdata[0] & GRP_COMDAT) { 4222 (void) strcat(flgstrbuf, MSG_ORIG(MSG_GRP_COMDAT)); 4223 } 4224 if ((unknown = (grpdata[0] & ~GRP_COMDAT)) != 0) { 4225 size_t len = strlen(flgstrbuf); 4226 4227 (void) snprintf(&flgstrbuf[len], 4228 (MSG_GRP_COMDAT_SIZE + 10 - len), 4229 MSG_ORIG(MSG_GRP_UNKNOWN), unknown); 4230 } 4231 (void) strcat(flgstrbuf, MSG_ORIG(MSG_STR_CSQBRKT)); 4232 sym = (Sym *)(syms + shdr->sh_info); 4233 4234 /* 4235 * The GNU assembler can use section symbols as the signature 4236 * symbol as described by this comment in the gold linker 4237 * (found via google): 4238 * 4239 * It seems that some versions of gas will create a 4240 * section group associated with a section symbol, and 4241 * then fail to give a name to the section symbol. In 4242 * such a case, use the name of the section. 4243 * 4244 * In order to support such objects, we do the same. 4245 */ 4246 grpnam = string(_cache, 0, strsec, file, sym->st_name); 4247 if (((sym->st_name == 0) || (*grpnam == '\0')) && 4248 (ELF_ST_TYPE(sym->st_info) == STT_SECTION)) 4249 grpnam = cache[sym->st_shndx].c_name; 4250 4251 dbg_print(0, MSG_INTL(MSG_GRP_SIGNATURE), flgstrbuf, 4252 demangle(grpnam, flags)); 4253 4254 for (gcnt = 1; gcnt < grpcnt; gcnt++) { 4255 char index[MAXNDXSIZE]; 4256 const char *name; 4257 4258 (void) snprintf(index, MAXNDXSIZE, 4259 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(gcnt)); 4260 4261 if (grpdata[gcnt] >= shnum) 4262 name = MSG_INTL(MSG_GRP_INVALSCN); 4263 else 4264 name = cache[grpdata[gcnt]].c_name; 4265 4266 (void) printf(MSG_ORIG(MSG_GRP_ENTRY), index, name, 4267 EC_XWORD(grpdata[gcnt])); 4268 } 4269 } 4270 } 4271 4272 static void 4273 got(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 4274 { 4275 Cache *gotcache = NULL, *symtab = NULL; 4276 Addr gotbgn, gotend; 4277 Shdr *gotshdr; 4278 Word cnt, gotents, gotndx; 4279 size_t gentsize; 4280 Got_info *gottable; 4281 char *gotdata; 4282 Sym *gotsym; 4283 Xword gotsymaddr; 4284 uint_t sys_encoding; 4285 4286 /* 4287 * First, find the got. 4288 */ 4289 for (cnt = 1; cnt < shnum; cnt++) { 4290 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 4291 MSG_ELF_GOT_SIZE) == 0) { 4292 gotcache = &cache[cnt]; 4293 break; 4294 } 4295 } 4296 if (gotcache == NULL) 4297 return; 4298 4299 /* 4300 * A got section within a relocatable object is suspicious. 4301 */ 4302 if (ehdr->e_type == ET_REL) { 4303 (void) fprintf(stderr, MSG_INTL(MSG_GOT_UNEXPECTED), file, 4304 gotcache->c_name); 4305 } 4306 4307 gotshdr = gotcache->c_shdr; 4308 if (gotshdr->sh_size == 0) { 4309 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4310 file, gotcache->c_name); 4311 return; 4312 } 4313 4314 gotbgn = gotshdr->sh_addr; 4315 gotend = gotbgn + gotshdr->sh_size; 4316 4317 /* 4318 * Some architectures don't properly set the sh_entsize for the GOT 4319 * table. If it's not set, default to a size of a pointer. 4320 */ 4321 if ((gentsize = gotshdr->sh_entsize) == 0) 4322 gentsize = sizeof (Xword); 4323 4324 if ((gotcache->c_data == NULL) || (gotcache->c_data->d_buf == NULL)) 4325 return; 4326 4327 /* LINTED */ 4328 gotents = (Word)(gotshdr->sh_size / gentsize); 4329 gotdata = gotcache->c_data->d_buf; 4330 4331 if ((gottable = calloc(gotents, sizeof (Got_info))) == 0) { 4332 int err = errno; 4333 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), file, 4334 strerror(err)); 4335 return; 4336 } 4337 4338 /* 4339 * Now we scan through all the sections looking for any relocations 4340 * that may be against the GOT. Since these may not be isolated to a 4341 * .rel[a].got section we check them all. 4342 * While scanning sections save the symbol table entry (a symtab 4343 * overriding a dynsym) so that we can lookup _GLOBAL_OFFSET_TABLE_. 4344 */ 4345 for (cnt = 1; cnt < shnum; cnt++) { 4346 Word type, symnum; 4347 Xword relndx, relnum, relsize; 4348 void *rels; 4349 Sym *syms; 4350 Cache *symsec, *strsec; 4351 Cache *_cache = &cache[cnt]; 4352 Shdr *shdr; 4353 4354 shdr = _cache->c_shdr; 4355 type = shdr->sh_type; 4356 4357 if ((symtab == 0) && (type == SHT_DYNSYM)) { 4358 symtab = _cache; 4359 continue; 4360 } 4361 if (type == SHT_SYMTAB) { 4362 symtab = _cache; 4363 continue; 4364 } 4365 if ((type != SHT_RELA) && (type != SHT_REL)) 4366 continue; 4367 4368 /* 4369 * Decide entry size. 4370 */ 4371 if (((relsize = shdr->sh_entsize) == 0) || 4372 (relsize > shdr->sh_size)) { 4373 if (type == SHT_RELA) 4374 relsize = sizeof (Rela); 4375 else 4376 relsize = sizeof (Rel); 4377 } 4378 4379 /* 4380 * Determine the number of relocations available. 4381 */ 4382 if (shdr->sh_size == 0) { 4383 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4384 file, _cache->c_name); 4385 continue; 4386 } 4387 if ((_cache->c_data == NULL) || (_cache->c_data->d_buf == NULL)) 4388 continue; 4389 4390 rels = _cache->c_data->d_buf; 4391 relnum = shdr->sh_size / relsize; 4392 4393 /* 4394 * Get the data buffer for the associated symbol table and 4395 * string table. 4396 */ 4397 if (stringtbl(cache, 1, cnt, shnum, file, 4398 &symnum, &symsec, &strsec) == 0) 4399 continue; 4400 4401 syms = symsec->c_data->d_buf; 4402 4403 /* 4404 * Loop through the relocation entries. 4405 */ 4406 for (relndx = 0; relndx < relnum; relndx++, 4407 rels = (void *)((char *)rels + relsize)) { 4408 char section[BUFSIZ]; 4409 Addr offset; 4410 Got_info *gip; 4411 Word symndx, reltype; 4412 Rela *rela; 4413 Rel *rel; 4414 4415 /* 4416 * Unravel the relocation. 4417 */ 4418 if (type == SHT_RELA) { 4419 rela = (Rela *)rels; 4420 symndx = ELF_R_SYM(rela->r_info); 4421 reltype = ELF_R_TYPE(rela->r_info, 4422 ehdr->e_machine); 4423 offset = rela->r_offset; 4424 } else { 4425 rel = (Rel *)rels; 4426 symndx = ELF_R_SYM(rel->r_info); 4427 reltype = ELF_R_TYPE(rel->r_info, 4428 ehdr->e_machine); 4429 offset = rel->r_offset; 4430 } 4431 4432 /* 4433 * Only pay attention to relocations against the GOT. 4434 */ 4435 if ((offset < gotbgn) || (offset >= gotend)) 4436 continue; 4437 4438 if ((gotshdr->sh_entsize == 0) || 4439 (gotshdr->sh_size == 0)) { 4440 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4441 file, gotcache->c_name); 4442 continue; 4443 } 4444 4445 /* LINTED */ 4446 gotndx = (Word)((offset - gotbgn) / 4447 gotshdr->sh_entsize); 4448 gip = &gottable[gotndx]; 4449 4450 if (gip->g_reltype != 0) { 4451 (void) fprintf(stderr, 4452 MSG_INTL(MSG_GOT_MULTIPLE), file, 4453 EC_WORD(gotndx), EC_ADDR(offset)); 4454 continue; 4455 } 4456 4457 if (symndx) 4458 gip->g_symname = relsymname(cache, _cache, 4459 strsec, symndx, symnum, relndx, syms, 4460 section, BUFSIZ, file); 4461 gip->g_reltype = reltype; 4462 gip->g_rel = rels; 4463 } 4464 } 4465 4466 if (symlookup(MSG_ORIG(MSG_SYM_GOT), cache, shnum, &gotsym, NULL, 4467 symtab, file)) 4468 gotsymaddr = gotsym->st_value; 4469 else 4470 gotsymaddr = gotbgn; 4471 4472 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4473 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GOT), gotcache->c_name); 4474 Elf_got_title(0); 4475 4476 sys_encoding = _elf_sys_encoding(); 4477 for (gotndx = 0; gotndx < gotents; gotndx++) { 4478 Got_info *gip; 4479 Sword gindex; 4480 Addr gaddr; 4481 Xword gotentry; 4482 4483 gip = &gottable[gotndx]; 4484 4485 gaddr = gotbgn + (gotndx * gentsize); 4486 gindex = (Sword)(gaddr - gotsymaddr) / (Sword)gentsize; 4487 4488 if (gentsize == sizeof (Word)) 4489 /* LINTED */ 4490 gotentry = (Xword)(*((Word *)(gotdata) + gotndx)); 4491 else 4492 /* LINTED */ 4493 gotentry = *((Xword *)(gotdata) + gotndx); 4494 4495 Elf_got_entry(0, gindex, gaddr, gotentry, ehdr->e_machine, 4496 ehdr->e_ident[EI_DATA], sys_encoding, 4497 gip->g_reltype, gip->g_rel, gip->g_symname); 4498 } 4499 free(gottable); 4500 } 4501 4502 void 4503 checksum(Elf *elf) 4504 { 4505 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4506 dbg_print(0, MSG_INTL(MSG_STR_CHECKSUM), elf_checksum(elf)); 4507 } 4508 4509 /* 4510 * This variable is used by regular() to communicate the address of 4511 * the section header cache to sort_shdr_ndx_arr(). Unfortunately, 4512 * the qsort() interface does not include a userdata argument by which 4513 * such arbitrary data can be passed, so we are stuck using global data. 4514 */ 4515 static Cache *sort_shdr_ndx_arr_cache; 4516 4517 4518 /* 4519 * Used with qsort() to sort the section indices so that they can be 4520 * used to access the section headers in order of increasing data offset. 4521 * 4522 * entry: 4523 * sort_shdr_ndx_arr_cache - Contains address of 4524 * section header cache. 4525 * v1, v2 - Point at elements of sort_shdr_bits array to be compared. 4526 * 4527 * exit: 4528 * Returns -1 (less than), 0 (equal) or 1 (greater than). 4529 */ 4530 static int 4531 sort_shdr_ndx_arr(const void *v1, const void *v2) 4532 { 4533 Cache *cache1 = sort_shdr_ndx_arr_cache + *((size_t *)v1); 4534 Cache *cache2 = sort_shdr_ndx_arr_cache + *((size_t *)v2); 4535 4536 if (cache1->c_shdr->sh_offset < cache2->c_shdr->sh_offset) 4537 return (-1); 4538 4539 if (cache1->c_shdr->sh_offset > cache2->c_shdr->sh_offset) 4540 return (1); 4541 4542 return (0); 4543 } 4544 4545 4546 static int 4547 shdr_cache(const char *file, Elf *elf, Ehdr *ehdr, size_t shstrndx, 4548 size_t shnum, Cache **cache_ret, Word flags) 4549 { 4550 Elf_Scn *scn; 4551 Elf_Data *data; 4552 size_t ndx; 4553 Shdr *nameshdr; 4554 char *names = NULL; 4555 Cache *cache, *_cache; 4556 size_t *shdr_ndx_arr, shdr_ndx_arr_cnt; 4557 4558 4559 /* 4560 * Obtain the .shstrtab data buffer to provide the required section 4561 * name strings. 4562 */ 4563 if (shstrndx == SHN_UNDEF) { 4564 /* 4565 * It is rare, but legal, for an object to lack a 4566 * header string table section. 4567 */ 4568 names = NULL; 4569 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHSTRSEC), file); 4570 } else if ((scn = elf_getscn(elf, shstrndx)) == NULL) { 4571 failure(file, MSG_ORIG(MSG_ELF_GETSCN)); 4572 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SHDR), 4573 EC_XWORD(shstrndx)); 4574 4575 } else if ((data = elf_getdata(scn, NULL)) == NULL) { 4576 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4577 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_DATA), 4578 EC_XWORD(shstrndx)); 4579 4580 } else if ((nameshdr = elf_getshdr(scn)) == NULL) { 4581 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4582 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4583 EC_WORD(elf_ndxscn(scn))); 4584 4585 } else if ((names = data->d_buf) == NULL) 4586 (void) fprintf(stderr, MSG_INTL(MSG_ERR_SHSTRNULL), file); 4587 4588 /* 4589 * Allocate a cache to maintain a descriptor for each section. 4590 */ 4591 if ((*cache_ret = cache = malloc(shnum * sizeof (Cache))) == NULL) { 4592 int err = errno; 4593 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4594 file, strerror(err)); 4595 return (0); 4596 } 4597 4598 *cache = cache_init; 4599 _cache = cache; 4600 _cache++; 4601 4602 /* 4603 * Allocate an array that will hold the section index for 4604 * each section that has data in the ELF file: 4605 * 4606 * - Is not a NOBITS section 4607 * - Data has non-zero length 4608 * 4609 * Note that shnum is an upper bound on the size required. It 4610 * is likely that we won't use a few of these array elements. 4611 * Allocating a modest amount of extra memory in this case means 4612 * that we can avoid an extra loop to count the number of needed 4613 * items, and can fill this array immediately in the first loop 4614 * below. 4615 */ 4616 if ((shdr_ndx_arr = malloc(shnum * sizeof (*shdr_ndx_arr))) == NULL) { 4617 int err = errno; 4618 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4619 file, strerror(err)); 4620 return (0); 4621 } 4622 shdr_ndx_arr_cnt = 0; 4623 4624 /* 4625 * Traverse the sections of the file. This gathering of data is 4626 * carried out in two passes. First, the section headers are captured 4627 * and the section header names are evaluated. A verification pass is 4628 * then carried out over the section information. Files have been 4629 * known to exhibit overlapping (and hence erroneous) section header 4630 * information. 4631 * 4632 * Finally, the data for each section is obtained. This processing is 4633 * carried out after section verification because should any section 4634 * header overlap occur, and a file needs translating (ie. xlate'ing 4635 * information from a non-native architecture file), then the process 4636 * of translation can corrupt the section header information. Of 4637 * course, if there is any section overlap, the data related to the 4638 * sections is going to be compromised. However, it is the translation 4639 * of this data that has caused problems with elfdump()'s ability to 4640 * extract the data. 4641 */ 4642 for (ndx = 1, scn = NULL; scn = elf_nextscn(elf, scn); 4643 ndx++, _cache++) { 4644 char scnndxnm[100]; 4645 4646 _cache->c_ndx = ndx; 4647 _cache->c_scn = scn; 4648 4649 if ((_cache->c_shdr = elf_getshdr(scn)) == NULL) { 4650 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4651 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4652 EC_WORD(elf_ndxscn(scn))); 4653 } 4654 4655 /* 4656 * If this section has data in the file, include it in 4657 * the array of sections to check for address overlap. 4658 */ 4659 if ((_cache->c_shdr->sh_size != 0) && 4660 (_cache->c_shdr->sh_type != SHT_NOBITS)) 4661 shdr_ndx_arr[shdr_ndx_arr_cnt++] = ndx; 4662 4663 /* 4664 * If a shstrtab exists, assign the section name. 4665 */ 4666 if (names && _cache->c_shdr) { 4667 if (_cache->c_shdr->sh_name && 4668 /* LINTED */ 4669 (nameshdr->sh_size > _cache->c_shdr->sh_name)) { 4670 const char *symname; 4671 char *secname; 4672 4673 secname = names + _cache->c_shdr->sh_name; 4674 4675 /* 4676 * A SUN naming convention employs a "%" within 4677 * a section name to indicate a section/symbol 4678 * name. This originated from the compilers 4679 * -xF option, that places functions into their 4680 * own sections. This convention (which has no 4681 * formal standard) has also been followed for 4682 * COMDAT sections. To demangle the symbol 4683 * name, the name must be separated from the 4684 * section name. 4685 */ 4686 if (((flags & FLG_CTL_DEMANGLE) == 0) || 4687 ((symname = strchr(secname, '%')) == NULL)) 4688 _cache->c_name = secname; 4689 else { 4690 size_t secsz = ++symname - secname; 4691 size_t strsz; 4692 4693 symname = demangle(symname, flags); 4694 strsz = secsz + strlen(symname) + 1; 4695 4696 if ((_cache->c_name = 4697 malloc(strsz)) == NULL) { 4698 int err = errno; 4699 (void) fprintf(stderr, 4700 MSG_INTL(MSG_ERR_MALLOC), 4701 file, strerror(err)); 4702 return (0); 4703 } 4704 (void) snprintf(_cache->c_name, strsz, 4705 MSG_ORIG(MSG_FMT_SECSYM), 4706 EC_WORD(secsz), secname, symname); 4707 } 4708 4709 continue; 4710 } 4711 4712 /* 4713 * Generate an error if the section name index is zero 4714 * or exceeds the shstrtab data. Fall through to 4715 * fabricate a section name. 4716 */ 4717 if ((_cache->c_shdr->sh_name == 0) || 4718 /* LINTED */ 4719 (nameshdr->sh_size <= _cache->c_shdr->sh_name)) { 4720 (void) fprintf(stderr, 4721 MSG_INTL(MSG_ERR_BADSHNAME), file, 4722 EC_WORD(ndx), 4723 EC_XWORD(_cache->c_shdr->sh_name)); 4724 } 4725 } 4726 4727 /* 4728 * If there exists no shstrtab data, or a section header has no 4729 * name (an invalid index of 0), then compose a name for the 4730 * section. 4731 */ 4732 (void) snprintf(scnndxnm, sizeof (scnndxnm), 4733 MSG_INTL(MSG_FMT_SCNNDX), ndx); 4734 4735 if ((_cache->c_name = malloc(strlen(scnndxnm) + 1)) == NULL) { 4736 int err = errno; 4737 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4738 file, strerror(err)); 4739 return (0); 4740 } 4741 (void) strcpy(_cache->c_name, scnndxnm); 4742 } 4743 4744 /* 4745 * Having collected all the sections, validate their address range. 4746 * Cases have existed where the section information has been invalid. 4747 * This can lead to all sorts of other, hard to diagnose errors, as 4748 * each section is processed individually (ie. with elf_getdata()). 4749 * Here, we carry out some address comparisons to catch a family of 4750 * overlapping memory issues we have observed (likely, there are others 4751 * that we have yet to discover). 4752 * 4753 * Note, should any memory overlap occur, obtaining any additional 4754 * data from the file is questionable. However, it might still be 4755 * possible to inspect the ELF header, Programs headers, or individual 4756 * sections, so rather than bailing on an error condition, continue 4757 * processing to see if any data can be salvaged. 4758 */ 4759 if (shdr_ndx_arr_cnt > 1) { 4760 sort_shdr_ndx_arr_cache = cache; 4761 qsort(shdr_ndx_arr, shdr_ndx_arr_cnt, 4762 sizeof (*shdr_ndx_arr), sort_shdr_ndx_arr); 4763 } 4764 for (ndx = 0; ndx < shdr_ndx_arr_cnt; ndx++) { 4765 Cache *_cache = cache + shdr_ndx_arr[ndx]; 4766 Shdr *shdr = _cache->c_shdr; 4767 Off bgn1, bgn = shdr->sh_offset; 4768 Off end1, end = shdr->sh_offset + shdr->sh_size; 4769 size_t ndx1; 4770 4771 /* 4772 * Check the section against all following ones, reporting 4773 * any overlaps. Since we've sorted the sections by offset, 4774 * we can stop after the first comparison that fails. There 4775 * are no overlaps in a properly formed ELF file, in which 4776 * case this algorithm runs in O(n) time. This will degenerate 4777 * to O(n^2) for a completely broken file. Such a file is 4778 * (1) highly unlikely, and (2) unusable, so it is reasonable 4779 * for the analysis to take longer. 4780 */ 4781 for (ndx1 = ndx + 1; ndx1 < shdr_ndx_arr_cnt; ndx1++) { 4782 Cache *_cache1 = cache + shdr_ndx_arr[ndx1]; 4783 Shdr *shdr1 = _cache1->c_shdr; 4784 4785 bgn1 = shdr1->sh_offset; 4786 end1 = shdr1->sh_offset + shdr1->sh_size; 4787 4788 if (((bgn1 <= bgn) && (end1 > bgn)) || 4789 ((bgn1 < end) && (end1 >= end))) { 4790 (void) fprintf(stderr, 4791 MSG_INTL(MSG_ERR_SECMEMOVER), file, 4792 EC_WORD(elf_ndxscn(_cache->c_scn)), 4793 _cache->c_name, EC_OFF(bgn), EC_OFF(end), 4794 EC_WORD(elf_ndxscn(_cache1->c_scn)), 4795 _cache1->c_name, EC_OFF(bgn1), 4796 EC_OFF(end1)); 4797 } else { /* No overlap, so can stop */ 4798 break; 4799 } 4800 } 4801 4802 /* 4803 * In addition to checking for sections overlapping 4804 * each other (done above), we should also make sure 4805 * the section doesn't overlap the section header array. 4806 */ 4807 bgn1 = ehdr->e_shoff; 4808 end1 = ehdr->e_shoff + (ehdr->e_shentsize * ehdr->e_shnum); 4809 4810 if (((bgn1 <= bgn) && (end1 > bgn)) || 4811 ((bgn1 < end) && (end1 >= end))) { 4812 (void) fprintf(stderr, 4813 MSG_INTL(MSG_ERR_SHDRMEMOVER), file, EC_OFF(bgn1), 4814 EC_OFF(end1), 4815 EC_WORD(elf_ndxscn(_cache->c_scn)), 4816 _cache->c_name, EC_OFF(bgn), EC_OFF(end)); 4817 } 4818 } 4819 4820 /* 4821 * Obtain the data for each section. 4822 */ 4823 for (ndx = 1; ndx < shnum; ndx++) { 4824 Cache *_cache = &cache[ndx]; 4825 Elf_Scn *scn = _cache->c_scn; 4826 4827 if ((_cache->c_data = elf_getdata(scn, NULL)) == NULL) { 4828 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4829 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCNDATA), 4830 EC_WORD(elf_ndxscn(scn))); 4831 } 4832 4833 /* 4834 * If a string table, verify that it has NULL first and 4835 * final bytes. 4836 */ 4837 if ((_cache->c_shdr->sh_type == SHT_STRTAB) && 4838 (_cache->c_data != NULL) && 4839 (_cache->c_data->d_buf != NULL) && 4840 (_cache->c_data->d_size > 0)) { 4841 const char *s = _cache->c_data->d_buf; 4842 4843 if ((*s != '\0') || 4844 (*(s + _cache->c_data->d_size - 1) != '\0')) 4845 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALSTR), 4846 file, _cache->c_name); 4847 } 4848 } 4849 4850 return (1); 4851 } 4852 4853 4854 4855 /* 4856 * Generate a cache of section headers and related information 4857 * for use by the rest of elfdump. If requested (or the file 4858 * contains no section headers), we generate a fake set of 4859 * headers from the information accessible from the program headers. 4860 * Otherwise, we use the real section headers contained in the file. 4861 */ 4862 static int 4863 create_cache(const char *file, int fd, Elf *elf, Ehdr *ehdr, Cache **cache, 4864 size_t shstrndx, size_t *shnum, uint_t *flags) 4865 { 4866 /* 4867 * If there are no section headers, then resort to synthesizing 4868 * section headers from the program headers. This is normally 4869 * only done by explicit request, but in this case there's no 4870 * reason not to go ahead, since the alternative is simply to quit. 4871 */ 4872 if ((*shnum <= 1) && ((*flags & FLG_CTL_FAKESHDR) == 0)) { 4873 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHDR), file); 4874 *flags |= FLG_CTL_FAKESHDR; 4875 } 4876 4877 if (*flags & FLG_CTL_FAKESHDR) { 4878 if (fake_shdr_cache(file, fd, elf, ehdr, cache, shnum) == 0) 4879 return (0); 4880 } else { 4881 if (shdr_cache(file, elf, ehdr, shstrndx, *shnum, 4882 cache, *flags) == 0) 4883 return (0); 4884 } 4885 4886 return (1); 4887 } 4888 4889 int 4890 regular(const char *file, int fd, Elf *elf, uint_t flags, 4891 const char *wname, int wfd, uchar_t osabi) 4892 { 4893 enum { CACHE_NEEDED, CACHE_OK, CACHE_FAIL} cache_state = CACHE_NEEDED; 4894 Elf_Scn *scn; 4895 Ehdr *ehdr; 4896 size_t ndx, shstrndx, shnum, phnum; 4897 Shdr *shdr; 4898 Cache *cache; 4899 VERSYM_STATE versym = { 0 }; 4900 int ret = 0; 4901 int addr_align; 4902 4903 if ((ehdr = elf_getehdr(elf)) == NULL) { 4904 failure(file, MSG_ORIG(MSG_ELF_GETEHDR)); 4905 return (ret); 4906 } 4907 4908 if (elf_getshdrnum(elf, &shnum) == -1) { 4909 failure(file, MSG_ORIG(MSG_ELF_GETSHDRNUM)); 4910 return (ret); 4911 } 4912 4913 if (elf_getshdrstrndx(elf, &shstrndx) == -1) { 4914 failure(file, MSG_ORIG(MSG_ELF_GETSHDRSTRNDX)); 4915 return (ret); 4916 } 4917 4918 if (elf_getphdrnum(elf, &phnum) == -1) { 4919 failure(file, MSG_ORIG(MSG_ELF_GETPHDRNUM)); 4920 return (ret); 4921 } 4922 /* 4923 * If the user requested section headers derived from the 4924 * program headers (-P option) and this file doesn't have 4925 * any program headers (i.e. ET_REL), then we can't do it. 4926 */ 4927 if ((phnum == 0) && (flags & FLG_CTL_FAKESHDR)) { 4928 (void) fprintf(stderr, MSG_INTL(MSG_ERR_PNEEDSPH), file); 4929 return (ret); 4930 } 4931 4932 4933 if ((scn = elf_getscn(elf, 0)) != NULL) { 4934 if ((shdr = elf_getshdr(scn)) == NULL) { 4935 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4936 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 0); 4937 return (ret); 4938 } 4939 } else 4940 shdr = NULL; 4941 4942 /* 4943 * Print the elf header. 4944 */ 4945 if (flags & FLG_SHOW_EHDR) 4946 Elf_ehdr(0, ehdr, shdr); 4947 4948 /* 4949 * If the section headers or program headers have inadequate 4950 * alignment for the class of object, print a warning. libelf 4951 * can handle such files, but programs that use them can crash 4952 * when they dereference unaligned items. 4953 * 4954 * Note that the AMD64 ABI, although it is a 64-bit architecture, 4955 * allows access to data types smaller than 128-bits to be on 4956 * word alignment. 4957 */ 4958 if (ehdr->e_machine == EM_AMD64) 4959 addr_align = sizeof (Word); 4960 else 4961 addr_align = sizeof (Addr); 4962 4963 if (ehdr->e_phoff & (addr_align - 1)) 4964 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADPHDRALIGN), file); 4965 if (ehdr->e_shoff & (addr_align - 1)) 4966 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHDRALIGN), file); 4967 4968 4969 /* 4970 * Determine the Operating System ABI (osabi) we will use to 4971 * interpret the object. 4972 */ 4973 if (flags & FLG_CTL_OSABI) { 4974 /* 4975 * If the user explicitly specifies '-O none', we need 4976 * to display a completely generic view of the file. 4977 * However, libconv is written to assume that ELFOSABI_NONE 4978 * is equivalent to ELFOSABI_SOLARIS. To get the desired 4979 * effect, we use an osabi that libconv has no knowledge of. 4980 */ 4981 if (osabi == ELFOSABI_NONE) 4982 osabi = ELFOSABI_UNKNOWN4; 4983 } else { 4984 /* Determine osabi from file */ 4985 osabi = ehdr->e_ident[EI_OSABI]; 4986 if (osabi == ELFOSABI_NONE) { 4987 /* 4988 * Chicken/Egg scenario: 4989 * 4990 * Ideally, we wait to create the section header cache 4991 * until after the program headers are printed. If we 4992 * only output program headers, we can skip building 4993 * the cache entirely. 4994 * 4995 * Proper interpretation of program headers requires 4996 * the osabi, which is supposed to be in the ELF header. 4997 * However, many systems (Solaris and Linux included) 4998 * have a history of setting the osabi to the generic 4999 * SysV ABI (ELFOSABI_NONE). We assume ELFOSABI_SOLARIS 5000 * in such cases, but would like to check the object 5001 * to see if it has a Linux .note.ABI-tag section, 5002 * which implies ELFOSABI_LINUX. This requires a 5003 * section header cache. 5004 * 5005 * To break the cycle, we create section headers now 5006 * if osabi is ELFOSABI_NONE, and later otherwise. 5007 * If it succeeds, we use them, if not, we defer 5008 * exiting until after the program headers are out. 5009 */ 5010 if (create_cache(file, fd, elf, ehdr, &cache, 5011 shstrndx, &shnum, &flags) == 0) { 5012 cache_state = CACHE_FAIL; 5013 } else { 5014 cache_state = CACHE_OK; 5015 if (has_linux_abi_note(cache, shnum, file)) { 5016 Conv_inv_buf_t ibuf1, ibuf2; 5017 5018 (void) fprintf(stderr, 5019 MSG_INTL(MSG_INFO_LINUXOSABI), file, 5020 conv_ehdr_osabi(osabi, 0, &ibuf1), 5021 conv_ehdr_osabi(ELFOSABI_LINUX, 5022 0, &ibuf2)); 5023 osabi = ELFOSABI_LINUX; 5024 } 5025 } 5026 } 5027 /* 5028 * We treat ELFOSABI_NONE identically to ELFOSABI_SOLARIS. 5029 * Mapping NONE to SOLARIS simplifies the required test. 5030 */ 5031 if (osabi == ELFOSABI_NONE) 5032 osabi = ELFOSABI_SOLARIS; 5033 } 5034 5035 /* 5036 * Print the program headers. 5037 */ 5038 if ((flags & FLG_SHOW_PHDR) && (phnum != 0)) { 5039 Phdr *phdr; 5040 5041 if ((phdr = elf_getphdr(elf)) == NULL) { 5042 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 5043 return (ret); 5044 } 5045 5046 for (ndx = 0; ndx < phnum; phdr++, ndx++) { 5047 if (!match(MATCH_F_PHDR| MATCH_F_NDX | MATCH_F_TYPE, 5048 NULL, ndx, phdr->p_type)) 5049 continue; 5050 5051 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 5052 dbg_print(0, MSG_INTL(MSG_ELF_PHDR), EC_WORD(ndx)); 5053 Elf_phdr(0, osabi, ehdr->e_machine, phdr); 5054 } 5055 } 5056 5057 /* 5058 * If we have flag bits set that explicitly require a show or calc 5059 * operation, but none of them require the section headers, then 5060 * we are done and can return now. 5061 */ 5062 if (((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) != 0) && 5063 ((flags & (FLG_MASK_SHOW_SHDR | FLG_MASK_CALC_SHDR)) == 0)) 5064 return (ret); 5065 5066 /* 5067 * Everything from this point on requires section headers. 5068 * If we have no section headers, there is no reason to continue. 5069 * 5070 * If we tried above to create the section header cache and failed, 5071 * it is time to exit. Otherwise, create it if needed. 5072 */ 5073 switch (cache_state) { 5074 case CACHE_NEEDED: 5075 if (create_cache(file, fd, elf, ehdr, &cache, shstrndx, 5076 &shnum, &flags) == 0) 5077 return (ret); 5078 break; 5079 case CACHE_OK: 5080 break; 5081 case CACHE_FAIL: 5082 return (ret); 5083 } 5084 if (shnum <= 1) 5085 goto done; 5086 5087 /* 5088 * If -w was specified, find and write out the section(s) data. 5089 */ 5090 if (wfd) { 5091 for (ndx = 1; ndx < shnum; ndx++) { 5092 Cache *_cache = &cache[ndx]; 5093 5094 if (match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 5095 ndx, _cache->c_shdr->sh_type) && 5096 _cache->c_data && _cache->c_data->d_buf) { 5097 if (write(wfd, _cache->c_data->d_buf, 5098 _cache->c_data->d_size) != 5099 _cache->c_data->d_size) { 5100 int err = errno; 5101 (void) fprintf(stderr, 5102 MSG_INTL(MSG_ERR_WRITE), wname, 5103 strerror(err)); 5104 /* 5105 * Return an exit status of 1, because 5106 * the failure is not related to the 5107 * ELF file, but by system resources. 5108 */ 5109 ret = 1; 5110 goto done; 5111 } 5112 } 5113 } 5114 } 5115 5116 /* 5117 * If we have no flag bits set that explicitly require a show or calc 5118 * operation, but match options (-I, -N, -T) were used, then run 5119 * through the section headers and see if we can't deduce show flags 5120 * from the match options given. 5121 * 5122 * We don't do this if -w was specified, because (-I, -N, -T) used 5123 * with -w in lieu of some other option is supposed to be quiet. 5124 */ 5125 if ((wfd == 0) && (flags & FLG_CTL_MATCH) && 5126 ((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) == 0)) { 5127 for (ndx = 1; ndx < shnum; ndx++) { 5128 Cache *_cache = &cache[ndx]; 5129 5130 if (!match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 5131 ndx, _cache->c_shdr->sh_type)) 5132 continue; 5133 5134 switch (_cache->c_shdr->sh_type) { 5135 case SHT_PROGBITS: 5136 /* 5137 * Heuristic time: It is usually bad form 5138 * to assume the meaning/format of a PROGBITS 5139 * section based on its name. However, there 5140 * are ABI mandated exceptions. Check for 5141 * these special names. 5142 */ 5143 5144 /* The ELF ABI specifies .interp and .got */ 5145 if (strcmp(_cache->c_name, 5146 MSG_ORIG(MSG_ELF_INTERP)) == 0) { 5147 flags |= FLG_SHOW_INTERP; 5148 break; 5149 } 5150 if (strcmp(_cache->c_name, 5151 MSG_ORIG(MSG_ELF_GOT)) == 0) { 5152 flags |= FLG_SHOW_GOT; 5153 break; 5154 } 5155 /* 5156 * The GNU compilers, and amd64 ABI, define 5157 * .eh_frame and .eh_frame_hdr. The Sun 5158 * C++ ABI defines .exception_ranges. 5159 */ 5160 if ((strncmp(_cache->c_name, 5161 MSG_ORIG(MSG_SCN_FRM), 5162 MSG_SCN_FRM_SIZE) == 0) || 5163 (strncmp(_cache->c_name, 5164 MSG_ORIG(MSG_SCN_EXRANGE), 5165 MSG_SCN_EXRANGE_SIZE) == 0)) { 5166 flags |= FLG_SHOW_UNWIND; 5167 break; 5168 } 5169 break; 5170 5171 case SHT_SYMTAB: 5172 case SHT_DYNSYM: 5173 case SHT_SUNW_LDYNSYM: 5174 case SHT_SUNW_versym: 5175 case SHT_SYMTAB_SHNDX: 5176 flags |= FLG_SHOW_SYMBOLS; 5177 break; 5178 5179 case SHT_RELA: 5180 case SHT_REL: 5181 flags |= FLG_SHOW_RELOC; 5182 break; 5183 5184 case SHT_HASH: 5185 flags |= FLG_SHOW_HASH; 5186 break; 5187 5188 case SHT_DYNAMIC: 5189 flags |= FLG_SHOW_DYNAMIC; 5190 break; 5191 5192 case SHT_NOTE: 5193 flags |= FLG_SHOW_NOTE; 5194 break; 5195 5196 case SHT_GROUP: 5197 flags |= FLG_SHOW_GROUP; 5198 break; 5199 5200 case SHT_SUNW_symsort: 5201 case SHT_SUNW_tlssort: 5202 flags |= FLG_SHOW_SORT; 5203 break; 5204 5205 case SHT_SUNW_cap: 5206 flags |= FLG_SHOW_CAP; 5207 break; 5208 5209 case SHT_SUNW_move: 5210 flags |= FLG_SHOW_MOVE; 5211 break; 5212 5213 case SHT_SUNW_syminfo: 5214 flags |= FLG_SHOW_SYMINFO; 5215 break; 5216 5217 case SHT_SUNW_verdef: 5218 case SHT_SUNW_verneed: 5219 flags |= FLG_SHOW_VERSIONS; 5220 break; 5221 5222 case SHT_AMD64_UNWIND: 5223 flags |= FLG_SHOW_UNWIND; 5224 break; 5225 } 5226 } 5227 } 5228 5229 5230 if (flags & FLG_SHOW_SHDR) 5231 sections(file, cache, shnum, ehdr, osabi); 5232 5233 if (flags & FLG_SHOW_INTERP) 5234 interp(file, cache, shnum, phnum, elf); 5235 5236 if ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX)) 5237 versions(cache, shnum, file, flags, &versym); 5238 5239 if (flags & FLG_SHOW_SYMBOLS) 5240 symbols(cache, shnum, ehdr, osabi, &versym, file, flags); 5241 5242 if ((flags & FLG_SHOW_SORT) && (osabi == ELFOSABI_SOLARIS)) 5243 sunw_sort(cache, shnum, ehdr, osabi, &versym, file, flags); 5244 5245 if (flags & FLG_SHOW_HASH) 5246 hash(cache, shnum, file, flags); 5247 5248 if (flags & FLG_SHOW_GOT) 5249 got(cache, shnum, ehdr, file); 5250 5251 if (flags & FLG_SHOW_GROUP) 5252 group(cache, shnum, file, flags); 5253 5254 if (flags & FLG_SHOW_SYMINFO) 5255 syminfo(cache, shnum, ehdr, osabi, file); 5256 5257 if (flags & FLG_SHOW_RELOC) 5258 reloc(cache, shnum, ehdr, file); 5259 5260 if (flags & FLG_SHOW_DYNAMIC) 5261 dynamic(cache, shnum, ehdr, osabi, file); 5262 5263 if (flags & FLG_SHOW_NOTE) { 5264 Word note_cnt; 5265 size_t note_shnum; 5266 Cache *note_cache; 5267 5268 note_cnt = note(cache, shnum, ehdr, file); 5269 5270 /* 5271 * Solaris core files have section headers, but these 5272 * headers do not include SHT_NOTE sections that reference 5273 * the core note sections. This means that note() won't 5274 * find the core notes. Fake section headers (-P option) 5275 * recover these sections, but it is inconvenient to require 5276 * users to specify -P in this situation. If the following 5277 * are all true: 5278 * 5279 * - No note sections were found 5280 * - This is a core file 5281 * - We are not already using fake section headers 5282 * 5283 * then we will automatically generate fake section headers 5284 * and then process them in a second call to note(). 5285 */ 5286 if ((note_cnt == 0) && (ehdr->e_type == ET_CORE) && 5287 !(flags & FLG_CTL_FAKESHDR) && 5288 (fake_shdr_cache(file, fd, elf, ehdr, 5289 ¬e_cache, ¬e_shnum) != 0)) { 5290 (void) note(note_cache, note_shnum, ehdr, file); 5291 fake_shdr_cache_free(note_cache, note_shnum); 5292 } 5293 } 5294 5295 if ((flags & FLG_SHOW_MOVE) && (osabi == ELFOSABI_SOLARIS)) 5296 move(cache, shnum, file, flags); 5297 5298 if (flags & FLG_CALC_CHECKSUM) 5299 checksum(elf); 5300 5301 if ((flags & FLG_SHOW_CAP) && (osabi == ELFOSABI_SOLARIS)) 5302 cap(file, cache, shnum, phnum, ehdr, osabi, elf, flags); 5303 5304 if ((flags & FLG_SHOW_UNWIND) && 5305 ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX))) 5306 unwind(cache, shnum, phnum, ehdr, osabi, file, elf, flags); 5307 5308 5309 /* Release the memory used to cache section headers */ 5310 done: 5311 if (flags & FLG_CTL_FAKESHDR) 5312 fake_shdr_cache_free(cache, shnum); 5313 else 5314 free(cache); 5315 5316 return (ret); 5317 } 5318