1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. 27 */ 28 /* 29 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 30 */ 31 32 /* 33 * Object file dependent support for ELF objects. 34 */ 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline_gen.h" 49 #include "_inline_reloc.h" 50 #include "msg.h" 51 52 /* 53 * Default and secure dependency search paths. 54 */ 55 static Spath_defn _elf_def_dirs[] = { 56 #if defined(_ELF64) 57 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 58 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 59 #else 60 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 61 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 62 #endif 63 { 0, 0 } 64 }; 65 66 static Spath_defn _elf_sec_dirs[] = { 67 #if defined(_ELF64) 68 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 69 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 70 #else 71 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 72 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 73 #endif 74 { 0, 0 } 75 }; 76 77 Alist *elf_def_dirs = NULL; 78 Alist *elf_sec_dirs = NULL; 79 80 /* 81 * Defines for local functions. 82 */ 83 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 84 static Addr elf_entry_point(void); 85 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 86 static Alist **elf_get_def_dirs(void); 87 static Alist **elf_get_sec_dirs(void); 88 static char *elf_get_so(const char *, const char *, size_t, size_t); 89 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 90 91 /* 92 * Functions and data accessed through indirect pointers. 93 */ 94 Fct elf_fct = { 95 elf_verify, 96 elf_new_lmp, 97 elf_entry_point, 98 elf_needed, 99 lookup_sym, 100 elf_reloc, 101 elf_get_def_dirs, 102 elf_get_sec_dirs, 103 elf_fix_name, 104 elf_get_so, 105 elf_dladdr, 106 dlsym_handle 107 }; 108 109 /* 110 * Default and secure dependency search paths. 111 */ 112 static Alist ** 113 elf_get_def_dirs() 114 { 115 if (elf_def_dirs == NULL) 116 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 117 return (&elf_def_dirs); 118 } 119 120 static Alist ** 121 elf_get_sec_dirs() 122 { 123 if (elf_sec_dirs == NULL) 124 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 125 return (&elf_sec_dirs); 126 } 127 128 /* 129 * For a.out we have actual work to do here, on ELF we just perform path 130 * expansion. 131 */ 132 static int 133 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 134 uint_t orig) 135 { 136 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 137 } 138 139 /* 140 * Determine whether this object requires capabilities. 141 */ 142 inline static int 143 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 144 { 145 Phdr *phdr; 146 Cap *cap = NULL; 147 Dyn *dyn = NULL; 148 char *str = NULL; 149 Addr base; 150 uint_t cnt, dyncnt; 151 152 /* 153 * If this is a shared object, the base address of the shared object is 154 * added to all address values defined within the object. Otherwise, if 155 * this is an executable, all object addresses are used as is. 156 */ 157 if (ehdr->e_type == ET_EXEC) 158 base = 0; 159 else 160 base = (Addr)ehdr; 161 162 /* LINTED */ 163 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 164 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 165 if (phdr->p_type == PT_DYNAMIC) { 166 /* LINTED */ 167 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 168 dyncnt = phdr->p_filesz / sizeof (Dyn); 169 } else if (phdr->p_type == PT_SUNWCAP) { 170 /* LINTED */ 171 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 172 } 173 } 174 175 if (cap) { 176 /* 177 * From the .dynamic section, determine the associated string 178 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT 179 * processing. 180 */ 181 while (dyn && dyncnt) { 182 if (dyn->d_tag == DT_NULL) { 183 break; 184 } else if (dyn->d_tag == DT_STRTAB) { 185 str = (char *)(dyn->d_un.d_ptr + base); 186 break; 187 } 188 dyn++, dyncnt--; 189 } 190 } 191 192 /* 193 * Establish any alternative capabilities, and validate this object 194 * if it defines it's own capabilities information. 195 */ 196 return (cap_check_fdesc(fdp, cap, str, rej)); 197 } 198 199 /* 200 * Determine if we have been given an ELF file and if so determine if the file 201 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 202 * with associated error information. 203 */ 204 Fct * 205 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 206 Rej_desc *rej) 207 { 208 Ehdr *ehdr; 209 char *caddr = (char *)addr; 210 211 /* 212 * Determine if we're an elf file. If not simply return, we don't set 213 * any rejection information as this test allows use to scroll through 214 * the objects we support (ELF, AOUT). 215 */ 216 if (size < sizeof (Ehdr) || 217 caddr[EI_MAG0] != ELFMAG0 || 218 caddr[EI_MAG1] != ELFMAG1 || 219 caddr[EI_MAG2] != ELFMAG2 || 220 caddr[EI_MAG3] != ELFMAG3) { 221 return (NULL); 222 } 223 224 /* 225 * Check class and encoding. 226 */ 227 /* LINTED */ 228 ehdr = (Ehdr *)addr; 229 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 230 rej->rej_type = SGS_REJ_CLASS; 231 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 232 return (NULL); 233 } 234 if (ehdr->e_ident[EI_DATA] != M_DATA) { 235 rej->rej_type = SGS_REJ_DATA; 236 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 237 return (NULL); 238 } 239 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 240 (ehdr->e_type != ET_DYN)) { 241 rej->rej_type = SGS_REJ_TYPE; 242 rej->rej_info = (uint_t)ehdr->e_type; 243 return (NULL); 244 } 245 246 /* 247 * Verify ELF version. 248 */ 249 if (ehdr->e_version > EV_CURRENT) { 250 rej->rej_type = SGS_REJ_VERSION; 251 rej->rej_info = (uint_t)ehdr->e_version; 252 return (NULL); 253 } 254 255 /* 256 * Verify machine specific flags. 257 */ 258 if (elf_mach_flags_check(rej, ehdr) == 0) 259 return (NULL); 260 261 /* 262 * Verify any capability requirements. Note, if this object is a shared 263 * object that is explicitly defined on the ldd(1) command line, and it 264 * contains an incompatible capabilities requirement, then inform the 265 * user, but continue processing. 266 */ 267 if (elf_cap_check(fdp, ehdr, rej) == 0) { 268 Rt_map *lmp = lml_main.lm_head; 269 270 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 271 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 272 /* LINTED */ 273 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name, 274 rej->rej_str); 275 return (&elf_fct); 276 } 277 return (NULL); 278 } 279 return (&elf_fct); 280 } 281 282 /* 283 * The runtime linker employs lazy loading to provide the libraries needed for 284 * debugging, preloading .o's and dldump(). As these are seldom used, the 285 * standard startup of ld.so.1 doesn't initialize all the information necessary 286 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 287 * is called we get here to perform these initializations: 288 * 289 * - elf_needed() is called to establish any ld.so.1 dependencies. These 290 * dependencies should all be lazy loaded, so this routine is typically a 291 * no-op. However, we call elf_needed() for completeness, in case any 292 * NEEDED initialization is required. 293 * 294 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These 295 * are by default skipped thus delaying all relative relocation processing 296 * on every invocation of ld.so.1. 297 */ 298 int 299 elf_rtld_load() 300 { 301 Lm_list *lml = &lml_rtld; 302 Rt_map *lmp = lml->lm_head; 303 304 if (lml->lm_flags & LML_FLG_PLTREL) 305 return (1); 306 307 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 308 return (0); 309 310 #if defined(__i386) 311 /* 312 * This is a kludge to give ld.so.1 a performance benefit on i386. 313 * It's based around two factors. 314 * 315 * - JMPSLOT relocations (PLT's) actually need a relative relocation 316 * applied to the GOT entry so that they can find PLT0. 317 * 318 * - ld.so.1 does not exercise *any* PLT's before it has made a call 319 * to elf_lazy_load(). This is because all dynamic dependencies 320 * are recorded as lazy dependencies. 321 */ 322 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 323 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 324 (ulong_t)ADDR(lmp), lmp, NULL, 0); 325 #endif 326 lml->lm_flags |= LML_FLG_PLTREL; 327 return (1); 328 } 329 330 /* 331 * Lazy load an object. 332 */ 333 Rt_map * 334 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 335 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 336 { 337 Alist *palp = NULL; 338 Rt_map *nlmp; 339 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 340 const char *name; 341 Lm_list *lml = LIST(clmp); 342 Aliste lmco; 343 344 /* 345 * If this dependency should be ignored, or has already been processed, 346 * we're done. 347 */ 348 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 349 (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE))) 350 return (nlmp); 351 352 /* 353 * If we're running under ldd(1), indicate that this dependency has been 354 * processed (see test above). It doesn't matter whether the object is 355 * successfully loaded or not, this flag simply ensures that we don't 356 * repeatedly attempt to load an object that has already failed to load. 357 * To do so would create multiple failure diagnostics for the same 358 * object under ldd(1). 359 */ 360 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 361 dip->di_flags |= FLG_DI_LDD_DONE; 362 363 /* 364 * Determine the initial dependency name. 365 */ 366 name = dip->di_name; 367 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 368 369 /* 370 * If this object needs to establish its own group, make sure a handle 371 * is created. 372 */ 373 if (dip->di_flags & FLG_DI_GROUP) 374 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 375 376 /* 377 * Lazy dependencies are identified as DT_NEEDED entries with a 378 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 379 * dynamic information element that corresponds to the DT_POSFLAG_1 380 * entry is free, and thus used to store the present entrance 381 * identifier. This identifier is used to prevent multiple attempts to 382 * load a failed lazy loadable dependency within the same runtime linker 383 * operation. However, future attempts to reload this dependency are 384 * still possible. 385 */ 386 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 387 pdip->di_info = (void *)slp->sl_id; 388 389 /* 390 * Expand the requested name if necessary. 391 */ 392 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 393 return (NULL); 394 395 /* 396 * Establish a link-map control list for this request. 397 */ 398 if ((lmco = create_cntl(lml, 0)) == 0) { 399 remove_alist(&palp, 1); 400 return (NULL); 401 } 402 403 /* 404 * Load the associated object. 405 */ 406 dip->di_info = nlmp = 407 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl); 408 409 /* 410 * Remove any expanded pathname infrastructure. Reduce the pending lazy 411 * dependency count of the caller, together with the link-map lists 412 * count of objects that still have lazy dependencies pending. 413 */ 414 remove_alist(&palp, 1); 415 if (--LAZY(clmp) == 0) 416 LIST(clmp)->lm_lazy--; 417 418 /* 419 * Finish processing the objects associated with this request, and 420 * create an association between the caller and this dependency. 421 */ 422 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 423 ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) || 424 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 425 dip->di_info = nlmp = NULL; 426 427 /* 428 * If this lazyload has failed, and we've created a new link-map 429 * control list to which this request has added objects, then remove 430 * all the objects that have been associated to this request. 431 */ 432 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 433 remove_lmc(lml, clmp, lmco, name); 434 435 /* 436 * Remove any temporary link-map control list. 437 */ 438 if (lmco != ALIST_OFF_DATA) 439 remove_cntl(lml, lmco); 440 441 /* 442 * If this lazy loading failed, record the fact, and bump the lazy 443 * counts. 444 */ 445 if (nlmp == NULL) { 446 dip->di_flags |= FLG_DI_LAZYFAIL; 447 if (LAZY(clmp)++ == 0) 448 LIST(clmp)->lm_lazy++; 449 } 450 451 return (nlmp); 452 } 453 454 /* 455 * Return the entry point of the ELF executable. 456 */ 457 static Addr 458 elf_entry_point(void) 459 { 460 Rt_map *lmp = lml_main.lm_head; 461 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 462 Addr addr = (Addr)(ehdr->e_entry); 463 464 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 465 addr += ADDR(lmp); 466 467 return (addr); 468 } 469 470 /* 471 * Determine if a dependency requires a particular version and if so verify 472 * that the version exists in the dependency. 473 */ 474 int 475 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 476 { 477 Verneed *vnd = VERNEED(clmp); 478 int _num, num = VERNEEDNUM(clmp); 479 char *cstrs = (char *)STRTAB(clmp); 480 Lm_list *lml = LIST(clmp); 481 482 /* 483 * Traverse the callers version needed information and determine if any 484 * specific versions are required from the dependency. 485 */ 486 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 487 for (_num = 1; _num <= num; _num++, 488 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 489 Half cnt = vnd->vn_cnt; 490 Vernaux *vnap; 491 char *nstrs, *need; 492 493 /* 494 * Determine if a needed entry matches this dependency. 495 */ 496 need = (char *)(cstrs + vnd->vn_file); 497 if (strcmp(name, need) != 0) 498 continue; 499 500 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 501 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 502 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 503 504 /* 505 * Validate that each version required actually exists in the 506 * dependency. 507 */ 508 nstrs = (char *)STRTAB(nlmp); 509 510 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 511 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 512 char *version, *define; 513 Verdef *vdf = VERDEF(nlmp); 514 ulong_t _num, num = VERDEFNUM(nlmp); 515 int found = 0; 516 517 /* 518 * Skip validation of versions that are marked 519 * INFO. This optimization is used for versions 520 * that are inherited by another version. Verification 521 * of the inheriting version is sufficient. 522 * 523 * Such versions are recorded in the object for the 524 * benefit of VERSYM entries that refer to them. This 525 * provides a purely diagnostic benefit. 526 */ 527 if (vnap->vna_flags & VER_FLG_INFO) 528 continue; 529 530 version = (char *)(cstrs + vnap->vna_name); 531 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 532 533 for (_num = 1; _num <= num; _num++, 534 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 535 Verdaux *vdap; 536 537 if (vnap->vna_hash != vdf->vd_hash) 538 continue; 539 540 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 541 define = (char *)(nstrs + vdap->vda_name); 542 if (strcmp(version, define) != 0) 543 continue; 544 545 found++; 546 break; 547 } 548 549 /* 550 * If we're being traced print out any matched version 551 * when the verbose (-v) option is in effect. Always 552 * print any unmatched versions. 553 */ 554 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 555 /* BEGIN CSTYLED */ 556 if (found) { 557 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 558 continue; 559 560 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 561 need, version, NAME(nlmp)); 562 } else { 563 if (rtld_flags & RT_FL_SILENCERR) 564 continue; 565 566 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 567 need, version); 568 } 569 /* END CSTYLED */ 570 continue; 571 } 572 573 /* 574 * If the version hasn't been found then this is a 575 * candidate for a fatal error condition. Weak 576 * version definition requirements are silently 577 * ignored. Also, if the image inspected for a version 578 * definition has no versioning recorded at all then 579 * silently ignore this (this provides better backward 580 * compatibility to old images created prior to 581 * versioning being available). Both of these skipped 582 * diagnostics are available under tracing (see above). 583 */ 584 if ((found == 0) && (num != 0) && 585 (!(vnap->vna_flags & VER_FLG_WEAK))) { 586 eprintf(lml, ERR_FATAL, 587 MSG_INTL(MSG_VER_NFOUND), need, version, 588 NAME(clmp)); 589 return (0); 590 } 591 } 592 } 593 DBG_CALL(Dbg_ver_need_done(lml)); 594 return (1); 595 } 596 597 /* 598 * Search through the dynamic section for DT_NEEDED entries and perform one 599 * of two functions. If only the first argument is specified then load the 600 * defined shared object, otherwise add the link map representing the defined 601 * link map the the dlopen list. 602 */ 603 static int 604 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 605 { 606 Alist *palp = NULL; 607 Dyn *dyn; 608 Dyninfo *dip; 609 Word lmflags = lml->lm_flags; 610 611 /* 612 * A DYNINFO() structure is created during link-map generation that 613 * parallels the DYN() information, and defines any flags that 614 * influence a dependencies loading. 615 */ 616 for (dyn = DYN(clmp), dip = DYNINFO(clmp); 617 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 618 uint_t flags = 0, silent = 0; 619 const char *name = dip->di_name; 620 Rt_map *nlmp = NULL; 621 622 if ((dip->di_flags & FLG_DI_NEEDED) == 0) 623 continue; 624 625 /* 626 * Skip any deferred dependencies, unless ldd(1) has forced 627 * their processing. By default, deferred dependencies are 628 * only processed when an explicit binding to an individual 629 * deferred reference is made. 630 */ 631 if ((dip->di_flags & FLG_DI_DEFERRED) && 632 ((rtld_flags & RT_FL_DEFERRED) == 0)) 633 continue; 634 635 /* 636 * NOTE, libc.so.1 can't be lazy loaded. Although a lazy 637 * position flag won't be produced when a RTLDINFO .dynamic 638 * entry is found (introduced with the UPM in Solaris 10), it 639 * was possible to mark libc for lazy loading on previous 640 * releases. To reduce the overhead of testing for this 641 * occurrence, only carry out this check for the first object 642 * on the link-map list (there aren't many applications built 643 * without libc). 644 */ 645 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) && 646 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 647 dip->di_flags &= ~FLG_DI_LAZY; 648 649 /* 650 * Don't bring in lazy loaded objects yet unless we've been 651 * asked to attempt to load all available objects (crle(1) sets 652 * LD_FLAGS=loadavail). Even under RTLD_NOW we don't process 653 * this - RTLD_NOW will cause relocation processing which in 654 * turn might trigger lazy loading, but its possible that the 655 * object has a lazy loaded file with no bindings (i.e., it 656 * should never have been a dependency in the first place). 657 */ 658 if (dip->di_flags & FLG_DI_LAZY) { 659 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 660 LAZY(clmp)++; 661 continue; 662 } 663 664 /* 665 * Silence any error messages - see description under 666 * elf_lookup_filtee(). 667 */ 668 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 669 rtld_flags |= RT_FL_SILENCERR; 670 silent = 1; 671 } 672 } 673 674 DBG_CALL(Dbg_file_needed(clmp, name)); 675 676 /* 677 * If we're running under ldd(1), indicate that this dependency 678 * has been processed. It doesn't matter whether the object is 679 * successfully loaded or not, this flag simply ensures that we 680 * don't repeatedly attempt to load an object that has already 681 * failed to load. To do so would create multiple failure 682 * diagnostics for the same object under ldd(1). 683 */ 684 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 685 dip->di_flags |= FLG_DI_LDD_DONE; 686 687 /* 688 * Identify any group permission requirements. 689 */ 690 if (dip->di_flags & FLG_DI_GROUP) 691 flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 692 693 /* 694 * Establish the objects name, load it and establish a binding 695 * with the caller. 696 */ 697 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 698 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 699 flags, 0, in_nfavl)) == NULL) || 700 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 701 nlmp = NULL; 702 703 /* 704 * Clean up any infrastructure, including the removal of the 705 * error suppression state, if it had been previously set in 706 * this routine. 707 */ 708 remove_alist(&palp, 0); 709 710 if (silent) 711 rtld_flags &= ~RT_FL_SILENCERR; 712 713 if ((dip->di_info = (void *)nlmp) == NULL) { 714 /* 715 * If the object could not be mapped, continue if error 716 * suppression is established or we're here with ldd(1). 717 */ 718 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 719 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 720 continue; 721 else { 722 remove_alist(&palp, 1); 723 return (0); 724 } 725 } 726 } 727 728 if (LAZY(clmp)) 729 lml->lm_lazy++; 730 731 remove_alist(&palp, 1); 732 return (1); 733 } 734 735 /* 736 * A null symbol interpretor. Used if a filter has no associated filtees. 737 */ 738 /* ARGSUSED0 */ 739 static int 740 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 741 { 742 return (0); 743 } 744 745 /* 746 * Disable filtee use. 747 */ 748 static void 749 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 750 { 751 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 752 /* 753 * If this is an object filter, null out the reference name. 754 */ 755 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 756 REFNAME(lmp) = NULL; 757 OBJFLTRNDX(lmp) = FLTR_DISABLED; 758 759 /* 760 * Indicate that this filtee is no longer available. 761 */ 762 if (dip->di_flags & FLG_DI_STDFLTR) 763 SYMINTP(lmp) = elf_null_find_sym; 764 765 } 766 } else if (dip->di_flags & FLG_DI_STDFLTR) { 767 /* 768 * Indicate that this standard filtee is no longer available. 769 */ 770 if (SYMSFLTRCNT(lmp)) 771 SYMSFLTRCNT(lmp)--; 772 } else { 773 /* 774 * Indicate that this auxiliary filtee is no longer available. 775 */ 776 if (SYMAFLTRCNT(lmp)) 777 SYMAFLTRCNT(lmp)--; 778 } 779 dip->di_flags &= ~MSK_DI_FILTER; 780 } 781 782 /* 783 * Find symbol interpreter - filters. 784 * This function is called when the symbols from a shared object should 785 * be resolved from the shared objects filtees instead of from within itself. 786 * 787 * A symbol name of 0 is used to trigger filtee loading. 788 */ 789 static int 790 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 791 int *in_nfavl) 792 { 793 const char *name = slp->sl_name, *filtees; 794 Rt_map *clmp = slp->sl_cmap; 795 Rt_map *ilmp = slp->sl_imap; 796 Pdesc *pdp; 797 int any; 798 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 799 Lm_list *lml = LIST(ilmp); 800 Aliste idx; 801 802 /* 803 * Indicate that the filter has been used. If a binding already exists 804 * to the caller, indicate that this object is referenced. This insures 805 * we don't generate false unreferenced diagnostics from ldd -u/U or 806 * debugging. Don't create a binding regardless, as this filter may 807 * have been dlopen()'ed. 808 */ 809 if (name && (ilmp != clmp)) { 810 Word tracing = (LIST(clmp)->lm_flags & 811 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 812 813 if (tracing || DBG_ENABLED) { 814 Bnd_desc *bdp; 815 Aliste idx; 816 817 FLAGS1(ilmp) |= FL1_RT_USED; 818 819 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 820 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 821 if (bdp->b_caller == clmp) { 822 bdp->b_flags |= BND_REFER; 823 break; 824 } 825 } 826 } 827 } 828 } 829 830 /* 831 * If this is the first call to process this filter, establish the 832 * filtee list. If a configuration file exists, determine if any 833 * filtee associations for this filter, and its filtee reference, are 834 * defined. Otherwise, process the filtee reference. Any token 835 * expansion is also completed at this point (i.e., $PLATFORM). 836 */ 837 filtees = dip->di_name; 838 if (dip->di_info == NULL) { 839 if (rtld_flags2 & RT_FL2_FLTCFG) { 840 elf_config_flt(lml, PATHNAME(ilmp), filtees, 841 (Alist **)&dip->di_info, AL_CNT_FILTEES); 842 } 843 if (dip->di_info == NULL) { 844 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 845 if ((lml->lm_flags & 846 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 847 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 848 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 849 NAME(ilmp), filtees); 850 851 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 852 AL_CNT_FILTEES, 0, 0) == 0) { 853 elf_disable_filtee(ilmp, dip); 854 return (0); 855 } 856 } 857 } 858 859 /* 860 * Traverse the filtee list, dlopen()'ing any objects specified and 861 * using their group handle to lookup the symbol. 862 */ 863 any = 0; 864 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 865 int mode; 866 Grp_hdl *ghp; 867 Rt_map *nlmp = NULL; 868 869 if (pdp->pd_plen == 0) 870 continue; 871 872 /* 873 * Establish the mode of the filtee from the filter. As filtees 874 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 875 * and the filtees aren't global. It would be nice to have 876 * RTLD_FIRST used here also, but as filters got out long before 877 * RTLD_FIRST was introduced it's a little too late now. 878 */ 879 mode = MODE(ilmp) | RTLD_GROUP; 880 mode &= ~RTLD_GLOBAL; 881 882 /* 883 * Insure that any auxiliary filter can locate symbols from its 884 * caller. 885 */ 886 if (dip->di_flags & FLG_DI_AUXFLTR) 887 mode |= RTLD_PARENT; 888 889 /* 890 * Process any capability directory. Establish a new link-map 891 * control list from which to analyze any newly added objects. 892 */ 893 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) { 894 const char *dir = pdp->pd_pname; 895 Aliste lmco; 896 897 /* 898 * Establish a link-map control list for this request. 899 */ 900 if ((lmco = create_cntl(lml, 0)) == 0) 901 return (0); 902 903 /* 904 * Determine the capability filtees. If none can be 905 * found, provide suitable diagnostics. 906 */ 907 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp)); 908 if (cap_filtees((Alist **)&dip->di_info, idx, dir, 909 lmco, ilmp, clmp, filtees, mode, 910 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) { 911 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 912 (dip->di_flags & FLG_DI_AUXFLTR) && 913 (rtld_flags & RT_FL_WARNFLTR)) { 914 (void) printf( 915 MSG_INTL(MSG_LDD_CAP_NFOUND), dir); 916 } 917 DBG_CALL(Dbg_cap_filter(lml, dir, 0)); 918 } 919 920 /* 921 * Re-establish the originating path name descriptor, 922 * as the expansion of capabilities filtees may have 923 * re-allocated the controlling Alist. Mark this 924 * original pathname descriptor as unused so that the 925 * descriptor isn't revisited for processing. Any real 926 * capabilities filtees have been added as new pathname 927 * descriptors following this descriptor. 928 */ 929 pdp = alist_item((Alist *)dip->di_info, idx); 930 pdp->pd_flags &= ~PD_TKN_CAP; 931 pdp->pd_plen = 0; 932 933 /* 934 * Now that any capability objects have been processed, 935 * remove any temporary link-map control list. 936 */ 937 if (lmco != ALIST_OFF_DATA) 938 remove_cntl(lml, lmco); 939 } 940 941 if (pdp->pd_plen == 0) 942 continue; 943 944 /* 945 * Process an individual filtee. 946 */ 947 if (pdp->pd_info == NULL) { 948 const char *filtee = pdp->pd_pname; 949 int audit = 0; 950 951 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 952 953 ghp = NULL; 954 955 /* 956 * Determine if the reference link map is already 957 * loaded. As an optimization compare the filtee with 958 * our interpretor. The most common filter is 959 * libdl.so.1, which is a filter on ld.so.1. 960 */ 961 #if defined(_ELF64) 962 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 963 #else 964 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 965 #endif 966 uint_t hflags, rdflags, cdflags; 967 968 /* 969 * Establish any flags for the handle (Grp_hdl). 970 * 971 * - This is a special, public, ld.so.1 972 * handle. 973 * - Only the first object on this handle 974 * can supply symbols. 975 * - This handle provides a filtee. 976 * 977 * Essentially, this handle allows a caller to 978 * reference the dl*() family of interfaces from 979 * ld.so.1. 980 */ 981 hflags = (GPH_PUBLIC | GPH_LDSO | 982 GPH_FIRST | GPH_FILTEE); 983 984 /* 985 * Establish the flags for the referenced 986 * dependency descriptor (Grp_desc). 987 * 988 * - ld.so.1 is available for dlsym(). 989 * - ld.so.1 is available to relocate 990 * against. 991 * - There's no need to add an dependencies 992 * to this handle. 993 */ 994 rdflags = (GPD_DLSYM | GPD_RELOC); 995 996 /* 997 * Establish the flags for this callers 998 * dependency descriptor (Grp_desc). 999 * 1000 * - The explicit creation of a handle 1001 * creates a descriptor for the referenced 1002 * object and the parent (caller). 1003 */ 1004 cdflags = GPD_PARENT; 1005 1006 nlmp = lml_rtld.lm_head; 1007 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1008 hflags, rdflags, cdflags)) == NULL) 1009 nlmp = NULL; 1010 1011 /* 1012 * Establish the filter handle to prevent any 1013 * recursion. 1014 */ 1015 if (nlmp && ghp) 1016 pdp->pd_info = (void *)ghp; 1017 1018 /* 1019 * Audit the filter/filtee established. Ignore 1020 * any return from the auditor, as we can't 1021 * allow ignore filtering to ld.so.1, otherwise 1022 * nothing is going to work. 1023 */ 1024 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1025 LML_TFLG_AUD_OBJFILTER)) 1026 (void) audit_objfilter(ilmp, filtees, 1027 nlmp, 0); 1028 1029 } else { 1030 Rej_desc rej = { 0 }; 1031 Fdesc fd = { 0 }; 1032 Aliste lmco; 1033 1034 /* 1035 * Trace the inspection of this file, determine 1036 * any auditor substitution, and seed the file 1037 * descriptor with the originating name. 1038 */ 1039 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1040 continue; 1041 1042 /* 1043 * Establish a link-map control list for this 1044 * request. 1045 */ 1046 if ((lmco = create_cntl(lml, 0)) == 0) 1047 return (0); 1048 1049 /* 1050 * Locate and load the filtee. 1051 */ 1052 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1053 FLG_RT_PUBHDL, &ghp, &fd, &rej, 1054 in_nfavl)) == NULL) 1055 file_notfound(LIST(ilmp), filtee, ilmp, 1056 FLG_RT_PUBHDL, &rej); 1057 1058 filtee = pdp->pd_pname; 1059 1060 /* 1061 * Establish the filter handle to prevent any 1062 * recursion. 1063 */ 1064 if (nlmp && ghp) { 1065 ghp->gh_flags |= GPH_FILTEE; 1066 pdp->pd_info = (void *)ghp; 1067 1068 FLAGS1(nlmp) |= FL1_RT_USED; 1069 } 1070 1071 /* 1072 * Audit the filter/filtee established. A 1073 * return of 0 indicates the auditor wishes to 1074 * ignore this filtee. 1075 */ 1076 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1077 LML_TFLG_AUD_OBJFILTER)) { 1078 if (audit_objfilter(ilmp, filtees, 1079 nlmp, 0) == 0) { 1080 audit = 1; 1081 nlmp = NULL; 1082 } 1083 } 1084 1085 /* 1086 * Finish processing the objects associated with 1087 * this request. Create an association between 1088 * this object and the originating filter to 1089 * provide sufficient information to tear down 1090 * this filtee if necessary. 1091 */ 1092 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1093 lmco, nlmp, clmp, in_nfavl)) == NULL) || 1094 (relocate_lmc(lml, lmco, ilmp, nlmp, 1095 in_nfavl) == 0))) 1096 nlmp = NULL; 1097 1098 /* 1099 * If the filtee has been successfully 1100 * processed, then create an association 1101 * between the filter and filtee. This 1102 * association provides sufficient information 1103 * to tear down the filter and filtee if 1104 * necessary. 1105 */ 1106 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1107 if (nlmp && ghp && (hdl_add(ghp, ilmp, 1108 GPD_FILTER, NULL) == NULL)) 1109 nlmp = NULL; 1110 1111 /* 1112 * Generate a diagnostic if the filtee couldn't 1113 * be loaded. 1114 */ 1115 if (nlmp == NULL) 1116 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1117 audit)); 1118 1119 /* 1120 * If this filtee loading has failed, and we've 1121 * created a new link-map control list to which 1122 * this request has added objects, then remove 1123 * all the objects that have been associated to 1124 * this request. 1125 */ 1126 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1127 remove_lmc(lml, clmp, lmco, name); 1128 1129 /* 1130 * Remove any temporary link-map control list. 1131 */ 1132 if (lmco != ALIST_OFF_DATA) 1133 remove_cntl(lml, lmco); 1134 } 1135 1136 /* 1137 * If the filtee couldn't be loaded, null out the 1138 * path name descriptor entry, and continue the search. 1139 * Otherwise, the group handle is retained for future 1140 * symbol searches. 1141 */ 1142 if (nlmp == NULL) { 1143 pdp->pd_info = NULL; 1144 pdp->pd_plen = 0; 1145 continue; 1146 } 1147 } 1148 1149 ghp = (Grp_hdl *)pdp->pd_info; 1150 1151 /* 1152 * If name is NULL, we're here to trigger filtee loading. 1153 * Skip the symbol lookup so that we'll continue looking for 1154 * additional filtees. 1155 */ 1156 if (name) { 1157 Grp_desc *gdp; 1158 int ret = 0; 1159 Aliste idx; 1160 Slookup sl = *slp; 1161 1162 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM); 1163 any++; 1164 1165 /* 1166 * Look for the symbol in the handles dependencies. 1167 */ 1168 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1169 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1170 continue; 1171 1172 /* 1173 * If our parent is a dependency don't look at 1174 * it (otherwise we are in a recursive loop). 1175 * This situation can occur with auxiliary 1176 * filters if the filtee has a dependency on the 1177 * filter. This dependency isn't necessary as 1178 * auxiliary filters are opened RTLD_PARENT, but 1179 * users may still unknowingly add an explicit 1180 * dependency to the parent. 1181 */ 1182 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1183 continue; 1184 1185 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo, 1186 in_nfavl)) != 0) || 1187 (ghp->gh_flags & GPH_FIRST)) 1188 break; 1189 } 1190 1191 /* 1192 * If a symbol has been found, indicate the binding 1193 * and return the symbol. 1194 */ 1195 if (ret) { 1196 *binfo |= DBG_BINFO_FILTEE; 1197 return (1); 1198 } 1199 } 1200 1201 /* 1202 * If this object is tagged to terminate filtee processing we're 1203 * done. 1204 */ 1205 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1206 break; 1207 } 1208 1209 /* 1210 * If we're just here to trigger filtee loading then we're done. 1211 */ 1212 if (name == NULL) 1213 return (0); 1214 1215 /* 1216 * If no filtees have been found for a filter, clean up any path name 1217 * descriptors and disable their search completely. For auxiliary 1218 * filters we can reselect the symbol search function so that we never 1219 * enter this routine again for this object. For standard filters we 1220 * use the null symbol routine. 1221 */ 1222 if (any == 0) { 1223 remove_alist((Alist **)&(dip->di_info), 1); 1224 elf_disable_filtee(ilmp, dip); 1225 } 1226 1227 return (0); 1228 } 1229 1230 /* 1231 * Focal point for disabling error messages for auxiliary filters. As an 1232 * auxiliary filter allows for filtee use, but provides a fallback should a 1233 * filtee not exist (or fail to load), any errors generated as a consequence of 1234 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1235 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is 1236 * produced. ldd(1) employs printf(), and here the selection of whether to 1237 * print a diagnostic in regards to auxiliary filters is a little more complex. 1238 * 1239 * - The determination of whether to produce an ldd message, or a fatal 1240 * error message is driven by LML_FLG_TRC_ENABLE. 1241 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1242 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1243 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1244 * - If the calling object is lddstub, then several classes of message are 1245 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1246 * a stub executable employed to preload a user specified library against. 1247 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1248 * be suppressed. All detailed ldd messages should still be produced. 1249 */ 1250 int 1251 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 1252 int *in_nfavl) 1253 { 1254 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1255 int ret, silent = 0; 1256 1257 /* 1258 * Make sure this entry is still acting as a filter. We may have tried 1259 * to process this previously, and disabled it if the filtee couldn't 1260 * be processed. However, other entries may provide different filtees 1261 * that are yet to be completed. 1262 */ 1263 if (dip->di_flags == 0) 1264 return (0); 1265 1266 /* 1267 * Indicate whether an error message is required should this filtee not 1268 * be found, based on the type of filter. 1269 */ 1270 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1271 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1272 rtld_flags |= RT_FL_SILENCERR; 1273 silent = 1; 1274 } 1275 1276 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl); 1277 1278 if (silent) 1279 rtld_flags &= ~RT_FL_SILENCERR; 1280 1281 return (ret); 1282 } 1283 1284 /* 1285 * Compute the elf hash value (as defined in the ELF access library). 1286 * The form of the hash table is: 1287 * 1288 * |--------------| 1289 * | # of buckets | 1290 * |--------------| 1291 * | # of chains | 1292 * |--------------| 1293 * | bucket[] | 1294 * |--------------| 1295 * | chain[] | 1296 * |--------------| 1297 */ 1298 ulong_t 1299 elf_hash(const char *name) 1300 { 1301 uint_t hval = 0; 1302 1303 while (*name) { 1304 uint_t g; 1305 hval = (hval << 4) + *name++; 1306 if ((g = (hval & 0xf0000000)) != 0) 1307 hval ^= g >> 24; 1308 hval &= ~g; 1309 } 1310 return ((ulong_t)hval); 1311 } 1312 1313 /* 1314 * Look up a symbol. The callers lookup information is passed in the Slookup 1315 * structure, and any resultant binding information is returned in the Sresult 1316 * structure. 1317 */ 1318 int 1319 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 1320 { 1321 const char *name = slp->sl_name; 1322 Rt_map *ilmp = slp->sl_imap; 1323 ulong_t hash = slp->sl_hash; 1324 uint_t ndx, hashoff, buckets, *chainptr; 1325 Sym *sym, *symtabptr; 1326 char *strtabptr, *strtabname; 1327 uint_t flags1; 1328 Syminfo *sip; 1329 1330 /* 1331 * If we're only here to establish a symbols index, skip the diagnostic 1332 * used to trace a symbol search. 1333 */ 1334 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1335 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1336 1337 if (HASH(ilmp) == NULL) 1338 return (0); 1339 1340 buckets = HASH(ilmp)[0]; 1341 /* LINTED */ 1342 hashoff = ((uint_t)hash % buckets) + 2; 1343 1344 /* 1345 * Get the first symbol from the hash chain and initialize the string 1346 * and symbol table pointers. 1347 */ 1348 if ((ndx = HASH(ilmp)[hashoff]) == 0) 1349 return (0); 1350 1351 chainptr = HASH(ilmp) + 2 + buckets; 1352 strtabptr = STRTAB(ilmp); 1353 symtabptr = SYMTAB(ilmp); 1354 1355 while (ndx) { 1356 sym = symtabptr + ndx; 1357 strtabname = strtabptr + sym->st_name; 1358 1359 /* 1360 * Compare the symbol found with the name required. If the 1361 * names don't match continue with the next hash entry. 1362 */ 1363 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1364 hashoff = ndx + buckets + 2; 1365 if ((ndx = chainptr[ndx]) != 0) 1366 continue; 1367 return (0); 1368 } 1369 1370 /* 1371 * Symbols that are defined as hidden within an object usually 1372 * have any references from within the same object bound at 1373 * link-edit time, thus ld.so.1 is not involved. However, if 1374 * these are capabilities symbols, then references to them must 1375 * be resolved at runtime. A hidden symbol can only be bound 1376 * to by the object that defines the symbol. 1377 */ 1378 if ((sym->st_shndx != SHN_UNDEF) && 1379 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) && 1380 (slp->sl_cmap != ilmp)) 1381 return (0); 1382 1383 /* 1384 * The Solaris ld does not put DT_VERSYM in the dynamic 1385 * section, but the GNU ld does. The GNU runtime linker 1386 * interprets the top bit of the 16-bit Versym value 1387 * (0x8000) as the "hidden" bit. If this bit is set, 1388 * the linker is supposed to act as if that symbol does 1389 * not exist. The hidden bit supports their versioning 1390 * scheme, which allows multiple incompatible functions 1391 * with the same name to exist at different versions 1392 * within an object. The Solaris linker does not support this 1393 * mechanism, or the model of interface evolution that 1394 * it allows, but we honor the hidden bit in GNU ld 1395 * produced objects in order to interoperate with them. 1396 */ 1397 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) { 1398 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1399 ndx, VERSYM(ilmp)[ndx])); 1400 return (0); 1401 } 1402 1403 /* 1404 * If we're only here to establish a symbol's index, we're done. 1405 */ 1406 if (slp->sl_flags & LKUP_SYMNDX) { 1407 srp->sr_dmap = ilmp; 1408 srp->sr_sym = sym; 1409 return (1); 1410 } 1411 1412 /* 1413 * If we find a match and the symbol is defined, capture the 1414 * symbol pointer and the link map in which it was found. 1415 */ 1416 if (sym->st_shndx != SHN_UNDEF) { 1417 srp->sr_dmap = ilmp; 1418 srp->sr_sym = sym; 1419 *binfo |= DBG_BINFO_FOUND; 1420 1421 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1422 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1423 is_sym_interposer(ilmp, sym))) 1424 *binfo |= DBG_BINFO_INTERPOSE; 1425 break; 1426 1427 /* 1428 * If we find a match and the symbol is undefined, the 1429 * symbol type is a function, and the value of the symbol 1430 * is non zero, then this is a special case. This allows 1431 * the resolution of a function address to the plt[] entry. 1432 * See SPARC ABI, Dynamic Linking, Function Addresses for 1433 * more details. 1434 */ 1435 } else if ((slp->sl_flags & LKUP_SPEC) && 1436 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1437 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1438 srp->sr_dmap = ilmp; 1439 srp->sr_sym = sym; 1440 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1441 1442 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1443 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1444 is_sym_interposer(ilmp, sym))) 1445 *binfo |= DBG_BINFO_INTERPOSE; 1446 return (1); 1447 } 1448 1449 /* 1450 * Undefined symbol. 1451 */ 1452 return (0); 1453 } 1454 1455 /* 1456 * We've found a match. Determine if the defining object contains 1457 * symbol binding information. 1458 */ 1459 if ((sip = SYMINFO(ilmp)) != NULL) 1460 sip += ndx; 1461 1462 /* 1463 * If this definition is a singleton, and we haven't followed a default 1464 * symbol search knowing that we're looking for a singleton (presumably 1465 * because the symbol definition has been changed since the referring 1466 * object was built), then reject this binding so that the caller can 1467 * fall back to a standard symbol search. 1468 */ 1469 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1470 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1471 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1472 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1473 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1474 DBG_BNDREJ_SINGLE)); 1475 *binfo |= BINFO_REJSINGLE; 1476 *binfo &= ~DBG_BINFO_MSK; 1477 return (0); 1478 } 1479 1480 /* 1481 * If this is a direct binding request, but the symbol definition has 1482 * disabled directly binding to it (presumably because the symbol 1483 * definition has been changed since the referring object was built), 1484 * reject this binding so that the caller can fall back to a standard 1485 * symbol search. 1486 */ 1487 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1488 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1489 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1490 DBG_BNDREJ_DIRECT)); 1491 *binfo |= BINFO_REJDIRECT; 1492 *binfo &= ~DBG_BINFO_MSK; 1493 return (0); 1494 } 1495 1496 /* 1497 * If this is a binding request within an RTLD_GROUP family, and the 1498 * symbol has disabled directly binding to it, reject this binding so 1499 * that the caller can fall back to a standard symbol search. 1500 * 1501 * Effectively, an RTLD_GROUP family achieves what can now be 1502 * established with direct bindings. However, various symbols have 1503 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1504 * 1505 * A symbol marked as no-direct cannot be used within a group without 1506 * first ensuring that the symbol has not been interposed upon outside 1507 * of the group. A common example occurs when users implement their own 1508 * version of malloc() in the executable. Such a malloc() interposes on 1509 * the libc:malloc, and this interposition must be honored within the 1510 * group as well. 1511 * 1512 * Following any rejection, LKUP_WORLD is established as a means of 1513 * overriding this test as we return to a standard search. 1514 */ 1515 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1516 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1517 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1518 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1519 DBG_BNDREJ_GROUP)); 1520 *binfo |= BINFO_REJGROUP; 1521 *binfo &= ~DBG_BINFO_MSK; 1522 return (0); 1523 } 1524 1525 /* 1526 * If this symbol is associated with capabilities, then each of the 1527 * capabilities instances needs to be compared against the system 1528 * capabilities. The best instance will be chosen to satisfy this 1529 * binding. 1530 */ 1531 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) && 1532 (cap_match(srp, ndx, symtabptr, strtabptr) == 0)) 1533 return (0); 1534 1535 /* 1536 * Determine whether this object is acting as a filter. 1537 */ 1538 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1539 return (1); 1540 1541 /* 1542 * Determine if this object offers per-symbol filtering, and if so, 1543 * whether this symbol references a filtee. 1544 */ 1545 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1546 /* 1547 * If this is a standard filter reference, and no standard 1548 * filtees remain to be inspected, we're done. If this is an 1549 * auxiliary filter reference, and no auxiliary filtees remain, 1550 * we'll fall through in case any object filtering is available. 1551 */ 1552 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1553 (SYMSFLTRCNT(ilmp) == 0)) 1554 return (0); 1555 1556 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1557 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1558 SYMAFLTRCNT(ilmp))) { 1559 Sresult sr; 1560 1561 /* 1562 * Initialize a local symbol result descriptor, using 1563 * the original symbol name. 1564 */ 1565 SRESULT_INIT(sr, slp->sl_name); 1566 1567 /* 1568 * This symbol has an associated filtee. Lookup the 1569 * symbol in the filtee, and if it is found return it. 1570 * If the symbol doesn't exist, and this is a standard 1571 * filter, return an error, otherwise fall through to 1572 * catch any object filtering that may be available. 1573 */ 1574 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto, 1575 in_nfavl)) { 1576 *srp = sr; 1577 return (1); 1578 } 1579 if (sip->si_flags & SYMINFO_FLG_FILTER) 1580 return (0); 1581 } 1582 } 1583 1584 /* 1585 * Determine if this object provides global filtering. 1586 */ 1587 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1588 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1589 Sresult sr; 1590 1591 /* 1592 * Initialize a local symbol result descriptor, using 1593 * the original symbol name. 1594 */ 1595 SRESULT_INIT(sr, slp->sl_name); 1596 1597 /* 1598 * This object has an associated filtee. Lookup the 1599 * symbol in the filtee, and if it is found return it. 1600 * If the symbol doesn't exist, and this is a standard 1601 * filter, return and error, otherwise return the symbol 1602 * within the filter itself. 1603 */ 1604 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp), 1605 in_nfavl)) { 1606 *srp = sr; 1607 return (1); 1608 } 1609 } 1610 1611 if (flags1 & FL1_RT_OBJSFLTR) 1612 return (0); 1613 } 1614 return (1); 1615 } 1616 1617 /* 1618 * Create a new Rt_map structure for an ELF object and initialize 1619 * all values. 1620 */ 1621 Rt_map * 1622 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1623 void *odyn, Rt_map *clmp, int *in_nfavl) 1624 { 1625 const char *name = fdp->fd_nname; 1626 Rt_map *lmp; 1627 Ehdr *ehdr = (Ehdr *)addr; 1628 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1629 Dyn *dyn = (Dyn *)odyn; 1630 Cap *cap = NULL; 1631 int ndx; 1632 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1633 Xword rpath = 0; 1634 size_t lmsz, rtsz, epsz, dynsz = 0; 1635 uint_t dyncnt = 0; 1636 1637 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1638 1639 /* 1640 * If this is a shared object, the base address of the shared object is 1641 * added to all address values defined within the object. Otherwise, if 1642 * this is an executable, all object addresses are used as is. 1643 */ 1644 if (ehdr->e_type == ET_EXEC) 1645 base = 0; 1646 else 1647 base = addr; 1648 1649 /* 1650 * Traverse the program header table, picking off required items. This 1651 * traversal also provides for the sizing of the PT_DYNAMIC section. 1652 */ 1653 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1654 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1655 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1656 switch (phdr->p_type) { 1657 case PT_DYNAMIC: 1658 dphdr = phdr; 1659 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1660 break; 1661 case PT_TLS: 1662 tphdr = phdr; 1663 break; 1664 case PT_SUNWCAP: 1665 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1666 break; 1667 case PT_SUNW_UNWIND: 1668 case PT_SUNW_EH_FRAME: 1669 uphdr = phdr; 1670 break; 1671 default: 1672 break; 1673 } 1674 } 1675 1676 /* 1677 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1678 * allocation. Sadly, this is a little larger than we really need, 1679 * as there are typically padding DT_NULL entries. However, adding 1680 * this data to the initial link-map allocation is a win. 1681 */ 1682 if (dyn) { 1683 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1684 dynsz = dyncnt * sizeof (Dyninfo); 1685 } 1686 1687 /* 1688 * Allocate space for the link-map, private elf information, and 1689 * DYNINFO() data. Once these are allocated and initialized, 1690 * remove_so(0, lmp) can be used to tear down the link-map allocation 1691 * should any failures occur. 1692 */ 1693 rtsz = S_DROUND(sizeof (Rt_map)); 1694 epsz = S_DROUND(sizeof (Rt_elfp)); 1695 lmsz = rtsz + epsz + dynsz; 1696 if ((lmp = calloc(lmsz, 1)) == NULL) 1697 return (NULL); 1698 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1699 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1700 LMSIZE(lmp) = lmsz; 1701 1702 /* 1703 * All fields not filled in were set to 0 by calloc. 1704 */ 1705 NAME(lmp) = (char *)name; 1706 ADDR(lmp) = addr; 1707 MSIZE(lmp) = msize; 1708 SYMINTP(lmp) = elf_find_sym; 1709 FCT(lmp) = &elf_fct; 1710 LIST(lmp) = lml; 1711 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1712 SORTVAL(lmp) = -1; 1713 DYN(lmp) = dyn; 1714 DYNINFOCNT(lmp) = dyncnt; 1715 PTUNWIND(lmp) = uphdr; 1716 1717 if (ehdr->e_type == ET_EXEC) 1718 FLAGS(lmp) |= FLG_RT_FIXED; 1719 1720 /* 1721 * Fill in rest of the link map entries with information from the file's 1722 * dynamic structure. 1723 */ 1724 if (dyn) { 1725 Dyninfo *dip; 1726 uint_t dynndx; 1727 Xword pltpadsz = 0; 1728 Rti_desc *rti; 1729 Dyn *pdyn; 1730 Word lmtflags = lml->lm_tflags; 1731 int ignore = 0; 1732 1733 /* 1734 * Note, we use DT_NULL to terminate processing, and the 1735 * dynamic entry count as a fall back. Normally, a DT_NULL 1736 * entry marks the end of the dynamic section. Any non-NULL 1737 * items following the first DT_NULL are silently ignored. 1738 * This situation should only occur through use of elfedit(1) 1739 * or a similar tool. 1740 */ 1741 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp); 1742 dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) { 1743 1744 if (ignore) { 1745 dip->di_flags |= FLG_DI_IGNORE; 1746 continue; 1747 } 1748 1749 switch ((Xword)dyn->d_tag) { 1750 case DT_NULL: 1751 dip->di_flags |= ignore = FLG_DI_IGNORE; 1752 break; 1753 case DT_POSFLAG_1: 1754 dip->di_flags |= FLG_DI_POSFLAG1; 1755 break; 1756 case DT_NEEDED: 1757 case DT_USED: 1758 dip->di_flags |= FLG_DI_NEEDED; 1759 1760 /* BEGIN CSTYLED */ 1761 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 1762 /* 1763 * Identify any non-deferred lazy load for 1764 * future processing, unless LD_NOLAZYLOAD 1765 * has been set. 1766 */ 1767 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 1768 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) 1769 dip->di_flags |= FLG_DI_LAZY; 1770 1771 /* 1772 * Identify any group permission 1773 * requirements. 1774 */ 1775 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) 1776 dip->di_flags |= FLG_DI_GROUP; 1777 1778 /* 1779 * Identify any deferred dependencies. 1780 */ 1781 if (pdyn->d_un.d_val & DF_P1_DEFERRED) 1782 dip->di_flags |= FLG_DI_DEFERRED; 1783 } 1784 /* END CSTYLED */ 1785 break; 1786 case DT_SYMTAB: 1787 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1788 break; 1789 case DT_SUNW_SYMTAB: 1790 SUNWSYMTAB(lmp) = 1791 (void *)(dyn->d_un.d_ptr + base); 1792 break; 1793 case DT_SUNW_SYMSZ: 1794 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1795 break; 1796 case DT_STRTAB: 1797 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1798 break; 1799 case DT_SYMENT: 1800 SYMENT(lmp) = dyn->d_un.d_val; 1801 break; 1802 case DT_FEATURE_1: 1803 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1804 crle = 1; 1805 break; 1806 case DT_MOVESZ: 1807 MOVESZ(lmp) = dyn->d_un.d_val; 1808 FLAGS(lmp) |= FLG_RT_MOVE; 1809 break; 1810 case DT_MOVEENT: 1811 MOVEENT(lmp) = dyn->d_un.d_val; 1812 break; 1813 case DT_MOVETAB: 1814 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1815 break; 1816 case DT_REL: 1817 case DT_RELA: 1818 /* 1819 * At this time, ld.so. can only handle one 1820 * type of relocation per object. 1821 */ 1822 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1823 break; 1824 case DT_RELSZ: 1825 case DT_RELASZ: 1826 RELSZ(lmp) = dyn->d_un.d_val; 1827 break; 1828 case DT_RELENT: 1829 case DT_RELAENT: 1830 RELENT(lmp) = dyn->d_un.d_val; 1831 break; 1832 case DT_RELCOUNT: 1833 case DT_RELACOUNT: 1834 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1835 break; 1836 case DT_HASH: 1837 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1838 break; 1839 case DT_PLTGOT: 1840 PLTGOT(lmp) = 1841 (uint_t *)(dyn->d_un.d_ptr + base); 1842 break; 1843 case DT_PLTRELSZ: 1844 PLTRELSZ(lmp) = dyn->d_un.d_val; 1845 break; 1846 case DT_JMPREL: 1847 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1848 break; 1849 case DT_INIT: 1850 if (dyn->d_un.d_ptr != 0) 1851 INIT(lmp) = 1852 (void (*)())(dyn->d_un.d_ptr + 1853 base); 1854 break; 1855 case DT_FINI: 1856 if (dyn->d_un.d_ptr != 0) 1857 FINI(lmp) = 1858 (void (*)())(dyn->d_un.d_ptr + 1859 base); 1860 break; 1861 case DT_INIT_ARRAY: 1862 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1863 base); 1864 break; 1865 case DT_INIT_ARRAYSZ: 1866 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1867 break; 1868 case DT_FINI_ARRAY: 1869 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1870 base); 1871 break; 1872 case DT_FINI_ARRAYSZ: 1873 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1874 break; 1875 case DT_PREINIT_ARRAY: 1876 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1877 base); 1878 break; 1879 case DT_PREINIT_ARRAYSZ: 1880 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1881 break; 1882 case DT_RPATH: 1883 case DT_RUNPATH: 1884 rpath = dyn->d_un.d_val; 1885 break; 1886 case DT_FILTER: 1887 dip->di_flags |= FLG_DI_STDFLTR; 1888 fltr = dyn->d_un.d_val; 1889 OBJFLTRNDX(lmp) = dynndx; 1890 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1891 break; 1892 case DT_AUXILIARY: 1893 dip->di_flags |= FLG_DI_AUXFLTR; 1894 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1895 fltr = dyn->d_un.d_val; 1896 OBJFLTRNDX(lmp) = dynndx; 1897 } 1898 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1899 break; 1900 case DT_SUNW_FILTER: 1901 dip->di_flags |= 1902 (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 1903 SYMSFLTRCNT(lmp)++; 1904 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1905 break; 1906 case DT_SUNW_AUXILIARY: 1907 dip->di_flags |= 1908 (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 1909 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1910 SYMAFLTRCNT(lmp)++; 1911 } 1912 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1913 break; 1914 case DT_DEPAUDIT: 1915 if (!(rtld_flags & RT_FL_NOAUDIT)) { 1916 audit = dyn->d_un.d_val; 1917 FLAGS1(lmp) |= FL1_RT_DEPAUD; 1918 } 1919 break; 1920 case DT_CONFIG: 1921 cfile = dyn->d_un.d_val; 1922 break; 1923 case DT_DEBUG: 1924 /* 1925 * DT_DEBUG entries are only created in 1926 * dynamic objects that require an interpretor 1927 * (ie. all dynamic executables and some shared 1928 * objects), and provide for a hand-shake with 1929 * old debuggers. This entry is initialized to 1930 * zero by the link-editor. If a debugger is 1931 * monitoring us, and has updated this entry, 1932 * set the debugger monitor flag, and finish 1933 * initializing the debugging structure. See 1934 * setup(). Also, switch off any configuration 1935 * object use as most debuggers can't handle 1936 * fixed dynamic executables as dependencies. 1937 */ 1938 if (dyn->d_un.d_ptr) 1939 rtld_flags |= 1940 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1941 dyn->d_un.d_ptr = (Addr)&r_debug; 1942 break; 1943 case DT_VERNEED: 1944 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1945 base); 1946 break; 1947 case DT_VERNEEDNUM: 1948 /* LINTED */ 1949 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1950 break; 1951 case DT_VERDEF: 1952 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1953 base); 1954 break; 1955 case DT_VERDEFNUM: 1956 /* LINTED */ 1957 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1958 break; 1959 case DT_VERSYM: 1960 /* 1961 * The Solaris ld does not produce DT_VERSYM, 1962 * but the GNU ld does, in order to support 1963 * their style of versioning, which differs 1964 * from ours in some ways, while using the 1965 * same data structures. The presence of 1966 * DT_VERSYM therefore means that GNU 1967 * versioning rules apply to the given file. 1968 * If DT_VERSYM is not present, then Solaris 1969 * versioning rules apply. 1970 */ 1971 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1972 base); 1973 break; 1974 case DT_BIND_NOW: 1975 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1976 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1977 MODE(lmp) |= RTLD_NOW; 1978 MODE(lmp) &= ~RTLD_LAZY; 1979 } 1980 break; 1981 case DT_FLAGS: 1982 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1983 if (dyn->d_un.d_val & DF_SYMBOLIC) 1984 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1985 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1986 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1987 MODE(lmp) |= RTLD_NOW; 1988 MODE(lmp) &= ~RTLD_LAZY; 1989 } 1990 /* 1991 * Capture any static TLS use, and enforce that 1992 * this object be non-deletable. 1993 */ 1994 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1995 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1996 MODE(lmp) |= RTLD_NODELETE; 1997 } 1998 break; 1999 case DT_FLAGS_1: 2000 if (dyn->d_un.d_val & DF_1_DISPRELPND) 2001 FLAGS1(lmp) |= FL1_RT_DISPREL; 2002 if (dyn->d_un.d_val & DF_1_GROUP) 2003 FLAGS(lmp) |= 2004 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 2005 if ((dyn->d_un.d_val & DF_1_NOW) && 2006 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2007 MODE(lmp) |= RTLD_NOW; 2008 MODE(lmp) &= ~RTLD_LAZY; 2009 } 2010 if (dyn->d_un.d_val & DF_1_NODELETE) 2011 MODE(lmp) |= RTLD_NODELETE; 2012 if (dyn->d_un.d_val & DF_1_INITFIRST) 2013 FLAGS(lmp) |= FLG_RT_INITFRST; 2014 if (dyn->d_un.d_val & DF_1_NOOPEN) 2015 FLAGS(lmp) |= FLG_RT_NOOPEN; 2016 if (dyn->d_un.d_val & DF_1_LOADFLTR) 2017 FLAGS(lmp) |= FLG_RT_LOADFLTR; 2018 if (dyn->d_un.d_val & DF_1_NODUMP) 2019 FLAGS(lmp) |= FLG_RT_NODUMP; 2020 if (dyn->d_un.d_val & DF_1_CONFALT) 2021 crle = 1; 2022 if (dyn->d_un.d_val & DF_1_DIRECT) 2023 FLAGS1(lmp) |= FL1_RT_DIRECT; 2024 if (dyn->d_un.d_val & DF_1_NODEFLIB) 2025 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 2026 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 2027 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 2028 if (dyn->d_un.d_val & DF_1_TRANS) 2029 FLAGS(lmp) |= FLG_RT_TRANS; 2030 2031 /* 2032 * Global auditing is only meaningful when 2033 * specified by the initiating object of the 2034 * process - typically the dynamic executable. 2035 * If this is the initiating object, its link- 2036 * map will not yet have been added to the 2037 * link-map list, and consequently the link-map 2038 * list is empty. (see setup()). 2039 */ 2040 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 2041 if (lml_main.lm_head == NULL) 2042 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 2043 else 2044 DBG_CALL(Dbg_audit_ignore(lmp)); 2045 } 2046 2047 /* 2048 * If this object identifies itself as an 2049 * interposer, but relocation processing has 2050 * already started, then demote it. It's too 2051 * late to guarantee complete interposition. 2052 */ 2053 /* BEGIN CSTYLED */ 2054 if (dyn->d_un.d_val & 2055 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2056 if (lml->lm_flags & LML_FLG_STARTREL) { 2057 DBG_CALL(Dbg_util_intoolate(lmp)); 2058 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2059 (void) printf( 2060 MSG_INTL(MSG_LDD_REL_ERR2), 2061 NAME(lmp)); 2062 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2063 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2064 else 2065 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2066 } 2067 /* END CSTYLED */ 2068 break; 2069 case DT_SYMINFO: 2070 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2071 base); 2072 break; 2073 case DT_SYMINENT: 2074 SYMINENT(lmp) = dyn->d_un.d_val; 2075 break; 2076 case DT_PLTPAD: 2077 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2078 break; 2079 case DT_PLTPADSZ: 2080 pltpadsz = dyn->d_un.d_val; 2081 break; 2082 case DT_SUNW_RTLDINF: 2083 /* 2084 * Maintain a list of RTLDINFO structures. 2085 * Typically, libc is the only supplier, and 2086 * only one structure is provided. However, 2087 * multiple suppliers and multiple structures 2088 * are supported. For example, one structure 2089 * may provide thread_init, and another 2090 * structure may provide atexit reservations. 2091 */ 2092 if ((rti = alist_append(&lml->lm_rti, NULL, 2093 sizeof (Rti_desc), 2094 AL_CNT_RTLDINFO)) == NULL) { 2095 remove_so(0, lmp, clmp); 2096 return (NULL); 2097 } 2098 rti->rti_lmp = lmp; 2099 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2100 base); 2101 break; 2102 case DT_SUNW_SORTENT: 2103 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2104 break; 2105 case DT_SUNW_SYMSORT: 2106 SUNWSYMSORT(lmp) = 2107 (void *)(dyn->d_un.d_ptr + base); 2108 break; 2109 case DT_SUNW_SYMSORTSZ: 2110 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2111 break; 2112 case DT_DEPRECATED_SPARC_REGISTER: 2113 case M_DT_REGISTER: 2114 dip->di_flags |= FLG_DI_REGISTER; 2115 FLAGS(lmp) |= FLG_RT_REGSYMS; 2116 break; 2117 case DT_SUNW_CAP: 2118 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base); 2119 break; 2120 case DT_SUNW_CAPINFO: 2121 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base); 2122 break; 2123 case DT_SUNW_CAPCHAIN: 2124 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr + 2125 base); 2126 break; 2127 case DT_SUNW_CAPCHAINENT: 2128 CAPCHAINENT(lmp) = dyn->d_un.d_val; 2129 break; 2130 case DT_SUNW_CAPCHAINSZ: 2131 CAPCHAINSZ(lmp) = dyn->d_un.d_val; 2132 break; 2133 } 2134 } 2135 2136 /* 2137 * Update any Dyninfo string pointers now that STRTAB() is 2138 * known. 2139 */ 2140 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp); 2141 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 2142 2143 switch ((Xword)dyn->d_tag) { 2144 case DT_NEEDED: 2145 case DT_USED: 2146 case DT_FILTER: 2147 case DT_AUXILIARY: 2148 case DT_SUNW_FILTER: 2149 case DT_SUNW_AUXILIARY: 2150 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val; 2151 break; 2152 } 2153 } 2154 2155 /* 2156 * Assign any padding. 2157 */ 2158 if (PLTPAD(lmp)) { 2159 if (pltpadsz == (Xword)0) 2160 PLTPAD(lmp) = NULL; 2161 else 2162 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2163 pltpadsz); 2164 } 2165 } 2166 2167 /* 2168 * A dynsym contains only global functions. We want to have 2169 * a version of it that also includes local functions, so that 2170 * dladdr() will be able to report names for local functions 2171 * when used to generate a stack trace for a stripped file. 2172 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2173 * 2174 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2175 * in order to avoid having to have two copies of the global 2176 * symbols held in DT_SYMTAB: The local symbols are placed in 2177 * a separate section than the globals in the dynsym, but the 2178 * linker conspires to put the data for these two sections adjacent 2179 * to each other. DT_SUNW_SYMTAB points at the top of the local 2180 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2181 * 2182 * If the two sections are not adjacent, then something went wrong 2183 * at link time. We use ASSERT to kill the process if this is 2184 * a debug build. In a production build, we will silently ignore 2185 * the presence of the .ldynsym and proceed. We can detect this 2186 * situation by checking to see that DT_SYMTAB lies in 2187 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2188 */ 2189 if ((SUNWSYMTAB(lmp) != NULL) && 2190 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2191 (((char *)SYMTAB(lmp) >= 2192 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2193 ASSERT(0); 2194 SUNWSYMTAB(lmp) = NULL; 2195 SUNWSYMSZ(lmp) = 0; 2196 } 2197 2198 /* 2199 * If configuration file use hasn't been disabled, and a configuration 2200 * file hasn't already been set via an environment variable, see if any 2201 * application specific configuration file is specified. An LD_CONFIG 2202 * setting is used first, but if this image was generated via crle(1) 2203 * then a default configuration file is a fall-back. 2204 */ 2205 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2206 if (cfile) 2207 config->c_name = (const char *)(cfile + 2208 (char *)STRTAB(lmp)); 2209 else if (crle) 2210 rtld_flags |= RT_FL_CONFAPP; 2211 } 2212 2213 if (rpath) 2214 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2215 if (fltr) 2216 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2217 2218 /* 2219 * For Intel ABI compatibility. It's possible that a JMPREL can be 2220 * specified without any other relocations (e.g. a dynamic executable 2221 * normally only contains .plt relocations). If this is the case then 2222 * no REL, RELSZ or RELENT will have been created. For us to be able 2223 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2224 * the RELENT for these relocations. Refer to elf_reloc() for more 2225 * details. 2226 */ 2227 if (!RELENT(lmp) && JMPREL(lmp)) 2228 RELENT(lmp) = sizeof (M_RELOC); 2229 2230 /* 2231 * Establish any per-object auditing. If we're establishing main's 2232 * link-map its too early to go searching for audit objects so just 2233 * hold the object name for later (see setup()). 2234 */ 2235 if (audit) { 2236 char *cp = audit + (char *)STRTAB(lmp); 2237 2238 if (*cp) { 2239 if (((AUDITORS(lmp) = 2240 calloc(1, sizeof (Audit_desc))) == NULL) || 2241 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2242 remove_so(0, lmp, clmp); 2243 return (NULL); 2244 } 2245 if (lml_main.lm_head) { 2246 if (audit_setup(lmp, AUDITORS(lmp), 0, 2247 in_nfavl) == 0) { 2248 remove_so(0, lmp, clmp); 2249 return (NULL); 2250 } 2251 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2252 lml->lm_flags |= LML_FLG_LOCAUDIT; 2253 } 2254 } 2255 } 2256 2257 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2258 remove_so(0, lmp, clmp); 2259 return (NULL); 2260 } 2261 2262 /* 2263 * A capabilities section should be identified by a DT_SUNW_CAP entry, 2264 * and if non-empty object capabilities are included, a PT_SUNWCAP 2265 * header should reference the section. Make sure CAP() is set 2266 * regardless. 2267 */ 2268 if ((CAP(lmp) == NULL) && cap) 2269 CAP(lmp) = cap; 2270 2271 /* 2272 * Make sure any capabilities information or chain can be handled. 2273 */ 2274 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT)) 2275 CAPINFO(lmp) = NULL; 2276 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT)) 2277 CAPCHAIN(lmp) = NULL; 2278 2279 /* 2280 * As part of processing dependencies, a file descriptor is populated 2281 * with capabilities information following validation. 2282 */ 2283 if (fdp->fd_flags & FLG_FD_ALTCHECK) { 2284 FLAGS1(lmp) |= FL1_RT_ALTCHECK; 2285 CAPSET(lmp) = fdp->fd_scapset; 2286 2287 if (fdp->fd_flags & FLG_FD_ALTCAP) 2288 FLAGS1(lmp) |= FL1_RT_ALTCAP; 2289 2290 } else if ((cap = CAP(lmp)) != NULL) { 2291 /* 2292 * Processing of the a.out and ld.so.1 does not involve a file 2293 * descriptor as exec() did all the work, so capture the 2294 * capabilities for these cases. 2295 */ 2296 while (cap->c_tag != CA_SUNW_NULL) { 2297 switch (cap->c_tag) { 2298 case CA_SUNW_HW_1: 2299 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val; 2300 break; 2301 case CA_SUNW_SF_1: 2302 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val; 2303 break; 2304 case CA_SUNW_HW_2: 2305 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val; 2306 break; 2307 case CA_SUNW_PLAT: 2308 CAPSET(lmp).sc_plat = STRTAB(lmp) + 2309 cap->c_un.c_ptr; 2310 break; 2311 case CA_SUNW_MACH: 2312 CAPSET(lmp).sc_mach = STRTAB(lmp) + 2313 cap->c_un.c_ptr; 2314 break; 2315 } 2316 cap++; 2317 } 2318 } 2319 2320 /* 2321 * If a capabilities chain table exists, duplicate it. The chain table 2322 * is inspected for each initial call to a capabilities family lead 2323 * symbol. From this chain, each family member is inspected to 2324 * determine the 'best' family member. The chain table is then updated 2325 * so that the best member is immediately selected for any further 2326 * family searches. 2327 */ 2328 if (CAPCHAIN(lmp)) { 2329 Capchain *capchain; 2330 2331 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL) 2332 return (NULL); 2333 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp)); 2334 CAPCHAIN(lmp) = capchain; 2335 } 2336 2337 /* 2338 * Add the mapped object to the end of the link map list. 2339 */ 2340 lm_append(lml, lmco, lmp); 2341 2342 /* 2343 * Start the system loading in the ELF information we'll be processing. 2344 */ 2345 if (REL(lmp)) { 2346 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2347 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2348 MADV_WILLNEED); 2349 } 2350 return (lmp); 2351 } 2352 2353 /* 2354 * Build full pathname of shared object from given directory name and filename. 2355 */ 2356 static char * 2357 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2358 { 2359 static char pname[PATH_MAX]; 2360 2361 (void) strncpy(pname, dir, dlen); 2362 pname[dlen++] = '/'; 2363 (void) strncpy(&pname[dlen], file, flen + 1); 2364 return (pname); 2365 } 2366 2367 /* 2368 * The copy relocation is recorded in a copy structure which will be applied 2369 * after all other relocations are carried out. This provides for copying data 2370 * that must be relocated itself (ie. pointers in shared objects). This 2371 * structure also provides a means of binding RTLD_GROUP dependencies to any 2372 * copy relocations that have been taken from any group members. 2373 * 2374 * If the size of the .bss area available for the copy information is not the 2375 * same as the source of the data inform the user if we're under ldd(1) control 2376 * (this checking was only established in 5.3, so by only issuing an error via 2377 * ldd(1) we maintain the standard set by previous releases). 2378 */ 2379 int 2380 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2381 Rt_map *dlmp, const void *dadd) 2382 { 2383 Rel_copy rc; 2384 Lm_list *lml = LIST(rlmp); 2385 2386 rc.r_name = name; 2387 rc.r_rsym = rsym; /* the new reference symbol and its */ 2388 rc.r_rlmp = rlmp; /* associated link-map */ 2389 rc.r_dlmp = dlmp; /* the defining link-map */ 2390 rc.r_dsym = dsym; /* the original definition */ 2391 rc.r_radd = radd; 2392 rc.r_dadd = dadd; 2393 2394 if (rsym->st_size > dsym->st_size) 2395 rc.r_size = (size_t)dsym->st_size; 2396 else 2397 rc.r_size = (size_t)rsym->st_size; 2398 2399 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2400 AL_CNT_COPYREL) == NULL) { 2401 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2402 return (0); 2403 else 2404 return (1); 2405 } 2406 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2407 if (aplist_append(©_S(rlmp), dlmp, 2408 AL_CNT_COPYREL) == NULL) { 2409 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2410 return (0); 2411 else 2412 return (1); 2413 } 2414 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2415 } 2416 2417 /* 2418 * If we are tracing (ldd), warn the user if 2419 * 1) the size from the reference symbol differs from the 2420 * copy definition. We can only copy as much data as the 2421 * reference (dynamic executables) entry allows. 2422 * 2) the copy definition has STV_PROTECTED visibility. 2423 */ 2424 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2425 if (rsym->st_size != dsym->st_size) { 2426 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2427 _conv_reloc_type(M_R_COPY), demangle(name), 2428 NAME(rlmp), EC_XWORD(rsym->st_size), 2429 NAME(dlmp), EC_XWORD(dsym->st_size)); 2430 if (rsym->st_size > dsym->st_size) 2431 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2432 NAME(dlmp)); 2433 else 2434 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2435 NAME(rlmp)); 2436 } 2437 2438 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2439 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2440 _conv_reloc_type(M_R_COPY), demangle(name), 2441 NAME(dlmp)); 2442 } 2443 } 2444 2445 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2446 (Xword)rc.r_size)); 2447 return (1); 2448 } 2449 2450 /* 2451 * Determine the symbol location of an address within a link-map. Look for 2452 * the nearest symbol (whose value is less than or equal to the required 2453 * address). This is the object specific part of dladdr(). 2454 */ 2455 static void 2456 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2457 { 2458 ulong_t ndx, cnt, base, _value; 2459 Sym *sym, *_sym = NULL; 2460 const char *str; 2461 int _flags; 2462 uint_t *dynaddr_ndx; 2463 uint_t dynaddr_n = 0; 2464 ulong_t value; 2465 2466 /* 2467 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2468 * the dynsym that starts with any local function symbols that exist in 2469 * the library and then moves to the data held in SYMTAB(). In this 2470 * case, SUNWSYMSZ tells us how long the symbol table is. The 2471 * availability of local function symbols will enhance the results 2472 * we can provide. 2473 * 2474 * If SUNWSYMTAB() is non-NULL, then there might also be a 2475 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2476 * an array of indices into SUNWSYMTAB, sorted by increasing 2477 * address. We can use this to do an O(log N) search instead of a 2478 * brute force search. 2479 * 2480 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2481 * contains only global symbols. In that case, the length of 2482 * the symbol table comes from the nchain field of the related 2483 * symbol lookup hash table. 2484 */ 2485 str = STRTAB(lmp); 2486 if (SUNWSYMSZ(lmp) == 0) { 2487 sym = SYMTAB(lmp); 2488 /* 2489 * If we don't have a .hash table there are no symbols 2490 * to look at. 2491 */ 2492 if (HASH(lmp) == NULL) 2493 return; 2494 cnt = HASH(lmp)[1]; 2495 } else { 2496 sym = SUNWSYMTAB(lmp); 2497 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2498 dynaddr_ndx = SUNWSYMSORT(lmp); 2499 if (dynaddr_ndx != NULL) 2500 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2501 } 2502 2503 if (FLAGS(lmp) & FLG_RT_FIXED) 2504 base = 0; 2505 else 2506 base = ADDR(lmp); 2507 2508 if (dynaddr_n > 0) { /* Binary search */ 2509 long low = 0, low_bnd; 2510 long high = dynaddr_n - 1, high_bnd; 2511 long mid; 2512 Sym *mid_sym; 2513 2514 /* 2515 * Note that SUNWSYMSORT only contains symbols types that 2516 * supply memory addresses, so there's no need to check and 2517 * filter out any other types. 2518 */ 2519 low_bnd = low; 2520 high_bnd = high; 2521 while (low <= high) { 2522 mid = (low + high) / 2; 2523 mid_sym = &sym[dynaddr_ndx[mid]]; 2524 value = mid_sym->st_value + base; 2525 if (addr < value) { 2526 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2527 addr) 2528 high_bnd = high; 2529 high = mid - 1; 2530 } else if (addr > value) { 2531 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2532 addr) 2533 low_bnd = low; 2534 low = mid + 1; 2535 } else { 2536 _sym = mid_sym; 2537 _value = value; 2538 break; 2539 } 2540 } 2541 /* 2542 * If the above didn't find it exactly, then we must 2543 * return the closest symbol with a value that doesn't 2544 * exceed the one we are looking for. If that symbol exists, 2545 * it will lie in the range bounded by low_bnd and 2546 * high_bnd. This is a linear search, but a short one. 2547 */ 2548 if (_sym == NULL) { 2549 for (mid = low_bnd; mid <= high_bnd; mid++) { 2550 mid_sym = &sym[dynaddr_ndx[mid]]; 2551 value = mid_sym->st_value + base; 2552 if (addr >= value) { 2553 _sym = mid_sym; 2554 _value = value; 2555 } else { 2556 break; 2557 } 2558 } 2559 } 2560 } else { /* Linear search */ 2561 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2562 /* 2563 * Skip expected symbol types that are not functions 2564 * or data: 2565 * - A symbol table starts with an undefined symbol 2566 * in slot 0. If we are using SUNWSYMTAB(), 2567 * there will be a second undefined symbol 2568 * right before the globals. 2569 * - The local part of SUNWSYMTAB() contains a 2570 * series of function symbols. Each section 2571 * starts with an initial STT_FILE symbol. 2572 */ 2573 if ((sym->st_shndx == SHN_UNDEF) || 2574 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2575 continue; 2576 2577 value = sym->st_value + base; 2578 if (value > addr) 2579 continue; 2580 if (value < _value) 2581 continue; 2582 2583 _sym = sym; 2584 _value = value; 2585 2586 /* 2587 * Note, because we accept local and global symbols 2588 * we could find a section symbol that matches the 2589 * associated address, which means that the symbol 2590 * name will be null. In this case continue the 2591 * search in case we can find a global symbol of 2592 * the same value. 2593 */ 2594 if ((value == addr) && 2595 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2596 break; 2597 } 2598 } 2599 2600 _flags = flags & RTLD_DL_MASK; 2601 if (_sym) { 2602 if (_flags == RTLD_DL_SYMENT) 2603 *info = (void *)_sym; 2604 else if (_flags == RTLD_DL_LINKMAP) 2605 *info = (void *)lmp; 2606 2607 dlip->dli_sname = str + _sym->st_name; 2608 dlip->dli_saddr = (void *)_value; 2609 } else { 2610 /* 2611 * addr lies between the beginning of the mapped segment and 2612 * the first global symbol. We have no symbol to return 2613 * and the caller requires one. We use _START_, the base 2614 * address of the mapping. 2615 */ 2616 2617 if (_flags == RTLD_DL_SYMENT) { 2618 /* 2619 * An actual symbol struct is needed, so we 2620 * construct one for _START_. To do this in a 2621 * fully accurate way requires a different symbol 2622 * for each mapped segment. This requires the 2623 * use of dynamic memory and a mutex. That's too much 2624 * plumbing for a fringe case of limited importance. 2625 * 2626 * Fortunately, we can simplify: 2627 * - Only the st_size and st_info fields are useful 2628 * outside of the linker internals. The others 2629 * reference things that outside code cannot see, 2630 * and can be set to 0. 2631 * - It's just a label and there is no size 2632 * to report. So, the size should be 0. 2633 * This means that only st_info needs a non-zero 2634 * (constant) value. A static struct will suffice. 2635 * It must be const (readonly) so the caller can't 2636 * change its meaning for subsequent callers. 2637 */ 2638 static const Sym fsym = { 0, 0, 0, 2639 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2640 *info = (void *) &fsym; 2641 } 2642 2643 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2644 dlip->dli_saddr = (void *) ADDR(lmp); 2645 } 2646 } 2647 2648 /* 2649 * This routine is called as a last fall-back to search for a symbol from a 2650 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing 2651 * the number of objects mapped, any symbol search is first carried out using 2652 * the objects that already exist in the process (either on a link-map list or 2653 * handle). If a symbol can't be found, and lazy dependencies are still 2654 * pending, this routine loads the dependencies in an attempt to locate the 2655 * symbol. 2656 */ 2657 int 2658 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 2659 { 2660 static APlist *alist = NULL; 2661 Aliste idx1; 2662 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap; 2663 const char *name = slp->sl_name; 2664 Slookup sl1 = *slp; 2665 Lm_list *lml; 2666 Lm_cntl *lmc; 2667 2668 /* 2669 * It's quite possible we've been here before to process objects, 2670 * therefore reinitialize our dynamic list. 2671 */ 2672 if (alist) 2673 aplist_reset(alist); 2674 2675 /* 2676 * Discard any relocation index from further symbol searches. This 2677 * index has already been used to trigger any necessary lazy-loads, 2678 * and it might be because one of these lazy loads has failed that 2679 * we're performing this fallback. By removing the relocation index 2680 * we don't try and perform the same failed lazy loading activity again. 2681 */ 2682 sl1.sl_rsymndx = 0; 2683 2684 /* 2685 * Determine the callers link-map list so that we can monitor whether 2686 * new objects have been added. 2687 */ 2688 lml = LIST(clmp); 2689 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp)); 2690 2691 /* 2692 * Generate a local list of new objects to process. This list can grow 2693 * as each object supplies its own lazy dependencies. 2694 */ 2695 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2696 return (0); 2697 2698 for (APLIST_TRAVERSE(alist, idx1, lmp1)) { 2699 uint_t dynndx; 2700 Dyninfo *dip, *pdip; 2701 2702 /* 2703 * Loop through the lazy DT_NEEDED entries examining each object 2704 * for the required symbol. If the symbol is not found, the 2705 * object is in turn added to the local alist, so that the 2706 * objects lazy DT_NEEDED entries can be examined. 2707 */ 2708 lmp = lmp1; 2709 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL; 2710 !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) { 2711 Grp_hdl *ghp; 2712 Grp_desc *gdp; 2713 Rt_map *nlmp, *llmp; 2714 Slookup sl2; 2715 Sresult sr; 2716 Aliste idx2; 2717 2718 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2719 dip->di_info) 2720 continue; 2721 2722 /* 2723 * If this object has already failed to lazy load, and 2724 * we're still processing the same runtime linker 2725 * operation that produced the failure, don't bother 2726 * to try and load the object again. 2727 */ 2728 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2729 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2730 if (pdip->di_info == (void *)ld_entry_cnt) 2731 continue; 2732 2733 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2734 pdip->di_info = NULL; 2735 } 2736 2737 /* 2738 * Determine the last link-map presently on the callers 2739 * link-map control list. 2740 */ 2741 llmp = lmc->lc_tail; 2742 2743 /* 2744 * Try loading this lazy dependency. If the object 2745 * can't be loaded, consider this non-fatal and continue 2746 * the search. Lazy loaded dependencies need not exist 2747 * and their loading should only turn out to be fatal 2748 * if they are required to satisfy a relocation. 2749 * 2750 * A successful lazy load can mean one of two things: 2751 * 2752 * - new objects have been loaded, in which case the 2753 * objects will have been analyzed, relocated, and 2754 * finally moved to the callers control list. 2755 * - the objects are already loaded, and this lazy 2756 * load has simply associated the referenced object 2757 * with it's lazy dependencies. 2758 * 2759 * If new objects are loaded, look in these objects 2760 * first. Note, a new object can be the object being 2761 * referenced by this lazy load, however we can also 2762 * descend into multiple lazy loads as we relocate this 2763 * reference. 2764 * 2765 * If the symbol hasn't been found, use the referenced 2766 * objects handle, as it might have dependencies on 2767 * objects that are already loaded. Note that existing 2768 * objects might have already been searched and skipped 2769 * as non-available to this caller. However, a lazy 2770 * load might have caused the promotion of modes, or 2771 * added this object to the family of the caller. In 2772 * either case, the handle associated with the object 2773 * is then used to carry out the symbol search. 2774 */ 2775 if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name, 2776 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL) 2777 continue; 2778 2779 if (NEXT_RT_MAP(llmp)) { 2780 /* 2781 * Look in any new objects. 2782 */ 2783 sl1.sl_imap = NEXT_RT_MAP(llmp); 2784 sl1.sl_flags &= ~LKUP_STDRELOC; 2785 2786 /* 2787 * Initialize a local symbol result descriptor, 2788 * using the original symbol name. 2789 */ 2790 SRESULT_INIT(sr, slp->sl_name); 2791 2792 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) { 2793 *srp = sr; 2794 return (1); 2795 } 2796 } 2797 2798 /* 2799 * Use the objects handle to inspect the family of 2800 * objects associated with the handle. Note, there's 2801 * a possibility of overlap with the above search, 2802 * should a lazy load bring in new objects and 2803 * reference existing objects. 2804 */ 2805 sl2 = sl1; 2806 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2807 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) && 2808 (gdp->gd_flags & GPD_DLSYM)) { 2809 2810 sl2.sl_imap = gdp->gd_depend; 2811 sl2.sl_flags |= LKUP_FIRST; 2812 2813 /* 2814 * Initialize a local symbol result 2815 * descriptor, using the original 2816 * symbol name. 2817 */ 2818 SRESULT_INIT(sr, slp->sl_name); 2819 2820 if (lookup_sym(&sl2, &sr, binfo, 2821 in_nfavl)) { 2822 *srp = sr; 2823 return (1); 2824 } 2825 } 2826 } 2827 2828 /* 2829 * Some dlsym() operations are already traversing a 2830 * link-map (dlopen(0)), and thus there's no need to 2831 * save them on the dynamic dependency list. 2832 */ 2833 if (slp->sl_flags & LKUP_NODESCENT) 2834 continue; 2835 2836 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == 0) 2837 return (0); 2838 } 2839 } 2840 2841 return (0); 2842 } 2843 2844 /* 2845 * Warning message for bad r_offset. 2846 */ 2847 void 2848 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2849 ulong_t rsymndx) 2850 { 2851 const char *name = NULL; 2852 Lm_list *lml = LIST(lmp); 2853 int trace; 2854 2855 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2856 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2857 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2858 trace = 1; 2859 else 2860 trace = 0; 2861 2862 if ((trace == 0) && (DBG_ENABLED == 0)) 2863 return; 2864 2865 if (rsymndx) { 2866 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2867 (rsymndx * SYMENT(lmp))); 2868 2869 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2870 name = (char *)(STRTAB(lmp) + symref->st_name); 2871 } 2872 2873 if (name == NULL) 2874 name = MSG_INTL(MSG_STR_UNKNOWN); 2875 2876 if (trace) { 2877 const char *rstr; 2878 2879 rstr = _conv_reloc_type((uint_t)rtype); 2880 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2881 EC_ADDR(roffset)); 2882 return; 2883 } 2884 2885 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2886 } 2887 2888 /* 2889 * Resolve a static TLS relocation. 2890 */ 2891 long 2892 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2893 ulong_t roffset, long value) 2894 { 2895 Lm_list *lml = LIST(lmp); 2896 2897 /* 2898 * Relocations against a static TLS block have limited support once 2899 * process initialization has completed. Any error condition should be 2900 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2901 * however individual relocations are tested in case the dynamic flag 2902 * had not been set when this object was built. 2903 */ 2904 if (PTTLS(lmp) == NULL) { 2905 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2906 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2907 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2908 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2909 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2910 return (0); 2911 } 2912 2913 /* 2914 * If no static TLS has been set aside for this object, determine if 2915 * any can be obtained. Enforce that any object using static TLS is 2916 * non-deletable. 2917 */ 2918 if (TLSSTATOFF(lmp) == 0) { 2919 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2920 MODE(lmp) |= RTLD_NODELETE; 2921 2922 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2923 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2924 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2925 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2926 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2927 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2928 return (0); 2929 } 2930 } 2931 2932 /* 2933 * Typically, a static TLS offset is maintained as a symbols value. 2934 * For local symbols that are not apart of the dynamic symbol table, 2935 * the TLS relocation points to a section symbol, and the static TLS 2936 * offset was deposited in the associated GOT table. Make sure the GOT 2937 * is cleared, so that the value isn't reused in do_reloc(). 2938 */ 2939 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2940 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2941 value = *(long *)roffset; 2942 *(long *)roffset = 0; 2943 } else { 2944 value = sym->st_value; 2945 } 2946 } 2947 return (-(TLSSTATOFF(lmp) - value)); 2948 } 2949 2950 /* 2951 * If the symbol is not found and the reference was not to a weak symbol, report 2952 * an error. Weak references may be unresolved. 2953 */ 2954 int 2955 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2956 { 2957 Lm_list *lml = LIST(lmp); 2958 2959 /* 2960 * Under crle(1), relocation failures are ignored. 2961 */ 2962 if (lml->lm_flags & LML_FLG_IGNRELERR) 2963 return (1); 2964 2965 /* 2966 * Under ldd(1), unresolved references are reported. However, if the 2967 * original reference is EXTERN or PARENT these references are ignored 2968 * unless ldd's -p option is in effect. 2969 */ 2970 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2971 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2972 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2973 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2974 demangle(name), NAME(lmp)); 2975 } 2976 return (1); 2977 } 2978 2979 /* 2980 * Otherwise, the unresolved references is fatal. 2981 */ 2982 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2983 NULL, 0, name)); 2984 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2985 demangle(name)); 2986 2987 return (0); 2988 } 2989