1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. 27 */ 28 /* 29 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 30 * Copyright 2022 Oxide Computer Company 31 */ 32 33 /* 34 * Object file dependent support for ELF objects. 35 */ 36 37 #include <stdio.h> 38 #include <sys/procfs.h> 39 #include <sys/mman.h> 40 #include <sys/debug.h> 41 #include <string.h> 42 #include <limits.h> 43 #include <dlfcn.h> 44 #include <debug.h> 45 #include <conv.h> 46 #include "_rtld.h" 47 #include "_audit.h" 48 #include "_elf.h" 49 #include "_inline_gen.h" 50 #include "_inline_reloc.h" 51 #include "msg.h" 52 53 /* 54 * Default and secure dependency search paths. 55 */ 56 static Spath_defn _elf_def_dirs[] = { 57 #if defined(_ELF64) 58 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 59 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 60 #else 61 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 62 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 63 #endif 64 { 0, 0 } 65 }; 66 67 static Spath_defn _elf_sec_dirs[] = { 68 #if defined(_ELF64) 69 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 70 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 71 #else 72 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 73 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 74 #endif 75 { 0, 0 } 76 }; 77 78 Alist *elf_def_dirs = NULL; 79 Alist *elf_sec_dirs = NULL; 80 81 /* 82 * Defines for local functions. 83 */ 84 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 85 static Addr elf_entry_point(void); 86 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 87 static Alist **elf_get_def_dirs(void); 88 static Alist **elf_get_sec_dirs(void); 89 static char *elf_get_so(const char *, const char *, size_t, size_t); 90 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 91 92 /* 93 * Functions and data accessed through indirect pointers. 94 */ 95 Fct elf_fct = { 96 elf_verify, 97 elf_new_lmp, 98 elf_entry_point, 99 elf_needed, 100 lookup_sym, 101 elf_reloc, 102 elf_get_def_dirs, 103 elf_get_sec_dirs, 104 elf_fix_name, 105 elf_get_so, 106 elf_dladdr, 107 dlsym_handle 108 }; 109 110 /* 111 * Default and secure dependency search paths. 112 */ 113 static Alist ** 114 elf_get_def_dirs() 115 { 116 if (elf_def_dirs == NULL) 117 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 118 return (&elf_def_dirs); 119 } 120 121 static Alist ** 122 elf_get_sec_dirs() 123 { 124 if (elf_sec_dirs == NULL) 125 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 126 return (&elf_sec_dirs); 127 } 128 129 /* 130 * For ELF objects we only need perform path expansion. Latent support for 131 * other objects may require further work 132 */ 133 static int 134 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 135 uint_t orig) 136 { 137 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 138 } 139 140 /* 141 * Determine whether this object requires capabilities. 142 */ 143 inline static int 144 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 145 { 146 Phdr *phdr; 147 Cap *cap = NULL; 148 Dyn *dyn = NULL; 149 char *str = NULL; 150 Addr base; 151 uint_t cnt, dyncnt; 152 153 /* 154 * If this is a shared object, the base address of the shared object is 155 * added to all address values defined within the object. Otherwise, if 156 * this is an executable, all object addresses are used as is. 157 */ 158 if (ehdr->e_type == ET_EXEC) 159 base = 0; 160 else 161 base = (Addr)ehdr; 162 163 /* LINTED */ 164 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 165 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 166 if (phdr->p_type == PT_DYNAMIC) { 167 /* LINTED */ 168 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 169 dyncnt = phdr->p_filesz / sizeof (Dyn); 170 } else if (phdr->p_type == PT_SUNWCAP) { 171 /* LINTED */ 172 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 173 } 174 } 175 176 if (cap) { 177 /* 178 * From the .dynamic section, determine the associated string 179 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT 180 * processing. 181 */ 182 while (dyn && dyncnt) { 183 if (dyn->d_tag == DT_NULL) { 184 break; 185 } else if (dyn->d_tag == DT_STRTAB) { 186 str = (char *)(dyn->d_un.d_ptr + base); 187 break; 188 } 189 dyn++, dyncnt--; 190 } 191 } 192 193 /* 194 * Establish any alternative capabilities, and validate this object 195 * if it defines it's own capabilities information. 196 */ 197 return (cap_check_fdesc(fdp, cap, str, rej)); 198 } 199 200 /* 201 * Determine if we have been given an ELF file and if so determine if the file 202 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 203 * with associated error information. 204 */ 205 Fct * 206 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 207 Rej_desc *rej) 208 { 209 Ehdr *ehdr; 210 char *caddr = (char *)addr; 211 212 /* 213 * Determine if we're an elf file. If not simply return, we don't set 214 * any rejection information as this test allows use to scroll through 215 * the objects we support (ELF). 216 */ 217 if (size < sizeof (Ehdr) || 218 caddr[EI_MAG0] != ELFMAG0 || 219 caddr[EI_MAG1] != ELFMAG1 || 220 caddr[EI_MAG2] != ELFMAG2 || 221 caddr[EI_MAG3] != ELFMAG3) { 222 return (NULL); 223 } 224 225 /* 226 * Check class and encoding. 227 */ 228 /* LINTED */ 229 ehdr = (Ehdr *)addr; 230 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 231 rej->rej_type = SGS_REJ_CLASS; 232 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 233 return (NULL); 234 } 235 if (ehdr->e_ident[EI_DATA] != M_DATA) { 236 rej->rej_type = SGS_REJ_DATA; 237 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 238 return (NULL); 239 } 240 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 241 (ehdr->e_type != ET_DYN)) { 242 rej->rej_type = SGS_REJ_TYPE; 243 rej->rej_info = (uint_t)ehdr->e_type; 244 return (NULL); 245 } 246 247 /* 248 * Verify ELF version. 249 */ 250 if (ehdr->e_version > EV_CURRENT) { 251 rej->rej_type = SGS_REJ_VERSION; 252 rej->rej_info = (uint_t)ehdr->e_version; 253 return (NULL); 254 } 255 256 /* 257 * Verify machine specific flags. 258 */ 259 if (elf_mach_flags_check(rej, ehdr) == 0) 260 return (NULL); 261 262 /* 263 * Verify any capability requirements. Note, if this object is a shared 264 * object that is explicitly defined on the ldd(1) command line, and it 265 * contains an incompatible capabilities requirement, then inform the 266 * user, but continue processing. 267 */ 268 if (elf_cap_check(fdp, ehdr, rej) == 0) { 269 Rt_map *lmp = lml_main.lm_head; 270 271 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 272 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 273 /* LINTED */ 274 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name, 275 rej->rej_str); 276 return (&elf_fct); 277 } 278 return (NULL); 279 } 280 return (&elf_fct); 281 } 282 283 /* 284 * The runtime linker employs lazy loading to provide the libraries needed for 285 * debugging, preloading .o's and dldump(). As these are seldom used, the 286 * standard startup of ld.so.1 doesn't initialize all the information necessary 287 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 288 * is called we get here to perform these initializations: 289 * 290 * - elf_needed() is called to establish any ld.so.1 dependencies. These 291 * dependencies should all be lazy loaded, so this routine is typically a 292 * no-op. However, we call elf_needed() for completeness, in case any 293 * NEEDED initialization is required. 294 * 295 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These 296 * are by default skipped thus delaying all relative relocation processing 297 * on every invocation of ld.so.1. 298 */ 299 int 300 elf_rtld_load() 301 { 302 Lm_list *lml = &lml_rtld; 303 Rt_map *lmp = lml->lm_head; 304 305 if (lml->lm_flags & LML_FLG_PLTREL) 306 return (1); 307 308 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 309 return (0); 310 311 #if defined(__i386) 312 /* 313 * This is a kludge to give ld.so.1 a performance benefit on i386. 314 * It's based around two factors. 315 * 316 * - JMPSLOT relocations (PLT's) actually need a relative relocation 317 * applied to the GOT entry so that they can find PLT0. 318 * 319 * - ld.so.1 does not exercise *any* PLT's before it has made a call 320 * to elf_lazy_load(). This is because all dynamic dependencies 321 * are recorded as lazy dependencies. 322 */ 323 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 324 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 325 (ulong_t)ADDR(lmp), lmp, NULL, 0); 326 #endif 327 lml->lm_flags |= LML_FLG_PLTREL; 328 return (1); 329 } 330 331 /* 332 * Lazy load an object. 333 */ 334 Rt_map * 335 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 336 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 337 { 338 Alist *palp = NULL; 339 Rt_map *nlmp; 340 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 341 const char *name; 342 Lm_list *lml = LIST(clmp); 343 Aliste lmco; 344 345 /* 346 * If this dependency should be ignored, or has already been processed, 347 * we're done. 348 */ 349 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 350 (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE))) 351 return (nlmp); 352 353 /* 354 * If we're running under ldd(1), indicate that this dependency has been 355 * processed (see test above). It doesn't matter whether the object is 356 * successfully loaded or not, this flag simply ensures that we don't 357 * repeatedly attempt to load an object that has already failed to load. 358 * To do so would create multiple failure diagnostics for the same 359 * object under ldd(1). 360 */ 361 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 362 dip->di_flags |= FLG_DI_LDD_DONE; 363 364 /* 365 * Determine the initial dependency name. 366 */ 367 name = dip->di_name; 368 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 369 370 /* 371 * If this object needs to establish its own group, make sure a handle 372 * is created. 373 */ 374 if (dip->di_flags & FLG_DI_GROUP) 375 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 376 377 /* 378 * Lazy dependencies are identified as DT_NEEDED entries with a 379 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 380 * dynamic information element that corresponds to the DT_POSFLAG_1 381 * entry is free, and thus used to store the present entrance 382 * identifier. This identifier is used to prevent multiple attempts to 383 * load a failed lazy loadable dependency within the same runtime linker 384 * operation. However, future attempts to reload this dependency are 385 * still possible. 386 */ 387 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 388 pdip->di_info = (void *)slp->sl_id; 389 390 /* 391 * Expand the requested name if necessary. 392 */ 393 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 394 return (NULL); 395 396 /* 397 * Establish a link-map control list for this request. 398 */ 399 if ((lmco = create_cntl(lml, 0)) == 0) { 400 remove_alist(&palp, 1); 401 return (NULL); 402 } 403 404 /* 405 * Load the associated object. 406 */ 407 dip->di_info = nlmp = 408 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl); 409 410 /* 411 * Remove any expanded pathname infrastructure. Reduce the pending lazy 412 * dependency count of the caller, together with the link-map lists 413 * count of objects that still have lazy dependencies pending. 414 */ 415 remove_alist(&palp, 1); 416 if (--LAZY(clmp) == 0) 417 LIST(clmp)->lm_lazy--; 418 419 /* 420 * Finish processing the objects associated with this request, and 421 * create an association between the caller and this dependency. 422 */ 423 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 424 ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) || 425 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 426 dip->di_info = nlmp = NULL; 427 428 /* 429 * If this lazyload has failed, and we've created a new link-map 430 * control list to which this request has added objects, then remove 431 * all the objects that have been associated to this request. 432 */ 433 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 434 remove_lmc(lml, clmp, lmco, name); 435 436 /* 437 * Remove any temporary link-map control list. 438 */ 439 if (lmco != ALIST_OFF_DATA) 440 remove_cntl(lml, lmco); 441 442 /* 443 * If this lazy loading failed, record the fact, and bump the lazy 444 * counts. 445 */ 446 if (nlmp == NULL) { 447 dip->di_flags |= FLG_DI_LAZYFAIL; 448 if (LAZY(clmp)++ == 0) 449 LIST(clmp)->lm_lazy++; 450 } 451 452 return (nlmp); 453 } 454 455 /* 456 * Return the entry point of the ELF executable. 457 */ 458 static Addr 459 elf_entry_point(void) 460 { 461 Rt_map *lmp = lml_main.lm_head; 462 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 463 Addr addr = (Addr)(ehdr->e_entry); 464 465 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 466 addr += ADDR(lmp); 467 468 return (addr); 469 } 470 471 /* 472 * Determine if a dependency requires a particular version and if so verify 473 * that the version exists in the dependency. 474 */ 475 int 476 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 477 { 478 Verneed *vnd = VERNEED(clmp); 479 int _num, num = VERNEEDNUM(clmp); 480 char *cstrs = (char *)STRTAB(clmp); 481 Lm_list *lml = LIST(clmp); 482 483 /* 484 * Traverse the callers version needed information and determine if any 485 * specific versions are required from the dependency. 486 */ 487 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 488 for (_num = 1; _num <= num; _num++, 489 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 490 Half cnt = vnd->vn_cnt; 491 Vernaux *vnap; 492 char *nstrs, *need; 493 494 /* 495 * Determine if a needed entry matches this dependency. 496 */ 497 need = (char *)(cstrs + vnd->vn_file); 498 if (strcmp(name, need) != 0) 499 continue; 500 501 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 502 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 503 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 504 505 /* 506 * Validate that each version required actually exists in the 507 * dependency. 508 */ 509 nstrs = (char *)STRTAB(nlmp); 510 511 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 512 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 513 char *version, *define; 514 Verdef *vdf = VERDEF(nlmp); 515 ulong_t _num, num = VERDEFNUM(nlmp); 516 int found = 0; 517 518 /* 519 * Skip validation of versions that are marked 520 * INFO. This optimization is used for versions 521 * that are inherited by another version. Verification 522 * of the inheriting version is sufficient. 523 * 524 * Such versions are recorded in the object for the 525 * benefit of VERSYM entries that refer to them. This 526 * provides a purely diagnostic benefit. 527 */ 528 if (vnap->vna_flags & VER_FLG_INFO) 529 continue; 530 531 version = (char *)(cstrs + vnap->vna_name); 532 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 533 534 for (_num = 1; _num <= num; _num++, 535 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 536 Verdaux *vdap; 537 538 if (vnap->vna_hash != vdf->vd_hash) 539 continue; 540 541 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 542 define = (char *)(nstrs + vdap->vda_name); 543 if (strcmp(version, define) != 0) 544 continue; 545 546 found++; 547 break; 548 } 549 550 /* 551 * If we're being traced print out any matched version 552 * when the verbose (-v) option is in effect. Always 553 * print any unmatched versions. 554 */ 555 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 556 /* BEGIN CSTYLED */ 557 if (found) { 558 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 559 continue; 560 561 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 562 need, version, NAME(nlmp)); 563 } else { 564 if (rtld_flags & RT_FL_SILENCERR) 565 continue; 566 567 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 568 need, version); 569 } 570 /* END CSTYLED */ 571 continue; 572 } 573 574 /* 575 * If the version hasn't been found then this is a 576 * candidate for a fatal error condition. Weak 577 * version definition requirements are silently 578 * ignored. Also, if the image inspected for a version 579 * definition has no versioning recorded at all then 580 * silently ignore this (this provides better backward 581 * compatibility to old images created prior to 582 * versioning being available). Both of these skipped 583 * diagnostics are available under tracing (see above). 584 */ 585 if ((found == 0) && (num != 0) && 586 (!(vnap->vna_flags & VER_FLG_WEAK))) { 587 eprintf(lml, ERR_FATAL, 588 MSG_INTL(MSG_VER_NFOUND), need, version, 589 NAME(clmp)); 590 return (0); 591 } 592 } 593 } 594 DBG_CALL(Dbg_ver_need_done(lml)); 595 return (1); 596 } 597 598 /* 599 * Search through the dynamic section for DT_NEEDED entries and perform one 600 * of two functions. If only the first argument is specified then load the 601 * defined shared object, otherwise add the link map representing the defined 602 * link map the the dlopen list. 603 */ 604 static int 605 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 606 { 607 Alist *palp = NULL; 608 Dyn *dyn; 609 Dyninfo *dip; 610 Word lmflags = lml->lm_flags; 611 612 /* 613 * A DYNINFO() structure is created during link-map generation that 614 * parallels the DYN() information, and defines any flags that 615 * influence a dependencies loading. 616 */ 617 for (dyn = DYN(clmp), dip = DYNINFO(clmp); 618 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 619 uint_t flags = 0, silent = 0; 620 const char *name = dip->di_name; 621 Rt_map *nlmp = NULL; 622 623 if ((dip->di_flags & FLG_DI_NEEDED) == 0) 624 continue; 625 626 /* 627 * Skip any deferred dependencies, unless ldd(1) has forced 628 * their processing. By default, deferred dependencies are 629 * only processed when an explicit binding to an individual 630 * deferred reference is made. 631 */ 632 if ((dip->di_flags & FLG_DI_DEFERRED) && 633 ((rtld_flags & RT_FL_DEFERRED) == 0)) 634 continue; 635 636 /* 637 * NOTE, libc.so.1 can't be lazy loaded. Although a lazy 638 * position flag won't be produced when a RTLDINFO .dynamic 639 * entry is found (introduced with the UPM in Solaris 10), it 640 * was possible to mark libc for lazy loading on previous 641 * releases. To reduce the overhead of testing for this 642 * occurrence, only carry out this check for the first object 643 * on the link-map list (there aren't many applications built 644 * without libc). 645 */ 646 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) && 647 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 648 dip->di_flags &= ~FLG_DI_LAZY; 649 650 /* 651 * Don't bring in lazy loaded objects yet unless we've been 652 * asked to attempt to load all available objects (crle(1) sets 653 * LD_FLAGS=loadavail). Even under RTLD_NOW we don't process 654 * this - RTLD_NOW will cause relocation processing which in 655 * turn might trigger lazy loading, but its possible that the 656 * object has a lazy loaded file with no bindings (i.e., it 657 * should never have been a dependency in the first place). 658 */ 659 if (dip->di_flags & FLG_DI_LAZY) { 660 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 661 LAZY(clmp)++; 662 continue; 663 } 664 665 /* 666 * Silence any error messages - see description under 667 * elf_lookup_filtee(). 668 */ 669 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 670 rtld_flags |= RT_FL_SILENCERR; 671 silent = 1; 672 } 673 } 674 675 DBG_CALL(Dbg_file_needed(clmp, name)); 676 677 /* 678 * If we're running under ldd(1), indicate that this dependency 679 * has been processed. It doesn't matter whether the object is 680 * successfully loaded or not, this flag simply ensures that we 681 * don't repeatedly attempt to load an object that has already 682 * failed to load. To do so would create multiple failure 683 * diagnostics for the same object under ldd(1). 684 */ 685 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 686 dip->di_flags |= FLG_DI_LDD_DONE; 687 688 /* 689 * Identify any group permission requirements. 690 */ 691 if (dip->di_flags & FLG_DI_GROUP) 692 flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 693 694 /* 695 * Establish the objects name, load it and establish a binding 696 * with the caller. 697 */ 698 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 699 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 700 flags, 0, in_nfavl)) == NULL) || 701 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 702 nlmp = NULL; 703 704 /* 705 * Clean up any infrastructure, including the removal of the 706 * error suppression state, if it had been previously set in 707 * this routine. 708 */ 709 remove_alist(&palp, 0); 710 711 if (silent) 712 rtld_flags &= ~RT_FL_SILENCERR; 713 714 if ((dip->di_info = (void *)nlmp) == NULL) { 715 /* 716 * If the object could not be mapped, continue if error 717 * suppression is established or we're here with ldd(1). 718 */ 719 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 720 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 721 continue; 722 else { 723 remove_alist(&palp, 1); 724 return (0); 725 } 726 } 727 } 728 729 if (LAZY(clmp)) 730 lml->lm_lazy++; 731 732 remove_alist(&palp, 1); 733 return (1); 734 } 735 736 /* 737 * A null symbol interpretor. Used if a filter has no associated filtees. 738 */ 739 /* ARGSUSED0 */ 740 static int 741 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 742 { 743 return (0); 744 } 745 746 /* 747 * Disable filtee use. 748 */ 749 static void 750 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 751 { 752 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 753 /* 754 * If this is an object filter, null out the reference name. 755 */ 756 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 757 REFNAME(lmp) = NULL; 758 OBJFLTRNDX(lmp) = FLTR_DISABLED; 759 760 /* 761 * Indicate that this filtee is no longer available. 762 */ 763 if (dip->di_flags & FLG_DI_STDFLTR) 764 SYMINTP(lmp) = elf_null_find_sym; 765 766 } 767 } else if (dip->di_flags & FLG_DI_STDFLTR) { 768 /* 769 * Indicate that this standard filtee is no longer available. 770 */ 771 if (SYMSFLTRCNT(lmp)) 772 SYMSFLTRCNT(lmp)--; 773 } else { 774 /* 775 * Indicate that this auxiliary filtee is no longer available. 776 */ 777 if (SYMAFLTRCNT(lmp)) 778 SYMAFLTRCNT(lmp)--; 779 } 780 dip->di_flags &= ~MSK_DI_FILTER; 781 } 782 783 /* 784 * Find symbol interpreter - filters. 785 * This function is called when the symbols from a shared object should 786 * be resolved from the shared objects filtees instead of from within itself. 787 * 788 * A symbol name of 0 is used to trigger filtee loading. 789 */ 790 static int 791 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 792 int *in_nfavl) 793 { 794 const char *name = slp->sl_name, *filtees; 795 Rt_map *clmp = slp->sl_cmap; 796 Rt_map *ilmp = slp->sl_imap; 797 Pdesc *pdp; 798 int any; 799 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 800 Lm_list *lml = LIST(ilmp); 801 Aliste idx; 802 803 /* 804 * Indicate that the filter has been used. If a binding already exists 805 * to the caller, indicate that this object is referenced. This insures 806 * we don't generate false unreferenced diagnostics from ldd -u/U or 807 * debugging. Don't create a binding regardless, as this filter may 808 * have been dlopen()'ed. 809 */ 810 if (name && (ilmp != clmp)) { 811 Word tracing = (LIST(clmp)->lm_flags & 812 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 813 814 if (tracing || DBG_ENABLED) { 815 Bnd_desc *bdp; 816 Aliste idx; 817 818 FLAGS1(ilmp) |= FL1_RT_USED; 819 820 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 821 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 822 if (bdp->b_caller == clmp) { 823 bdp->b_flags |= BND_REFER; 824 break; 825 } 826 } 827 } 828 } 829 } 830 831 /* 832 * If this is the first call to process this filter, establish the 833 * filtee list. If a configuration file exists, determine if any 834 * filtee associations for this filter, and its filtee reference, are 835 * defined. Otherwise, process the filtee reference. Any token 836 * expansion is also completed at this point (i.e., $PLATFORM). 837 */ 838 filtees = dip->di_name; 839 if (dip->di_info == NULL) { 840 if (rtld_flags2 & RT_FL2_FLTCFG) { 841 elf_config_flt(lml, PATHNAME(ilmp), filtees, 842 (Alist **)&dip->di_info, AL_CNT_FILTEES); 843 } 844 if (dip->di_info == NULL) { 845 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 846 if ((lml->lm_flags & 847 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 848 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 849 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 850 NAME(ilmp), filtees); 851 852 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 853 AL_CNT_FILTEES, 0, 0) == 0) { 854 elf_disable_filtee(ilmp, dip); 855 return (0); 856 } 857 } 858 } 859 860 /* 861 * Traverse the filtee list, dlopen()'ing any objects specified and 862 * using their group handle to lookup the symbol. 863 */ 864 any = 0; 865 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 866 int mode; 867 Grp_hdl *ghp; 868 Rt_map *nlmp = NULL; 869 870 if (pdp->pd_plen == 0) 871 continue; 872 873 /* 874 * Establish the mode of the filtee from the filter. As filtees 875 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 876 * and the filtees aren't global. It would be nice to have 877 * RTLD_FIRST used here also, but as filters got out long before 878 * RTLD_FIRST was introduced it's a little too late now. 879 */ 880 mode = MODE(ilmp) | RTLD_GROUP; 881 mode &= ~RTLD_GLOBAL; 882 883 /* 884 * Insure that any auxiliary filter can locate symbols from its 885 * caller. 886 */ 887 if (dip->di_flags & FLG_DI_AUXFLTR) 888 mode |= RTLD_PARENT; 889 890 /* 891 * Process any capability directory. Establish a new link-map 892 * control list from which to analyze any newly added objects. 893 */ 894 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) { 895 const char *dir = pdp->pd_pname; 896 Aliste lmco; 897 898 /* 899 * Establish a link-map control list for this request. 900 */ 901 if ((lmco = create_cntl(lml, 0)) == 0) 902 return (0); 903 904 /* 905 * Determine the capability filtees. If none can be 906 * found, provide suitable diagnostics. 907 */ 908 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp)); 909 if (cap_filtees((Alist **)&dip->di_info, idx, dir, 910 lmco, ilmp, clmp, filtees, mode, 911 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) { 912 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 913 (dip->di_flags & FLG_DI_AUXFLTR) && 914 (rtld_flags & RT_FL_WARNFLTR)) { 915 (void) printf( 916 MSG_INTL(MSG_LDD_CAP_NFOUND), dir); 917 } 918 DBG_CALL(Dbg_cap_filter(lml, dir, 0)); 919 } 920 921 /* 922 * Re-establish the originating path name descriptor, 923 * as the expansion of capabilities filtees may have 924 * re-allocated the controlling Alist. Mark this 925 * original pathname descriptor as unused so that the 926 * descriptor isn't revisited for processing. Any real 927 * capabilities filtees have been added as new pathname 928 * descriptors following this descriptor. 929 */ 930 pdp = alist_item((Alist *)dip->di_info, idx); 931 pdp->pd_flags &= ~PD_TKN_CAP; 932 pdp->pd_plen = 0; 933 934 /* 935 * Now that any capability objects have been processed, 936 * remove any temporary link-map control list. 937 */ 938 if (lmco != ALIST_OFF_DATA) 939 remove_cntl(lml, lmco); 940 } 941 942 if (pdp->pd_plen == 0) 943 continue; 944 945 /* 946 * Process an individual filtee. 947 */ 948 if (pdp->pd_info == NULL) { 949 const char *filtee = pdp->pd_pname; 950 int audit = 0; 951 952 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 953 954 ghp = NULL; 955 956 /* 957 * Determine if the reference link map is already 958 * loaded. As an optimization compare the filtee with 959 * our interpretor. The most common filter is 960 * libdl.so.1, which is a filter on ld.so.1. 961 */ 962 #if defined(_ELF64) 963 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 964 #else 965 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 966 #endif 967 uint_t hflags, rdflags, cdflags; 968 969 /* 970 * Establish any flags for the handle (Grp_hdl). 971 * 972 * - This is a special, public, ld.so.1 973 * handle. 974 * - Only the first object on this handle 975 * can supply symbols. 976 * - This handle provides a filtee. 977 * 978 * Essentially, this handle allows a caller to 979 * reference the dl*() family of interfaces from 980 * ld.so.1. 981 */ 982 hflags = (GPH_PUBLIC | GPH_LDSO | 983 GPH_FIRST | GPH_FILTEE); 984 985 /* 986 * Establish the flags for the referenced 987 * dependency descriptor (Grp_desc). 988 * 989 * - ld.so.1 is available for dlsym(). 990 * - ld.so.1 is available to relocate 991 * against. 992 * - There's no need to add an dependencies 993 * to this handle. 994 */ 995 rdflags = (GPD_DLSYM | GPD_RELOC); 996 997 /* 998 * Establish the flags for this callers 999 * dependency descriptor (Grp_desc). 1000 * 1001 * - The explicit creation of a handle 1002 * creates a descriptor for the referenced 1003 * object and the parent (caller). 1004 */ 1005 cdflags = GPD_PARENT; 1006 1007 nlmp = lml_rtld.lm_head; 1008 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1009 hflags, rdflags, cdflags)) == NULL) 1010 nlmp = NULL; 1011 1012 /* 1013 * Establish the filter handle to prevent any 1014 * recursion. 1015 */ 1016 if (nlmp && ghp) 1017 pdp->pd_info = (void *)ghp; 1018 1019 /* 1020 * Audit the filter/filtee established. Ignore 1021 * any return from the auditor, as we can't 1022 * allow ignore filtering to ld.so.1, otherwise 1023 * nothing is going to work. 1024 */ 1025 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1026 LML_TFLG_AUD_OBJFILTER)) 1027 (void) audit_objfilter(ilmp, filtees, 1028 nlmp, 0); 1029 1030 } else { 1031 Rej_desc rej = { 0 }; 1032 Fdesc fd = { 0 }; 1033 Aliste lmco; 1034 1035 /* 1036 * Trace the inspection of this file, determine 1037 * any auditor substitution, and seed the file 1038 * descriptor with the originating name. 1039 */ 1040 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1041 continue; 1042 1043 /* 1044 * Establish a link-map control list for this 1045 * request. 1046 */ 1047 if ((lmco = create_cntl(lml, 0)) == 0) 1048 return (0); 1049 1050 /* 1051 * Locate and load the filtee. 1052 */ 1053 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1054 FLG_RT_PUBHDL, &ghp, &fd, &rej, 1055 in_nfavl)) == NULL) 1056 file_notfound(LIST(ilmp), filtee, ilmp, 1057 FLG_RT_PUBHDL, &rej); 1058 1059 filtee = pdp->pd_pname; 1060 1061 /* 1062 * Establish the filter handle to prevent any 1063 * recursion. 1064 */ 1065 if (nlmp && ghp) { 1066 ghp->gh_flags |= GPH_FILTEE; 1067 pdp->pd_info = (void *)ghp; 1068 1069 FLAGS1(nlmp) |= FL1_RT_USED; 1070 } 1071 1072 /* 1073 * Audit the filter/filtee established. A 1074 * return of 0 indicates the auditor wishes to 1075 * ignore this filtee. 1076 */ 1077 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1078 LML_TFLG_AUD_OBJFILTER)) { 1079 if (audit_objfilter(ilmp, filtees, 1080 nlmp, 0) == 0) { 1081 audit = 1; 1082 nlmp = NULL; 1083 } 1084 } 1085 1086 /* 1087 * Finish processing the objects associated with 1088 * this request. Create an association between 1089 * this object and the originating filter to 1090 * provide sufficient information to tear down 1091 * this filtee if necessary. 1092 */ 1093 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1094 lmco, nlmp, clmp, in_nfavl)) == NULL) || 1095 (relocate_lmc(lml, lmco, ilmp, nlmp, 1096 in_nfavl) == 0))) 1097 nlmp = NULL; 1098 1099 /* 1100 * If the filtee has been successfully 1101 * processed, then create an association 1102 * between the filter and filtee. This 1103 * association provides sufficient information 1104 * to tear down the filter and filtee if 1105 * necessary. 1106 */ 1107 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1108 if (nlmp && ghp && (hdl_add(ghp, ilmp, 1109 GPD_FILTER, NULL) == NULL)) 1110 nlmp = NULL; 1111 1112 /* 1113 * Generate a diagnostic if the filtee couldn't 1114 * be loaded. 1115 */ 1116 if (nlmp == NULL) 1117 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1118 audit)); 1119 1120 /* 1121 * If this filtee loading has failed, and we've 1122 * created a new link-map control list to which 1123 * this request has added objects, then remove 1124 * all the objects that have been associated to 1125 * this request. 1126 */ 1127 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1128 remove_lmc(lml, clmp, lmco, name); 1129 1130 /* 1131 * Remove any temporary link-map control list. 1132 */ 1133 if (lmco != ALIST_OFF_DATA) 1134 remove_cntl(lml, lmco); 1135 } 1136 1137 /* 1138 * If the filtee couldn't be loaded, null out the 1139 * path name descriptor entry, and continue the search. 1140 * Otherwise, the group handle is retained for future 1141 * symbol searches. 1142 */ 1143 if (nlmp == NULL) { 1144 pdp->pd_info = NULL; 1145 pdp->pd_plen = 0; 1146 continue; 1147 } 1148 } 1149 1150 ghp = (Grp_hdl *)pdp->pd_info; 1151 1152 /* 1153 * If name is NULL, we're here to trigger filtee loading. 1154 * Skip the symbol lookup so that we'll continue looking for 1155 * additional filtees. 1156 */ 1157 if (name) { 1158 Grp_desc *gdp; 1159 int ret = 0; 1160 Aliste idx; 1161 Slookup sl = *slp; 1162 1163 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM); 1164 any++; 1165 1166 /* 1167 * Look for the symbol in the handles dependencies. 1168 */ 1169 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1170 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1171 continue; 1172 1173 /* 1174 * If our parent is a dependency don't look at 1175 * it (otherwise we are in a recursive loop). 1176 * This situation can occur with auxiliary 1177 * filters if the filtee has a dependency on the 1178 * filter. This dependency isn't necessary as 1179 * auxiliary filters are opened RTLD_PARENT, but 1180 * users may still unknowingly add an explicit 1181 * dependency to the parent. 1182 */ 1183 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1184 continue; 1185 1186 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo, 1187 in_nfavl)) != 0) || 1188 (ghp->gh_flags & GPH_FIRST)) 1189 break; 1190 } 1191 1192 /* 1193 * If a symbol has been found, indicate the binding 1194 * and return the symbol. 1195 */ 1196 if (ret) { 1197 *binfo |= DBG_BINFO_FILTEE; 1198 return (1); 1199 } 1200 } 1201 1202 /* 1203 * If this object is tagged to terminate filtee processing we're 1204 * done. 1205 */ 1206 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1207 break; 1208 } 1209 1210 /* 1211 * If we're just here to trigger filtee loading then we're done. 1212 */ 1213 if (name == NULL) 1214 return (0); 1215 1216 /* 1217 * If no filtees have been found for a filter, clean up any path name 1218 * descriptors and disable their search completely. For auxiliary 1219 * filters we can reselect the symbol search function so that we never 1220 * enter this routine again for this object. For standard filters we 1221 * use the null symbol routine. 1222 */ 1223 if (any == 0) { 1224 remove_alist((Alist **)&(dip->di_info), 1); 1225 elf_disable_filtee(ilmp, dip); 1226 } 1227 1228 return (0); 1229 } 1230 1231 /* 1232 * Focal point for disabling error messages for auxiliary filters. As an 1233 * auxiliary filter allows for filtee use, but provides a fallback should a 1234 * filtee not exist (or fail to load), any errors generated as a consequence of 1235 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1236 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is 1237 * produced. ldd(1) employs printf(), and here the selection of whether to 1238 * print a diagnostic in regards to auxiliary filters is a little more complex. 1239 * 1240 * - The determination of whether to produce an ldd message, or a fatal 1241 * error message is driven by LML_FLG_TRC_ENABLE. 1242 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1243 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1244 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1245 * - If the calling object is lddstub, then several classes of message are 1246 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1247 * a stub executable employed to preload a user specified library against. 1248 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1249 * be suppressed. All detailed ldd messages should still be produced. 1250 */ 1251 int 1252 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 1253 int *in_nfavl) 1254 { 1255 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1256 int ret, silent = 0; 1257 1258 /* 1259 * Make sure this entry is still acting as a filter. We may have tried 1260 * to process this previously, and disabled it if the filtee couldn't 1261 * be processed. However, other entries may provide different filtees 1262 * that are yet to be completed. 1263 */ 1264 if (dip->di_flags == 0) 1265 return (0); 1266 1267 /* 1268 * Indicate whether an error message is required should this filtee not 1269 * be found, based on the type of filter. 1270 */ 1271 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1272 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1273 rtld_flags |= RT_FL_SILENCERR; 1274 silent = 1; 1275 } 1276 1277 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl); 1278 1279 if (silent) 1280 rtld_flags &= ~RT_FL_SILENCERR; 1281 1282 return (ret); 1283 } 1284 1285 /* 1286 * Compute the elf hash value (as defined in the ELF access library). 1287 * The form of the hash table is: 1288 * 1289 * |--------------| 1290 * | # of buckets | 1291 * |--------------| 1292 * | # of chains | 1293 * |--------------| 1294 * | bucket[] | 1295 * |--------------| 1296 * | chain[] | 1297 * |--------------| 1298 */ 1299 ulong_t 1300 elf_hash(const char *name) 1301 { 1302 uint_t hval = 0; 1303 1304 while (*name) { 1305 uint_t g; 1306 hval = (hval << 4) + *name++; 1307 if ((g = (hval & 0xf0000000)) != 0) 1308 hval ^= g >> 24; 1309 hval &= ~g; 1310 } 1311 return ((ulong_t)hval); 1312 } 1313 1314 /* 1315 * Look up a symbol. The callers lookup information is passed in the Slookup 1316 * structure, and any resultant binding information is returned in the Sresult 1317 * structure. 1318 */ 1319 int 1320 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 1321 { 1322 const char *name = slp->sl_name; 1323 Rt_map *ilmp = slp->sl_imap; 1324 ulong_t hash = slp->sl_hash; 1325 uint_t ndx, hashoff, buckets, *chainptr; 1326 Sym *sym, *symtabptr; 1327 char *strtabptr, *strtabname; 1328 uint_t flags1; 1329 Syminfo *sip; 1330 1331 /* 1332 * If we're only here to establish a symbols index, skip the diagnostic 1333 * used to trace a symbol search. 1334 */ 1335 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1336 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1337 1338 if (HASH(ilmp) == NULL) 1339 return (0); 1340 1341 buckets = HASH(ilmp)[0]; 1342 /* LINTED */ 1343 hashoff = ((uint_t)hash % buckets) + 2; 1344 1345 /* 1346 * Get the first symbol from the hash chain and initialize the string 1347 * and symbol table pointers. 1348 */ 1349 if ((ndx = HASH(ilmp)[hashoff]) == 0) 1350 return (0); 1351 1352 chainptr = HASH(ilmp) + 2 + buckets; 1353 strtabptr = STRTAB(ilmp); 1354 symtabptr = SYMTAB(ilmp); 1355 1356 while (ndx) { 1357 sym = symtabptr + ndx; 1358 strtabname = strtabptr + sym->st_name; 1359 1360 /* 1361 * Compare the symbol found with the name required. If the 1362 * names don't match continue with the next hash entry. 1363 */ 1364 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1365 hashoff = ndx + buckets + 2; 1366 if ((ndx = chainptr[ndx]) != 0) 1367 continue; 1368 return (0); 1369 } 1370 1371 /* 1372 * Symbols that are defined as hidden within an object usually 1373 * have any references from within the same object bound at 1374 * link-edit time, thus ld.so.1 is not involved. However, if 1375 * these are capabilities symbols, then references to them must 1376 * be resolved at runtime. A hidden symbol can only be bound 1377 * to by the object that defines the symbol. 1378 */ 1379 if ((sym->st_shndx != SHN_UNDEF) && 1380 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) && 1381 (slp->sl_cmap != ilmp)) 1382 return (0); 1383 1384 /* 1385 * The Solaris ld does not put DT_VERSYM in the dynamic 1386 * section, but the GNU ld does. The GNU runtime linker 1387 * interprets the top bit of the 16-bit Versym value 1388 * (0x8000) as the "hidden" bit. If this bit is set, 1389 * the linker is supposed to act as if that symbol does 1390 * not exist. The hidden bit supports their versioning 1391 * scheme, which allows multiple incompatible functions 1392 * with the same name to exist at different versions 1393 * within an object. The Solaris linker does not support this 1394 * mechanism, or the model of interface evolution that 1395 * it allows, but we honor the hidden bit in GNU ld 1396 * produced objects in order to interoperate with them. 1397 */ 1398 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) { 1399 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1400 ndx, VERSYM(ilmp)[ndx])); 1401 return (0); 1402 } 1403 1404 /* 1405 * If we're only here to establish a symbol's index, we're done. 1406 */ 1407 if (slp->sl_flags & LKUP_SYMNDX) { 1408 srp->sr_dmap = ilmp; 1409 srp->sr_sym = sym; 1410 return (1); 1411 } 1412 1413 /* 1414 * If we find a match and the symbol is defined, capture the 1415 * symbol pointer and the link map in which it was found. 1416 */ 1417 if (sym->st_shndx != SHN_UNDEF) { 1418 srp->sr_dmap = ilmp; 1419 srp->sr_sym = sym; 1420 *binfo |= DBG_BINFO_FOUND; 1421 1422 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1423 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1424 is_sym_interposer(ilmp, sym))) 1425 *binfo |= DBG_BINFO_INTERPOSE; 1426 break; 1427 1428 /* 1429 * If we find a match and the symbol is undefined, the 1430 * symbol type is a function, and the value of the symbol 1431 * is non zero, then this is a special case. This allows 1432 * the resolution of a function address to the plt[] entry. 1433 * See SPARC ABI, Dynamic Linking, Function Addresses for 1434 * more details. 1435 */ 1436 } else if ((slp->sl_flags & LKUP_SPEC) && 1437 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1438 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1439 srp->sr_dmap = ilmp; 1440 srp->sr_sym = sym; 1441 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1442 1443 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1444 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1445 is_sym_interposer(ilmp, sym))) 1446 *binfo |= DBG_BINFO_INTERPOSE; 1447 return (1); 1448 } 1449 1450 /* 1451 * Undefined symbol. 1452 */ 1453 return (0); 1454 } 1455 1456 /* 1457 * We've found a match. Determine if the defining object contains 1458 * symbol binding information. 1459 */ 1460 if ((sip = SYMINFO(ilmp)) != NULL) 1461 sip += ndx; 1462 1463 /* 1464 * If this definition is a singleton, and we haven't followed a default 1465 * symbol search knowing that we're looking for a singleton (presumably 1466 * because the symbol definition has been changed since the referring 1467 * object was built), then reject this binding so that the caller can 1468 * fall back to a standard symbol search. 1469 */ 1470 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1471 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1472 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1473 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1474 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1475 DBG_BNDREJ_SINGLE)); 1476 *binfo |= BINFO_REJSINGLE; 1477 *binfo &= ~DBG_BINFO_MSK; 1478 return (0); 1479 } 1480 1481 /* 1482 * If this is a direct binding request, but the symbol definition has 1483 * disabled directly binding to it (presumably because the symbol 1484 * definition has been changed since the referring object was built), 1485 * reject this binding so that the caller can fall back to a standard 1486 * symbol search. 1487 */ 1488 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1489 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1490 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1491 DBG_BNDREJ_DIRECT)); 1492 *binfo |= BINFO_REJDIRECT; 1493 *binfo &= ~DBG_BINFO_MSK; 1494 return (0); 1495 } 1496 1497 /* 1498 * If this is a binding request within an RTLD_GROUP family, and the 1499 * symbol has disabled directly binding to it, reject this binding so 1500 * that the caller can fall back to a standard symbol search. 1501 * 1502 * Effectively, an RTLD_GROUP family achieves what can now be 1503 * established with direct bindings. However, various symbols have 1504 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1505 * 1506 * A symbol marked as no-direct cannot be used within a group without 1507 * first ensuring that the symbol has not been interposed upon outside 1508 * of the group. A common example occurs when users implement their own 1509 * version of malloc() in the executable. Such a malloc() interposes on 1510 * the libc:malloc, and this interposition must be honored within the 1511 * group as well. 1512 * 1513 * Following any rejection, LKUP_WORLD is established as a means of 1514 * overriding this test as we return to a standard search. 1515 */ 1516 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1517 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1518 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1519 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1520 DBG_BNDREJ_GROUP)); 1521 *binfo |= BINFO_REJGROUP; 1522 *binfo &= ~DBG_BINFO_MSK; 1523 return (0); 1524 } 1525 1526 /* 1527 * If this symbol is associated with capabilities, then each of the 1528 * capabilities instances needs to be compared against the system 1529 * capabilities. The best instance will be chosen to satisfy this 1530 * binding. 1531 */ 1532 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) && 1533 (cap_match(srp, ndx, symtabptr, strtabptr) == 0)) 1534 return (0); 1535 1536 /* 1537 * Determine whether this object is acting as a filter. 1538 */ 1539 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1540 return (1); 1541 1542 /* 1543 * Determine if this object offers per-symbol filtering, and if so, 1544 * whether this symbol references a filtee. 1545 */ 1546 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1547 /* 1548 * If this is a standard filter reference, and no standard 1549 * filtees remain to be inspected, we're done. If this is an 1550 * auxiliary filter reference, and no auxiliary filtees remain, 1551 * we'll fall through in case any object filtering is available. 1552 */ 1553 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1554 (SYMSFLTRCNT(ilmp) == 0)) 1555 return (0); 1556 1557 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1558 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1559 SYMAFLTRCNT(ilmp))) { 1560 Sresult sr; 1561 1562 /* 1563 * Initialize a local symbol result descriptor, using 1564 * the original symbol name. 1565 */ 1566 SRESULT_INIT(sr, slp->sl_name); 1567 1568 /* 1569 * This symbol has an associated filtee. Lookup the 1570 * symbol in the filtee, and if it is found return it. 1571 * If the symbol doesn't exist, and this is a standard 1572 * filter, return an error, otherwise fall through to 1573 * catch any object filtering that may be available. 1574 */ 1575 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto, 1576 in_nfavl)) { 1577 *srp = sr; 1578 return (1); 1579 } 1580 if (sip->si_flags & SYMINFO_FLG_FILTER) 1581 return (0); 1582 } 1583 } 1584 1585 /* 1586 * Determine if this object provides global filtering. 1587 */ 1588 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1589 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1590 Sresult sr; 1591 1592 /* 1593 * Initialize a local symbol result descriptor, using 1594 * the original symbol name. 1595 */ 1596 SRESULT_INIT(sr, slp->sl_name); 1597 1598 /* 1599 * This object has an associated filtee. Lookup the 1600 * symbol in the filtee, and if it is found return it. 1601 * If the symbol doesn't exist, and this is a standard 1602 * filter, return and error, otherwise return the symbol 1603 * within the filter itself. 1604 */ 1605 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp), 1606 in_nfavl)) { 1607 *srp = sr; 1608 return (1); 1609 } 1610 } 1611 1612 if (flags1 & FL1_RT_OBJSFLTR) 1613 return (0); 1614 } 1615 return (1); 1616 } 1617 1618 /* 1619 * Create a new Rt_map structure for an ELF object and initialize 1620 * all values. 1621 */ 1622 Rt_map * 1623 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1624 void *odyn, Rt_map *clmp, int *in_nfavl) 1625 { 1626 const char *name = fdp->fd_nname; 1627 Rt_map *lmp; 1628 Ehdr *ehdr = (Ehdr *)addr; 1629 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1630 Dyn *dyn = (Dyn *)odyn; 1631 Cap *cap = NULL; 1632 int ndx; 1633 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1634 Xword rpath = 0; 1635 size_t lmsz, rtsz, epsz, dynsz = 0; 1636 uint_t dyncnt = 0; 1637 1638 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1639 1640 /* 1641 * If this is a shared object, the base address of the shared object is 1642 * added to all address values defined within the object. Otherwise, if 1643 * this is an executable, all object addresses are used as is. 1644 */ 1645 if (ehdr->e_type == ET_EXEC) 1646 base = 0; 1647 else 1648 base = addr; 1649 1650 /* 1651 * Traverse the program header table, picking off required items. This 1652 * traversal also provides for the sizing of the PT_DYNAMIC section. 1653 */ 1654 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1655 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1656 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1657 switch (phdr->p_type) { 1658 case PT_DYNAMIC: 1659 dphdr = phdr; 1660 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1661 break; 1662 case PT_TLS: 1663 tphdr = phdr; 1664 break; 1665 case PT_SUNWCAP: 1666 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1667 break; 1668 case PT_SUNW_UNWIND: 1669 case PT_SUNW_EH_FRAME: 1670 uphdr = phdr; 1671 break; 1672 default: 1673 break; 1674 } 1675 } 1676 1677 /* 1678 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1679 * allocation. Sadly, this is a little larger than we really need, 1680 * as there are typically padding DT_NULL entries. However, adding 1681 * this data to the initial link-map allocation is a win. 1682 */ 1683 if (dyn) { 1684 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1685 dynsz = dyncnt * sizeof (Dyninfo); 1686 } 1687 1688 /* 1689 * Allocate space for the link-map, private elf information, and 1690 * DYNINFO() data. Once these are allocated and initialized, 1691 * remove_so(0, lmp) can be used to tear down the link-map allocation 1692 * should any failures occur. 1693 */ 1694 rtsz = S_DROUND(sizeof (Rt_map)); 1695 epsz = S_DROUND(sizeof (Rt_elfp)); 1696 lmsz = rtsz + epsz + dynsz; 1697 if ((lmp = calloc(lmsz, 1)) == NULL) 1698 return (NULL); 1699 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1700 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1701 LMSIZE(lmp) = lmsz; 1702 1703 /* 1704 * All fields not filled in were set to 0 by calloc. 1705 */ 1706 NAME(lmp) = (char *)name; 1707 ADDR(lmp) = addr; 1708 MSIZE(lmp) = msize; 1709 SYMINTP(lmp) = elf_find_sym; 1710 FCT(lmp) = &elf_fct; 1711 LIST(lmp) = lml; 1712 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1713 SORTVAL(lmp) = -1; 1714 DYN(lmp) = dyn; 1715 DYNINFOCNT(lmp) = dyncnt; 1716 PTUNWIND(lmp) = uphdr; 1717 1718 if (ehdr->e_type == ET_EXEC) 1719 FLAGS(lmp) |= FLG_RT_FIXED; 1720 1721 /* 1722 * Fill in rest of the link map entries with information from the file's 1723 * dynamic structure. 1724 */ 1725 if (dyn) { 1726 Dyninfo *dip; 1727 uint_t dynndx; 1728 Xword pltpadsz = 0; 1729 Rti_desc *rti; 1730 Dyn *pdyn; 1731 Word lmtflags = lml->lm_tflags; 1732 int ignore = 0; 1733 1734 /* 1735 * Note, we use DT_NULL to terminate processing, and the 1736 * dynamic entry count as a fall back. Normally, a DT_NULL 1737 * entry marks the end of the dynamic section. Any non-NULL 1738 * items following the first DT_NULL are silently ignored. 1739 * This situation should only occur through use of elfedit(1) 1740 * or a similar tool. 1741 */ 1742 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp); 1743 dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) { 1744 1745 if (ignore) { 1746 dip->di_flags |= FLG_DI_IGNORE; 1747 continue; 1748 } 1749 1750 switch ((Xword)dyn->d_tag) { 1751 case DT_NULL: 1752 dip->di_flags |= ignore = FLG_DI_IGNORE; 1753 break; 1754 case DT_POSFLAG_1: 1755 dip->di_flags |= FLG_DI_POSFLAG1; 1756 break; 1757 case DT_NEEDED: 1758 case DT_USED: 1759 dip->di_flags |= FLG_DI_NEEDED; 1760 1761 /* BEGIN CSTYLED */ 1762 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 1763 /* 1764 * Identify any non-deferred lazy load for 1765 * future processing, unless LD_NOLAZYLOAD 1766 * has been set. 1767 */ 1768 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 1769 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) 1770 dip->di_flags |= FLG_DI_LAZY; 1771 1772 /* 1773 * Identify any group permission 1774 * requirements. 1775 */ 1776 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) 1777 dip->di_flags |= FLG_DI_GROUP; 1778 1779 /* 1780 * Identify any deferred dependencies. 1781 */ 1782 if (pdyn->d_un.d_val & DF_P1_DEFERRED) 1783 dip->di_flags |= FLG_DI_DEFERRED; 1784 } 1785 /* END CSTYLED */ 1786 break; 1787 case DT_SYMTAB: 1788 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1789 break; 1790 case DT_SUNW_SYMTAB: 1791 SUNWSYMTAB(lmp) = 1792 (void *)(dyn->d_un.d_ptr + base); 1793 break; 1794 case DT_SUNW_SYMSZ: 1795 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1796 break; 1797 case DT_STRTAB: 1798 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1799 break; 1800 case DT_SYMENT: 1801 SYMENT(lmp) = dyn->d_un.d_val; 1802 break; 1803 case DT_FEATURE_1: 1804 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1805 crle = 1; 1806 break; 1807 case DT_MOVESZ: 1808 MOVESZ(lmp) = dyn->d_un.d_val; 1809 FLAGS(lmp) |= FLG_RT_MOVE; 1810 break; 1811 case DT_MOVEENT: 1812 MOVEENT(lmp) = dyn->d_un.d_val; 1813 break; 1814 case DT_MOVETAB: 1815 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1816 break; 1817 case DT_REL: 1818 case DT_RELA: 1819 /* 1820 * At this time, ld.so. can only handle one 1821 * type of relocation per object. 1822 */ 1823 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1824 break; 1825 case DT_RELSZ: 1826 case DT_RELASZ: 1827 RELSZ(lmp) = dyn->d_un.d_val; 1828 break; 1829 case DT_RELENT: 1830 case DT_RELAENT: 1831 RELENT(lmp) = dyn->d_un.d_val; 1832 break; 1833 case DT_RELCOUNT: 1834 case DT_RELACOUNT: 1835 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1836 break; 1837 case DT_HASH: 1838 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1839 break; 1840 case DT_PLTGOT: 1841 PLTGOT(lmp) = 1842 (uint_t *)(dyn->d_un.d_ptr + base); 1843 break; 1844 case DT_PLTRELSZ: 1845 PLTRELSZ(lmp) = dyn->d_un.d_val; 1846 break; 1847 case DT_JMPREL: 1848 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1849 break; 1850 case DT_INIT: 1851 if (dyn->d_un.d_ptr != 0) 1852 INIT(lmp) = 1853 (void (*)())(dyn->d_un.d_ptr + 1854 base); 1855 break; 1856 case DT_FINI: 1857 if (dyn->d_un.d_ptr != 0) 1858 FINI(lmp) = 1859 (void (*)())(dyn->d_un.d_ptr + 1860 base); 1861 break; 1862 case DT_INIT_ARRAY: 1863 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1864 base); 1865 break; 1866 case DT_INIT_ARRAYSZ: 1867 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1868 break; 1869 case DT_FINI_ARRAY: 1870 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1871 base); 1872 break; 1873 case DT_FINI_ARRAYSZ: 1874 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1875 break; 1876 case DT_PREINIT_ARRAY: 1877 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1878 base); 1879 break; 1880 case DT_PREINIT_ARRAYSZ: 1881 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1882 break; 1883 case DT_RPATH: 1884 case DT_RUNPATH: 1885 rpath = dyn->d_un.d_val; 1886 break; 1887 case DT_FILTER: 1888 dip->di_flags |= FLG_DI_STDFLTR; 1889 fltr = dyn->d_un.d_val; 1890 OBJFLTRNDX(lmp) = dynndx; 1891 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1892 break; 1893 case DT_AUXILIARY: 1894 dip->di_flags |= FLG_DI_AUXFLTR; 1895 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1896 fltr = dyn->d_un.d_val; 1897 OBJFLTRNDX(lmp) = dynndx; 1898 } 1899 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1900 break; 1901 case DT_SUNW_FILTER: 1902 dip->di_flags |= 1903 (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 1904 SYMSFLTRCNT(lmp)++; 1905 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1906 break; 1907 case DT_SUNW_AUXILIARY: 1908 dip->di_flags |= 1909 (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 1910 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1911 SYMAFLTRCNT(lmp)++; 1912 } 1913 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1914 break; 1915 case DT_DEPAUDIT: 1916 if (!(rtld_flags & RT_FL_NOAUDIT)) { 1917 audit = dyn->d_un.d_val; 1918 FLAGS1(lmp) |= FL1_RT_DEPAUD; 1919 } 1920 break; 1921 case DT_CONFIG: 1922 cfile = dyn->d_un.d_val; 1923 break; 1924 case DT_DEBUG: 1925 /* 1926 * DT_DEBUG entries are only created in 1927 * dynamic objects that require an interpretor 1928 * (ie. all dynamic executables and some shared 1929 * objects), and provide for a hand-shake with 1930 * old debuggers. This entry is initialized to 1931 * zero by the link-editor. If a debugger is 1932 * monitoring us, and has updated this entry, 1933 * set the debugger monitor flag, and finish 1934 * initializing the debugging structure. See 1935 * setup(). Also, switch off any configuration 1936 * object use as most debuggers can't handle 1937 * fixed dynamic executables as dependencies. 1938 */ 1939 if (dyn->d_un.d_ptr) 1940 rtld_flags |= 1941 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1942 dyn->d_un.d_ptr = (Addr)&r_debug; 1943 break; 1944 case DT_VERNEED: 1945 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1946 base); 1947 break; 1948 case DT_VERNEEDNUM: 1949 /* LINTED */ 1950 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1951 break; 1952 case DT_VERDEF: 1953 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1954 base); 1955 break; 1956 case DT_VERDEFNUM: 1957 /* LINTED */ 1958 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1959 break; 1960 case DT_VERSYM: 1961 /* 1962 * The Solaris ld does not produce DT_VERSYM, 1963 * but the GNU ld does, in order to support 1964 * their style of versioning, which differs 1965 * from ours in some ways, while using the 1966 * same data structures. The presence of 1967 * DT_VERSYM therefore means that GNU 1968 * versioning rules apply to the given file. 1969 * If DT_VERSYM is not present, then Solaris 1970 * versioning rules apply. 1971 */ 1972 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1973 base); 1974 break; 1975 case DT_BIND_NOW: 1976 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1977 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1978 MODE(lmp) |= RTLD_NOW; 1979 MODE(lmp) &= ~RTLD_LAZY; 1980 } 1981 break; 1982 case DT_FLAGS: 1983 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1984 if (dyn->d_un.d_val & DF_SYMBOLIC) 1985 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1986 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1987 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1988 MODE(lmp) |= RTLD_NOW; 1989 MODE(lmp) &= ~RTLD_LAZY; 1990 } 1991 /* 1992 * Capture any static TLS use, and enforce that 1993 * this object be non-deletable. 1994 */ 1995 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1996 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1997 MODE(lmp) |= RTLD_NODELETE; 1998 } 1999 break; 2000 case DT_FLAGS_1: 2001 if (dyn->d_un.d_val & DF_1_DISPRELPND) 2002 FLAGS1(lmp) |= FL1_RT_DISPREL; 2003 if (dyn->d_un.d_val & DF_1_GROUP) 2004 FLAGS(lmp) |= 2005 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 2006 if ((dyn->d_un.d_val & DF_1_NOW) && 2007 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2008 MODE(lmp) |= RTLD_NOW; 2009 MODE(lmp) &= ~RTLD_LAZY; 2010 } 2011 if (dyn->d_un.d_val & DF_1_NODELETE) 2012 MODE(lmp) |= RTLD_NODELETE; 2013 if (dyn->d_un.d_val & DF_1_INITFIRST) 2014 FLAGS(lmp) |= FLG_RT_INITFRST; 2015 if (dyn->d_un.d_val & DF_1_NOOPEN) 2016 FLAGS(lmp) |= FLG_RT_NOOPEN; 2017 if (dyn->d_un.d_val & DF_1_LOADFLTR) 2018 FLAGS(lmp) |= FLG_RT_LOADFLTR; 2019 if (dyn->d_un.d_val & DF_1_NODUMP) 2020 FLAGS(lmp) |= FLG_RT_NODUMP; 2021 if (dyn->d_un.d_val & DF_1_CONFALT) 2022 crle = 1; 2023 if (dyn->d_un.d_val & DF_1_DIRECT) 2024 FLAGS1(lmp) |= FL1_RT_DIRECT; 2025 if (dyn->d_un.d_val & DF_1_NODEFLIB) 2026 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 2027 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 2028 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 2029 if (dyn->d_un.d_val & DF_1_TRANS) 2030 FLAGS(lmp) |= FLG_RT_TRANS; 2031 2032 /* 2033 * Global auditing is only meaningful when 2034 * specified by the initiating object of the 2035 * process - typically the dynamic executable. 2036 * If this is the initiating object, its link- 2037 * map will not yet have been added to the 2038 * link-map list, and consequently the link-map 2039 * list is empty. (see setup()). 2040 */ 2041 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 2042 if (lml_main.lm_head == NULL) 2043 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 2044 else 2045 DBG_CALL(Dbg_audit_ignore(lmp)); 2046 } 2047 2048 /* 2049 * If this object identifies itself as an 2050 * interposer, but relocation processing has 2051 * already started, then demote it. It's too 2052 * late to guarantee complete interposition. 2053 */ 2054 /* BEGIN CSTYLED */ 2055 if (dyn->d_un.d_val & 2056 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2057 if (lml->lm_flags & LML_FLG_STARTREL) { 2058 DBG_CALL(Dbg_util_intoolate(lmp)); 2059 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2060 (void) printf( 2061 MSG_INTL(MSG_LDD_REL_ERR2), 2062 NAME(lmp)); 2063 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2064 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2065 else 2066 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2067 } 2068 /* END CSTYLED */ 2069 break; 2070 case DT_SYMINFO: 2071 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2072 base); 2073 break; 2074 case DT_SYMINENT: 2075 SYMINENT(lmp) = dyn->d_un.d_val; 2076 break; 2077 case DT_PLTPAD: 2078 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2079 break; 2080 case DT_PLTPADSZ: 2081 pltpadsz = dyn->d_un.d_val; 2082 break; 2083 case DT_SUNW_RTLDINF: 2084 /* 2085 * Maintain a list of RTLDINFO structures. 2086 * Typically, libc is the only supplier, and 2087 * only one structure is provided. However, 2088 * multiple suppliers and multiple structures 2089 * are supported. For example, one structure 2090 * may provide thread_init, and another 2091 * structure may provide atexit reservations. 2092 */ 2093 if ((rti = alist_append(&lml->lm_rti, NULL, 2094 sizeof (Rti_desc), 2095 AL_CNT_RTLDINFO)) == NULL) { 2096 remove_so(0, lmp, clmp); 2097 return (NULL); 2098 } 2099 rti->rti_lmp = lmp; 2100 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2101 base); 2102 break; 2103 case DT_SUNW_SORTENT: 2104 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2105 break; 2106 case DT_SUNW_SYMSORT: 2107 SUNWSYMSORT(lmp) = 2108 (void *)(dyn->d_un.d_ptr + base); 2109 break; 2110 case DT_SUNW_SYMSORTSZ: 2111 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2112 break; 2113 case DT_DEPRECATED_SPARC_REGISTER: 2114 case M_DT_REGISTER: 2115 dip->di_flags |= FLG_DI_REGISTER; 2116 FLAGS(lmp) |= FLG_RT_REGSYMS; 2117 break; 2118 case DT_SUNW_CAP: 2119 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base); 2120 break; 2121 case DT_SUNW_CAPINFO: 2122 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base); 2123 break; 2124 case DT_SUNW_CAPCHAIN: 2125 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr + 2126 base); 2127 break; 2128 case DT_SUNW_CAPCHAINENT: 2129 CAPCHAINENT(lmp) = dyn->d_un.d_val; 2130 break; 2131 case DT_SUNW_CAPCHAINSZ: 2132 CAPCHAINSZ(lmp) = dyn->d_un.d_val; 2133 break; 2134 } 2135 } 2136 2137 /* 2138 * Update any Dyninfo string pointers now that STRTAB() is 2139 * known. 2140 */ 2141 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp); 2142 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 2143 2144 switch ((Xword)dyn->d_tag) { 2145 case DT_NEEDED: 2146 case DT_USED: 2147 case DT_FILTER: 2148 case DT_AUXILIARY: 2149 case DT_SUNW_FILTER: 2150 case DT_SUNW_AUXILIARY: 2151 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val; 2152 break; 2153 } 2154 } 2155 2156 /* 2157 * Assign any padding. 2158 */ 2159 if (PLTPAD(lmp)) { 2160 if (pltpadsz == (Xword)0) 2161 PLTPAD(lmp) = NULL; 2162 else 2163 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2164 pltpadsz); 2165 } 2166 } 2167 2168 /* 2169 * A dynsym contains only global functions. We want to have 2170 * a version of it that also includes local functions, so that 2171 * dladdr() will be able to report names for local functions 2172 * when used to generate a stack trace for a stripped file. 2173 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2174 * 2175 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2176 * in order to avoid having to have two copies of the global 2177 * symbols held in DT_SYMTAB: The local symbols are placed in 2178 * a separate section than the globals in the dynsym, but the 2179 * linker conspires to put the data for these two sections adjacent 2180 * to each other. DT_SUNW_SYMTAB points at the top of the local 2181 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2182 * 2183 * If the two sections are not adjacent, then something went wrong 2184 * at link time. We use ASSERT to kill the process if this is 2185 * a debug build. In a production build, we will silently ignore 2186 * the presence of the .ldynsym and proceed. We can detect this 2187 * situation by checking to see that DT_SYMTAB lies in 2188 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2189 */ 2190 if ((SUNWSYMTAB(lmp) != NULL) && 2191 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2192 (((char *)SYMTAB(lmp) >= 2193 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2194 ASSERT(0); 2195 SUNWSYMTAB(lmp) = NULL; 2196 SUNWSYMSZ(lmp) = 0; 2197 } 2198 2199 /* 2200 * If configuration file use hasn't been disabled, and a configuration 2201 * file hasn't already been set via an environment variable, see if any 2202 * application specific configuration file is specified. An LD_CONFIG 2203 * setting is used first, but if this image was generated via crle(1) 2204 * then a default configuration file is a fall-back. 2205 */ 2206 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2207 if (cfile) 2208 config->c_name = (const char *)(cfile + 2209 (char *)STRTAB(lmp)); 2210 else if (crle) 2211 rtld_flags |= RT_FL_CONFAPP; 2212 } 2213 2214 if (rpath) 2215 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2216 if (fltr) 2217 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2218 2219 /* 2220 * For Intel ABI compatibility. It's possible that a JMPREL can be 2221 * specified without any other relocations (e.g. a dynamic executable 2222 * normally only contains .plt relocations). If this is the case then 2223 * no REL, RELSZ or RELENT will have been created. For us to be able 2224 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2225 * the RELENT for these relocations. Refer to elf_reloc() for more 2226 * details. 2227 */ 2228 if (!RELENT(lmp) && JMPREL(lmp)) 2229 RELENT(lmp) = sizeof (M_RELOC); 2230 2231 /* 2232 * Establish any per-object auditing. If we're establishing main's 2233 * link-map its too early to go searching for audit objects so just 2234 * hold the object name for later (see setup()). 2235 */ 2236 if (audit) { 2237 char *cp = audit + (char *)STRTAB(lmp); 2238 2239 if (*cp) { 2240 if (((AUDITORS(lmp) = 2241 calloc(1, sizeof (Audit_desc))) == NULL) || 2242 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2243 remove_so(0, lmp, clmp); 2244 return (NULL); 2245 } 2246 if (lml_main.lm_head) { 2247 if (audit_setup(lmp, AUDITORS(lmp), 0, 2248 in_nfavl) == 0) { 2249 remove_so(0, lmp, clmp); 2250 return (NULL); 2251 } 2252 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2253 lml->lm_flags |= LML_FLG_LOCAUDIT; 2254 } 2255 } 2256 } 2257 2258 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2259 remove_so(0, lmp, clmp); 2260 return (NULL); 2261 } 2262 2263 /* 2264 * A capabilities section should be identified by a DT_SUNW_CAP entry, 2265 * and if non-empty object capabilities are included, a PT_SUNWCAP 2266 * header should reference the section. Make sure CAP() is set 2267 * regardless. 2268 */ 2269 if ((CAP(lmp) == NULL) && cap) 2270 CAP(lmp) = cap; 2271 2272 /* 2273 * Make sure any capabilities information or chain can be handled. 2274 */ 2275 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT)) 2276 CAPINFO(lmp) = NULL; 2277 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT)) 2278 CAPCHAIN(lmp) = NULL; 2279 2280 /* 2281 * As part of processing dependencies, a file descriptor is populated 2282 * with capabilities information following validation. 2283 */ 2284 if (fdp->fd_flags & FLG_FD_ALTCHECK) { 2285 FLAGS1(lmp) |= FL1_RT_ALTCHECK; 2286 CAPSET(lmp) = fdp->fd_scapset; 2287 2288 if (fdp->fd_flags & FLG_FD_ALTCAP) 2289 FLAGS1(lmp) |= FL1_RT_ALTCAP; 2290 2291 } else if ((cap = CAP(lmp)) != NULL) { 2292 /* 2293 * Processing of the executable and ld.so.1 does not involve a 2294 * file descriptor as exec() did all the work, so capture the 2295 * capabilities for these cases. 2296 */ 2297 while (cap->c_tag != CA_SUNW_NULL) { 2298 switch (cap->c_tag) { 2299 case CA_SUNW_HW_1: 2300 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val; 2301 break; 2302 case CA_SUNW_SF_1: 2303 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val; 2304 break; 2305 case CA_SUNW_HW_2: 2306 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val; 2307 break; 2308 case CA_SUNW_PLAT: 2309 CAPSET(lmp).sc_plat = STRTAB(lmp) + 2310 cap->c_un.c_ptr; 2311 break; 2312 case CA_SUNW_MACH: 2313 CAPSET(lmp).sc_mach = STRTAB(lmp) + 2314 cap->c_un.c_ptr; 2315 break; 2316 case CA_SUNW_HW_3: 2317 CAPSET(lmp).sc_hw_3 = cap->c_un.c_val; 2318 break; 2319 } 2320 cap++; 2321 } 2322 } 2323 2324 /* 2325 * If a capabilities chain table exists, duplicate it. The chain table 2326 * is inspected for each initial call to a capabilities family lead 2327 * symbol. From this chain, each family member is inspected to 2328 * determine the 'best' family member. The chain table is then updated 2329 * so that the best member is immediately selected for any further 2330 * family searches. 2331 */ 2332 if (CAPCHAIN(lmp)) { 2333 Capchain *capchain; 2334 2335 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL) 2336 return (NULL); 2337 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp)); 2338 CAPCHAIN(lmp) = capchain; 2339 } 2340 2341 /* 2342 * Add the mapped object to the end of the link map list. 2343 */ 2344 lm_append(lml, lmco, lmp); 2345 2346 /* 2347 * Start the system loading in the ELF information we'll be processing. 2348 */ 2349 if (REL(lmp)) { 2350 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2351 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2352 MADV_WILLNEED); 2353 } 2354 return (lmp); 2355 } 2356 2357 /* 2358 * Build full pathname of shared object from given directory name and filename. 2359 */ 2360 static char * 2361 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2362 { 2363 static char pname[PATH_MAX]; 2364 2365 (void) strncpy(pname, dir, dlen); 2366 pname[dlen++] = '/'; 2367 (void) strncpy(&pname[dlen], file, flen + 1); 2368 return (pname); 2369 } 2370 2371 /* 2372 * The copy relocation is recorded in a copy structure which will be applied 2373 * after all other relocations are carried out. This provides for copying data 2374 * that must be relocated itself (ie. pointers in shared objects). This 2375 * structure also provides a means of binding RTLD_GROUP dependencies to any 2376 * copy relocations that have been taken from any group members. 2377 * 2378 * If the size of the .bss area available for the copy information is not the 2379 * same as the source of the data inform the user if we're under ldd(1) control 2380 * (this checking was only established in 5.3, so by only issuing an error via 2381 * ldd(1) we maintain the standard set by previous releases). 2382 */ 2383 int 2384 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2385 Rt_map *dlmp, const void *dadd) 2386 { 2387 Rel_copy rc; 2388 Lm_list *lml = LIST(rlmp); 2389 2390 rc.r_name = name; 2391 rc.r_rsym = rsym; /* the new reference symbol and its */ 2392 rc.r_rlmp = rlmp; /* associated link-map */ 2393 rc.r_dlmp = dlmp; /* the defining link-map */ 2394 rc.r_dsym = dsym; /* the original definition */ 2395 rc.r_radd = radd; 2396 rc.r_dadd = dadd; 2397 2398 if (rsym->st_size > dsym->st_size) 2399 rc.r_size = (size_t)dsym->st_size; 2400 else 2401 rc.r_size = (size_t)rsym->st_size; 2402 2403 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2404 AL_CNT_COPYREL) == NULL) { 2405 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2406 return (0); 2407 else 2408 return (1); 2409 } 2410 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2411 if (aplist_append(©_S(rlmp), dlmp, 2412 AL_CNT_COPYREL) == NULL) { 2413 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2414 return (0); 2415 else 2416 return (1); 2417 } 2418 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2419 } 2420 2421 /* 2422 * If we are tracing (ldd), warn the user if 2423 * 1) the size from the reference symbol differs from the 2424 * copy definition. We can only copy as much data as the 2425 * reference (dynamic executables) entry allows. 2426 * 2) the copy definition has STV_PROTECTED visibility. 2427 */ 2428 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2429 if (rsym->st_size != dsym->st_size) { 2430 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2431 _conv_reloc_type(M_R_COPY), demangle(name), 2432 NAME(rlmp), EC_XWORD(rsym->st_size), 2433 NAME(dlmp), EC_XWORD(dsym->st_size)); 2434 if (rsym->st_size > dsym->st_size) 2435 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2436 NAME(dlmp)); 2437 else 2438 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2439 NAME(rlmp)); 2440 } 2441 2442 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2443 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2444 _conv_reloc_type(M_R_COPY), demangle(name), 2445 NAME(dlmp)); 2446 } 2447 } 2448 2449 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2450 (Xword)rc.r_size)); 2451 return (1); 2452 } 2453 2454 /* 2455 * Determine the symbol location of an address within a link-map. Look for 2456 * the nearest symbol (whose value is less than or equal to the required 2457 * address). This is the object specific part of dladdr(). 2458 */ 2459 static void 2460 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2461 { 2462 ulong_t ndx, cnt, base, _value; 2463 Sym *sym, *_sym = NULL; 2464 const char *str; 2465 int _flags; 2466 uint_t *dynaddr_ndx; 2467 uint_t dynaddr_n = 0; 2468 ulong_t value; 2469 2470 /* 2471 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2472 * the dynsym that starts with any local function symbols that exist in 2473 * the library and then moves to the data held in SYMTAB(). In this 2474 * case, SUNWSYMSZ tells us how long the symbol table is. The 2475 * availability of local function symbols will enhance the results 2476 * we can provide. 2477 * 2478 * If SUNWSYMTAB() is non-NULL, then there might also be a 2479 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2480 * an array of indices into SUNWSYMTAB, sorted by increasing 2481 * address. We can use this to do an O(log N) search instead of a 2482 * brute force search. 2483 * 2484 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2485 * contains only global symbols. In that case, the length of 2486 * the symbol table comes from the nchain field of the related 2487 * symbol lookup hash table. 2488 */ 2489 str = STRTAB(lmp); 2490 if (SUNWSYMSZ(lmp) == 0) { 2491 sym = SYMTAB(lmp); 2492 /* 2493 * If we don't have a .hash table there are no symbols 2494 * to look at. 2495 */ 2496 if (HASH(lmp) == NULL) 2497 return; 2498 cnt = HASH(lmp)[1]; 2499 } else { 2500 sym = SUNWSYMTAB(lmp); 2501 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2502 dynaddr_ndx = SUNWSYMSORT(lmp); 2503 if (dynaddr_ndx != NULL) 2504 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2505 } 2506 2507 if (FLAGS(lmp) & FLG_RT_FIXED) 2508 base = 0; 2509 else 2510 base = ADDR(lmp); 2511 2512 if (dynaddr_n > 0) { /* Binary search */ 2513 long low = 0, low_bnd; 2514 long high = dynaddr_n - 1, high_bnd; 2515 long mid; 2516 Sym *mid_sym; 2517 2518 /* 2519 * Note that SUNWSYMSORT only contains symbols types that 2520 * supply memory addresses, so there's no need to check and 2521 * filter out any other types. 2522 */ 2523 low_bnd = low; 2524 high_bnd = high; 2525 while (low <= high) { 2526 mid = (low + high) / 2; 2527 mid_sym = &sym[dynaddr_ndx[mid]]; 2528 value = mid_sym->st_value + base; 2529 if (addr < value) { 2530 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2531 addr) 2532 high_bnd = high; 2533 high = mid - 1; 2534 } else if (addr > value) { 2535 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2536 addr) 2537 low_bnd = low; 2538 low = mid + 1; 2539 } else { 2540 _sym = mid_sym; 2541 _value = value; 2542 break; 2543 } 2544 } 2545 /* 2546 * If the above didn't find it exactly, then we must 2547 * return the closest symbol with a value that doesn't 2548 * exceed the one we are looking for. If that symbol exists, 2549 * it will lie in the range bounded by low_bnd and 2550 * high_bnd. This is a linear search, but a short one. 2551 */ 2552 if (_sym == NULL) { 2553 for (mid = low_bnd; mid <= high_bnd; mid++) { 2554 mid_sym = &sym[dynaddr_ndx[mid]]; 2555 value = mid_sym->st_value + base; 2556 if (addr >= value) { 2557 _sym = mid_sym; 2558 _value = value; 2559 } else { 2560 break; 2561 } 2562 } 2563 } 2564 } else { /* Linear search */ 2565 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2566 /* 2567 * Skip expected symbol types that are not functions 2568 * or data: 2569 * - A symbol table starts with an undefined symbol 2570 * in slot 0. If we are using SUNWSYMTAB(), 2571 * there will be a second undefined symbol 2572 * right before the globals. 2573 * - The local part of SUNWSYMTAB() contains a 2574 * series of function symbols. Each section 2575 * starts with an initial STT_FILE symbol. 2576 */ 2577 if ((sym->st_shndx == SHN_UNDEF) || 2578 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2579 continue; 2580 2581 value = sym->st_value + base; 2582 if (value > addr) 2583 continue; 2584 if (value < _value) 2585 continue; 2586 2587 _sym = sym; 2588 _value = value; 2589 2590 /* 2591 * Note, because we accept local and global symbols 2592 * we could find a section symbol that matches the 2593 * associated address, which means that the symbol 2594 * name will be null. In this case continue the 2595 * search in case we can find a global symbol of 2596 * the same value. 2597 */ 2598 if ((value == addr) && 2599 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2600 break; 2601 } 2602 } 2603 2604 _flags = flags & RTLD_DL_MASK; 2605 if (_sym) { 2606 if (_flags == RTLD_DL_SYMENT) 2607 *info = (void *)_sym; 2608 else if (_flags == RTLD_DL_LINKMAP) 2609 *info = (void *)lmp; 2610 2611 dlip->dli_sname = str + _sym->st_name; 2612 dlip->dli_saddr = (void *)_value; 2613 } else { 2614 /* 2615 * addr lies between the beginning of the mapped segment and 2616 * the first global symbol. We have no symbol to return 2617 * and the caller requires one. We use _START_, the base 2618 * address of the mapping. 2619 */ 2620 2621 if (_flags == RTLD_DL_SYMENT) { 2622 /* 2623 * An actual symbol struct is needed, so we 2624 * construct one for _START_. To do this in a 2625 * fully accurate way requires a different symbol 2626 * for each mapped segment. This requires the 2627 * use of dynamic memory and a mutex. That's too much 2628 * plumbing for a fringe case of limited importance. 2629 * 2630 * Fortunately, we can simplify: 2631 * - Only the st_size and st_info fields are useful 2632 * outside of the linker internals. The others 2633 * reference things that outside code cannot see, 2634 * and can be set to 0. 2635 * - It's just a label and there is no size 2636 * to report. So, the size should be 0. 2637 * This means that only st_info needs a non-zero 2638 * (constant) value. A static struct will suffice. 2639 * It must be const (readonly) so the caller can't 2640 * change its meaning for subsequent callers. 2641 */ 2642 static const Sym fsym = { 0, 0, 0, 2643 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2644 *info = (void *) &fsym; 2645 } 2646 2647 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2648 dlip->dli_saddr = (void *) ADDR(lmp); 2649 } 2650 } 2651 2652 /* 2653 * This routine is called as a last fall-back to search for a symbol from a 2654 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing 2655 * the number of objects mapped, any symbol search is first carried out using 2656 * the objects that already exist in the process (either on a link-map list or 2657 * handle). If a symbol can't be found, and lazy dependencies are still 2658 * pending, this routine loads the dependencies in an attempt to locate the 2659 * symbol. 2660 */ 2661 int 2662 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 2663 { 2664 static APlist *alist = NULL; 2665 Aliste idx1; 2666 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap; 2667 const char *name = slp->sl_name; 2668 Slookup sl1 = *slp; 2669 Lm_list *lml; 2670 Lm_cntl *lmc; 2671 2672 /* 2673 * It's quite possible we've been here before to process objects, 2674 * therefore reinitialize our dynamic list. 2675 */ 2676 if (alist) 2677 aplist_reset(alist); 2678 2679 /* 2680 * Discard any relocation index from further symbol searches. This 2681 * index has already been used to trigger any necessary lazy-loads, 2682 * and it might be because one of these lazy loads has failed that 2683 * we're performing this fallback. By removing the relocation index 2684 * we don't try and perform the same failed lazy loading activity again. 2685 */ 2686 sl1.sl_rsymndx = 0; 2687 2688 /* 2689 * Determine the callers link-map list so that we can monitor whether 2690 * new objects have been added. 2691 */ 2692 lml = LIST(clmp); 2693 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp)); 2694 2695 /* 2696 * Generate a local list of new objects to process. This list can grow 2697 * as each object supplies its own lazy dependencies. 2698 */ 2699 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2700 return (0); 2701 2702 for (APLIST_TRAVERSE(alist, idx1, lmp1)) { 2703 uint_t dynndx; 2704 Dyninfo *dip, *pdip; 2705 2706 /* 2707 * Loop through the lazy DT_NEEDED entries examining each object 2708 * for the required symbol. If the symbol is not found, the 2709 * object is in turn added to the local alist, so that the 2710 * objects lazy DT_NEEDED entries can be examined. 2711 */ 2712 lmp = lmp1; 2713 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL; 2714 !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) { 2715 Grp_hdl *ghp; 2716 Grp_desc *gdp; 2717 Rt_map *nlmp, *llmp; 2718 Slookup sl2; 2719 Sresult sr; 2720 Aliste idx2; 2721 2722 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2723 dip->di_info) 2724 continue; 2725 2726 /* 2727 * If this object has already failed to lazy load, and 2728 * we're still processing the same runtime linker 2729 * operation that produced the failure, don't bother 2730 * to try and load the object again. 2731 */ 2732 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2733 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2734 if (pdip->di_info == (void *)ld_entry_cnt) 2735 continue; 2736 2737 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2738 pdip->di_info = NULL; 2739 } 2740 2741 /* 2742 * Determine the last link-map presently on the callers 2743 * link-map control list. 2744 */ 2745 llmp = lmc->lc_tail; 2746 2747 /* 2748 * Try loading this lazy dependency. If the object 2749 * can't be loaded, consider this non-fatal and continue 2750 * the search. Lazy loaded dependencies need not exist 2751 * and their loading should only turn out to be fatal 2752 * if they are required to satisfy a relocation. 2753 * 2754 * A successful lazy load can mean one of two things: 2755 * 2756 * - new objects have been loaded, in which case the 2757 * objects will have been analyzed, relocated, and 2758 * finally moved to the callers control list. 2759 * - the objects are already loaded, and this lazy 2760 * load has simply associated the referenced object 2761 * with it's lazy dependencies. 2762 * 2763 * If new objects are loaded, look in these objects 2764 * first. Note, a new object can be the object being 2765 * referenced by this lazy load, however we can also 2766 * descend into multiple lazy loads as we relocate this 2767 * reference. 2768 * 2769 * If the symbol hasn't been found, use the referenced 2770 * objects handle, as it might have dependencies on 2771 * objects that are already loaded. Note that existing 2772 * objects might have already been searched and skipped 2773 * as non-available to this caller. However, a lazy 2774 * load might have caused the promotion of modes, or 2775 * added this object to the family of the caller. In 2776 * either case, the handle associated with the object 2777 * is then used to carry out the symbol search. 2778 */ 2779 if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name, 2780 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL) 2781 continue; 2782 2783 if (NEXT_RT_MAP(llmp)) { 2784 /* 2785 * Look in any new objects. 2786 */ 2787 sl1.sl_imap = NEXT_RT_MAP(llmp); 2788 sl1.sl_flags &= ~LKUP_STDRELOC; 2789 2790 /* 2791 * Initialize a local symbol result descriptor, 2792 * using the original symbol name. 2793 */ 2794 SRESULT_INIT(sr, slp->sl_name); 2795 2796 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) { 2797 *srp = sr; 2798 return (1); 2799 } 2800 } 2801 2802 /* 2803 * Use the objects handle to inspect the family of 2804 * objects associated with the handle. Note, there's 2805 * a possibility of overlap with the above search, 2806 * should a lazy load bring in new objects and 2807 * reference existing objects. 2808 */ 2809 sl2 = sl1; 2810 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2811 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) && 2812 (gdp->gd_flags & GPD_DLSYM)) { 2813 2814 sl2.sl_imap = gdp->gd_depend; 2815 sl2.sl_flags |= LKUP_FIRST; 2816 2817 /* 2818 * Initialize a local symbol result 2819 * descriptor, using the original 2820 * symbol name. 2821 */ 2822 SRESULT_INIT(sr, slp->sl_name); 2823 2824 if (lookup_sym(&sl2, &sr, binfo, 2825 in_nfavl)) { 2826 *srp = sr; 2827 return (1); 2828 } 2829 } 2830 } 2831 2832 /* 2833 * Some dlsym() operations are already traversing a 2834 * link-map (dlopen(0)), and thus there's no need to 2835 * save them on the dynamic dependency list. 2836 */ 2837 if (slp->sl_flags & LKUP_NODESCENT) 2838 continue; 2839 2840 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == 0) 2841 return (0); 2842 } 2843 } 2844 2845 return (0); 2846 } 2847 2848 /* 2849 * Warning message for bad r_offset. 2850 */ 2851 void 2852 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2853 ulong_t rsymndx) 2854 { 2855 const char *name = NULL; 2856 Lm_list *lml = LIST(lmp); 2857 int trace; 2858 2859 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2860 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2861 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2862 trace = 1; 2863 else 2864 trace = 0; 2865 2866 if ((trace == 0) && (DBG_ENABLED == 0)) 2867 return; 2868 2869 if (rsymndx) { 2870 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2871 (rsymndx * SYMENT(lmp))); 2872 2873 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2874 name = (char *)(STRTAB(lmp) + symref->st_name); 2875 } 2876 2877 if (name == NULL) 2878 name = MSG_INTL(MSG_STR_UNKNOWN); 2879 2880 if (trace) { 2881 const char *rstr; 2882 2883 rstr = _conv_reloc_type((uint_t)rtype); 2884 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2885 EC_ADDR(roffset)); 2886 return; 2887 } 2888 2889 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2890 } 2891 2892 /* 2893 * Resolve a static TLS relocation. 2894 */ 2895 long 2896 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2897 ulong_t roffset, long value) 2898 { 2899 Lm_list *lml = LIST(lmp); 2900 2901 /* 2902 * Relocations against a static TLS block have limited support once 2903 * process initialization has completed. Any error condition should be 2904 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2905 * however individual relocations are tested in case the dynamic flag 2906 * had not been set when this object was built. 2907 */ 2908 if (PTTLS(lmp) == NULL) { 2909 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2910 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2911 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2912 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2913 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2914 return (0); 2915 } 2916 2917 /* 2918 * If no static TLS has been set aside for this object, determine if 2919 * any can be obtained. Enforce that any object using static TLS is 2920 * non-deletable. 2921 */ 2922 if (TLSSTATOFF(lmp) == 0) { 2923 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2924 MODE(lmp) |= RTLD_NODELETE; 2925 2926 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2927 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2928 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2929 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2930 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2931 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2932 return (0); 2933 } 2934 } 2935 2936 /* 2937 * Typically, a static TLS offset is maintained as a symbols value. 2938 * For local symbols that are not apart of the dynamic symbol table, 2939 * the TLS relocation points to a section symbol, and the static TLS 2940 * offset was deposited in the associated GOT table. Make sure the GOT 2941 * is cleared, so that the value isn't reused in do_reloc(). 2942 */ 2943 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2944 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2945 value = *(long *)roffset; 2946 *(long *)roffset = 0; 2947 } else { 2948 value = sym->st_value; 2949 } 2950 } 2951 return (-(TLSSTATOFF(lmp) - value)); 2952 } 2953 2954 /* 2955 * If the symbol is not found and the reference was not to a weak symbol, report 2956 * an error. Weak references may be unresolved. 2957 */ 2958 int 2959 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2960 { 2961 Lm_list *lml = LIST(lmp); 2962 2963 /* 2964 * Under crle(1), relocation failures are ignored. 2965 */ 2966 if (lml->lm_flags & LML_FLG_IGNRELERR) 2967 return (1); 2968 2969 /* 2970 * Under ldd(1), unresolved references are reported. However, if the 2971 * original reference is EXTERN or PARENT these references are ignored 2972 * unless ldd's -p option is in effect. 2973 */ 2974 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2975 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2976 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2977 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2978 demangle(name), NAME(lmp)); 2979 } 2980 return (1); 2981 } 2982 2983 /* 2984 * Otherwise, the unresolved references is fatal. 2985 */ 2986 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2987 NULL, 0, name)); 2988 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2989 demangle(name)); 2990 2991 return (0); 2992 } 2993