1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Object file dependent support for ELF objects. 34 */ 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline.h" 49 #include "msg.h" 50 51 /* 52 * Default and secure dependency search paths. 53 */ 54 static Spath_defn _elf_def_dirs[] = { 55 #if defined(_ELF64) 56 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 57 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 58 #else 59 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 60 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 61 #endif 62 { 0, 0 } 63 }; 64 65 static Spath_defn _elf_sec_dirs[] = { 66 #if defined(_ELF64) 67 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 68 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 69 #else 70 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 71 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 72 #endif 73 { 0, 0 } 74 }; 75 76 Alist *elf_def_dirs = NULL; 77 Alist *elf_sec_dirs = NULL; 78 79 /* 80 * Defines for local functions. 81 */ 82 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 83 static Addr elf_entry_point(void); 84 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 85 static Alist **elf_get_def_dirs(void); 86 static Alist **elf_get_sec_dirs(void); 87 static char *elf_get_so(const char *, const char *, size_t, size_t); 88 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 89 90 /* 91 * Functions and data accessed through indirect pointers. 92 */ 93 Fct elf_fct = { 94 elf_verify, 95 elf_new_lmp, 96 elf_entry_point, 97 elf_needed, 98 lookup_sym, 99 elf_reloc, 100 elf_get_def_dirs, 101 elf_get_sec_dirs, 102 elf_fix_name, 103 elf_get_so, 104 elf_dladdr, 105 dlsym_handle 106 }; 107 108 /* 109 * Default and secure dependency search paths. 110 */ 111 static Alist ** 112 elf_get_def_dirs() 113 { 114 if (elf_def_dirs == NULL) 115 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 116 return (&elf_def_dirs); 117 } 118 119 static Alist ** 120 elf_get_sec_dirs() 121 { 122 if (elf_sec_dirs == NULL) 123 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 124 return (&elf_sec_dirs); 125 } 126 127 /* 128 * Redefine NEEDED name if necessary. 129 */ 130 static int 131 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 132 uint_t orig) 133 { 134 /* 135 * For ABI compliance, if we are asked for ld.so.1, then really give 136 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 137 */ 138 if (((*name == '/') && 139 /* BEGIN CSTYLED */ 140 #if defined(_ELF64) 141 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 142 #else 143 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 144 #endif 145 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 146 /* END CSTYLED */ 147 Pdesc *pdp; 148 149 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 150 MSG_ORIG(MSG_PTH_LIBSYS))); 151 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc), 152 alni)) == NULL) 153 return (0); 154 155 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS); 156 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE; 157 pdp->pd_flags = PD_FLG_PNSLASH; 158 159 return (1); 160 } 161 162 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 163 } 164 165 /* 166 * Determine whether this object requires any hardware or software capabilities. 167 */ 168 static int 169 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 170 { 171 Phdr *phdr; 172 int cnt; 173 174 /* LINTED */ 175 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 176 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 177 Cap *cptr; 178 179 if (phdr->p_type != PT_SUNWCAP) 180 continue; 181 182 /* LINTED */ 183 cptr = (Cap *)((char *)ehdr + phdr->p_offset); 184 while (cptr->c_tag != CA_SUNW_NULL) { 185 if (cptr->c_tag == CA_SUNW_HW_1) { 186 /* 187 * Verify the hardware capabilities. 188 */ 189 if (hwcap_check(cptr->c_un.c_val, rej) == 0) 190 return (0); 191 192 /* 193 * Retain this hardware capabilities value for 194 * possible later inspection should this object 195 * be processed as a filtee. 196 */ 197 fdp->fd_hwcap = cptr->c_un.c_val; 198 } 199 if (cptr->c_tag == CA_SUNW_SF_1) { 200 /* 201 * Verify the software capabilities. 202 */ 203 if (sfcap_check(cptr->c_un.c_val, rej) == 0) 204 return (0); 205 } 206 cptr++; 207 } 208 } 209 return (1); 210 } 211 212 /* 213 * Determine if we have been given an ELF file and if so determine if the file 214 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 215 * with associated error information. 216 */ 217 Fct * 218 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 219 Rej_desc *rej) 220 { 221 Ehdr *ehdr; 222 char *caddr = (char *)addr; 223 224 /* 225 * Determine if we're an elf file. If not simply return, we don't set 226 * any rejection information as this test allows use to scroll through 227 * the objects we support (ELF, AOUT). 228 */ 229 if (size < sizeof (Ehdr) || 230 caddr[EI_MAG0] != ELFMAG0 || 231 caddr[EI_MAG1] != ELFMAG1 || 232 caddr[EI_MAG2] != ELFMAG2 || 233 caddr[EI_MAG3] != ELFMAG3) { 234 return (NULL); 235 } 236 237 /* 238 * Check class and encoding. 239 */ 240 /* LINTED */ 241 ehdr = (Ehdr *)addr; 242 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 243 rej->rej_type = SGS_REJ_CLASS; 244 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 245 return (NULL); 246 } 247 if (ehdr->e_ident[EI_DATA] != M_DATA) { 248 rej->rej_type = SGS_REJ_DATA; 249 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 250 return (NULL); 251 } 252 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 253 (ehdr->e_type != ET_DYN)) { 254 rej->rej_type = SGS_REJ_TYPE; 255 rej->rej_info = (uint_t)ehdr->e_type; 256 return (NULL); 257 } 258 259 /* 260 * Verify ELF version. 261 */ 262 if (ehdr->e_version > EV_CURRENT) { 263 rej->rej_type = SGS_REJ_VERSION; 264 rej->rej_info = (uint_t)ehdr->e_version; 265 return (NULL); 266 } 267 268 /* 269 * Verify machine specific flags. 270 */ 271 if (elf_mach_flags_check(rej, ehdr) == 0) 272 return (NULL); 273 274 /* 275 * Verify any hardware/software capability requirements. Note, if this 276 * object is an explicitly defined shared object under inspection by 277 * ldd(1), and contains an incompatible hardware capabilities 278 * requirement, then inform the user, but continue processing. 279 */ 280 if (elf_cap_check(fdp, ehdr, rej) == 0) { 281 Rt_map *lmp = lml_main.lm_head; 282 283 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 284 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 285 const char *fmt; 286 287 if (rej->rej_type == SGS_REJ_HWCAP_1) 288 fmt = MSG_INTL(MSG_LDD_GEN_HWCAP_1); 289 else 290 fmt = MSG_INTL(MSG_LDD_GEN_SFCAP_1); 291 (void) printf(fmt, name, rej->rej_str); 292 return (&elf_fct); 293 } 294 return (NULL); 295 } 296 return (&elf_fct); 297 } 298 299 /* 300 * The runtime linker employs lazy loading to provide the libraries needed for 301 * debugging, preloading .o's and dldump(). As these are seldom used, the 302 * standard startup of ld.so.1 doesn't initialize all the information necessary 303 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 304 * is called we get here to perform these initializations: 305 * 306 * - elf_needed() is called to set up the DYNINFO() indexes for each lazy 307 * dependency. Typically, for all other objects, this is called during 308 * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 309 * 310 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These 311 * are by default skipped thus delaying all relative relocation processing 312 * on every invocation of ld.so.1. 313 */ 314 int 315 elf_rtld_load() 316 { 317 Lm_list *lml = &lml_rtld; 318 Rt_map *lmp = lml->lm_head; 319 320 if (lml->lm_flags & LML_FLG_PLTREL) 321 return (1); 322 323 /* 324 * As we need to refer to the DYNINFO() information, insure that it has 325 * been initialized. 326 */ 327 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 328 return (0); 329 330 #if defined(__i386) 331 /* 332 * This is a kludge to give ld.so.1 a performance benefit on i386. 333 * It's based around two factors. 334 * 335 * - JMPSLOT relocations (PLT's) actually need a relative relocation 336 * applied to the GOT entry so that they can find PLT0. 337 * 338 * - ld.so.1 does not exercise *any* PLT's before it has made a call 339 * to elf_lazy_load(). This is because all dynamic dependencies 340 * are recorded as lazy dependencies. 341 */ 342 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 343 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 344 (ulong_t)ADDR(lmp), lmp, NULL); 345 #endif 346 347 lml->lm_flags |= LML_FLG_PLTREL; 348 return (1); 349 } 350 351 /* 352 * Lazy load an object. 353 */ 354 Rt_map * 355 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 356 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 357 { 358 Alist *palp = NULL; 359 Rt_map *nlmp; 360 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 361 const char *name; 362 Lm_list *lml = LIST(clmp); 363 Aliste lmco; 364 365 /* 366 * If this dependency has already been processed, we're done. 367 */ 368 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 369 (dip->di_flags & FLG_DI_LDD_DONE)) 370 return (nlmp); 371 372 /* 373 * If we're running under ldd(1), indicate that this dependency has been 374 * processed (see test above). It doesn't matter whether the object is 375 * successfully loaded or not, this flag simply ensures that we don't 376 * repeatedly attempt to load an object that has already failed to load. 377 * To do so would create multiple failure diagnostics for the same 378 * object under ldd(1). 379 */ 380 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 381 dip->di_flags |= FLG_DI_LDD_DONE; 382 383 /* 384 * Determine the initial dependency name. 385 */ 386 name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; 387 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 388 389 /* 390 * If this object needs to establish its own group, make sure a handle 391 * is created. 392 */ 393 if (dip->di_flags & FLG_DI_GROUP) 394 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 395 396 /* 397 * Lazy dependencies are identified as DT_NEEDED entries with a 398 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 399 * dynamic information element that corresponds to the DT_POSFLAG_1 400 * entry is free, and thus used to store the present entrance 401 * identifier. This identifier is used to prevent multiple attempts to 402 * load a failed lazy loadable dependency within the same runtime linker 403 * operation. However, future attempts to reload this dependency are 404 * still possible. 405 */ 406 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 407 pdip->di_info = (void *)slp->sl_id; 408 409 /* 410 * Expand the requested name if necessary. 411 */ 412 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 413 return (NULL); 414 415 /* 416 * Establish a link-map control list for this request. 417 */ 418 if ((lmco = create_cntl(lml, 0)) == NULL) { 419 remove_plist(&palp, 1); 420 return (NULL); 421 } 422 423 /* 424 * Load the associated object. 425 */ 426 dip->di_info = nlmp = 427 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl); 428 429 /* 430 * Remove any expanded pathname infrastructure. Reduce the pending lazy 431 * dependency count of the caller, together with the link-map lists 432 * count of objects that still have lazy dependencies pending. 433 */ 434 remove_plist(&palp, 1); 435 if (--LAZY(clmp) == 0) 436 LIST(clmp)->lm_lazy--; 437 438 /* 439 * Finish processing the objects associated with this request, and 440 * create an association between the caller and this dependency. 441 */ 442 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 443 ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) || 444 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 445 dip->di_info = nlmp = NULL; 446 447 /* 448 * If this lazyload has failed, and we've created a new link-map 449 * control list to which this request has added objects, then remove 450 * all the objects that have been associated to this request. 451 */ 452 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 453 remove_lmc(lml, clmp, lmco, name); 454 455 /* 456 * Remove any temporary link-map control list. 457 */ 458 if (lmco != ALIST_OFF_DATA) 459 remove_cntl(lml, lmco); 460 461 /* 462 * If this lazy loading failed, record the fact, and bump the lazy 463 * counts. 464 */ 465 if (nlmp == NULL) { 466 dip->di_flags |= FLG_DI_LAZYFAIL; 467 if (LAZY(clmp)++ == 0) 468 LIST(clmp)->lm_lazy++; 469 } 470 471 return (nlmp); 472 } 473 474 /* 475 * Return the entry point of the ELF executable. 476 */ 477 static Addr 478 elf_entry_point(void) 479 { 480 Rt_map *lmp = lml_main.lm_head; 481 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 482 Addr addr = (Addr)(ehdr->e_entry); 483 484 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 485 addr += ADDR(lmp); 486 487 return (addr); 488 } 489 490 /* 491 * Determine if a dependency requires a particular version and if so verify 492 * that the version exists in the dependency. 493 */ 494 int 495 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 496 { 497 Verneed *vnd = VERNEED(clmp); 498 int _num, num = VERNEEDNUM(clmp); 499 char *cstrs = (char *)STRTAB(clmp); 500 Lm_list *lml = LIST(clmp); 501 502 /* 503 * Traverse the callers version needed information and determine if any 504 * specific versions are required from the dependency. 505 */ 506 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 507 for (_num = 1; _num <= num; _num++, 508 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 509 Half cnt = vnd->vn_cnt; 510 Vernaux *vnap; 511 char *nstrs, *need; 512 513 /* 514 * Determine if a needed entry matches this dependency. 515 */ 516 need = (char *)(cstrs + vnd->vn_file); 517 if (strcmp(name, need) != 0) 518 continue; 519 520 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 521 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 522 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 523 524 /* 525 * Validate that each version required actually exists in the 526 * dependency. 527 */ 528 nstrs = (char *)STRTAB(nlmp); 529 530 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 531 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 532 char *version, *define; 533 Verdef *vdf = VERDEF(nlmp); 534 ulong_t _num, num = VERDEFNUM(nlmp); 535 int found = 0; 536 537 /* 538 * Skip validation of versions that are marked 539 * INFO. This optimization is used for versions 540 * that are inherited by another version. Verification 541 * of the inheriting version is sufficient. 542 * 543 * Such versions are recorded in the object for the 544 * benefit of VERSYM entries that refer to them. This 545 * provides a purely diagnositic benefit. 546 */ 547 if (vnap->vna_flags & VER_FLG_INFO) 548 continue; 549 550 version = (char *)(cstrs + vnap->vna_name); 551 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 552 553 for (_num = 1; _num <= num; _num++, 554 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 555 Verdaux *vdap; 556 557 if (vnap->vna_hash != vdf->vd_hash) 558 continue; 559 560 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 561 define = (char *)(nstrs + vdap->vda_name); 562 if (strcmp(version, define) != 0) 563 continue; 564 565 found++; 566 break; 567 } 568 569 /* 570 * If we're being traced print out any matched version 571 * when the verbose (-v) option is in effect. Always 572 * print any unmatched versions. 573 */ 574 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 575 /* BEGIN CSTYLED */ 576 if (found) { 577 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 578 continue; 579 580 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 581 need, version, NAME(nlmp)); 582 } else { 583 if (rtld_flags & RT_FL_SILENCERR) 584 continue; 585 586 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 587 need, version); 588 } 589 /* END CSTYLED */ 590 continue; 591 } 592 593 /* 594 * If the version hasn't been found then this is a 595 * candidate for a fatal error condition. Weak 596 * version definition requirements are silently 597 * ignored. Also, if the image inspected for a version 598 * definition has no versioning recorded at all then 599 * silently ignore this (this provides better backward 600 * compatibility to old images created prior to 601 * versioning being available). Both of these skipped 602 * diagnostics are available under tracing (see above). 603 */ 604 if ((found == 0) && (num != 0) && 605 (!(vnap->vna_flags & VER_FLG_WEAK))) { 606 eprintf(lml, ERR_FATAL, 607 MSG_INTL(MSG_VER_NFOUND), need, version, 608 NAME(clmp)); 609 return (0); 610 } 611 } 612 } 613 DBG_CALL(Dbg_ver_need_done(lml)); 614 return (1); 615 } 616 617 /* 618 * Search through the dynamic section for DT_NEEDED entries and perform one 619 * of two functions. If only the first argument is specified then load the 620 * defined shared object, otherwise add the link map representing the defined 621 * link map the the dlopen list. 622 */ 623 static int 624 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 625 { 626 Alist *palp = NULL; 627 Dyn *dyn, *pdyn; 628 ulong_t ndx = 0; 629 uint_t lazy, flags; 630 Word lmflags = lml->lm_flags; 631 Word lmtflags = lml->lm_tflags; 632 633 /* 634 * Process each shared object on needed list. 635 */ 636 if (DYN(clmp) == NULL) 637 return (1); 638 639 for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL; 640 pdyn = dyn++, ndx++) { 641 Dyninfo *dip = &DYNINFO(clmp)[ndx]; 642 Rt_map *nlmp = NULL; 643 char *name; 644 int silent = 0; 645 646 switch (dyn->d_tag) { 647 case DT_POSFLAG_1: 648 dip->di_flags |= FLG_DI_POSFLAG1; 649 continue; 650 case DT_NEEDED: 651 case DT_USED: 652 lazy = flags = 0; 653 dip->di_flags |= FLG_DI_NEEDED; 654 655 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 656 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 657 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) { 658 dip->di_flags |= FLG_DI_LAZY; 659 lazy = 1; 660 } 661 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) { 662 dip->di_flags |= FLG_DI_GROUP; 663 flags = 664 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 665 } 666 } 667 668 name = (char *)STRTAB(clmp) + dyn->d_un.d_val; 669 670 /* 671 * NOTE, libc.so.1 can't be lazy loaded. Although a 672 * lazy position flag won't be produced when a RTLDINFO 673 * .dynamic entry is found (introduced with the UPM in 674 * Solaris 10), it was possible to mark libc for lazy 675 * loading on previous releases. To reduce the overhead 676 * of testing for this occurrence, only carry out this 677 * check for the first object on the link-map list 678 * (there aren't many applications built without libc). 679 */ 680 if (lazy && (lml->lm_head == clmp) && 681 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 682 lazy = 0; 683 684 /* 685 * Don't bring in lazy loaded objects yet unless we've 686 * been asked to attempt to load all available objects 687 * (crle(1) sets LD_FLAGS=loadavail). Even under 688 * RTLD_NOW we don't process this - RTLD_NOW will cause 689 * relocation processing which in turn might trigger 690 * lazy loading, but its possible that the object has a 691 * lazy loaded file with no bindings (i.e., it should 692 * never have been a dependency in the first place). 693 */ 694 if (lazy) { 695 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 696 LAZY(clmp)++; 697 lazy = flags = 0; 698 continue; 699 } 700 701 /* 702 * Silence any error messages - see description 703 * under elf_lookup_filtee(). 704 */ 705 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 706 rtld_flags |= RT_FL_SILENCERR; 707 silent = 1; 708 } 709 } 710 break; 711 case DT_AUXILIARY: 712 dip->di_flags |= FLG_DI_AUXFLTR; 713 continue; 714 case DT_SUNW_AUXILIARY: 715 dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 716 continue; 717 case DT_FILTER: 718 dip->di_flags |= FLG_DI_STDFLTR; 719 continue; 720 case DT_SUNW_FILTER: 721 dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 722 continue; 723 default: 724 continue; 725 } 726 727 DBG_CALL(Dbg_file_needed(clmp, name)); 728 729 /* 730 * If we're running under ldd(1), indicate that this dependency 731 * has been processed. It doesn't matter whether the object is 732 * successfully loaded or not, this flag simply ensures that we 733 * don't repeatedly attempt to load an object that has already 734 * failed to load. To do so would create multiple failure 735 * diagnostics for the same object under ldd(1). 736 */ 737 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 738 dip->di_flags |= FLG_DI_LDD_DONE; 739 740 /* 741 * Establish the objects name, load it and establish a binding 742 * with the caller. 743 */ 744 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 745 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 746 flags, 0, in_nfavl)) == NULL) || 747 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 748 nlmp = NULL; 749 750 /* 751 * Clean up any infrastructure, including the removal of the 752 * error suppression state, if it had been previously set in 753 * this routine. 754 */ 755 remove_plist(&palp, 0); 756 757 if (silent) 758 rtld_flags &= ~RT_FL_SILENCERR; 759 760 if ((dip->di_info = (void *)nlmp) == NULL) { 761 /* 762 * If the object could not be mapped, continue if error 763 * suppression is established or we're here with ldd(1). 764 */ 765 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 766 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 767 continue; 768 else { 769 remove_plist(&palp, 1); 770 return (0); 771 } 772 } 773 } 774 775 if (LAZY(clmp)) 776 lml->lm_lazy++; 777 778 remove_plist(&palp, 1); 779 return (1); 780 } 781 782 /* 783 * A null symbol interpretor. Used if a filter has no associated filtees. 784 */ 785 /* ARGSUSED0 */ 786 static Sym * 787 elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 788 { 789 return (NULL); 790 } 791 792 /* 793 * Disable filtee use. 794 */ 795 static void 796 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 797 { 798 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 799 /* 800 * If this is an object filter, null out the reference name. 801 */ 802 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 803 REFNAME(lmp) = NULL; 804 OBJFLTRNDX(lmp) = FLTR_DISABLED; 805 806 /* 807 * Indicate that this filtee is no longer available. 808 */ 809 if (dip->di_flags & FLG_DI_STDFLTR) 810 SYMINTP(lmp) = elf_null_find_sym; 811 812 } 813 } else if (dip->di_flags & FLG_DI_STDFLTR) { 814 /* 815 * Indicate that this standard filtee is no longer available. 816 */ 817 if (SYMSFLTRCNT(lmp)) 818 SYMSFLTRCNT(lmp)--; 819 } else { 820 /* 821 * Indicate that this auxiliary filtee is no longer available. 822 */ 823 if (SYMAFLTRCNT(lmp)) 824 SYMAFLTRCNT(lmp)--; 825 } 826 dip->di_flags &= ~MSK_DI_FILTER; 827 } 828 829 /* 830 * Find symbol interpreter - filters. 831 * This function is called when the symbols from a shared object should 832 * be resolved from the shared objects filtees instead of from within itself. 833 * 834 * A symbol name of 0 is used to trigger filtee loading. 835 */ 836 static Sym * 837 _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 838 int *in_nfavl) 839 { 840 const char *name = slp->sl_name, *filtees; 841 Rt_map *clmp = slp->sl_cmap; 842 Rt_map *ilmp = slp->sl_imap; 843 Pdesc *pdp; 844 int any; 845 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 846 Lm_list *lml = LIST(ilmp); 847 Aliste idx; 848 849 /* 850 * Indicate that the filter has been used. If a binding already exists 851 * to the caller, indicate that this object is referenced. This insures 852 * we don't generate false unreferenced diagnostics from ldd -u/U or 853 * debugging. Don't create a binding regardless, as this filter may 854 * have been dlopen()'ed. 855 */ 856 if (name && (ilmp != clmp)) { 857 Word tracing = (LIST(clmp)->lm_flags & 858 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 859 860 if (tracing || DBG_ENABLED) { 861 Bnd_desc *bdp; 862 Aliste idx; 863 864 FLAGS1(ilmp) |= FL1_RT_USED; 865 866 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 867 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 868 if (bdp->b_caller == clmp) { 869 bdp->b_flags |= BND_REFER; 870 break; 871 } 872 } 873 } 874 } 875 } 876 877 /* 878 * If this is the first call to process this filter, establish the 879 * filtee list. If a configuration file exists, determine if any 880 * filtee associations for this filter, and its filtee reference, are 881 * defined. Otherwise, process the filtee reference. Any token 882 * expansion is also completed at this point (i.e., $PLATFORM). 883 */ 884 filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; 885 if (dip->di_info == NULL) { 886 if (rtld_flags2 & RT_FL2_FLTCFG) 887 elf_config_flt(lml, PATHNAME(ilmp), filtees, 888 (Alist **)&dip->di_info, AL_CNT_FILTEES); 889 890 if (dip->di_info == NULL) { 891 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 892 if ((lml->lm_flags & 893 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 894 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 895 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 896 NAME(ilmp), filtees); 897 898 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 899 AL_CNT_FILTEES, 0, 0) == 0) { 900 elf_disable_filtee(ilmp, dip); 901 return (NULL); 902 } 903 } 904 } 905 906 /* 907 * Traverse the filtee list, dlopen()'ing any objects specified and 908 * using their group handle to lookup the symbol. 909 */ 910 any = 0; 911 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 912 int mode; 913 Grp_hdl *ghp; 914 Rt_map *nlmp = NULL; 915 916 if (pdp->pd_plen == 0) 917 continue; 918 919 /* 920 * Establish the mode of the filtee from the filter. As filtees 921 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 922 * and the filtees aren't global. It would be nice to have 923 * RTLD_FIRST used here also, but as filters got out long before 924 * RTLD_FIRST was introduced it's a little too late now. 925 */ 926 mode = MODE(ilmp) | RTLD_GROUP; 927 mode &= ~RTLD_GLOBAL; 928 929 /* 930 * Insure that any auxiliary filter can locate symbols from its 931 * caller. 932 */ 933 if (dip->di_flags & FLG_DI_AUXFLTR) 934 mode |= RTLD_PARENT; 935 936 /* 937 * Process any hardware capability directory. Establish a new 938 * link-map control list from which to analyze any newly added 939 * objects. 940 */ 941 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_HWCAP)) { 942 const char *dir = pdp->pd_pname; 943 Aliste lmco; 944 945 /* 946 * Establish a link-map control list for this request. 947 */ 948 if ((lmco = create_cntl(lml, 0)) == NULL) 949 return (NULL); 950 951 /* 952 * Determine the hardware capability filtees. If none 953 * can be found, provide suitable diagnostics. 954 */ 955 DBG_CALL(Dbg_cap_hw_filter(lml, dir, ilmp)); 956 if (hwcap_filtees((Alist **)&dip->di_info, idx, dir, 957 lmco, ilmp, filtees, mode, 958 (FLG_RT_PUBHDL | FLG_RT_HWCAP), in_nfavl) == 0) { 959 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 960 (dip->di_flags & FLG_DI_AUXFLTR) && 961 (rtld_flags & RT_FL_WARNFLTR)) { 962 (void) printf( 963 MSG_INTL(MSG_LDD_HWCAP_NFOUND), 964 dir); 965 } 966 DBG_CALL(Dbg_cap_hw_filter(lml, dir, 0)); 967 } 968 969 /* 970 * Re-establish the originating path name descriptor, as 971 * the expansion of hardware capabilities filtees may 972 * have re-allocated the controlling Alist. Mark this 973 * original pathname descriptor as unused so that the 974 * descriptor isn't revisited for processing. Any real 975 * hardware capabilities filtees have been added as new 976 * pathname descriptors following this descriptor. 977 */ 978 pdp = alist_item((Alist *)dip->di_info, idx); 979 pdp->pd_flags &= ~PD_TKN_HWCAP; 980 pdp->pd_plen = 0; 981 982 /* 983 * Now that any hardware capability objects have been 984 * processed, remove any temporary link-map control 985 * list. 986 */ 987 if (lmco != ALIST_OFF_DATA) 988 remove_cntl(lml, lmco); 989 } 990 991 if (pdp->pd_plen == 0) 992 continue; 993 994 /* 995 * Process an individual filtee. 996 */ 997 if (pdp->pd_info == NULL) { 998 const char *filtee = pdp->pd_pname; 999 int audit = 0; 1000 1001 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 1002 1003 ghp = NULL; 1004 1005 /* 1006 * Determine if the reference link map is already 1007 * loaded. As an optimization compare the filtee with 1008 * our interpretor. The most common filter is 1009 * libdl.so.1, which is a filter on ld.so.1. 1010 */ 1011 #if defined(_ELF64) 1012 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 1013 #else 1014 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 1015 #endif 1016 uint_t hflags, rdflags, cdflags; 1017 1018 /* 1019 * Establish any flags for the handle (Grp_hdl). 1020 * 1021 * - This is a special, public, ld.so.1 1022 * handle. 1023 * - Only the first object on this handle 1024 * can supply symbols. 1025 * - This handle provides a filtee. 1026 * 1027 * Essentially, this handle allows a caller to 1028 * reference the dl*() family of interfaces from 1029 * ld.so.1. 1030 */ 1031 hflags = (GPH_PUBLIC | GPH_LDSO | 1032 GPH_FIRST | GPH_FILTEE); 1033 1034 /* 1035 * Establish the flags for the referenced 1036 * dependency descriptor (Grp_desc). 1037 * 1038 * - ld.so.1 is available for dlsym(). 1039 * - ld.so.1 is available to relocate 1040 * against. 1041 * - There's no need to add an dependencies 1042 * to this handle. 1043 */ 1044 rdflags = (GPD_DLSYM | GPD_RELOC); 1045 1046 /* 1047 * Establish the flags for this callers 1048 * dependency descriptor (Grp_desc). 1049 * 1050 * - The explicit creation of a handle 1051 * creates a descriptor for the referenced 1052 * object and the parent (caller). 1053 */ 1054 cdflags = GPD_PARENT; 1055 1056 nlmp = lml_rtld.lm_head; 1057 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1058 hflags, rdflags, cdflags)) == NULL) 1059 nlmp = NULL; 1060 1061 /* 1062 * Establish the filter handle to prevent any 1063 * recursion. 1064 */ 1065 if (nlmp && ghp) 1066 pdp->pd_info = (void *)ghp; 1067 1068 /* 1069 * Audit the filter/filtee established. Ignore 1070 * any return from the auditor, as we can't 1071 * allow ignore filtering to ld.so.1, otherwise 1072 * nothing is going to work. 1073 */ 1074 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1075 LML_TFLG_AUD_OBJFILTER)) 1076 (void) audit_objfilter(ilmp, filtees, 1077 nlmp, 0); 1078 1079 } else { 1080 Rej_desc rej = { 0 }; 1081 Fdesc fd = { 0 }; 1082 Aliste lmco; 1083 1084 /* 1085 * Trace the inspection of this file, determine 1086 * any auditor substitution, and seed the file 1087 * descriptor with the originating name. 1088 */ 1089 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1090 continue; 1091 1092 /* 1093 * Establish a link-map control list for this 1094 * request. 1095 */ 1096 if ((lmco = create_cntl(lml, 0)) == NULL) 1097 return (NULL); 1098 1099 /* 1100 * Locate and load the filtee. 1101 */ 1102 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1103 FLG_RT_PUBHDL, &ghp, &fd, &rej, 1104 in_nfavl)) == NULL) 1105 file_notfound(LIST(ilmp), filtee, ilmp, 1106 FLG_RT_PUBHDL, &rej); 1107 1108 filtee = pdp->pd_pname; 1109 1110 /* 1111 * Establish the filter handle to prevent any 1112 * recursion. 1113 */ 1114 if (nlmp && ghp) { 1115 ghp->gh_flags |= GPH_FILTEE; 1116 pdp->pd_info = (void *)ghp; 1117 1118 FLAGS1(nlmp) |= FL1_RT_USED; 1119 } 1120 1121 /* 1122 * Audit the filter/filtee established. A 1123 * return of 0 indicates the auditor wishes to 1124 * ignore this filtee. 1125 */ 1126 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1127 LML_TFLG_AUD_OBJFILTER)) { 1128 if (audit_objfilter(ilmp, filtees, 1129 nlmp, 0) == 0) { 1130 audit = 1; 1131 nlmp = NULL; 1132 } 1133 } 1134 1135 /* 1136 * Finish processing the objects associated with 1137 * this request. Create an association between 1138 * this object and the originating filter to 1139 * provide sufficient information to tear down 1140 * this filtee if necessary. 1141 */ 1142 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1143 lmco, nlmp, in_nfavl)) == NULL) || 1144 (relocate_lmc(lml, lmco, ilmp, nlmp, 1145 in_nfavl) == 0))) 1146 nlmp = NULL; 1147 1148 /* 1149 * If the filtee has been successfully 1150 * processed, then create an association 1151 * between the filter and filtee. This 1152 * association provides sufficient information 1153 * to tear down the filter and filtee if 1154 * necessary. 1155 */ 1156 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1157 if (nlmp && ghp && (hdl_add(ghp, ilmp, 1158 GPD_FILTER, NULL) == NULL)) 1159 nlmp = NULL; 1160 1161 /* 1162 * Generate a diagnostic if the filtee couldn't 1163 * be loaded. 1164 */ 1165 if (nlmp == NULL) 1166 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1167 audit)); 1168 1169 /* 1170 * If this filtee loading has failed, and we've 1171 * created a new link-map control list to which 1172 * this request has added objects, then remove 1173 * all the objects that have been associated to 1174 * this request. 1175 */ 1176 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1177 remove_lmc(lml, clmp, lmco, name); 1178 1179 /* 1180 * Remove any temporary link-map control list. 1181 */ 1182 if (lmco != ALIST_OFF_DATA) 1183 remove_cntl(lml, lmco); 1184 } 1185 1186 /* 1187 * If the filtee couldn't be loaded, null out the 1188 * path name descriptor entry, and continue the search. 1189 * Otherwise, the group handle is retained for future 1190 * symbol searches. 1191 */ 1192 if (nlmp == NULL) { 1193 pdp->pd_info = NULL; 1194 pdp->pd_plen = 0; 1195 continue; 1196 } 1197 } 1198 1199 ghp = (Grp_hdl *)pdp->pd_info; 1200 1201 /* 1202 * If we're just here to trigger filtee loading skip the symbol 1203 * lookup so we'll continue looking for additional filtees. 1204 */ 1205 if (name) { 1206 Grp_desc *gdp; 1207 Sym *sym = NULL; 1208 Aliste idx; 1209 Slookup sl = *slp; 1210 1211 sl.sl_flags |= LKUP_FIRST; 1212 any++; 1213 1214 /* 1215 * Look for the symbol in the handles dependencies. 1216 */ 1217 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1218 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1219 continue; 1220 1221 /* 1222 * If our parent is a dependency don't look at 1223 * it (otherwise we are in a recursive loop). 1224 * This situation can occur with auxiliary 1225 * filters if the filtee has a dependency on the 1226 * filter. This dependency isn't necessary as 1227 * auxiliary filters are opened RTLD_PARENT, but 1228 * users may still unknowingly add an explicit 1229 * dependency to the parent. 1230 */ 1231 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1232 continue; 1233 1234 if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp, 1235 binfo, in_nfavl)) != NULL) || 1236 (ghp->gh_flags & GPH_FIRST)) 1237 break; 1238 } 1239 1240 /* 1241 * If a symbol has been found, indicate the binding 1242 * and return the symbol. 1243 */ 1244 if (sym) { 1245 *binfo |= DBG_BINFO_FILTEE; 1246 return (sym); 1247 } 1248 } 1249 1250 /* 1251 * If this object is tagged to terminate filtee processing we're 1252 * done. 1253 */ 1254 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1255 break; 1256 } 1257 1258 /* 1259 * If we're just here to trigger filtee loading then we're done. 1260 */ 1261 if (name == NULL) 1262 return (NULL); 1263 1264 /* 1265 * If no filtees have been found for a filter, clean up any path name 1266 * descriptors and disable their search completely. For auxiliary 1267 * filters we can reselect the symbol search function so that we never 1268 * enter this routine again for this object. For standard filters we 1269 * use the null symbol routine. 1270 */ 1271 if (any == 0) { 1272 remove_plist((Alist **)&(dip->di_info), 1); 1273 elf_disable_filtee(ilmp, dip); 1274 return (NULL); 1275 } 1276 1277 return (NULL); 1278 } 1279 1280 /* 1281 * Focal point for disabling error messages for auxiliary filters. As an 1282 * auxiliary filter allows for filtee use, but provides a fallback should a 1283 * filtee not exist (or fail to load), any errors generated as a consequence of 1284 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1285 * suppresses errors generated by eprint(), but insures a debug diagnostic is 1286 * produced. ldd(1) employs printf(), and here, the selection of whether to 1287 * print a diagnostic in regards to auxiliary filters is a little more complex. 1288 * 1289 * - The determination of whether to produce an ldd message, or a fatal 1290 * error message is driven by LML_FLG_TRC_ENABLE. 1291 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1292 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1293 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1294 * 1295 * - If the calling object is lddstub, then several classes of message are 1296 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1297 * a stub executable employed to preload a user specified library against. 1298 * 1299 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1300 * be suppressed. All detailed ldd messages should still be produced. 1301 */ 1302 Sym * 1303 elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 1304 int *in_nfavl) 1305 { 1306 Sym *sym; 1307 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1308 int silent = 0; 1309 1310 /* 1311 * Make sure this entry is still acting as a filter. We may have tried 1312 * to process this previously, and disabled it if the filtee couldn't 1313 * be processed. However, other entries may provide different filtees 1314 * that are yet to be completed. 1315 */ 1316 if (dip->di_flags == 0) 1317 return (NULL); 1318 1319 /* 1320 * Indicate whether an error message is required should this filtee not 1321 * be found, based on the type of filter. 1322 */ 1323 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1324 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1325 rtld_flags |= RT_FL_SILENCERR; 1326 silent = 1; 1327 } 1328 1329 sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx, in_nfavl); 1330 1331 if (silent) 1332 rtld_flags &= ~RT_FL_SILENCERR; 1333 1334 return (sym); 1335 } 1336 1337 /* 1338 * Compute the elf hash value (as defined in the ELF access library). 1339 * The form of the hash table is: 1340 * 1341 * |--------------| 1342 * | # of buckets | 1343 * |--------------| 1344 * | # of chains | 1345 * |--------------| 1346 * | bucket[] | 1347 * |--------------| 1348 * | chain[] | 1349 * |--------------| 1350 */ 1351 ulong_t 1352 elf_hash(const char *name) 1353 { 1354 uint_t hval = 0; 1355 1356 while (*name) { 1357 uint_t g; 1358 hval = (hval << 4) + *name++; 1359 if ((g = (hval & 0xf0000000)) != 0) 1360 hval ^= g >> 24; 1361 hval &= ~g; 1362 } 1363 return ((ulong_t)hval); 1364 } 1365 1366 /* 1367 * If flag argument has LKUP_SPEC set, we treat undefined symbols of type 1368 * function specially in the executable - if they have a value, even though 1369 * undefined, we use that value. This allows us to associate all references 1370 * to a function's address to a single place in the process: the plt entry 1371 * for that function in the executable. Calls to lookup from plt binding 1372 * routines do NOT set LKUP_SPEC in the flag. 1373 */ 1374 Sym * 1375 elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 1376 { 1377 const char *name = slp->sl_name; 1378 Rt_map *ilmp = slp->sl_imap; 1379 ulong_t hash = slp->sl_hash; 1380 uint_t ndx, htmp, buckets, *chainptr; 1381 Sym *sym, *symtabptr; 1382 char *strtabptr, *strtabname; 1383 uint_t flags1; 1384 Syminfo *sip; 1385 1386 /* 1387 * If we're only here to establish a symbols index, skip the diagnostic 1388 * used to trace a symbol search. 1389 */ 1390 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1391 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1392 1393 if (HASH(ilmp) == NULL) 1394 return (NULL); 1395 1396 buckets = HASH(ilmp)[0]; 1397 /* LINTED */ 1398 htmp = (uint_t)hash % buckets; 1399 1400 /* 1401 * Get the first symbol on hash chain and initialize the string 1402 * and symbol table pointers. 1403 */ 1404 if ((ndx = HASH(ilmp)[htmp + 2]) == 0) 1405 return (NULL); 1406 1407 chainptr = HASH(ilmp) + 2 + buckets; 1408 strtabptr = STRTAB(ilmp); 1409 symtabptr = SYMTAB(ilmp); 1410 1411 while (ndx) { 1412 sym = symtabptr + ndx; 1413 strtabname = strtabptr + sym->st_name; 1414 1415 /* 1416 * Compare the symbol found with the name required. If the 1417 * names don't match continue with the next hash entry. 1418 */ 1419 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1420 if ((ndx = chainptr[ndx]) != 0) 1421 continue; 1422 return (NULL); 1423 } 1424 1425 /* 1426 * The Solaris ld does not put DT_VERSYM in the dynamic 1427 * section, but the GNU ld does. The GNU runtime linker 1428 * interprets the top bit of the 16-bit Versym value 1429 * (0x8000) as the "hidden" bit. If this bit is set, 1430 * the linker is supposed to act as if that symbol does 1431 * not exist. The hidden bit supports their versioning 1432 * scheme, which allows multiple incompatible functions 1433 * with the same name to exist at different versions 1434 * within an object. The Solaris linker does not support this 1435 * mechanism, or the model of interface evolution that 1436 * it allows, but we honor the hidden bit in GNU ld 1437 * produced objects in order to interoperate with them. 1438 */ 1439 if ((VERSYM(ilmp) != NULL) && 1440 ((VERSYM(ilmp)[ndx] & 0x8000) != 0)) { 1441 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1442 ndx, VERSYM(ilmp)[ndx])); 1443 if ((ndx = chainptr[ndx]) != 0) 1444 continue; 1445 return (NULL); 1446 } 1447 1448 /* 1449 * If we're only here to establish a symbols index, we're done. 1450 */ 1451 if (slp->sl_flags & LKUP_SYMNDX) 1452 return (sym); 1453 1454 /* 1455 * If we find a match and the symbol is defined, return the 1456 * symbol pointer and the link map in which it was found. 1457 */ 1458 if (sym->st_shndx != SHN_UNDEF) { 1459 *dlmp = ilmp; 1460 *binfo |= DBG_BINFO_FOUND; 1461 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1462 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1463 is_sym_interposer(ilmp, sym))) 1464 *binfo |= DBG_BINFO_INTERPOSE; 1465 break; 1466 1467 /* 1468 * If we find a match and the symbol is undefined, the 1469 * symbol type is a function, and the value of the symbol 1470 * is non zero, then this is a special case. This allows 1471 * the resolution of a function address to the plt[] entry. 1472 * See SPARC ABI, Dynamic Linking, Function Addresses for 1473 * more details. 1474 */ 1475 } else if ((slp->sl_flags & LKUP_SPEC) && 1476 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1477 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1478 *dlmp = ilmp; 1479 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1480 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1481 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1482 is_sym_interposer(ilmp, sym))) 1483 *binfo |= DBG_BINFO_INTERPOSE; 1484 return (sym); 1485 } 1486 1487 /* 1488 * Undefined symbol. 1489 */ 1490 return (NULL); 1491 } 1492 1493 /* 1494 * We've found a match. Determine if the defining object contains 1495 * symbol binding information. 1496 */ 1497 if ((sip = SYMINFO(ilmp)) != NULL) 1498 sip += ndx; 1499 1500 /* 1501 * If this definition is a singleton, and we haven't followed a default 1502 * symbol search knowing that we're looking for a singleton (presumably 1503 * because the symbol definition has been changed since the referring 1504 * object was built), then reject this binding so that the caller can 1505 * fall back to a standard symbol search. 1506 */ 1507 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1508 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1509 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1510 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1511 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1512 DBG_BNDREJ_SINGLE)); 1513 *binfo |= BINFO_REJSINGLE; 1514 *binfo &= ~DBG_BINFO_MSK; 1515 return (NULL); 1516 } 1517 1518 /* 1519 * If this is a direct binding request, but the symbol definition has 1520 * disabled directly binding to it (presumably because the symbol 1521 * definition has been changed since the referring object was built), 1522 * reject this binding so that the caller can fall back to a standard 1523 * symbol search. 1524 */ 1525 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1526 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1527 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1528 DBG_BNDREJ_DIRECT)); 1529 *binfo |= BINFO_REJDIRECT; 1530 *binfo &= ~DBG_BINFO_MSK; 1531 return (NULL); 1532 } 1533 1534 /* 1535 * If this is a binding request within an RTLD_GROUP family, and the 1536 * symbol has disabled directly binding to it, reject this binding so 1537 * that the caller can fall back to a standard symbol search. 1538 * 1539 * Effectively, an RTLD_GROUP family achieves what can now be 1540 * established with direct bindings. However, various symbols have 1541 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1542 * 1543 * A symbol marked as no-direct cannot be used within a group without 1544 * first ensuring that the symbol has not been interposed upon outside 1545 * of the group. A common example occurs when users implement their own 1546 * version of malloc() in the executable. Such a malloc() interposes on 1547 * the libc:malloc, and this interposition must be honored within the 1548 * group as well. 1549 * 1550 * Following any rejection, LKUP_WORLD is established as a means of 1551 * overriding this test as we return to a standard search. 1552 */ 1553 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1554 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1555 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1556 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1557 DBG_BNDREJ_GROUP)); 1558 *binfo |= BINFO_REJGROUP; 1559 *binfo &= ~DBG_BINFO_MSK; 1560 return (NULL); 1561 } 1562 1563 /* 1564 * Determine whether this object is acting as a filter. 1565 */ 1566 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1567 return (sym); 1568 1569 /* 1570 * Determine if this object offers per-symbol filtering, and if so, 1571 * whether this symbol references a filtee. 1572 */ 1573 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1574 /* 1575 * If this is a standard filter reference, and no standard 1576 * filtees remain to be inspected, we're done. If this is an 1577 * auxiliary filter reference, and no auxiliary filtees remain, 1578 * we'll fall through in case any object filtering is available. 1579 */ 1580 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1581 (SYMSFLTRCNT(ilmp) == 0)) 1582 return (NULL); 1583 1584 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1585 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1586 SYMAFLTRCNT(ilmp))) { 1587 Sym *fsym; 1588 1589 /* 1590 * This symbol has an associated filtee. Lookup the 1591 * symbol in the filtee, and if it is found return it. 1592 * If the symbol doesn't exist, and this is a standard 1593 * filter, return an error, otherwise fall through to 1594 * catch any object filtering that may be available. 1595 */ 1596 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1597 sip->si_boundto, in_nfavl)) != NULL) 1598 return (fsym); 1599 if (sip->si_flags & SYMINFO_FLG_FILTER) 1600 return (NULL); 1601 } 1602 } 1603 1604 /* 1605 * Determine if this object provides global filtering. 1606 */ 1607 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1608 Sym *fsym; 1609 1610 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1611 /* 1612 * This object has an associated filtee. Lookup the 1613 * symbol in the filtee, and if it is found return it. 1614 * If the symbol doesn't exist, and this is a standard 1615 * filter, return and error, otherwise return the symbol 1616 * within the filter itself. 1617 */ 1618 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1619 OBJFLTRNDX(ilmp), in_nfavl)) != NULL) 1620 return (fsym); 1621 } 1622 1623 if (flags1 & FL1_RT_OBJSFLTR) 1624 return (NULL); 1625 } 1626 return (sym); 1627 } 1628 1629 /* 1630 * Create a new Rt_map structure for an ELF object and initialize 1631 * all values. 1632 */ 1633 Rt_map * 1634 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1635 void *odyn, int *in_nfavl) 1636 { 1637 const char *name = fdp->fd_nname; 1638 Rt_map *lmp; 1639 Ehdr *ehdr = (Ehdr *)addr; 1640 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1641 Dyn *dyn = (Dyn *)odyn; 1642 Cap *cap = NULL; 1643 int ndx; 1644 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1645 Xword rpath = 0; 1646 size_t lmsz, rtsz, epsz, dynsz = 0; 1647 uint_t dyncnt = 0; 1648 1649 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1650 1651 /* 1652 * If this is a shared object, the base address of the shared object is 1653 * added to all address values defined within the object. Otherwise, if 1654 * this is an executable, all object addresses are used as is. 1655 */ 1656 if (ehdr->e_type == ET_EXEC) 1657 base = 0; 1658 else 1659 base = addr; 1660 1661 /* 1662 * Traverse the program header table, picking off required items. This 1663 * traversal also provides for the sizing of the PT_DYNAMIC section. 1664 */ 1665 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1666 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1667 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1668 switch (phdr->p_type) { 1669 case PT_DYNAMIC: 1670 dphdr = phdr; 1671 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1672 break; 1673 case PT_TLS: 1674 tphdr = phdr; 1675 break; 1676 case PT_SUNWCAP: 1677 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1678 break; 1679 case PT_SUNW_UNWIND: 1680 case PT_SUNW_EH_FRAME: 1681 uphdr = phdr; 1682 break; 1683 default: 1684 break; 1685 } 1686 } 1687 1688 /* 1689 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1690 * allocation. Sadly, this is a little larger than we really need, 1691 * as there are typically padding DT_NULL entries. However, adding 1692 * this data to the initial link-map allocation is a win. 1693 */ 1694 if (dyn) { 1695 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1696 dynsz = dyncnt * sizeof (Dyninfo); 1697 } 1698 1699 /* 1700 * Allocate space for the link-map, private elf information, and 1701 * DYNINFO() data. Once these are allocated and initialized, 1702 * remove_so(0, lmp) can be used to tear down the link-map allocation 1703 * should any failures occur. 1704 */ 1705 rtsz = S_DROUND(sizeof (Rt_map)); 1706 epsz = S_DROUND(sizeof (Rt_elfp)); 1707 lmsz = rtsz + epsz + dynsz; 1708 if ((lmp = calloc(lmsz, 1)) == NULL) 1709 return (NULL); 1710 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1711 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1712 LMSIZE(lmp) = lmsz; 1713 1714 /* 1715 * All fields not filled in were set to 0 by calloc. 1716 */ 1717 NAME(lmp) = (char *)name; 1718 ADDR(lmp) = addr; 1719 MSIZE(lmp) = msize; 1720 SYMINTP(lmp) = elf_find_sym; 1721 FCT(lmp) = &elf_fct; 1722 LIST(lmp) = lml; 1723 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1724 SORTVAL(lmp) = -1; 1725 DYN(lmp) = dyn; 1726 DYNINFOCNT(lmp) = dyncnt; 1727 PTUNWIND(lmp) = uphdr; 1728 1729 if (ehdr->e_type == ET_EXEC) 1730 FLAGS(lmp) |= FLG_RT_FIXED; 1731 1732 /* 1733 * Fill in rest of the link map entries with information from the file's 1734 * dynamic structure. 1735 */ 1736 if (dyn) { 1737 uint_t dynndx = 0; 1738 Xword pltpadsz = 0; 1739 Rti_desc *rti; 1740 1741 /* CSTYLED */ 1742 for ( ; dyn->d_tag != DT_NULL; ++dyn, dynndx++) { 1743 switch ((Xword)dyn->d_tag) { 1744 case DT_SYMTAB: 1745 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1746 break; 1747 case DT_SUNW_SYMTAB: 1748 SUNWSYMTAB(lmp) = 1749 (void *)(dyn->d_un.d_ptr + base); 1750 break; 1751 case DT_SUNW_SYMSZ: 1752 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1753 break; 1754 case DT_STRTAB: 1755 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1756 break; 1757 case DT_SYMENT: 1758 SYMENT(lmp) = dyn->d_un.d_val; 1759 break; 1760 case DT_FEATURE_1: 1761 dyn->d_un.d_val |= DTF_1_PARINIT; 1762 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1763 crle = 1; 1764 break; 1765 case DT_MOVESZ: 1766 MOVESZ(lmp) = dyn->d_un.d_val; 1767 FLAGS(lmp) |= FLG_RT_MOVE; 1768 break; 1769 case DT_MOVEENT: 1770 MOVEENT(lmp) = dyn->d_un.d_val; 1771 break; 1772 case DT_MOVETAB: 1773 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1774 break; 1775 case DT_REL: 1776 case DT_RELA: 1777 /* 1778 * At this time, ld.so. can only handle one 1779 * type of relocation per object. 1780 */ 1781 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1782 break; 1783 case DT_RELSZ: 1784 case DT_RELASZ: 1785 RELSZ(lmp) = dyn->d_un.d_val; 1786 break; 1787 case DT_RELENT: 1788 case DT_RELAENT: 1789 RELENT(lmp) = dyn->d_un.d_val; 1790 break; 1791 case DT_RELCOUNT: 1792 case DT_RELACOUNT: 1793 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1794 break; 1795 case DT_HASH: 1796 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1797 break; 1798 case DT_PLTGOT: 1799 PLTGOT(lmp) = 1800 (uint_t *)(dyn->d_un.d_ptr + base); 1801 break; 1802 case DT_PLTRELSZ: 1803 PLTRELSZ(lmp) = dyn->d_un.d_val; 1804 break; 1805 case DT_JMPREL: 1806 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1807 break; 1808 case DT_INIT: 1809 if (dyn->d_un.d_ptr != NULL) 1810 INIT(lmp) = 1811 (void (*)())(dyn->d_un.d_ptr + 1812 base); 1813 break; 1814 case DT_FINI: 1815 if (dyn->d_un.d_ptr != NULL) 1816 FINI(lmp) = 1817 (void (*)())(dyn->d_un.d_ptr + 1818 base); 1819 break; 1820 case DT_INIT_ARRAY: 1821 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1822 base); 1823 break; 1824 case DT_INIT_ARRAYSZ: 1825 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1826 break; 1827 case DT_FINI_ARRAY: 1828 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1829 base); 1830 break; 1831 case DT_FINI_ARRAYSZ: 1832 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1833 break; 1834 case DT_PREINIT_ARRAY: 1835 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1836 base); 1837 break; 1838 case DT_PREINIT_ARRAYSZ: 1839 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1840 break; 1841 case DT_RPATH: 1842 case DT_RUNPATH: 1843 rpath = dyn->d_un.d_val; 1844 break; 1845 case DT_FILTER: 1846 fltr = dyn->d_un.d_val; 1847 OBJFLTRNDX(lmp) = dynndx; 1848 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1849 break; 1850 case DT_AUXILIARY: 1851 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1852 fltr = dyn->d_un.d_val; 1853 OBJFLTRNDX(lmp) = dynndx; 1854 } 1855 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1856 break; 1857 case DT_SUNW_FILTER: 1858 SYMSFLTRCNT(lmp)++; 1859 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1860 break; 1861 case DT_SUNW_AUXILIARY: 1862 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1863 SYMAFLTRCNT(lmp)++; 1864 } 1865 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1866 break; 1867 case DT_DEPAUDIT: 1868 if (!(rtld_flags & RT_FL_NOAUDIT)) 1869 audit = dyn->d_un.d_val; 1870 break; 1871 case DT_CONFIG: 1872 cfile = dyn->d_un.d_val; 1873 break; 1874 case DT_DEBUG: 1875 /* 1876 * DT_DEBUG entries are only created in 1877 * dynamic objects that require an interpretor 1878 * (ie. all dynamic executables and some shared 1879 * objects), and provide for a hand-shake with 1880 * old debuggers. This entry is initialized to 1881 * zero by the link-editor. If a debugger is 1882 * monitoring us, and has updated this entry, 1883 * set the debugger monitor flag, and finish 1884 * initializing the debugging structure. See 1885 * setup(). Also, switch off any configuration 1886 * object use as most debuggers can't handle 1887 * fixed dynamic executables as dependencies. 1888 */ 1889 if (dyn->d_un.d_ptr) 1890 rtld_flags |= 1891 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1892 dyn->d_un.d_ptr = (Addr)&r_debug; 1893 break; 1894 case DT_VERNEED: 1895 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1896 base); 1897 break; 1898 case DT_VERNEEDNUM: 1899 /* LINTED */ 1900 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1901 break; 1902 case DT_VERDEF: 1903 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1904 base); 1905 break; 1906 case DT_VERDEFNUM: 1907 /* LINTED */ 1908 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1909 break; 1910 case DT_VERSYM: 1911 /* 1912 * The Solaris ld does not produce DT_VERSYM, 1913 * but the GNU ld does, in order to support 1914 * their style of versioning, which differs 1915 * from ours in some ways, while using the 1916 * same data structures. The presence of 1917 * DT_VERSYM therefore means that GNU 1918 * versioning rules apply to the given file. 1919 * If DT_VERSYM is not present, then Solaris 1920 * versioning rules apply. 1921 */ 1922 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1923 base); 1924 break; 1925 case DT_BIND_NOW: 1926 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1927 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1928 MODE(lmp) |= RTLD_NOW; 1929 MODE(lmp) &= ~RTLD_LAZY; 1930 } 1931 break; 1932 case DT_FLAGS: 1933 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1934 if (dyn->d_un.d_val & DF_SYMBOLIC) 1935 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1936 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1937 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1938 MODE(lmp) |= RTLD_NOW; 1939 MODE(lmp) &= ~RTLD_LAZY; 1940 } 1941 /* 1942 * Capture any static TLS use, and enforce that 1943 * this object be non-deletable. 1944 */ 1945 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1946 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1947 MODE(lmp) |= RTLD_NODELETE; 1948 } 1949 break; 1950 case DT_FLAGS_1: 1951 if (dyn->d_un.d_val & DF_1_DISPRELPND) 1952 FLAGS1(lmp) |= FL1_RT_DISPREL; 1953 if (dyn->d_un.d_val & DF_1_GROUP) 1954 FLAGS(lmp) |= 1955 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 1956 if ((dyn->d_un.d_val & DF_1_NOW) && 1957 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1958 MODE(lmp) |= RTLD_NOW; 1959 MODE(lmp) &= ~RTLD_LAZY; 1960 } 1961 if (dyn->d_un.d_val & DF_1_NODELETE) 1962 MODE(lmp) |= RTLD_NODELETE; 1963 if (dyn->d_un.d_val & DF_1_INITFIRST) 1964 FLAGS(lmp) |= FLG_RT_INITFRST; 1965 if (dyn->d_un.d_val & DF_1_NOOPEN) 1966 FLAGS(lmp) |= FLG_RT_NOOPEN; 1967 if (dyn->d_un.d_val & DF_1_LOADFLTR) 1968 FLAGS(lmp) |= FLG_RT_LOADFLTR; 1969 if (dyn->d_un.d_val & DF_1_NODUMP) 1970 FLAGS(lmp) |= FLG_RT_NODUMP; 1971 if (dyn->d_un.d_val & DF_1_CONFALT) 1972 crle = 1; 1973 if (dyn->d_un.d_val & DF_1_DIRECT) 1974 FLAGS1(lmp) |= FL1_RT_DIRECT; 1975 if (dyn->d_un.d_val & DF_1_NODEFLIB) 1976 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 1977 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 1978 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 1979 if (dyn->d_un.d_val & DF_1_TRANS) 1980 FLAGS(lmp) |= FLG_RT_TRANS; 1981 1982 /* 1983 * Global auditing is only meaningful when 1984 * specified by the initiating object of the 1985 * process - typically the dynamic executable. 1986 * If this is the initiaiting object, its link- 1987 * map will not yet have been added to the 1988 * link-map list, and consequently the link-map 1989 * list is empty. (see setup()). 1990 */ 1991 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 1992 if (lml_main.lm_head == NULL) 1993 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 1994 else 1995 DBG_CALL(Dbg_audit_ignore(lmp)); 1996 } 1997 1998 /* 1999 * If this object identifies itself as an 2000 * interposer, but relocation processing has 2001 * already started, then demote it. It's too 2002 * late to guarantee complete interposition. 2003 */ 2004 /* BEGIN CSTYLED */ 2005 if (dyn->d_un.d_val & 2006 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2007 if (lml->lm_flags & LML_FLG_STARTREL) { 2008 DBG_CALL(Dbg_util_intoolate(lmp)); 2009 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2010 (void) printf( 2011 MSG_INTL(MSG_LDD_REL_ERR2), 2012 NAME(lmp)); 2013 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2014 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2015 else 2016 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2017 } 2018 /* END CSTYLED */ 2019 break; 2020 case DT_SYMINFO: 2021 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2022 base); 2023 break; 2024 case DT_SYMINENT: 2025 SYMINENT(lmp) = dyn->d_un.d_val; 2026 break; 2027 case DT_PLTPAD: 2028 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2029 break; 2030 case DT_PLTPADSZ: 2031 pltpadsz = dyn->d_un.d_val; 2032 break; 2033 case DT_SUNW_RTLDINF: 2034 /* 2035 * Maintain a list of RTLDINFO structures. 2036 * Typically, libc is the only supplier, and 2037 * only one structure is provided. However, 2038 * multiple suppliers and multiple structures 2039 * are supported. For example, one structure 2040 * may provide thread_init, and another 2041 * structure may provide atexit reservations. 2042 */ 2043 if ((rti = alist_append(&lml->lm_rti, NULL, 2044 sizeof (Rti_desc), 2045 AL_CNT_RTLDINFO)) == NULL) { 2046 remove_so(0, lmp); 2047 return (NULL); 2048 } 2049 rti->rti_lmp = lmp; 2050 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2051 base); 2052 break; 2053 case DT_SUNW_SORTENT: 2054 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2055 break; 2056 case DT_SUNW_SYMSORT: 2057 SUNWSYMSORT(lmp) = 2058 (void *)(dyn->d_un.d_ptr + base); 2059 break; 2060 case DT_SUNW_SYMSORTSZ: 2061 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2062 break; 2063 case DT_DEPRECATED_SPARC_REGISTER: 2064 case M_DT_REGISTER: 2065 FLAGS(lmp) |= FLG_RT_REGSYMS; 2066 break; 2067 } 2068 } 2069 2070 if (PLTPAD(lmp)) { 2071 if (pltpadsz == (Xword)0) 2072 PLTPAD(lmp) = NULL; 2073 else 2074 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2075 pltpadsz); 2076 } 2077 } 2078 2079 /* 2080 * A dynsym contains only global functions. We want to have 2081 * a version of it that also includes local functions, so that 2082 * dladdr() will be able to report names for local functions 2083 * when used to generate a stack trace for a stripped file. 2084 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2085 * 2086 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2087 * in order to avoid having to have two copies of the global 2088 * symbols held in DT_SYMTAB: The local symbols are placed in 2089 * a separate section than the globals in the dynsym, but the 2090 * linker conspires to put the data for these two sections adjacent 2091 * to each other. DT_SUNW_SYMTAB points at the top of the local 2092 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2093 * 2094 * If the two sections are not adjacent, then something went wrong 2095 * at link time. We use ASSERT to kill the process if this is 2096 * a debug build. In a production build, we will silently ignore 2097 * the presence of the .ldynsym and proceed. We can detect this 2098 * situation by checking to see that DT_SYMTAB lies in 2099 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2100 */ 2101 if ((SUNWSYMTAB(lmp) != NULL) && 2102 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2103 (((char *)SYMTAB(lmp) >= 2104 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2105 ASSERT(0); 2106 SUNWSYMTAB(lmp) = NULL; 2107 SUNWSYMSZ(lmp) = 0; 2108 } 2109 2110 /* 2111 * If configuration file use hasn't been disabled, and a configuration 2112 * file hasn't already been set via an environment variable, see if any 2113 * application specific configuration file is specified. An LD_CONFIG 2114 * setting is used first, but if this image was generated via crle(1) 2115 * then a default configuration file is a fall-back. 2116 */ 2117 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2118 if (cfile) 2119 config->c_name = (const char *)(cfile + 2120 (char *)STRTAB(lmp)); 2121 else if (crle) 2122 rtld_flags |= RT_FL_CONFAPP; 2123 } 2124 2125 if (rpath) 2126 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2127 if (fltr) 2128 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2129 2130 /* 2131 * For Intel ABI compatibility. It's possible that a JMPREL can be 2132 * specified without any other relocations (e.g. a dynamic executable 2133 * normally only contains .plt relocations). If this is the case then 2134 * no REL, RELSZ or RELENT will have been created. For us to be able 2135 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2136 * the RELENT for these relocations. Refer to elf_reloc() for more 2137 * details. 2138 */ 2139 if (!RELENT(lmp) && JMPREL(lmp)) 2140 RELENT(lmp) = sizeof (M_RELOC); 2141 2142 /* 2143 * Establish any per-object auditing. If we're establishing `main's 2144 * link-map its too early to go searching for audit objects so just 2145 * hold the object name for later (see setup()). 2146 */ 2147 if (audit) { 2148 char *cp = audit + (char *)STRTAB(lmp); 2149 2150 if (*cp) { 2151 if (((AUDITORS(lmp) = 2152 calloc(1, sizeof (Audit_desc))) == NULL) || 2153 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2154 remove_so(0, lmp); 2155 return (NULL); 2156 } 2157 if (lml_main.lm_head) { 2158 if (audit_setup(lmp, AUDITORS(lmp), 0, 2159 in_nfavl) == 0) { 2160 remove_so(0, lmp); 2161 return (NULL); 2162 } 2163 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2164 lml->lm_flags |= LML_FLG_LOCAUDIT; 2165 } 2166 } 2167 } 2168 2169 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2170 remove_so(0, lmp); 2171 return (NULL); 2172 } 2173 2174 if (cap) 2175 cap_assign(cap, lmp); 2176 2177 /* 2178 * Add the mapped object to the end of the link map list. 2179 */ 2180 lm_append(lml, lmco, lmp); 2181 2182 /* 2183 * Start the system loading in the ELF information we'll be processing. 2184 */ 2185 if (REL(lmp)) { 2186 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2187 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2188 MADV_WILLNEED); 2189 } 2190 return (lmp); 2191 } 2192 2193 /* 2194 * Assign hardware/software capabilities. 2195 */ 2196 void 2197 cap_assign(Cap *cap, Rt_map *lmp) 2198 { 2199 while (cap->c_tag != CA_SUNW_NULL) { 2200 switch (cap->c_tag) { 2201 case CA_SUNW_HW_1: 2202 HWCAP(lmp) = cap->c_un.c_val; 2203 break; 2204 case CA_SUNW_SF_1: 2205 SFCAP(lmp) = cap->c_un.c_val; 2206 } 2207 cap++; 2208 } 2209 } 2210 2211 /* 2212 * Build full pathname of shared object from given directory name and filename. 2213 */ 2214 static char * 2215 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2216 { 2217 static char pname[PATH_MAX]; 2218 2219 (void) strncpy(pname, dir, dlen); 2220 pname[dlen++] = '/'; 2221 (void) strncpy(&pname[dlen], file, flen + 1); 2222 return (pname); 2223 } 2224 2225 /* 2226 * The copy relocation is recorded in a copy structure which will be applied 2227 * after all other relocations are carried out. This provides for copying data 2228 * that must be relocated itself (ie. pointers in shared objects). This 2229 * structure also provides a means of binding RTLD_GROUP dependencies to any 2230 * copy relocations that have been taken from any group members. 2231 * 2232 * If the size of the .bss area available for the copy information is not the 2233 * same as the source of the data inform the user if we're under ldd(1) control 2234 * (this checking was only established in 5.3, so by only issuing an error via 2235 * ldd(1) we maintain the standard set by previous releases). 2236 */ 2237 int 2238 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2239 Rt_map *dlmp, const void *dadd) 2240 { 2241 Rel_copy rc; 2242 Lm_list *lml = LIST(rlmp); 2243 2244 rc.r_name = name; 2245 rc.r_rsym = rsym; /* the new reference symbol and its */ 2246 rc.r_rlmp = rlmp; /* associated link-map */ 2247 rc.r_dlmp = dlmp; /* the defining link-map */ 2248 rc.r_dsym = dsym; /* the original definition */ 2249 rc.r_radd = radd; 2250 rc.r_dadd = dadd; 2251 2252 if (rsym->st_size > dsym->st_size) 2253 rc.r_size = (size_t)dsym->st_size; 2254 else 2255 rc.r_size = (size_t)rsym->st_size; 2256 2257 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2258 AL_CNT_COPYREL) == NULL) { 2259 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2260 return (0); 2261 else 2262 return (1); 2263 } 2264 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2265 if (aplist_append(©_S(rlmp), dlmp, 2266 AL_CNT_COPYREL) == NULL) { 2267 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2268 return (0); 2269 else 2270 return (1); 2271 } 2272 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2273 } 2274 2275 /* 2276 * If we are tracing (ldd), warn the user if 2277 * 1) the size from the reference symbol differs from the 2278 * copy definition. We can only copy as much data as the 2279 * reference (dynamic executables) entry allows. 2280 * 2) the copy definition has STV_PROTECTED visibility. 2281 */ 2282 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2283 if (rsym->st_size != dsym->st_size) { 2284 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2285 _conv_reloc_type(M_R_COPY), demangle(name), 2286 NAME(rlmp), EC_XWORD(rsym->st_size), 2287 NAME(dlmp), EC_XWORD(dsym->st_size)); 2288 if (rsym->st_size > dsym->st_size) 2289 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2290 NAME(dlmp)); 2291 else 2292 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2293 NAME(rlmp)); 2294 } 2295 2296 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2297 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2298 _conv_reloc_type(M_R_COPY), demangle(name), 2299 NAME(dlmp)); 2300 } 2301 } 2302 2303 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2304 (Xword)rc.r_size)); 2305 return (1); 2306 } 2307 2308 /* 2309 * Determine the symbol location of an address within a link-map. Look for 2310 * the nearest symbol (whose value is less than or equal to the required 2311 * address). This is the object specific part of dladdr(). 2312 */ 2313 static void 2314 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2315 { 2316 ulong_t ndx, cnt, base, _value; 2317 Sym *sym, *_sym = NULL; 2318 const char *str; 2319 int _flags; 2320 uint_t *dynaddr_ndx; 2321 uint_t dynaddr_n = 0; 2322 ulong_t value; 2323 2324 /* 2325 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2326 * the dynsym that starts with any local function symbols that exist in 2327 * the library and then moves to the data held in SYMTAB(). In this 2328 * case, SUNWSYMSZ tells us how long the symbol table is. The 2329 * availability of local function symbols will enhance the results 2330 * we can provide. 2331 * 2332 * If SUNWSYMTAB() is non-NULL, then there might also be a 2333 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2334 * an array of indices into SUNWSYMTAB, sorted by increasing 2335 * address. We can use this to do an O(log N) search instead of a 2336 * brute force search. 2337 * 2338 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2339 * contains only global symbols. In that case, the length of 2340 * the symbol table comes from the nchain field of the related 2341 * symbol lookup hash table. 2342 */ 2343 str = STRTAB(lmp); 2344 if (SUNWSYMSZ(lmp) == NULL) { 2345 sym = SYMTAB(lmp); 2346 /* 2347 * If we don't have a .hash table there are no symbols 2348 * to look at. 2349 */ 2350 if (HASH(lmp) == NULL) 2351 return; 2352 cnt = HASH(lmp)[1]; 2353 } else { 2354 sym = SUNWSYMTAB(lmp); 2355 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2356 dynaddr_ndx = SUNWSYMSORT(lmp); 2357 if (dynaddr_ndx != NULL) 2358 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2359 } 2360 2361 if (FLAGS(lmp) & FLG_RT_FIXED) 2362 base = 0; 2363 else 2364 base = ADDR(lmp); 2365 2366 if (dynaddr_n > 0) { /* Binary search */ 2367 long low = 0, low_bnd; 2368 long high = dynaddr_n - 1, high_bnd; 2369 long mid; 2370 Sym *mid_sym; 2371 2372 /* 2373 * Note that SUNWSYMSORT only contains symbols types that 2374 * supply memory addresses, so there's no need to check and 2375 * filter out any other types. 2376 */ 2377 low_bnd = low; 2378 high_bnd = high; 2379 while (low <= high) { 2380 mid = (low + high) / 2; 2381 mid_sym = &sym[dynaddr_ndx[mid]]; 2382 value = mid_sym->st_value + base; 2383 if (addr < value) { 2384 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2385 addr) 2386 high_bnd = high; 2387 high = mid - 1; 2388 } else if (addr > value) { 2389 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2390 addr) 2391 low_bnd = low; 2392 low = mid + 1; 2393 } else { 2394 _sym = mid_sym; 2395 _value = value; 2396 break; 2397 } 2398 } 2399 /* 2400 * If the above didn't find it exactly, then we must 2401 * return the closest symbol with a value that doesn't 2402 * exceed the one we are looking for. If that symbol exists, 2403 * it will lie in the range bounded by low_bnd and 2404 * high_bnd. This is a linear search, but a short one. 2405 */ 2406 if (_sym == NULL) { 2407 for (mid = low_bnd; mid <= high_bnd; mid++) { 2408 mid_sym = &sym[dynaddr_ndx[mid]]; 2409 value = mid_sym->st_value + base; 2410 if (addr >= value) { 2411 _sym = mid_sym; 2412 _value = value; 2413 } else { 2414 break; 2415 } 2416 } 2417 } 2418 } else { /* Linear search */ 2419 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2420 /* 2421 * Skip expected symbol types that are not functions 2422 * or data: 2423 * - A symbol table starts with an undefined symbol 2424 * in slot 0. If we are using SUNWSYMTAB(), 2425 * there will be a second undefined symbol 2426 * right before the globals. 2427 * - The local part of SUNWSYMTAB() contains a 2428 * series of function symbols. Each section 2429 * starts with an initial STT_FILE symbol. 2430 */ 2431 if ((sym->st_shndx == SHN_UNDEF) || 2432 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2433 continue; 2434 2435 value = sym->st_value + base; 2436 if (value > addr) 2437 continue; 2438 if (value < _value) 2439 continue; 2440 2441 _sym = sym; 2442 _value = value; 2443 2444 /* 2445 * Note, because we accept local and global symbols 2446 * we could find a section symbol that matches the 2447 * associated address, which means that the symbol 2448 * name will be null. In this case continue the 2449 * search in case we can find a global symbol of 2450 * the same value. 2451 */ 2452 if ((value == addr) && 2453 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2454 break; 2455 } 2456 } 2457 2458 _flags = flags & RTLD_DL_MASK; 2459 if (_sym) { 2460 if (_flags == RTLD_DL_SYMENT) 2461 *info = (void *)_sym; 2462 else if (_flags == RTLD_DL_LINKMAP) 2463 *info = (void *)lmp; 2464 2465 dlip->dli_sname = str + _sym->st_name; 2466 dlip->dli_saddr = (void *)_value; 2467 } else { 2468 /* 2469 * addr lies between the beginning of the mapped segment and 2470 * the first global symbol. We have no symbol to return 2471 * and the caller requires one. We use _START_, the base 2472 * address of the mapping. 2473 */ 2474 2475 if (_flags == RTLD_DL_SYMENT) { 2476 /* 2477 * An actual symbol struct is needed, so we 2478 * construct one for _START_. To do this in a 2479 * fully accurate way requires a different symbol 2480 * for each mapped segment. This requires the 2481 * use of dynamic memory and a mutex. That's too much 2482 * plumbing for a fringe case of limited importance. 2483 * 2484 * Fortunately, we can simplify: 2485 * - Only the st_size and st_info fields are useful 2486 * outside of the linker internals. The others 2487 * reference things that outside code cannot see, 2488 * and can be set to 0. 2489 * - It's just a label and there is no size 2490 * to report. So, the size should be 0. 2491 * This means that only st_info needs a non-zero 2492 * (constant) value. A static struct will suffice. 2493 * It must be const (readonly) so the caller can't 2494 * change its meaning for subsequent callers. 2495 */ 2496 static const Sym fsym = { 0, 0, 0, 2497 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2498 *info = (void *) &fsym; 2499 } 2500 2501 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2502 dlip->dli_saddr = (void *) ADDR(lmp); 2503 } 2504 } 2505 2506 /* 2507 * This routine is called as a last fall-back to search for a symbol from a 2508 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing 2509 * the number of objects mapped, any symbol search is first carried out using 2510 * the objects that already exist in the process (either on a link-map list or 2511 * handle). If a symbol can't be found, and lazy dependencies are still 2512 * pending, this routine loads the dependencies in an attempt to locate the 2513 * symbol. 2514 */ 2515 Sym * 2516 elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo, int *in_nfavl) 2517 { 2518 Sym *sym = NULL; 2519 static APlist *alist = NULL; 2520 Aliste idx1; 2521 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap; 2522 const char *name = slp->sl_name; 2523 Slookup sl1 = *slp; 2524 Lm_list *lml; 2525 Lm_cntl *lmc; 2526 2527 /* 2528 * It's quite possible we've been here before to process objects, 2529 * therefore reinitialize our dynamic list. 2530 */ 2531 if (alist) 2532 aplist_reset(alist); 2533 2534 /* 2535 * Discard any relocation index from further symbol searches. This 2536 * index has already been used to trigger any necessary lazy-loads, 2537 * and it might be because one of these lazy loads has failed that 2538 * we're performing this fallback. By removing the relocation index 2539 * we don't try and perform the same failed lazy loading activity again. 2540 */ 2541 sl1.sl_rsymndx = 0; 2542 2543 /* 2544 * Determine the callers link-map list so that we can monitor whether 2545 * new objects have been added. 2546 */ 2547 lml = LIST(clmp); 2548 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp)); 2549 2550 /* 2551 * Generate a local list of new objects to process. This list can grow 2552 * as each object supplies its own lazy dependencies. 2553 */ 2554 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2555 return (NULL); 2556 2557 for (APLIST_TRAVERSE(alist, idx1, lmp1)) { 2558 uint_t cnt = 0; 2559 Dyninfo *dip, *pdip; 2560 2561 /* 2562 * Loop through the lazy DT_NEEDED entries examining each object 2563 * for the required symbol. If the symbol is not found, the 2564 * object is in turn added to the local alist, so that the 2565 * objects lazy DT_NEEDED entries can be examined. 2566 */ 2567 lmp = lmp1; 2568 for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp); 2569 cnt++, pdip = dip++) { 2570 Grp_hdl *ghp; 2571 Grp_desc *gdp; 2572 Rt_map *nlmp, *llmp; 2573 Slookup sl2; 2574 Aliste idx2; 2575 2576 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2577 dip->di_info) 2578 continue; 2579 2580 /* 2581 * If this object has already failed to lazy load, and 2582 * we're still processing the same runtime linker 2583 * operation that produced the failure, don't bother 2584 * to try and load the object again. 2585 */ 2586 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2587 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2588 if (pdip->di_info == (void *)ld_entry_cnt) 2589 continue; 2590 2591 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2592 pdip->di_info = NULL; 2593 } 2594 2595 /* 2596 * Determine the last link-map presently on the callers 2597 * link-map control list. 2598 */ 2599 llmp = lmc->lc_tail; 2600 2601 /* 2602 * Try loading this lazy dependency. If the object 2603 * can't be loaded, consider this non-fatal and continue 2604 * the search. Lazy loaded dependencies need not exist 2605 * and their loading should only turn out to be fatal 2606 * if they are required to satisfy a relocation. 2607 * 2608 * A successful lazy load can mean one of two things: 2609 * 2610 * - new objects have been loaded, in which case the 2611 * objects will have been analyzed, relocated, and 2612 * finally moved to the callers control list. 2613 * - the objects are already loaded, and this lazy 2614 * load has simply associated the referenced object 2615 * with it's lazy dependencies. 2616 * 2617 * If new objects are loaded, look in these objects 2618 * first. Note, a new object can be the object being 2619 * referenced by this lazy load, however we can also 2620 * descend into multiple lazy loads as we relocate this 2621 * reference. 2622 * 2623 * If the symbol hasn't been found, use the referenced 2624 * objects handle, as it might have dependencies on 2625 * objects that are already loaded. Note that existing 2626 * objects might have already been searched and skipped 2627 * as non-available to this caller. However, a lazy 2628 * load might have caused the promotion of modes, or 2629 * added this object to the family of the caller. In 2630 * either case, the handle associated with the object 2631 * is then used to carry out the symbol search. 2632 */ 2633 if ((nlmp = elf_lazy_load(lmp, &sl1, cnt, name, 2634 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL) 2635 continue; 2636 2637 if (NEXT_RT_MAP(llmp)) { 2638 /* 2639 * Look in any new objects. 2640 */ 2641 sl1.sl_imap = NEXT_RT_MAP(llmp); 2642 sl1.sl_flags &= ~LKUP_STDRELOC; 2643 2644 if ((sym = lookup_sym(&sl1, _lmp, binfo, 2645 in_nfavl)) != NULL) 2646 return (sym); 2647 } 2648 2649 /* 2650 * Use the objects handle to inspect the family of 2651 * objects associated with the handle. Note, there's 2652 * a possibility of overlap with the above search, 2653 * should a lazy load bring in new objects and 2654 * reference existing objects. 2655 */ 2656 sl2 = sl1; 2657 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2658 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) && 2659 (gdp->gd_flags & GPD_DLSYM)) { 2660 2661 sl2.sl_imap = gdp->gd_depend; 2662 sl2.sl_flags |= LKUP_FIRST; 2663 2664 if ((sym = lookup_sym(&sl2, _lmp, binfo, 2665 in_nfavl)) != NULL) 2666 return (sym); 2667 } 2668 } 2669 2670 /* 2671 * Some dlsym() operations are already traversing a 2672 * link-map (dlopen(0)), and thus there's no need to 2673 * save them on the dynamic dependency list. 2674 */ 2675 if (slp->sl_flags & LKUP_NODESCENT) 2676 continue; 2677 2678 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL) 2679 return (NULL); 2680 } 2681 } 2682 2683 return (NULL); 2684 } 2685 2686 /* 2687 * Warning message for bad r_offset. 2688 */ 2689 void 2690 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2691 ulong_t rsymndx) 2692 { 2693 const char *name = NULL; 2694 Lm_list *lml = LIST(lmp); 2695 int trace; 2696 2697 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2698 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2699 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2700 trace = 1; 2701 else 2702 trace = 0; 2703 2704 if ((trace == 0) && (DBG_ENABLED == 0)) 2705 return; 2706 2707 if (rsymndx) { 2708 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2709 (rsymndx * SYMENT(lmp))); 2710 2711 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2712 name = (char *)(STRTAB(lmp) + symref->st_name); 2713 } 2714 2715 if (name == NULL) 2716 name = MSG_INTL(MSG_STR_UNKNOWN); 2717 2718 if (trace) { 2719 const char *rstr; 2720 2721 rstr = _conv_reloc_type((uint_t)rtype); 2722 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2723 EC_ADDR(roffset)); 2724 return; 2725 } 2726 2727 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2728 } 2729 2730 /* 2731 * Resolve a static TLS relocation. 2732 */ 2733 long 2734 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2735 ulong_t roffset, long value) 2736 { 2737 Lm_list *lml = LIST(lmp); 2738 2739 /* 2740 * Relocations against a static TLS block have limited support once 2741 * process initialization has completed. Any error condition should be 2742 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2743 * however individual relocations are tested in case the dynamic flag 2744 * had not been set when this object was built. 2745 */ 2746 if (PTTLS(lmp) == NULL) { 2747 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2748 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2749 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2750 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2751 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2752 return (0); 2753 } 2754 2755 /* 2756 * If no static TLS has been set aside for this object, determine if 2757 * any can be obtained. Enforce that any object using static TLS is 2758 * non-deletable. 2759 */ 2760 if (TLSSTATOFF(lmp) == 0) { 2761 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2762 MODE(lmp) |= RTLD_NODELETE; 2763 2764 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2765 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2766 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2767 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2768 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2769 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2770 return (0); 2771 } 2772 } 2773 2774 /* 2775 * Typically, a static TLS offset is maintained as a symbols value. 2776 * For local symbols that are not apart of the dynamic symbol table, 2777 * the TLS relocation points to a section symbol, and the static TLS 2778 * offset was deposited in the associated GOT table. Make sure the GOT 2779 * is cleared, so that the value isn't reused in do_reloc(). 2780 */ 2781 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2782 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2783 value = *(long *)roffset; 2784 *(long *)roffset = 0; 2785 } else { 2786 value = sym->st_value; 2787 } 2788 } 2789 return (-(TLSSTATOFF(lmp) - value)); 2790 } 2791 2792 /* 2793 * If the symbol is not found and the reference was not to a weak symbol, report 2794 * an error. Weak references may be unresolved. 2795 */ 2796 int 2797 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2798 { 2799 Lm_list *lml = LIST(lmp); 2800 2801 /* 2802 * Under crle(1), relocation failures are ignored. 2803 */ 2804 if (lml->lm_flags & LML_FLG_IGNRELERR) 2805 return (1); 2806 2807 /* 2808 * Under ldd(1), unresolved references are reported. However, if the 2809 * original reference is EXTERN or PARENT these references are ignored 2810 * unless ldd's -p option is in effect. 2811 */ 2812 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2813 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2814 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2815 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2816 demangle(name), NAME(lmp)); 2817 } 2818 return (1); 2819 } 2820 2821 /* 2822 * Otherwise, the unresolved references is fatal. 2823 */ 2824 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2825 NULL, 0, name)); 2826 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2827 demangle(name)); 2828 2829 return (0); 2830 } 2831 2832 /* 2833 * Generic relative relocation function. 2834 */ 2835 inline static ulong_t 2836 _elf_reloc_relative(ulong_t rbgn, ulong_t base, Rt_map *lmp, APlist **textrel) 2837 { 2838 mmapobj_result_t *mpp; 2839 ulong_t roffset; 2840 2841 roffset = ((M_RELOC *)rbgn)->r_offset; 2842 roffset += base; 2843 2844 /* 2845 * If this relocation is against an address that is not associated with 2846 * a mapped segment, fall back to the generic relocation loop to 2847 * collect the associated error. 2848 */ 2849 if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) 2850 return (0); 2851 2852 /* 2853 * If this relocation is against a segment that does not provide write 2854 * access, set the write permission for all non-writable mappings. 2855 */ 2856 if (((mpp->mr_prot & PROT_WRITE) == 0) && textrel && 2857 ((set_prot(lmp, mpp, 1) == 0) || 2858 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) 2859 return (0); 2860 2861 /* 2862 * Perform the actual relocation. Note, for backward compatibility, 2863 * SPARC relocations are added to the offset contents (there was a time 2864 * when the offset was used to contain the addend, rather than using 2865 * the addend itself). 2866 */ 2867 #if defined(__sparc) 2868 *((ulong_t *)roffset) += base + ((M_RELOC *)rbgn)->r_addend; 2869 #elif defined(__amd64) 2870 *((ulong_t *)roffset) = base + ((M_RELOC *)rbgn)->r_addend; 2871 #else 2872 *((ulong_t *)roffset) += base; 2873 #endif 2874 return (1); 2875 } 2876 2877 /* 2878 * When a generic relocation loop realizes that it's dealing with relative 2879 * relocations, but no DT_RELCOUNT .dynamic tag is present, this tighter loop 2880 * is entered as an optimization. 2881 */ 2882 ulong_t 2883 elf_reloc_relative(ulong_t rbgn, ulong_t rend, ulong_t rsize, ulong_t base, 2884 Rt_map *lmp, APlist **textrel) 2885 { 2886 char rtype; 2887 2888 do { 2889 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2890 break; 2891 2892 rbgn += rsize; 2893 if (rbgn >= rend) 2894 break; 2895 2896 /* 2897 * Make sure the next type is a relative relocation. 2898 */ 2899 rtype = ELF_R_TYPE(((M_RELOC *)rbgn)->r_info, M_MACH); 2900 2901 } while (rtype == M_R_RELATIVE); 2902 2903 return (rbgn); 2904 } 2905 2906 /* 2907 * This is the tightest loop for RELATIVE relocations for those objects built 2908 * with the DT_RELACOUNT .dynamic entry. 2909 */ 2910 ulong_t 2911 elf_reloc_relative_count(ulong_t rbgn, ulong_t rcount, ulong_t rsize, 2912 ulong_t base, Rt_map *lmp, APlist **textrel) 2913 { 2914 for (; rcount; rcount--) { 2915 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2916 break; 2917 2918 rbgn += rsize; 2919 } 2920 return (rbgn); 2921 } 2922