1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. 27 */ 28 29 /* 30 * Object file dependent support for ELF objects. 31 */ 32 33 #include <stdio.h> 34 #include <sys/procfs.h> 35 #include <sys/mman.h> 36 #include <sys/debug.h> 37 #include <string.h> 38 #include <limits.h> 39 #include <dlfcn.h> 40 #include <debug.h> 41 #include <conv.h> 42 #include "_rtld.h" 43 #include "_audit.h" 44 #include "_elf.h" 45 #include "_inline_gen.h" 46 #include "_inline_reloc.h" 47 #include "msg.h" 48 49 /* 50 * Default and secure dependency search paths. 51 */ 52 static Spath_defn _elf_def_dirs[] = { 53 #if defined(_ELF64) 54 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 55 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 56 #else 57 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 58 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 59 #endif 60 { 0, 0 } 61 }; 62 63 static Spath_defn _elf_sec_dirs[] = { 64 #if defined(_ELF64) 65 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 66 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 67 #else 68 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 69 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 70 #endif 71 { 0, 0 } 72 }; 73 74 Alist *elf_def_dirs = NULL; 75 Alist *elf_sec_dirs = NULL; 76 77 /* 78 * Defines for local functions. 79 */ 80 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 81 static Addr elf_entry_point(void); 82 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 83 static Alist **elf_get_def_dirs(void); 84 static Alist **elf_get_sec_dirs(void); 85 static char *elf_get_so(const char *, const char *, size_t, size_t); 86 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 87 88 /* 89 * Functions and data accessed through indirect pointers. 90 */ 91 Fct elf_fct = { 92 elf_verify, 93 elf_new_lmp, 94 elf_entry_point, 95 elf_needed, 96 lookup_sym, 97 elf_reloc, 98 elf_get_def_dirs, 99 elf_get_sec_dirs, 100 elf_fix_name, 101 elf_get_so, 102 elf_dladdr, 103 dlsym_handle 104 }; 105 106 /* 107 * Default and secure dependency search paths. 108 */ 109 static Alist ** 110 elf_get_def_dirs() 111 { 112 if (elf_def_dirs == NULL) 113 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 114 return (&elf_def_dirs); 115 } 116 117 static Alist ** 118 elf_get_sec_dirs() 119 { 120 if (elf_sec_dirs == NULL) 121 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 122 return (&elf_sec_dirs); 123 } 124 125 /* 126 * Redefine NEEDED name if necessary. 127 */ 128 static int 129 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 130 uint_t orig) 131 { 132 /* 133 * For ABI compliance, if we are asked for ld.so.1, then really give 134 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 135 */ 136 if (((*name == '/') && 137 /* BEGIN CSTYLED */ 138 #if defined(_ELF64) 139 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 140 #else 141 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 142 #endif 143 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 144 /* END CSTYLED */ 145 Pdesc *pdp; 146 147 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 148 MSG_ORIG(MSG_PTH_LIBSYS))); 149 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc), 150 alni)) == NULL) 151 return (0); 152 153 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS); 154 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE; 155 pdp->pd_flags = PD_FLG_PNSLASH; 156 157 return (1); 158 } 159 160 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 161 } 162 163 /* 164 * Determine whether this object requires capabilities. 165 */ 166 inline static int 167 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 168 { 169 Phdr *phdr; 170 Cap *cap = NULL; 171 Dyn *dyn = NULL; 172 char *str = NULL; 173 Addr base; 174 uint_t cnt, dyncnt; 175 176 /* 177 * If this is a shared object, the base address of the shared object is 178 * added to all address values defined within the object. Otherwise, if 179 * this is an executable, all object addresses are used as is. 180 */ 181 if (ehdr->e_type == ET_EXEC) 182 base = 0; 183 else 184 base = (Addr)ehdr; 185 186 /* LINTED */ 187 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 188 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 189 if (phdr->p_type == PT_DYNAMIC) { 190 /* LINTED */ 191 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 192 dyncnt = phdr->p_filesz / sizeof (Dyn); 193 } else if (phdr->p_type == PT_SUNWCAP) { 194 /* LINTED */ 195 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 196 } 197 } 198 199 if (cap) { 200 /* 201 * From the .dynamic section, determine the associated string 202 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT 203 * processing. 204 */ 205 while (dyn && dyncnt) { 206 if (dyn->d_tag == DT_NULL) { 207 break; 208 } else if (dyn->d_tag == DT_STRTAB) { 209 str = (char *)(dyn->d_un.d_ptr + base); 210 break; 211 } 212 dyn++, dyncnt--; 213 } 214 } 215 216 /* 217 * Establish any alternative capabilities, and validate this object 218 * if it defines it's own capabilities information. 219 */ 220 return (cap_check_fdesc(fdp, cap, str, rej)); 221 } 222 223 /* 224 * Determine if we have been given an ELF file and if so determine if the file 225 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 226 * with associated error information. 227 */ 228 Fct * 229 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 230 Rej_desc *rej) 231 { 232 Ehdr *ehdr; 233 char *caddr = (char *)addr; 234 235 /* 236 * Determine if we're an elf file. If not simply return, we don't set 237 * any rejection information as this test allows use to scroll through 238 * the objects we support (ELF, AOUT). 239 */ 240 if (size < sizeof (Ehdr) || 241 caddr[EI_MAG0] != ELFMAG0 || 242 caddr[EI_MAG1] != ELFMAG1 || 243 caddr[EI_MAG2] != ELFMAG2 || 244 caddr[EI_MAG3] != ELFMAG3) { 245 return (NULL); 246 } 247 248 /* 249 * Check class and encoding. 250 */ 251 /* LINTED */ 252 ehdr = (Ehdr *)addr; 253 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 254 rej->rej_type = SGS_REJ_CLASS; 255 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 256 return (NULL); 257 } 258 if (ehdr->e_ident[EI_DATA] != M_DATA) { 259 rej->rej_type = SGS_REJ_DATA; 260 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 261 return (NULL); 262 } 263 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 264 (ehdr->e_type != ET_DYN)) { 265 rej->rej_type = SGS_REJ_TYPE; 266 rej->rej_info = (uint_t)ehdr->e_type; 267 return (NULL); 268 } 269 270 /* 271 * Verify ELF version. 272 */ 273 if (ehdr->e_version > EV_CURRENT) { 274 rej->rej_type = SGS_REJ_VERSION; 275 rej->rej_info = (uint_t)ehdr->e_version; 276 return (NULL); 277 } 278 279 /* 280 * Verify machine specific flags. 281 */ 282 if (elf_mach_flags_check(rej, ehdr) == 0) 283 return (NULL); 284 285 /* 286 * Verify any capability requirements. Note, if this object is a shared 287 * object that is explicitly defined on the ldd(1) command line, and it 288 * contains an incompatible capabilities requirement, then inform the 289 * user, but continue processing. 290 */ 291 if (elf_cap_check(fdp, ehdr, rej) == 0) { 292 Rt_map *lmp = lml_main.lm_head; 293 294 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 295 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 296 /* LINTED */ 297 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name, 298 rej->rej_str); 299 return (&elf_fct); 300 } 301 return (NULL); 302 } 303 return (&elf_fct); 304 } 305 306 /* 307 * The runtime linker employs lazy loading to provide the libraries needed for 308 * debugging, preloading .o's and dldump(). As these are seldom used, the 309 * standard startup of ld.so.1 doesn't initialize all the information necessary 310 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 311 * is called we get here to perform these initializations: 312 * 313 * - elf_needed() is called to establish any ld.so.1 dependencies. These 314 * dependencies should all be lazy loaded, so this routine is typically a 315 * no-op. However, we call elf_needed() for completeness, in case any 316 * NEEDED initialization is required. 317 * 318 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These 319 * are by default skipped thus delaying all relative relocation processing 320 * on every invocation of ld.so.1. 321 */ 322 int 323 elf_rtld_load() 324 { 325 Lm_list *lml = &lml_rtld; 326 Rt_map *lmp = lml->lm_head; 327 328 if (lml->lm_flags & LML_FLG_PLTREL) 329 return (1); 330 331 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 332 return (0); 333 334 #if defined(__i386) 335 /* 336 * This is a kludge to give ld.so.1 a performance benefit on i386. 337 * It's based around two factors. 338 * 339 * - JMPSLOT relocations (PLT's) actually need a relative relocation 340 * applied to the GOT entry so that they can find PLT0. 341 * 342 * - ld.so.1 does not exercise *any* PLT's before it has made a call 343 * to elf_lazy_load(). This is because all dynamic dependencies 344 * are recorded as lazy dependencies. 345 */ 346 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 347 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 348 (ulong_t)ADDR(lmp), lmp, NULL, 0); 349 #endif 350 lml->lm_flags |= LML_FLG_PLTREL; 351 return (1); 352 } 353 354 /* 355 * Lazy load an object. 356 */ 357 Rt_map * 358 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 359 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 360 { 361 Alist *palp = NULL; 362 Rt_map *nlmp; 363 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 364 const char *name; 365 Lm_list *lml = LIST(clmp); 366 Aliste lmco; 367 368 /* 369 * If this dependency should be ignored, or has already been processed, 370 * we're done. 371 */ 372 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 373 (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE))) 374 return (nlmp); 375 376 /* 377 * If we're running under ldd(1), indicate that this dependency has been 378 * processed (see test above). It doesn't matter whether the object is 379 * successfully loaded or not, this flag simply ensures that we don't 380 * repeatedly attempt to load an object that has already failed to load. 381 * To do so would create multiple failure diagnostics for the same 382 * object under ldd(1). 383 */ 384 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 385 dip->di_flags |= FLG_DI_LDD_DONE; 386 387 /* 388 * Determine the initial dependency name. 389 */ 390 name = dip->di_name; 391 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 392 393 /* 394 * If this object needs to establish its own group, make sure a handle 395 * is created. 396 */ 397 if (dip->di_flags & FLG_DI_GROUP) 398 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 399 400 /* 401 * Lazy dependencies are identified as DT_NEEDED entries with a 402 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 403 * dynamic information element that corresponds to the DT_POSFLAG_1 404 * entry is free, and thus used to store the present entrance 405 * identifier. This identifier is used to prevent multiple attempts to 406 * load a failed lazy loadable dependency within the same runtime linker 407 * operation. However, future attempts to reload this dependency are 408 * still possible. 409 */ 410 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 411 pdip->di_info = (void *)slp->sl_id; 412 413 /* 414 * Expand the requested name if necessary. 415 */ 416 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 417 return (NULL); 418 419 /* 420 * Establish a link-map control list for this request. 421 */ 422 if ((lmco = create_cntl(lml, 0)) == NULL) { 423 remove_alist(&palp, 1); 424 return (NULL); 425 } 426 427 /* 428 * Load the associated object. 429 */ 430 dip->di_info = nlmp = 431 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl); 432 433 /* 434 * Remove any expanded pathname infrastructure. Reduce the pending lazy 435 * dependency count of the caller, together with the link-map lists 436 * count of objects that still have lazy dependencies pending. 437 */ 438 remove_alist(&palp, 1); 439 if (--LAZY(clmp) == 0) 440 LIST(clmp)->lm_lazy--; 441 442 /* 443 * Finish processing the objects associated with this request, and 444 * create an association between the caller and this dependency. 445 */ 446 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 447 ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) || 448 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 449 dip->di_info = nlmp = NULL; 450 451 /* 452 * If this lazyload has failed, and we've created a new link-map 453 * control list to which this request has added objects, then remove 454 * all the objects that have been associated to this request. 455 */ 456 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 457 remove_lmc(lml, clmp, lmco, name); 458 459 /* 460 * Remove any temporary link-map control list. 461 */ 462 if (lmco != ALIST_OFF_DATA) 463 remove_cntl(lml, lmco); 464 465 /* 466 * If this lazy loading failed, record the fact, and bump the lazy 467 * counts. 468 */ 469 if (nlmp == NULL) { 470 dip->di_flags |= FLG_DI_LAZYFAIL; 471 if (LAZY(clmp)++ == 0) 472 LIST(clmp)->lm_lazy++; 473 } 474 475 return (nlmp); 476 } 477 478 /* 479 * Return the entry point of the ELF executable. 480 */ 481 static Addr 482 elf_entry_point(void) 483 { 484 Rt_map *lmp = lml_main.lm_head; 485 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 486 Addr addr = (Addr)(ehdr->e_entry); 487 488 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 489 addr += ADDR(lmp); 490 491 return (addr); 492 } 493 494 /* 495 * Determine if a dependency requires a particular version and if so verify 496 * that the version exists in the dependency. 497 */ 498 int 499 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 500 { 501 Verneed *vnd = VERNEED(clmp); 502 int _num, num = VERNEEDNUM(clmp); 503 char *cstrs = (char *)STRTAB(clmp); 504 Lm_list *lml = LIST(clmp); 505 506 /* 507 * Traverse the callers version needed information and determine if any 508 * specific versions are required from the dependency. 509 */ 510 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 511 for (_num = 1; _num <= num; _num++, 512 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 513 Half cnt = vnd->vn_cnt; 514 Vernaux *vnap; 515 char *nstrs, *need; 516 517 /* 518 * Determine if a needed entry matches this dependency. 519 */ 520 need = (char *)(cstrs + vnd->vn_file); 521 if (strcmp(name, need) != 0) 522 continue; 523 524 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 525 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 526 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 527 528 /* 529 * Validate that each version required actually exists in the 530 * dependency. 531 */ 532 nstrs = (char *)STRTAB(nlmp); 533 534 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 535 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 536 char *version, *define; 537 Verdef *vdf = VERDEF(nlmp); 538 ulong_t _num, num = VERDEFNUM(nlmp); 539 int found = 0; 540 541 /* 542 * Skip validation of versions that are marked 543 * INFO. This optimization is used for versions 544 * that are inherited by another version. Verification 545 * of the inheriting version is sufficient. 546 * 547 * Such versions are recorded in the object for the 548 * benefit of VERSYM entries that refer to them. This 549 * provides a purely diagnostic benefit. 550 */ 551 if (vnap->vna_flags & VER_FLG_INFO) 552 continue; 553 554 version = (char *)(cstrs + vnap->vna_name); 555 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 556 557 for (_num = 1; _num <= num; _num++, 558 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 559 Verdaux *vdap; 560 561 if (vnap->vna_hash != vdf->vd_hash) 562 continue; 563 564 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 565 define = (char *)(nstrs + vdap->vda_name); 566 if (strcmp(version, define) != 0) 567 continue; 568 569 found++; 570 break; 571 } 572 573 /* 574 * If we're being traced print out any matched version 575 * when the verbose (-v) option is in effect. Always 576 * print any unmatched versions. 577 */ 578 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 579 /* BEGIN CSTYLED */ 580 if (found) { 581 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 582 continue; 583 584 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 585 need, version, NAME(nlmp)); 586 } else { 587 if (rtld_flags & RT_FL_SILENCERR) 588 continue; 589 590 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 591 need, version); 592 } 593 /* END CSTYLED */ 594 continue; 595 } 596 597 /* 598 * If the version hasn't been found then this is a 599 * candidate for a fatal error condition. Weak 600 * version definition requirements are silently 601 * ignored. Also, if the image inspected for a version 602 * definition has no versioning recorded at all then 603 * silently ignore this (this provides better backward 604 * compatibility to old images created prior to 605 * versioning being available). Both of these skipped 606 * diagnostics are available under tracing (see above). 607 */ 608 if ((found == 0) && (num != 0) && 609 (!(vnap->vna_flags & VER_FLG_WEAK))) { 610 eprintf(lml, ERR_FATAL, 611 MSG_INTL(MSG_VER_NFOUND), need, version, 612 NAME(clmp)); 613 return (0); 614 } 615 } 616 } 617 DBG_CALL(Dbg_ver_need_done(lml)); 618 return (1); 619 } 620 621 /* 622 * Search through the dynamic section for DT_NEEDED entries and perform one 623 * of two functions. If only the first argument is specified then load the 624 * defined shared object, otherwise add the link map representing the defined 625 * link map the the dlopen list. 626 */ 627 static int 628 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 629 { 630 Alist *palp = NULL; 631 Dyn *dyn; 632 Dyninfo *dip; 633 Word lmflags = lml->lm_flags; 634 635 /* 636 * A DYNINFO() structure is created during link-map generation that 637 * parallels the DYN() information, and defines any flags that 638 * influence a dependencies loading. 639 */ 640 for (dyn = DYN(clmp), dip = DYNINFO(clmp); 641 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 642 uint_t flags = 0, silent = 0; 643 const char *name = dip->di_name; 644 Rt_map *nlmp = NULL; 645 646 if ((dip->di_flags & FLG_DI_NEEDED) == 0) 647 continue; 648 649 /* 650 * Skip any deferred dependencies, unless ldd(1) has forced 651 * their processing. By default, deferred dependencies are 652 * only processed when an explicit binding to an individual 653 * deferred reference is made. 654 */ 655 if ((dip->di_flags & FLG_DI_DEFERRED) && 656 ((rtld_flags & RT_FL_DEFERRED) == 0)) 657 continue; 658 659 /* 660 * NOTE, libc.so.1 can't be lazy loaded. Although a lazy 661 * position flag won't be produced when a RTLDINFO .dynamic 662 * entry is found (introduced with the UPM in Solaris 10), it 663 * was possible to mark libc for lazy loading on previous 664 * releases. To reduce the overhead of testing for this 665 * occurrence, only carry out this check for the first object 666 * on the link-map list (there aren't many applications built 667 * without libc). 668 */ 669 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) && 670 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 671 dip->di_flags &= ~FLG_DI_LAZY; 672 673 /* 674 * Don't bring in lazy loaded objects yet unless we've been 675 * asked to attempt to load all available objects (crle(1) sets 676 * LD_FLAGS=loadavail). Even under RTLD_NOW we don't process 677 * this - RTLD_NOW will cause relocation processing which in 678 * turn might trigger lazy loading, but its possible that the 679 * object has a lazy loaded file with no bindings (i.e., it 680 * should never have been a dependency in the first place). 681 */ 682 if (dip->di_flags & FLG_DI_LAZY) { 683 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 684 LAZY(clmp)++; 685 continue; 686 } 687 688 /* 689 * Silence any error messages - see description under 690 * elf_lookup_filtee(). 691 */ 692 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 693 rtld_flags |= RT_FL_SILENCERR; 694 silent = 1; 695 } 696 } 697 698 DBG_CALL(Dbg_file_needed(clmp, name)); 699 700 /* 701 * If we're running under ldd(1), indicate that this dependency 702 * has been processed. It doesn't matter whether the object is 703 * successfully loaded or not, this flag simply ensures that we 704 * don't repeatedly attempt to load an object that has already 705 * failed to load. To do so would create multiple failure 706 * diagnostics for the same object under ldd(1). 707 */ 708 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 709 dip->di_flags |= FLG_DI_LDD_DONE; 710 711 /* 712 * Identify any group permission requirements. 713 */ 714 if (dip->di_flags & FLG_DI_GROUP) 715 flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 716 717 /* 718 * Establish the objects name, load it and establish a binding 719 * with the caller. 720 */ 721 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 722 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 723 flags, 0, in_nfavl)) == NULL) || 724 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 725 nlmp = NULL; 726 727 /* 728 * Clean up any infrastructure, including the removal of the 729 * error suppression state, if it had been previously set in 730 * this routine. 731 */ 732 remove_alist(&palp, 0); 733 734 if (silent) 735 rtld_flags &= ~RT_FL_SILENCERR; 736 737 if ((dip->di_info = (void *)nlmp) == NULL) { 738 /* 739 * If the object could not be mapped, continue if error 740 * suppression is established or we're here with ldd(1). 741 */ 742 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 743 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 744 continue; 745 else { 746 remove_alist(&palp, 1); 747 return (0); 748 } 749 } 750 } 751 752 if (LAZY(clmp)) 753 lml->lm_lazy++; 754 755 remove_alist(&palp, 1); 756 return (1); 757 } 758 759 /* 760 * A null symbol interpretor. Used if a filter has no associated filtees. 761 */ 762 /* ARGSUSED0 */ 763 static int 764 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 765 { 766 return (0); 767 } 768 769 /* 770 * Disable filtee use. 771 */ 772 static void 773 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 774 { 775 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 776 /* 777 * If this is an object filter, null out the reference name. 778 */ 779 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 780 REFNAME(lmp) = NULL; 781 OBJFLTRNDX(lmp) = FLTR_DISABLED; 782 783 /* 784 * Indicate that this filtee is no longer available. 785 */ 786 if (dip->di_flags & FLG_DI_STDFLTR) 787 SYMINTP(lmp) = elf_null_find_sym; 788 789 } 790 } else if (dip->di_flags & FLG_DI_STDFLTR) { 791 /* 792 * Indicate that this standard filtee is no longer available. 793 */ 794 if (SYMSFLTRCNT(lmp)) 795 SYMSFLTRCNT(lmp)--; 796 } else { 797 /* 798 * Indicate that this auxiliary filtee is no longer available. 799 */ 800 if (SYMAFLTRCNT(lmp)) 801 SYMAFLTRCNT(lmp)--; 802 } 803 dip->di_flags &= ~MSK_DI_FILTER; 804 } 805 806 /* 807 * Find symbol interpreter - filters. 808 * This function is called when the symbols from a shared object should 809 * be resolved from the shared objects filtees instead of from within itself. 810 * 811 * A symbol name of 0 is used to trigger filtee loading. 812 */ 813 static int 814 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 815 int *in_nfavl) 816 { 817 const char *name = slp->sl_name, *filtees; 818 Rt_map *clmp = slp->sl_cmap; 819 Rt_map *ilmp = slp->sl_imap; 820 Pdesc *pdp; 821 int any; 822 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 823 Lm_list *lml = LIST(ilmp); 824 Aliste idx; 825 826 /* 827 * Indicate that the filter has been used. If a binding already exists 828 * to the caller, indicate that this object is referenced. This insures 829 * we don't generate false unreferenced diagnostics from ldd -u/U or 830 * debugging. Don't create a binding regardless, as this filter may 831 * have been dlopen()'ed. 832 */ 833 if (name && (ilmp != clmp)) { 834 Word tracing = (LIST(clmp)->lm_flags & 835 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 836 837 if (tracing || DBG_ENABLED) { 838 Bnd_desc *bdp; 839 Aliste idx; 840 841 FLAGS1(ilmp) |= FL1_RT_USED; 842 843 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 844 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 845 if (bdp->b_caller == clmp) { 846 bdp->b_flags |= BND_REFER; 847 break; 848 } 849 } 850 } 851 } 852 } 853 854 /* 855 * If this is the first call to process this filter, establish the 856 * filtee list. If a configuration file exists, determine if any 857 * filtee associations for this filter, and its filtee reference, are 858 * defined. Otherwise, process the filtee reference. Any token 859 * expansion is also completed at this point (i.e., $PLATFORM). 860 */ 861 filtees = dip->di_name; 862 if (dip->di_info == NULL) { 863 if (rtld_flags2 & RT_FL2_FLTCFG) { 864 elf_config_flt(lml, PATHNAME(ilmp), filtees, 865 (Alist **)&dip->di_info, AL_CNT_FILTEES); 866 } 867 if (dip->di_info == NULL) { 868 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 869 if ((lml->lm_flags & 870 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 871 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 872 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 873 NAME(ilmp), filtees); 874 875 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 876 AL_CNT_FILTEES, 0, 0) == 0) { 877 elf_disable_filtee(ilmp, dip); 878 return (0); 879 } 880 } 881 } 882 883 /* 884 * Traverse the filtee list, dlopen()'ing any objects specified and 885 * using their group handle to lookup the symbol. 886 */ 887 any = 0; 888 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 889 int mode; 890 Grp_hdl *ghp; 891 Rt_map *nlmp = NULL; 892 893 if (pdp->pd_plen == 0) 894 continue; 895 896 /* 897 * Establish the mode of the filtee from the filter. As filtees 898 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 899 * and the filtees aren't global. It would be nice to have 900 * RTLD_FIRST used here also, but as filters got out long before 901 * RTLD_FIRST was introduced it's a little too late now. 902 */ 903 mode = MODE(ilmp) | RTLD_GROUP; 904 mode &= ~RTLD_GLOBAL; 905 906 /* 907 * Insure that any auxiliary filter can locate symbols from its 908 * caller. 909 */ 910 if (dip->di_flags & FLG_DI_AUXFLTR) 911 mode |= RTLD_PARENT; 912 913 /* 914 * Process any capability directory. Establish a new link-map 915 * control list from which to analyze any newly added objects. 916 */ 917 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) { 918 const char *dir = pdp->pd_pname; 919 Aliste lmco; 920 921 /* 922 * Establish a link-map control list for this request. 923 */ 924 if ((lmco = create_cntl(lml, 0)) == NULL) 925 return (NULL); 926 927 /* 928 * Determine the capability filtees. If none can be 929 * found, provide suitable diagnostics. 930 */ 931 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp)); 932 if (cap_filtees((Alist **)&dip->di_info, idx, dir, 933 lmco, ilmp, clmp, filtees, mode, 934 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) { 935 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 936 (dip->di_flags & FLG_DI_AUXFLTR) && 937 (rtld_flags & RT_FL_WARNFLTR)) { 938 (void) printf( 939 MSG_INTL(MSG_LDD_CAP_NFOUND), dir); 940 } 941 DBG_CALL(Dbg_cap_filter(lml, dir, 0)); 942 } 943 944 /* 945 * Re-establish the originating path name descriptor, 946 * as the expansion of capabilities filtees may have 947 * re-allocated the controlling Alist. Mark this 948 * original pathname descriptor as unused so that the 949 * descriptor isn't revisited for processing. Any real 950 * capabilities filtees have been added as new pathname 951 * descriptors following this descriptor. 952 */ 953 pdp = alist_item((Alist *)dip->di_info, idx); 954 pdp->pd_flags &= ~PD_TKN_CAP; 955 pdp->pd_plen = 0; 956 957 /* 958 * Now that any capability objects have been processed, 959 * remove any temporary link-map control list. 960 */ 961 if (lmco != ALIST_OFF_DATA) 962 remove_cntl(lml, lmco); 963 } 964 965 if (pdp->pd_plen == 0) 966 continue; 967 968 /* 969 * Process an individual filtee. 970 */ 971 if (pdp->pd_info == NULL) { 972 const char *filtee = pdp->pd_pname; 973 int audit = 0; 974 975 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 976 977 ghp = NULL; 978 979 /* 980 * Determine if the reference link map is already 981 * loaded. As an optimization compare the filtee with 982 * our interpretor. The most common filter is 983 * libdl.so.1, which is a filter on ld.so.1. 984 */ 985 #if defined(_ELF64) 986 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 987 #else 988 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 989 #endif 990 uint_t hflags, rdflags, cdflags; 991 992 /* 993 * Establish any flags for the handle (Grp_hdl). 994 * 995 * - This is a special, public, ld.so.1 996 * handle. 997 * - Only the first object on this handle 998 * can supply symbols. 999 * - This handle provides a filtee. 1000 * 1001 * Essentially, this handle allows a caller to 1002 * reference the dl*() family of interfaces from 1003 * ld.so.1. 1004 */ 1005 hflags = (GPH_PUBLIC | GPH_LDSO | 1006 GPH_FIRST | GPH_FILTEE); 1007 1008 /* 1009 * Establish the flags for the referenced 1010 * dependency descriptor (Grp_desc). 1011 * 1012 * - ld.so.1 is available for dlsym(). 1013 * - ld.so.1 is available to relocate 1014 * against. 1015 * - There's no need to add an dependencies 1016 * to this handle. 1017 */ 1018 rdflags = (GPD_DLSYM | GPD_RELOC); 1019 1020 /* 1021 * Establish the flags for this callers 1022 * dependency descriptor (Grp_desc). 1023 * 1024 * - The explicit creation of a handle 1025 * creates a descriptor for the referenced 1026 * object and the parent (caller). 1027 */ 1028 cdflags = GPD_PARENT; 1029 1030 nlmp = lml_rtld.lm_head; 1031 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1032 hflags, rdflags, cdflags)) == NULL) 1033 nlmp = NULL; 1034 1035 /* 1036 * Establish the filter handle to prevent any 1037 * recursion. 1038 */ 1039 if (nlmp && ghp) 1040 pdp->pd_info = (void *)ghp; 1041 1042 /* 1043 * Audit the filter/filtee established. Ignore 1044 * any return from the auditor, as we can't 1045 * allow ignore filtering to ld.so.1, otherwise 1046 * nothing is going to work. 1047 */ 1048 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1049 LML_TFLG_AUD_OBJFILTER)) 1050 (void) audit_objfilter(ilmp, filtees, 1051 nlmp, 0); 1052 1053 } else { 1054 Rej_desc rej = { 0 }; 1055 Fdesc fd = { 0 }; 1056 Aliste lmco; 1057 1058 /* 1059 * Trace the inspection of this file, determine 1060 * any auditor substitution, and seed the file 1061 * descriptor with the originating name. 1062 */ 1063 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1064 continue; 1065 1066 /* 1067 * Establish a link-map control list for this 1068 * request. 1069 */ 1070 if ((lmco = create_cntl(lml, 0)) == NULL) 1071 return (NULL); 1072 1073 /* 1074 * Locate and load the filtee. 1075 */ 1076 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1077 FLG_RT_PUBHDL, &ghp, &fd, &rej, 1078 in_nfavl)) == NULL) 1079 file_notfound(LIST(ilmp), filtee, ilmp, 1080 FLG_RT_PUBHDL, &rej); 1081 1082 filtee = pdp->pd_pname; 1083 1084 /* 1085 * Establish the filter handle to prevent any 1086 * recursion. 1087 */ 1088 if (nlmp && ghp) { 1089 ghp->gh_flags |= GPH_FILTEE; 1090 pdp->pd_info = (void *)ghp; 1091 1092 FLAGS1(nlmp) |= FL1_RT_USED; 1093 } 1094 1095 /* 1096 * Audit the filter/filtee established. A 1097 * return of 0 indicates the auditor wishes to 1098 * ignore this filtee. 1099 */ 1100 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1101 LML_TFLG_AUD_OBJFILTER)) { 1102 if (audit_objfilter(ilmp, filtees, 1103 nlmp, 0) == 0) { 1104 audit = 1; 1105 nlmp = NULL; 1106 } 1107 } 1108 1109 /* 1110 * Finish processing the objects associated with 1111 * this request. Create an association between 1112 * this object and the originating filter to 1113 * provide sufficient information to tear down 1114 * this filtee if necessary. 1115 */ 1116 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1117 lmco, nlmp, clmp, in_nfavl)) == NULL) || 1118 (relocate_lmc(lml, lmco, ilmp, nlmp, 1119 in_nfavl) == 0))) 1120 nlmp = NULL; 1121 1122 /* 1123 * If the filtee has been successfully 1124 * processed, then create an association 1125 * between the filter and filtee. This 1126 * association provides sufficient information 1127 * to tear down the filter and filtee if 1128 * necessary. 1129 */ 1130 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1131 if (nlmp && ghp && (hdl_add(ghp, ilmp, 1132 GPD_FILTER, NULL) == NULL)) 1133 nlmp = NULL; 1134 1135 /* 1136 * Generate a diagnostic if the filtee couldn't 1137 * be loaded. 1138 */ 1139 if (nlmp == NULL) 1140 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1141 audit)); 1142 1143 /* 1144 * If this filtee loading has failed, and we've 1145 * created a new link-map control list to which 1146 * this request has added objects, then remove 1147 * all the objects that have been associated to 1148 * this request. 1149 */ 1150 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1151 remove_lmc(lml, clmp, lmco, name); 1152 1153 /* 1154 * Remove any temporary link-map control list. 1155 */ 1156 if (lmco != ALIST_OFF_DATA) 1157 remove_cntl(lml, lmco); 1158 } 1159 1160 /* 1161 * If the filtee couldn't be loaded, null out the 1162 * path name descriptor entry, and continue the search. 1163 * Otherwise, the group handle is retained for future 1164 * symbol searches. 1165 */ 1166 if (nlmp == NULL) { 1167 pdp->pd_info = NULL; 1168 pdp->pd_plen = 0; 1169 continue; 1170 } 1171 } 1172 1173 ghp = (Grp_hdl *)pdp->pd_info; 1174 1175 /* 1176 * If name is NULL, we're here to trigger filtee loading. 1177 * Skip the symbol lookup so that we'll continue looking for 1178 * additional filtees. 1179 */ 1180 if (name) { 1181 Grp_desc *gdp; 1182 int ret = 0; 1183 Aliste idx; 1184 Slookup sl = *slp; 1185 1186 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM); 1187 any++; 1188 1189 /* 1190 * Look for the symbol in the handles dependencies. 1191 */ 1192 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1193 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1194 continue; 1195 1196 /* 1197 * If our parent is a dependency don't look at 1198 * it (otherwise we are in a recursive loop). 1199 * This situation can occur with auxiliary 1200 * filters if the filtee has a dependency on the 1201 * filter. This dependency isn't necessary as 1202 * auxiliary filters are opened RTLD_PARENT, but 1203 * users may still unknowingly add an explicit 1204 * dependency to the parent. 1205 */ 1206 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1207 continue; 1208 1209 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo, 1210 in_nfavl)) != 0) || 1211 (ghp->gh_flags & GPH_FIRST)) 1212 break; 1213 } 1214 1215 /* 1216 * If a symbol has been found, indicate the binding 1217 * and return the symbol. 1218 */ 1219 if (ret) { 1220 *binfo |= DBG_BINFO_FILTEE; 1221 return (1); 1222 } 1223 } 1224 1225 /* 1226 * If this object is tagged to terminate filtee processing we're 1227 * done. 1228 */ 1229 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1230 break; 1231 } 1232 1233 /* 1234 * If we're just here to trigger filtee loading then we're done. 1235 */ 1236 if (name == NULL) 1237 return (0); 1238 1239 /* 1240 * If no filtees have been found for a filter, clean up any path name 1241 * descriptors and disable their search completely. For auxiliary 1242 * filters we can reselect the symbol search function so that we never 1243 * enter this routine again for this object. For standard filters we 1244 * use the null symbol routine. 1245 */ 1246 if (any == 0) { 1247 remove_alist((Alist **)&(dip->di_info), 1); 1248 elf_disable_filtee(ilmp, dip); 1249 } 1250 1251 return (0); 1252 } 1253 1254 /* 1255 * Focal point for disabling error messages for auxiliary filters. As an 1256 * auxiliary filter allows for filtee use, but provides a fallback should a 1257 * filtee not exist (or fail to load), any errors generated as a consequence of 1258 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1259 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is 1260 * produced. ldd(1) employs printf(), and here the selection of whether to 1261 * print a diagnostic in regards to auxiliary filters is a little more complex. 1262 * 1263 * - The determination of whether to produce an ldd message, or a fatal 1264 * error message is driven by LML_FLG_TRC_ENABLE. 1265 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1266 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1267 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1268 * - If the calling object is lddstub, then several classes of message are 1269 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1270 * a stub executable employed to preload a user specified library against. 1271 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1272 * be suppressed. All detailed ldd messages should still be produced. 1273 */ 1274 int 1275 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 1276 int *in_nfavl) 1277 { 1278 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1279 int ret, silent = 0; 1280 1281 /* 1282 * Make sure this entry is still acting as a filter. We may have tried 1283 * to process this previously, and disabled it if the filtee couldn't 1284 * be processed. However, other entries may provide different filtees 1285 * that are yet to be completed. 1286 */ 1287 if (dip->di_flags == 0) 1288 return (0); 1289 1290 /* 1291 * Indicate whether an error message is required should this filtee not 1292 * be found, based on the type of filter. 1293 */ 1294 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1295 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1296 rtld_flags |= RT_FL_SILENCERR; 1297 silent = 1; 1298 } 1299 1300 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl); 1301 1302 if (silent) 1303 rtld_flags &= ~RT_FL_SILENCERR; 1304 1305 return (ret); 1306 } 1307 1308 /* 1309 * Compute the elf hash value (as defined in the ELF access library). 1310 * The form of the hash table is: 1311 * 1312 * |--------------| 1313 * | # of buckets | 1314 * |--------------| 1315 * | # of chains | 1316 * |--------------| 1317 * | bucket[] | 1318 * |--------------| 1319 * | chain[] | 1320 * |--------------| 1321 */ 1322 ulong_t 1323 elf_hash(const char *name) 1324 { 1325 uint_t hval = 0; 1326 1327 while (*name) { 1328 uint_t g; 1329 hval = (hval << 4) + *name++; 1330 if ((g = (hval & 0xf0000000)) != 0) 1331 hval ^= g >> 24; 1332 hval &= ~g; 1333 } 1334 return ((ulong_t)hval); 1335 } 1336 1337 /* 1338 * Look up a symbol. The callers lookup information is passed in the Slookup 1339 * structure, and any resultant binding information is returned in the Sresult 1340 * structure. 1341 */ 1342 int 1343 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 1344 { 1345 const char *name = slp->sl_name; 1346 Rt_map *ilmp = slp->sl_imap; 1347 ulong_t hash = slp->sl_hash; 1348 uint_t ndx, hashoff, buckets, *chainptr; 1349 Sym *sym, *symtabptr; 1350 char *strtabptr, *strtabname; 1351 uint_t flags1; 1352 Syminfo *sip; 1353 1354 /* 1355 * If we're only here to establish a symbols index, skip the diagnostic 1356 * used to trace a symbol search. 1357 */ 1358 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1359 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1360 1361 if (HASH(ilmp) == NULL) 1362 return (0); 1363 1364 buckets = HASH(ilmp)[0]; 1365 /* LINTED */ 1366 hashoff = ((uint_t)hash % buckets) + 2; 1367 1368 /* 1369 * Get the first symbol from the hash chain and initialize the string 1370 * and symbol table pointers. 1371 */ 1372 if ((ndx = HASH(ilmp)[hashoff]) == 0) 1373 return (0); 1374 1375 chainptr = HASH(ilmp) + 2 + buckets; 1376 strtabptr = STRTAB(ilmp); 1377 symtabptr = SYMTAB(ilmp); 1378 1379 while (ndx) { 1380 sym = symtabptr + ndx; 1381 strtabname = strtabptr + sym->st_name; 1382 1383 /* 1384 * Compare the symbol found with the name required. If the 1385 * names don't match continue with the next hash entry. 1386 */ 1387 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1388 hashoff = ndx + buckets + 2; 1389 if ((ndx = chainptr[ndx]) != 0) 1390 continue; 1391 return (0); 1392 } 1393 1394 /* 1395 * Symbols that are defined as hidden within an object usually 1396 * have any references from within the same object bound at 1397 * link-edit time, thus ld.so.1 is not involved. However, if 1398 * these are capabilities symbols, then references to them must 1399 * be resolved at runtime. A hidden symbol can only be bound 1400 * to by the object that defines the symbol. 1401 */ 1402 if ((sym->st_shndx != SHN_UNDEF) && 1403 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) && 1404 (slp->sl_cmap != ilmp)) 1405 return (0); 1406 1407 /* 1408 * The Solaris ld does not put DT_VERSYM in the dynamic 1409 * section, but the GNU ld does. The GNU runtime linker 1410 * interprets the top bit of the 16-bit Versym value 1411 * (0x8000) as the "hidden" bit. If this bit is set, 1412 * the linker is supposed to act as if that symbol does 1413 * not exist. The hidden bit supports their versioning 1414 * scheme, which allows multiple incompatible functions 1415 * with the same name to exist at different versions 1416 * within an object. The Solaris linker does not support this 1417 * mechanism, or the model of interface evolution that 1418 * it allows, but we honor the hidden bit in GNU ld 1419 * produced objects in order to interoperate with them. 1420 */ 1421 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) { 1422 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1423 ndx, VERSYM(ilmp)[ndx])); 1424 return (0); 1425 } 1426 1427 /* 1428 * If we're only here to establish a symbol's index, we're done. 1429 */ 1430 if (slp->sl_flags & LKUP_SYMNDX) { 1431 srp->sr_dmap = ilmp; 1432 srp->sr_sym = sym; 1433 return (1); 1434 } 1435 1436 /* 1437 * If we find a match and the symbol is defined, capture the 1438 * symbol pointer and the link map in which it was found. 1439 */ 1440 if (sym->st_shndx != SHN_UNDEF) { 1441 srp->sr_dmap = ilmp; 1442 srp->sr_sym = sym; 1443 *binfo |= DBG_BINFO_FOUND; 1444 1445 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1446 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1447 is_sym_interposer(ilmp, sym))) 1448 *binfo |= DBG_BINFO_INTERPOSE; 1449 break; 1450 1451 /* 1452 * If we find a match and the symbol is undefined, the 1453 * symbol type is a function, and the value of the symbol 1454 * is non zero, then this is a special case. This allows 1455 * the resolution of a function address to the plt[] entry. 1456 * See SPARC ABI, Dynamic Linking, Function Addresses for 1457 * more details. 1458 */ 1459 } else if ((slp->sl_flags & LKUP_SPEC) && 1460 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1461 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1462 srp->sr_dmap = ilmp; 1463 srp->sr_sym = sym; 1464 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1465 1466 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1467 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1468 is_sym_interposer(ilmp, sym))) 1469 *binfo |= DBG_BINFO_INTERPOSE; 1470 return (1); 1471 } 1472 1473 /* 1474 * Undefined symbol. 1475 */ 1476 return (0); 1477 } 1478 1479 /* 1480 * We've found a match. Determine if the defining object contains 1481 * symbol binding information. 1482 */ 1483 if ((sip = SYMINFO(ilmp)) != NULL) 1484 sip += ndx; 1485 1486 /* 1487 * If this definition is a singleton, and we haven't followed a default 1488 * symbol search knowing that we're looking for a singleton (presumably 1489 * because the symbol definition has been changed since the referring 1490 * object was built), then reject this binding so that the caller can 1491 * fall back to a standard symbol search. 1492 */ 1493 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1494 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1495 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1496 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1497 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1498 DBG_BNDREJ_SINGLE)); 1499 *binfo |= BINFO_REJSINGLE; 1500 *binfo &= ~DBG_BINFO_MSK; 1501 return (0); 1502 } 1503 1504 /* 1505 * If this is a direct binding request, but the symbol definition has 1506 * disabled directly binding to it (presumably because the symbol 1507 * definition has been changed since the referring object was built), 1508 * reject this binding so that the caller can fall back to a standard 1509 * symbol search. 1510 */ 1511 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1512 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1513 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1514 DBG_BNDREJ_DIRECT)); 1515 *binfo |= BINFO_REJDIRECT; 1516 *binfo &= ~DBG_BINFO_MSK; 1517 return (0); 1518 } 1519 1520 /* 1521 * If this is a binding request within an RTLD_GROUP family, and the 1522 * symbol has disabled directly binding to it, reject this binding so 1523 * that the caller can fall back to a standard symbol search. 1524 * 1525 * Effectively, an RTLD_GROUP family achieves what can now be 1526 * established with direct bindings. However, various symbols have 1527 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1528 * 1529 * A symbol marked as no-direct cannot be used within a group without 1530 * first ensuring that the symbol has not been interposed upon outside 1531 * of the group. A common example occurs when users implement their own 1532 * version of malloc() in the executable. Such a malloc() interposes on 1533 * the libc:malloc, and this interposition must be honored within the 1534 * group as well. 1535 * 1536 * Following any rejection, LKUP_WORLD is established as a means of 1537 * overriding this test as we return to a standard search. 1538 */ 1539 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1540 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1541 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1542 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1543 DBG_BNDREJ_GROUP)); 1544 *binfo |= BINFO_REJGROUP; 1545 *binfo &= ~DBG_BINFO_MSK; 1546 return (0); 1547 } 1548 1549 /* 1550 * If this symbol is associated with capabilities, then each of the 1551 * capabilities instances needs to be compared against the system 1552 * capabilities. The best instance will be chosen to satisfy this 1553 * binding. 1554 */ 1555 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) && 1556 (cap_match(srp, ndx, symtabptr, strtabptr) == 0)) 1557 return (0); 1558 1559 /* 1560 * Determine whether this object is acting as a filter. 1561 */ 1562 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1563 return (1); 1564 1565 /* 1566 * Determine if this object offers per-symbol filtering, and if so, 1567 * whether this symbol references a filtee. 1568 */ 1569 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1570 /* 1571 * If this is a standard filter reference, and no standard 1572 * filtees remain to be inspected, we're done. If this is an 1573 * auxiliary filter reference, and no auxiliary filtees remain, 1574 * we'll fall through in case any object filtering is available. 1575 */ 1576 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1577 (SYMSFLTRCNT(ilmp) == 0)) 1578 return (0); 1579 1580 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1581 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1582 SYMAFLTRCNT(ilmp))) { 1583 Sresult sr; 1584 1585 /* 1586 * Initialize a local symbol result descriptor, using 1587 * the original symbol name. 1588 */ 1589 SRESULT_INIT(sr, slp->sl_name); 1590 1591 /* 1592 * This symbol has an associated filtee. Lookup the 1593 * symbol in the filtee, and if it is found return it. 1594 * If the symbol doesn't exist, and this is a standard 1595 * filter, return an error, otherwise fall through to 1596 * catch any object filtering that may be available. 1597 */ 1598 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto, 1599 in_nfavl)) { 1600 *srp = sr; 1601 return (1); 1602 } 1603 if (sip->si_flags & SYMINFO_FLG_FILTER) 1604 return (0); 1605 } 1606 } 1607 1608 /* 1609 * Determine if this object provides global filtering. 1610 */ 1611 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1612 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1613 Sresult sr; 1614 1615 /* 1616 * Initialize a local symbol result descriptor, using 1617 * the original symbol name. 1618 */ 1619 SRESULT_INIT(sr, slp->sl_name); 1620 1621 /* 1622 * This object has an associated filtee. Lookup the 1623 * symbol in the filtee, and if it is found return it. 1624 * If the symbol doesn't exist, and this is a standard 1625 * filter, return and error, otherwise return the symbol 1626 * within the filter itself. 1627 */ 1628 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp), 1629 in_nfavl)) { 1630 *srp = sr; 1631 return (1); 1632 } 1633 } 1634 1635 if (flags1 & FL1_RT_OBJSFLTR) 1636 return (0); 1637 } 1638 return (1); 1639 } 1640 1641 /* 1642 * Create a new Rt_map structure for an ELF object and initialize 1643 * all values. 1644 */ 1645 Rt_map * 1646 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1647 void *odyn, Rt_map *clmp, int *in_nfavl) 1648 { 1649 const char *name = fdp->fd_nname; 1650 Rt_map *lmp; 1651 Ehdr *ehdr = (Ehdr *)addr; 1652 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1653 Dyn *dyn = (Dyn *)odyn; 1654 Cap *cap = NULL; 1655 int ndx; 1656 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1657 Xword rpath = 0; 1658 size_t lmsz, rtsz, epsz, dynsz = 0; 1659 uint_t dyncnt = 0; 1660 1661 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1662 1663 /* 1664 * If this is a shared object, the base address of the shared object is 1665 * added to all address values defined within the object. Otherwise, if 1666 * this is an executable, all object addresses are used as is. 1667 */ 1668 if (ehdr->e_type == ET_EXEC) 1669 base = 0; 1670 else 1671 base = addr; 1672 1673 /* 1674 * Traverse the program header table, picking off required items. This 1675 * traversal also provides for the sizing of the PT_DYNAMIC section. 1676 */ 1677 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1678 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1679 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1680 switch (phdr->p_type) { 1681 case PT_DYNAMIC: 1682 dphdr = phdr; 1683 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1684 break; 1685 case PT_TLS: 1686 tphdr = phdr; 1687 break; 1688 case PT_SUNWCAP: 1689 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1690 break; 1691 case PT_SUNW_UNWIND: 1692 case PT_SUNW_EH_FRAME: 1693 uphdr = phdr; 1694 break; 1695 default: 1696 break; 1697 } 1698 } 1699 1700 /* 1701 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1702 * allocation. Sadly, this is a little larger than we really need, 1703 * as there are typically padding DT_NULL entries. However, adding 1704 * this data to the initial link-map allocation is a win. 1705 */ 1706 if (dyn) { 1707 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1708 dynsz = dyncnt * sizeof (Dyninfo); 1709 } 1710 1711 /* 1712 * Allocate space for the link-map, private elf information, and 1713 * DYNINFO() data. Once these are allocated and initialized, 1714 * remove_so(0, lmp) can be used to tear down the link-map allocation 1715 * should any failures occur. 1716 */ 1717 rtsz = S_DROUND(sizeof (Rt_map)); 1718 epsz = S_DROUND(sizeof (Rt_elfp)); 1719 lmsz = rtsz + epsz + dynsz; 1720 if ((lmp = calloc(lmsz, 1)) == NULL) 1721 return (NULL); 1722 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1723 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1724 LMSIZE(lmp) = lmsz; 1725 1726 /* 1727 * All fields not filled in were set to 0 by calloc. 1728 */ 1729 NAME(lmp) = (char *)name; 1730 ADDR(lmp) = addr; 1731 MSIZE(lmp) = msize; 1732 SYMINTP(lmp) = elf_find_sym; 1733 FCT(lmp) = &elf_fct; 1734 LIST(lmp) = lml; 1735 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1736 SORTVAL(lmp) = -1; 1737 DYN(lmp) = dyn; 1738 DYNINFOCNT(lmp) = dyncnt; 1739 PTUNWIND(lmp) = uphdr; 1740 1741 if (ehdr->e_type == ET_EXEC) 1742 FLAGS(lmp) |= FLG_RT_FIXED; 1743 1744 /* 1745 * Fill in rest of the link map entries with information from the file's 1746 * dynamic structure. 1747 */ 1748 if (dyn) { 1749 Dyninfo *dip; 1750 uint_t dynndx; 1751 Xword pltpadsz = 0; 1752 Rti_desc *rti; 1753 Dyn *pdyn; 1754 Word lmtflags = lml->lm_tflags; 1755 int ignore = 0; 1756 1757 /* 1758 * Note, we use DT_NULL to terminate processing, and the 1759 * dynamic entry count as a fall back. Normally, a DT_NULL 1760 * entry marks the end of the dynamic section. Any non-NULL 1761 * items following the first DT_NULL are silently ignored. 1762 * This situation should only occur through use of elfedit(1) 1763 * or a similar tool. 1764 */ 1765 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp); 1766 dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) { 1767 1768 if (ignore) { 1769 dip->di_flags |= FLG_DI_IGNORE; 1770 continue; 1771 } 1772 1773 switch ((Xword)dyn->d_tag) { 1774 case DT_NULL: 1775 dip->di_flags |= ignore = FLG_DI_IGNORE; 1776 break; 1777 case DT_POSFLAG_1: 1778 dip->di_flags |= FLG_DI_POSFLAG1; 1779 break; 1780 case DT_NEEDED: 1781 case DT_USED: 1782 dip->di_flags |= FLG_DI_NEEDED; 1783 1784 /* BEGIN CSTYLED */ 1785 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 1786 /* 1787 * Identify any non-deferred lazy load for 1788 * future processing, unless LD_NOLAZYLOAD 1789 * has been set. 1790 */ 1791 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 1792 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) 1793 dip->di_flags |= FLG_DI_LAZY; 1794 1795 /* 1796 * Identify any group permission 1797 * requirements. 1798 */ 1799 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) 1800 dip->di_flags |= FLG_DI_GROUP; 1801 1802 /* 1803 * Identify any deferred dependencies. 1804 */ 1805 if (pdyn->d_un.d_val & DF_P1_DEFERRED) 1806 dip->di_flags |= FLG_DI_DEFERRED; 1807 } 1808 /* END CSTYLED */ 1809 break; 1810 case DT_SYMTAB: 1811 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1812 break; 1813 case DT_SUNW_SYMTAB: 1814 SUNWSYMTAB(lmp) = 1815 (void *)(dyn->d_un.d_ptr + base); 1816 break; 1817 case DT_SUNW_SYMSZ: 1818 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1819 break; 1820 case DT_STRTAB: 1821 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1822 break; 1823 case DT_SYMENT: 1824 SYMENT(lmp) = dyn->d_un.d_val; 1825 break; 1826 case DT_FEATURE_1: 1827 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1828 crle = 1; 1829 break; 1830 case DT_MOVESZ: 1831 MOVESZ(lmp) = dyn->d_un.d_val; 1832 FLAGS(lmp) |= FLG_RT_MOVE; 1833 break; 1834 case DT_MOVEENT: 1835 MOVEENT(lmp) = dyn->d_un.d_val; 1836 break; 1837 case DT_MOVETAB: 1838 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1839 break; 1840 case DT_REL: 1841 case DT_RELA: 1842 /* 1843 * At this time, ld.so. can only handle one 1844 * type of relocation per object. 1845 */ 1846 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1847 break; 1848 case DT_RELSZ: 1849 case DT_RELASZ: 1850 RELSZ(lmp) = dyn->d_un.d_val; 1851 break; 1852 case DT_RELENT: 1853 case DT_RELAENT: 1854 RELENT(lmp) = dyn->d_un.d_val; 1855 break; 1856 case DT_RELCOUNT: 1857 case DT_RELACOUNT: 1858 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1859 break; 1860 case DT_HASH: 1861 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1862 break; 1863 case DT_PLTGOT: 1864 PLTGOT(lmp) = 1865 (uint_t *)(dyn->d_un.d_ptr + base); 1866 break; 1867 case DT_PLTRELSZ: 1868 PLTRELSZ(lmp) = dyn->d_un.d_val; 1869 break; 1870 case DT_JMPREL: 1871 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1872 break; 1873 case DT_INIT: 1874 if (dyn->d_un.d_ptr != NULL) 1875 INIT(lmp) = 1876 (void (*)())(dyn->d_un.d_ptr + 1877 base); 1878 break; 1879 case DT_FINI: 1880 if (dyn->d_un.d_ptr != NULL) 1881 FINI(lmp) = 1882 (void (*)())(dyn->d_un.d_ptr + 1883 base); 1884 break; 1885 case DT_INIT_ARRAY: 1886 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1887 base); 1888 break; 1889 case DT_INIT_ARRAYSZ: 1890 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1891 break; 1892 case DT_FINI_ARRAY: 1893 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1894 base); 1895 break; 1896 case DT_FINI_ARRAYSZ: 1897 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1898 break; 1899 case DT_PREINIT_ARRAY: 1900 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1901 base); 1902 break; 1903 case DT_PREINIT_ARRAYSZ: 1904 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1905 break; 1906 case DT_RPATH: 1907 case DT_RUNPATH: 1908 rpath = dyn->d_un.d_val; 1909 break; 1910 case DT_FILTER: 1911 dip->di_flags |= FLG_DI_STDFLTR; 1912 fltr = dyn->d_un.d_val; 1913 OBJFLTRNDX(lmp) = dynndx; 1914 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1915 break; 1916 case DT_AUXILIARY: 1917 dip->di_flags |= FLG_DI_AUXFLTR; 1918 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1919 fltr = dyn->d_un.d_val; 1920 OBJFLTRNDX(lmp) = dynndx; 1921 } 1922 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1923 break; 1924 case DT_SUNW_FILTER: 1925 dip->di_flags |= 1926 (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 1927 SYMSFLTRCNT(lmp)++; 1928 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1929 break; 1930 case DT_SUNW_AUXILIARY: 1931 dip->di_flags |= 1932 (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 1933 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1934 SYMAFLTRCNT(lmp)++; 1935 } 1936 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1937 break; 1938 case DT_DEPAUDIT: 1939 if (!(rtld_flags & RT_FL_NOAUDIT)) 1940 audit = dyn->d_un.d_val; 1941 break; 1942 case DT_CONFIG: 1943 cfile = dyn->d_un.d_val; 1944 break; 1945 case DT_DEBUG: 1946 /* 1947 * DT_DEBUG entries are only created in 1948 * dynamic objects that require an interpretor 1949 * (ie. all dynamic executables and some shared 1950 * objects), and provide for a hand-shake with 1951 * old debuggers. This entry is initialized to 1952 * zero by the link-editor. If a debugger is 1953 * monitoring us, and has updated this entry, 1954 * set the debugger monitor flag, and finish 1955 * initializing the debugging structure. See 1956 * setup(). Also, switch off any configuration 1957 * object use as most debuggers can't handle 1958 * fixed dynamic executables as dependencies. 1959 */ 1960 if (dyn->d_un.d_ptr) 1961 rtld_flags |= 1962 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1963 dyn->d_un.d_ptr = (Addr)&r_debug; 1964 break; 1965 case DT_VERNEED: 1966 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1967 base); 1968 break; 1969 case DT_VERNEEDNUM: 1970 /* LINTED */ 1971 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1972 break; 1973 case DT_VERDEF: 1974 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1975 base); 1976 break; 1977 case DT_VERDEFNUM: 1978 /* LINTED */ 1979 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1980 break; 1981 case DT_VERSYM: 1982 /* 1983 * The Solaris ld does not produce DT_VERSYM, 1984 * but the GNU ld does, in order to support 1985 * their style of versioning, which differs 1986 * from ours in some ways, while using the 1987 * same data structures. The presence of 1988 * DT_VERSYM therefore means that GNU 1989 * versioning rules apply to the given file. 1990 * If DT_VERSYM is not present, then Solaris 1991 * versioning rules apply. 1992 */ 1993 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1994 base); 1995 break; 1996 case DT_BIND_NOW: 1997 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1998 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1999 MODE(lmp) |= RTLD_NOW; 2000 MODE(lmp) &= ~RTLD_LAZY; 2001 } 2002 break; 2003 case DT_FLAGS: 2004 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 2005 if (dyn->d_un.d_val & DF_SYMBOLIC) 2006 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 2007 if ((dyn->d_un.d_val & DF_BIND_NOW) && 2008 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2009 MODE(lmp) |= RTLD_NOW; 2010 MODE(lmp) &= ~RTLD_LAZY; 2011 } 2012 /* 2013 * Capture any static TLS use, and enforce that 2014 * this object be non-deletable. 2015 */ 2016 if (dyn->d_un.d_val & DF_STATIC_TLS) { 2017 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2018 MODE(lmp) |= RTLD_NODELETE; 2019 } 2020 break; 2021 case DT_FLAGS_1: 2022 if (dyn->d_un.d_val & DF_1_DISPRELPND) 2023 FLAGS1(lmp) |= FL1_RT_DISPREL; 2024 if (dyn->d_un.d_val & DF_1_GROUP) 2025 FLAGS(lmp) |= 2026 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 2027 if ((dyn->d_un.d_val & DF_1_NOW) && 2028 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2029 MODE(lmp) |= RTLD_NOW; 2030 MODE(lmp) &= ~RTLD_LAZY; 2031 } 2032 if (dyn->d_un.d_val & DF_1_NODELETE) 2033 MODE(lmp) |= RTLD_NODELETE; 2034 if (dyn->d_un.d_val & DF_1_INITFIRST) 2035 FLAGS(lmp) |= FLG_RT_INITFRST; 2036 if (dyn->d_un.d_val & DF_1_NOOPEN) 2037 FLAGS(lmp) |= FLG_RT_NOOPEN; 2038 if (dyn->d_un.d_val & DF_1_LOADFLTR) 2039 FLAGS(lmp) |= FLG_RT_LOADFLTR; 2040 if (dyn->d_un.d_val & DF_1_NODUMP) 2041 FLAGS(lmp) |= FLG_RT_NODUMP; 2042 if (dyn->d_un.d_val & DF_1_CONFALT) 2043 crle = 1; 2044 if (dyn->d_un.d_val & DF_1_DIRECT) 2045 FLAGS1(lmp) |= FL1_RT_DIRECT; 2046 if (dyn->d_un.d_val & DF_1_NODEFLIB) 2047 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 2048 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 2049 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 2050 if (dyn->d_un.d_val & DF_1_TRANS) 2051 FLAGS(lmp) |= FLG_RT_TRANS; 2052 2053 /* 2054 * Global auditing is only meaningful when 2055 * specified by the initiating object of the 2056 * process - typically the dynamic executable. 2057 * If this is the initiating object, its link- 2058 * map will not yet have been added to the 2059 * link-map list, and consequently the link-map 2060 * list is empty. (see setup()). 2061 */ 2062 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 2063 if (lml_main.lm_head == NULL) 2064 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 2065 else 2066 DBG_CALL(Dbg_audit_ignore(lmp)); 2067 } 2068 2069 /* 2070 * If this object identifies itself as an 2071 * interposer, but relocation processing has 2072 * already started, then demote it. It's too 2073 * late to guarantee complete interposition. 2074 */ 2075 /* BEGIN CSTYLED */ 2076 if (dyn->d_un.d_val & 2077 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2078 if (lml->lm_flags & LML_FLG_STARTREL) { 2079 DBG_CALL(Dbg_util_intoolate(lmp)); 2080 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2081 (void) printf( 2082 MSG_INTL(MSG_LDD_REL_ERR2), 2083 NAME(lmp)); 2084 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2085 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2086 else 2087 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2088 } 2089 /* END CSTYLED */ 2090 break; 2091 case DT_SYMINFO: 2092 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2093 base); 2094 break; 2095 case DT_SYMINENT: 2096 SYMINENT(lmp) = dyn->d_un.d_val; 2097 break; 2098 case DT_PLTPAD: 2099 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2100 break; 2101 case DT_PLTPADSZ: 2102 pltpadsz = dyn->d_un.d_val; 2103 break; 2104 case DT_SUNW_RTLDINF: 2105 /* 2106 * Maintain a list of RTLDINFO structures. 2107 * Typically, libc is the only supplier, and 2108 * only one structure is provided. However, 2109 * multiple suppliers and multiple structures 2110 * are supported. For example, one structure 2111 * may provide thread_init, and another 2112 * structure may provide atexit reservations. 2113 */ 2114 if ((rti = alist_append(&lml->lm_rti, NULL, 2115 sizeof (Rti_desc), 2116 AL_CNT_RTLDINFO)) == NULL) { 2117 remove_so(0, lmp, clmp); 2118 return (NULL); 2119 } 2120 rti->rti_lmp = lmp; 2121 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2122 base); 2123 break; 2124 case DT_SUNW_SORTENT: 2125 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2126 break; 2127 case DT_SUNW_SYMSORT: 2128 SUNWSYMSORT(lmp) = 2129 (void *)(dyn->d_un.d_ptr + base); 2130 break; 2131 case DT_SUNW_SYMSORTSZ: 2132 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2133 break; 2134 case DT_DEPRECATED_SPARC_REGISTER: 2135 case M_DT_REGISTER: 2136 dip->di_flags |= FLG_DI_REGISTER; 2137 FLAGS(lmp) |= FLG_RT_REGSYMS; 2138 break; 2139 case DT_SUNW_CAP: 2140 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base); 2141 break; 2142 case DT_SUNW_CAPINFO: 2143 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base); 2144 break; 2145 case DT_SUNW_CAPCHAIN: 2146 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr + 2147 base); 2148 break; 2149 case DT_SUNW_CAPCHAINENT: 2150 CAPCHAINENT(lmp) = dyn->d_un.d_val; 2151 break; 2152 case DT_SUNW_CAPCHAINSZ: 2153 CAPCHAINSZ(lmp) = dyn->d_un.d_val; 2154 break; 2155 } 2156 } 2157 2158 /* 2159 * Update any Dyninfo string pointers now that STRTAB() is 2160 * known. 2161 */ 2162 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp); 2163 !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) { 2164 2165 switch ((Xword)dyn->d_tag) { 2166 case DT_NEEDED: 2167 case DT_USED: 2168 case DT_FILTER: 2169 case DT_AUXILIARY: 2170 case DT_SUNW_FILTER: 2171 case DT_SUNW_AUXILIARY: 2172 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val; 2173 break; 2174 } 2175 } 2176 2177 /* 2178 * Assign any padding. 2179 */ 2180 if (PLTPAD(lmp)) { 2181 if (pltpadsz == (Xword)0) 2182 PLTPAD(lmp) = NULL; 2183 else 2184 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2185 pltpadsz); 2186 } 2187 } 2188 2189 /* 2190 * A dynsym contains only global functions. We want to have 2191 * a version of it that also includes local functions, so that 2192 * dladdr() will be able to report names for local functions 2193 * when used to generate a stack trace for a stripped file. 2194 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2195 * 2196 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2197 * in order to avoid having to have two copies of the global 2198 * symbols held in DT_SYMTAB: The local symbols are placed in 2199 * a separate section than the globals in the dynsym, but the 2200 * linker conspires to put the data for these two sections adjacent 2201 * to each other. DT_SUNW_SYMTAB points at the top of the local 2202 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2203 * 2204 * If the two sections are not adjacent, then something went wrong 2205 * at link time. We use ASSERT to kill the process if this is 2206 * a debug build. In a production build, we will silently ignore 2207 * the presence of the .ldynsym and proceed. We can detect this 2208 * situation by checking to see that DT_SYMTAB lies in 2209 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2210 */ 2211 if ((SUNWSYMTAB(lmp) != NULL) && 2212 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2213 (((char *)SYMTAB(lmp) >= 2214 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2215 ASSERT(0); 2216 SUNWSYMTAB(lmp) = NULL; 2217 SUNWSYMSZ(lmp) = 0; 2218 } 2219 2220 /* 2221 * If configuration file use hasn't been disabled, and a configuration 2222 * file hasn't already been set via an environment variable, see if any 2223 * application specific configuration file is specified. An LD_CONFIG 2224 * setting is used first, but if this image was generated via crle(1) 2225 * then a default configuration file is a fall-back. 2226 */ 2227 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2228 if (cfile) 2229 config->c_name = (const char *)(cfile + 2230 (char *)STRTAB(lmp)); 2231 else if (crle) 2232 rtld_flags |= RT_FL_CONFAPP; 2233 } 2234 2235 if (rpath) 2236 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2237 if (fltr) 2238 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2239 2240 /* 2241 * For Intel ABI compatibility. It's possible that a JMPREL can be 2242 * specified without any other relocations (e.g. a dynamic executable 2243 * normally only contains .plt relocations). If this is the case then 2244 * no REL, RELSZ or RELENT will have been created. For us to be able 2245 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2246 * the RELENT for these relocations. Refer to elf_reloc() for more 2247 * details. 2248 */ 2249 if (!RELENT(lmp) && JMPREL(lmp)) 2250 RELENT(lmp) = sizeof (M_RELOC); 2251 2252 /* 2253 * Establish any per-object auditing. If we're establishing main's 2254 * link-map its too early to go searching for audit objects so just 2255 * hold the object name for later (see setup()). 2256 */ 2257 if (audit) { 2258 char *cp = audit + (char *)STRTAB(lmp); 2259 2260 if (*cp) { 2261 if (((AUDITORS(lmp) = 2262 calloc(1, sizeof (Audit_desc))) == NULL) || 2263 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2264 remove_so(0, lmp, clmp); 2265 return (NULL); 2266 } 2267 if (lml_main.lm_head) { 2268 if (audit_setup(lmp, AUDITORS(lmp), 0, 2269 in_nfavl) == 0) { 2270 remove_so(0, lmp, clmp); 2271 return (NULL); 2272 } 2273 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2274 lml->lm_flags |= LML_FLG_LOCAUDIT; 2275 } 2276 } 2277 } 2278 2279 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2280 remove_so(0, lmp, clmp); 2281 return (NULL); 2282 } 2283 2284 /* 2285 * A capabilities section should be identified by a DT_SUNW_CAP entry, 2286 * and if non-empty object capabilities are included, a PT_SUNWCAP 2287 * header should reference the section. Make sure CAP() is set 2288 * regardless. 2289 */ 2290 if ((CAP(lmp) == NULL) && cap) 2291 CAP(lmp) = cap; 2292 2293 /* 2294 * Make sure any capabilities information or chain can be handled. 2295 */ 2296 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT)) 2297 CAPINFO(lmp) = NULL; 2298 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT)) 2299 CAPCHAIN(lmp) = NULL; 2300 2301 /* 2302 * As part of processing dependencies, a file descriptor is populated 2303 * with capabilities information following validation. 2304 */ 2305 if (fdp->fd_flags & FLG_FD_ALTCHECK) { 2306 FLAGS1(lmp) |= FL1_RT_ALTCHECK; 2307 CAPSET(lmp) = fdp->fd_scapset; 2308 2309 if (fdp->fd_flags & FLG_FD_ALTCAP) 2310 FLAGS1(lmp) |= FL1_RT_ALTCAP; 2311 2312 } else if ((cap = CAP(lmp)) != NULL) { 2313 /* 2314 * Processing of the a.out and ld.so.1 does not involve a file 2315 * descriptor as exec() did all the work, so capture the 2316 * capabilities for these cases. 2317 */ 2318 while (cap->c_tag != CA_SUNW_NULL) { 2319 switch (cap->c_tag) { 2320 case CA_SUNW_HW_1: 2321 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val; 2322 break; 2323 case CA_SUNW_SF_1: 2324 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val; 2325 break; 2326 case CA_SUNW_HW_2: 2327 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val; 2328 break; 2329 case CA_SUNW_PLAT: 2330 CAPSET(lmp).sc_plat = STRTAB(lmp) + 2331 cap->c_un.c_ptr; 2332 break; 2333 case CA_SUNW_MACH: 2334 CAPSET(lmp).sc_mach = STRTAB(lmp) + 2335 cap->c_un.c_ptr; 2336 break; 2337 } 2338 cap++; 2339 } 2340 } 2341 2342 /* 2343 * If a capabilities chain table exists, duplicate it. The chain table 2344 * is inspected for each initial call to a capabilities family lead 2345 * symbol. From this chain, each family member is inspected to 2346 * determine the 'best' family member. The chain table is then updated 2347 * so that the best member is immediately selected for any further 2348 * family searches. 2349 */ 2350 if (CAPCHAIN(lmp)) { 2351 Capchain *capchain; 2352 2353 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL) 2354 return (NULL); 2355 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp)); 2356 CAPCHAIN(lmp) = capchain; 2357 } 2358 2359 /* 2360 * Add the mapped object to the end of the link map list. 2361 */ 2362 lm_append(lml, lmco, lmp); 2363 2364 /* 2365 * Start the system loading in the ELF information we'll be processing. 2366 */ 2367 if (REL(lmp)) { 2368 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2369 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2370 MADV_WILLNEED); 2371 } 2372 return (lmp); 2373 } 2374 2375 /* 2376 * Build full pathname of shared object from given directory name and filename. 2377 */ 2378 static char * 2379 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2380 { 2381 static char pname[PATH_MAX]; 2382 2383 (void) strncpy(pname, dir, dlen); 2384 pname[dlen++] = '/'; 2385 (void) strncpy(&pname[dlen], file, flen + 1); 2386 return (pname); 2387 } 2388 2389 /* 2390 * The copy relocation is recorded in a copy structure which will be applied 2391 * after all other relocations are carried out. This provides for copying data 2392 * that must be relocated itself (ie. pointers in shared objects). This 2393 * structure also provides a means of binding RTLD_GROUP dependencies to any 2394 * copy relocations that have been taken from any group members. 2395 * 2396 * If the size of the .bss area available for the copy information is not the 2397 * same as the source of the data inform the user if we're under ldd(1) control 2398 * (this checking was only established in 5.3, so by only issuing an error via 2399 * ldd(1) we maintain the standard set by previous releases). 2400 */ 2401 int 2402 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2403 Rt_map *dlmp, const void *dadd) 2404 { 2405 Rel_copy rc; 2406 Lm_list *lml = LIST(rlmp); 2407 2408 rc.r_name = name; 2409 rc.r_rsym = rsym; /* the new reference symbol and its */ 2410 rc.r_rlmp = rlmp; /* associated link-map */ 2411 rc.r_dlmp = dlmp; /* the defining link-map */ 2412 rc.r_dsym = dsym; /* the original definition */ 2413 rc.r_radd = radd; 2414 rc.r_dadd = dadd; 2415 2416 if (rsym->st_size > dsym->st_size) 2417 rc.r_size = (size_t)dsym->st_size; 2418 else 2419 rc.r_size = (size_t)rsym->st_size; 2420 2421 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2422 AL_CNT_COPYREL) == NULL) { 2423 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2424 return (0); 2425 else 2426 return (1); 2427 } 2428 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2429 if (aplist_append(©_S(rlmp), dlmp, 2430 AL_CNT_COPYREL) == NULL) { 2431 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2432 return (0); 2433 else 2434 return (1); 2435 } 2436 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2437 } 2438 2439 /* 2440 * If we are tracing (ldd), warn the user if 2441 * 1) the size from the reference symbol differs from the 2442 * copy definition. We can only copy as much data as the 2443 * reference (dynamic executables) entry allows. 2444 * 2) the copy definition has STV_PROTECTED visibility. 2445 */ 2446 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2447 if (rsym->st_size != dsym->st_size) { 2448 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2449 _conv_reloc_type(M_R_COPY), demangle(name), 2450 NAME(rlmp), EC_XWORD(rsym->st_size), 2451 NAME(dlmp), EC_XWORD(dsym->st_size)); 2452 if (rsym->st_size > dsym->st_size) 2453 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2454 NAME(dlmp)); 2455 else 2456 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2457 NAME(rlmp)); 2458 } 2459 2460 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2461 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2462 _conv_reloc_type(M_R_COPY), demangle(name), 2463 NAME(dlmp)); 2464 } 2465 } 2466 2467 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2468 (Xword)rc.r_size)); 2469 return (1); 2470 } 2471 2472 /* 2473 * Determine the symbol location of an address within a link-map. Look for 2474 * the nearest symbol (whose value is less than or equal to the required 2475 * address). This is the object specific part of dladdr(). 2476 */ 2477 static void 2478 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2479 { 2480 ulong_t ndx, cnt, base, _value; 2481 Sym *sym, *_sym = NULL; 2482 const char *str; 2483 int _flags; 2484 uint_t *dynaddr_ndx; 2485 uint_t dynaddr_n = 0; 2486 ulong_t value; 2487 2488 /* 2489 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2490 * the dynsym that starts with any local function symbols that exist in 2491 * the library and then moves to the data held in SYMTAB(). In this 2492 * case, SUNWSYMSZ tells us how long the symbol table is. The 2493 * availability of local function symbols will enhance the results 2494 * we can provide. 2495 * 2496 * If SUNWSYMTAB() is non-NULL, then there might also be a 2497 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2498 * an array of indices into SUNWSYMTAB, sorted by increasing 2499 * address. We can use this to do an O(log N) search instead of a 2500 * brute force search. 2501 * 2502 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2503 * contains only global symbols. In that case, the length of 2504 * the symbol table comes from the nchain field of the related 2505 * symbol lookup hash table. 2506 */ 2507 str = STRTAB(lmp); 2508 if (SUNWSYMSZ(lmp) == NULL) { 2509 sym = SYMTAB(lmp); 2510 /* 2511 * If we don't have a .hash table there are no symbols 2512 * to look at. 2513 */ 2514 if (HASH(lmp) == NULL) 2515 return; 2516 cnt = HASH(lmp)[1]; 2517 } else { 2518 sym = SUNWSYMTAB(lmp); 2519 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2520 dynaddr_ndx = SUNWSYMSORT(lmp); 2521 if (dynaddr_ndx != NULL) 2522 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2523 } 2524 2525 if (FLAGS(lmp) & FLG_RT_FIXED) 2526 base = 0; 2527 else 2528 base = ADDR(lmp); 2529 2530 if (dynaddr_n > 0) { /* Binary search */ 2531 long low = 0, low_bnd; 2532 long high = dynaddr_n - 1, high_bnd; 2533 long mid; 2534 Sym *mid_sym; 2535 2536 /* 2537 * Note that SUNWSYMSORT only contains symbols types that 2538 * supply memory addresses, so there's no need to check and 2539 * filter out any other types. 2540 */ 2541 low_bnd = low; 2542 high_bnd = high; 2543 while (low <= high) { 2544 mid = (low + high) / 2; 2545 mid_sym = &sym[dynaddr_ndx[mid]]; 2546 value = mid_sym->st_value + base; 2547 if (addr < value) { 2548 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2549 addr) 2550 high_bnd = high; 2551 high = mid - 1; 2552 } else if (addr > value) { 2553 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2554 addr) 2555 low_bnd = low; 2556 low = mid + 1; 2557 } else { 2558 _sym = mid_sym; 2559 _value = value; 2560 break; 2561 } 2562 } 2563 /* 2564 * If the above didn't find it exactly, then we must 2565 * return the closest symbol with a value that doesn't 2566 * exceed the one we are looking for. If that symbol exists, 2567 * it will lie in the range bounded by low_bnd and 2568 * high_bnd. This is a linear search, but a short one. 2569 */ 2570 if (_sym == NULL) { 2571 for (mid = low_bnd; mid <= high_bnd; mid++) { 2572 mid_sym = &sym[dynaddr_ndx[mid]]; 2573 value = mid_sym->st_value + base; 2574 if (addr >= value) { 2575 _sym = mid_sym; 2576 _value = value; 2577 } else { 2578 break; 2579 } 2580 } 2581 } 2582 } else { /* Linear search */ 2583 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2584 /* 2585 * Skip expected symbol types that are not functions 2586 * or data: 2587 * - A symbol table starts with an undefined symbol 2588 * in slot 0. If we are using SUNWSYMTAB(), 2589 * there will be a second undefined symbol 2590 * right before the globals. 2591 * - The local part of SUNWSYMTAB() contains a 2592 * series of function symbols. Each section 2593 * starts with an initial STT_FILE symbol. 2594 */ 2595 if ((sym->st_shndx == SHN_UNDEF) || 2596 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2597 continue; 2598 2599 value = sym->st_value + base; 2600 if (value > addr) 2601 continue; 2602 if (value < _value) 2603 continue; 2604 2605 _sym = sym; 2606 _value = value; 2607 2608 /* 2609 * Note, because we accept local and global symbols 2610 * we could find a section symbol that matches the 2611 * associated address, which means that the symbol 2612 * name will be null. In this case continue the 2613 * search in case we can find a global symbol of 2614 * the same value. 2615 */ 2616 if ((value == addr) && 2617 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2618 break; 2619 } 2620 } 2621 2622 _flags = flags & RTLD_DL_MASK; 2623 if (_sym) { 2624 if (_flags == RTLD_DL_SYMENT) 2625 *info = (void *)_sym; 2626 else if (_flags == RTLD_DL_LINKMAP) 2627 *info = (void *)lmp; 2628 2629 dlip->dli_sname = str + _sym->st_name; 2630 dlip->dli_saddr = (void *)_value; 2631 } else { 2632 /* 2633 * addr lies between the beginning of the mapped segment and 2634 * the first global symbol. We have no symbol to return 2635 * and the caller requires one. We use _START_, the base 2636 * address of the mapping. 2637 */ 2638 2639 if (_flags == RTLD_DL_SYMENT) { 2640 /* 2641 * An actual symbol struct is needed, so we 2642 * construct one for _START_. To do this in a 2643 * fully accurate way requires a different symbol 2644 * for each mapped segment. This requires the 2645 * use of dynamic memory and a mutex. That's too much 2646 * plumbing for a fringe case of limited importance. 2647 * 2648 * Fortunately, we can simplify: 2649 * - Only the st_size and st_info fields are useful 2650 * outside of the linker internals. The others 2651 * reference things that outside code cannot see, 2652 * and can be set to 0. 2653 * - It's just a label and there is no size 2654 * to report. So, the size should be 0. 2655 * This means that only st_info needs a non-zero 2656 * (constant) value. A static struct will suffice. 2657 * It must be const (readonly) so the caller can't 2658 * change its meaning for subsequent callers. 2659 */ 2660 static const Sym fsym = { 0, 0, 0, 2661 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2662 *info = (void *) &fsym; 2663 } 2664 2665 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2666 dlip->dli_saddr = (void *) ADDR(lmp); 2667 } 2668 } 2669 2670 /* 2671 * This routine is called as a last fall-back to search for a symbol from a 2672 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing 2673 * the number of objects mapped, any symbol search is first carried out using 2674 * the objects that already exist in the process (either on a link-map list or 2675 * handle). If a symbol can't be found, and lazy dependencies are still 2676 * pending, this routine loads the dependencies in an attempt to locate the 2677 * symbol. 2678 */ 2679 int 2680 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 2681 { 2682 static APlist *alist = NULL; 2683 Aliste idx1; 2684 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap; 2685 const char *name = slp->sl_name; 2686 Slookup sl1 = *slp; 2687 Lm_list *lml; 2688 Lm_cntl *lmc; 2689 2690 /* 2691 * It's quite possible we've been here before to process objects, 2692 * therefore reinitialize our dynamic list. 2693 */ 2694 if (alist) 2695 aplist_reset(alist); 2696 2697 /* 2698 * Discard any relocation index from further symbol searches. This 2699 * index has already been used to trigger any necessary lazy-loads, 2700 * and it might be because one of these lazy loads has failed that 2701 * we're performing this fallback. By removing the relocation index 2702 * we don't try and perform the same failed lazy loading activity again. 2703 */ 2704 sl1.sl_rsymndx = 0; 2705 2706 /* 2707 * Determine the callers link-map list so that we can monitor whether 2708 * new objects have been added. 2709 */ 2710 lml = LIST(clmp); 2711 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp)); 2712 2713 /* 2714 * Generate a local list of new objects to process. This list can grow 2715 * as each object supplies its own lazy dependencies. 2716 */ 2717 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2718 return (NULL); 2719 2720 for (APLIST_TRAVERSE(alist, idx1, lmp1)) { 2721 uint_t dynndx; 2722 Dyninfo *dip, *pdip; 2723 2724 /* 2725 * Loop through the lazy DT_NEEDED entries examining each object 2726 * for the required symbol. If the symbol is not found, the 2727 * object is in turn added to the local alist, so that the 2728 * objects lazy DT_NEEDED entries can be examined. 2729 */ 2730 lmp = lmp1; 2731 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL; 2732 !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) { 2733 Grp_hdl *ghp; 2734 Grp_desc *gdp; 2735 Rt_map *nlmp, *llmp; 2736 Slookup sl2; 2737 Sresult sr; 2738 Aliste idx2; 2739 2740 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2741 dip->di_info) 2742 continue; 2743 2744 /* 2745 * If this object has already failed to lazy load, and 2746 * we're still processing the same runtime linker 2747 * operation that produced the failure, don't bother 2748 * to try and load the object again. 2749 */ 2750 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2751 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2752 if (pdip->di_info == (void *)ld_entry_cnt) 2753 continue; 2754 2755 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2756 pdip->di_info = NULL; 2757 } 2758 2759 /* 2760 * Determine the last link-map presently on the callers 2761 * link-map control list. 2762 */ 2763 llmp = lmc->lc_tail; 2764 2765 /* 2766 * Try loading this lazy dependency. If the object 2767 * can't be loaded, consider this non-fatal and continue 2768 * the search. Lazy loaded dependencies need not exist 2769 * and their loading should only turn out to be fatal 2770 * if they are required to satisfy a relocation. 2771 * 2772 * A successful lazy load can mean one of two things: 2773 * 2774 * - new objects have been loaded, in which case the 2775 * objects will have been analyzed, relocated, and 2776 * finally moved to the callers control list. 2777 * - the objects are already loaded, and this lazy 2778 * load has simply associated the referenced object 2779 * with it's lazy dependencies. 2780 * 2781 * If new objects are loaded, look in these objects 2782 * first. Note, a new object can be the object being 2783 * referenced by this lazy load, however we can also 2784 * descend into multiple lazy loads as we relocate this 2785 * reference. 2786 * 2787 * If the symbol hasn't been found, use the referenced 2788 * objects handle, as it might have dependencies on 2789 * objects that are already loaded. Note that existing 2790 * objects might have already been searched and skipped 2791 * as non-available to this caller. However, a lazy 2792 * load might have caused the promotion of modes, or 2793 * added this object to the family of the caller. In 2794 * either case, the handle associated with the object 2795 * is then used to carry out the symbol search. 2796 */ 2797 if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name, 2798 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL) 2799 continue; 2800 2801 if (NEXT_RT_MAP(llmp)) { 2802 /* 2803 * Look in any new objects. 2804 */ 2805 sl1.sl_imap = NEXT_RT_MAP(llmp); 2806 sl1.sl_flags &= ~LKUP_STDRELOC; 2807 2808 /* 2809 * Initialize a local symbol result descriptor, 2810 * using the original symbol name. 2811 */ 2812 SRESULT_INIT(sr, slp->sl_name); 2813 2814 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) { 2815 *srp = sr; 2816 return (1); 2817 } 2818 } 2819 2820 /* 2821 * Use the objects handle to inspect the family of 2822 * objects associated with the handle. Note, there's 2823 * a possibility of overlap with the above search, 2824 * should a lazy load bring in new objects and 2825 * reference existing objects. 2826 */ 2827 sl2 = sl1; 2828 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2829 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) && 2830 (gdp->gd_flags & GPD_DLSYM)) { 2831 2832 sl2.sl_imap = gdp->gd_depend; 2833 sl2.sl_flags |= LKUP_FIRST; 2834 2835 /* 2836 * Initialize a local symbol result 2837 * descriptor, using the original 2838 * symbol name. 2839 */ 2840 SRESULT_INIT(sr, slp->sl_name); 2841 2842 if (lookup_sym(&sl2, &sr, binfo, 2843 in_nfavl)) { 2844 *srp = sr; 2845 return (1); 2846 } 2847 } 2848 } 2849 2850 /* 2851 * Some dlsym() operations are already traversing a 2852 * link-map (dlopen(0)), and thus there's no need to 2853 * save them on the dynamic dependency list. 2854 */ 2855 if (slp->sl_flags & LKUP_NODESCENT) 2856 continue; 2857 2858 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL) 2859 return (0); 2860 } 2861 } 2862 2863 return (0); 2864 } 2865 2866 /* 2867 * Warning message for bad r_offset. 2868 */ 2869 void 2870 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2871 ulong_t rsymndx) 2872 { 2873 const char *name = NULL; 2874 Lm_list *lml = LIST(lmp); 2875 int trace; 2876 2877 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2878 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2879 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2880 trace = 1; 2881 else 2882 trace = 0; 2883 2884 if ((trace == 0) && (DBG_ENABLED == 0)) 2885 return; 2886 2887 if (rsymndx) { 2888 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2889 (rsymndx * SYMENT(lmp))); 2890 2891 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2892 name = (char *)(STRTAB(lmp) + symref->st_name); 2893 } 2894 2895 if (name == NULL) 2896 name = MSG_INTL(MSG_STR_UNKNOWN); 2897 2898 if (trace) { 2899 const char *rstr; 2900 2901 rstr = _conv_reloc_type((uint_t)rtype); 2902 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2903 EC_ADDR(roffset)); 2904 return; 2905 } 2906 2907 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2908 } 2909 2910 /* 2911 * Resolve a static TLS relocation. 2912 */ 2913 long 2914 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2915 ulong_t roffset, long value) 2916 { 2917 Lm_list *lml = LIST(lmp); 2918 2919 /* 2920 * Relocations against a static TLS block have limited support once 2921 * process initialization has completed. Any error condition should be 2922 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2923 * however individual relocations are tested in case the dynamic flag 2924 * had not been set when this object was built. 2925 */ 2926 if (PTTLS(lmp) == NULL) { 2927 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2928 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2929 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2930 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2931 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2932 return (0); 2933 } 2934 2935 /* 2936 * If no static TLS has been set aside for this object, determine if 2937 * any can be obtained. Enforce that any object using static TLS is 2938 * non-deletable. 2939 */ 2940 if (TLSSTATOFF(lmp) == 0) { 2941 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2942 MODE(lmp) |= RTLD_NODELETE; 2943 2944 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2945 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2946 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2947 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2948 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2949 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2950 return (0); 2951 } 2952 } 2953 2954 /* 2955 * Typically, a static TLS offset is maintained as a symbols value. 2956 * For local symbols that are not apart of the dynamic symbol table, 2957 * the TLS relocation points to a section symbol, and the static TLS 2958 * offset was deposited in the associated GOT table. Make sure the GOT 2959 * is cleared, so that the value isn't reused in do_reloc(). 2960 */ 2961 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2962 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2963 value = *(long *)roffset; 2964 *(long *)roffset = 0; 2965 } else { 2966 value = sym->st_value; 2967 } 2968 } 2969 return (-(TLSSTATOFF(lmp) - value)); 2970 } 2971 2972 /* 2973 * If the symbol is not found and the reference was not to a weak symbol, report 2974 * an error. Weak references may be unresolved. 2975 */ 2976 int 2977 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2978 { 2979 Lm_list *lml = LIST(lmp); 2980 2981 /* 2982 * Under crle(1), relocation failures are ignored. 2983 */ 2984 if (lml->lm_flags & LML_FLG_IGNRELERR) 2985 return (1); 2986 2987 /* 2988 * Under ldd(1), unresolved references are reported. However, if the 2989 * original reference is EXTERN or PARENT these references are ignored 2990 * unless ldd's -p option is in effect. 2991 */ 2992 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2993 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2994 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2995 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2996 demangle(name), NAME(lmp)); 2997 } 2998 return (1); 2999 } 3000 3001 /* 3002 * Otherwise, the unresolved references is fatal. 3003 */ 3004 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 3005 NULL, 0, name)); 3006 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 3007 demangle(name)); 3008 3009 return (0); 3010 } 3011