1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Run time linker common setup. 34 * 35 * Called from _setup to get the process going at startup. 36 */ 37 38 #include <stdlib.h> 39 #include <fcntl.h> 40 #include <stdio.h> 41 #include <sys/types.h> 42 #include <sys/stat.h> 43 #include <sys/mman.h> 44 #include <string.h> 45 #include <stdio.h> 46 #include <unistd.h> 47 #include <dlfcn.h> 48 #include <sys/sysconfig.h> 49 #include <sys/auxv.h> 50 #include <debug.h> 51 #include <conv.h> 52 #include "_rtld.h" 53 #include "_audit.h" 54 #include "_elf.h" 55 #include "_a.out.h" 56 #include "msg.h" 57 58 59 extern int _end, _edata, _etext; 60 extern void _init(void); 61 extern int _brk_unlocked(void *); 62 63 #ifndef SGS_PRE_UNIFIED_PROCESS 64 /* needed for _brk_unlocked() */ 65 void *_nd = &_end; 66 #endif 67 68 /* 69 * Define for the executable's interpreter. 70 * Usually it is ld.so.1, but for the first release of ICL binaries 71 * it is libc.so.1. We keep this information so that we don't end 72 * up mapping libc twice if it is the interpreter. 73 */ 74 static Interp _interp; 75 76 static int 77 preload(const char *str, Rt_map *lmp) 78 { 79 Alist *palp = NULL; 80 Rt_map *clmp = lmp; 81 char *objs, *ptr, *next; 82 Word lmflags = lml_main.lm_flags; 83 uint_t flags; 84 85 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 86 87 if ((objs = strdup(str)) == NULL) 88 return (0); 89 90 /* 91 * Establish the flags for loading each object. If we're called via 92 * lddstub, then the first shared object is the object being inspected 93 * by ldd(1). This object should not be marked as an interposer, as 94 * it is intended to act like the first object of the process. 95 */ 96 if ((lmflags & LML_FLG_TRC_ENABLE) && (FLAGS1(lmp) & FL1_RT_LDDSTUB)) 97 flags = FLG_RT_PRELOAD; 98 else 99 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); 100 101 ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); 102 do { 103 Rt_map *nlmp = NULL; 104 105 DBG_CALL(Dbg_file_preload(&lml_main, ptr)); 106 107 /* 108 * If this a secure application, then preload errors are 109 * reduced to warnings, as the errors are non-fatal. 110 */ 111 if (rtld_flags & RT_FL_SECURE) 112 rtld_flags2 |= RT_FL2_FTL2WARN; 113 if (expand_paths(clmp, ptr, &palp, AL_CNT_NEEDED, 114 PD_FLG_EXTLOAD, 0) != 0) 115 nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, clmp, 116 MODE(lmp), flags, 0, NULL); 117 remove_plist(&palp, 0); 118 if (rtld_flags & RT_FL_SECURE) 119 rtld_flags2 &= ~RT_FL2_FTL2WARN; 120 if (nlmp && (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 121 nlmp = NULL; 122 123 /* 124 * Establish state for the next preloadable object. If no 125 * error occurred with loading this object, indicate that this 126 * link-map list contains an interposer. 127 */ 128 flags |= FLG_RT_OBJINTPO; 129 if (nlmp == NULL) { 130 if ((lmflags & LML_FLG_TRC_ENABLE) || 131 (rtld_flags & RT_FL_SECURE)) 132 continue; 133 else 134 return (0); 135 } 136 lml_main.lm_flags |= LML_FLG_INTRPOSE; 137 138 /* 139 * If we're tracing shared objects via lddstub, establish a 140 * binding between the initial shared object and lddstub so that 141 * the shared object isn't called out from unused() processing. 142 * After the first object is loaded increment the caller to the 143 * initial preloaded object to provide intuitive ldd -v and -s 144 * diagnostics 145 */ 146 if ((lmflags & LML_FLG_TRC_ENABLE) && 147 (FLAGS1(lmp) & FL1_RT_LDDSTUB)) { 148 if ((lmp == clmp) && (lmflags & 149 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED))) { 150 if (bind_one(clmp, nlmp, BND_REFER) == 0) 151 continue; 152 } 153 clmp = NEXT_RT_MAP(lmp); 154 } 155 156 } while ((ptr = strtok_r(NULL, 157 MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL); 158 159 free(palp); 160 free(objs); 161 return (1); 162 } 163 164 Rt_map * 165 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, 166 char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr, 167 char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid, 168 void *aoutdyn, int auxflags, uint_t hwcap_1) 169 { 170 Rt_map *rlmp, *mlmp, **tobj = NULL; 171 Ehdr *ehdr; 172 rtld_stat_t status; 173 int features = 0, ldsoexec = 0; 174 size_t eaddr, esize; 175 char *str, *argvname; 176 Word lmflags; 177 mmapobj_result_t *mpp; 178 Fdesc fdr = { 0 }, fdm = { 0 }; 179 Rej_desc rej = { 0 }; 180 181 /* 182 * Now that ld.so has relocated itself, initialize our own 'environ' so 183 * as to establish an address suitable for libc's hardware mul/div 184 * magic (libc/sparc/crt/hwmuldiv.o). 185 */ 186 _environ = (char **)((ulong_t)auxv - sizeof (char *)); 187 _init(); 188 _environ = envp; 189 190 /* 191 * Determine how ld.so.1 has been executed. 192 */ 193 if ((fd == -1) && (phdr == NULL)) { 194 /* 195 * If we received neither the AT_EXECFD nor the AT_PHDR aux 196 * vector, ld.so.1 must have been invoked directly from the 197 * command line. 198 */ 199 ldsoexec = 1; 200 201 /* 202 * AT_SUN_EXECNAME provides the most precise name, if it is 203 * available, otherwise fall back to argv[0]. At this time, 204 * there is no process name. 205 */ 206 if (execname) 207 rtldname = execname; 208 else if (argv[0]) 209 rtldname = argv[0]; 210 else 211 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 212 } else { 213 /* 214 * Otherwise, we have a standard process. AT_SUN_EXECNAME 215 * provides the most precise name, if it is available, 216 * otherwise fall back to argv[0]. Provided the application 217 * is already mapped, the process is the application, so 218 * simplify the application name for use in any diagnostics. 219 */ 220 if (execname) 221 argvname = execname; 222 else if (argv[0]) 223 argvname = execname = argv[0]; 224 else 225 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 226 227 if (fd == -1) { 228 if ((str = strrchr(argvname, '/')) != NULL) 229 procname = ++str; 230 else 231 procname = argvname; 232 } 233 234 /* 235 * At this point, we don't know the runtime linkers full path 236 * name. The _rtldname passed to us is the SONAME of the 237 * runtime linker, which is typically /lib/ld.so.1 no matter 238 * what the full path is. Use this for now, we'll reset the 239 * runtime linkers name once the application is analyzed. 240 */ 241 if (_rtldname) { 242 if ((str = strrchr(_rtldname, '/')) != NULL) 243 rtldname = ++str; 244 else 245 rtldname = _rtldname; 246 } else 247 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 248 } 249 250 /* 251 * Initialize any global variables. 252 */ 253 at_flags = _flags; 254 platform = _platform; 255 256 /* 257 * If pagesize is unspecified find its value. 258 */ 259 if ((syspagsz = _syspagsz) == 0) 260 syspagsz = _sysconfig(_CONFIG_PAGESIZE); 261 262 /* 263 * Add the unused portion of the last data page to the free space list. 264 * The page size must be set before doing this. Here, _end refers to 265 * the end of the runtime linkers bss. Note that we do not use the 266 * unused data pages from any included .so's to supplement this free 267 * space as badly behaved .os's may corrupt this data space, and in so 268 * doing ruin our data. 269 */ 270 eaddr = S_DROUND((size_t)&_end); 271 esize = eaddr % syspagsz; 272 if (esize) { 273 esize = syspagsz - esize; 274 addfree((void *)eaddr, esize); 275 } 276 277 /* 278 * Establish initial link-map list flags, and link-map list alists. 279 */ 280 if (alist_append(&lml_main.lm_lists, 0, sizeof (Lm_cntl), 281 AL_CNT_LMLISTS) == NULL) 282 return (0); 283 lml_main.lm_flags |= LML_FLG_BASELM; 284 lml_main.lm_lmid = LM_ID_BASE; 285 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); 286 287 if (alist_append(&lml_rtld.lm_lists, 0, sizeof (Lm_cntl), 288 AL_CNT_LMLISTS) == NULL) 289 return (0); 290 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_NOAUDIT | 291 LML_FLG_HOLDLOCK); 292 lml_rtld.lm_lmid = LM_ID_LDSO; 293 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); 294 295 /* 296 * Determine whether we have a secure executable. 297 */ 298 security(uid, euid, gid, egid, auxflags); 299 300 /* 301 * Initialize a hardware capability descriptor for use in comparing 302 * each loaded object. 303 */ 304 if (auxflags & AF_SUN_HWCAPVERIFY) { 305 rtld_flags2 |= RT_FL2_HWCAP; 306 hwcap = (ulong_t)hwcap_1; 307 } 308 309 /* 310 * Look for environment strings (allows things like LD_NOAUDIT to be 311 * established, although debugging isn't enabled until later). 312 */ 313 if ((readenv_user((const char **)envp, &(lml_main.lm_flags), 314 &(lml_main.lm_tflags), (aoutdyn != 0))) == 1) 315 return (0); 316 317 /* 318 * Create a mapping descriptor for ld.so.1. We can determine our 319 * two segments information from known symbols. 320 */ 321 if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL) 322 return (0); 323 mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base); 324 mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr; 325 mpp[0].mr_fsize = mpp[0].mr_msize; 326 mpp[0].mr_prot = (PROT_READ | PROT_EXEC); 327 328 mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug); 329 mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr; 330 mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr; 331 mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC); 332 333 if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL) 334 return (0); 335 if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr, 336 (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base), 337 NULL, NULL)) == NULL) 338 return (0); 339 340 MMAPS(rlmp) = mpp; 341 MMAPCNT(rlmp) = 2; 342 PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr; 343 PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr + 344 (ulong_t)mpp[1].mr_msize; 345 346 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 347 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | 348 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); 349 350 /* 351 * Initialize the runtime linkers information. 352 */ 353 interp = &_interp; 354 interp->i_name = (char *)rtldname; 355 interp->i_faddr = (caddr_t)ADDR(rlmp); 356 ldso_plt_init(rlmp); 357 358 /* 359 * If ld.so.1 has been invoked directly, process its arguments. 360 */ 361 if (ldsoexec) { 362 /* 363 * Process any arguments that are specific to ld.so.1, and 364 * reorganize the process stack to effectively remove ld.so.1 365 * from it. Reinitialize the environment pointer, as this may 366 * have been shifted after skipping ld.so.1's arguments. 367 */ 368 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), 369 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { 370 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); 371 return (0); 372 } 373 _environ = envp; 374 375 /* 376 * Open the object that ld.so.1 is to execute. 377 */ 378 argvname = execname = argv[0]; 379 380 if ((fd = open(argvname, O_RDONLY)) == -1) { 381 int err = errno; 382 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), 383 argvname, strerror(err)); 384 return (0); 385 } 386 } 387 388 /* 389 * Map in the file, if exec has not already done so, or if the file 390 * was passed as an argument to an explicit execution of ld.so.1 from 391 * the command line. 392 */ 393 if (fd != -1) { 394 /* 395 * Map the file. Once the object is mapped we no longer need 396 * the file descriptor. 397 */ 398 (void) rtld_fstat(fd, &status); 399 fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname, 400 fd, &rej); 401 (void) close(fd); 402 403 if (fdm.fd_ftp == NULL) { 404 Conv_reject_desc_buf_t rej_buf; 405 406 eprintf(&lml_main, ERR_FATAL, 407 MSG_INTL(err_reject[rej.rej_type]), argvname, 408 conv_reject_desc(&rej, &rej_buf, M_MACH)); 409 return (0); 410 } 411 412 /* 413 * Finish processing the loading of the file. 414 */ 415 if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL) 416 return (0); 417 fdm.fd_dev = status.st_dev; 418 fdm.fd_ino = status.st_ino; 419 420 if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, &fdm, 421 NULL)) == NULL) 422 return (0); 423 424 /* 425 * We now have a process name for error diagnostics. 426 */ 427 if ((str = strrchr(argvname, '/')) != NULL) 428 procname = ++str; 429 else 430 procname = argvname; 431 432 if (ldsoexec) { 433 mmapobj_result_t *mpp = MMAPS(mlmp); 434 uint_t mnum, mapnum = MMAPCNT(mlmp); 435 void *brkbase = NULL; 436 437 /* 438 * Since ld.so.1 was the primary executed object - the 439 * brk() base has not yet been initialized, we need to 440 * initialize it. For an executable, initialize it to 441 * the end of the object. For a shared object (ET_DYN) 442 * initialize it to the first page in memory. 443 */ 444 for (mnum = 0; mnum < mapnum; mnum++, mpp++) 445 brkbase = mpp->mr_addr + mpp->mr_msize; 446 447 if (brkbase == NULL) 448 brkbase = (void *)syspagsz; 449 450 if (_brk_unlocked(brkbase) == -1) { 451 int err = errno; 452 453 eprintf(&lml_main, ERR_FATAL, 454 MSG_INTL(MSG_SYS_BRK), argvname, 455 strerror(err)); 456 return (0); 457 } 458 } 459 } else { 460 /* 461 * Set up function ptr and arguments according to the type 462 * of file class the executable is. (Currently only supported 463 * types are ELF and a.out format.) Then create a link map 464 * for the executable. 465 */ 466 if (aoutdyn) { 467 #ifdef A_OUT 468 mmapobj_result_t *mpp; 469 470 /* 471 * Create a mapping structure sufficient to describe 472 * a single two segments. The ADDR() of the a.out is 473 * established as 0, which is required but the AOUT 474 * relocation code. 475 */ 476 if ((mpp = 477 calloc(sizeof (mmapobj_result_t), 2)) == NULL) 478 return (0); 479 480 if ((fdm.fd_nname = 481 stravl_insert(execname, 0, 0, 0)) == NULL) 482 return (0); 483 if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA, 484 &fdm, 0, 0, aoutdyn, NULL)) == NULL) 485 return (0); 486 487 /* 488 * Establish the true mapping information for the a.out. 489 */ 490 if (aout_get_mmap(&lml_main, mpp)) { 491 free(mpp); 492 return (0); 493 } 494 495 MSIZE(mlmp) = 496 (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) - 497 S_ALIGN((size_t)mpp[0].mr_addr, syspagsz); 498 MMAPS(mlmp) = mpp; 499 MMAPCNT(mlmp) = 2; 500 PADSTART(mlmp) = (ulong_t)mpp->mr_addr; 501 PADIMLEN(mlmp) = mpp->mr_msize; 502 503 /* 504 * Disable any object configuration cache (BCP apps 505 * bring in sbcp which can benefit from any object 506 * cache, but both the app and sbcp can't use the same 507 * objects). 508 */ 509 rtld_flags |= RT_FL_NOOBJALT; 510 511 /* 512 * Make sure no-direct bindings are in effect. 513 */ 514 lml_main.lm_tflags |= LML_TFLG_NODIRECT; 515 #else 516 eprintf(&lml_main, ERR_FATAL, 517 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); 518 return (0); 519 #endif 520 } else if (phdr) { 521 Phdr *pptr; 522 Off i_offset = 0; 523 Addr base = 0; 524 ulong_t phsize; 525 mmapobj_result_t *mpp, *fmpp, *hmpp = NULL; 526 uint_t mapnum = 0; 527 int i; 528 size_t msize; 529 530 /* 531 * Using the executables phdr address determine the base 532 * address of the input file. NOTE, this assumes the 533 * program headers and elf header are part of the same 534 * mapped segment. Although this has held for many 535 * years now, it might be more flexible if the kernel 536 * gave use the ELF headers start address, rather than 537 * the Program headers. 538 * 539 * Determine from the ELF header if we're been called 540 * from a shared object or dynamic executable. If the 541 * latter, then any addresses within the object are used 542 * as is. Addresses within shared objects must be added 543 * to the process's base address. 544 */ 545 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); 546 phsize = ehdr->e_phentsize; 547 if (ehdr->e_type == ET_DYN) 548 base = (Addr)ehdr; 549 550 /* 551 * Allocate a mapping array to retain mapped segment 552 * information. 553 */ 554 if ((fmpp = mpp = calloc(ehdr->e_phnum, 555 sizeof (mmapobj_result_t))) == NULL) 556 return (0); 557 558 /* 559 * Extract the needed information from the segment 560 * headers. 561 */ 562 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { 563 if (pptr->p_type == PT_INTERP) { 564 i_offset = pptr->p_offset; 565 interp->i_faddr = 566 (caddr_t)interp_base; 567 } 568 if ((pptr->p_type == PT_LOAD) && 569 (pptr->p_filesz || pptr->p_memsz)) { 570 int perm = (PROT_READ | PROT_EXEC); 571 size_t off; 572 573 if (i_offset && pptr->p_filesz && 574 (i_offset >= pptr->p_offset) && 575 (i_offset <= 576 (pptr->p_memsz + pptr->p_offset))) { 577 interp->i_name = (char *) 578 pptr->p_vaddr + i_offset - 579 pptr->p_offset + base; 580 i_offset = 0; 581 } 582 583 if (pptr->p_flags & PF_W) 584 perm |= PROT_WRITE; 585 586 /* 587 * Retain segments mapping info. Round 588 * each segment to a page boundary, as 589 * this insures addresses are suitable 590 * for mprotect() if required. 591 */ 592 off = pptr->p_vaddr + base; 593 if (hmpp == NULL) { 594 hmpp = mpp; 595 mpp->mr_addr = (caddr_t)ehdr; 596 } else 597 mpp->mr_addr = (caddr_t)off; 598 599 off -= (size_t)(uintptr_t)mpp->mr_addr; 600 mpp->mr_msize = pptr->p_memsz + off; 601 mpp->mr_fsize = pptr->p_filesz + off; 602 mpp->mr_prot = perm; 603 604 mpp++, mapnum++; 605 } 606 607 pptr = (Phdr *)((ulong_t)pptr + phsize); 608 } 609 610 mpp--; 611 msize = (size_t)(mpp->mr_addr + mpp->mr_msize) - 612 S_ALIGN((size_t)fmpp->mr_addr, syspagsz); 613 614 if ((fdm.fd_nname = 615 stravl_insert(execname, 0, 0, 0)) == NULL) 616 return (0); 617 if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA, &fdm, 618 (Addr)hmpp->mr_addr, msize, NULL, NULL)) == NULL) 619 return (0); 620 621 MMAPS(mlmp) = fmpp; 622 MMAPCNT(mlmp) = mapnum; 623 PADSTART(mlmp) = (ulong_t)fmpp->mr_addr; 624 PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr + 625 (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize; 626 } 627 } 628 629 /* 630 * Establish the interpretors name as that defined within the initial 631 * object (executable). This provides for ORIGIN processing of ld.so.1 632 * dependencies. Note, the NAME() of the object remains that which was 633 * passed to us as the SONAME on execution. 634 */ 635 if (ldsoexec == 0) { 636 size_t len = strlen(interp->i_name); 637 638 if (expand(&interp->i_name, &len, 0, 0, 639 (PD_TKN_ISALIST | PD_TKN_HWCAP), rlmp) & PD_TKN_RESOLVED) 640 fdr.fd_flags |= FLG_FD_RESOLVED; 641 } 642 fdr.fd_pname = interp->i_name; 643 (void) fullpath(rlmp, &fdr); 644 645 /* 646 * The runtime linker acts as a filtee for various dl*() functions that 647 * are defined in libc (and libdl). Make sure this standard name for 648 * the runtime linker is also registered in the FullPathNode AVL tree. 649 */ 650 (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0); 651 652 /* 653 * Having established the true runtime linkers name, simplify the name 654 * for error diagnostics. 655 */ 656 if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL) 657 rtldname = ++str; 658 else 659 rtldname = PATHNAME(rlmp); 660 661 /* 662 * Expand the fullpath name of the application. This typically occurs 663 * as a part of loading an object, but as the kernel probably mapped 664 * it in, complete this processing now. 665 */ 666 (void) fullpath(mlmp, 0); 667 668 /* 669 * Some troublesome programs will change the value of argv[0]. Dupping 670 * the process string protects us, and insures the string is left in 671 * any core files. 672 */ 673 if ((str = (char *)strdup(procname)) == NULL) 674 return (0); 675 procname = str; 676 677 #if defined(_ELF64) 678 /* 679 * If this is a 64-bit process, determine whether this process has 680 * restricted the process address space to 32-bits. Any dependencies 681 * that are restricted to a 32-bit address space can only be loaded if 682 * the executable has established this requirement. 683 */ 684 if (SFCAP(mlmp) & SF1_SUNW_ADDR32) 685 rtld_flags2 |= RT_FL2_ADDR32; 686 #endif 687 /* 688 * Validate any hardware capabilities information. 689 */ 690 if (HWCAP(mlmp) && (hwcap_check(HWCAP(mlmp), &rej) == 0)) { 691 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 692 (void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1), 693 NAME(mlmp), rej.rej_str); 694 } else { 695 eprintf(&lml_main, ERR_FATAL, 696 MSG_INTL(MSG_GEN_BADHWCAP_1), rej.rej_str); 697 return (0); 698 } 699 } 700 701 /* 702 * Validate any software capabilities information, other than 703 * SF1_SUNW_ADDR32. Only dependencies need check their SF1_SUNW_ADDR32 704 * use against the application enabling a 32-bit address space. 705 */ 706 if ((SFCAP(mlmp) & ~SF1_SUNW_ADDR32) && 707 (sfcap_check(SFCAP(mlmp), &rej) == 0)) { 708 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 709 (void) printf(MSG_INTL(MSG_LDD_GEN_SFCAP_1), 710 NAME(mlmp), rej.rej_str); 711 } else { 712 eprintf(&lml_main, ERR_FATAL, 713 MSG_INTL(MSG_GEN_BADSFCAP_1), rej.rej_str); 714 return (0); 715 } 716 } 717 718 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); 719 FLAGS1(mlmp) |= FL1_RT_USED; 720 721 /* 722 * It's the responsibility of MAIN(crt0) to call it's _init and _fini 723 * section, therefore null out any INIT/FINI so that this object isn't 724 * collected during tsort processing. And, if the application has no 725 * initarray or finiarray we can economize on establishing bindings. 726 */ 727 INIT(mlmp) = FINI(mlmp) = NULL; 728 if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL)) 729 FLAGS1(mlmp) |= FL1_RT_NOINIFIN; 730 731 /* 732 * Identify lddstub if necessary. 733 */ 734 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) 735 FLAGS1(mlmp) |= FL1_RT_LDDSTUB; 736 737 /* 738 * Retain our argument information for use in dlinfo. 739 */ 740 argsinfo.dla_argv = argv--; 741 argsinfo.dla_argc = (long)*argv; 742 argsinfo.dla_envp = envp; 743 argsinfo.dla_auxv = auxv; 744 745 (void) enter(0); 746 747 /* 748 * Add our two main link-maps to the dynlm_list 749 */ 750 if (list_append(&dynlm_list, &lml_main) == NULL) 751 return (0); 752 753 if (list_append(&dynlm_list, &lml_rtld) == NULL) 754 return (0); 755 756 /* 757 * Reset the link-map counts for both lists. The init count is used to 758 * track how many objects have pending init sections, this gets incre- 759 * mented each time an object is relocated. Since ld.so.1 relocates 760 * itself, it's init count will remain zero. 761 * The object count is used to track how many objects have pending fini 762 * sections, as ld.so.1 handles its own fini we can zero its count. 763 */ 764 lml_main.lm_obj = 1; 765 lml_rtld.lm_obj = 0; 766 767 /* 768 * Initialize debugger information structure. Some parts of this 769 * structure were initialized statically. 770 */ 771 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; 772 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; 773 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; 774 r_debug.rtd_dynlmlst = &dynlm_list; 775 776 if (platform) 777 platform_sz = strlen(platform); 778 779 /* 780 * Determine the dev/inode information for the executable to complete 781 * load_so() checking for those who might dlopen(a.out). 782 */ 783 if (rtld_stat(PATHNAME(mlmp), &status) == 0) { 784 STDEV(mlmp) = status.st_dev; 785 STINO(mlmp) = status.st_ino; 786 } 787 788 /* 789 * Initialize any configuration information. 790 */ 791 if (!(rtld_flags & RT_FL_NOCFG)) { 792 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) 793 return (0); 794 } 795 796 /* 797 * Establish the modes of the initial object. These modes are 798 * propagated to any preloaded objects and explicit shared library 799 * dependencies. 800 * 801 * If we're generating a configuration file using crle(1), remove 802 * any RTLD_NOW use, as we don't want to trigger any relocation proc- 803 * essing during crle(1)'s first past (this would just be unnecessary 804 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is 805 * not required to trigger filter loading. 806 * 807 * Note, RTLD_NOW may have been established during analysis of the 808 * application had the application been built -z now. 809 */ 810 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 811 812 if (rtld_flags & RT_FL_CONFGEN) { 813 MODE(mlmp) |= RTLD_CONFGEN; 814 MODE(mlmp) &= ~RTLD_NOW; 815 rtld_flags2 &= ~RT_FL2_BINDNOW; 816 } 817 818 if ((MODE(mlmp) & RTLD_NOW) == 0) { 819 if (rtld_flags2 & RT_FL2_BINDNOW) 820 MODE(mlmp) |= RTLD_NOW; 821 else 822 MODE(mlmp) |= RTLD_LAZY; 823 } 824 825 /* 826 * If debugging was requested initialize things now that any cache has 827 * been established. A user can specify LD_DEBUG=help to discover the 828 * list of debugging tokens available without running the application. 829 * However, don't allow this setting from a configuration file. 830 * 831 * Note, to prevent recursion issues caused by loading and binding the 832 * debugging libraries themselves, a local debugging descriptor is 833 * initialized. Once the debugging setup has completed, this local 834 * descriptor is copied to the global descriptor which effectively 835 * enables diagnostic output. 836 */ 837 if (rpl_debug || prm_debug) { 838 Dbg_desc _dbg_desc = {0, 0, 0}; 839 840 if (rpl_debug) { 841 uintptr_t ret; 842 843 if ((ret = dbg_setup(rpl_debug, &_dbg_desc)) == S_ERROR) 844 return (0); 845 if (ret == 0) 846 rtldexit(&lml_main, 0); 847 } 848 if (prm_debug) 849 (void) dbg_setup(prm_debug, &_dbg_desc); 850 851 *dbg_desc = _dbg_desc; 852 } 853 854 /* 855 * Now that debugging is enabled generate any diagnostics from any 856 * previous events. 857 */ 858 if (hwcap) 859 DBG_CALL(Dbg_cap_val_hw1(&lml_main, hwcap, M_MACH)); 860 if (features) 861 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, 862 features)); 863 864 if (DBG_ENABLED) { 865 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, 866 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); 867 868 if (THIS_IS_ELF(mlmp)) { 869 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), 870 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 871 ALIST_OFF_DATA)); 872 } else { 873 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), 874 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 875 ALIST_OFF_DATA)); 876 } 877 } 878 879 /* 880 * Enable auditing. 881 */ 882 if (rpl_audit || prm_audit || profile_lib) { 883 int ndx; 884 const char *aud[3]; 885 886 aud[0] = rpl_audit; 887 aud[1] = prm_audit; 888 aud[2] = profile_lib; 889 890 /* 891 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that 892 * can't be established is non-fatal. 893 */ 894 if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL) 895 return (0); 896 897 for (ndx = 0; ndx < 3; ndx++) { 898 if (aud[ndx]) { 899 if ((auditors->ad_name = 900 strdup(aud[ndx])) == NULL) 901 return (0); 902 rtld_flags2 |= RT_FL2_FTL2WARN; 903 (void) audit_setup(mlmp, auditors, 904 PD_FLG_EXTLOAD, NULL); 905 rtld_flags2 &= ~RT_FL2_FTL2WARN; 906 } 907 } 908 lml_main.lm_tflags |= auditors->ad_flags; 909 } 910 if (AUDITORS(mlmp)) { 911 /* 912 * Any object required auditing (set with a DT_DEPAUDIT dynamic 913 * entry) that can't be established is fatal. 914 */ 915 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { 916 /* 917 * If this object requires global auditing, use the 918 * local auditing information to set the global 919 * auditing descriptor. The effect is that a 920 * DT_DEPAUDIT act as an LD_AUDIT. 921 */ 922 if ((auditors == NULL) && ((auditors = calloc(1, 923 sizeof (Audit_desc))) == NULL)) 924 return (0); 925 926 auditors->ad_name = AUDITORS(mlmp)->ad_name; 927 if (audit_setup(mlmp, auditors, 0, NULL) == 0) 928 return (0); 929 lml_main.lm_tflags |= auditors->ad_flags; 930 931 /* 932 * Clear the local auditor information. 933 */ 934 free((void *) AUDITORS(mlmp)); 935 AUDITORS(mlmp) = NULL; 936 937 } else { 938 /* 939 * Establish any local auditing. 940 */ 941 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) 942 return (0); 943 944 AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags; 945 lml_main.lm_flags |= LML_FLG_LOCAUDIT; 946 } 947 } 948 949 /* 950 * Explicitly add the initial object and ld.so.1 to those objects being 951 * audited. Note, although the ld.so.1 link-map isn't auditable, 952 * establish a cookie for ld.so.1 as this may be bound to via the 953 * dl*() family. 954 */ 955 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) { 956 if (((audit_objopen(mlmp, mlmp) == 0) || 957 (audit_objopen(mlmp, rlmp) == 0)) && 958 (AFLAGS(mlmp) & LML_TFLG_AUD_MASK)) 959 return (0); 960 } 961 962 /* 963 * Map in any preloadable shared objects. Note, it is valid to preload 964 * a 4.x shared object with a 5.0 executable (or visa-versa), as this 965 * functionality is required by ldd(1). 966 */ 967 if (rpl_preload && (preload(rpl_preload, mlmp) == 0)) 968 return (0); 969 if (prm_preload && (preload(prm_preload, mlmp) == 0)) 970 return (0); 971 972 /* 973 * Load all dependent (needed) objects. 974 */ 975 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, NULL) == NULL) 976 return (0); 977 978 /* 979 * Relocate all the dependencies we've just added. 980 * 981 * If this process has been established via crle(1), the environment 982 * variable LD_CONFGEN will have been set. crle(1) may create this 983 * process twice. The first time crle only needs to gather dependency 984 * information. The second time, is to dldump() the images. 985 * 986 * If we're only gathering dependencies, relocation is unnecessary. 987 * As crle(1) may be building an arbitrary family of objects, they may 988 * not fully relocate either. Hence the relocation phase is not carried 989 * out now, but will be called by crle(1) once all objects have been 990 * loaded. 991 */ 992 if ((rtld_flags & RT_FL_CONFGEN) == 0) { 993 994 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 995 996 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, 997 mlmp, NULL) == 0) 998 return (0); 999 1000 /* 1001 * Inform the debuggers we're here and stable. Newer debuggers 1002 * can indicate their presence by setting the DT_DEBUG entry in 1003 * the dynamic executable (see elf_new_lm()). In this case call 1004 * getpid() so the debugger can catch the system call. This 1005 * handshake allows the debugger to initialize, and consequently 1006 * allows the user to set break points in .init code. 1007 */ 1008 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); 1009 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); 1010 1011 if (rtld_flags & RT_FL_DEBUGGER) { 1012 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; 1013 (void) getpid(); 1014 } 1015 } 1016 1017 /* 1018 * Indicate preinit activity, and call any auditing routines. These 1019 * routines are called before initializing any threads via libc, or 1020 * before collecting the complete set of .inits on the primary link-map. 1021 * Although most libc interfaces are encapsulated in local routines 1022 * within libc, they have been known to escape (ie. call a .plt). As 1023 * the appcert auditor uses preinit as a trigger to establish some 1024 * external interfaces to the main link-maps libc, we need to activate 1025 * this trigger before exercising any code within libc. Additionally, 1026 * I wouldn't put it past an auditor to add additional objects to the 1027 * primary link-map. Hence, we collect .inits after the audit call. 1028 */ 1029 rd_event(&lml_main, RD_PREINIT, 0); 1030 1031 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY) 1032 audit_activity(mlmp, LA_ACT_CONSISTENT); 1033 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT) 1034 audit_preinit(mlmp); 1035 1036 /* 1037 * If we're creating initial configuration information, we're done 1038 * now that the auditing step has been called. 1039 */ 1040 if (rtld_flags & RT_FL_CONFGEN) { 1041 leave(LIST(mlmp), 0); 1042 return (mlmp); 1043 } 1044 1045 /* 1046 * Sort the .init sections of all objects we've added. If we're 1047 * tracing we only need to execute this under ldd(1) with the -i or -u 1048 * options. 1049 */ 1050 lmflags = lml_main.lm_flags; 1051 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || 1052 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { 1053 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, 1054 RT_SORT_REV)) == (Rt_map **)S_ERROR) 1055 return (0); 1056 } 1057 1058 /* 1059 * If we are tracing we're done. This is the one legitimate use of a 1060 * direct call to rtldexit() rather than return, as we don't want to 1061 * return and jump to the application. 1062 */ 1063 if (lmflags & LML_FLG_TRC_ENABLE) { 1064 unused(&lml_main); 1065 rtldexit(&lml_main, 0); 1066 } 1067 1068 /* 1069 * Check if this instance of the linker should have a primary link 1070 * map. This flag allows multiple copies of the -same- -version- 1071 * of the linker (and libc) to run in the same address space. 1072 * 1073 * Without this flag we only support one copy of the linker in a 1074 * process because by default the linker will always try to 1075 * initialize at one primary link map The copy of libc which is 1076 * initialized on a primary link map will initalize global TLS 1077 * data which can be shared with other copies of libc in the 1078 * process. The problem is that if there is more than one copy 1079 * of the linker, only one copy should link libc onto a primary 1080 * link map, otherwise libc will attempt to re-initialize global 1081 * TLS data. So when a copy of the linker is loaded with this 1082 * flag set, it will not initialize any primary link maps since 1083 * persumably another copy of the linker will do this. 1084 * 1085 * Note that this flag only allows multiple copies of the -same- 1086 * -version- of the linker (and libc) to coexist. This approach 1087 * will not work if we are trying to load different versions of 1088 * the linker and libc into the same process. The reason for 1089 * this is that the format of the global TLS data may not be 1090 * the same for different versions of libc. In this case each 1091 * different version of libc must have it's own primary link map 1092 * and be able to maintain it's own TLS data. The only way this 1093 * can be done is by carefully managing TLS pointers on transitions 1094 * between code associated with each of the different linkers. 1095 * Note that this is actually what is done for processes in lx 1096 * branded zones. Although in the lx branded zone case, the 1097 * other linker and libc are actually gld and glibc. But the 1098 * same general TLS management mechanism used by the lx brand 1099 * would apply to any attempts to run multiple versions of the 1100 * solaris linker and libc in a single process. 1101 */ 1102 if (auxflags & AF_SUN_NOPLM) 1103 rtld_flags2 |= RT_FL2_NOPLM; 1104 1105 /* 1106 * Establish any static TLS for this primary link-map. Note, regardless 1107 * of whether TLS is available, an initial handshake occurs with libc to 1108 * indicate we're processing the primary link-map. Having identified 1109 * the primary link-map, initialize threads. 1110 */ 1111 if (rt_get_extern(&lml_main, mlmp) == 0) 1112 return (0); 1113 1114 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { 1115 if (tls_statmod(&lml_main, mlmp) == 0) 1116 return (0); 1117 rt_thr_init(&lml_main); 1118 rtld_flags2 |= RT_FL2_PLMSETUP; 1119 } else { 1120 rt_thr_init(&lml_main); 1121 } 1122 1123 rtld_flags |= RT_FL_APPLIC; 1124 1125 /* 1126 * Fire all dependencies .init sections. Identify any unused 1127 * dependencies, and leave the runtime linker - effectively calling 1128 * the dynamic executables entry point. 1129 */ 1130 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, 1131 SHT_PREINIT_ARRAY); 1132 1133 if (tobj) 1134 call_init(tobj, DBG_INIT_SORT); 1135 1136 rd_event(&lml_main, RD_POSTINIT, 0); 1137 1138 unused(&lml_main); 1139 1140 DBG_CALL(Dbg_util_call_main(mlmp)); 1141 1142 rtld_flags |= RT_FL_OPERATION; 1143 leave(LIST(mlmp), 0); 1144 1145 return (mlmp); 1146 } 1147