xref: /illumos-gate/usr/src/tools/scripts/check_rtime.pl (revision 160abee025ef30c34521b981edd40ffcaab560aa) 
1#!/usr/perl5/bin/perl -w
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"%Z%%M%	%I%	%E% SMI"
28#
29
30#
31# Check ELF information.
32#
33# This script descends a directory hierarchy inspecting ELF dynamic executables
34# and shared objects.  The general theme is to verify that common Makefile rules
35# have been used to build these objects.  Typical failures occur when Makefile
36# rules are re-invented rather than being inherited from "cmd/lib" Makefiles.
37#
38# As always, a number of components don't follow the rules, and these are
39# excluded to reduce this scripts output.  Pathnames used for this exclusion
40# assume this script is being run over a "proto" area.  The -a (all) option
41# skips any exclusions.
42#
43# By default any file that has conditions that should be reported is first
44# listed and then each condition follows.  The -o (one-line) option produces a
45# more terse output which is better for sorting/diffing with "nightly".
46#
47# NOTE: missing dependencies, symbols or versions are reported by running the
48# file through ldd(1).  As objects within a proto area are built to exist in a
49# base system, standard use of ldd(1) will bind any objects to dependencies
50# that exist in the base system.  It is frequently the case that newer objects
51# exist in the proto area that are required to satisfy other objects
52# dependencies, and without using these newer objects an ldd(1) will produce
53# misleading error messages.  To compensate for this, the -d option (or the
54# existence of the CODEMSG_WS/ROOT environment variables) cause the creation of
55# alternative dependency mappings via crle(1) configuration files that establish
56# any proto shared objects as alternatives to their base system location.  Thus
57# ldd(1) can be executed against these configuration files so that objects in a
58# proto area bind to their dependencies in the same proto area.
59
60
61# Define all global variables (required for strict)
62use vars  qw($SkipDirs $SkipFiles $SkipTextrelFiles);
63use vars  qw($SkipUndefDirs $SkipUndefFiles $SkipUnusedDirs $SkipUnusedFiles);
64use vars  qw($SkipStabFiles $SkipNoExStkFiles $SkipCrleConf);
65use vars  qw($UnusedNoise $Prog $Mach $Isalist $Env $Ena64 $Tmpdir $Error);
66use vars  qw($UnusedFiles $UnusedPaths $LddNoU $Crle32 $Crle64 $Conf32 $Conf64);
67use vars  qw($SkipInterps $SkipSymSort $OldDeps %opt);
68
69use strict;
70
71
72# Define any directories we should skip completely.
73$SkipDirs = qr{
74	etc/lib |			# special - used for partial statics
75	usr/lib/devfsadm |		# 4382889
76	usr/lib/libc |			# optimized libc
77	usr/lib/rcm |			# 4426119
78	usr/perl5 |			# alan's taking care of these :-)
79	usr/src				# no need to look at shipped source
80}x;
81
82# Define any files we should skip completely.
83$SkipFiles = qr{ ^(?:
84	ld\.so\.1 |			# confusing but correct dependencies
85	lddstub |			# lddstub has no dependencies
86	libmakestate\.so\.1 |		# temporary; delivered by compiler group
87	libm\.so\.1 |			# temporary; delivered by compiler group
88	libm\.so\.2 |			# temporary; delivered by compiler group
89	geniconvtbl\.so |		# 4384329
90	libssagent\.so\.1 |		# 4328854
91	libpsvcplugin_psr\.so\.1 |	# 4385799
92	libpsvcpolicy_psr\.so\.1 |	#  "  "
93	libpsvcpolicy\.so\.1 |		#  "  "
94	picl_slm\.so |			#  "  "
95	libcrypto_extra\.so\.0\.9\.8 |	# OpenSSL SUNWcry filter lib
96	libssl_extra\.so\.0\.9\.8 |	# OpenSSL SUNWcry filter lib
97	fcpackage\.so |			# circular dependency on fcthread.so
98	mod_ipp\.so |			# Apache loadable module
99	grub
100	)$
101}x;
102
103# Define any files that are allowed text relocations.
104$SkipTextrelFiles = qr{ ^(?:
105	unix |				# kernel models are non-pic
106	mdb				# relocations against __RTC (dbx)
107	)$
108}x;
109
110# Define any files that are allowed undefined references.
111$SkipUndefDirs = qr{
112	usr/lib/elfedit/ |		# elfedit modules have callbacks
113	usr/lib/inet/ppp/ |		# pppd plugins have callbacks
114	usr/lib/libp/ |			# libc.so.1 requires _mcount
115	/lib/mdb/ |			# mdb modules have callbacks
116	/lib/fm/fmd/plugins/ |		# fmd modules have callbacks
117	/lib/fm/fmd/schemes/ |		# fmd schemes have callbacks
118	/i86pc/lib/mtst/		# mtst modules have callbacks
119}x;
120
121$SkipUndefFiles = qr{ ^(?:
122	libthread_db\.so\.0 |		# callbacks to proc service interface
123	libthread_db\.so\.1 |		#  "	"	"	"
124	librtld_db\.so\.1 |		#  "	"	"	"
125	libc_db\.so\.1 |		#  "	"	"	"
126	libldstab\.so\.1 |		# link-edit support libraries have
127	libld\.so\.[2-4] |			# callback to the link-editors
128	liblddbg\.so\.4 |		#  "	"	"	"
129	librtld\.so\.1 |		#  "	"	"	"
130	libnisdb\.so\.2 |		# C++
131	libsvm\.so\.1 |			# libspmicommon.so.1 lacking
132	libwanboot\.so\.1 |		# libcrypto.a and libssl.a
133	libwrap\.so\.1\.0 |		# uses symbols provided by application
134	fcthread\.so |			# uses symbols provided by application
135	fn\.so\.2 |			# callback to automount
136	preen_md\.so\.1 |		# callback to driver
137	libike\.so\.1 |			# callbacks to in.iked for IKE policy
138	devfsadmd_mod\.so |		# sysevent module callback to syseventd
139	sysevent_conf_mod\.so |		# sysevent module callback to syseventd
140	sysevent_reg_mod\.so		# sysevent module callback to syseventd
141	)$
142}x;
143
144# Define any files that have unused dependencies.
145$SkipUnusedDirs = qr{
146	lib/picl/plugins/ |		# require devtree dependencies
147	/lib/libp			# profile libc makes libm an unused
148}x;					#	dependency of standard libc
149
150$SkipUnusedFiles = qr{ ^(?:
151	devfsadm |			# 4382889
152	disks |				#  "  "
153	tapes |				#  "  "
154	ports |				#  "  "
155	audlinks |			#  "  "
156	devlinks |			#  "  "
157	drvconfig |			#  "  "
158	ntptrace |			# on intel doesn't need libmd5
159	ocfserv |			# libsched unreference by libjvm,
160	poold |				#	see 4952319.
161	libc\.so\.1\.9 |		# 4lib/libc versions have private
162	libc\.so\.2\.9			#	copies of stuff from libc.
163	)$
164}x;
165
166# Define any files that should contain debugging information.
167$SkipStabFiles = qr{ ^(?:
168	abi_.* |
169	interceptors\.so\.1 |
170	unix
171	)$
172}x;
173
174# Define any files that don't require a non-executable stack definition.
175$SkipNoExStkFiles = qr{ ^(?:
176	forth |
177	unix |
178	multiboot
179	)$
180}x;
181
182# Identify any files that should be skipped when building a crle(1)
183# configuration file.  As the hwcap libraries can be loop-back mounted onto
184# libc, these can confuse crle(1) because of their identical dev/inode.
185$SkipCrleConf = qr{
186	lib/libc/libc_hwcap
187}x;
188
189# Define any files that should only have unused (ldd -u) processing.
190$UnusedPaths = qr{
191	ucb/shutdown			# libucb interposes on libc and makes
192					# dependencies on libc seem unnecessary
193}x;
194
195$UnusedFiles = qr{ ^(?:
196	rpc\.nisd			# CCNEEDED makes pthread unreferenced
197	)$
198}x;
199
200# Define unused dependencies we should ignore.
201# libCrun has a unnecessary dependency on libw, and libmapmalloc is often
202# defined to interpose on libc but isn't used by the application itself.
203# Threads dependencies look unused if libc is bound first.
204$UnusedNoise = qr{
205	libw\.so\.1;\ unused |
206	unused\ object=.*libw\.so\.1 |
207	libthread\.so\.1;\ unused |
208	libpthread\.so\.1;\ unused |
209	unused\ object=.*libpthread\.so\.1 |
210	libnsl\.so\.1;\ unused\ dependency\ of\ .*libxslt\.so\.1 |
211	libdl\.so\.1;\ unused\ dependency\ of\ .*libspmicommon\.so\.1 |
212	libdl\.so\.1;\ unused\ dependency\ of\ .*libCrun\.so\.1 |
213	libfru\.so\.1;\ unused\ object=.*libdl\.so\.1 |
214	libfrupicl\.so\.1;\ unused\ object=.*libdl\.so\.1 |
215	libmapmalloc\.so\.1;\ unused |
216	unused\ dependency\ of\ .*libstdc\+\+\.so\.6 |
217	unreferenced\ object=.*libstdc\+\+\.so\.6 |
218	unused\ dependency\ of\ .*libnetsnmp\.so\.5 |
219	unused\ dependency\ of\ .*libnetsnmphelpers\.so\.5 |
220	unused\ dependency\ of\ .*libnetsnmpmibs\.so\.5 |
221	unused\ dependency\ of\ .*libnetsnmpagent\.so\.5
222}x;
223
224# Define interpreters we should ignore.
225$SkipInterps = qr{
226	misc/krtld |
227	misc/amd64/krtld |
228	misc/sparcv9/krtld
229}x;
230
231# Catch libintl and libw, although ld(1) will bind to these and thus determine
232# they're needed, their content was moved into libc as of on297 build 7.
233# libthread and libpthread were completely moved into libc as of on10 build 53.
234# Also, catch libdl, whose content was moved into libc as of on10 build 49.
235$OldDeps = qr{ ^(?:
236	libintl\.so\.1 |
237	libw\.so\.1 |
238	libthread\.so\.1 |
239	libpthread\.so\.1 |
240	libdl\.so\.1
241	)$
242}x;
243
244# Files for which we skip checking of duplicate addresses in the
245# symbol sort sections. Such exceptions should be rare --- most code will
246# not have duplicate addresses, since it takes assember or a "#pragma weak"
247# to do such aliasing in C. C++ is different: The compiler generates aliases
248# for implementation reasons, and the mangled names used to encode argument
249# and return value types are difficult to handle well in mapfiles.
250# Furthermore, the Sun compiler and gcc use different and incompatible
251# name mangling conventions. Since ON must be buildable by either, we
252# would have to maintain two sets of mapfiles for each such object.
253# C++ use is rare in ON, so this is not worth pursuing.
254#
255$SkipSymSort = qr{ ^.*(?:
256	opt/SUNWdtrt/tst/common/pid/tst.weak2.exe |	# DTrace test
257	lib/amd64/libnsl\.so\.1 |			# C++
258	lib/sparcv9/libnsl\.so\.1 |			# C++
259	lib/sparcv9/libfru\.so\.1 |			# C++
260	usr/lib/sgml/nsgmls				# C++
261	)$
262}x;
263
264use Getopt::Std;
265
266# -----------------------------------------------------------------------------
267
268# Reliably compare two OS revisions.  Arguments are <ver1> <op> <ver2>.
269# <op> is the string form of a normal numeric comparison operator.
270sub cmp_os_ver {
271	my @ver1 = split(/\./, $_[0]);
272	my $op = $_[1];
273	my @ver2 = split(/\./, $_[2]);
274
275	push @ver2, ("0") x $#ver1 - $#ver2;
276	push @ver1, ("0") x $#ver2 - $#ver1;
277
278	my $diff = 0;
279	while (@ver1 || @ver2) {
280		if (($diff = shift(@ver1) - shift(@ver2)) != 0) {
281			last;
282		}
283	}
284	return (eval "$diff $op 0" ? 1 : 0);
285}
286
287# This script relies on ldd returning output reflecting only the binary
288# contents.  But if LD_PRELOAD* environment variables are present, libraries
289# named by them will also appear in the output, disrupting our analysis.
290# So, before we get too far, scrub the environment.
291
292delete($ENV{LD_PRELOAD});
293delete($ENV{LD_PRELOAD_32});
294delete($ENV{LD_PRELOAD_64});
295
296# Establish a program name for any error diagnostics.
297chomp($Prog = `basename $0`);
298
299# Determine what machinery is available.
300$Mach = `uname -p`;
301$Isalist = `isalist`;
302$Env = "";
303if ($Mach =~ /sparc/) {
304	if ($Isalist =~ /sparcv9/) {
305		$Ena64 = "ok";
306	}
307} elsif ($Mach =~ /i386/) {
308	if ($Isalist =~ /amd64/) {
309		$Ena64 = "ok";
310	}
311}
312
313# Check that we have arguments.
314if ((getopts('ad:imos', \%opt) == 0) || ($#ARGV == -1)) {
315	print "usage: $Prog [-a] [-d depdir] [-m] [-o] [-s] file | dir, ...\n";
316	print "\t[-a]\t\tprocess all files (ignore any exception lists)\n";
317	print "\t[-d dir]\testablish dependencies from under directory\n";
318	print "\t[-i]\t\tproduce dynamic table entry information\n";
319	print "\t[-m]\t\tprocess mcs(1) comments\n";
320	print "\t[-o]\t\tproduce one-liner output (prefixed with pathname)\n";
321	print "\t[-s]\t\tprocess .stab and .symtab entries\n";
322	exit 1;
323} else {
324	my($Proto);
325
326	if ($opt{d}) {
327		# User specified dependency directory - make sure it exists.
328		if (! -d $opt{d}) {
329			print "$Prog: $opt{d} is not a directory\n";
330			exit 1;
331		}
332		$Proto = $opt{d};
333
334	} elsif ($ENV{CODEMGR_WS}) {
335		my($Root);
336
337		# Without a user specified dependency directory see if we're
338		# part of a codemanager workspace and if a proto area exists.
339		if (($Root = $ENV{ROOT}) && (-d $Root)) {
340			$Proto = $Root;
341		}
342	}
343
344	if (!($Tmpdir = $ENV{TMPDIR}) || (! -d $Tmpdir)) {
345		$Tmpdir = "/tmp";
346	}
347
348	# Look for dependencies under $Proto.
349	if ($Proto) {
350		# To support alternative dependency mapping we'll need ldd(1)'s
351		# -e option.  This is relatively new (s81_30), so make sure
352		# ldd(1) is capable before gathering any dependency information.
353		if (system('ldd -e /usr/lib/lddstub 2> /dev/null')) {
354			print "ldd: does not support -e, unable to ";
355			print "create alternative dependency mappingings.\n";
356			print "ldd: option added under 4390308 (s81_30).\n\n";
357		} else {
358			# Gather dependencies and construct a alternative
359			# dependency mapping via a crle(1) configuration file.
360			GetDeps($Proto, "/");
361			GenConf();
362		}
363	}
364
365	# To support unreferenced dependency detection we'll need ldd(1)'s -U
366	# option.  This is relatively new (4638070), and if not available we
367	# can still fall back to -u.  Even with this option, don't use -U with
368	# releases prior to 5.10 as the cleanup for -U use only got integrated
369	# into 5.10 under 4642023.  Note, that nightly doesn't typically set a
370	# RELEASE from the standard <env> files.  Users who wish to disable use
371	# of ldd(1)'s -U should set (or uncomment) RELEASE in their <env> file
372	# if using nightly, or otherwise establish it in their environment.
373	if (system('ldd -U /usr/lib/lddstub 2> /dev/null')) {
374		$LddNoU = 1;
375	} else {
376		my($Release);
377
378		if (($Release = $ENV{RELEASE}) &&
379		    (cmp_os_ver($Release, "<", "5.10"))) {
380			$LddNoU = 1;
381		} else {
382			$LddNoU = 0;
383		}
384	}
385
386	# For each argument determine if we're dealing with a file or directory.
387	foreach my $Arg (@ARGV) {
388		# Ignore symbolic links.
389		if (-l $Arg) {
390			next;
391		}
392
393		if (!stat($Arg)) {
394			next;
395		}
396
397		# Process simple files.
398		if (-f _) {
399			my($RelPath) = $Arg;
400			my($File) = $Arg;
401			my($Secure) = 0;
402
403			$RelPath =~ s!^.*/!./!;
404			$File =~ s!^.*/!!;
405
406			if (-u _ || -g _) {
407				$Secure = 1;
408			}
409
410			ProcFile($Arg, $RelPath, $File, $Secure);
411			next;
412		}
413		# Process directories.
414		if (-d _) {
415			ProcDir($Arg, ".");
416			next;
417		}
418
419		print "$Arg is not a file or directory\n";
420		$Error = 1;
421	}
422
423	# Cleanup
424	CleanUp();
425}
426
427$Error = 0;
428
429# Clean up any temporary files.
430sub CleanUp {
431	if ($Crle64) {
432		unlink $Crle64;
433	}
434	if ($Conf64) {
435		unlink $Conf64;
436	}
437	if ($Crle32) {
438		unlink $Crle32;
439	}
440	if ($Conf32) {
441		unlink $Conf32;
442	}
443}
444
445# Create an output message, either a one-liner (under -o) or preceded by the
446# files relative pathname as a title.
447sub OutMsg {
448	my($Ttl, $Path, $Msg) = @_;
449
450	if ($opt{o}) {
451		$Msg =~ s/^[ \t]*//;
452		print "$Path: $Msg\n";
453	} else {
454		if ($Ttl eq 0) {
455			print "==== $Path ====\n";
456		}
457		print "$Msg\n";
458	}
459}
460
461# Determine whether this a ELF dynamic object and if so investigate its runtime
462# attributes.
463sub ProcFile {
464	my($FullPath, $RelPath, $File, $Secure) = @_;
465	my(@Elf, @Ldd, $Dyn, $Intp, $Dll, $Ttl, $Sym, $Interp, $Stack);
466	my($Sun, $Relsz, $Pltsz, $Uns, $Tex, $Stab, $Strip, $Lddopt, $SymSort);
467	my($Val, $Header, $SkipLdd, $IsX86, $RWX);
468
469	# Ignore symbolic links.
470	if (-l $FullPath) {
471		return;
472	}
473
474	$Ttl = 0;
475	@Ldd = 0;
476
477	# Determine whether we have access to inspect the file.
478	if (!(-r $FullPath)) {
479		OutMsg($Ttl++, $RelPath,
480		    "\tunable to inspect file: permission denied");
481		return;
482	}
483
484	# Determine if this is a file we don't care about.
485	if (!$opt{a}) {
486		if ($File =~ $SkipFiles) {
487			return;
488		}
489	}
490
491	# Determine whether we have a executable (static or dynamic) or a
492	# shared object.
493	@Elf = split(/\n/, `elfdump -epdic $FullPath 2>&1`);
494
495	$Dyn = $Intp = $Dll = $Stack = $IsX86 = $RWX = 0;
496	$Interp = 1;
497	$Header = 'None';
498	foreach my $Line (@Elf) {
499		# If we have an invalid file type (which we can tell from the
500		# first line), or we're processing an archive, bail.
501		if ($Header eq 'None') {
502			if (($Line =~ /invalid file/) ||
503			    ($Line =~ /$FullPath(.*):/)) {
504				return;
505			}
506		}
507
508		if ($Line =~ /^ELF Header/) {
509			$Header = 'Ehdr';
510
511		} elsif ($Line =~ /^Program Header/) {
512			$Header = 'Phdr';
513			$RWX = 0;
514
515		} elsif ($Line =~ /^Interpreter/) {
516			$Header = 'Intp';
517
518		} elsif ($Line =~ /^Dynamic Section/) {
519			# A dynamic section indicates we're a dynamic object
520			# (this makes sure we don't check static executables).
521			$Dyn = 1;
522
523		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_type:/)) {
524			# The e_type field indicates whether this file is a
525			# shared object (ET_DYN) or an executable (ET_EXEC).
526			if ($Line =~ /ET_DYN/) {
527				$Dll = 1;
528			} elsif ($Line !~ /ET_EXEC/) {
529				return;
530			}
531		} elsif (($Header eq 'Ehdr') && ($Line =~ /ei_class:/)) {
532			# If we encounter a 64-bit object, but we're not running
533			# on a 64-bit system, suppress calling ldd(1).
534			if (($Line =~ /ELFCLASS64/) && !$Ena64) {
535				$SkipLdd = 1;
536			}
537		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_machine:/)) {
538			# If it's a X86 object, we need to enforce RW- data.
539			if (($Line =~ /(EM_AMD64|EM_386)/)) {
540				$IsX86 = 1;
541			}
542		} elsif (($Header eq 'Phdr') &&
543		    ($Line =~ /\[ PF_X  PF_W  PF_R \]/)) {
544			# RWX segment seen.
545			$RWX = 1;
546
547		} elsif (($Header eq 'Phdr') &&
548		    ($Line =~ /\[ PT_LOAD \]/ && $RWX && $IsX86)) {
549			# Seen an RWX PT_LOAD segment.
550			if ($File !~ $SkipNoExStkFiles) {
551				OutMsg($Ttl++, $RelPath,
552				    "\tapplication requires non-executable " .
553				    "data\t<no -Mmapfile_noexdata?>");
554			}
555
556		} elsif (($Header eq 'Phdr') &&
557		    ($Line =~ /\[ PT_SUNWSTACK \]/)) {
558			# This object defines a non-executable stack.
559			$Stack = 1;
560
561		} elsif (($Header eq 'Intp') && !$opt{a} &&
562		    ($Line =~ $SkipInterps)) {
563			# This object defines an interpretor we should skip.
564			$Interp = 0;
565		}
566	}
567
568	# Determine whether this ELF executable or shared object has a
569	# conforming mcs(1) comment section.  If the correct $(POST_PROCESS)
570	# macros are used, only a 3 or 4 line .comment section should exist
571	# containing one or two "@(#)SunOS" identifying comments (one comment
572	# for a non-debug build, and two for a debug build). The results of
573	# the following split should be three or four lines, the last empty
574	# line being discarded by the split.
575	if ($opt{m}) {
576		my(@Mcs, $Con, $Dev);
577
578		@Mcs = split(/\n/, `mcs -p $FullPath 2>&1`);
579
580		$Con = $Dev = $Val = 0;
581		foreach my $Line (@Mcs) {
582			$Val++;
583
584			if (($Val == 3) && ($Line !~ /^@\(#\)SunOS/)) {
585				$Con = 1;
586				last;
587			}
588			if (($Val == 4) && ($Line =~ /^@\(#\)SunOS/)) {
589				$Dev = 1;
590				next;
591			}
592			if (($Dev == 0) && ($Val == 4)) {
593				$Con = 1;
594				last;
595			}
596			if (($Dev == 1) && ($Val == 5)) {
597				$Con = 1;
598				last;
599			}
600		}
601		if ($opt{m} && ($Con == 1)) {
602			OutMsg($Ttl++, $RelPath,
603			    "\tnon-conforming mcs(1) comment\t<no \$(POST_PROCESS)?>");
604		}
605	}
606
607	# Applications should contain a non-executable stack definition.
608	if (($Dll == 0) && ($Stack == 0)) {
609		if (!$opt{a}) {
610			if ($File =~ $SkipNoExStkFiles) {
611				goto DYN;
612			}
613		}
614		OutMsg($Ttl++, $RelPath,
615		    "\tapplication requires non-executable stack\t<no -Mmapfile_noexstk?>");
616	}
617
618DYN:
619	# Having caught any static executables in the mcs(1) check and non-
620	# executable stack definition check, continue with dynamic objects
621	# from now on.
622	if ($Dyn eq 0) {
623		return;
624	}
625
626	# Only use ldd unless we've encountered an interpreter that should
627	# be skipped.
628	if (!$SkipLdd && $Interp) {
629		my $LDDFullPath = $FullPath;
630
631		if ($Secure) {
632			# The execution of a secure application over an nfs file
633			# system mounted nosuid will result in warning messages
634			# being sent to /var/adm/messages.  As this type of
635			# environment can occur with root builds, move the file
636			# being investigated to a safe place first.  In addition
637			# remove its secure permission so that it can be
638			# influenced by any alternative dependency mappings.
639
640			my($TmpPath) = "$Tmpdir/$File";
641
642			system('cp', $LDDFullPath, $TmpPath);
643			chmod 0777, $TmpPath;
644			$LDDFullPath = $TmpPath;
645		}
646
647		# Use ldd(1) to determine the objects relocatability and use.
648		# By default look for all unreferenced dependencies.  However,
649		# some objects have legitimate dependencies that they do not
650		# reference.
651		if ($LddNoU || ($File =~ $UnusedFiles) ||
652		    ($RelPath =~ $UnusedPaths)) {
653			$Lddopt = "-ru";
654		} else {
655			$Lddopt = "-rU";
656		}
657		@Ldd = split(/\n/, `ldd $Lddopt $Env $LDDFullPath 2>&1`);
658		if ($Secure) {
659			unlink $LDDFullPath;
660		}
661	}
662
663	$Val = 0;
664	$Sym = 5;
665	$Uns = 1;
666
667LDD:	foreach my $Line (@Ldd) {
668
669		if ($Val == 0) {
670			$Val = 1;
671			# Make sure ldd(1) worked.  One possible failure is that
672			# this is an old ldd(1) prior to -e addition (4390308).
673			if ($Line =~ /usage:/) {
674				$Line =~ s/$/\t<old ldd(1)?>/;
675				OutMsg($Ttl++, $RelPath, $Line);
676				last;
677			} elsif ($Line =~ /execution failed/) {
678				OutMsg($Ttl++, $RelPath, $Line);
679				last;
680			}
681
682			# It's possible this binary can't be executed, ie. we've
683			# found a sparc binary while running on an intel system,
684			# or a sparcv9 binary on a sparcv7/8 system.
685			if ($Line =~ /wrong class/) {
686				OutMsg($Ttl++, $RelPath,
687				    "\thas wrong class or data encoding");
688				next;
689			}
690
691			# Historically, ldd(1) likes executable objects to have
692			# their execute bit set.  Note that this test isn't
693			# applied unless the -a option is in effect, as any
694			# non-executable files are skipped by default to reduce
695			# the cost of running this script.
696			if ($Line =~ /not executable/) {
697				OutMsg($Ttl++, $RelPath,
698				    "\tis not executable");
699				next;
700			}
701		}
702
703		# Look for "file" or "versions" that aren't found.  Note that
704		# these lines will occur before we find any symbol referencing
705		# errors.
706		if (($Sym == 5) && ($Line =~ /not found\)/)) {
707			if ($Line =~ /file not found\)/) {
708				$Line =~ s/$/\t<no -zdefs?>/;
709			}
710			OutMsg($Ttl++, $RelPath, $Line);
711			next;
712		}
713		# Look for relocations whose symbols can't be found.  Note, we
714		# only print out the first 5 relocations for any file as this
715		# output can be excessive.
716		if ($Sym && ($Line =~ /symbol not found/)) {
717			# Determine if this file is allowed undefined
718			# references.
719			if ($Sym == 5) {
720				if (!$opt{a}) {
721					if ($RelPath =~ $SkipUndefDirs) {
722						$Sym = 0;
723						next LDD;
724					}
725					if ($File =~ $SkipUndefFiles) {
726						$Sym = 0;
727						next LDD;
728					}
729				}
730			}
731			if ($Sym-- == 1) {
732				if (!$opt{o}) {
733					OutMsg($Ttl++, $RelPath,
734					    "\tcontinued ...");
735				}
736				next;
737			}
738			# Just print the symbol name.
739			$Line =~ s/$/\t<no -zdefs?>/;
740			OutMsg($Ttl++, $RelPath, $Line);
741			next;
742		}
743		# Look for any unused dependencies.
744		if ($Uns && ($Line =~ /unused/)) {
745			if (!$opt{a}) {
746				if ($RelPath =~ $SkipUnusedDirs) {
747					$Uns = 0;
748					next LDD;
749				}
750				if ($File =~ $SkipUnusedFiles) {
751					$Uns = 0;
752					next LDD;
753				}
754
755				# Remove any noise.
756				if ($Line =~ $UnusedNoise) {
757					$Uns = 0;
758					next LDD;
759				}
760			}
761			if ($Secure) {
762				$Line =~ s!$Tmpdir/!!;
763			}
764			$Line =~ s/^[ \t]*(.*)/\t$1\t<remove lib or -zignore?>/;
765			OutMsg($Ttl++, $RelPath, $Line);
766			next;
767		}
768	}
769
770	# Reuse the elfdump(1) data to investigate additional dynamic linking
771	# information.
772
773	$Sun = $Relsz = $Pltsz = $Dyn = $Stab = $SymSort = 0;
774	$Tex = $Strip = 1;
775
776	$Header = 'None';
777ELF:	foreach my $Line (@Elf) {
778		# We're only interested in the section headers and the dynamic
779		# section.
780		if ($Line =~ /^Section Header/) {
781			$Header = 'Shdr';
782
783			if (($Sun == 0) && ($Line =~ /\.SUNW_reloc/)) {
784				# This object has a combined relocation section.
785				$Sun = 1;
786
787			} elsif (($Stab == 0) && ($Line =~ /\.stab/)) {
788				# This object contain .stabs sections
789				$Stab = 1;
790			} elsif (($SymSort == 0) &&
791				 ($Line =~ /\.SUNW_dyn(sym)|(tls)sort/)) {
792				# This object contains a symbol sort section
793				$SymSort = 1;
794			}
795
796			if (($Strip == 1) && ($Line =~ /\.symtab/)) {
797				# This object contains a complete symbol table.
798				$Strip = 0;
799			}
800			next;
801
802		} elsif ($Line =~ /^Dynamic Section/) {
803			$Header = 'Dyn';
804			next;
805		} elsif ($Header ne 'Dyn') {
806			next;
807		}
808
809		# Does this object contain text relocations.
810		if ($Tex && ($Line =~ /TEXTREL/)) {
811			# Determine if this file is allowed text relocations.
812			if (!$opt{a}) {
813				if ($File =~ $SkipTextrelFiles) {
814					$Tex = 0;
815					next ELF;
816				}
817			}
818			OutMsg($Ttl++, $RelPath,
819			    "\tTEXTREL .dynamic tag\t\t\t<no -Kpic?>");
820			$Tex = 0;
821			next;
822		}
823
824		# Does this file have any relocation sections (there are a few
825		# psr libraries with no relocations at all, thus a .SUNW_reloc
826		# section won't exist either).
827		if (($Relsz == 0) && ($Line =~ / RELA?SZ/)) {
828			$Relsz = hex((split(' ', $Line))[2]);
829			next;
830		}
831
832		# Does this file have any plt relocations.  If the plt size is
833		# equivalent to the total relocation size then we don't have
834		# any relocations suitable for combining into a .SUNW_reloc
835		# section.
836		if (($Pltsz == 0) && ($Line =~ / PLTRELSZ/)) {
837			$Pltsz = hex((split(' ', $Line))[2]);
838			next;
839		}
840
841		# Under the -i (information) option print out any useful dynamic
842		# entries.
843		# Does this object have any dependencies.
844		if ($opt{i} && ($Line =~ /NEEDED/)) {
845			my($Need) = (split(' ', $Line))[3];
846
847			# Catch any old (unnecessary) dependencies.
848			if ($Need =~ $OldDeps) {
849				OutMsg($Ttl++, $RelPath,
850				    "\tNEEDED=$Need\t<dependency no longer necessary>");
851			} else {
852				OutMsg($Ttl++, $RelPath, "\tNEEDED=$Need");
853			}
854			next;
855		}
856
857		# Does this object specify a runpath.
858		if ($opt{i} && ($Line =~ /RPATH/)) {
859			my($Rpath) = (split(' ', $Line))[3];
860			OutMsg($Ttl++, $RelPath, "\tRPATH=$Rpath");
861			next;
862		}
863	}
864
865	# A shared object, that contains non-plt relocations, should have a
866	# combined relocation section indicating it was built with -z combreloc.
867	if ($Dll && $Relsz && ($Relsz != $Pltsz) && ($Sun == 0)) {
868		OutMsg($Ttl++, $RelPath,
869		    "\tSUNW_reloc section missing\t\t<no -zcombreloc?>");
870	}
871
872	# No objects released to a customer should have any .stabs sections
873	# remaining, they should be stripped.
874	if ($opt{s} && $Stab) {
875		if (!$opt{a}) {
876			if ($File =~ $SkipStabFiles) {
877				goto DONESTAB;
878			}
879		}
880		OutMsg($Ttl++, $RelPath,
881		    "\tdebugging sections should be deleted\t<no strip -x?>");
882	}
883
884DONESTAB:
885
886	# All objects should have a full symbol table to provide complete
887	# debugging stack traces.
888	if ($Strip) {
889		OutMsg($Ttl++, $RelPath,
890		    "\tsymbol table should not be stripped\t<remove -s?>");
891	}
892
893	# If there are symbol sort sections in this object, report on
894	# any that have duplicate addresses.
895	ProcSymSort($FullPath, $RelPath, \$Ttl) if $SymSort;
896}
897
898
899## ProcSymSortOutMsg(RefTtl, RelPath, secname, addr, names...)
900#
901# Call OutMsg for a duplicate address error in a symbol sort
902# section
903#
904sub ProcSymSortOutMsg {
905	my($RefTtl, $RelPath, $secname, $addr, @names) = @_;
906
907	OutMsg($$RefTtl++, $RelPath,
908	    "$secname: duplicate $addr: ". join(', ', @names));
909}
910
911
912
913## ProcSymSort(FullPath, RelPath)
914#
915# Examine the symbol sort sections for the given object and report
916# on any duplicate addresses found.  Ideally, mapfile directives
917# should be used when building objects that have multiple symbols
918# with the same address so that only one of them appears in the sort
919# section. This saves space, reduces user confusion, and ensures that
920# libproc and debuggers always display public names instead of symbols
921# that are merely implementation details.
922#
923sub ProcSymSort {
924
925	my($FullPath, $RelPath, $RefTtl) = @_;
926
927	# If this object is exempt from checking, return quietly
928	return if ($FullPath =~ $SkipSymSort);
929
930
931	open(SORT, "elfdump -S $FullPath|") ||
932	    die "$Prog: Unable to execute elfdump (symbol sort sections)\n";
933
934	my $line;
935	my $last_addr;
936	my @dups = ();
937	my $secname;
938	while ($line = <SORT>) {
939		chomp $line;
940
941		next if ($line eq '');
942
943		# If this is a header line, pick up the section name
944		if ($line =~ /^Symbol Sort Section:\s+([^\s]+)\s+/) {
945			$secname = $1;
946
947			# Every new section is followed by a column header line
948			$line = <SORT>;		# Toss header line
949
950			# Flush anything left from previous section
951			ProcSymSortOutMsg($RefTtl, $RelPath, $secname,
952			    $last_addr, @dups) if (scalar(@dups) > 1);
953
954			# Reset variables for new sort section
955			$last_addr = '';
956			@dups = ();
957
958			next;
959		}
960
961		# Process symbol line
962		my @fields = split /\s+/, $line;
963		my $new_addr = $fields[2];
964		my $new_name = $fields[9];
965
966		if ($new_name =~ /^\$dtrace/) {
967			# Ignore DTrace USDT probe symbols, based on their name.
968			# A better solution would be for 'ld' to exclude them
969		        # from the object, but we don't have that ability yet.
970			next;
971		} elsif ($new_addr eq $last_addr) {
972			push @dups, $new_name;
973		} else {
974			ProcSymSortOutMsg($RefTtl, $RelPath, $secname,
975			    $last_addr, @dups) if (scalar(@dups) > 1);
976			@dups = ( $new_name );
977			$last_addr = $new_addr;
978		}
979	}
980
981	ProcSymSortOutMsg($RefTtl, $RelPath, $secname, $last_addr, @dups)
982		if (scalar(@dups) > 1);
983
984	close SORT;
985}
986
987
988sub ProcDir {
989	my($FullDir, $RelDir) = @_;
990	my($NewFull, $NewRel);
991
992	# Determine if this is a directory we don't care about.
993	if (!$opt{a}) {
994		if ($RelDir =~ $SkipDirs) {
995			return;
996		}
997	}
998
999	# Open the directory and read each entry, omit files starting with "."
1000	if (opendir(DIR, $FullDir)) {
1001		foreach my $Entry (readdir(DIR)) {
1002			if ($Entry =~ /^\./) {
1003				next;
1004			}
1005			$NewFull = "$FullDir/$Entry";
1006
1007			# Ignore symlinks.
1008			if (-l $NewFull) {
1009				next;
1010			}
1011			if (!stat($NewFull)) {
1012				next;
1013			}
1014			$NewRel = "$RelDir/$Entry";
1015
1016			# Descend into and process any directories.
1017			if (-d _) {
1018				ProcDir($NewFull, $NewRel);
1019				next;
1020			}
1021
1022			# Typically dynamic objects are executable, so we can
1023			# reduce the overall cost of this script (a lot!) by
1024			# screening out non-executables here, rather than pass
1025			# them to file(1) later.  However, it has been known
1026			# for shared objects to be mistakenly left non-
1027			# executable, so with -a let all files through so that
1028			# this requirement can be verified (see ProcFile()).
1029			if (!$opt{a}) {
1030				if (! -x _) {
1031					next;
1032				}
1033			}
1034
1035			# Process any standard files.
1036			if (-f _) {
1037				my($Secure) = 0;
1038
1039				if (-u _ || -g _) {
1040					$Secure = 1;
1041				}
1042
1043				ProcFile($NewFull, $NewRel, $Entry, $Secure);
1044				next;
1045			}
1046
1047		}
1048		closedir(DIR);
1049	}
1050}
1051
1052# Create a crle(1) script for any 64-bit dependencies we locate.  A runtime
1053# configuration file will be generated to establish alternative dependency
1054# mappings for all these dependencies.
1055
1056sub Entercrle64 {
1057	my($FullDir, $RelDir, $Entry) = @_;
1058
1059	if (!$Crle64) {
1060		# Create and initialize the script if is doesn't already exit.
1061
1062		$Crle64 = "$Tmpdir/$Prog.crle64.$$";
1063		open(CRLE64, "> $Crle64") ||
1064			die "$Prog: open failed: $Crle64: $!";
1065
1066		print CRLE64 "#!/bin/sh\ncrle -64\\\n";
1067	}
1068	print CRLE64 "\t-o $FullDir -a $RelDir/$Entry \\\n";
1069}
1070
1071# Create a crle(1) script for any 32-bit dependencies we locate.  A runtime
1072# configuration file will be generated to establish alternative dependency
1073# mappings for all these dependencies.
1074
1075sub Entercrle32 {
1076	my($FullDir, $RelDir, $Entry) = @_;
1077
1078	if (!$Crle32) {
1079		# Create and initialize the script if is doesn't already exit.
1080
1081		$Crle32 = "$Tmpdir/$Prog.crle32.$$";
1082		open(CRLE32, "> $Crle32") ||
1083			die "$Prog: open failed: $Crle32: $!";
1084
1085		print CRLE32 "#!/bin/sh\ncrle \\\n";
1086	}
1087	print CRLE32 "\t-o $FullDir -a $RelDir/$Entry \\\n";
1088}
1089
1090# Having finished gathering dependencies, complete any crle(1) scripts and
1091# execute them to generate the associated runtime configuration files.  In
1092# addition establish the environment variable required to pass the configuration
1093# files to ldd(1).
1094
1095sub GenConf {
1096	if ($Crle64) {
1097		$Conf64 = "$Tmpdir/$Prog.conf64.$$";
1098		print CRLE64 "\t-c $Conf64\n";
1099
1100		chmod 0755, $Crle64;
1101		close CRLE64;
1102
1103		if (system($Crle64)) {
1104			undef $Conf64;
1105		}
1106	}
1107	if ($Crle32) {
1108		$Conf32 = "$Tmpdir/$Prog.conf32.$$";
1109		print CRLE32 "\t-c $Conf32\n";
1110
1111		chmod 0755, $Crle32;
1112		close CRLE32;
1113
1114		if (system($Crle32)) {
1115			undef $Conf32;
1116		}
1117	}
1118
1119	if ($Crle64 && $Conf64 && $Crle32 && $Conf32) {
1120		$Env = "-e LD_FLAGS=config_64=$Conf64,config_32=$Conf32";
1121	} elsif ($Crle64 && $Conf64) {
1122		$Env = "-e LD_FLAGS=config_64=$Conf64";
1123	} elsif ($Crle32 && $Conf32) {
1124		$Env = "-e LD_FLAGS=config_32=$Conf32";
1125	}
1126}
1127
1128# Recurse through a directory hierarchy looking for appropriate dependencies.
1129
1130sub GetDeps {
1131	my($FullDir, $RelDir) = @_;
1132	my($NewFull);
1133
1134	# Open the directory and read each entry, omit files starting with "."
1135	if (opendir(DIR, $FullDir)) {
1136		 foreach my $Entry (readdir(DIR)) {
1137			if ($Entry =~ /^\./) {
1138				next;
1139			}
1140			$NewFull = "$FullDir/$Entry";
1141
1142			# We need to follow links so that any dependencies
1143			# are expressed in all their available forms.
1144			# Bail on symlinks like 32 -> .
1145			if (-l $NewFull) {
1146				if (readlink($NewFull) =~ /^\.$/) {
1147					next;
1148				}
1149			}
1150			if (!stat($NewFull)) {
1151				next;
1152			}
1153
1154			if (!$opt{a}) {
1155				if ($NewFull =~ $SkipCrleConf) {
1156					next;
1157				}
1158			}
1159
1160			# If this is a directory descend into it.
1161			if (-d _) {
1162				my($NewRel);
1163
1164				if ($RelDir =~ /^\/$/) {
1165					$NewRel = "$RelDir$Entry";
1166				} else {
1167					$NewRel = "$RelDir/$Entry";
1168				}
1169
1170				GetDeps($NewFull, $NewRel);
1171				next;
1172			}
1173
1174			# If this is a regular file determine if its a
1175			# valid ELF dependency.
1176			if (-f _) {
1177				my($File);
1178
1179				# Typically shared object dependencies end with
1180				# ".so" or ".so.?", hence we can reduce the cost
1181				# of this script (a lot!) by screening out files
1182				# that don't follow this pattern.
1183				if (!$opt{a}) {
1184					if ($Entry !~ /\.so(?:\.\d+)*$/) {
1185						next;
1186					}
1187				}
1188
1189				$File = `file $NewFull`;
1190				if ($File !~ /dynamic lib/) {
1191					next;
1192				}
1193
1194				if ($File =~ /32-bit/) {
1195					Entercrle32($FullDir, $RelDir, $Entry);
1196				} elsif ($Ena64) {
1197					Entercrle64($FullDir, $RelDir, $Entry);
1198				}
1199				next;
1200			}
1201		}
1202		closedir(DIR);
1203	}
1204}
1205exit $Error
1206