xref: /illumos-gate/usr/src/cmd/sgs/rtld/common/dlfcns.c (revision 4fceebdf03eeac0d7c58a4f70cc19b00a8c40a73)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  *	Copyright (c) 1988 AT&T
24  *	  All Rights Reserved
25  *
26  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
27  * Use is subject to license terms.
28  */
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 
33 /*
34  * Programmatic interface to the run_time linker.
35  */
36 #include	"_synonyms.h"
37 
38 #include	<sys/debug.h>
39 #include	<string.h>
40 #include	<dlfcn.h>
41 #include	<synch.h>
42 #include	<limits.h>
43 #include	<debug.h>
44 #include	"_rtld.h"
45 #include	"_audit.h"
46 #include	"_elf.h"
47 #include	"msg.h"
48 
49 /*
50  * Determine who called us - given a pc determine in which object it resides.
51  *
52  * For dlopen() the link map of the caller must be passed to load_so() so that
53  * the appropriate search rules (4.x or 5.0) are used to locate any
54  * dependencies.  Also, if we've been called from a 4.x module it may be
55  * necessary to fix the specified pathname so that it conforms with the 5.0 elf
56  * rules.
57  *
58  * For dlsym() the link map of the caller is used to determine RTLD_NEXT
59  * requests, together with requests based off of a dlopen(0).
60  * For dladdr() this routines provides a generic means of scanning all loaded
61  * segments.
62  */
63 Rt_map *
64 _caller(caddr_t cpc, int flags)
65 {
66 	Lm_list *	lml;
67 	Listnode *	lnp;
68 
69 	for (LIST_TRAVERSE(&dynlm_list, lnp, lml)) {
70 		Aliste	off;
71 		Lm_cntl	*lmc;
72 
73 		for (ALIST_TRAVERSE(lml->lm_lists, off, lmc)) {
74 			Rt_map	*lmp;
75 
76 			for (lmp = lmc->lc_head; lmp;
77 			    lmp = (Rt_map *)NEXT(lmp)) {
78 				Mmap	*mmap;
79 
80 				/*
81 				 * Traverse this objects mappings testing
82 				 * whether the pc falls within its range.
83 				 */
84 				for (mmap = MMAPS(lmp); mmap->m_vaddr; mmap++) {
85 					if ((cpc >= mmap->m_vaddr) && (cpc <
86 					    (mmap->m_vaddr + mmap->m_msize)))
87 						return (lmp);
88 				}
89 			}
90 		}
91 	}
92 
93 	/*
94 	 * No mapping can be determined.  If asked for a default, assume this
95 	 * is from the executable.
96 	 */
97 	if (flags & CL_EXECDEF)
98 		return ((Rt_map *)lml_main.lm_head);
99 
100 	return (0);
101 }
102 
103 #pragma weak dlerror = _dlerror
104 
105 /*
106  * External entry for dlerror(3dl).  Returns a pointer to the string describing
107  * the last occurring error.  The last occurring error is cleared.
108  */
109 char *
110 _dlerror()
111 {
112 	char	*error;
113 	Rt_map	*clmp;
114 	int	entry;
115 
116 	entry = enter();
117 
118 	clmp = _caller(caller(), CL_EXECDEF);
119 
120 	error = lasterr;
121 	lasterr = (char *)0;
122 
123 	if (entry)
124 		leave(LIST(clmp));
125 	return (error);
126 }
127 
128 /*
129  * Add a dependency as a group descriptor to a group handle.  Returns 0 on
130  * failure, ALE_EXISTS if the dependency already exists, or ALE_CREATE if it
131  * is newly created.
132  */
133 int
134 hdl_add(Grp_hdl *ghp, Rt_map *lmp, uint_t flags)
135 {
136 	Grp_desc	*gdp;
137 	Aliste		off;
138 	int		found = ALE_CREATE;
139 
140 	/*
141 	 * Make sure this dependency hasn't already been recorded.
142 	 */
143 	for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
144 		if (gdp->gd_depend == lmp) {
145 			found = ALE_EXISTS;
146 			break;
147 		}
148 	}
149 
150 	if (found == ALE_CREATE) {
151 		Grp_desc	gd;
152 
153 		/*
154 		 * Create a new handle descriptor.
155 		 */
156 		gd.gd_depend = lmp;
157 		gd.gd_flags = 0;
158 
159 		/*
160 		 * Indicate this object is a part of this handles group.
161 		 */
162 		if (alist_append(&GROUPS(lmp), &ghp,
163 		    sizeof (Grp_hdl *), AL_CNT_GROUPS) == 0)
164 			return (0);
165 
166 		/*
167 		 * Append the new dependency to this handle.
168 		 */
169 		if ((gdp = alist_append(&(ghp->gh_depends), &gd,
170 		    sizeof (Grp_desc), AL_CNT_DEPENDS)) == 0)
171 			return (0);
172 	}
173 
174 	gdp->gd_flags |= flags;
175 
176 	if (found == ALE_CREATE)
177 		DBG_CALL(Dbg_file_hdl_action(ghp, lmp, DBG_DEP_ADD));
178 
179 	return (found);
180 }
181 
182 /*
183  * Allocate a handle and record its existence on the handle list for future
184  * verification.
185  */
186 Grp_hdl *
187 hdl_alloc()
188 {
189 	Grp_hdl	*ghp;
190 	uint_t	ndx;
191 
192 	if ((ghp = calloc(sizeof (Grp_hdl), 1)) == 0)
193 		return (0);
194 
195 	/* LINTED */
196 	ndx = (uintptr_t)ghp % HDLIST_SZ;
197 
198 	if (list_append(&hdl_list[ndx], ghp) == 0) {
199 		free(ghp);
200 		return (0);
201 	}
202 	return (ghp);
203 }
204 
205 /*
206  * Create a handle.
207  */
208 Grp_hdl *
209 hdl_create(Lm_list *lml, Rt_map *nlmp, Rt_map *clmp, uint_t flags)
210 {
211 	Grp_hdl	*ghp = 0, **ghpp;
212 	uint_t	hflags;
213 	Alist	**alpp;
214 	Aliste	off;
215 
216 	/*
217 	 * For dlopen(0) the handle is maintained as part of the link-map list,
218 	 * otherwise it is associated with the referenced link-map.
219 	 */
220 	if (flags & GPH_ZERO)
221 		alpp = &(lml->lm_handle);
222 	else
223 		alpp = &(HANDLES(nlmp));
224 
225 	/*
226 	 * Objects can contain multiple handles depending on the flags supplied.
227 	 * Most RTLD flags pertain to the object itself and the bindings that it
228 	 * can achieve.  Multiple handles for these flags don't make sense.  But
229 	 * if the flag determines how the handle might be used, then multiple
230 	 * handles may exist.  Presently this only makes sense for RTLD_FIRST.
231 	 * Determine if an appropriate handle already exists.
232 	 */
233 	hflags = flags & GPH_FIRST;
234 	for (ALIST_TRAVERSE(*alpp, off, ghpp)) {
235 		if (((*ghpp)->gh_flags & GPH_FIRST) == hflags) {
236 			ghp = *ghpp;
237 			break;
238 		}
239 	}
240 
241 	if (ghp == 0) {
242 		DBG_CALL(Dbg_file_hdl_title(DBG_DEP_CREATE));
243 
244 		/*
245 		 * If this is the first dlopen() request for this handle
246 		 * allocate and initialize a new handle.
247 		 */
248 		if ((ghp = hdl_alloc()) == 0)
249 			return (0);
250 		if (alist_append(alpp, &ghp, sizeof (Grp_hdl *),
251 		    AL_CNT_GROUPS) == 0)
252 			return (0);
253 
254 		/*
255 		 * Indicate that this object has been referenced.  In truth a
256 		 * reference hasn't yet occurred, it's a dlsym() that makes the
257 		 * reference.  However, we assume that anyone performing a
258 		 * dlopen() will eventually call dlsym(), plus this makes for a
259 		 * better diagnostic location rather than having to call
260 		 * unused() after every dlsym() operation.
261 		 */
262 		if (nlmp)
263 			FLAGS1(nlmp) |= FL1_RT_USED;
264 
265 		ghp->gh_refcnt = 1;
266 		ghp->gh_flags = flags;
267 
268 		/*
269 		 * A dlopen(0) handle is identified by the GPH_ZERO flag, the
270 		 * head of the link-map list is defined as the owner.  There is
271 		 * no need to maintain a list of dependencies, for when this
272 		 * handle is used (for dlsym()) a dynamic search through the
273 		 * entire link-map list provides for searching all objects with
274 		 * GLOBAL visibility.
275 		 */
276 		if (flags & GPH_ZERO) {
277 			ghp->gh_ownlmp = lml->lm_head;
278 			ghp->gh_ownlml = lml;
279 		} else {
280 			uint_t	hflags = GPD_AVAIL;
281 
282 			ghp->gh_ownlmp = nlmp;
283 			ghp->gh_ownlml = LIST(nlmp);
284 
285 			/*
286 			 * As an optimization, a handle for ld.so.1 itself
287 			 * (required for libdl's filtering mechanism) shouldn't
288 			 * search any dependencies of ld.so.1.  Omitting
289 			 * GDP_ADDEPS prevents the addition of any ld.so.1
290 			 * dependencies to this handle.
291 			 */
292 			if ((flags & GPH_LDSO) == 0)
293 				hflags |= GPD_ADDEPS;
294 			if (hdl_add(ghp, nlmp, hflags) == 0)
295 				return (0);
296 		}
297 	} else {
298 		/*
299 		 * If a handle already exists bump its reference count.  If it's
300 		 * count was 0 then this handle previously existed but could not
301 		 * be removed as part of a dlclose().  Remove this handle from
302 		 * the orphan list as it's once again in use.  Note that handles
303 		 * associated with the link-map list itself (dlopen(0)) were
304 		 * never deleted or removed to the orphan list.
305 		 */
306 		if ((ghp->gh_refcnt++ == 0) &&
307 		    ((ghp->gh_flags & (GPH_ZERO | GPH_STICKY)) == 0)) {
308 			uint_t	ndx;
309 
310 			/* LINTED */
311 			ndx = (uintptr_t)ghp % HDLIST_SZ;
312 
313 			list_delete(&hdl_list[HDLIST_ORP], ghp);
314 			(void) list_append(&hdl_list[ndx], ghp);
315 
316 			if (DBG_ENABLED) {
317 				Aliste		off;
318 				Grp_desc	*gdp;
319 
320 				DBG_CALL(Dbg_file_hdl_title(DBG_DEP_REINST));
321 				for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp))
322 					DBG_CALL(Dbg_file_hdl_action(ghp,
323 					    gdp->gd_depend, DBG_DEP_ADD));
324 			}
325 		}
326 
327 		/*
328 		 * Once a handle is referenced, remove any stick bit.
329 		 */
330 		ghp->gh_flags &= ~GPH_STICKY;
331 	}
332 
333 	/*
334 	 * If dlopen(..., RTLD_PARENT) add the caller to dependency list so that
335 	 * it becomes part of this group.  As we could be opened by different
336 	 * parents this test is carried out every time a handle is requested.
337 	 * Note that a parent doesn't provide symbols via dlsym() so it also
338 	 * isn't necessary to add its dependencies to the handle.
339 	 */
340 	if (flags & GPH_PARENT) {
341 		if (hdl_add(ghp, clmp, GPD_PARENT) == 0)
342 			return (0);
343 	}
344 	return (ghp);
345 }
346 
347 /*
348  * Initialize a handle that has been created for an object that is already
349  * loaded.  The handle is initialized with the present dependencies of that
350  * object.  Once this initialization has occurred, any new objects that might
351  * be loaded as dependencies (lazy-loading) are added to the handle as each new
352  * object is loaded.
353  */
354 int
355 hdl_initialize(Grp_hdl *ghp, Rt_map *nlmp, Rt_map *clmp, int mode, int promote)
356 {
357 	Aliste		off;
358 	Grp_desc	*gdp;
359 
360 	/*
361 	 * If the handle has already been initialized, and the initial object's
362 	 * mode hasn't been promoted, there's no need to recompute the modes of
363 	 * any dependencies.  If the object we've added has just been opened,
364 	 * the objects dependencies will not yet have been processed.  These
365 	 * dependencies will be added on later calls to load_one().  Otherwise,
366 	 * this object already exists, so add all of its dependencies to the
367 	 * handle were operating on.
368 	 */
369 	if (((ghp->gh_flags & GPH_INITIAL) && (promote == 0)) ||
370 	    ((FLAGS(nlmp) & FLG_RT_ANALYZED) == 0)) {
371 		ghp->gh_flags |= GPH_INITIAL;
372 		return (1);
373 	}
374 
375 	DBG_CALL(Dbg_file_hdl_title(DBG_DEP_ADD));
376 	for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
377 		Rt_map *	lmp = gdp->gd_depend;
378 		Aliste		off1;
379 		Bnd_desc **	bdpp;
380 
381 		/*
382 		 * If this dependency doesn't indicate that its dependencies
383 		 * should be added to a handle, ignore it.  This case identifies
384 		 * a parent of a dlopen(RTLD_PARENT) request.
385 		 */
386 		if ((gdp->gd_flags & GPD_ADDEPS) == 0)
387 			continue;
388 
389 		for (ALIST_TRAVERSE(DEPENDS(lmp), off1, bdpp)) {
390 			Bnd_desc	*bdp = *bdpp;
391 			Rt_map		*dlmp = bdp->b_depend;
392 
393 			if ((bdp->b_flags & BND_NEEDED) == 0)
394 				continue;
395 
396 			if (hdl_add(ghp, dlmp, (GPD_AVAIL | GPD_ADDEPS)) != 0)
397 				(void) update_mode(dlmp, MODE(dlmp), mode);
398 			else {
399 				/*
400 				 * Something failed.  Remove the new handle.
401 				 */
402 				(void) dlclose_intn(ghp, clmp);
403 				return (0);
404 			}
405 		}
406 	}
407 	ghp->gh_flags |= GPH_INITIAL;
408 	return (1);
409 }
410 
411 /*
412  * Sanity check a program-provided handle.
413  */
414 static int
415 hdl_validate(Grp_hdl *ghp)
416 {
417 	Listnode	*lnp;
418 	Grp_hdl		*lghp;
419 	uint_t		ndx;
420 
421 	/* LINTED */
422 	ndx = (uintptr_t)ghp % HDLIST_SZ;
423 
424 	for (LIST_TRAVERSE(&hdl_list[ndx], lnp, lghp)) {
425 		if ((lghp == ghp) && (ghp->gh_refcnt != 0))
426 			return (1);
427 	}
428 	return (0);
429 }
430 
431 /*
432  * Core dlclose activity.
433  */
434 int
435 dlclose_core(Grp_hdl *ghp, Rt_map *clmp)
436 {
437 	/*
438 	 * If we're already at atexit() there's no point processing further,
439 	 * all objects have already been tsorted for fini processing.
440 	 */
441 	if ((rtld_flags & RT_FL_ATEXIT) != 0)
442 		return (0);
443 
444 	/*
445 	 * Diagnose what we're up to.
446 	 */
447 	if (ghp->gh_flags & GPH_ZERO) {
448 		DBG_CALL(Dbg_file_dlclose(LIST(clmp), MSG_ORIG(MSG_STR_ZERO),
449 		    DBG_DLCLOSE_IGNORE));
450 	} else {
451 		Rt_map		*olmp;
452 		const char	*owner;
453 
454 		/*
455 		 * Determine if we've an owner for this handle.
456 		 */
457 		if ((olmp = ghp->gh_ownlmp) != 0)
458 			owner = NAME(olmp);
459 		else
460 			owner = MSG_INTL(MSG_STR_UNKNOWN);
461 
462 		DBG_CALL(Dbg_file_dlclose(LIST(clmp), owner, DBG_DLCLOSE_NULL));
463 	}
464 
465 	/*
466 	 * Decrement reference count of this object.
467 	 */
468 	if (--(ghp->gh_refcnt))
469 		return (0);
470 
471 	/*
472 	 * If this handle is special (dlopen(0)), then leave it around - it
473 	 * has little overhead.
474 	 */
475 	if (ghp->gh_flags & GPH_ZERO)
476 		return (0);
477 
478 	/*
479 	 * This handle is no longer being referenced, remove it.
480 	 */
481 	return (remove_hdl(ghp, clmp, 0));
482 }
483 
484 /*
485  * Internal dlclose activity.  Called from user level or directly for internal
486  * error cleanup.
487  */
488 int
489 dlclose_intn(Grp_hdl *ghp, Rt_map *clmp)
490 {
491 	Rt_map	*nlmp = 0;
492 	Lm_list	*olml = 0;
493 	int	error;
494 
495 	/*
496 	 * Although we're deleting object(s) it's quite possible that additional
497 	 * objects get loaded from running the .fini section(s) of the objects
498 	 * being deleted.  These objects will have been added to the same
499 	 * link-map list as those objects being deleted.  Remember this list
500 	 * for later investigation.
501 	 */
502 	olml = ghp->gh_ownlml;
503 
504 	error = dlclose_core(ghp, clmp);
505 
506 	/*
507 	 * Determine whether the original link-map list still exists.  In the
508 	 * case of a dlclose of an alternative (dlmopen) link-map the whole
509 	 * list may have been removed.
510 	 */
511 	if (olml) {
512 		Listnode	*lnp;
513 		Lm_list		*lml;
514 
515 		for (LIST_TRAVERSE(&dynlm_list, lnp, lml)) {
516 			if (olml == lml) {
517 				nlmp = olml->lm_head;
518 				break;
519 			}
520 		}
521 	}
522 	load_completion(nlmp, clmp);
523 	return (error);
524 }
525 
526 /*
527  * Argument checking for dlclose.  Only called via external entry.
528  */
529 static int
530 dlclose_check(void *handle, Rt_map *clmp)
531 {
532 	Grp_hdl	*ghp = (Grp_hdl *)handle;
533 
534 	if (hdl_validate(ghp) == 0) {
535 		eprintf(LIST(clmp), ERR_FATAL, MSG_INTL(MSG_ARG_INVHNDL));
536 		return (1);
537 	}
538 	return (dlclose_intn(ghp, clmp));
539 }
540 
541 #pragma weak dlclose = _dlclose
542 
543 /*
544  * External entry for dlclose(3dl).  Returns 0 for success, non-zero otherwise.
545  */
546 int
547 _dlclose(void *handle)
548 {
549 	int		error, entry;
550 	Rt_map		*clmp;
551 
552 	entry = enter();
553 
554 	clmp = _caller(caller(), CL_EXECDEF);
555 
556 	error = dlclose_check(handle, clmp);
557 
558 	if (entry)
559 		leave(LIST(clmp));
560 	return (error);
561 }
562 
563 static uint_t	lmid = 0;
564 
565 /*
566  * The addition of new link-map lists is assumed to be in small quantities.
567  * Here, we assign a unique link-map id for diagnostic use.  Simply update the
568  * running link-map count until we max out.
569  */
570 int
571 newlmid(Lm_list *lml)
572 {
573 	char	buffer[MSG_LMID_ALT_SIZE + 12];
574 
575 	if (lmid == UINT_MAX) {
576 		lml->lm_lmid = UINT_MAX;
577 		(void) strncpy(buffer, MSG_ORIG(MSG_LMID_MAXED),
578 		    MSG_LMID_ALT_SIZE + 12);
579 	} else {
580 		lml->lm_lmid = lmid++;
581 		(void) snprintf(buffer, MSG_LMID_ALT_SIZE + 12,
582 		    MSG_ORIG(MSG_LMID_FMT), MSG_ORIG(MSG_LMID_ALT),
583 		    lml->lm_lmid);
584 	}
585 	if ((lml->lm_lmidstr = strdup(buffer)) == 0)
586 		return (0);
587 
588 	return (1);
589 }
590 
591 /*
592  * Core dlopen activity.
593  */
594 static Grp_hdl *
595 dlmopen_core(Lm_list *lml, const char *path, int mode, Rt_map *clmp,
596     uint_t flags, uint_t orig)
597 {
598 	Rt_map	*nlmp;
599 	Grp_hdl	*ghp;
600 	Pnode	*pnp;
601 	Aliste	olmco, nlmco;
602 	Lm_cntl	*lmc;
603 
604 	DBG_CALL(Dbg_file_dlopen(clmp,
605 	    (path ? path : MSG_ORIG(MSG_STR_ZERO)), mode));
606 
607 	/*
608 	 * If the path specified is null then we're operating on global
609 	 * objects.  Associate a dummy handle with the link-map list.
610 	 */
611 	if (path == 0) {
612 		Grp_hdl *ghp;
613 		uint_t	hflags = GPH_ZERO;
614 		int	promote = 0;
615 
616 		if (mode & RTLD_PARENT)
617 			hflags |=  GPH_PARENT;
618 		if (mode & RTLD_FIRST)
619 			hflags |=  GPH_FIRST;
620 
621 		if ((ghp = hdl_create(lml, 0, clmp, hflags)) == 0)
622 			return (0);
623 
624 		/*
625 		 * Traverse the main link-map control list, updating the mode
626 		 * of any objects as necessary.  Call the relocation engine if
627 		 * this mode promotes the existing state of any relocations.
628 		 * crle()'s first pass loads all objects necessary for building
629 		 * a configuration file, however none of them are relocated.
630 		 * crle()'s second pass relocates objects in preparation for
631 		 * dldump()'ing using dlopen(0, RTLD_NOW).
632 		 */
633 		if ((mode & (RTLD_NOW | RTLD_CONFGEN)) == RTLD_CONFGEN)
634 			return (ghp);
635 
636 		for (nlmp = lml->lm_head; nlmp; nlmp = (Rt_map *)NEXT(nlmp)) {
637 			if (((MODE(nlmp) & RTLD_GLOBAL) == 0) ||
638 			    (FLAGS(nlmp) & FLG_RT_DELETE))
639 				continue;
640 
641 			if (update_mode(nlmp, MODE(nlmp), mode))
642 				promote = 1;
643 		}
644 		if (promote)
645 			(void) relocate_lmc(lml, ALO_DATA, lml->lm_head);
646 
647 		return (ghp);
648 	}
649 
650 	/*
651 	 * Fix the pathname.  If this object expands to multiple paths (ie.
652 	 * $ISALIST or $HWCAP have been used), then make sure the user has also
653 	 * furnished the RTLD_FIRST flag.  As yet, we don't support opening
654 	 * more than one object at a time, so enforcing the RTLD_FIRST flag
655 	 * provides flexibility should we be able to support dlopening more
656 	 * than one object in the future.
657 	 */
658 	if ((pnp = LM_FIX_NAME(clmp)(path, clmp, orig)) == 0) {
659 		remove_lml(lml);
660 		return (0);
661 	}
662 	if (((pnp->p_orig & (PN_TKN_ISALIST | PN_TKN_HWCAP)) || pnp->p_next) &&
663 	    ((mode & RTLD_FIRST) == 0)) {
664 		remove_pnode(pnp);
665 		remove_lml(lml);
666 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLMODE_5));
667 		return (0);
668 	}
669 
670 	/*
671 	 * Create a new link-map control list for this request, and load the
672 	 * associated object.
673 	 */
674 	if ((lmc = alist_append(&(lml->lm_lists), 0, sizeof (Lm_cntl),
675 	    AL_CNT_LMLISTS)) == 0) {
676 		remove_pnode(pnp);
677 		remove_lml(lml);
678 		return (0);
679 	}
680 	olmco = nlmco = (Aliste)((char *)lmc - (char *)lml->lm_lists);
681 
682 	nlmp = load_one(lml, nlmco, pnp, clmp, mode,
683 	    (flags | FLG_RT_HANDLE), &ghp);
684 
685 	/*
686 	 * Remove any expanded pathname infrastructure, and if the dependency
687 	 * couldn't be loaded, cleanup.
688 	 */
689 	remove_pnode(pnp);
690 	if (nlmp == 0) {
691 		remove_cntl(lml, olmco);
692 		remove_lml(lml);
693 		return (0);
694 	}
695 
696 	/*
697 	 * If loading an auditor was requested, and the auditor already existed,
698 	 * then the link-map returned will be to the original auditor.  The new
699 	 * link-map list that was initially created, and the associated link-map
700 	 * control list are no longer needed.  As the auditor is already loaded,
701 	 * we're probably done, but fall through in case additional relocations
702 	 * would be triggered by the mode of the caller.
703 	 */
704 	if ((flags & FLG_RT_AUDIT) && (LIST(nlmp) != lml)) {
705 		remove_cntl(lml, olmco);
706 		remove_lml(lml);
707 		lml = LIST(nlmp);
708 		olmco = 0;
709 		nlmco = ALO_DATA;
710 	}
711 
712 	/*
713 	 * Finish processing the objects associated with this request.
714 	 */
715 	if ((analyze_lmc(lml, nlmco, nlmp) == 0) ||
716 	    (relocate_lmc(lml, nlmco, nlmp) == 0)) {
717 		(void) dlclose_core(ghp, clmp);
718 		if (olmco && lm_salvage(lml, 1, olmco)) {
719 			remove_cntl(lml, olmco);
720 			remove_lml(lml);
721 		}
722 		return (0);
723 	}
724 
725 	/*
726 	 * After a successful load, any objects collected on the new link-map
727 	 * control list will have been moved to the callers link-map control
728 	 * list.  This control list can now be deleted.
729 	 */
730 	if (olmco)
731 		remove_cntl(lml, olmco);
732 
733 	return (ghp);
734 }
735 
736 /*
737  * Internal dlopen() activity.  Called from user level or directly for internal
738  * opens that require a handle.
739  */
740 Grp_hdl *
741 dlmopen_intn(Lm_list * lml, const char *path, int mode, Rt_map * clmp,
742     uint_t flags, uint_t orig, int *loaded)
743 {
744 	Rt_map	*dlmp = 0;
745 	Grp_hdl	*ghp;
746 	int	objcnt;
747 
748 	/*
749 	 * Check for magic link-map list values:
750 	 *
751 	 *  LM_ID_BASE:		Operate on the PRIMARY (executables) link map
752 	 *  LM_ID_LDSO:		Operation on ld.so.1's link map
753 	 *  LM_ID_NEWLM: 	Create a new link-map.
754 	 */
755 	if (lml == (Lm_list *)LM_ID_NEWLM) {
756 		if ((lml = calloc(sizeof (Lm_list), 1)) == 0)
757 			return (0);
758 
759 		/*
760 		 * Establish the new link-map flags from the callers and those
761 		 * explicitly provided.
762 		 */
763 		lml->lm_tflags = LIST(clmp)->lm_tflags;
764 		if (flags & FLG_RT_AUDIT) {
765 			/*
766 			 * Unset any auditing flags - an auditor shouldn't be
767 			 * audited.  Insure all audit dependencies are loaded.
768 			 */
769 			lml->lm_tflags &= ~LML_TFLG_AUD_MASK;
770 			lml->lm_tflags |=
771 			    (LML_TFLG_NOLAZYLD | LML_TFLG_LOADFLTR);
772 			lml->lm_flags |= LML_FLG_NOAUDIT;
773 		}
774 
775 		if ((list_append(&dynlm_list, lml) == 0) ||
776 		    (newlmid(lml) == 0)) {
777 			free(lml);
778 			return (0);
779 		}
780 	} else if ((uintptr_t)lml < LM_ID_NUM) {
781 		if ((uintptr_t)lml == LM_ID_BASE)
782 			lml = &lml_main;
783 		else if ((uintptr_t)lml == LM_ID_LDSO)
784 			lml = &lml_rtld;
785 	}
786 
787 	objcnt = lml->lm_obj;
788 
789 	/*
790 	 * Open the required object on the associated link-map list.
791 	 */
792 	if ((ghp = dlmopen_core(lml, path, mode, clmp, flags,
793 	    (orig | PN_SER_DLOPEN))) != 0) {
794 		/*
795 		 * Establish the new link-map from which .init processing will
796 		 * begin.  Ignore .init firing when constructing a configuration
797 		 * file (crle(1)).
798 		 */
799 		if ((mode & RTLD_CONFGEN) == 0)
800 			dlmp = ghp->gh_ownlmp;
801 	}
802 
803 	/*
804 	 * Return the number of objects loaded if required.  This is used to
805 	 * trigger used() processing on return from a dlopen().
806 	 */
807 	if (loaded && dlmp)
808 		*loaded = lml->lm_obj - objcnt;
809 
810 	load_completion(dlmp, clmp);
811 	return (ghp);
812 }
813 
814 /*
815  * Argument checking for dlopen.  Only called via external entry.
816  */
817 static Grp_hdl *
818 dlmopen_check(Lm_list *lml, const char *path, int mode, Rt_map *clmp,
819     int *loaded)
820 {
821 	/*
822 	 * Verify that a valid pathname has been supplied.
823 	 */
824 	if (path && (*path == '\0')) {
825 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLPATH));
826 		return (0);
827 	}
828 
829 	/*
830 	 * Historically we've always verified the mode is either RTLD_NOW or
831 	 * RTLD_LAZY.  RTLD_NOLOAD is valid by itself.  Use of LM_ID_NEWLM
832 	 * requires a specific pathname, and use of RTLD_PARENT is meaningless.
833 	 */
834 	if ((mode & (RTLD_NOW | RTLD_LAZY | RTLD_NOLOAD)) == 0) {
835 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLMODE_1));
836 		return (0);
837 	}
838 	if ((mode & (RTLD_NOW | RTLD_LAZY)) == (RTLD_NOW | RTLD_LAZY)) {
839 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLMODE_2));
840 		return (0);
841 	}
842 	if ((lml == (Lm_list *)LM_ID_NEWLM) && (path == 0)) {
843 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLMODE_3));
844 		return (0);
845 	}
846 	if ((lml == (Lm_list *)LM_ID_NEWLM) && (mode & RTLD_PARENT)) {
847 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLMODE_4));
848 		return (0);
849 	}
850 	if (((mode & (RTLD_GROUP | RTLD_WORLD)) == 0) &&
851 	    ((mode & RTLD_NOLOAD) == 0))
852 		mode |= (RTLD_GROUP | RTLD_WORLD);
853 	if ((mode & RTLD_NOW) && (rtld_flags2 & RT_FL2_BINDLAZY)) {
854 		mode &= ~RTLD_NOW;
855 		mode |= RTLD_LAZY;
856 	}
857 
858 	return (dlmopen_intn(lml, path, mode, clmp, 0, 0, loaded));
859 }
860 
861 #pragma weak dlopen = _dlopen
862 
863 /*
864  * External entry for dlopen(3dl).  On success, returns a pointer (handle) to
865  * the structure containing information about the newly added object, ie. can
866  * be used by dlsym(). On failure, returns a null pointer.
867  */
868 void *
869 _dlopen(const char *path, int mode)
870 {
871 	int	entry, loaded = 0;
872 	Rt_map	*clmp;
873 	Grp_hdl	*ghp;
874 	Lm_list	*lml;
875 
876 	entry = enter();
877 
878 	clmp = _caller(caller(), CL_EXECDEF);
879 	lml = LIST(clmp);
880 
881 	ghp = dlmopen_check(lml, path, mode, clmp, &loaded);
882 
883 	if (entry && ghp && loaded)
884 		unused(lml);
885 
886 	if (entry)
887 		leave(lml);
888 	return ((void *)ghp);
889 }
890 
891 /*
892  * External entry for dlmopen(3dl).
893  */
894 #pragma weak dlmopen = _dlmopen
895 
896 void *
897 _dlmopen(Lmid_t lmid, const char *path, int mode)
898 {
899 	int	entry, loaded = 0;
900 	Rt_map	*clmp;
901 	Grp_hdl	*ghp;
902 
903 	entry = enter();
904 
905 	clmp = _caller(caller(), CL_EXECDEF);
906 
907 	ghp = dlmopen_check((Lm_list *)lmid, path, mode, clmp, &loaded);
908 
909 	if (entry && ghp && ghp->gh_ownlmp && loaded)
910 		unused(LIST(ghp->gh_ownlmp));
911 
912 	if (entry)
913 		leave(LIST(clmp));
914 	return ((void *)ghp);
915 }
916 
917 /*
918  * Handle processing for dlsym.
919  */
920 Sym *
921 dlsym_handle(Grp_hdl * ghp, Slookup * slp, Rt_map ** _lmp, uint_t *binfo)
922 {
923 	Rt_map		*nlmp, * lmp = ghp->gh_ownlmp;
924 	Rt_map		*clmp = slp->sl_cmap;
925 	const char	*name = slp->sl_name;
926 	Sym		*sym = 0;
927 	Slookup		sl = *slp;
928 
929 	sl.sl_flags = (LKUP_FIRST | LKUP_SPEC);
930 
931 	/*
932 	 * Continue processing a dlsym request.  Lookup the required symbol in
933 	 * each link-map specified by the handle.
934 	 *
935 	 * To leverage off of lazy loading, dlsym() requests can result in two
936 	 * passes.  The first descends the link-maps of any objects already in
937 	 * the address space.  If the symbol isn't located, and lazy
938 	 * dependencies still exist, then a second pass is made to load these
939 	 * dependencies if applicable.  This model means that in the case where
940 	 * a symbols exists in more than one object, the one located may not be
941 	 * constant - this is the standard issue with lazy loading. In addition,
942 	 * attempting to locate a symbol that doesn't exist will result in the
943 	 * loading of all lazy dependencies on the given handle, which can
944 	 * defeat some of the advantages of lazy loading (look out JVM).
945 	 */
946 	if (ghp->gh_flags & GPH_ZERO) {
947 		Lm_list	*lml;
948 
949 		/*
950 		 * If this symbol lookup is triggered from a dlopen(0) handle,
951 		 * traverse the present link-map list looking for promiscuous
952 		 * entries.
953 		 */
954 		for (nlmp = lmp; nlmp; nlmp = (Rt_map *)NEXT(nlmp)) {
955 
956 			/*
957 			 * If this handle indicates we're only to look in the
958 			 * first object check whether we're done.
959 			 */
960 			if ((nlmp != lmp) && (ghp->gh_flags & GPH_FIRST))
961 				return ((Sym *)0);
962 
963 			if (!(MODE(nlmp) & RTLD_GLOBAL))
964 				continue;
965 			if ((FLAGS(nlmp) & FLG_RT_DELETE) &&
966 			    ((FLAGS(clmp) & FLG_RT_DELETE) == 0))
967 				continue;
968 
969 			sl.sl_imap = nlmp;
970 			if (sym = LM_LOOKUP_SYM(clmp)(&sl, _lmp, binfo))
971 				return (sym);
972 		}
973 
974 		/*
975 		 * If we're unable to locate the symbol and this link-map still
976 		 * has pending lazy dependencies, start loading them in an
977 		 * attempt to exhaust the search.  Note that as we're already
978 		 * traversing a dynamic linked list of link-maps there's no
979 		 * need for elf_lazy_find_sym() to descend the link-maps itself.
980 		 */
981 		lml = LIST(lmp);
982 		if ((lml->lm_lazy) &&
983 		    ((lml->lm_flags & LML_FLG_NOPENDGLBLAZY) == 0)) {
984 			int	lazy = 0;
985 
986 			DBG_CALL(Dbg_syms_lazy_rescan(lml, name));
987 
988 			sl.sl_flags |= LKUP_NODESCENT;
989 
990 			for (nlmp = lmp; nlmp; nlmp = (Rt_map *)NEXT(nlmp)) {
991 
992 				if (!(MODE(nlmp) & RTLD_GLOBAL) || !LAZY(nlmp))
993 					continue;
994 				if ((FLAGS(nlmp) & FLG_RT_DELETE) &&
995 				    ((FLAGS(clmp) & FLG_RT_DELETE) == 0))
996 					continue;
997 
998 				lazy = 1;
999 				sl.sl_imap = nlmp;
1000 				if (sym = elf_lazy_find_sym(&sl, _lmp, binfo))
1001 					return (sym);
1002 			}
1003 
1004 			/*
1005 			 * If no global, lazy loadable dependencies are found,
1006 			 * then none exist for this link-map list.  Pending lazy
1007 			 * loadable objects may still exist for non-local
1008 			 * objects that are associated with this link-map list,
1009 			 * which is why we entered this fallback.  Tag this
1010 			 * link-map list to prevent further searching for lazy
1011 			 * dependencies.
1012 			 */
1013 			if (lazy == 0)
1014 				lml->lm_flags |= LML_FLG_NOPENDGLBLAZY;
1015 		}
1016 	} else {
1017 		/*
1018 		 * Traverse the dlopen() handle for the presently loaded
1019 		 * link-maps.
1020 		 */
1021 		Grp_desc	*gdp;
1022 		Aliste		off;
1023 
1024 		for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
1025 			if ((gdp->gd_flags & GPD_AVAIL) == 0)
1026 				continue;
1027 
1028 			sl.sl_imap = gdp->gd_depend;
1029 			if (sym = LM_LOOKUP_SYM(clmp)(&sl, _lmp, binfo))
1030 				return (sym);
1031 
1032 			if (ghp->gh_flags & GPH_FIRST)
1033 				return ((Sym *)0);
1034 		}
1035 
1036 		/*
1037 		 * If we're unable to locate the symbol and this link-map still
1038 		 * has pending lazy dependencies, start loading them in an
1039 		 * attempt to exhaust the search.
1040 		 */
1041 		if ((LIST(lmp)->lm_lazy) &&
1042 		    ((ghp->gh_flags & GPH_NOPENDLAZY) == 0)) {
1043 			int	lazy = 0;
1044 
1045 			DBG_CALL(Dbg_syms_lazy_rescan(LIST(lmp), name));
1046 
1047 			for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
1048 				nlmp = gdp->gd_depend;
1049 
1050 				if (((gdp->gd_flags & GPD_AVAIL) == 0) ||
1051 				    (LAZY(nlmp) == 0))
1052 					continue;
1053 
1054 				lazy = 1;
1055 				sl.sl_imap = nlmp;
1056 				if (sym = elf_lazy_find_sym(&sl, _lmp, binfo))
1057 					return (sym);
1058 			}
1059 
1060 			/*
1061 			 * If no lazy loadable dependencies are found, then
1062 			 * none exist for this handle.  Pending lazy loadable
1063 			 * objects may still exist for the associated link-map
1064 			 * list, which is why we entered this fallback.  Tag
1065 			 * this handle to prevent further searching for lazy
1066 			 * dependencies.
1067 			 */
1068 			if (lazy == 0)
1069 				ghp->gh_flags |= GPH_NOPENDLAZY;
1070 		}
1071 	}
1072 	return ((Sym *)0);
1073 }
1074 
1075 /*
1076  * Core dlsym activity.  Selects symbol lookup method from handle.
1077  */
1078 void *
1079 dlsym_core(void *handle, const char *name, Rt_map *clmp, Rt_map **dlmp)
1080 {
1081 	Sym		*sym;
1082 	Syminfo		*sip;
1083 	Slookup		sl;
1084 	uint_t		binfo;
1085 
1086 	sl.sl_name = name;
1087 	sl.sl_cmap = clmp;
1088 	sl.sl_hash = 0;
1089 	sl.sl_rsymndx = 0;
1090 
1091 	/*
1092 	 * Standard relocations are evaluated using the symbol index of the
1093 	 * associated relocation symbol.  This index provides for loading
1094 	 * any lazy dependency and establishing a direct binding if necessary.
1095 	 * If a dlsym() operation originates from an object that contains a
1096 	 * symbol table entry for the same name, then establish the symbol
1097 	 * index so that any dependency requirements can be triggered.
1098 	 */
1099 	if (((intptr_t)handle < 0) && (sip = SYMINFO(clmp)) != 0) {
1100 		sl.sl_imap = clmp;
1101 		sl.sl_flags = LKUP_SYMNDX;
1102 		sl.sl_hash = elf_hash(name);
1103 
1104 		if ((sym = SYMINTP(clmp)(&sl, 0, 0)) != NULL) {
1105 			sl.sl_rsymndx = (((ulong_t)sym -
1106 			    (ulong_t)SYMTAB(clmp)) / SYMENT(clmp));
1107 		}
1108 	}
1109 
1110 	if (handle == RTLD_NEXT) {
1111 		Rt_map	*nlmp;
1112 
1113 		/*
1114 		 * If this handle is RTLD_NEXT determine whether a lazy load
1115 		 * from the caller might provide the next object.  This mimics
1116 		 * the lazy loading initialization normally carried out by
1117 		 * lookup_sym(), however here, we must do this up-front, as
1118 		 * lookup_sym() will be used to inspect the next object.
1119 		 */
1120 		if (sl.sl_rsymndx) {
1121 			/* LINTED */
1122 			sip = (Syminfo *)((char *)sip +
1123 			    (sl.sl_rsymndx * SYMINENT(clmp)));
1124 
1125 			if ((sip->si_flags & SYMINFO_FLG_DIRECT) &&
1126 			    (sip->si_boundto < SYMINFO_BT_LOWRESERVE))
1127 				(void) elf_lazy_load(clmp,
1128 				    sip->si_boundto, name);
1129 
1130 			/*
1131 			 * Clear the symbol index, so as not to confuse
1132 			 * lookup_sym() of the next object.
1133 			 */
1134 			sl.sl_rsymndx = 0;
1135 		}
1136 
1137 		/*
1138 		 * If the handle is RTLD_NEXT start searching in the next link
1139 		 * map from the callers.  Determine permissions from the
1140 		 * present link map.  Indicate to lookup_sym() that we're on an
1141 		 * RTLD_NEXT request so that it will use the callers link map to
1142 		 * start any possible lazy dependency loading.
1143 		 */
1144 		sl.sl_imap = nlmp = (Rt_map *)NEXT(clmp);
1145 
1146 		DBG_CALL(Dbg_syms_dlsym(clmp, name, (nlmp ? NAME(nlmp) :
1147 		    MSG_INTL(MSG_STR_NULL)), DBG_DLSYM_NEXT));
1148 
1149 		if (nlmp == 0)
1150 			return (0);
1151 
1152 		sl.sl_flags = LKUP_NEXT;
1153 		sym = LM_LOOKUP_SYM(clmp)(&sl, dlmp, &binfo);
1154 
1155 	} else if (handle == RTLD_SELF) {
1156 		/*
1157 		 * If the handle is RTLD_SELF start searching from the caller.
1158 		 */
1159 		DBG_CALL(Dbg_syms_dlsym(clmp, name, NAME(clmp),
1160 		    DBG_DLSYM_SELF));
1161 
1162 		sl.sl_imap = clmp;
1163 		sl.sl_flags = LKUP_SPEC;
1164 		sym = LM_LOOKUP_SYM(clmp)(&sl, dlmp, &binfo);
1165 
1166 	} else if (handle == RTLD_DEFAULT) {
1167 		Rt_map	*hlmp = LIST(clmp)->lm_head;
1168 
1169 		/*
1170 		 * If the handle is RTLD_DEFAULT mimic the standard symbol
1171 		 * lookup as would be triggered by a relocation.
1172 		 */
1173 		DBG_CALL(Dbg_syms_dlsym(clmp, name, 0, DBG_DLSYM_DEFAULT));
1174 
1175 		sl.sl_imap = hlmp;
1176 		sl.sl_flags = LKUP_SPEC;
1177 		sym = LM_LOOKUP_SYM(clmp)(&sl, dlmp, &binfo);
1178 
1179 	} else if (handle == RTLD_PROBE) {
1180 		Rt_map	*hlmp = LIST(clmp)->lm_head;
1181 
1182 		/*
1183 		 * If the handle is RTLD_PROBE, mimic the standard symbol
1184 		 * lookup as would be triggered by a relocation, however do
1185 		 * not fall back to a lazy loading rescan if the symbol can't be
1186 		 * found within the currently loaded objects.  Note, a lazy
1187 		 * loaded dependency required by the caller might still get
1188 		 * loaded to satisfy this request, but no exhaustive lazy load
1189 		 * rescan is carried out.
1190 		 */
1191 		DBG_CALL(Dbg_syms_dlsym(clmp, name, 0, DBG_DLSYM_PROBE));
1192 
1193 		sl.sl_imap = hlmp;
1194 		sl.sl_flags = (LKUP_SPEC | LKUP_NOFALBACK);
1195 		sym = LM_LOOKUP_SYM(clmp)(&sl, dlmp, &binfo);
1196 
1197 	} else {
1198 		Grp_hdl *ghp = (Grp_hdl *)handle;
1199 
1200 		/*
1201 		 * Look in the shared object specified by the handle and in all
1202 		 * of its dependencies.
1203 		 */
1204 		DBG_CALL(Dbg_syms_dlsym(clmp, name, NAME(ghp->gh_ownlmp),
1205 		    DBG_DLSYM_DEF));
1206 
1207 		sym = LM_DLSYM(clmp)(ghp, &sl, dlmp, &binfo);
1208 	}
1209 
1210 	if (sym) {
1211 		Lm_list	*lml = LIST(clmp);
1212 		Addr	addr = sym->st_value;
1213 
1214 		if (!(FLAGS(*dlmp) & FLG_RT_FIXED))
1215 			addr += ADDR(*dlmp);
1216 
1217 		DBG_CALL(Dbg_bind_global(clmp, 0, 0, (Xword)-1, PLT_T_NONE,
1218 		    *dlmp, addr, sym->st_value, name, binfo));
1219 
1220 		if ((lml->lm_tflags | FLAGS1(clmp)) & LML_TFLG_AUD_SYMBIND) {
1221 			uint_t	sb_flags = LA_SYMB_DLSYM;
1222 			/* LINTED */
1223 			uint_t	symndx = (uint_t)(((Xword)sym -
1224 			    (Xword)SYMTAB(*dlmp)) / SYMENT(*dlmp));
1225 			addr = audit_symbind(clmp, *dlmp, sym, symndx, addr,
1226 			    &sb_flags);
1227 		}
1228 		return ((void *)addr);
1229 	} else
1230 		return (0);
1231 }
1232 
1233 /*
1234  * Internal dlsym activity.  Called from user level or directly for internal
1235  * symbol lookup.
1236  */
1237 void *
1238 dlsym_intn(void *handle, const char *name, Rt_map *clmp, Rt_map **dlmp)
1239 {
1240 	Rt_map		*llmp = 0;
1241 	void		*error;
1242 	Aliste		off;
1243 	Grp_desc	*gdp;
1244 
1245 	/*
1246 	 * While looking for symbols it's quite possible that additional objects
1247 	 * get loaded from lazy loading.  These objects will have been added to
1248 	 * the same link-map list as those objects on the handle.  Remember this
1249 	 * list for later investigation.
1250 	 */
1251 	if ((handle == RTLD_NEXT) || (handle == RTLD_DEFAULT) ||
1252 	    (handle == RTLD_SELF) || (handle == RTLD_PROBE))
1253 		llmp = LIST(clmp)->lm_tail;
1254 	else {
1255 		Grp_hdl	*ghp = (Grp_hdl *)handle;
1256 
1257 		if (ghp->gh_ownlmp)
1258 			llmp = LIST(ghp->gh_ownlmp)->lm_tail;
1259 		else {
1260 			for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
1261 				if ((llmp = LIST(gdp->gd_depend)->lm_tail) != 0)
1262 					break;
1263 			}
1264 		}
1265 	}
1266 
1267 	if ((error = dlsym_core(handle, name, clmp, dlmp)) == 0) {
1268 		/*
1269 		 * Cache the error message, as Java tends to fall through this
1270 		 * code many times.
1271 		 */
1272 		if (nosym_str == 0)
1273 			nosym_str = MSG_INTL(MSG_GEN_NOSYM);
1274 		eprintf(LIST(clmp), ERR_FATAL, nosym_str, name);
1275 	}
1276 
1277 	load_completion(llmp, clmp);
1278 	return (error);
1279 }
1280 
1281 /*
1282  * Argument checking for dlsym.  Only called via external entry.
1283  */
1284 static void *
1285 dlsym_check(void *handle, const char *name, Rt_map *clmp, Rt_map **dlmp)
1286 {
1287 	/*
1288 	 * Verify the arguments.
1289 	 */
1290 	if (name == 0) {
1291 		eprintf(LIST(clmp), ERR_FATAL, MSG_INTL(MSG_ARG_ILLSYM));
1292 		return (0);
1293 	}
1294 	if ((handle != RTLD_NEXT) && (handle != RTLD_DEFAULT) &&
1295 	    (handle != RTLD_SELF) && (handle != RTLD_PROBE) &&
1296 	    (hdl_validate((Grp_hdl *)handle) == 0)) {
1297 		eprintf(LIST(clmp), ERR_FATAL, MSG_INTL(MSG_ARG_INVHNDL));
1298 		return (0);
1299 	}
1300 	return (dlsym_intn(handle, name, clmp, dlmp));
1301 }
1302 
1303 
1304 #pragma weak dlsym = _dlsym
1305 
1306 /*
1307  * External entry for dlsym().  On success, returns the address of the specified
1308  * symbol.  On error returns a null.
1309  */
1310 void *
1311 _dlsym(void *handle, const char *name)
1312 {
1313 	int	entry;
1314 	Rt_map	*clmp, *dlmp = 0;
1315 	void	*addr;
1316 
1317 	entry = enter();
1318 
1319 	clmp = _caller(caller(), CL_EXECDEF);
1320 
1321 	addr = dlsym_check(handle, name, clmp, &dlmp);
1322 
1323 	if (dlmp)
1324 		is_dep_ready(dlmp, clmp, DBG_WAIT_SYMBOL);
1325 
1326 	if (entry && dlmp)
1327 		is_dep_init(dlmp, clmp);
1328 
1329 	if (entry)
1330 		leave(LIST(clmp));
1331 	return (addr);
1332 }
1333 
1334 /*
1335  * Core dladdr activity.
1336  */
1337 static void
1338 dladdr_core(Rt_map *clmp, void *addr, Dl_info *dlip, void **info, int flags)
1339 {
1340 	/*
1341 	 * Set up generic information and any defaults.
1342 	 */
1343 	dlip->dli_fname = PATHNAME(clmp);
1344 
1345 	dlip->dli_fbase = (void *)ADDR(clmp);
1346 	dlip->dli_sname = 0;
1347 	dlip->dli_saddr = 0;
1348 
1349 	/*
1350 	 * Determine the nearest symbol to this address.
1351 	 */
1352 	LM_DLADDR(clmp)((ulong_t)addr, clmp, dlip, info, flags);
1353 }
1354 
1355 #pragma weak dladdr = _dladdr
1356 
1357 /*
1358  * External entry for dladdr(3dl) and dladdr1(3dl).  Returns an information
1359  * structure that reflects the symbol closest to the address specified.
1360  */
1361 int
1362 _dladdr(void *addr, Dl_info *dlip)
1363 {
1364 	int	entry, error;
1365 	Rt_map	*clmp;
1366 
1367 	entry = enter();
1368 
1369 	/*
1370 	 * Use our calling technique to determine what object is associated
1371 	 * with the supplied address.  If a caller can't be determined,
1372 	 * indicate the failure.
1373 	 */
1374 	if ((clmp = _caller((caddr_t)addr, CL_NONE)) == 0) {
1375 		eprintf(0, ERR_FATAL, MSG_INTL(MSG_ARG_INVADDR),
1376 		    EC_NATPTR(addr));
1377 		error = 0;
1378 	} else {
1379 		dladdr_core(clmp, addr, dlip, 0, 0);
1380 		error = 1;
1381 	}
1382 
1383 	if (entry)
1384 		leave(0);
1385 	return (error);
1386 }
1387 
1388 #pragma weak dladdr1 = _dladdr1
1389 
1390 int
1391 _dladdr1(void *addr, Dl_info *dlip, void **info, int flags)
1392 {
1393 	int	entry, error = 0;
1394 	Rt_map	*clmp;
1395 
1396 	/*
1397 	 * Validate any flags.
1398 	 */
1399 	if (flags) {
1400 		int	request;
1401 
1402 		if (((request = (flags & RTLD_DL_MASK)) != RTLD_DL_SYMENT) &&
1403 		    (request != RTLD_DL_LINKMAP)) {
1404 			eprintf(0, ERR_FATAL, MSG_INTL(MSG_ARG_ILLFLAGS),
1405 			    flags);
1406 			return (0);
1407 		}
1408 		if (info == 0) {
1409 			eprintf(0, ERR_FATAL, MSG_INTL(MSG_ARG_ILLINFO), flags);
1410 			return (0);
1411 		}
1412 	}
1413 
1414 	entry = enter();
1415 
1416 	/*
1417 	 * Use our calling technique to determine what object is associated
1418 	 * with the supplied address.  If a caller can't be determined,
1419 	 * indicate the failure.
1420 	 */
1421 	if ((clmp = _caller((caddr_t)addr, CL_NONE)) == 0) {
1422 		eprintf(0, ERR_FATAL, MSG_INTL(MSG_ARG_INVADDR),
1423 		    EC_NATPTR(addr));
1424 		error = 0;
1425 	} else {
1426 		dladdr_core(clmp, addr, dlip, info, flags);
1427 		error = 1;
1428 	}
1429 
1430 	if (entry)
1431 		leave(0);
1432 	return (error);
1433 }
1434 
1435 /*
1436  * Core dldump activity.
1437  */
1438 static int
1439 dldump_core(Lm_list *lml, const char *ipath, const char *opath, int flags)
1440 {
1441 	Addr	addr = 0;
1442 	Rt_map	*lmp;
1443 
1444 	/*
1445 	 * Verify any arguments first.
1446 	 */
1447 	if ((!opath || (*opath == '\0')) || (ipath && (*ipath == '\0'))) {
1448 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLPATH));
1449 		return (1);
1450 	}
1451 
1452 	/*
1453 	 * If an input file is specified make sure its one of our dependencies
1454 	 * on the main link-map list.  Note, this has really all evolved for
1455 	 * crle(), which uses libcrle.so on an alternative link-map to trigger
1456 	 * dumping objects from the main link-map list.   If we ever want to
1457 	 * dump objects from alternative link-maps, this model is going to
1458 	 * have to be revisited.
1459 	 */
1460 	if (ipath) {
1461 		if ((lmp = is_so_loaded(&lml_main, ipath, 0)) == 0)
1462 			lmp = is_so_loaded(&lml_main, ipath, 1);
1463 
1464 		if (lmp == 0) {
1465 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_NOFILE),
1466 			    ipath);
1467 			return (1);
1468 		}
1469 		if (FLAGS(lmp) & FLG_RT_ALTER) {
1470 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_ALTER), ipath);
1471 			return (1);
1472 		}
1473 		if (FLAGS(lmp) & FLG_RT_NODUMP) {
1474 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_NODUMP),
1475 			    ipath);
1476 			return (1);
1477 		}
1478 	} else
1479 		lmp = lml_main.lm_head;
1480 
1481 
1482 	DBG_CALL(Dbg_file_dldump(lmp, opath, flags));
1483 
1484 	/*
1485 	 * If the object being dump'ed isn't fixed identify its mapping.
1486 	 */
1487 	if (!(FLAGS(lmp) & FLG_RT_FIXED))
1488 		addr = ADDR(lmp);
1489 
1490 	/*
1491 	 * As rt_dldump() will effectively lazy load the necessary support
1492 	 * libraries, make sure ld.so.1 is initialized for plt relocations.
1493 	 */
1494 	if (elf_rtld_load() == 0)
1495 		return (0);
1496 
1497 	/*
1498 	 * Dump the required image.
1499 	 */
1500 	return (rt_dldump(lmp, opath, flags, addr));
1501 }
1502 
1503 #pragma weak dldump = _dldump
1504 
1505 /*
1506  * External entry for dldump(3c).  Returns 0 on success, non-zero otherwise.
1507  */
1508 int
1509 _dldump(const char *ipath, const char *opath, int flags)
1510 {
1511 	int	error, entry;
1512 	Rt_map	*clmp;
1513 
1514 	entry = enter();
1515 
1516 	clmp = _caller(caller(), CL_EXECDEF);
1517 
1518 	error = dldump_core(LIST(clmp), ipath, opath, flags);
1519 
1520 	if (entry)
1521 		leave(LIST(clmp));
1522 	return (error);
1523 }
1524 
1525 /*
1526  * get_linkmap_id() translates Lm_list * pointers to the Link_map id as used by
1527  * the rtld_db and dlmopen() interfaces.  It checks to see if the Link_map is
1528  * one of the primary ones and if so returns it's special token:
1529  *		LM_ID_BASE
1530  *		LM_ID_LDSO
1531  *
1532  * If it's not one of the primary link_map id's it will instead returns a
1533  * pointer to the Lm_list structure which uniquely identifies the Link_map.
1534  */
1535 Lmid_t
1536 get_linkmap_id(Lm_list *lml)
1537 {
1538 	if (lml->lm_flags & LML_FLG_BASELM)
1539 		return (LM_ID_BASE);
1540 	if (lml->lm_flags & LML_FLG_RTLDLM)
1541 		return (LM_ID_LDSO);
1542 
1543 	return ((Lmid_t)lml);
1544 }
1545 
1546 /*
1547  * Extract information for a dlopen() handle.
1548  */
1549 static int
1550 dlinfo_core(void *handle, int request, void *p, Rt_map *clmp)
1551 {
1552 	Lm_list	*lml = LIST(clmp);
1553 	Rt_map	*lmp;
1554 
1555 	if ((request > RTLD_DI_MAX) || (p == 0)) {
1556 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ILLVAL));
1557 		return (-1);
1558 	}
1559 
1560 	/*
1561 	 * Return configuration cache name and address.
1562 	 */
1563 	if (request == RTLD_DI_CONFIGADDR) {
1564 		Dl_info	*dlip = (Dl_info *)p;
1565 
1566 		if ((config->c_name == 0) || (config->c_bgn == 0) ||
1567 		    (config->c_end == 0)) {
1568 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_NOCONFIG));
1569 			return (-1);
1570 		}
1571 		dlip->dli_fname = config->c_name;
1572 		dlip->dli_fbase = (void *)config->c_bgn;
1573 		return (0);
1574 	}
1575 
1576 	/*
1577 	 * Return profiled object name (used by ldprof audit library).
1578 	 */
1579 	if (request == RTLD_DI_PROFILENAME) {
1580 		if (profile_name == 0) {
1581 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_NOPROFNAME));
1582 			return (-1);
1583 		}
1584 
1585 		*(const char **)p = profile_name;
1586 		return (0);
1587 	}
1588 	if (request == RTLD_DI_PROFILEOUT) {
1589 		/*
1590 		 * If a profile destination directory hasn't been specified
1591 		 * provide a default.
1592 		 */
1593 		if (profile_out == 0)
1594 			profile_out = MSG_ORIG(MSG_PTH_VARTMP);
1595 
1596 		*(const char **)p = profile_out;
1597 		return (0);
1598 	}
1599 
1600 	/*
1601 	 * Obtain or establish a termination signal.
1602 	 */
1603 	if (request == RTLD_DI_GETSIGNAL) {
1604 		*(int *)p = killsig;
1605 		return (0);
1606 	}
1607 
1608 	if (request == RTLD_DI_SETSIGNAL) {
1609 		sigset_t	set;
1610 		int		sig = *(int *)p;
1611 
1612 		/*
1613 		 * Determine whether the signal is in range.
1614 		 */
1615 		(void) sigfillset(&set);
1616 		if (sigismember(&set, sig) != 1) {
1617 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_INVSIG), sig);
1618 			return (-1);
1619 		}
1620 
1621 		killsig = sig;
1622 		return (0);
1623 	}
1624 
1625 	/*
1626 	 * For any other request a link-map is required.  Verify the handle.
1627 	 */
1628 	if (handle == RTLD_SELF)
1629 		lmp = clmp;
1630 	else {
1631 		Grp_hdl	*ghp = (Grp_hdl *)handle;
1632 
1633 		if (!hdl_validate(ghp)) {
1634 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_INVHNDL));
1635 			return (-1);
1636 		}
1637 		lmp = ghp->gh_ownlmp;
1638 	}
1639 
1640 	/*
1641 	 * Obtain the process arguments, environment and auxv.  Note, as the
1642 	 * environment can be modified by the user (putenv(3c)), reinitialize
1643 	 * the environment pointer on each request.
1644 	 */
1645 	if (request == RTLD_DI_ARGSINFO) {
1646 		Dl_argsinfo	*aip = (Dl_argsinfo *)p;
1647 		Lm_list		*lml = LIST(lmp);
1648 
1649 		*aip = argsinfo;
1650 		if (lml->lm_flags & LML_FLG_ENVIRON)
1651 			aip->dla_envp = *(lml->lm_environ);
1652 
1653 		return (0);
1654 	}
1655 
1656 	/*
1657 	 * Return Lmid_t of the Link-Map list that the specified object is
1658 	 * loaded on.
1659 	 */
1660 	if (request == RTLD_DI_LMID) {
1661 		*(Lmid_t *)p = get_linkmap_id(LIST(lmp));
1662 		return (0);
1663 	}
1664 
1665 	/*
1666 	 * Return a pointer to the Link-Map structure associated with the
1667 	 * specified object.
1668 	 */
1669 	if (request == RTLD_DI_LINKMAP) {
1670 		*(Link_map **)p = (Link_map *)lmp;
1671 		return (0);
1672 	}
1673 
1674 	/*
1675 	 * Return search path information, or the size of the buffer required
1676 	 * to store the information.
1677 	 */
1678 	if ((request == RTLD_DI_SERINFO) || (request == RTLD_DI_SERINFOSIZE)) {
1679 		Pnode		*dir, *dirlist = (Pnode *)0;
1680 		Dl_serinfo	*info;
1681 		Dl_serpath	*path;
1682 		char		*strs;
1683 		size_t		size = sizeof (Dl_serinfo);
1684 		uint_t		cnt = 0;
1685 
1686 		info = (Dl_serinfo *)p;
1687 		path = &info->dls_serpath[0];
1688 		strs = (char *)&info->dls_serpath[info->dls_cnt];
1689 
1690 		/*
1691 		 * Traverse search path entries for this object.
1692 		 */
1693 		while ((dir = get_next_dir(&dirlist, lmp, 0)) != 0) {
1694 			size_t	_size;
1695 
1696 			if (dir->p_name == 0)
1697 				continue;
1698 
1699 			/*
1700 			 * If configuration information exists, it's possible
1701 			 * this path has been identified as non-existent, if so
1702 			 * ignore it.
1703 			 */
1704 			if (dir->p_info) {
1705 				Rtc_obj	*dobj = (Rtc_obj *)dir->p_info;
1706 				if (dobj->co_flags & RTC_OBJ_NOEXIST)
1707 					continue;
1708 			}
1709 
1710 			/*
1711 			 * Keep track of search path count and total info size.
1712 			 */
1713 			if (cnt++)
1714 				size += sizeof (Dl_serpath);
1715 			_size = strlen(dir->p_name) + 1;
1716 			size += _size;
1717 
1718 			if (request == RTLD_DI_SERINFOSIZE)
1719 				continue;
1720 
1721 			/*
1722 			 * If we're filling in search path information, confirm
1723 			 * there's sufficient space.
1724 			 */
1725 			if (size > info->dls_size) {
1726 				eprintf(lml, ERR_FATAL,
1727 				    MSG_INTL(MSG_ARG_SERSIZE),
1728 				    EC_OFF(info->dls_size));
1729 				return (-1);
1730 			}
1731 			if (cnt > info->dls_cnt) {
1732 				eprintf(lml, ERR_FATAL,
1733 				    MSG_INTL(MSG_ARG_SERCNT), info->dls_cnt);
1734 				return (-1);
1735 			}
1736 
1737 			/*
1738 			 * Append the path to the information buffer.
1739 			 */
1740 			(void) strcpy(strs, dir->p_name);
1741 			path->dls_name = strs;
1742 			path->dls_flags = dir->p_orig;
1743 
1744 			strs = strs + _size;
1745 			path++;
1746 		}
1747 
1748 		/*
1749 		 * If we're here to size the search buffer fill it in.
1750 		 */
1751 		if (request == RTLD_DI_SERINFOSIZE) {
1752 			info->dls_size = size;
1753 			info->dls_cnt = cnt;
1754 		}
1755 	}
1756 
1757 	/*
1758 	 * Return the origin of the object associated with this link-map.
1759 	 * Basically return the dirname(1) of the objects fullpath.
1760 	 */
1761 	if (request == RTLD_DI_ORIGIN) {
1762 		char	*str = (char *)p;
1763 
1764 		if (DIRSZ(lmp) == 0)
1765 			(void) fullpath(lmp, 0);
1766 
1767 		(void) strncpy(str, ORIGNAME(lmp), DIRSZ(lmp));
1768 		str += DIRSZ(lmp);
1769 		*str = '\0';
1770 
1771 		return (0);
1772 	}
1773 
1774 	return (0);
1775 }
1776 
1777 #pragma weak dlinfo = _dlinfo
1778 
1779 /*
1780  * External entry for dlinfo(3dl).
1781  */
1782 int
1783 _dlinfo(void *handle, int request, void *p)
1784 {
1785 	int	error, entry;
1786 	Rt_map	*clmp;
1787 
1788 	entry = enter();
1789 
1790 	clmp = _caller(caller(), CL_EXECDEF);
1791 
1792 	error = dlinfo_core(handle, request, p, clmp);
1793 
1794 	if (entry)
1795 		leave(LIST(clmp));
1796 	return (error);
1797 }
1798