xref: /illumos-gate/usr/src/cmd/sgs/rtld/common/external.c (revision 0250c53ad267726f2438e3c6556199a0bbf588a2)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
 * Copyright 2014 Garrett D'Amore <garrett@damore.org>
 * Copyright (c) 2017, Joyent, Inc.
 */

/*
 * Implementation of all external interfaces between ld.so.1 and libc.
 *
 * This file started as a set of routines that provided synchronization and
 * locking operations using calls to libthread.  libthread has merged with libc
 * under the Unified Process Model (UPM), and things have gotten a lot simpler.
 * This file continues to establish and redirect various events within ld.so.1
 * to interfaces within libc.
 *
 * Until libc is loaded and relocated, any external interfaces are captured
 * locally.  Each link-map list maintains its own set of external vectors, as
 * each link-map list typically provides its own libc.  Although this per-link-
 * map list vectoring provides a degree of flexibility, there is a protocol
 * expected when calling various libc interfaces.
 *
 * i.	Any new alternative link-map list should call CI_THRINIT, and then call
 *	CI_TLS_MODADD to register any TLS for each object of that link-map list
 *	(this item is labeled i. as auditors can be the first objects loaded,
 *	and they exist on their own lik-map list).
 *
 * ii.	For the primary link-map list, CI_TLS_STATMOD must be called first to
 *	register any static TLS.  This routine is called regardless of there
 *	being any TLS, as this routine also establishes the link-map list as the
 *	primary list and fixes the association of uberdata).  CI_THRINIT should
 *	then be called.
 *
 * iii.	Any objects added to an existing link-map list (primary or alternative)
 *	should call CI_TLS_MODADD to register any additional TLS.
 *
 * These events are established by:
 *
 * i.	Typically, libc is loaded as part of the primary dependencies of any
 *	link-map list (since the Unified Process Model (UPM), libc can't be
 *	lazily loaded).  To minimize the possibility of loading and registering
 *	objects, and then tearing them down (because of a relocation error),
 *	external vectors are established as part of load_completion().  This
 *	routine is called on completion of any operation that can cause objects
 *	to be loaded.  This point of control insures the objects have been fully
 *	analyzed and relocated, and moved to their controlling link-map list.
 *	The external vectors are established prior to any .inits being fired.
 *
 * ii.	Calls to CI_THRINIT, and CI_TLS_MODADD also occur as part of
 *	load_completion().  CI_THRINIT is only called once for each link-map
 *	control list.
 *
 * iii.	Calls to CI_TLS_STATMOD, and CI_THRINIT occur for the primary link-map
 *	list in the final stages of setup().
 *
 * The interfaces provide by libc can be divided into two families.  The first
 * family consists of those interfaces that should be called from the link-map
 * list.  It's possible that these interfaces convey state concerning the
 * link-map list they are part of:
 *
 *	CI_ATEXIT
 *	CI TLS_MODADD
 *	CI_TLS_MODREM
 *	CI_TLS_STATMOD
 *	CI_THRINIT
 *
 * The second family are global in nature, that is, the link-map list from
 * which they are called provides no state information.  In fact, for
 * CI_BIND_GUARD, the calling link-map isn't even known.  The link-map can only
 * be deduced after ld.so.1's global lock has been obtained.  Therefore, the
 * following interfaces are also maintained as global:
 *
 *	CI_LCMESSAGES
 *	CI_BIND_GUARD
 *	CI_BIND_CLEAR
 *	CI_THR_SELF
 *
 * Note, it is possible that these global interfaces are obtained from an
 * alternative link-map list that gets torn down because of a processing
 * failure (unlikely, because the link-map list components must be analyzed
 * and relocated prior to load_completion(), but perhaps the tear down is still
 * a possibility).  Thus the global interfaces may have to be replaced.  Once
 * the interfaces have been obtained from the primary link-map, they can
 * remain fixed, as the primary link-map isn't going to go anywhere.
 *
 * The last wrinkle in the puzzle is what happens if an alternative link-map
 * is loaded with no libc dependency?  In this case, the alternative objects
 * can not call CI_THRINIT, can not be allowed to use TLS, and will not receive
 * any atexit processing.
 *
 * The history of these external interfaces is defined by their version:
 *
 * TI_VERSION == 1
 *	Under this model libthread provided rw_rwlock/rw_unlock, through which
 *	all rt_mutex_lock/rt_mutex_unlock calls were vectored.
 *	Under libc/libthread these interfaces provided _sigon/_sigoff (unlike
 *	lwp/libthread that provided signal blocking via bind_guard/bind_clear).
 *
 * TI_VERSION == 2
 *	Under this model only libthreads bind_guard/bind_clear and thr_self
 *	interfaces were used.  Both libthreads blocked signals under the
 *	bind_guard/bind_clear interfaces.   Lower level locking is derived
 *	from internally bound _lwp_ interfaces.  This removes recursive
 *	problems encountered when obtaining locking interfaces from libthread.
 *	The use of mutexes over reader/writer locks also enables the use of
 *	condition variables for controlling thread concurrency (allows access
 *	to objects only after their .init has completed).
 *
 * NOTE, the TI_VERSION indicated the ti_interface version number, where the
 * ti_interface was a large vector of functions passed to both libc (to override
 * the thread stub interfaces) and ld.so.1.  ld.so.1 used only a small subset of
 * these interfaces.
 *
 * CI_VERSION == 1
 *	Introduced with CI_VERSION & CI_ATEXIT
 *
 * CI_VERSION == 2 (Solaris 8 update 2).
 *	Added support for CI_LCMESSAGES
 *
 * CI_VERSION == 3 (Solaris 9).
 *	Added the following versions to the CI table:
 *
 *		CI_BIND_GUARD, CI_BIND_CLEAR, CI_THR_SELF
 *		CI_TLS_MODADD, CI_TLS_MOD_REMOVE, CI_TLS_STATMOD
 *
 *	This version introduced the DT_SUNW_RTLDINFO structure as a mechanism
 *	to handshake with ld.so.1.
 *
 * CI_VERSION == 4 (Solaris 10).
 *	Added the CI_THRINIT handshake as part of the libc/libthread unified
 *	process model.  libc now initializes the current thread pointer from
 *	this interface (and no longer relies on the INITFIRST flag - which
 *	others have started to camp out on).
 *
 * CI_VERSION == 5 (Solaris 11).
 *	Use of "protected" references within libc, so that symbols are
 *	pre-bound, and don't require ld.so.1 binding.  This implementation
 *	protects libc's critical regions from being vectored to auditors.
 *
 * CI_VERSION == 6 (Solaris 11).
 *	Added the CI_CRITICAL handshake, to allow "mem*" family to be reexposed
 *	as "global", and thus be redirected to auxiliary filters.
 *
 * Release summary:
 *
 *	Solaris 8	CI_ATEXIT via _ld_libc()
 *			TI_* via _ld_concurrency()
 *
 *	Solaris 9	CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
 *			CI_* via RTLDINFO and _ld_libc()  - new libthread
 *			TI_* via _ld_concurrency()  - old libthread
 *
 *	Solaris 10	CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
 *			CI_* via RTLDINFO and _ld_libc()  - new libthread
 */

#include <sys/debug.h>
#include <synch.h>
#include <signal.h>
#include <thread.h>
#include <synch.h>
#include <strings.h>
#include <stdio.h>
#include <libintl.h>
#include <debug.h>
#include <libc_int.h>
#include <fcntl.h>
#include "_elf.h"
#include "_rtld.h"

/*
 * This interface provides the unified process model communication between
 * ld.so.1 and libc.  This interface can be called a number of times:
 *
 *   -	Initially, this interface is called to process RTLDINFO.  This data
 *	structure is typically provided by libc, and contains the address of
 *	libc interfaces that must be called to initialize threads information.
 *
 *   -	_ld_libc(), this interface can also be called by libc at process
 *	initialization, after libc has been loaded and relocated, but before
 *	control has been passed to any user code (.init's or main()).  This
 *	call provides additional libc interface information that ld.so.1 must
 *	call during process execution.
 *
 *   -	_ld_libc() can also be called by libc during process execution to
 *	re-establish interfaces such as the locale.
 */
static void
get_lcinterface(Rt_map *lmp, Lc_interface *funcs)
{
	int		threaded = 0, entry = 0, tag;
	Lm_list		*lml;
	Lc_desc		*lcp;

	if ((lmp == NULL) || (funcs == NULL))
		return;

	/*
	 * Once the process is active, ensure we grab a lock.
	 */
	if (rtld_flags & RT_FL_APPLIC)
		entry = enter(0);

	lml = LIST(lmp);
	lcp = &lml->lm_lcs[0];

	DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD));

	for (tag = funcs->ci_tag; tag; tag = (++funcs)->ci_tag) {
		char	*gptr;
		char	*lptr = funcs->ci_un.ci_ptr;

		DBG_CALL(Dbg_util_lcinterface(lmp, tag, lptr));

		if (tag >= CI_MAX)
			continue;

		/*
		 * Maintain all interfaces on a per-link-map basis.  Note, for
		 * most interfaces, only the first interface is used for any
		 * link-map list.  This prevents accidents with developers who
		 * manage to load two different versions of libc.
		 */
		if ((lcp[tag].lc_lmp) &&
		    (tag != CI_LCMESSAGES) && (tag != CI_VERSION)) {
			DBG_CALL(Dbg_unused_lcinterface(lmp,
			    lcp[tag].lc_lmp, tag));
			continue;
		}

		lcp[tag].lc_un.lc_ptr = lptr;
		lcp[tag].lc_lmp = lmp;

		gptr = glcs[tag].lc_un.lc_ptr;

		/*
		 * Process any interfaces that must be maintained on a global
		 * basis.
		 */
		switch (tag) {
		case CI_ATEXIT:
			break;

		case CI_LCMESSAGES:
			/*
			 * At startup, ld.so.1 can establish a locale from one
			 * of the locale family of environment variables (see
			 * ld_str_env() and readenv_user()).  During process
			 * execution the locale can also be changed by the user.
			 * This interface is called from libc should the locale
			 * be modified.  Presently, only one global locale is
			 * maintained for all link-map lists, and only objects
			 * on the primrary link-map may change this locale.
			 */
			if ((lml->lm_flags & LML_FLG_BASELM) &&
			    ((gptr == NULL) || (strcmp(gptr, lptr) != 0))) {
				/*
				 * If we've obtained a message locale (typically
				 * supplied via libc's setlocale()), then
				 * register the locale for use in dgettext() so
				 * as to reestablish the locale for ld.so.1's
				 * messages.
				 */
				if (gptr) {
					free((void *)gptr);
					rtld_flags |= RT_FL_NEWLOCALE;
				}
				glcs[tag].lc_un.lc_ptr = strdup(lptr);

				/*
				 * Clear any cached messages.
				 */
				bzero(err_strs, sizeof (err_strs));
				nosym_str = NULL;
			}
			break;

		case CI_BIND_GUARD:
		case CI_BIND_CLEAR:
		case CI_THR_SELF:
		case CI_CRITICAL:
			/*
			 * If the global vector is unset, or this is the primary
			 * link-map, set the global vector.
			 */
			if ((gptr == NULL) || (lml->lm_flags & LML_FLG_BASELM))
				glcs[tag].lc_un.lc_ptr = lptr;

			/* FALLTHROUGH */

		case CI_TLS_MODADD:
		case CI_TLS_MODREM:
		case CI_TLS_STATMOD:
		case CI_THRINIT:
			threaded++;
			break;

		case CI_VERSION:
			if ((rtld_flags2 & RT_FL2_RTLDSEEN) == 0) {
				Aliste	idx;
				Lm_list	*lml2;
				int	version;

				rtld_flags2 |= RT_FL2_RTLDSEEN;

				version = funcs->ci_un.ci_val;
#if defined(CI_V_FIVE)
				if (version >= CI_V_FIVE) {
					thr_flg_nolock = THR_FLG_NOLOCK;
					thr_flg_reenter = THR_FLG_REENTER;
				}
#endif
				if (version < CI_V_FOUR)
					break;

				rtld_flags2 |= RT_FL2_UNIFPROC;

				/*
				 * We might have seen an auditor which is not
				 * dependent on libc.  Such an auditor's link
				 * map list has LML_FLG_HOLDLOCK set.  This
				 * lock needs to be dropped.  Refer to
				 * audit_setup() in audit.c.
				 */
				if ((rtld_flags2 & RT_FL2_HASAUDIT) == 0)
					break;

				/*
				 * Yes, we did.  Take care of them.
				 */
				for (APLIST_TRAVERSE(dynlm_list, idx, lml2)) {
					Rt_map *map = (Rt_map *)lml2->lm_head;

					if (FLAGS(map) & FLG_RT_AUDIT) {
						lml2->lm_flags &=
						    ~LML_FLG_HOLDLOCK;
					}
				}
			}
			break;

		default:
			break;
		}
	}

	if (threaded) {
		/*
		 * If a version of libc gives us only a subset of the TLS
		 * interfaces, it's confused and we discard the whole lot.
		 */
		if (((lcp[CI_TLS_MODADD].lc_un.lc_func != NULL) &&
		    (lcp[CI_TLS_MODREM].lc_un.lc_func != NULL) &&
		    (lcp[CI_TLS_STATMOD].lc_un.lc_func != NULL)) == 0) {
			lcp[CI_TLS_MODADD].lc_un.lc_func = NULL;
			lcp[CI_TLS_MODREM].lc_un.lc_func = NULL;
			lcp[CI_TLS_STATMOD].lc_un.lc_func = NULL;
		}

		/*
		 * Indicate that we're now thread capable.
		 */
		if ((lml->lm_flags & LML_FLG_RTLDLM) == 0)
			rtld_flags |= RT_FL_THREADS;
	}

	if (entry)
		leave(lml, 0);
}

/*
 * At this point we know we have a set of objects that have been fully analyzed
 * and relocated.  Prior to the next major step of running .init sections (ie.
 * running user code), retrieve any RTLDINFO interfaces.
 */
int
rt_get_extern(Lm_list *lml, Rt_map *lmp)
{
	if (lml->lm_rti) {
		Aliste		idx;
		Rti_desc	*rti;

		for (ALIST_TRAVERSE(lml->lm_rti, idx, rti))
			get_lcinterface(rti->rti_lmp, rti->rti_info);

		free(lml->lm_rti);
		lml->lm_rti = 0;
	}

	/*
	 * Perform some sanity checks.  If we have TLS requirements we better
	 * have the associated external interfaces.
	 */
	if (lml->lm_tls &&
	    (lml->lm_lcs[CI_TLS_STATMOD].lc_un.lc_func == NULL)) {
		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_NOSUPPORT),
		    NAME(lmp));
		return (0);
	}
	return (1);
}

/*
 * Provide an interface for libc to communicate additional interface
 * information.
 */
void
_ld_libc(void *ptr)
{
	get_lcinterface(_caller(caller(), CL_EXECDEF), (Lc_interface *)ptr);
}

static int	bindmask = 0;

int
rt_bind_guard(int flags)
{
	int	(*fptr)(int);
	int	bindflag;

	if ((fptr = glcs[CI_BIND_GUARD].lc_un.lc_func) != NULL) {
		return ((*fptr)(flags));
	} else {
		bindflag = (flags & THR_FLG_RTLD);
		if ((bindflag & bindmask) == 0) {
			bindmask |= bindflag;
			return (1);
		}
		return (0);
	}
}

int
rt_bind_clear(int flags)
{
	int	(*fptr)(int);
	int	bindflag;

	if ((fptr = glcs[CI_BIND_CLEAR].lc_un.lc_func) != NULL) {
		return ((*fptr)(flags));
	} else {
		bindflag = (flags & THR_FLG_RTLD);
		if (bindflag == 0)
			return (bindmask);
		else {
			bindmask &= ~bindflag;
			return (0);
		}
	}
}

/*
 * Make sure threads have been initialized.  This interface is called once for
 * each link-map list.
 */
void
rt_thr_init(Lm_list *lml)
{
	int	(*fptr)(void);

	if ((fptr = lml->lm_lcs[CI_THRINIT].lc_un.lc_func) != NULL) {
		lml->lm_lcs[CI_THRINIT].lc_un.lc_func = NULL;

		leave(lml, thr_flg_reenter);
		(void) (*fptr)();
		(void) enter(thr_flg_reenter);

		/*
		 * If this is an alternative link-map list, and this is the
		 * first call to initialize threads, don't let the destination
		 * libc be deleted.  It is possible that an auditors complete
		 * initialization fails, but there is presently no main link-map
		 * list.  As this libc has established the thread pointer, don't
		 * delete this libc, otherwise the initialization of libc on the
		 * main link-map can be compromised during its threads
		 * initialization.
		 */
		if (((lml->lm_flags & LML_FLG_BASELM) == 0) &&
		    ((rtld_flags2 & RT_FL2_PLMSETUP) == 0))
			MODE(lml->lm_lcs[CI_THRINIT].lc_lmp) |= RTLD_NODELETE;
	}
}

thread_t
rt_thr_self()
{
	thread_t	(*fptr)(void);

	if ((fptr = (thread_t (*)())glcs[CI_THR_SELF].lc_un.lc_func) != NULL)
		return ((*fptr)());

	return (1);
}

int
rt_mutex_lock(Rt_lock *mp)
{
	return (_lwp_mutex_lock((lwp_mutex_t *)mp));
}

int
rt_mutex_unlock(Rt_lock *mp)
{
	return (_lwp_mutex_unlock((lwp_mutex_t *)mp));
}

/*
 * Test whether we're in a libc critical region.  Certain function references,
 * like the "mem*" family, might require binding.  Although these functions can
 * safely bind to auxiliary filtees, they should not be captured by auditors.
 */
int
rt_critical()
{
	int	(*fptr)(void);

	if ((fptr = glcs[CI_CRITICAL].lc_un.lc_func) != NULL)
		return ((*fptr)());

	return (0);
}

/*
 * Mutex interfaces to resolve references from any objects extracted from
 * libc_pic.a.  Note, as ld.so.1 is essentially single threaded these can be
 * noops.
 */
#pragma weak lmutex_lock = mutex_lock
/* ARGSUSED */
int
mutex_lock(mutex_t *mp)
{
	return (0);
}

#pragma weak lmutex_unlock = mutex_unlock
/* ARGSUSED */
int
mutex_unlock(mutex_t *mp)
{
	return (0);
}

/* ARGSUSED */
int
mutex_init(mutex_t *mp, int type, void *arg)
{
	return (0);
}

/* ARGSUSED */
int
mutex_destroy(mutex_t *mp)
{
	return (0);
}

/*
 * This is needed to satisfy sysconf() (case _SC_THREAD_STACK_MIN)
 */
size_t
thr_min_stack()
{
	return (sizeof (uintptr_t) * 1024);
}

/*
 * Local str[n]casecmp() interfaces for the dynamic linker,
 * to avoid problems when linking with libc_pic.a
 */
int
strcasecmp(const char *s1, const char *s2)
{
	extern int ascii_strcasecmp(const char *, const char *);

	return (ascii_strcasecmp(s1, s2));
}

int
strncasecmp(const char *s1, const char *s2, size_t n)
{
	extern int ascii_strncasecmp(const char *, const char *, size_t);

	return (ascii_strncasecmp(s1, s2, n));
}

/*
 * The following functions are cancellation points in libc.
 * They are called from other functions in libc that we extract
 * and use directly.  We don't do cancellation while we are in
 * the dynamic linker, so we redefine these to call the primitive,
 * non-cancellation interfaces.
 */
int
close(int fildes)
{
	extern int __close(int);

	return (__close(fildes));
}

int
fcntl(int fildes, int cmd, ...)
{
	extern int __fcntl(int, int, ...);
	intptr_t arg, arg1 = 0;
	va_list ap;

	va_start(ap, cmd);
	switch (cmd) {
	case F_DUP3FD:
		arg = va_arg(ap, int);
		arg1 = va_arg(ap, int);
		break;
	default:
		arg = va_arg(ap, intptr_t);
		break;
	}
	va_end(ap);
	return (__fcntl(fildes, cmd, arg, arg1));
}

int
open(const char *path, int oflag, ...)
{
	extern int __open(const char *, int, mode_t);
	mode_t mode;
	va_list ap;

	va_start(ap, oflag);
	mode = va_arg(ap, mode_t);
	va_end(ap);
	return (__open(path, oflag, mode));
}

int
openat(int fd, const char *path, int oflag, ...)
{
	extern int __openat(int, const char *, int, mode_t);
	mode_t mode;
	va_list ap;

	va_start(ap, oflag);
	mode = va_arg(ap, mode_t);
	va_end(ap);
	return (__openat(fd, path, oflag, mode));
}

ssize_t
read(int fd, void *buf, size_t size)
{
	extern ssize_t __read(int, void *, size_t);
	return (__read(fd, buf, size));
}

ssize_t
write(int fd, const void *buf, size_t size)
{
	extern ssize_t __write(int, const void *, size_t);
	return (__write(fd, buf, size));
}

/*
 * ASCII versions of ctype character classification functions.  This avoids
 * pulling in the entire locale framework that is in libc.
 */

int
isdigit(int c)
{
	return ((c >= '0' && c <= '9') ? 1 : 0);
}

int
isupper(int c)
{
	return ((c >= 'A' && c <= 'Z') ? 1 : 0);
}

int
islower(int c)
{
	return ((c >= 'a' && c <= 'z') ? 1 : 0);
}

int
isspace(int c)
{
	return (((c == ' ') || (c == '\t') || (c == '\r') || (c == '\n') ||
	    (c == '\v') || (c == '\f')) ? 1 : 0);
}

int
isxdigit(int c)
{
	return ((isdigit(c) || (c >= 'A' && c <= 'F') ||
	    (c >= 'a' && c <= 'f')) ? 1 : 0);
}

int
isalpha(int c)
{
	return ((isupper(c) || islower(c)) ? 1 : 0);
}

int
isalnum(int c)
{
	return ((isalpha(c) || isdigit(c)) ? 1 : 0);
}

#if defined(__i386) || defined(__amd64)
/*
 * Instead of utilizing the comm page for clock_gettime and gettimeofday, rtld
 * uses the raw syscall instead.  Doing so decreases the surface of symbols
 * needed from libc for a modest performance cost.
 */
extern int __clock_gettime_sys(clockid_t, struct timespec *);

int
__clock_gettime(clockid_t clock_id, struct timespec *tp)
{
	return (__clock_gettime_sys(clock_id, tp));
}

int
gettimeofday(struct timeval *tv, void *tz)
{
	if (tv != NULL) {
		/*
		 * Perform the same logic as the libc gettimeofday() when it
		 * lacks comm page support: Make the clock_gettime syscall and
		 * divide out the tv_usec field as required.
		 */
		(void) __clock_gettime_sys(CLOCK_REALTIME, (timespec_t *)tv);
		tv->tv_usec /= 1000;
	}

	return (0);
}
#endif /* defined(__i386) || defined(__amd64) */

/*
 * In a similar vein to the is* functions above, we also have to define our own
 * version of strerror, as it is implemented in terms of the locale aware
 * strerror_l, and we'd rather not have the full set of libc symbols used here.
 */
extern const char _sys_errs[];
extern const int _sys_index[];
extern int _sys_num_err;

char *
strerror(int errnum)
{
	if (errnum < _sys_num_err && errnum >= 0) {
		return (dgettext("SUNW_OST_OSLIB",
		    (char *)&_sys_errs[_sys_index[errnum]]));
	}

	errno = EINVAL;
	return (dgettext("SUNW_OST_OSLIB", "Unknown error"));
}