1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1988 AT&T
24 * All Rights Reserved
25 *
26 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
27 */
28 /*
29 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
30 * Copyright 2022 Oxide Computer Company
31 */
32
33 /*
34 * Object file dependent support for ELF objects.
35 */
36
37 #include <stdio.h>
38 #include <sys/procfs.h>
39 #include <sys/mman.h>
40 #include <sys/debug.h>
41 #include <string.h>
42 #include <limits.h>
43 #include <dlfcn.h>
44 #include <debug.h>
45 #include <conv.h>
46 #include "_rtld.h"
47 #include "_audit.h"
48 #include "_elf.h"
49 #include "_inline_gen.h"
50 #include "_inline_reloc.h"
51 #include "msg.h"
52
53 /*
54 * Default and secure dependency search paths.
55 */
56 static Spath_defn _elf_def_dirs[] = {
57 #if defined(_ELF64)
58 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE },
59 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE },
60 #else
61 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE },
62 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE },
63 #endif
64 { 0, 0 }
65 };
66
67 static Spath_defn _elf_sec_dirs[] = {
68 #if defined(_ELF64)
69 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE },
70 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE },
71 #else
72 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE },
73 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE },
74 #endif
75 { 0, 0 }
76 };
77
78 Alist *elf_def_dirs = NULL;
79 Alist *elf_sec_dirs = NULL;
80
81 /*
82 * Defines for local functions.
83 */
84 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
85 static Addr elf_entry_point(void);
86 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t);
87 static Alist **elf_get_def_dirs(void);
88 static Alist **elf_get_sec_dirs(void);
89 static char *elf_get_so(const char *, const char *, size_t, size_t);
90 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *);
91
92 /*
93 * Functions and data accessed through indirect pointers.
94 */
95 Fct elf_fct = {
96 elf_verify,
97 elf_new_lmp,
98 elf_entry_point,
99 elf_needed,
100 lookup_sym,
101 elf_reloc,
102 elf_get_def_dirs,
103 elf_get_sec_dirs,
104 elf_fix_name,
105 elf_get_so,
106 elf_dladdr,
107 dlsym_handle
108 };
109
110 /*
111 * Default and secure dependency search paths.
112 */
113 static Alist **
elf_get_def_dirs()114 elf_get_def_dirs()
115 {
116 if (elf_def_dirs == NULL)
117 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT);
118 return (&elf_def_dirs);
119 }
120
121 static Alist **
elf_get_sec_dirs()122 elf_get_sec_dirs()
123 {
124 if (elf_sec_dirs == NULL)
125 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE);
126 return (&elf_sec_dirs);
127 }
128
129 /*
130 * For ELF objects we only need perform path expansion. Latent support for
131 * other objects may require further work
132 */
133 static int
elf_fix_name(const char * name,Rt_map * clmp,Alist ** alpp,Aliste alni,uint_t orig)134 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni,
135 uint_t orig)
136 {
137 return (expand_paths(clmp, name, alpp, alni, orig, 0));
138 }
139
140 /*
141 * Determine whether this object requires capabilities.
142 */
143 inline static int
elf_cap_check(Fdesc * fdp,Ehdr * ehdr,Rej_desc * rej)144 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej)
145 {
146 Phdr *phdr;
147 Cap *cap = NULL;
148 Dyn *dyn = NULL;
149 char *str = NULL;
150 Addr base;
151 uint_t cnt, dyncnt;
152
153 /*
154 * If this is a shared object, the base address of the shared object is
155 * added to all address values defined within the object. Otherwise, if
156 * this is an executable, all object addresses are used as is.
157 */
158 if (ehdr->e_type == ET_EXEC)
159 base = 0;
160 else
161 base = (Addr)ehdr;
162
163 /* LINTED */
164 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff);
165 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) {
166 if (phdr->p_type == PT_DYNAMIC) {
167 /* LINTED */
168 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
169 dyncnt = phdr->p_filesz / sizeof (Dyn);
170 } else if (phdr->p_type == PT_SUNWCAP) {
171 /* LINTED */
172 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
173 }
174 }
175
176 if (cap) {
177 /*
178 * From the .dynamic section, determine the associated string
179 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT
180 * processing.
181 */
182 while (dyn && dyncnt) {
183 if (dyn->d_tag == DT_NULL) {
184 break;
185 } else if (dyn->d_tag == DT_STRTAB) {
186 str = (char *)(dyn->d_un.d_ptr + base);
187 break;
188 }
189 dyn++, dyncnt--;
190 }
191 }
192
193 /*
194 * Establish any alternative capabilities, and validate this object
195 * if it defines it's own capabilities information.
196 */
197 return (cap_check_fdesc(fdp, cap, str, rej));
198 }
199
200 /*
201 * Determine if we have been given an ELF file and if so determine if the file
202 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor
203 * with associated error information.
204 */
205 Fct *
elf_verify(caddr_t addr,size_t size,Fdesc * fdp,const char * name,Rej_desc * rej)206 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name,
207 Rej_desc *rej)
208 {
209 Ehdr *ehdr;
210 char *caddr = (char *)addr;
211
212 /*
213 * Determine if we're an elf file. If not simply return, we don't set
214 * any rejection information as this test allows use to scroll through
215 * the objects we support (ELF).
216 */
217 if (size < sizeof (Ehdr) ||
218 caddr[EI_MAG0] != ELFMAG0 ||
219 caddr[EI_MAG1] != ELFMAG1 ||
220 caddr[EI_MAG2] != ELFMAG2 ||
221 caddr[EI_MAG3] != ELFMAG3) {
222 return (NULL);
223 }
224
225 /*
226 * Check class and encoding.
227 */
228 /* LINTED */
229 ehdr = (Ehdr *)addr;
230 if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
231 rej->rej_type = SGS_REJ_CLASS;
232 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
233 return (NULL);
234 }
235 if (ehdr->e_ident[EI_DATA] != M_DATA) {
236 rej->rej_type = SGS_REJ_DATA;
237 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
238 return (NULL);
239 }
240 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
241 (ehdr->e_type != ET_DYN)) {
242 rej->rej_type = SGS_REJ_TYPE;
243 rej->rej_info = (uint_t)ehdr->e_type;
244 return (NULL);
245 }
246
247 /*
248 * Verify ELF version.
249 */
250 if (ehdr->e_version > EV_CURRENT) {
251 rej->rej_type = SGS_REJ_VERSION;
252 rej->rej_info = (uint_t)ehdr->e_version;
253 return (NULL);
254 }
255
256 /*
257 * Verify machine specific flags.
258 */
259 if (elf_mach_flags_check(rej, ehdr) == 0)
260 return (NULL);
261
262 /*
263 * Verify any capability requirements. Note, if this object is a shared
264 * object that is explicitly defined on the ldd(1) command line, and it
265 * contains an incompatible capabilities requirement, then inform the
266 * user, but continue processing.
267 */
268 if (elf_cap_check(fdp, ehdr, rej) == 0) {
269 Rt_map *lmp = lml_main.lm_head;
270
271 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp &&
272 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) {
273 /* LINTED */
274 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name,
275 rej->rej_str);
276 return (&elf_fct);
277 }
278 return (NULL);
279 }
280 return (&elf_fct);
281 }
282
283 /*
284 * The runtime linker employs lazy loading to provide the libraries needed for
285 * debugging, preloading .o's and dldump(). As these are seldom used, the
286 * standard startup of ld.so.1 doesn't initialize all the information necessary
287 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading
288 * is called we get here to perform these initializations:
289 *
290 * - elf_needed() is called to establish any ld.so.1 dependencies. These
291 * dependencies should all be lazy loaded, so this routine is typically a
292 * no-op. However, we call elf_needed() for completeness, in case any
293 * NEEDED initialization is required.
294 *
295 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These
296 * are by default skipped thus delaying all relative relocation processing
297 * on every invocation of ld.so.1.
298 */
299 int
elf_rtld_load()300 elf_rtld_load()
301 {
302 Lm_list *lml = &lml_rtld;
303 Rt_map *lmp = lml->lm_head;
304
305 if (lml->lm_flags & LML_FLG_PLTREL)
306 return (1);
307
308 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0)
309 return (0);
310
311 #if defined(__i386)
312 /*
313 * This is a kludge to give ld.so.1 a performance benefit on i386.
314 * It's based around two factors.
315 *
316 * - JMPSLOT relocations (PLT's) actually need a relative relocation
317 * applied to the GOT entry so that they can find PLT0.
318 *
319 * - ld.so.1 does not exercise *any* PLT's before it has made a call
320 * to elf_lazy_load(). This is because all dynamic dependencies
321 * are recorded as lazy dependencies.
322 */
323 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp),
324 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
325 (ulong_t)ADDR(lmp), lmp, NULL, 0);
326 #endif
327 lml->lm_flags |= LML_FLG_PLTREL;
328 return (1);
329 }
330
331 /*
332 * Lazy load an object.
333 */
334 Rt_map *
elf_lazy_load(Rt_map * clmp,Slookup * slp,uint_t ndx,const char * sym,uint_t flags,Grp_hdl ** hdl,int * in_nfavl)335 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym,
336 uint_t flags, Grp_hdl **hdl, int *in_nfavl)
337 {
338 Alist *palp = NULL;
339 Rt_map *nlmp;
340 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip;
341 const char *name;
342 Lm_list *lml = LIST(clmp);
343 Aliste lmco;
344
345 /*
346 * If this dependency should be ignored, or has already been processed,
347 * we're done.
348 */
349 if (((nlmp = (Rt_map *)dip->di_info) != NULL) ||
350 (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE)))
351 return (nlmp);
352
353 /*
354 * If we're running under ldd(1), indicate that this dependency has been
355 * processed (see test above). It doesn't matter whether the object is
356 * successfully loaded or not, this flag simply ensures that we don't
357 * repeatedly attempt to load an object that has already failed to load.
358 * To do so would create multiple failure diagnostics for the same
359 * object under ldd(1).
360 */
361 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
362 dip->di_flags |= FLG_DI_LDD_DONE;
363
364 /*
365 * Determine the initial dependency name.
366 */
367 name = dip->di_name;
368 DBG_CALL(Dbg_file_lazyload(clmp, name, sym));
369
370 /*
371 * If this object needs to establish its own group, make sure a handle
372 * is created.
373 */
374 if (dip->di_flags & FLG_DI_GROUP)
375 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
376
377 /*
378 * Lazy dependencies are identified as DT_NEEDED entries with a
379 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The
380 * dynamic information element that corresponds to the DT_POSFLAG_1
381 * entry is free, and thus used to store the present entrance
382 * identifier. This identifier is used to prevent multiple attempts to
383 * load a failed lazy loadable dependency within the same runtime linker
384 * operation. However, future attempts to reload this dependency are
385 * still possible.
386 */
387 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1))
388 pdip->di_info = (void *)slp->sl_id;
389
390 /*
391 * Expand the requested name if necessary.
392 */
393 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0)
394 return (NULL);
395
396 /*
397 * Establish a link-map control list for this request.
398 */
399 if ((lmco = create_cntl(lml, 0)) == 0) {
400 remove_alist(&palp, 1);
401 return (NULL);
402 }
403
404 /*
405 * Load the associated object.
406 */
407 dip->di_info = nlmp =
408 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl);
409
410 /*
411 * Remove any expanded pathname infrastructure. Reduce the pending lazy
412 * dependency count of the caller, together with the link-map lists
413 * count of objects that still have lazy dependencies pending.
414 */
415 remove_alist(&palp, 1);
416 if (--LAZY(clmp) == 0)
417 LIST(clmp)->lm_lazy--;
418
419 /*
420 * Finish processing the objects associated with this request, and
421 * create an association between the caller and this dependency.
422 */
423 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) ||
424 ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) ||
425 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0)))
426 dip->di_info = nlmp = NULL;
427
428 /*
429 * If this lazyload has failed, and we've created a new link-map
430 * control list to which this request has added objects, then remove
431 * all the objects that have been associated to this request.
432 */
433 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
434 remove_lmc(lml, clmp, lmco, name);
435
436 /*
437 * Remove any temporary link-map control list.
438 */
439 if (lmco != ALIST_OFF_DATA)
440 remove_cntl(lml, lmco);
441
442 /*
443 * If this lazy loading failed, record the fact, and bump the lazy
444 * counts.
445 */
446 if (nlmp == NULL) {
447 dip->di_flags |= FLG_DI_LAZYFAIL;
448 if (LAZY(clmp)++ == 0)
449 LIST(clmp)->lm_lazy++;
450 }
451
452 return (nlmp);
453 }
454
455 /*
456 * Return the entry point of the ELF executable.
457 */
458 static Addr
elf_entry_point(void)459 elf_entry_point(void)
460 {
461 Rt_map *lmp = lml_main.lm_head;
462 Ehdr *ehdr = (Ehdr *)ADDR(lmp);
463 Addr addr = (Addr)(ehdr->e_entry);
464
465 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0)
466 addr += ADDR(lmp);
467
468 return (addr);
469 }
470
471 /*
472 * Determine if a dependency requires a particular version and if so verify
473 * that the version exists in the dependency.
474 */
475 int
elf_verify_vers(const char * name,Rt_map * clmp,Rt_map * nlmp)476 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
477 {
478 Verneed *vnd = VERNEED(clmp);
479 int _num, num = VERNEEDNUM(clmp);
480 char *cstrs = (char *)STRTAB(clmp);
481 Lm_list *lml = LIST(clmp);
482
483 /*
484 * Traverse the callers version needed information and determine if any
485 * specific versions are required from the dependency.
486 */
487 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp)));
488 for (_num = 1; _num <= num; _num++,
489 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
490 Half cnt = vnd->vn_cnt;
491 Vernaux *vnap;
492 char *nstrs, *need;
493
494 /*
495 * Determine if a needed entry matches this dependency.
496 */
497 need = (char *)(cstrs + vnd->vn_file);
498 if (strcmp(name, need) != 0)
499 continue;
500
501 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
502 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
503 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
504
505 /*
506 * Validate that each version required actually exists in the
507 * dependency.
508 */
509 nstrs = (char *)STRTAB(nlmp);
510
511 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
512 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
513 char *version, *define;
514 Verdef *vdf = VERDEF(nlmp);
515 ulong_t _num, num = VERDEFNUM(nlmp);
516 int found = 0;
517
518 /*
519 * Skip validation of versions that are marked
520 * INFO. This optimization is used for versions
521 * that are inherited by another version. Verification
522 * of the inheriting version is sufficient.
523 *
524 * Such versions are recorded in the object for the
525 * benefit of VERSYM entries that refer to them. This
526 * provides a purely diagnostic benefit.
527 */
528 if (vnap->vna_flags & VER_FLG_INFO)
529 continue;
530
531 version = (char *)(cstrs + vnap->vna_name);
532 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version));
533
534 for (_num = 1; _num <= num; _num++,
535 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
536 Verdaux *vdap;
537
538 if (vnap->vna_hash != vdf->vd_hash)
539 continue;
540
541 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
542 define = (char *)(nstrs + vdap->vda_name);
543 if (strcmp(version, define) != 0)
544 continue;
545
546 found++;
547 break;
548 }
549
550 /*
551 * If we're being traced print out any matched version
552 * when the verbose (-v) option is in effect. Always
553 * print any unmatched versions.
554 */
555 if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
556 /* BEGIN CSTYLED */
557 if (found) {
558 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
559 continue;
560
561 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
562 need, version, NAME(nlmp));
563 } else {
564 if (rtld_flags & RT_FL_SILENCERR)
565 continue;
566
567 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
568 need, version);
569 }
570 /* END CSTYLED */
571 continue;
572 }
573
574 /*
575 * If the version hasn't been found then this is a
576 * candidate for a fatal error condition. Weak
577 * version definition requirements are silently
578 * ignored. Also, if the image inspected for a version
579 * definition has no versioning recorded at all then
580 * silently ignore this (this provides better backward
581 * compatibility to old images created prior to
582 * versioning being available). Both of these skipped
583 * diagnostics are available under tracing (see above).
584 */
585 if ((found == 0) && (num != 0) &&
586 (!(vnap->vna_flags & VER_FLG_WEAK))) {
587 eprintf(lml, ERR_FATAL,
588 MSG_INTL(MSG_VER_NFOUND), need, version,
589 NAME(clmp));
590 return (0);
591 }
592 }
593 }
594 DBG_CALL(Dbg_ver_need_done(lml));
595 return (1);
596 }
597
598 /*
599 * Search through the dynamic section for DT_NEEDED entries and perform one
600 * of two functions. If only the first argument is specified then load the
601 * defined shared object, otherwise add the link map representing the defined
602 * link map the the dlopen list.
603 */
604 static int
elf_needed(Lm_list * lml,Aliste lmco,Rt_map * clmp,int * in_nfavl)605 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl)
606 {
607 Alist *palp = NULL;
608 Dyn *dyn;
609 Dyninfo *dip;
610 Word lmflags = lml->lm_flags;
611
612 /*
613 * A DYNINFO() structure is created during link-map generation that
614 * parallels the DYN() information, and defines any flags that
615 * influence a dependencies loading.
616 */
617 for (dyn = DYN(clmp), dip = DYNINFO(clmp);
618 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
619 uint_t flags = 0, silent = 0;
620 const char *name = dip->di_name;
621 Rt_map *nlmp = NULL;
622
623 if ((dip->di_flags & FLG_DI_NEEDED) == 0)
624 continue;
625
626 /*
627 * Skip any deferred dependencies, unless ldd(1) has forced
628 * their processing. By default, deferred dependencies are
629 * only processed when an explicit binding to an individual
630 * deferred reference is made.
631 */
632 if ((dip->di_flags & FLG_DI_DEFERRED) &&
633 ((rtld_flags & RT_FL_DEFERRED) == 0))
634 continue;
635
636 /*
637 * NOTE, libc.so.1 can't be lazy loaded. Although a lazy
638 * position flag won't be produced when a RTLDINFO .dynamic
639 * entry is found (introduced with the UPM in Solaris 10), it
640 * was possible to mark libc for lazy loading on previous
641 * releases. To reduce the overhead of testing for this
642 * occurrence, only carry out this check for the first object
643 * on the link-map list (there aren't many applications built
644 * without libc).
645 */
646 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) &&
647 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
648 dip->di_flags &= ~FLG_DI_LAZY;
649
650 /*
651 * Don't bring in lazy loaded objects yet unless we've been
652 * asked to attempt to load all available objects (crle(1) sets
653 * LD_FLAGS=loadavail). Even under RTLD_NOW we don't process
654 * this - RTLD_NOW will cause relocation processing which in
655 * turn might trigger lazy loading, but its possible that the
656 * object has a lazy loaded file with no bindings (i.e., it
657 * should never have been a dependency in the first place).
658 */
659 if (dip->di_flags & FLG_DI_LAZY) {
660 if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
661 LAZY(clmp)++;
662 continue;
663 }
664
665 /*
666 * Silence any error messages - see description under
667 * elf_lookup_filtee().
668 */
669 if ((rtld_flags & RT_FL_SILENCERR) == 0) {
670 rtld_flags |= RT_FL_SILENCERR;
671 silent = 1;
672 }
673 }
674
675 DBG_CALL(Dbg_file_needed(clmp, name));
676
677 /*
678 * If we're running under ldd(1), indicate that this dependency
679 * has been processed. It doesn't matter whether the object is
680 * successfully loaded or not, this flag simply ensures that we
681 * don't repeatedly attempt to load an object that has already
682 * failed to load. To do so would create multiple failure
683 * diagnostics for the same object under ldd(1).
684 */
685 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
686 dip->di_flags |= FLG_DI_LDD_DONE;
687
688 /*
689 * Identify any group permission requirements.
690 */
691 if (dip->di_flags & FLG_DI_GROUP)
692 flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
693
694 /*
695 * Establish the objects name, load it and establish a binding
696 * with the caller.
697 */
698 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) ||
699 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp),
700 flags, 0, in_nfavl)) == NULL) ||
701 (bind_one(clmp, nlmp, BND_NEEDED) == 0))
702 nlmp = NULL;
703
704 /*
705 * Clean up any infrastructure, including the removal of the
706 * error suppression state, if it had been previously set in
707 * this routine.
708 */
709 remove_alist(&palp, 0);
710
711 if (silent)
712 rtld_flags &= ~RT_FL_SILENCERR;
713
714 if ((dip->di_info = (void *)nlmp) == NULL) {
715 /*
716 * If the object could not be mapped, continue if error
717 * suppression is established or we're here with ldd(1).
718 */
719 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
720 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
721 continue;
722 else {
723 remove_alist(&palp, 1);
724 return (0);
725 }
726 }
727 }
728
729 if (LAZY(clmp))
730 lml->lm_lazy++;
731
732 remove_alist(&palp, 1);
733 return (1);
734 }
735
736 /*
737 * A null symbol interpretor. Used if a filter has no associated filtees.
738 */
739 /* ARGSUSED0 */
740 static int
elf_null_find_sym(Slookup * slp,Sresult * srp,uint_t * binfo,int * in_nfavl)741 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
742 {
743 return (0);
744 }
745
746 /*
747 * Disable filtee use.
748 */
749 static void
elf_disable_filtee(Rt_map * lmp,Dyninfo * dip)750 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip)
751 {
752 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
753 /*
754 * If this is an object filter, null out the reference name.
755 */
756 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
757 REFNAME(lmp) = NULL;
758 OBJFLTRNDX(lmp) = FLTR_DISABLED;
759
760 /*
761 * Indicate that this filtee is no longer available.
762 */
763 if (dip->di_flags & FLG_DI_STDFLTR)
764 SYMINTP(lmp) = elf_null_find_sym;
765
766 }
767 } else if (dip->di_flags & FLG_DI_STDFLTR) {
768 /*
769 * Indicate that this standard filtee is no longer available.
770 */
771 if (SYMSFLTRCNT(lmp))
772 SYMSFLTRCNT(lmp)--;
773 } else {
774 /*
775 * Indicate that this auxiliary filtee is no longer available.
776 */
777 if (SYMAFLTRCNT(lmp))
778 SYMAFLTRCNT(lmp)--;
779 }
780 dip->di_flags &= ~MSK_DI_FILTER;
781 }
782
783 /*
784 * Find symbol interpreter - filters.
785 * This function is called when the symbols from a shared object should
786 * be resolved from the shared objects filtees instead of from within itself.
787 *
788 * A symbol name of 0 is used to trigger filtee loading.
789 */
790 static int
_elf_lookup_filtee(Slookup * slp,Sresult * srp,uint_t * binfo,uint_t ndx,int * in_nfavl)791 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
792 int *in_nfavl)
793 {
794 const char *name = slp->sl_name, *filtees;
795 Rt_map *clmp = slp->sl_cmap;
796 Rt_map *ilmp = slp->sl_imap;
797 Pdesc *pdp;
798 int any;
799 Dyninfo *dip = &DYNINFO(ilmp)[ndx];
800 Lm_list *lml = LIST(ilmp);
801 Aliste idx;
802
803 /*
804 * Indicate that the filter has been used. If a binding already exists
805 * to the caller, indicate that this object is referenced. This insures
806 * we don't generate false unreferenced diagnostics from ldd -u/U or
807 * debugging. Don't create a binding regardless, as this filter may
808 * have been dlopen()'ed.
809 */
810 if (name && (ilmp != clmp)) {
811 Word tracing = (LIST(clmp)->lm_flags &
812 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
813
814 if (tracing || DBG_ENABLED) {
815 Bnd_desc *bdp;
816 Aliste idx;
817
818 FLAGS1(ilmp) |= FL1_RT_USED;
819
820 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) {
821 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) {
822 if (bdp->b_caller == clmp) {
823 bdp->b_flags |= BND_REFER;
824 break;
825 }
826 }
827 }
828 }
829 }
830
831 /*
832 * If this is the first call to process this filter, establish the
833 * filtee list. If a configuration file exists, determine if any
834 * filtee associations for this filter, and its filtee reference, are
835 * defined. Otherwise, process the filtee reference. Any token
836 * expansion is also completed at this point (i.e., $PLATFORM).
837 */
838 filtees = dip->di_name;
839 if (dip->di_info == NULL) {
840 if (rtld_flags2 & RT_FL2_FLTCFG) {
841 elf_config_flt(lml, PATHNAME(ilmp), filtees,
842 (Alist **)&dip->di_info, AL_CNT_FILTEES);
843 }
844 if (dip->di_info == NULL) {
845 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0));
846 if ((lml->lm_flags &
847 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
848 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
849 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
850 NAME(ilmp), filtees);
851
852 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info,
853 AL_CNT_FILTEES, 0, 0) == 0) {
854 elf_disable_filtee(ilmp, dip);
855 return (0);
856 }
857 }
858 }
859
860 /*
861 * Traverse the filtee list, dlopen()'ing any objects specified and
862 * using their group handle to lookup the symbol.
863 */
864 any = 0;
865 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) {
866 int mode;
867 Grp_hdl *ghp;
868 Rt_map *nlmp = NULL;
869
870 if (pdp->pd_plen == 0)
871 continue;
872
873 /*
874 * Establish the mode of the filtee from the filter. As filtees
875 * are loaded via a dlopen(), make sure that RTLD_GROUP is set
876 * and the filtees aren't global. It would be nice to have
877 * RTLD_FIRST used here also, but as filters got out long before
878 * RTLD_FIRST was introduced it's a little too late now.
879 */
880 mode = MODE(ilmp) | RTLD_GROUP;
881 mode &= ~RTLD_GLOBAL;
882
883 /*
884 * Insure that any auxiliary filter can locate symbols from its
885 * caller.
886 */
887 if (dip->di_flags & FLG_DI_AUXFLTR)
888 mode |= RTLD_PARENT;
889
890 /*
891 * Process any capability directory. Establish a new link-map
892 * control list from which to analyze any newly added objects.
893 */
894 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) {
895 const char *dir = pdp->pd_pname;
896 Aliste lmco;
897
898 /*
899 * Establish a link-map control list for this request.
900 */
901 if ((lmco = create_cntl(lml, 0)) == 0)
902 return (0);
903
904 /*
905 * Determine the capability filtees. If none can be
906 * found, provide suitable diagnostics.
907 */
908 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp));
909 if (cap_filtees((Alist **)&dip->di_info, idx, dir,
910 lmco, ilmp, clmp, filtees, mode,
911 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) {
912 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
913 (dip->di_flags & FLG_DI_AUXFLTR) &&
914 (rtld_flags & RT_FL_WARNFLTR)) {
915 (void) printf(
916 MSG_INTL(MSG_LDD_CAP_NFOUND), dir);
917 }
918 DBG_CALL(Dbg_cap_filter(lml, dir, 0));
919 }
920
921 /*
922 * Re-establish the originating path name descriptor,
923 * as the expansion of capabilities filtees may have
924 * re-allocated the controlling Alist. Mark this
925 * original pathname descriptor as unused so that the
926 * descriptor isn't revisited for processing. Any real
927 * capabilities filtees have been added as new pathname
928 * descriptors following this descriptor.
929 */
930 pdp = alist_item((Alist *)dip->di_info, idx);
931 pdp->pd_flags &= ~PD_TKN_CAP;
932 pdp->pd_plen = 0;
933
934 /*
935 * Now that any capability objects have been processed,
936 * remove any temporary link-map control list.
937 */
938 if (lmco != ALIST_OFF_DATA)
939 remove_cntl(lml, lmco);
940 }
941
942 if (pdp->pd_plen == 0)
943 continue;
944
945 /*
946 * Process an individual filtee.
947 */
948 if (pdp->pd_info == NULL) {
949 const char *filtee = pdp->pd_pname;
950 int audit = 0;
951
952 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0));
953
954 ghp = NULL;
955
956 /*
957 * Determine if the reference link map is already
958 * loaded. As an optimization compare the filtee with
959 * our interpretor. The most common filter is
960 * libdl.so.1, which is a filter on ld.so.1.
961 */
962 #if defined(_ELF64)
963 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
964 #else
965 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
966 #endif
967 uint_t hflags, rdflags, cdflags;
968
969 /*
970 * Establish any flags for the handle (Grp_hdl).
971 *
972 * - This is a special, public, ld.so.1
973 * handle.
974 * - Only the first object on this handle
975 * can supply symbols.
976 * - This handle provides a filtee.
977 *
978 * Essentially, this handle allows a caller to
979 * reference the dl*() family of interfaces from
980 * ld.so.1.
981 */
982 hflags = (GPH_PUBLIC | GPH_LDSO |
983 GPH_FIRST | GPH_FILTEE);
984
985 /*
986 * Establish the flags for the referenced
987 * dependency descriptor (Grp_desc).
988 *
989 * - ld.so.1 is available for dlsym().
990 * - ld.so.1 is available to relocate
991 * against.
992 * - There's no need to add an dependencies
993 * to this handle.
994 */
995 rdflags = (GPD_DLSYM | GPD_RELOC);
996
997 /*
998 * Establish the flags for this callers
999 * dependency descriptor (Grp_desc).
1000 *
1001 * - The explicit creation of a handle
1002 * creates a descriptor for the referenced
1003 * object and the parent (caller).
1004 */
1005 cdflags = GPD_PARENT;
1006
1007 nlmp = lml_rtld.lm_head;
1008 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1009 hflags, rdflags, cdflags)) == NULL)
1010 nlmp = NULL;
1011
1012 /*
1013 * Establish the filter handle to prevent any
1014 * recursion.
1015 */
1016 if (nlmp && ghp)
1017 pdp->pd_info = (void *)ghp;
1018
1019 /*
1020 * Audit the filter/filtee established. Ignore
1021 * any return from the auditor, as we can't
1022 * allow ignore filtering to ld.so.1, otherwise
1023 * nothing is going to work.
1024 */
1025 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) &
1026 LML_TFLG_AUD_OBJFILTER))
1027 (void) audit_objfilter(ilmp, filtees,
1028 nlmp, 0);
1029
1030 } else {
1031 Rej_desc rej = { 0 };
1032 Fdesc fd = { 0 };
1033 Aliste lmco;
1034
1035 /*
1036 * Trace the inspection of this file, determine
1037 * any auditor substitution, and seed the file
1038 * descriptor with the originating name.
1039 */
1040 if (load_trace(lml, pdp, clmp, &fd) == NULL)
1041 continue;
1042
1043 /*
1044 * Establish a link-map control list for this
1045 * request.
1046 */
1047 if ((lmco = create_cntl(lml, 0)) == 0)
1048 return (0);
1049
1050 /*
1051 * Locate and load the filtee.
1052 */
1053 if ((nlmp = load_path(lml, lmco, ilmp, mode,
1054 FLG_RT_PUBHDL, &ghp, &fd, &rej,
1055 in_nfavl)) == NULL)
1056 file_notfound(LIST(ilmp), filtee, ilmp,
1057 FLG_RT_PUBHDL, &rej);
1058
1059 filtee = pdp->pd_pname;
1060
1061 /*
1062 * Establish the filter handle to prevent any
1063 * recursion.
1064 */
1065 if (nlmp && ghp) {
1066 ghp->gh_flags |= GPH_FILTEE;
1067 pdp->pd_info = (void *)ghp;
1068
1069 FLAGS1(nlmp) |= FL1_RT_USED;
1070 }
1071
1072 /*
1073 * Audit the filter/filtee established. A
1074 * return of 0 indicates the auditor wishes to
1075 * ignore this filtee.
1076 */
1077 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1078 LML_TFLG_AUD_OBJFILTER)) {
1079 if (audit_objfilter(ilmp, filtees,
1080 nlmp, 0) == 0) {
1081 audit = 1;
1082 nlmp = NULL;
1083 }
1084 }
1085
1086 /*
1087 * Finish processing the objects associated with
1088 * this request. Create an association between
1089 * this object and the originating filter to
1090 * provide sufficient information to tear down
1091 * this filtee if necessary.
1092 */
1093 if (nlmp && ghp && (((nlmp = analyze_lmc(lml,
1094 lmco, nlmp, clmp, in_nfavl)) == NULL) ||
1095 (relocate_lmc(lml, lmco, ilmp, nlmp,
1096 in_nfavl) == 0)))
1097 nlmp = NULL;
1098
1099 /*
1100 * If the filtee has been successfully
1101 * processed, then create an association
1102 * between the filter and filtee. This
1103 * association provides sufficient information
1104 * to tear down the filter and filtee if
1105 * necessary.
1106 */
1107 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD));
1108 if (nlmp && ghp && (hdl_add(ghp, ilmp,
1109 GPD_FILTER, NULL) == NULL))
1110 nlmp = NULL;
1111
1112 /*
1113 * Generate a diagnostic if the filtee couldn't
1114 * be loaded.
1115 */
1116 if (nlmp == NULL)
1117 DBG_CALL(Dbg_file_filtee(lml, 0, filtee,
1118 audit));
1119
1120 /*
1121 * If this filtee loading has failed, and we've
1122 * created a new link-map control list to which
1123 * this request has added objects, then remove
1124 * all the objects that have been associated to
1125 * this request.
1126 */
1127 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
1128 remove_lmc(lml, clmp, lmco, name);
1129
1130 /*
1131 * Remove any temporary link-map control list.
1132 */
1133 if (lmco != ALIST_OFF_DATA)
1134 remove_cntl(lml, lmco);
1135 }
1136
1137 /*
1138 * If the filtee couldn't be loaded, null out the
1139 * path name descriptor entry, and continue the search.
1140 * Otherwise, the group handle is retained for future
1141 * symbol searches.
1142 */
1143 if (nlmp == NULL) {
1144 pdp->pd_info = NULL;
1145 pdp->pd_plen = 0;
1146 continue;
1147 }
1148 }
1149
1150 ghp = (Grp_hdl *)pdp->pd_info;
1151
1152 /*
1153 * If name is NULL, we're here to trigger filtee loading.
1154 * Skip the symbol lookup so that we'll continue looking for
1155 * additional filtees.
1156 */
1157 if (name) {
1158 Grp_desc *gdp;
1159 int ret = 0;
1160 Aliste idx;
1161 Slookup sl = *slp;
1162
1163 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM);
1164 any++;
1165
1166 /*
1167 * Look for the symbol in the handles dependencies.
1168 */
1169 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) {
1170 if ((gdp->gd_flags & GPD_DLSYM) == 0)
1171 continue;
1172
1173 /*
1174 * If our parent is a dependency don't look at
1175 * it (otherwise we are in a recursive loop).
1176 * This situation can occur with auxiliary
1177 * filters if the filtee has a dependency on the
1178 * filter. This dependency isn't necessary as
1179 * auxiliary filters are opened RTLD_PARENT, but
1180 * users may still unknowingly add an explicit
1181 * dependency to the parent.
1182 */
1183 if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1184 continue;
1185
1186 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo,
1187 in_nfavl)) != 0) ||
1188 (ghp->gh_flags & GPH_FIRST))
1189 break;
1190 }
1191
1192 /*
1193 * If a symbol has been found, indicate the binding
1194 * and return the symbol.
1195 */
1196 if (ret) {
1197 *binfo |= DBG_BINFO_FILTEE;
1198 return (1);
1199 }
1200 }
1201
1202 /*
1203 * If this object is tagged to terminate filtee processing we're
1204 * done.
1205 */
1206 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE)
1207 break;
1208 }
1209
1210 /*
1211 * If we're just here to trigger filtee loading then we're done.
1212 */
1213 if (name == NULL)
1214 return (0);
1215
1216 /*
1217 * If no filtees have been found for a filter, clean up any path name
1218 * descriptors and disable their search completely. For auxiliary
1219 * filters we can reselect the symbol search function so that we never
1220 * enter this routine again for this object. For standard filters we
1221 * use the null symbol routine.
1222 */
1223 if (any == 0) {
1224 remove_alist((Alist **)&(dip->di_info), 1);
1225 elf_disable_filtee(ilmp, dip);
1226 }
1227
1228 return (0);
1229 }
1230
1231 /*
1232 * Focal point for disabling error messages for auxiliary filters. As an
1233 * auxiliary filter allows for filtee use, but provides a fallback should a
1234 * filtee not exist (or fail to load), any errors generated as a consequence of
1235 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR
1236 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is
1237 * produced. ldd(1) employs printf(), and here the selection of whether to
1238 * print a diagnostic in regards to auxiliary filters is a little more complex.
1239 *
1240 * - The determination of whether to produce an ldd message, or a fatal
1241 * error message is driven by LML_FLG_TRC_ENABLE.
1242 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1243 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1244 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1245 * - If the calling object is lddstub, then several classes of message are
1246 * suppressed. The user isn't trying to diagnose lddstub, this is simply
1247 * a stub executable employed to preload a user specified library against.
1248 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1249 * be suppressed. All detailed ldd messages should still be produced.
1250 */
1251 int
1252 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
1253 int *in_nfavl)
1254 {
1255 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx];
1256 int ret, silent = 0;
1257
1258 /*
1259 * Make sure this entry is still acting as a filter. We may have tried
1260 * to process this previously, and disabled it if the filtee couldn't
1261 * be processed. However, other entries may provide different filtees
1262 * that are yet to be completed.
1263 */
1264 if (dip->di_flags == 0)
1265 return (0);
1266
1267 /*
1268 * Indicate whether an error message is required should this filtee not
1269 * be found, based on the type of filter.
1270 */
1271 if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1272 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1273 rtld_flags |= RT_FL_SILENCERR;
1274 silent = 1;
1275 }
1276
1277 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl);
1278
1279 if (silent)
1280 rtld_flags &= ~RT_FL_SILENCERR;
1281
1282 return (ret);
1283 }
1284
1285 /*
1286 * Compute the elf hash value (as defined in the ELF access library).
1287 * The form of the hash table is:
1288 *
1289 * |--------------|
1290 * | # of buckets |
1291 * |--------------|
1292 * | # of chains |
1293 * |--------------|
1294 * | bucket[] |
1295 * |--------------|
1296 * | chain[] |
1297 * |--------------|
1298 */
1299 ulong_t
1300 elf_hash(const char *name)
1301 {
1302 uint_t hval = 0;
1303
1304 while (*name) {
1305 uint_t g;
1306 hval = (hval << 4) + *name++;
1307 if ((g = (hval & 0xf0000000)) != 0)
1308 hval ^= g >> 24;
1309 hval &= ~g;
1310 }
1311 return ((ulong_t)hval);
1312 }
1313
1314 /*
1315 * Look up a symbol. The callers lookup information is passed in the Slookup
1316 * structure, and any resultant binding information is returned in the Sresult
1317 * structure.
1318 */
1319 int
1320 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
1321 {
1322 const char *name = slp->sl_name;
1323 Rt_map *ilmp = slp->sl_imap;
1324 ulong_t hash = slp->sl_hash;
1325 uint_t ndx, hashoff, buckets, *chainptr;
1326 Sym *sym, *symtabptr;
1327 char *strtabptr, *strtabname;
1328 uint_t flags1;
1329 Syminfo *sip;
1330
1331 /*
1332 * If we're only here to establish a symbols index, skip the diagnostic
1333 * used to trace a symbol search.
1334 */
1335 if ((slp->sl_flags & LKUP_SYMNDX) == 0)
1336 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF)));
1337
1338 if (HASH(ilmp) == NULL)
1339 return (0);
1340
1341 buckets = HASH(ilmp)[0];
1342 /* LINTED */
1343 hashoff = ((uint_t)hash % buckets) + 2;
1344
1345 /*
1346 * Get the first symbol from the hash chain and initialize the string
1347 * and symbol table pointers.
1348 */
1349 if ((ndx = HASH(ilmp)[hashoff]) == 0)
1350 return (0);
1351
1352 chainptr = HASH(ilmp) + 2 + buckets;
1353 strtabptr = STRTAB(ilmp);
1354 symtabptr = SYMTAB(ilmp);
1355
1356 while (ndx) {
1357 sym = symtabptr + ndx;
1358 strtabname = strtabptr + sym->st_name;
1359
1360 /*
1361 * Compare the symbol found with the name required. If the
1362 * names don't match continue with the next hash entry.
1363 */
1364 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1365 hashoff = ndx + buckets + 2;
1366 if ((ndx = chainptr[ndx]) != 0)
1367 continue;
1368 return (0);
1369 }
1370
1371 /*
1372 * Symbols that are defined as hidden within an object usually
1373 * have any references from within the same object bound at
1374 * link-edit time, thus ld.so.1 is not involved. However, if
1375 * these are capabilities symbols, then references to them must
1376 * be resolved at runtime. A hidden symbol can only be bound
1377 * to by the object that defines the symbol.
1378 */
1379 if ((sym->st_shndx != SHN_UNDEF) &&
1380 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) &&
1381 (slp->sl_cmap != ilmp))
1382 return (0);
1383
1384 /*
1385 * The Solaris ld does not put DT_VERSYM in the dynamic
1386 * section, but the GNU ld does. The GNU runtime linker
1387 * interprets the top bit of the 16-bit Versym value
1388 * (0x8000) as the "hidden" bit. If this bit is set,
1389 * the linker is supposed to act as if that symbol does
1390 * not exist. The hidden bit supports their versioning
1391 * scheme, which allows multiple incompatible functions
1392 * with the same name to exist at different versions
1393 * within an object. The Solaris linker does not support this
1394 * mechanism, or the model of interface evolution that
1395 * it allows, but we honor the hidden bit in GNU ld
1396 * produced objects in order to interoperate with them.
1397 */
1398 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) {
1399 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name,
1400 ndx, VERSYM(ilmp)[ndx]));
1401 return (0);
1402 }
1403
1404 /*
1405 * If we're only here to establish a symbol's index, we're done.
1406 */
1407 if (slp->sl_flags & LKUP_SYMNDX) {
1408 srp->sr_dmap = ilmp;
1409 srp->sr_sym = sym;
1410 return (1);
1411 }
1412
1413 /*
1414 * If we find a match and the symbol is defined, capture the
1415 * symbol pointer and the link map in which it was found.
1416 */
1417 if (sym->st_shndx != SHN_UNDEF) {
1418 srp->sr_dmap = ilmp;
1419 srp->sr_sym = sym;
1420 *binfo |= DBG_BINFO_FOUND;
1421
1422 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1423 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1424 is_sym_interposer(ilmp, sym)))
1425 *binfo |= DBG_BINFO_INTERPOSE;
1426 break;
1427
1428 /*
1429 * If we find a match and the symbol is undefined, the
1430 * symbol type is a function, and the value of the symbol
1431 * is non zero, then this is a special case. This allows
1432 * the resolution of a function address to the plt[] entry.
1433 * See SPARC ABI, Dynamic Linking, Function Addresses for
1434 * more details.
1435 */
1436 } else if ((slp->sl_flags & LKUP_SPEC) &&
1437 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1438 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1439 srp->sr_dmap = ilmp;
1440 srp->sr_sym = sym;
1441 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1442
1443 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1444 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1445 is_sym_interposer(ilmp, sym)))
1446 *binfo |= DBG_BINFO_INTERPOSE;
1447 return (1);
1448 }
1449
1450 /*
1451 * Undefined symbol.
1452 */
1453 return (0);
1454 }
1455
1456 /*
1457 * We've found a match. Determine if the defining object contains
1458 * symbol binding information.
1459 */
1460 if ((sip = SYMINFO(ilmp)) != NULL)
1461 sip += ndx;
1462
1463 /*
1464 * If this definition is a singleton, and we haven't followed a default
1465 * symbol search knowing that we're looking for a singleton (presumably
1466 * because the symbol definition has been changed since the referring
1467 * object was built), then reject this binding so that the caller can
1468 * fall back to a standard symbol search.
1469 */
1470 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) &&
1471 (((slp->sl_flags & LKUP_STANDARD) == 0) ||
1472 (((slp->sl_flags & LKUP_SINGLETON) == 0) &&
1473 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) {
1474 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1475 DBG_BNDREJ_SINGLE));
1476 *binfo |= BINFO_REJSINGLE;
1477 *binfo &= ~DBG_BINFO_MSK;
1478 return (0);
1479 }
1480
1481 /*
1482 * If this is a direct binding request, but the symbol definition has
1483 * disabled directly binding to it (presumably because the symbol
1484 * definition has been changed since the referring object was built),
1485 * reject this binding so that the caller can fall back to a standard
1486 * symbol search.
1487 */
1488 if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1489 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1490 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1491 DBG_BNDREJ_DIRECT));
1492 *binfo |= BINFO_REJDIRECT;
1493 *binfo &= ~DBG_BINFO_MSK;
1494 return (0);
1495 }
1496
1497 /*
1498 * If this is a binding request within an RTLD_GROUP family, and the
1499 * symbol has disabled directly binding to it, reject this binding so
1500 * that the caller can fall back to a standard symbol search.
1501 *
1502 * Effectively, an RTLD_GROUP family achieves what can now be
1503 * established with direct bindings. However, various symbols have
1504 * been tagged as inappropriate for direct binding to (ie. libc:malloc).
1505 *
1506 * A symbol marked as no-direct cannot be used within a group without
1507 * first ensuring that the symbol has not been interposed upon outside
1508 * of the group. A common example occurs when users implement their own
1509 * version of malloc() in the executable. Such a malloc() interposes on
1510 * the libc:malloc, and this interposition must be honored within the
1511 * group as well.
1512 *
1513 * Following any rejection, LKUP_WORLD is established as a means of
1514 * overriding this test as we return to a standard search.
1515 */
1516 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) &&
1517 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) &&
1518 ((slp->sl_flags & LKUP_WORLD) == 0)) {
1519 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1520 DBG_BNDREJ_GROUP));
1521 *binfo |= BINFO_REJGROUP;
1522 *binfo &= ~DBG_BINFO_MSK;
1523 return (0);
1524 }
1525
1526 /*
1527 * If this symbol is associated with capabilities, then each of the
1528 * capabilities instances needs to be compared against the system
1529 * capabilities. The best instance will be chosen to satisfy this
1530 * binding.
1531 */
1532 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) &&
1533 (cap_match(srp, ndx, symtabptr, strtabptr) == 0))
1534 return (0);
1535
1536 /*
1537 * Determine whether this object is acting as a filter.
1538 */
1539 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1540 return (1);
1541
1542 /*
1543 * Determine if this object offers per-symbol filtering, and if so,
1544 * whether this symbol references a filtee.
1545 */
1546 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1547 /*
1548 * If this is a standard filter reference, and no standard
1549 * filtees remain to be inspected, we're done. If this is an
1550 * auxiliary filter reference, and no auxiliary filtees remain,
1551 * we'll fall through in case any object filtering is available.
1552 */
1553 if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1554 (SYMSFLTRCNT(ilmp) == 0))
1555 return (0);
1556
1557 if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1558 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1559 SYMAFLTRCNT(ilmp))) {
1560 Sresult sr;
1561
1562 /*
1563 * Initialize a local symbol result descriptor, using
1564 * the original symbol name.
1565 */
1566 SRESULT_INIT(sr, slp->sl_name);
1567
1568 /*
1569 * This symbol has an associated filtee. Lookup the
1570 * symbol in the filtee, and if it is found return it.
1571 * If the symbol doesn't exist, and this is a standard
1572 * filter, return an error, otherwise fall through to
1573 * catch any object filtering that may be available.
1574 */
1575 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto,
1576 in_nfavl)) {
1577 *srp = sr;
1578 return (1);
1579 }
1580 if (sip->si_flags & SYMINFO_FLG_FILTER)
1581 return (0);
1582 }
1583 }
1584
1585 /*
1586 * Determine if this object provides global filtering.
1587 */
1588 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1589 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1590 Sresult sr;
1591
1592 /*
1593 * Initialize a local symbol result descriptor, using
1594 * the original symbol name.
1595 */
1596 SRESULT_INIT(sr, slp->sl_name);
1597
1598 /*
1599 * This object has an associated filtee. Lookup the
1600 * symbol in the filtee, and if it is found return it.
1601 * If the symbol doesn't exist, and this is a standard
1602 * filter, return and error, otherwise return the symbol
1603 * within the filter itself.
1604 */
1605 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp),
1606 in_nfavl)) {
1607 *srp = sr;
1608 return (1);
1609 }
1610 }
1611
1612 if (flags1 & FL1_RT_OBJSFLTR)
1613 return (0);
1614 }
1615 return (1);
1616 }
1617
1618 /*
1619 * Create a new Rt_map structure for an ELF object and initialize
1620 * all values.
1621 */
1622 Rt_map *
1623 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize,
1624 void *odyn, Rt_map *clmp, int *in_nfavl)
1625 {
1626 const char *name = fdp->fd_nname;
1627 Rt_map *lmp;
1628 Ehdr *ehdr = (Ehdr *)addr;
1629 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL;
1630 Dyn *dyn = (Dyn *)odyn;
1631 Cap *cap = NULL;
1632 int ndx;
1633 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1634 Xword rpath = 0;
1635 size_t lmsz, rtsz, epsz, dynsz = 0;
1636 uint_t dyncnt = 0;
1637
1638 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco));
1639
1640 /*
1641 * If this is a shared object, the base address of the shared object is
1642 * added to all address values defined within the object. Otherwise, if
1643 * this is an executable, all object addresses are used as is.
1644 */
1645 if (ehdr->e_type == ET_EXEC)
1646 base = 0;
1647 else
1648 base = addr;
1649
1650 /*
1651 * Traverse the program header table, picking off required items. This
1652 * traversal also provides for the sizing of the PT_DYNAMIC section.
1653 */
1654 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff);
1655 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++,
1656 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) {
1657 switch (phdr->p_type) {
1658 case PT_DYNAMIC:
1659 dphdr = phdr;
1660 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
1661 break;
1662 case PT_TLS:
1663 tphdr = phdr;
1664 break;
1665 case PT_SUNWCAP:
1666 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
1667 break;
1668 case PT_SUNW_UNWIND:
1669 case PT_SUNW_EH_FRAME:
1670 uphdr = phdr;
1671 break;
1672 default:
1673 break;
1674 }
1675 }
1676
1677 /*
1678 * Determine the number of PT_DYNAMIC entries for the DYNINFO()
1679 * allocation. Sadly, this is a little larger than we really need,
1680 * as there are typically padding DT_NULL entries. However, adding
1681 * this data to the initial link-map allocation is a win.
1682 */
1683 if (dyn) {
1684 dyncnt = dphdr->p_filesz / sizeof (Dyn);
1685 dynsz = dyncnt * sizeof (Dyninfo);
1686 }
1687
1688 /*
1689 * Allocate space for the link-map, private elf information, and
1690 * DYNINFO() data. Once these are allocated and initialized,
1691 * remove_so(0, lmp) can be used to tear down the link-map allocation
1692 * should any failures occur.
1693 */
1694 rtsz = S_DROUND(sizeof (Rt_map));
1695 epsz = S_DROUND(sizeof (Rt_elfp));
1696 lmsz = rtsz + epsz + dynsz;
1697 if ((lmp = calloc(1, lmsz)) == NULL)
1698 return (NULL);
1699 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz);
1700 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz);
1701 LMSIZE(lmp) = lmsz;
1702
1703 /*
1704 * All fields not filled in were set to 0 by calloc.
1705 */
1706 NAME(lmp) = (char *)name;
1707 ADDR(lmp) = addr;
1708 MSIZE(lmp) = msize;
1709 SYMINTP(lmp) = elf_find_sym;
1710 FCT(lmp) = &elf_fct;
1711 LIST(lmp) = lml;
1712 OBJFLTRNDX(lmp) = FLTR_DISABLED;
1713 SORTVAL(lmp) = -1;
1714 DYN(lmp) = dyn;
1715 DYNINFOCNT(lmp) = dyncnt;
1716 PTUNWIND(lmp) = uphdr;
1717
1718 if (ehdr->e_type == ET_EXEC)
1719 FLAGS(lmp) |= FLG_RT_FIXED;
1720
1721 /*
1722 * Fill in rest of the link map entries with information from the file's
1723 * dynamic structure.
1724 */
1725 if (dyn) {
1726 Dyninfo *dip;
1727 uint_t dynndx;
1728 Xword pltpadsz = 0;
1729 Rti_desc *rti;
1730 Dyn *pdyn;
1731 Word lmtflags = lml->lm_tflags;
1732 int ignore = 0;
1733
1734 /*
1735 * Note, we use DT_NULL to terminate processing, and the
1736 * dynamic entry count as a fall back. Normally, a DT_NULL
1737 * entry marks the end of the dynamic section. Any non-NULL
1738 * items following the first DT_NULL are silently ignored.
1739 * This situation should only occur through use of elfedit(1)
1740 * or a similar tool.
1741 */
1742 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp);
1743 dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) {
1744
1745 if (ignore) {
1746 dip->di_flags |= FLG_DI_IGNORE;
1747 continue;
1748 }
1749
1750 switch ((Xword)dyn->d_tag) {
1751 case DT_NULL:
1752 dip->di_flags |= ignore = FLG_DI_IGNORE;
1753 break;
1754 case DT_POSFLAG_1:
1755 dip->di_flags |= FLG_DI_POSFLAG1;
1756 break;
1757 case DT_NEEDED:
1758 case DT_USED:
1759 dip->di_flags |= FLG_DI_NEEDED;
1760
1761 /* BEGIN CSTYLED */
1762 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) {
1763 /*
1764 * Identify any non-deferred lazy load for
1765 * future processing, unless LD_NOLAZYLOAD
1766 * has been set.
1767 */
1768 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) &&
1769 ((lmtflags & LML_TFLG_NOLAZYLD) == 0))
1770 dip->di_flags |= FLG_DI_LAZY;
1771
1772 /*
1773 * Identify any group permission
1774 * requirements.
1775 */
1776 if (pdyn->d_un.d_val & DF_P1_GROUPPERM)
1777 dip->di_flags |= FLG_DI_GROUP;
1778
1779 /*
1780 * Identify any deferred dependencies.
1781 */
1782 if (pdyn->d_un.d_val & DF_P1_DEFERRED)
1783 dip->di_flags |= FLG_DI_DEFERRED;
1784 }
1785 /* END CSTYLED */
1786 break;
1787 case DT_SYMTAB:
1788 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1789 break;
1790 case DT_SUNW_SYMTAB:
1791 SUNWSYMTAB(lmp) =
1792 (void *)(dyn->d_un.d_ptr + base);
1793 break;
1794 case DT_SUNW_SYMSZ:
1795 SUNWSYMSZ(lmp) = dyn->d_un.d_val;
1796 break;
1797 case DT_STRTAB:
1798 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1799 break;
1800 case DT_SYMENT:
1801 SYMENT(lmp) = dyn->d_un.d_val;
1802 break;
1803 case DT_FEATURE_1:
1804 if (dyn->d_un.d_val & DTF_1_CONFEXP)
1805 crle = 1;
1806 break;
1807 case DT_MOVESZ:
1808 MOVESZ(lmp) = dyn->d_un.d_val;
1809 FLAGS(lmp) |= FLG_RT_MOVE;
1810 break;
1811 case DT_MOVEENT:
1812 MOVEENT(lmp) = dyn->d_un.d_val;
1813 break;
1814 case DT_MOVETAB:
1815 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1816 break;
1817 case DT_REL:
1818 case DT_RELA:
1819 /*
1820 * At this time, ld.so. can only handle one
1821 * type of relocation per object.
1822 */
1823 REL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1824 break;
1825 case DT_RELSZ:
1826 case DT_RELASZ:
1827 RELSZ(lmp) = dyn->d_un.d_val;
1828 break;
1829 case DT_RELENT:
1830 case DT_RELAENT:
1831 RELENT(lmp) = dyn->d_un.d_val;
1832 break;
1833 case DT_RELCOUNT:
1834 case DT_RELACOUNT:
1835 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val;
1836 break;
1837 case DT_HASH:
1838 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base);
1839 break;
1840 case DT_PLTGOT:
1841 PLTGOT(lmp) =
1842 (uint_t *)(dyn->d_un.d_ptr + base);
1843 break;
1844 case DT_PLTRELSZ:
1845 PLTRELSZ(lmp) = dyn->d_un.d_val;
1846 break;
1847 case DT_JMPREL:
1848 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1849 break;
1850 case DT_INIT:
1851 if (dyn->d_un.d_ptr != 0)
1852 INIT(lmp) =
1853 (void (*)())(dyn->d_un.d_ptr +
1854 base);
1855 break;
1856 case DT_FINI:
1857 if (dyn->d_un.d_ptr != 0)
1858 FINI(lmp) =
1859 (void (*)())(dyn->d_un.d_ptr +
1860 base);
1861 break;
1862 case DT_INIT_ARRAY:
1863 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1864 base);
1865 break;
1866 case DT_INIT_ARRAYSZ:
1867 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1868 break;
1869 case DT_FINI_ARRAY:
1870 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1871 base);
1872 break;
1873 case DT_FINI_ARRAYSZ:
1874 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1875 break;
1876 case DT_PREINIT_ARRAY:
1877 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1878 base);
1879 break;
1880 case DT_PREINIT_ARRAYSZ:
1881 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1882 break;
1883 case DT_RPATH:
1884 case DT_RUNPATH:
1885 rpath = dyn->d_un.d_val;
1886 break;
1887 case DT_FILTER:
1888 dip->di_flags |= FLG_DI_STDFLTR;
1889 fltr = dyn->d_un.d_val;
1890 OBJFLTRNDX(lmp) = dynndx;
1891 FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
1892 break;
1893 case DT_AUXILIARY:
1894 dip->di_flags |= FLG_DI_AUXFLTR;
1895 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1896 fltr = dyn->d_un.d_val;
1897 OBJFLTRNDX(lmp) = dynndx;
1898 }
1899 FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
1900 break;
1901 case DT_SUNW_FILTER:
1902 dip->di_flags |=
1903 (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
1904 SYMSFLTRCNT(lmp)++;
1905 FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
1906 break;
1907 case DT_SUNW_AUXILIARY:
1908 dip->di_flags |=
1909 (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
1910 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1911 SYMAFLTRCNT(lmp)++;
1912 }
1913 FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
1914 break;
1915 case DT_DEPAUDIT:
1916 if (!(rtld_flags & RT_FL_NOAUDIT)) {
1917 audit = dyn->d_un.d_val;
1918 FLAGS1(lmp) |= FL1_RT_DEPAUD;
1919 }
1920 break;
1921 case DT_CONFIG:
1922 cfile = dyn->d_un.d_val;
1923 break;
1924 case DT_DEBUG:
1925 /*
1926 * DT_DEBUG entries are only created in
1927 * dynamic objects that require an interpretor
1928 * (ie. all dynamic executables and some shared
1929 * objects), and provide for a hand-shake with
1930 * old debuggers. This entry is initialized to
1931 * zero by the link-editor. If a debugger is
1932 * monitoring us, and has updated this entry,
1933 * set the debugger monitor flag, and finish
1934 * initializing the debugging structure. See
1935 * setup(). Also, switch off any configuration
1936 * object use as most debuggers can't handle
1937 * fixed dynamic executables as dependencies.
1938 */
1939 if (dyn->d_un.d_ptr)
1940 rtld_flags |=
1941 (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
1942 dyn->d_un.d_ptr = (Addr)&r_debug;
1943 break;
1944 case DT_VERNEED:
1945 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr +
1946 base);
1947 break;
1948 case DT_VERNEEDNUM:
1949 /* LINTED */
1950 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val;
1951 break;
1952 case DT_VERDEF:
1953 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr +
1954 base);
1955 break;
1956 case DT_VERDEFNUM:
1957 /* LINTED */
1958 VERDEFNUM(lmp) = (int)dyn->d_un.d_val;
1959 break;
1960 case DT_VERSYM:
1961 /*
1962 * The Solaris ld does not produce DT_VERSYM,
1963 * but the GNU ld does, in order to support
1964 * their style of versioning, which differs
1965 * from ours in some ways, while using the
1966 * same data structures. The presence of
1967 * DT_VERSYM therefore means that GNU
1968 * versioning rules apply to the given file.
1969 * If DT_VERSYM is not present, then Solaris
1970 * versioning rules apply.
1971 */
1972 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr +
1973 base);
1974 break;
1975 case DT_BIND_NOW:
1976 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
1977 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
1978 MODE(lmp) |= RTLD_NOW;
1979 MODE(lmp) &= ~RTLD_LAZY;
1980 }
1981 break;
1982 case DT_FLAGS:
1983 FLAGS1(lmp) |= FL1_RT_DTFLAGS;
1984 if (dyn->d_un.d_val & DF_SYMBOLIC)
1985 FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
1986 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
1987 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
1988 MODE(lmp) |= RTLD_NOW;
1989 MODE(lmp) &= ~RTLD_LAZY;
1990 }
1991 /*
1992 * Capture any static TLS use, and enforce that
1993 * this object be non-deletable.
1994 */
1995 if (dyn->d_un.d_val & DF_STATIC_TLS) {
1996 FLAGS1(lmp) |= FL1_RT_TLSSTAT;
1997 MODE(lmp) |= RTLD_NODELETE;
1998 }
1999 break;
2000 case DT_FLAGS_1:
2001 if (dyn->d_un.d_val & DF_1_DISPRELPND)
2002 FLAGS1(lmp) |= FL1_RT_DISPREL;
2003 if (dyn->d_un.d_val & DF_1_GROUP)
2004 FLAGS(lmp) |=
2005 (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
2006 if ((dyn->d_un.d_val & DF_1_NOW) &&
2007 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2008 MODE(lmp) |= RTLD_NOW;
2009 MODE(lmp) &= ~RTLD_LAZY;
2010 }
2011 if (dyn->d_un.d_val & DF_1_NODELETE)
2012 MODE(lmp) |= RTLD_NODELETE;
2013 if (dyn->d_un.d_val & DF_1_INITFIRST)
2014 FLAGS(lmp) |= FLG_RT_INITFRST;
2015 if (dyn->d_un.d_val & DF_1_NOOPEN)
2016 FLAGS(lmp) |= FLG_RT_NOOPEN;
2017 if (dyn->d_un.d_val & DF_1_LOADFLTR)
2018 FLAGS(lmp) |= FLG_RT_LOADFLTR;
2019 if (dyn->d_un.d_val & DF_1_NODUMP)
2020 FLAGS(lmp) |= FLG_RT_NODUMP;
2021 if (dyn->d_un.d_val & DF_1_CONFALT)
2022 crle = 1;
2023 if (dyn->d_un.d_val & DF_1_DIRECT)
2024 FLAGS1(lmp) |= FL1_RT_DIRECT;
2025 if (dyn->d_un.d_val & DF_1_NODEFLIB)
2026 FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2027 if (dyn->d_un.d_val & DF_1_ENDFILTEE)
2028 FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2029 if (dyn->d_un.d_val & DF_1_TRANS)
2030 FLAGS(lmp) |= FLG_RT_TRANS;
2031
2032 /*
2033 * Global auditing is only meaningful when
2034 * specified by the initiating object of the
2035 * process - typically the dynamic executable.
2036 * If this is the initiating object, its link-
2037 * map will not yet have been added to the
2038 * link-map list, and consequently the link-map
2039 * list is empty. (see setup()).
2040 */
2041 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) {
2042 if (lml_main.lm_head == NULL)
2043 FLAGS1(lmp) |= FL1_RT_GLOBAUD;
2044 else
2045 DBG_CALL(Dbg_audit_ignore(lmp));
2046 }
2047
2048 /*
2049 * If this object identifies itself as an
2050 * interposer, but relocation processing has
2051 * already started, then demote it. It's too
2052 * late to guarantee complete interposition.
2053 */
2054 /* BEGIN CSTYLED */
2055 if (dyn->d_un.d_val &
2056 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) {
2057 if (lml->lm_flags & LML_FLG_STARTREL) {
2058 DBG_CALL(Dbg_util_intoolate(lmp));
2059 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2060 (void) printf(
2061 MSG_INTL(MSG_LDD_REL_ERR2),
2062 NAME(lmp));
2063 } else if (dyn->d_un.d_val & DF_1_INTERPOSE)
2064 FLAGS(lmp) |= FLG_RT_OBJINTPO;
2065 else
2066 FLAGS(lmp) |= FLG_RT_SYMINTPO;
2067 }
2068 /* END CSTYLED */
2069 break;
2070 case DT_SYMINFO:
2071 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr +
2072 base);
2073 break;
2074 case DT_SYMINENT:
2075 SYMINENT(lmp) = dyn->d_un.d_val;
2076 break;
2077 case DT_PLTPAD:
2078 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base);
2079 break;
2080 case DT_PLTPADSZ:
2081 pltpadsz = dyn->d_un.d_val;
2082 break;
2083 case DT_SUNW_RTLDINF:
2084 /*
2085 * Maintain a list of RTLDINFO structures.
2086 * Typically, libc is the only supplier, and
2087 * only one structure is provided. However,
2088 * multiple suppliers and multiple structures
2089 * are supported. For example, one structure
2090 * may provide thread_init, and another
2091 * structure may provide atexit reservations.
2092 */
2093 if ((rti = alist_append(&lml->lm_rti, NULL,
2094 sizeof (Rti_desc),
2095 AL_CNT_RTLDINFO)) == NULL) {
2096 remove_so(0, lmp, clmp);
2097 return (NULL);
2098 }
2099 rti->rti_lmp = lmp;
2100 rti->rti_info = (void *)(dyn->d_un.d_ptr +
2101 base);
2102 break;
2103 case DT_SUNW_SORTENT:
2104 SUNWSORTENT(lmp) = dyn->d_un.d_val;
2105 break;
2106 case DT_SUNW_SYMSORT:
2107 SUNWSYMSORT(lmp) =
2108 (void *)(dyn->d_un.d_ptr + base);
2109 break;
2110 case DT_SUNW_SYMSORTSZ:
2111 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val;
2112 break;
2113 case DT_DEPRECATED_SPARC_REGISTER:
2114 case M_DT_REGISTER:
2115 dip->di_flags |= FLG_DI_REGISTER;
2116 FLAGS(lmp) |= FLG_RT_REGSYMS;
2117 break;
2118 case DT_SUNW_CAP:
2119 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base);
2120 break;
2121 case DT_SUNW_CAPINFO:
2122 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base);
2123 break;
2124 case DT_SUNW_CAPCHAIN:
2125 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr +
2126 base);
2127 break;
2128 case DT_SUNW_CAPCHAINENT:
2129 CAPCHAINENT(lmp) = dyn->d_un.d_val;
2130 break;
2131 case DT_SUNW_CAPCHAINSZ:
2132 CAPCHAINSZ(lmp) = dyn->d_un.d_val;
2133 break;
2134 }
2135 }
2136
2137 /*
2138 * Update any Dyninfo string pointers now that STRTAB() is
2139 * known.
2140 */
2141 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp);
2142 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
2143
2144 switch ((Xword)dyn->d_tag) {
2145 case DT_NEEDED:
2146 case DT_USED:
2147 case DT_FILTER:
2148 case DT_AUXILIARY:
2149 case DT_SUNW_FILTER:
2150 case DT_SUNW_AUXILIARY:
2151 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val;
2152 break;
2153 }
2154 }
2155
2156 /*
2157 * Assign any padding.
2158 */
2159 if (PLTPAD(lmp)) {
2160 if (pltpadsz == (Xword)0)
2161 PLTPAD(lmp) = NULL;
2162 else
2163 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2164 pltpadsz);
2165 }
2166 }
2167
2168 /*
2169 * A dynsym contains only global functions. We want to have
2170 * a version of it that also includes local functions, so that
2171 * dladdr() will be able to report names for local functions
2172 * when used to generate a stack trace for a stripped file.
2173 * This version of the dynsym is provided via DT_SUNW_SYMTAB.
2174 *
2175 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick
2176 * in order to avoid having to have two copies of the global
2177 * symbols held in DT_SYMTAB: The local symbols are placed in
2178 * a separate section than the globals in the dynsym, but the
2179 * linker conspires to put the data for these two sections adjacent
2180 * to each other. DT_SUNW_SYMTAB points at the top of the local
2181 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables.
2182 *
2183 * If the two sections are not adjacent, then something went wrong
2184 * at link time. We use ASSERT to kill the process if this is
2185 * a debug build. In a production build, we will silently ignore
2186 * the presence of the .ldynsym and proceed. We can detect this
2187 * situation by checking to see that DT_SYMTAB lies in
2188 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ.
2189 */
2190 if ((SUNWSYMTAB(lmp) != NULL) &&
2191 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) ||
2192 (((char *)SYMTAB(lmp) >=
2193 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) {
2194 ASSERT(0);
2195 SUNWSYMTAB(lmp) = NULL;
2196 SUNWSYMSZ(lmp) = 0;
2197 }
2198
2199 /*
2200 * If configuration file use hasn't been disabled, and a configuration
2201 * file hasn't already been set via an environment variable, see if any
2202 * application specific configuration file is specified. An LD_CONFIG
2203 * setting is used first, but if this image was generated via crle(1)
2204 * then a default configuration file is a fall-back.
2205 */
2206 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) {
2207 if (cfile)
2208 config->c_name = (const char *)(cfile +
2209 (char *)STRTAB(lmp));
2210 else if (crle)
2211 rtld_flags |= RT_FL_CONFAPP;
2212 }
2213
2214 if (rpath)
2215 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2216 if (fltr)
2217 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp));
2218
2219 /*
2220 * For Intel ABI compatibility. It's possible that a JMPREL can be
2221 * specified without any other relocations (e.g. a dynamic executable
2222 * normally only contains .plt relocations). If this is the case then
2223 * no REL, RELSZ or RELENT will have been created. For us to be able
2224 * to traverse the .plt relocations under LD_BIND_NOW we need to know
2225 * the RELENT for these relocations. Refer to elf_reloc() for more
2226 * details.
2227 */
2228 if (!RELENT(lmp) && JMPREL(lmp))
2229 RELENT(lmp) = sizeof (M_RELOC);
2230
2231 /*
2232 * Establish any per-object auditing. If we're establishing main's
2233 * link-map its too early to go searching for audit objects so just
2234 * hold the object name for later (see setup()).
2235 */
2236 if (audit) {
2237 char *cp = audit + (char *)STRTAB(lmp);
2238
2239 if (*cp) {
2240 if (((AUDITORS(lmp) =
2241 calloc(1, sizeof (Audit_desc))) == NULL) ||
2242 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) {
2243 remove_so(0, lmp, clmp);
2244 return (NULL);
2245 }
2246 if (lml_main.lm_head) {
2247 if (audit_setup(lmp, AUDITORS(lmp), 0,
2248 in_nfavl) == 0) {
2249 remove_so(0, lmp, clmp);
2250 return (NULL);
2251 }
2252 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags;
2253 lml->lm_flags |= LML_FLG_LOCAUDIT;
2254 }
2255 }
2256 }
2257
2258 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) {
2259 remove_so(0, lmp, clmp);
2260 return (NULL);
2261 }
2262
2263 /*
2264 * A capabilities section should be identified by a DT_SUNW_CAP entry,
2265 * and if non-empty object capabilities are included, a PT_SUNWCAP
2266 * header should reference the section. Make sure CAP() is set
2267 * regardless.
2268 */
2269 if ((CAP(lmp) == NULL) && cap)
2270 CAP(lmp) = cap;
2271
2272 /*
2273 * Make sure any capabilities information or chain can be handled.
2274 */
2275 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT))
2276 CAPINFO(lmp) = NULL;
2277 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT))
2278 CAPCHAIN(lmp) = NULL;
2279
2280 /*
2281 * As part of processing dependencies, a file descriptor is populated
2282 * with capabilities information following validation.
2283 */
2284 if (fdp->fd_flags & FLG_FD_ALTCHECK) {
2285 FLAGS1(lmp) |= FL1_RT_ALTCHECK;
2286 CAPSET(lmp) = fdp->fd_scapset;
2287
2288 if (fdp->fd_flags & FLG_FD_ALTCAP)
2289 FLAGS1(lmp) |= FL1_RT_ALTCAP;
2290
2291 } else if ((cap = CAP(lmp)) != NULL) {
2292 /*
2293 * Processing of the executable and ld.so.1 does not involve a
2294 * file descriptor as exec() did all the work, so capture the
2295 * capabilities for these cases.
2296 */
2297 while (cap->c_tag != CA_SUNW_NULL) {
2298 switch (cap->c_tag) {
2299 case CA_SUNW_HW_1:
2300 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val;
2301 break;
2302 case CA_SUNW_SF_1:
2303 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val;
2304 break;
2305 case CA_SUNW_HW_2:
2306 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val;
2307 break;
2308 case CA_SUNW_PLAT:
2309 CAPSET(lmp).sc_plat = STRTAB(lmp) +
2310 cap->c_un.c_ptr;
2311 break;
2312 case CA_SUNW_MACH:
2313 CAPSET(lmp).sc_mach = STRTAB(lmp) +
2314 cap->c_un.c_ptr;
2315 break;
2316 case CA_SUNW_HW_3:
2317 CAPSET(lmp).sc_hw_3 = cap->c_un.c_val;
2318 break;
2319 }
2320 cap++;
2321 }
2322 }
2323
2324 /*
2325 * If a capabilities chain table exists, duplicate it. The chain table
2326 * is inspected for each initial call to a capabilities family lead
2327 * symbol. From this chain, each family member is inspected to
2328 * determine the 'best' family member. The chain table is then updated
2329 * so that the best member is immediately selected for any further
2330 * family searches.
2331 */
2332 if (CAPCHAIN(lmp)) {
2333 Capchain *capchain;
2334
2335 if ((capchain = calloc(1, CAPCHAINSZ(lmp))) == NULL)
2336 return (NULL);
2337 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp));
2338 CAPCHAIN(lmp) = capchain;
2339 }
2340
2341 /*
2342 * Add the mapped object to the end of the link map list.
2343 */
2344 lm_append(lml, lmco, lmp);
2345
2346 /*
2347 * Start the system loading in the ELF information we'll be processing.
2348 */
2349 if (REL(lmp)) {
2350 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2351 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2352 MADV_WILLNEED);
2353 }
2354 return (lmp);
2355 }
2356
2357 /*
2358 * Build full pathname of shared object from given directory name and filename.
2359 */
2360 static char *
2361 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen)
2362 {
2363 static char pname[PATH_MAX];
2364
2365 (void) strncpy(pname, dir, dlen);
2366 pname[dlen++] = '/';
2367 (void) strncpy(&pname[dlen], file, flen + 1);
2368 return (pname);
2369 }
2370
2371 /*
2372 * The copy relocation is recorded in a copy structure which will be applied
2373 * after all other relocations are carried out. This provides for copying data
2374 * that must be relocated itself (ie. pointers in shared objects). This
2375 * structure also provides a means of binding RTLD_GROUP dependencies to any
2376 * copy relocations that have been taken from any group members.
2377 *
2378 * If the size of the .bss area available for the copy information is not the
2379 * same as the source of the data inform the user if we're under ldd(1) control
2380 * (this checking was only established in 5.3, so by only issuing an error via
2381 * ldd(1) we maintain the standard set by previous releases).
2382 */
2383 int
2384 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2385 Rt_map *dlmp, const void *dadd)
2386 {
2387 Rel_copy rc;
2388 Lm_list *lml = LIST(rlmp);
2389
2390 rc.r_name = name;
2391 rc.r_rsym = rsym; /* the new reference symbol and its */
2392 rc.r_rlmp = rlmp; /* associated link-map */
2393 rc.r_dlmp = dlmp; /* the defining link-map */
2394 rc.r_dsym = dsym; /* the original definition */
2395 rc.r_radd = radd;
2396 rc.r_dadd = dadd;
2397
2398 if (rsym->st_size > dsym->st_size)
2399 rc.r_size = (size_t)dsym->st_size;
2400 else
2401 rc.r_size = (size_t)rsym->st_size;
2402
2403 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy),
2404 AL_CNT_COPYREL) == NULL) {
2405 if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2406 return (0);
2407 else
2408 return (1);
2409 }
2410 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2411 if (aplist_append(©_S(rlmp), dlmp,
2412 AL_CNT_COPYREL) == NULL) {
2413 if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2414 return (0);
2415 else
2416 return (1);
2417 }
2418 FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2419 }
2420
2421 /*
2422 * If we are tracing (ldd), warn the user if
2423 * 1) the size from the reference symbol differs from the
2424 * copy definition. We can only copy as much data as the
2425 * reference (dynamic executables) entry allows.
2426 * 2) the copy definition has STV_PROTECTED visibility.
2427 */
2428 if (lml->lm_flags & LML_FLG_TRC_WARN) {
2429 if (rsym->st_size != dsym->st_size) {
2430 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2431 _conv_reloc_type(M_R_COPY), demangle(name),
2432 NAME(rlmp), EC_XWORD(rsym->st_size),
2433 NAME(dlmp), EC_XWORD(dsym->st_size));
2434 if (rsym->st_size > dsym->st_size)
2435 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2436 NAME(dlmp));
2437 else
2438 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2439 NAME(rlmp));
2440 }
2441
2442 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2443 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2444 _conv_reloc_type(M_R_COPY), demangle(name),
2445 NAME(dlmp));
2446 }
2447 }
2448
2449 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd,
2450 (Xword)rc.r_size));
2451 return (1);
2452 }
2453
2454 /*
2455 * Determine the symbol location of an address within a link-map. Look for
2456 * the nearest symbol (whose value is less than or equal to the required
2457 * address). This is the object specific part of dladdr().
2458 */
2459 static void
2460 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2461 {
2462 ulong_t ndx, cnt, base, _value;
2463 Sym *sym, *_sym = NULL;
2464 const char *str;
2465 int _flags;
2466 uint_t *dynaddr_ndx;
2467 uint_t dynaddr_n = 0;
2468 ulong_t value;
2469
2470 /*
2471 * If SUNWSYMTAB() is non-NULL, then it sees a special version of
2472 * the dynsym that starts with any local function symbols that exist in
2473 * the library and then moves to the data held in SYMTAB(). In this
2474 * case, SUNWSYMSZ tells us how long the symbol table is. The
2475 * availability of local function symbols will enhance the results
2476 * we can provide.
2477 *
2478 * If SUNWSYMTAB() is non-NULL, then there might also be a
2479 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains
2480 * an array of indices into SUNWSYMTAB, sorted by increasing
2481 * address. We can use this to do an O(log N) search instead of a
2482 * brute force search.
2483 *
2484 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that
2485 * contains only global symbols. In that case, the length of
2486 * the symbol table comes from the nchain field of the related
2487 * symbol lookup hash table.
2488 */
2489 str = STRTAB(lmp);
2490 if (SUNWSYMSZ(lmp) == 0) {
2491 sym = SYMTAB(lmp);
2492 /*
2493 * If we don't have a .hash table there are no symbols
2494 * to look at.
2495 */
2496 if (HASH(lmp) == NULL)
2497 return;
2498 cnt = HASH(lmp)[1];
2499 } else {
2500 sym = SUNWSYMTAB(lmp);
2501 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp);
2502 dynaddr_ndx = SUNWSYMSORT(lmp);
2503 if (dynaddr_ndx != NULL)
2504 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp);
2505 }
2506
2507 if (FLAGS(lmp) & FLG_RT_FIXED)
2508 base = 0;
2509 else
2510 base = ADDR(lmp);
2511
2512 if (dynaddr_n > 0) { /* Binary search */
2513 long low = 0, low_bnd;
2514 long high = dynaddr_n - 1, high_bnd;
2515 long mid;
2516 Sym *mid_sym;
2517
2518 /*
2519 * Note that SUNWSYMSORT only contains symbols types that
2520 * supply memory addresses, so there's no need to check and
2521 * filter out any other types.
2522 */
2523 low_bnd = low;
2524 high_bnd = high;
2525 while (low <= high) {
2526 mid = (low + high) / 2;
2527 mid_sym = &sym[dynaddr_ndx[mid]];
2528 value = mid_sym->st_value + base;
2529 if (addr < value) {
2530 if ((sym[dynaddr_ndx[high]].st_value + base) >=
2531 addr)
2532 high_bnd = high;
2533 high = mid - 1;
2534 } else if (addr > value) {
2535 if ((sym[dynaddr_ndx[low]].st_value + base) <=
2536 addr)
2537 low_bnd = low;
2538 low = mid + 1;
2539 } else {
2540 _sym = mid_sym;
2541 _value = value;
2542 break;
2543 }
2544 }
2545 /*
2546 * If the above didn't find it exactly, then we must
2547 * return the closest symbol with a value that doesn't
2548 * exceed the one we are looking for. If that symbol exists,
2549 * it will lie in the range bounded by low_bnd and
2550 * high_bnd. This is a linear search, but a short one.
2551 */
2552 if (_sym == NULL) {
2553 for (mid = low_bnd; mid <= high_bnd; mid++) {
2554 mid_sym = &sym[dynaddr_ndx[mid]];
2555 value = mid_sym->st_value + base;
2556 if (addr >= value) {
2557 _sym = mid_sym;
2558 _value = value;
2559 } else {
2560 break;
2561 }
2562 }
2563 }
2564 } else { /* Linear search */
2565 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2566 /*
2567 * Skip expected symbol types that are not functions
2568 * or data:
2569 * - A symbol table starts with an undefined symbol
2570 * in slot 0. If we are using SUNWSYMTAB(),
2571 * there will be a second undefined symbol
2572 * right before the globals.
2573 * - The local part of SUNWSYMTAB() contains a
2574 * series of function symbols. Each section
2575 * starts with an initial STT_FILE symbol.
2576 */
2577 if ((sym->st_shndx == SHN_UNDEF) ||
2578 (ELF_ST_TYPE(sym->st_info) == STT_FILE))
2579 continue;
2580
2581 value = sym->st_value + base;
2582 if (value > addr)
2583 continue;
2584 if (value < _value)
2585 continue;
2586
2587 _sym = sym;
2588 _value = value;
2589
2590 /*
2591 * Note, because we accept local and global symbols
2592 * we could find a section symbol that matches the
2593 * associated address, which means that the symbol
2594 * name will be null. In this case continue the
2595 * search in case we can find a global symbol of
2596 * the same value.
2597 */
2598 if ((value == addr) &&
2599 (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2600 break;
2601 }
2602 }
2603
2604 _flags = flags & RTLD_DL_MASK;
2605 if (_sym) {
2606 if (_flags == RTLD_DL_SYMENT)
2607 *info = (void *)_sym;
2608 else if (_flags == RTLD_DL_LINKMAP)
2609 *info = (void *)lmp;
2610
2611 dlip->dli_sname = str + _sym->st_name;
2612 dlip->dli_saddr = (void *)_value;
2613 } else {
2614 /*
2615 * addr lies between the beginning of the mapped segment and
2616 * the first global symbol. We have no symbol to return
2617 * and the caller requires one. We use _START_, the base
2618 * address of the mapping.
2619 */
2620
2621 if (_flags == RTLD_DL_SYMENT) {
2622 /*
2623 * An actual symbol struct is needed, so we
2624 * construct one for _START_. To do this in a
2625 * fully accurate way requires a different symbol
2626 * for each mapped segment. This requires the
2627 * use of dynamic memory and a mutex. That's too much
2628 * plumbing for a fringe case of limited importance.
2629 *
2630 * Fortunately, we can simplify:
2631 * - Only the st_size and st_info fields are useful
2632 * outside of the linker internals. The others
2633 * reference things that outside code cannot see,
2634 * and can be set to 0.
2635 * - It's just a label and there is no size
2636 * to report. So, the size should be 0.
2637 * This means that only st_info needs a non-zero
2638 * (constant) value. A static struct will suffice.
2639 * It must be const (readonly) so the caller can't
2640 * change its meaning for subsequent callers.
2641 */
2642 static const Sym fsym = { 0, 0, 0,
2643 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) };
2644 *info = (void *) &fsym;
2645 }
2646
2647 dlip->dli_sname = MSG_ORIG(MSG_SYM_START);
2648 dlip->dli_saddr = (void *) ADDR(lmp);
2649 }
2650 }
2651
2652 /*
2653 * This routine is called as a last fall-back to search for a symbol from a
2654 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing
2655 * the number of objects mapped, any symbol search is first carried out using
2656 * the objects that already exist in the process (either on a link-map list or
2657 * handle). If a symbol can't be found, and lazy dependencies are still
2658 * pending, this routine loads the dependencies in an attempt to locate the
2659 * symbol.
2660 */
2661 int
2662 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
2663 {
2664 static APlist *alist = NULL;
2665 Aliste idx1;
2666 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap;
2667 const char *name = slp->sl_name;
2668 Slookup sl1 = *slp;
2669 Lm_list *lml;
2670 Lm_cntl *lmc;
2671
2672 /*
2673 * It's quite possible we've been here before to process objects,
2674 * therefore reinitialize our dynamic list.
2675 */
2676 if (alist)
2677 aplist_reset(alist);
2678
2679 /*
2680 * Discard any relocation index from further symbol searches. This
2681 * index has already been used to trigger any necessary lazy-loads,
2682 * and it might be because one of these lazy loads has failed that
2683 * we're performing this fallback. By removing the relocation index
2684 * we don't try and perform the same failed lazy loading activity again.
2685 */
2686 sl1.sl_rsymndx = 0;
2687
2688 /*
2689 * Determine the callers link-map list so that we can monitor whether
2690 * new objects have been added.
2691 */
2692 lml = LIST(clmp);
2693 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp));
2694
2695 /*
2696 * Generate a local list of new objects to process. This list can grow
2697 * as each object supplies its own lazy dependencies.
2698 */
2699 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL)
2700 return (0);
2701
2702 for (APLIST_TRAVERSE(alist, idx1, lmp1)) {
2703 uint_t dynndx;
2704 Dyninfo *dip, *pdip;
2705
2706 /*
2707 * Loop through the lazy DT_NEEDED entries examining each object
2708 * for the required symbol. If the symbol is not found, the
2709 * object is in turn added to the local alist, so that the
2710 * objects lazy DT_NEEDED entries can be examined.
2711 */
2712 lmp = lmp1;
2713 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL;
2714 !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) {
2715 Grp_hdl *ghp;
2716 Grp_desc *gdp;
2717 Rt_map *nlmp, *llmp;
2718 Slookup sl2;
2719 Sresult sr;
2720 Aliste idx2;
2721
2722 if (((dip->di_flags & FLG_DI_LAZY) == 0) ||
2723 dip->di_info)
2724 continue;
2725
2726 /*
2727 * If this object has already failed to lazy load, and
2728 * we're still processing the same runtime linker
2729 * operation that produced the failure, don't bother
2730 * to try and load the object again.
2731 */
2732 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip &&
2733 (pdip->di_flags & FLG_DI_POSFLAG1)) {
2734 if (pdip->di_info == (void *)ld_entry_cnt)
2735 continue;
2736
2737 dip->di_flags &= ~FLG_DI_LAZYFAIL;
2738 pdip->di_info = NULL;
2739 }
2740
2741 /*
2742 * Determine the last link-map presently on the callers
2743 * link-map control list.
2744 */
2745 llmp = lmc->lc_tail;
2746
2747 /*
2748 * Try loading this lazy dependency. If the object
2749 * can't be loaded, consider this non-fatal and continue
2750 * the search. Lazy loaded dependencies need not exist
2751 * and their loading should only turn out to be fatal
2752 * if they are required to satisfy a relocation.
2753 *
2754 * A successful lazy load can mean one of two things:
2755 *
2756 * - new objects have been loaded, in which case the
2757 * objects will have been analyzed, relocated, and
2758 * finally moved to the callers control list.
2759 * - the objects are already loaded, and this lazy
2760 * load has simply associated the referenced object
2761 * with it's lazy dependencies.
2762 *
2763 * If new objects are loaded, look in these objects
2764 * first. Note, a new object can be the object being
2765 * referenced by this lazy load, however we can also
2766 * descend into multiple lazy loads as we relocate this
2767 * reference.
2768 *
2769 * If the symbol hasn't been found, use the referenced
2770 * objects handle, as it might have dependencies on
2771 * objects that are already loaded. Note that existing
2772 * objects might have already been searched and skipped
2773 * as non-available to this caller. However, a lazy
2774 * load might have caused the promotion of modes, or
2775 * added this object to the family of the caller. In
2776 * either case, the handle associated with the object
2777 * is then used to carry out the symbol search.
2778 */
2779 if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name,
2780 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL)
2781 continue;
2782
2783 if (NEXT_RT_MAP(llmp)) {
2784 /*
2785 * Look in any new objects.
2786 */
2787 sl1.sl_imap = NEXT_RT_MAP(llmp);
2788 sl1.sl_flags &= ~LKUP_STDRELOC;
2789
2790 /*
2791 * Initialize a local symbol result descriptor,
2792 * using the original symbol name.
2793 */
2794 SRESULT_INIT(sr, slp->sl_name);
2795
2796 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) {
2797 *srp = sr;
2798 return (1);
2799 }
2800 }
2801
2802 /*
2803 * Use the objects handle to inspect the family of
2804 * objects associated with the handle. Note, there's
2805 * a possibility of overlap with the above search,
2806 * should a lazy load bring in new objects and
2807 * reference existing objects.
2808 */
2809 sl2 = sl1;
2810 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) {
2811 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) &&
2812 (gdp->gd_flags & GPD_DLSYM)) {
2813
2814 sl2.sl_imap = gdp->gd_depend;
2815 sl2.sl_flags |= LKUP_FIRST;
2816
2817 /*
2818 * Initialize a local symbol result
2819 * descriptor, using the original
2820 * symbol name.
2821 */
2822 SRESULT_INIT(sr, slp->sl_name);
2823
2824 if (lookup_sym(&sl2, &sr, binfo,
2825 in_nfavl)) {
2826 *srp = sr;
2827 return (1);
2828 }
2829 }
2830 }
2831
2832 /*
2833 * Some dlsym() operations are already traversing a
2834 * link-map (dlopen(0)), and thus there's no need to
2835 * save them on the dynamic dependency list.
2836 */
2837 if (slp->sl_flags & LKUP_NODESCENT)
2838 continue;
2839
2840 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == 0)
2841 return (0);
2842 }
2843 }
2844
2845 return (0);
2846 }
2847
2848 /*
2849 * Warning message for bad r_offset.
2850 */
2851 void
2852 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
2853 ulong_t rsymndx)
2854 {
2855 const char *name = NULL;
2856 Lm_list *lml = LIST(lmp);
2857 int trace;
2858
2859 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
2860 (((rtld_flags & RT_FL_SILENCERR) == 0) ||
2861 (lml->lm_flags & LML_FLG_TRC_VERBOSE)))
2862 trace = 1;
2863 else
2864 trace = 0;
2865
2866 if ((trace == 0) && (DBG_ENABLED == 0))
2867 return;
2868
2869 if (rsymndx) {
2870 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) +
2871 (rsymndx * SYMENT(lmp)));
2872
2873 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
2874 name = (char *)(STRTAB(lmp) + symref->st_name);
2875 }
2876
2877 if (name == NULL)
2878 name = MSG_INTL(MSG_STR_UNKNOWN);
2879
2880 if (trace) {
2881 const char *rstr;
2882
2883 rstr = _conv_reloc_type((uint_t)rtype);
2884 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
2885 EC_ADDR(roffset));
2886 return;
2887 }
2888
2889 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name);
2890 }
2891
2892 /*
2893 * Resolve a static TLS relocation.
2894 */
2895 long
2896 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name,
2897 ulong_t roffset, long value)
2898 {
2899 Lm_list *lml = LIST(lmp);
2900
2901 /*
2902 * Relocations against a static TLS block have limited support once
2903 * process initialization has completed. Any error condition should be
2904 * discovered by testing for DF_STATIC_TLS as part of loading an object,
2905 * however individual relocations are tested in case the dynamic flag
2906 * had not been set when this object was built.
2907 */
2908 if (PTTLS(lmp) == NULL) {
2909 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2910 M_REL_SHT_TYPE, rel, NULL, 0, name));
2911 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2912 _conv_reloc_type((uint_t)rtype), NAME(lmp),
2913 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2914 return (0);
2915 }
2916
2917 /*
2918 * If no static TLS has been set aside for this object, determine if
2919 * any can be obtained. Enforce that any object using static TLS is
2920 * non-deletable.
2921 */
2922 if (TLSSTATOFF(lmp) == 0) {
2923 FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2924 MODE(lmp) |= RTLD_NODELETE;
2925
2926 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) {
2927 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2928 M_REL_SHT_TYPE, rel, NULL, 0, name));
2929 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2930 _conv_reloc_type((uint_t)rtype), NAME(lmp),
2931 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2932 return (0);
2933 }
2934 }
2935
2936 /*
2937 * Typically, a static TLS offset is maintained as a symbols value.
2938 * For local symbols that are not apart of the dynamic symbol table,
2939 * the TLS relocation points to a section symbol, and the static TLS
2940 * offset was deposited in the associated GOT table. Make sure the GOT
2941 * is cleared, so that the value isn't reused in do_reloc().
2942 */
2943 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) {
2944 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) {
2945 value = *(long *)roffset;
2946 *(long *)roffset = 0;
2947 } else {
2948 value = sym->st_value;
2949 }
2950 }
2951 return (-(TLSSTATOFF(lmp) - value));
2952 }
2953
2954 /*
2955 * If the symbol is not found and the reference was not to a weak symbol, report
2956 * an error. Weak references may be unresolved.
2957 */
2958 int
2959 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo)
2960 {
2961 Lm_list *lml = LIST(lmp);
2962
2963 /*
2964 * Under crle(1), relocation failures are ignored.
2965 */
2966 if (lml->lm_flags & LML_FLG_IGNRELERR)
2967 return (1);
2968
2969 /*
2970 * Under ldd(1), unresolved references are reported. However, if the
2971 * original reference is EXTERN or PARENT these references are ignored
2972 * unless ldd's -p option is in effect.
2973 */
2974 if (lml->lm_flags & LML_FLG_TRC_WARN) {
2975 if (((binfo & DBG_BINFO_REF_MSK) == 0) ||
2976 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) {
2977 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND),
2978 demangle(name), NAME(lmp));
2979 }
2980 return (1);
2981 }
2982
2983 /*
2984 * Otherwise, the unresolved references is fatal.
2985 */
2986 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel,
2987 NULL, 0, name));
2988 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp),
2989 demangle(name));
2990
2991 return (0);
2992 }
2993