1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 27 * Use is subject to license terms. 28 */ 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #include "_synonyms.h" 32 33 #include <string.h> 34 #include <stdio.h> 35 #include <unistd.h> 36 #include <sys/stat.h> 37 #include <sys/mman.h> 38 #include <fcntl.h> 39 #include <limits.h> 40 #include <dlfcn.h> 41 #include <errno.h> 42 #include <link.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "msg.h" 49 50 static Fct *vector[] = { 51 &elf_fct, 52 #ifdef A_OUT 53 &aout_fct, 54 #endif 55 0 56 }; 57 58 /* 59 * If a load filter flag is in effect, and this object is a filter, trigger the 60 * loading of all its filtees. The load filter flag is in effect when creating 61 * configuration files, or when under the control of ldd(1), or the LD_LOADFLTR 62 * environment variable is set, or this object was built with the -zloadfltr 63 * flag. Otherwise, filtee loading is deferred until triggered by a relocation. 64 */ 65 static void 66 load_filtees(Rt_map *lmp, int *in_nfavl) 67 { 68 if ((FLAGS1(lmp) & MSK_RT_FILTER) && 69 ((FLAGS(lmp) & FLG_RT_LOADFLTR) || 70 (LIST(lmp)->lm_tflags & LML_TFLG_LOADFLTR))) { 71 Dyninfo *dip = DYNINFO(lmp); 72 uint_t cnt, max = DYNINFOCNT(lmp); 73 Slookup sl; 74 75 /* 76 * Initialize the symbol lookup data structure. 77 */ 78 SLOOKUP_INIT(sl, 0, lmp, lmp, ld_entry_cnt, 0, 0, 0, 0, 0); 79 80 for (cnt = 0; cnt < max; cnt++, dip++) { 81 if (((dip->di_flags & MSK_DI_FILTER) == 0) || 82 ((dip->di_flags & FLG_DI_AUXFLTR) && 83 (rtld_flags & RT_FL_NOAUXFLTR))) 84 continue; 85 (void) elf_lookup_filtee(&sl, 0, 0, cnt, in_nfavl); 86 } 87 } 88 } 89 90 /* 91 * Analyze one or more link-maps of a link map control list. This routine is 92 * called at startup to continue the processing of the main executable. It is 93 * also called each time a new set of objects are loaded, ie. from filters, 94 * lazy-loaded objects, or dlopen(). 95 * 96 * In each instance we traverse the link-map control list starting with the 97 * initial object. As dependencies are analyzed they are added to the link-map 98 * control list. Thus the list grows as we traverse it - this results in the 99 * breadth first ordering of all needed objects. 100 */ 101 int 102 analyze_lmc(Lm_list *lml, Aliste nlmco, Rt_map *nlmp, int *in_nfavl) 103 { 104 Rt_map *lmp = nlmp; 105 Lm_cntl *nlmc; 106 int ret = 1; 107 108 /* 109 * If this link-map control list is being analyzed, return. The object 110 * that has just been added will be picked up by the existing analysis 111 * thread. Note, this is only really meaningful during process init- 112 * ialization, as objects are added to the main link-map control list. 113 * Following this initialization, each family of objects that are loaded 114 * are added to a new link-map control list. 115 */ 116 /* LINTED */ 117 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 118 if (nlmc->lc_flags & LMC_FLG_ANALYZING) 119 return (1); 120 121 /* 122 * If this object doesn't belong to the present link-map control list 123 * then it must already have been analyzed, or it is in the process of 124 * being analyzed prior to us recursing into this analysis. In either 125 * case, ignore the object as it's already being taken care of. 126 */ 127 if (nlmco != CNTL(nlmp)) 128 return (1); 129 130 nlmc->lc_flags |= LMC_FLG_ANALYZING; 131 132 for (; lmp; lmp = (Rt_map *)NEXT(lmp)) { 133 if (FLAGS(lmp) & 134 (FLG_RT_ANALZING | FLG_RT_ANALYZED | FLG_RT_DELETE)) 135 continue; 136 137 /* 138 * Indicate that analyzing is under way. 139 */ 140 FLAGS(lmp) |= FLG_RT_ANALZING; 141 142 /* 143 * If this link map represents a relocatable object, then we 144 * need to finish the link-editing of the object at this point. 145 */ 146 if (FLAGS(lmp) & FLG_RT_OBJECT) { 147 if (elf_obj_fini(lml, lmp, in_nfavl) == 0) { 148 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 149 continue; 150 ret = 0; 151 break; 152 } 153 } 154 155 DBG_CALL(Dbg_file_analyze(lmp)); 156 157 /* 158 * Establish any dependencies this object requires. 159 */ 160 if (LM_NEEDED(lmp)(lml, nlmco, lmp, in_nfavl) == 0) { 161 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 162 continue; 163 ret = 0; 164 break; 165 } 166 167 FLAGS(lmp) &= ~FLG_RT_ANALZING; 168 FLAGS(lmp) |= FLG_RT_ANALYZED; 169 170 /* 171 * If we're building a configuration file, determine if this 172 * object is a filter and if so load its filtees. This 173 * traversal is only necessary for crle(1), as typical use of 174 * an object will load filters as part of relocation processing. 175 */ 176 if (MODE(nlmp) & RTLD_CONFGEN) 177 load_filtees(lmp, in_nfavl); 178 179 /* 180 * If an interposer has been added, it will have been inserted 181 * in the link-map before the link we're presently analyzing. 182 * Break out of this analysis loop and return to the head of 183 * the link-map control list to analyze the interposer. Note 184 * that this rescan preserves the breadth first loading of 185 * dependencies. 186 */ 187 /* LINTED */ 188 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 189 if (nlmc->lc_flags & LMC_FLG_REANALYZE) { 190 nlmc->lc_flags &= ~LMC_FLG_REANALYZE; 191 lmp = nlmc->lc_head; 192 } 193 } 194 195 /* LINTED */ 196 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 197 nlmc->lc_flags &= ~LMC_FLG_ANALYZING; 198 199 return (ret); 200 } 201 202 /* 203 * Copy relocation test. If the symbol definition is within .bss, then it's 204 * zero filled, and as the destination is within .bss, we can skip copying 205 * zero's to zero's. However, if the destination object has a MOVE table, it's 206 * .bss might contain non-zero data, in which case copy it regardless. 207 */ 208 static int 209 copy_zerobits(Rt_map *dlmp, Sym *dsym) 210 { 211 if ((FLAGS(dlmp) & FLG_RT_MOVE) == 0) { 212 Mmap *mmaps; 213 caddr_t daddr = (caddr_t)dsym->st_value; 214 215 if ((FLAGS(dlmp) & FLG_RT_FIXED) == 0) 216 daddr += ADDR(dlmp); 217 218 for (mmaps = MMAPS(dlmp); mmaps->m_vaddr; mmaps++) { 219 if ((mmaps->m_fsize != mmaps->m_msize) && 220 (daddr >= (mmaps->m_vaddr + mmaps->m_fsize)) && 221 (daddr < (mmaps->m_vaddr + mmaps->m_msize))) 222 return (1); 223 } 224 } 225 return (0); 226 } 227 228 /* 229 * Relocate an individual object. 230 */ 231 static int 232 relocate_so(Lm_list *lml, Rt_map *lmp, int *relocated, int now, int *in_nfavl) 233 { 234 /* 235 * If we're running under ldd(1), and haven't been asked to trace any 236 * warnings, skip any actual relocation processing. 237 */ 238 if (((lml->lm_flags & LML_FLG_TRC_ENABLE) == 0) || 239 (lml->lm_flags & LML_FLG_TRC_WARN)) { 240 241 if (relocated) 242 (*relocated)++; 243 244 if ((LM_RELOC(lmp)(lmp, now, in_nfavl) == 0) && 245 ((lml->lm_flags & LML_FLG_TRC_ENABLE) == 0)) 246 return (0); 247 } 248 return (1); 249 } 250 251 /* 252 * Relocate the objects on a link-map control list. 253 */ 254 static int 255 _relocate_lmc(Lm_list *lml, Rt_map *nlmp, int *relocated, int *in_nfavl) 256 { 257 Rt_map *lmp; 258 259 for (lmp = nlmp; lmp; lmp = (Rt_map *)NEXT(lmp)) { 260 /* 261 * If this object has already been relocated, we're done. If 262 * this object is being deleted, skip it, there's probably a 263 * relocation error somewhere that's causing this deletion. 264 */ 265 if (FLAGS(lmp) & 266 (FLG_RT_RELOCING | FLG_RT_RELOCED | FLG_RT_DELETE)) 267 continue; 268 269 /* 270 * Indicate that relocation processing is under way. 271 */ 272 FLAGS(lmp) |= FLG_RT_RELOCING; 273 274 /* 275 * Relocate the object. 276 */ 277 if (relocate_so(lml, lmp, relocated, 0, in_nfavl) == 0) 278 return (0); 279 280 /* 281 * Indicate that the objects relocation is complete. 282 */ 283 FLAGS(lmp) &= ~FLG_RT_RELOCING; 284 FLAGS(lmp) |= FLG_RT_RELOCED; 285 286 /* 287 * Mark this object's init is available for harvesting. Under 288 * ldd(1) this marking is necessary for -i (tsort) gathering. 289 */ 290 lml->lm_init++; 291 lml->lm_flags |= LML_FLG_OBJADDED; 292 293 /* 294 * Process any move data (not necessary under ldd()). 295 */ 296 if ((FLAGS(lmp) & FLG_RT_MOVE) && 297 ((lml->lm_flags & LML_FLG_TRC_ENABLE) == 0)) 298 move_data(lmp); 299 300 /* 301 * Determine if this object is a filter, and if a load filter 302 * flag is in effect, trigger the loading of all its filtees. 303 */ 304 load_filtees(lmp, in_nfavl); 305 } 306 307 /* 308 * Perform special copy relocations. These are only meaningful for 309 * dynamic executables (fixed and head of their link-map list). If 310 * this ever has to change then the infrastructure of COPY() has to 311 * change. Presently, a given link map can only have a receiver or 312 * supplier of copy data, so a union is used to overlap the storage 313 * for the COPY_R() and COPY_S() lists. These lists would need to 314 * be separated. 315 */ 316 if ((FLAGS(nlmp) & FLG_RT_FIXED) && (nlmp == LIST(nlmp)->lm_head) && 317 (((lml->lm_flags & LML_FLG_TRC_ENABLE) == 0) || 318 (lml->lm_flags & LML_FLG_TRC_WARN))) { 319 Rt_map *lmp; 320 Aliste idx1; 321 Word tracing; 322 323 #if defined(__i386) 324 if (elf_copy_gen(nlmp) == 0) 325 return (0); 326 #endif 327 if (COPY_S(nlmp) == NULL) 328 return (1); 329 330 if ((LIST(nlmp)->lm_flags & LML_FLG_TRC_ENABLE) && 331 (((rtld_flags & RT_FL_SILENCERR) == 0) || 332 (LIST(nlmp)->lm_flags & LML_FLG_TRC_VERBOSE))) 333 tracing = 1; 334 else 335 tracing = 0; 336 337 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD)); 338 339 for (APLIST_TRAVERSE(COPY_S(nlmp), idx1, lmp)) { 340 Rel_copy *rcp; 341 Aliste idx2; 342 343 for (ALIST_TRAVERSE(COPY_R(lmp), idx2, rcp)) { 344 int zero; 345 346 /* 347 * Only copy the bits if it's from non-zero 348 * filled memory. 349 */ 350 zero = copy_zerobits(rcp->r_dlmp, rcp->r_dsym); 351 DBG_CALL(Dbg_reloc_copy(rcp->r_dlmp, nlmp, 352 rcp->r_name, zero)); 353 if (zero) 354 continue; 355 356 (void) memcpy(rcp->r_radd, rcp->r_dadd, 357 rcp->r_size); 358 359 if ((tracing == 0) || ((FLAGS1(rcp->r_dlmp) & 360 FL1_RT_DISPREL) == 0)) 361 continue; 362 363 (void) printf(MSG_INTL(MSG_LDD_REL_CPYDISP), 364 demangle(rcp->r_name), NAME(rcp->r_dlmp)); 365 } 366 } 367 368 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD)); 369 370 free(COPY_S(nlmp)); 371 COPY_S(nlmp) = 0; 372 } 373 return (1); 374 } 375 376 int 377 relocate_lmc(Lm_list *lml, Aliste nlmco, Rt_map *clmp, Rt_map *nlmp, 378 int *in_nfavl) 379 { 380 int lret = 1, pret = 1; 381 APlist *alp; 382 Aliste plmco; 383 Lm_cntl *plmc, *nlmc; 384 385 /* 386 * If this link-map control list is being relocated, return. The object 387 * that has just been added will be picked up by the existing relocation 388 * thread. Note, this is only really meaningful during process init- 389 * ialization, as objects are added to the main link-map control list. 390 * Following this initialization, each family of objects that are loaded 391 * are added to a new link-map control list. 392 */ 393 /* LINTED */ 394 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 395 396 if (nlmc->lc_flags & LMC_FLG_RELOCATING) 397 return (1); 398 399 nlmc->lc_flags |= LMC_FLG_RELOCATING; 400 401 /* 402 * Relocate one or more link-maps of a link map control list. If this 403 * object doesn't belong to the present link-map control list then it 404 * must already have been relocated, or it is in the process of being 405 * relocated prior to us recursing into this relocation. In either 406 * case, ignore the object as it's already being taken care of, however, 407 * fall through and capture any relocation promotions that might have 408 * been established from the reference mode of this object. 409 * 410 * If we're generating a configuration file using crle(1), two passes 411 * may be involved. Under the first pass, RTLD_CONFGEN is set. Under 412 * this pass, crle() loads objects into the process address space. No 413 * relocation is necessary at this point, we simply need to analyze the 414 * objects to insure any directly bound dependencies, filtees, etc. 415 * get loaded. Although we skip the relocation, fall through to insure 416 * any control lists are maintained appropriately. 417 * 418 * If objects are to be dldump(3c)'ed, crle(1) makes a second pass, 419 * using RTLD_NOW and RTLD_CONFGEN. The RTLD_NOW effectively carries 420 * out the relocations of all loaded objects. 421 */ 422 if ((nlmco == CNTL(nlmp)) && 423 ((MODE(nlmp) & (RTLD_NOW | RTLD_CONFGEN)) != RTLD_CONFGEN)) { 424 int relocated = 0; 425 426 /* 427 * Determine whether the initial link-map control list has 428 * started relocation. From this point, should any interposing 429 * objects be added to this link-map control list, the objects 430 * are demoted to standard objects. Their interposition can't 431 * be guaranteed once relocations have been carried out. 432 */ 433 if (nlmco == ALIST_OFF_DATA) 434 lml->lm_flags |= LML_FLG_STARTREL; 435 436 /* 437 * Relocate the link-map control list. Should this relocation 438 * fail, clean up this link-map list. Relocations within this 439 * list may have required relocation promotions on other lists, 440 * so before acting upon these, and possibly adding more objects 441 * to the present link-map control list, try and clean up any 442 * failed objects now. 443 */ 444 lret = _relocate_lmc(lml, nlmp, &relocated, in_nfavl); 445 if ((lret == 0) && (nlmco != ALIST_OFF_DATA)) 446 remove_lmc(lml, clmp, nlmc, nlmco, NAME(nlmp)); 447 } 448 449 /* 450 * Determine the new, and previous link-map control lists. 451 */ 452 /* LINTED */ 453 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 454 if (nlmco == ALIST_OFF_DATA) { 455 plmco = nlmco; 456 plmc = nlmc; 457 } else { 458 plmco = nlmco - lml->lm_lists->al_size; 459 /* LINTED */ 460 plmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, plmco); 461 } 462 463 /* 464 * Having completed this control list of objects, they can now be bound 465 * to from other objects. Move this control list to the control list 466 * that precedes it. Although this control list may have only bound to 467 * controls lists much higher up the control list stack, it must only 468 * be moved up one control list so as to preserve the link-map order 469 * that may have already been traversed in search of symbols. 470 */ 471 if (lret && (nlmco != ALIST_OFF_DATA) && nlmc->lc_head) 472 lm_move(lml, nlmco, plmco, nlmc, plmc); 473 474 /* 475 * Determine whether existing objects that have already been relocated, 476 * need any additional relocations performed. This can occur when new 477 * objects are loaded with RTLD_NOW, and these new objects have 478 * dependencies on objects that are already loaded. Note, that we peel 479 * any relocation promotions off of one control list at a time. This 480 * prevents relocations from being bound to objects that might yet fail 481 * to relocate themselves. 482 */ 483 while ((alp = plmc->lc_now) != NULL) { 484 Aliste idx; 485 Rt_map *lmp; 486 487 /* 488 * Remove the relocation promotion list, as performing more 489 * relocations may result in discovering more objects that need 490 * promotion. 491 */ 492 plmc->lc_now = NULL; 493 494 for (APLIST_TRAVERSE(alp, idx, lmp)) { 495 /* 496 * If the original relocation of the link-map control 497 * list failed, or one of the relocation promotions of 498 * this loop has failed, demote any pending objects 499 * relocation mode. 500 */ 501 if ((lret == 0) || (pret == 0)) { 502 MODE(lmp) &= ~RTLD_NOW; 503 MODE(lmp) |= RTLD_LAZY; 504 continue; 505 } 506 507 /* 508 * If a relocation fails, save the error condition. 509 * It's possible that all new objects on the original 510 * link-map control list have been relocated 511 * successfully, but if the user request requires 512 * promoting objects that have already been loaded, we 513 * have to indicate that this operation couldn't be 514 * performed. The unrelocated objects are in use on 515 * another control list, and may continue to be used. 516 * If the .plt that resulted in the error is called, 517 * then the process will receive a fatal error at that 518 * time. But, the .plt may never be called. 519 */ 520 if (relocate_so(lml, lmp, 0, 1, in_nfavl) == 0) 521 pret = 0; 522 } 523 524 /* 525 * Having promoted any objects, determine whether additional 526 * dependencies were added, and if so move them to the previous 527 * link-map control list. 528 */ 529 /* LINTED */ 530 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 531 /* LINTED */ 532 plmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, plmco); 533 if ((nlmco != ALIST_OFF_DATA) && nlmc->lc_head) 534 lm_move(lml, nlmco, plmco, nlmc, plmc); 535 free(alp); 536 } 537 538 /* 539 * If relocations have been successful, indicate that relocations are 540 * no longer active for this control list. Otherwise, leave the 541 * relocation flag, as this flag is used to determine the style of 542 * cleanup (see remove_lmc()). 543 */ 544 if (lret && pret) { 545 /* LINTED */ 546 nlmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, nlmco); 547 nlmc->lc_flags &= ~LMC_FLG_RELOCATING; 548 549 return (1); 550 } 551 552 return (0); 553 } 554 555 /* 556 * Inherit the first rejection message for possible later diagnostics. 557 * 558 * Any attempt to process a file that is unsuccessful, should be accompanied 559 * with an error diagnostic. However, some operations like searching for a 560 * simple filename, involve trying numerous paths, and an error message for each 561 * lookup is not required. Although a multiple search can fail, it's possible 562 * that a file was found, but was rejected because it was the wrong type. 563 * To satisfy these possibilities, the first failure is recorded as a rejection 564 * message, and this message is used later for a more specific diagnostic. 565 * 566 * File searches are focused at load_one(), and from here a rejection descriptor 567 * is passed down to various child routines. If these child routines can 568 * process multiple files, then they will maintain their own rejection desc- 569 * riptor. This is filled in for any failures, and a diagnostic produced to 570 * reflect the failure. The child routines then employ rejection_inherit() to 571 * pass the first rejection message back to load_one(). 572 * 573 * Note that the name, and rejection string must be duplicated, as the name 574 * buffer and error string buffer (see conv_ routines) may be reused for 575 * additional processing or rejection messages. 576 */ 577 void 578 rejection_inherit(Rej_desc *rej1, Rej_desc *rej2) 579 { 580 if (rej2->rej_type && (rej1->rej_type == 0)) { 581 rej1->rej_type = rej2->rej_type; 582 rej1->rej_info = rej2->rej_info; 583 rej1->rej_flag = rej2->rej_flag; 584 if (rej2->rej_name) 585 rej1->rej_name = strdup(rej2->rej_name); 586 if (rej2->rej_str) { 587 if ((rej1->rej_str = strdup(rej2->rej_str)) == NULL) 588 rej1->rej_str = MSG_ORIG(MSG_EMG_ENOMEM); 589 } 590 } 591 } 592 593 /* 594 * Determine the object type of a file. 595 */ 596 Fct * 597 are_u_this(Rej_desc *rej, int fd, struct stat *status, const char *name) 598 { 599 int i; 600 char *maddr = 0; 601 602 fmap->fm_fsize = status->st_size; 603 604 /* 605 * If this is a directory (which can't be mmap()'ed) generate a precise 606 * error message. 607 */ 608 if ((status->st_mode & S_IFMT) == S_IFDIR) { 609 rej->rej_type = SGS_REJ_STR; 610 rej->rej_str = strerror(EISDIR); 611 return (0); 612 } 613 614 /* 615 * Map in the first page of the file. When this buffer is first used, 616 * the mapping is a single system page. This is typically enough to 617 * inspect the ehdr and phdrs of the file, and can be reused for each 618 * file that get loaded. If a larger mapping is required to read the 619 * ehdr and phdrs, a new mapping is created (see elf_map_it()). This 620 * new mapping is again used for each new file loaded. Some objects, 621 * such as filters, only take up one page, and in this case this mapping 622 * will suffice for the file. 623 */ 624 maddr = mmap(fmap->fm_maddr, fmap->fm_msize, (PROT_READ | PROT_EXEC), 625 fmap->fm_mflags, fd, 0); 626 #if defined(MAP_ALIGN) 627 if ((maddr == MAP_FAILED) && (errno == EINVAL)) { 628 /* 629 * If the mapping failed, and we used MAP_ALIGN, assume we're 630 * on a system that doesn't support this option. Try again 631 * without MAP_ALIGN. 632 */ 633 if (fmap->fm_mflags & MAP_ALIGN) { 634 rtld_flags2 |= RT_FL2_NOMALIGN; 635 fmap_setup(); 636 637 maddr = (char *)mmap(fmap->fm_maddr, fmap->fm_msize, 638 (PROT_READ | PROT_EXEC), fmap->fm_mflags, fd, 0); 639 } 640 } 641 #endif 642 if (maddr == MAP_FAILED) { 643 rej->rej_type = SGS_REJ_STR; 644 rej->rej_str = strerror(errno); 645 return (0); 646 } 647 648 /* 649 * From now on we will re-use fmap->fm_maddr as the mapping address 650 * so we augment the flags with MAP_FIXED and drop any MAP_ALIGN. 651 */ 652 fmap->fm_maddr = maddr; 653 fmap->fm_mflags |= MAP_FIXED; 654 #if defined(MAP_ALIGN) 655 fmap->fm_mflags &= ~MAP_ALIGN; 656 #endif 657 658 /* 659 * Search through the object vectors to determine what kind of 660 * object we have. 661 */ 662 for (i = 0; vector[i]; i++) { 663 if ((vector[i]->fct_are_u_this)(rej)) 664 return (vector[i]); 665 else if (rej->rej_type) { 666 Rt_map *lmp; 667 668 /* 669 * If this object is an explicitly defined shared 670 * object under inspection by ldd, and contains a 671 * incompatible hardware capabilities requirement, then 672 * inform the user, but continue processing. 673 * 674 * XXXX - ldd -v for any rej failure. 675 */ 676 if ((rej->rej_type == SGS_REJ_HWCAP_1) && 677 (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && 678 ((lmp = lml_main.lm_head) != 0) && 679 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && 680 (NEXT(lmp) == 0)) { 681 (void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1), 682 name, rej->rej_str); 683 return (vector[i]); 684 } 685 return (0); 686 } 687 } 688 689 /* 690 * Unknown file type. 691 */ 692 rej->rej_type = SGS_REJ_UNKFILE; 693 return (0); 694 } 695 696 /* 697 * Helper routine for is_so_matched() that consolidates matching a path name, 698 * or file name component of a link-map name. 699 */ 700 static int 701 _is_so_matched(const char *name, const char *str, int path) 702 { 703 const char *_str; 704 705 if ((path == 0) && ((_str = strrchr(str, '/')) != NULL)) 706 _str++; 707 else 708 _str = str; 709 710 return (strcmp(name, _str)); 711 } 712 713 /* 714 * Determine whether a search name matches one of the names associated with a 715 * link-map. A link-map contains several names: 716 * 717 * . a NAME() - typically the full pathname of an object that has been 718 * loaded. For example, when looking for the dependency "libc.so.1", a 719 * search path is applied, with the eventual NAME() being "/lib/ld.so.1". 720 * The name of the executable is typically a simple filename, such as 721 * "main", as this is the name passed to exec() to start the process. 722 * 723 * . a PATHNAME() - this is maintained if the resolved NAME() is different 724 * to NAME(), ie. the original name is a symbolic link. This is also 725 * the resolved full pathname for a dynamic executable. 726 * 727 * . a list of ALIAS() names - these are alternative names by which the 728 * object has been found, ie. when dependencies are loaded through a 729 * variety of different symbolic links. 730 * 731 * The name pattern matching can differ depending on whether we are looking 732 * for a full path name (path != 0), or a simple file name (path == 0). Full 733 * path names typically match NAME() or PATHNAME() entries, so these link-map 734 * names are inspected first when a full path name is being searched for. 735 * Simple file names typically match ALIAS() names, so these link-map names are 736 * inspected first when a simple file name is being searched for. 737 * 738 * For all full path name searches, the link-map names are taken as is. For 739 * simple file name searches, only the file name component of any link-map 740 * names are used for comparison. 741 */ 742 static Rt_map * 743 is_so_matched(Rt_map *lmp, const char *name, int path) 744 { 745 Aliste idx; 746 const char *cp; 747 748 /* 749 * A pathname is typically going to match a NAME() or PATHNAME(), so 750 * check these first. 751 */ 752 if (path) { 753 if (strcmp(name, NAME(lmp)) == 0) 754 return (lmp); 755 756 if (PATHNAME(lmp) != NAME(lmp)) { 757 if (strcmp(name, PATHNAME(lmp)) == 0) 758 return (lmp); 759 } 760 } 761 762 /* 763 * Typically, dependencies are specified as simple file names 764 * (DT_NEEDED == libc.so.1), which are expanded to full pathnames to 765 * open the file. The full pathname is NAME(), and the original name 766 * is maintained on the ALIAS() list. 767 * 768 * If this is a simple filename, or a pathname has failed to match the 769 * NAME() and PATHNAME() check above, look through the ALIAS() list. 770 */ 771 for (APLIST_TRAVERSE(ALIAS(lmp), idx, cp)) { 772 /* 773 * If we're looking for a simple filename, _is_so_matched() 774 * will reduce the ALIAS name to its simple name. 775 */ 776 if (_is_so_matched(name, cp, path) == 0) 777 return (lmp); 778 } 779 780 /* 781 * Finally, if this is a simple file name, and any ALIAS() search has 782 * been completed, match the simple file name of NAME() and PATHNAME(). 783 */ 784 if (path == 0) { 785 if (_is_so_matched(name, NAME(lmp), 0) == 0) 786 return (lmp); 787 788 if (PATHNAME(lmp) != NAME(lmp)) { 789 if (_is_so_matched(name, PATHNAME(lmp), 0) == 0) 790 return (lmp); 791 } 792 } 793 794 return (0); 795 } 796 797 /* 798 * Files are opened by ld.so.1 to satisfy dependencies, filtees and dlopen() 799 * requests. Each request investigates the file based upon the callers 800 * environment. Once a full path name has been established, the following 801 * checks are made: 802 * 803 * . does the path exist in the link-map lists FullPathNode AVL tree? if 804 * so, the file is already loaded, and its associated link-map pointer 805 * is returned. 806 * . does the path exist in the not-found AVL tree? if so, this path has 807 * already been determined to not exist, and a failure is returned. 808 * . a device/inode check, to ensure the same file isn't mapped multiple 809 * times through different paths. See file_open(). 810 * 811 * However, there are cases where a test for an existing file name needs to be 812 * carried out, such as dlopen(NOLOAD) requests, dldump() requests, and as a 813 * final fallback to dependency loading. These requests are handled by 814 * is_so_loaded(). 815 * 816 * A traversal through the callers link-map list is carried out, and from each 817 * link-map, a comparison is made against all of the various names by which the 818 * object has been referenced. is_so_matched() is used to compares the link-map 819 * names against the name being searched for. Whether the search name is a full 820 * path name or a simple file name, governs what comparisons are made. 821 * 822 * A full path name, which is a fully resolved path name that starts with a "/" 823 * character, or a relative path name that includes a "/" character, must match 824 * the link-map names explicitly. A simple file name, which is any name *not* 825 * containing a "/" character, are matched against the file name component of 826 * any link-map names. 827 */ 828 Rt_map * 829 is_so_loaded(Lm_list *lml, const char *name, int *in_nfavl) 830 { 831 Rt_map *lmp; 832 avl_index_t where; 833 Lm_cntl *lmc; 834 Aliste idx; 835 int path = 0; 836 837 /* 838 * If the name is a full path name, first determine if the path name is 839 * registered on the FullPathNode AVL, or not-found AVL trees. 840 */ 841 if (name[0] == '/') { 842 if (((lmp = fpavl_recorded(lml, name, &where)) != NULL) && 843 ((FLAGS(lmp) & (FLG_RT_OBJECT | FLG_RT_DELETE)) == 0)) 844 return (lmp); 845 if (nfavl_recorded(name, 0)) { 846 /* 847 * For dlopen() and dlsym() fall backs, indicate that 848 * a registered not-found path has indicated that this 849 * object does not exist. 850 */ 851 if (in_nfavl) 852 (*in_nfavl)++; 853 return (0); 854 } 855 } 856 857 /* 858 * Determine whether the name is a simple file name, or a path name. 859 */ 860 if (strchr(name, '/')) 861 path++; 862 863 /* 864 * Loop through the callers link-map lists. 865 */ 866 for (ALIST_TRAVERSE(lml->lm_lists, idx, lmc)) { 867 for (lmp = lmc->lc_head; lmp; lmp = (Rt_map *)NEXT(lmp)) { 868 if (FLAGS(lmp) & (FLG_RT_OBJECT | FLG_RT_DELETE)) 869 continue; 870 871 if (is_so_matched(lmp, name, path)) 872 return (lmp); 873 } 874 } 875 return ((Rt_map *)0); 876 } 877 878 /* 879 * Tracing is enabled by the LD_TRACE_LOADED_OPTIONS environment variable which 880 * is normally set from ldd(1). For each link map we load, print the load name 881 * and the full pathname of the shared object. 882 */ 883 /* ARGSUSED4 */ 884 static void 885 trace_so(Rt_map *clmp, Rej_desc *rej, const char *name, const char *path, 886 int alter, const char *nfound) 887 { 888 const char *str = MSG_ORIG(MSG_STR_EMPTY); 889 const char *reject = MSG_ORIG(MSG_STR_EMPTY); 890 char _reject[PATH_MAX]; 891 892 /* 893 * The first time through trace_so() will only have lddstub on the 894 * link-map list and the preloaded shared object is supplied as "path". 895 * As we don't want to print this shared object as a dependency, but 896 * instead inspect *its* dependencies, return. 897 */ 898 if (FLAGS1(clmp) & FL1_RT_LDDSTUB) 899 return; 900 901 /* 902 * Without any rejection info, this is a supplied not-found condition. 903 */ 904 if (rej && (rej->rej_type == 0)) { 905 (void) printf(nfound, name); 906 return; 907 } 908 909 /* 910 * If rejection information exists then establish what object was 911 * found and the reason for its rejection. 912 */ 913 if (rej) { 914 Conv_reject_desc_buf_t rej_buf; 915 916 /* LINTED */ 917 (void) snprintf(_reject, PATH_MAX, 918 MSG_INTL(ldd_reject[rej->rej_type]), 919 conv_reject_desc(rej, &rej_buf, M_MACH)); 920 if (rej->rej_name) 921 path = rej->rej_name; 922 reject = (char *)_reject; 923 924 /* 925 * Was an alternative pathname defined (from a configuration 926 * file). 927 */ 928 if (rej->rej_flag & FLG_FD_ALTER) 929 str = MSG_INTL(MSG_LDD_FIL_ALTER); 930 } else { 931 if (alter) 932 str = MSG_INTL(MSG_LDD_FIL_ALTER); 933 } 934 935 /* 936 * If the load name isn't a full pathname print its associated pathname 937 * together with all the other information we've gathered. 938 */ 939 if (*name == '/') 940 (void) printf(MSG_ORIG(MSG_LDD_FIL_PATH), path, str, reject); 941 else 942 (void) printf(MSG_ORIG(MSG_LDD_FIL_EQUIV), name, path, str, 943 reject); 944 } 945 946 947 /* 948 * Establish a link-map mode, initializing it if it has just been loaded, or 949 * potentially updating it if it already exists. 950 */ 951 int 952 update_mode(Rt_map *lmp, int omode, int nmode) 953 { 954 Lm_list *lml = LIST(lmp); 955 int pmode = 0; 956 957 /* 958 * A newly loaded object hasn't had its mode set yet. Modes are used to 959 * load dependencies, so don't propagate any parent or no-load flags, as 960 * these would adversely affect this objects ability to load any of its 961 * dependencies that aren't already loaded. RTLD_FIRST is applicable to 962 * this objects handle creation only, and should not be propagated. 963 */ 964 if ((FLAGS(lmp) & FLG_RT_MODESET) == 0) { 965 MODE(lmp) |= nmode & ~(RTLD_PARENT | RTLD_NOLOAD | RTLD_FIRST); 966 FLAGS(lmp) |= FLG_RT_MODESET; 967 return (1); 968 } 969 970 /* 971 * Establish any new overriding modes. RTLD_LAZY and RTLD_NOW should be 972 * represented individually (this is historic, as these two flags were 973 * the only flags originally available to dlopen()). Other flags are 974 * accumulative, but have a hierarchy of preference. 975 */ 976 if ((omode & RTLD_LAZY) && (nmode & RTLD_NOW)) { 977 MODE(lmp) &= ~RTLD_LAZY; 978 pmode |= RTLD_NOW; 979 } 980 981 pmode |= ((~omode & nmode) & 982 (RTLD_GLOBAL | RTLD_WORLD | RTLD_NODELETE)); 983 if (pmode) { 984 DBG_CALL(Dbg_file_mode_promote(lmp, pmode)); 985 MODE(lmp) |= pmode; 986 } 987 988 /* 989 * If this load is an RTLD_NOW request and the object has already been 990 * loaded non-RTLD_NOW, append this object to the relocation-now list 991 * of the objects associated control list. Note, if the object hasn't 992 * yet been relocated, setting its MODE() to RTLD_NOW will establish 993 * full relocation processing when it eventually gets relocated. 994 */ 995 if ((pmode & RTLD_NOW) && 996 (FLAGS(lmp) & (FLG_RT_RELOCED | FLG_RT_RELOCING))) { 997 Lm_cntl *lmc; 998 999 /* LINTED */ 1000 lmc = (Lm_cntl *)alist_item_by_offset(LIST(lmp)->lm_lists, 1001 CNTL(lmp)); 1002 (void) aplist_append(&lmc->lc_now, lmp, AL_CNT_LMNOW); 1003 } 1004 1005 #ifdef SIEBEL_DISABLE 1006 /* 1007 * For patch backward compatibility the following .init collection 1008 * is disabled. 1009 */ 1010 if (rtld_flags & RT_FL_DISFIX_1) 1011 return (pmode); 1012 #endif 1013 1014 /* 1015 * If this objects .init has been collected but has not yet been called, 1016 * it may be necessary to reevaluate the object using tsort(). For 1017 * example, a new dlopen() hierarchy may bind to uninitialized objects 1018 * that are already loaded, or a dlopen(RTLD_NOW) can establish new 1019 * bindings between already loaded objects that require the tsort() 1020 * information be recomputed. If however, no new objects have been 1021 * added to the process, and this object hasn't been promoted, don't 1022 * bother reevaluating the .init. The present tsort() information is 1023 * probably as accurate as necessary, and by not establishing a parallel 1024 * tsort() we can help reduce the amount of recursion possible between 1025 * .inits. 1026 */ 1027 if (((FLAGS(lmp) & 1028 (FLG_RT_INITCLCT | FLG_RT_INITCALL)) == FLG_RT_INITCLCT) && 1029 ((lml->lm_flags & LML_FLG_OBJADDED) || ((pmode & RTLD_NOW) && 1030 (FLAGS(lmp) & (FLG_RT_RELOCED | FLG_RT_RELOCING))))) { 1031 FLAGS(lmp) &= ~FLG_RT_INITCLCT; 1032 LIST(lmp)->lm_init++; 1033 LIST(lmp)->lm_flags |= LML_FLG_OBJREEVAL; 1034 } 1035 1036 return (pmode); 1037 } 1038 1039 /* 1040 * Determine whether an alias name already exists, and if not create one. This 1041 * is typically used to retain dependency names, such as "libc.so.1", which 1042 * would have been expanded to full path names when they were loaded. The 1043 * full path names (NAME() and possibly PATHNAME()) are maintained as Fullpath 1044 * AVL nodes, and thus would have been matched by fpavl_loaded() during 1045 * file_open(). 1046 */ 1047 int 1048 append_alias(Rt_map *lmp, const char *str, int *added) 1049 { 1050 Aliste idx; 1051 char *cp; 1052 1053 /* 1054 * Determine if this filename is already on the alias list. 1055 */ 1056 for (APLIST_TRAVERSE(ALIAS(lmp), idx, cp)) { 1057 if (strcmp(cp, str) == 0) 1058 return (1); 1059 } 1060 1061 /* 1062 * This is a new alias, append it to the alias list. 1063 */ 1064 if ((cp = strdup(str)) == NULL) 1065 return (0); 1066 1067 if (aplist_append(&ALIAS(lmp), cp, AL_CNT_ALIAS) == NULL) { 1068 free(cp); 1069 return (0); 1070 } 1071 if (added) 1072 *added = 1; 1073 return (1); 1074 } 1075 1076 /* 1077 * Determine whether a file is already loaded by comparing device and inode 1078 * values. 1079 */ 1080 static Rt_map * 1081 is_devinode_loaded(struct stat *status, Lm_list *lml, const char *name, 1082 uint_t flags) 1083 { 1084 Lm_cntl *lmc; 1085 Aliste idx; 1086 1087 /* 1088 * If this is an auditor, it will have been opened on a new link-map. 1089 * To prevent multiple occurrences of the same auditor on multiple 1090 * link-maps, search the head of each link-map list and see if this 1091 * object is already loaded as an auditor. 1092 */ 1093 if (flags & FLG_RT_AUDIT) { 1094 Lm_list *lml; 1095 Listnode *lnp; 1096 1097 for (LIST_TRAVERSE(&dynlm_list, lnp, lml)) { 1098 Rt_map *nlmp = lml->lm_head; 1099 1100 if (nlmp && ((FLAGS(nlmp) & 1101 (FLG_RT_AUDIT | FLG_RT_DELETE)) == FLG_RT_AUDIT) && 1102 (STDEV(nlmp) == status->st_dev) && 1103 (STINO(nlmp) == status->st_ino)) 1104 return (nlmp); 1105 } 1106 return ((Rt_map *)0); 1107 } 1108 1109 /* 1110 * If the file has been found determine from the new files status 1111 * information if this file is actually linked to one we already have 1112 * mapped. This catches symlink names not caught by is_so_loaded(). 1113 */ 1114 for (ALIST_TRAVERSE(lml->lm_lists, idx, lmc)) { 1115 Rt_map *nlmp; 1116 1117 for (nlmp = lmc->lc_head; nlmp; nlmp = (Rt_map *)NEXT(nlmp)) { 1118 if ((FLAGS(nlmp) & FLG_RT_DELETE) || 1119 (FLAGS1(nlmp) & FL1_RT_LDDSTUB)) 1120 continue; 1121 1122 if ((STDEV(nlmp) != status->st_dev) || 1123 (STINO(nlmp) != status->st_ino)) 1124 continue; 1125 1126 if (lml->lm_flags & LML_FLG_TRC_VERBOSE) { 1127 /* BEGIN CSTYLED */ 1128 if (*name == '/') 1129 (void) printf(MSG_ORIG(MSG_LDD_FIL_PATH), 1130 name, MSG_ORIG(MSG_STR_EMPTY), 1131 MSG_ORIG(MSG_STR_EMPTY)); 1132 else 1133 (void) printf(MSG_ORIG(MSG_LDD_FIL_EQUIV), 1134 name, NAME(nlmp), 1135 MSG_ORIG(MSG_STR_EMPTY), 1136 MSG_ORIG(MSG_STR_EMPTY)); 1137 /* END CSTYLED */ 1138 } 1139 return (nlmp); 1140 } 1141 } 1142 return ((Rt_map *)0); 1143 } 1144 1145 /* 1146 * Generate any error messages indicating a file could not be found. When 1147 * preloading or auditing a secure application, it can be a little more helpful 1148 * to indicate that a search of secure directories has failed, so adjust the 1149 * messages accordingly. 1150 */ 1151 void 1152 file_notfound(Lm_list *lml, const char *name, Rt_map *clmp, uint_t flags, 1153 Rej_desc * rej) 1154 { 1155 int secure = 0; 1156 1157 if ((rtld_flags & RT_FL_SECURE) && 1158 (flags & (FLG_RT_PRELOAD | FLG_RT_AUDIT))) 1159 secure++; 1160 1161 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 1162 /* 1163 * Under ldd(1), auxiliary filtees that can't be loaded are 1164 * ignored, unless verbose errors are requested. 1165 */ 1166 if ((rtld_flags & RT_FL_SILENCERR) && 1167 ((lml->lm_flags & LML_FLG_TRC_VERBOSE) == 0)) 1168 return; 1169 1170 if (secure) 1171 trace_so(clmp, rej, name, 0, 0, 1172 MSG_INTL(MSG_LDD_SEC_NFOUND)); 1173 else 1174 trace_so(clmp, rej, name, 0, 0, 1175 MSG_INTL(MSG_LDD_FIL_NFOUND)); 1176 return; 1177 } 1178 1179 if (rej->rej_type) { 1180 Conv_reject_desc_buf_t rej_buf; 1181 1182 eprintf(lml, ERR_FATAL, MSG_INTL(err_reject[rej->rej_type]), 1183 rej->rej_name ? rej->rej_name : MSG_INTL(MSG_STR_UNKNOWN), 1184 conv_reject_desc(rej, &rej_buf, M_MACH)); 1185 return; 1186 } 1187 1188 if (secure) 1189 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SEC_OPEN), name); 1190 else 1191 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), name, 1192 strerror(ENOENT)); 1193 } 1194 1195 static int 1196 file_open(int err, Lm_list *lml, const char *oname, const char *nname, 1197 Rt_map *clmp, uint_t flags, Fdesc *fdesc, Rej_desc *rej, int *in_nfavl) 1198 { 1199 struct stat status; 1200 Rt_map *nlmp; 1201 int resolved = 0; 1202 char *name; 1203 avl_index_t nfavlwhere = 0; 1204 1205 fdesc->fd_oname = oname; 1206 1207 if ((err == 0) && (fdesc->fd_flags & FLG_FD_ALTER)) 1208 DBG_CALL(Dbg_file_config_obj(lml, oname, 0, nname)); 1209 1210 /* 1211 * If we're dealing with a full pathname, determine whether this 1212 * pathname is already known. Other pathnames fall through to the 1213 * dev/inode check, as even though the pathname may look the same as 1214 * one previously used, the process may have changed directory. 1215 */ 1216 if ((err == 0) && (nname[0] == '/')) { 1217 if ((nlmp = fpavl_recorded(lml, nname, 1218 &(fdesc->fd_avlwhere))) != NULL) { 1219 fdesc->fd_nname = nname; 1220 fdesc->fd_lmp = nlmp; 1221 return (1); 1222 } 1223 if (nfavl_recorded(nname, &nfavlwhere)) { 1224 /* 1225 * For dlopen() and dlsym() fall backs, indicate that 1226 * a registered not-found path has indicated that this 1227 * object does not exist. If this path has been 1228 * constructed as part of expanding a HWCAP directory, 1229 * and as this is a silent failure, where no rejection 1230 * message is created, free the original name to 1231 * simplify the life of the caller. 1232 */ 1233 if (in_nfavl) 1234 (*in_nfavl)++; 1235 if (flags & FLG_RT_HWCAP) 1236 free((void *)nname); 1237 return (0); 1238 } 1239 } 1240 1241 if ((err == 0) && ((stat(nname, &status)) != -1)) { 1242 char path[PATH_MAX]; 1243 int fd, size, added; 1244 1245 /* 1246 * If this path has been constructed as part of expanding a 1247 * HWCAP directory, ignore any subdirectories. As this is a 1248 * silent failure, where no rejection message is created, free 1249 * the original name to simplify the life of the caller. For 1250 * any other reference that expands to a directory, fall through 1251 * to construct a meaningful rejection message. 1252 */ 1253 if ((flags & FLG_RT_HWCAP) && 1254 ((status.st_mode & S_IFMT) == S_IFDIR)) { 1255 free((void *)nname); 1256 return (0); 1257 } 1258 1259 /* 1260 * Resolve the filename and determine whether the resolved name 1261 * is already known. Typically, the previous fpavl_loaded() 1262 * will have caught this, as both NAME() and PATHNAME() for a 1263 * link-map are recorded in the FullNode AVL tree. However, 1264 * instances exist where a file can be replaced (loop-back 1265 * mounts, bfu, etc.), and reference is made to the original 1266 * file through a symbolic link. By checking the pathname here, 1267 * we don't fall through to the dev/inode check and conclude 1268 * that a new file should be loaded. 1269 */ 1270 if ((nname[0] == '/') && (rtld_flags & RT_FL_EXECNAME) && 1271 ((size = resolvepath(nname, path, (PATH_MAX - 1))) > 0)) { 1272 path[size] = '\0'; 1273 1274 if (strcmp(nname, path)) { 1275 if ((nlmp = 1276 fpavl_recorded(lml, path, 0)) != NULL) { 1277 added = 0; 1278 1279 if (append_alias(nlmp, nname, 1280 &added) == 0) 1281 return (0); 1282 /* BEGIN CSTYLED */ 1283 if (added) 1284 DBG_CALL(Dbg_file_skip(LIST(clmp), 1285 NAME(nlmp), nname)); 1286 /* END CSTYLED */ 1287 fdesc->fd_nname = nname; 1288 fdesc->fd_lmp = nlmp; 1289 return (1); 1290 } 1291 1292 /* 1293 * If this pathname hasn't been loaded, save 1294 * the resolved pathname so that it doesn't 1295 * have to be recomputed as part of fullpath() 1296 * processing. 1297 */ 1298 if ((fdesc->fd_pname = strdup(path)) == NULL) 1299 return (0); 1300 resolved = 1; 1301 } else { 1302 /* 1303 * If the resolved name doesn't differ from the 1304 * original, save it without duplication. 1305 * Having fd_pname set indicates that no further 1306 * resolvepath processing is necessary. 1307 */ 1308 fdesc->fd_pname = nname; 1309 } 1310 } 1311 1312 if (nlmp = is_devinode_loaded(&status, lml, nname, flags)) { 1313 if (flags & FLG_RT_AUDIT) { 1314 /* 1315 * If we've been requested to load an auditor, 1316 * and an auditor of the same name already 1317 * exists, then the original auditor is used. 1318 */ 1319 DBG_CALL(Dbg_audit_skip(LIST(clmp), 1320 NAME(nlmp), LIST(nlmp)->lm_lmidstr)); 1321 } else { 1322 /* 1323 * Otherwise, if an alternatively named file 1324 * has been found for the same dev/inode, add 1325 * a new name alias, and insert any alias full 1326 * pathname in the link-map lists AVL tree. 1327 */ 1328 added = 0; 1329 1330 if (append_alias(nlmp, nname, &added) == 0) 1331 return (0); 1332 if (added) { 1333 if ((nname[0] == '/') && 1334 (fpavl_insert(lml, nlmp, 1335 nname, 0) == 0)) 1336 return (0); 1337 DBG_CALL(Dbg_file_skip(LIST(clmp), 1338 NAME(nlmp), nname)); 1339 } 1340 } 1341 1342 /* 1343 * Record in the file descriptor the existing object 1344 * that satisfies this open request. 1345 */ 1346 fdesc->fd_nname = nname; 1347 fdesc->fd_lmp = nlmp; 1348 return (1); 1349 } 1350 1351 if ((fd = open(nname, O_RDONLY, 0)) == -1) { 1352 /* 1353 * As the file must exist for the previous stat() to 1354 * have succeeded, record the error condition. 1355 */ 1356 rej->rej_type = SGS_REJ_STR; 1357 rej->rej_str = strerror(errno); 1358 } else { 1359 Fct *ftp; 1360 1361 if ((ftp = are_u_this(rej, fd, &status, nname)) != 0) { 1362 fdesc->fd_nname = nname; 1363 fdesc->fd_ftp = ftp; 1364 fdesc->fd_dev = status.st_dev; 1365 fdesc->fd_ino = status.st_ino; 1366 fdesc->fd_fd = fd; 1367 1368 /* 1369 * Trace that this open has succeeded. 1370 */ 1371 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 1372 trace_so(clmp, 0, oname, nname, 1373 (fdesc->fd_flags & FLG_FD_ALTER), 1374 0); 1375 } 1376 return (1); 1377 } 1378 (void) close(fd); 1379 } 1380 1381 } else if (errno != ENOENT) { 1382 /* 1383 * If the open() failed for anything other than the file not 1384 * existing, record the error condition. 1385 */ 1386 rej->rej_type = SGS_REJ_STR; 1387 rej->rej_str = strerror(errno); 1388 } 1389 1390 /* 1391 * Regardless of error, duplicate and record any full path names that 1392 * can't be used on the "not-found" AVL tree. 1393 */ 1394 if ((nname[0] == '/') && ((name = strdup(nname)) != NULL)) 1395 nfavl_insert(name, nfavlwhere); 1396 1397 /* 1398 * Indicate any rejection. 1399 */ 1400 if (rej->rej_type) { 1401 /* 1402 * If this pathname was resolved and duplicated, remove the 1403 * allocated name to simplify the cleanup of the callers. 1404 */ 1405 if (resolved) { 1406 free((void *)fdesc->fd_pname); 1407 fdesc->fd_pname = NULL; 1408 } 1409 rej->rej_name = nname; 1410 rej->rej_flag = (fdesc->fd_flags & FLG_FD_ALTER); 1411 DBG_CALL(Dbg_file_rejected(lml, rej, M_MACH)); 1412 } 1413 return (0); 1414 } 1415 1416 /* 1417 * Find a full pathname (it contains a "/"). 1418 */ 1419 int 1420 find_path(Lm_list *lml, const char *oname, Rt_map *clmp, uint_t flags, 1421 Fdesc *fdesc, Rej_desc *rej, int *in_nfavl) 1422 { 1423 int err = 0; 1424 1425 /* 1426 * If directory configuration exists determine if this path is known. 1427 */ 1428 if (rtld_flags & RT_FL_DIRCFG) { 1429 Rtc_obj *obj; 1430 const char *aname; 1431 1432 if ((obj = elf_config_ent(oname, (Word)elf_hash(oname), 1433 0, &aname)) != 0) { 1434 /* 1435 * If the configuration file states that this path is a 1436 * directory, or the path is explicitly defined as 1437 * non-existent (ie. a unused platform specific 1438 * library), then go no further. 1439 */ 1440 if (obj->co_flags & RTC_OBJ_DIRENT) { 1441 err = EISDIR; 1442 } else if ((obj->co_flags & 1443 (RTC_OBJ_NOEXIST | RTC_OBJ_ALTER)) == 1444 RTC_OBJ_NOEXIST) { 1445 err = ENOENT; 1446 } else if ((obj->co_flags & RTC_OBJ_ALTER) && 1447 (rtld_flags & RT_FL_OBJALT) && (lml == &lml_main)) { 1448 int ret; 1449 1450 fdesc->fd_flags |= FLG_FD_ALTER; 1451 /* 1452 * Attempt to open the alternative path. If 1453 * this fails, and the alternative is flagged 1454 * as optional, fall through to open the 1455 * original path. 1456 */ 1457 DBG_CALL(Dbg_libs_found(lml, aname, 1458 FLG_FD_ALTER)); 1459 if (((ret = file_open(0, lml, oname, aname, 1460 clmp, flags, fdesc, rej, in_nfavl)) != 0) || 1461 ((obj->co_flags & RTC_OBJ_OPTINAL) == 0)) 1462 return (ret); 1463 1464 fdesc->fd_flags &= ~FLG_FD_ALTER; 1465 } 1466 } 1467 } 1468 DBG_CALL(Dbg_libs_found(lml, oname, 0)); 1469 return (file_open(err, lml, oname, oname, clmp, flags, fdesc, 1470 rej, in_nfavl)); 1471 } 1472 1473 /* 1474 * Find a simple filename (it doesn't contain a "/"). 1475 */ 1476 static int 1477 _find_file(Lm_list *lml, const char *oname, const char *nname, Rt_map *clmp, 1478 uint_t flags, Fdesc *fdesc, Rej_desc *rej, Pnode *dir, int aflag, 1479 int *in_nfavl) 1480 { 1481 DBG_CALL(Dbg_libs_found(lml, nname, aflag)); 1482 if ((lml->lm_flags & LML_FLG_TRC_SEARCH) && 1483 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) { 1484 (void) printf(MSG_INTL(MSG_LDD_PTH_TRYING), nname, aflag ? 1485 MSG_INTL(MSG_LDD_FIL_ALTER) : MSG_ORIG(MSG_STR_EMPTY)); 1486 } 1487 1488 /* 1489 * If we're being audited tell the audit library of the file we're about 1490 * to go search for. The audit library may offer an alternative 1491 * dependency, or indicate that this dependency should be ignored. 1492 */ 1493 if ((lml->lm_tflags | FLAGS1(clmp)) & LML_TFLG_AUD_OBJSEARCH) { 1494 char *aname; 1495 1496 if ((aname = audit_objsearch(clmp, nname, 1497 (dir->p_orig & LA_SER_MASK))) == 0) { 1498 DBG_CALL(Dbg_audit_terminate(lml, nname)); 1499 return (0); 1500 } 1501 1502 /* 1503 * Protect ourselves from auditor mischief, by copying any 1504 * alternative name over the present name (the present name is 1505 * maintained in a static buffer - see elf_get_so()); 1506 */ 1507 if (nname != aname) 1508 (void) strncpy((char *)nname, aname, PATH_MAX); 1509 } 1510 return (file_open(0, lml, oname, nname, clmp, flags, fdesc, 1511 rej, in_nfavl)); 1512 } 1513 1514 static int 1515 find_file(Lm_list *lml, const char *oname, Rt_map *clmp, uint_t flags, 1516 Fdesc *fdesc, Rej_desc *rej, Pnode *dir, Word * strhash, size_t olen, 1517 int *in_nfavl) 1518 { 1519 static Rtc_obj Obj = { 0 }; 1520 Rtc_obj *dobj; 1521 const char *nname = oname; 1522 1523 if (dir->p_name == 0) 1524 return (0); 1525 if (dir->p_info) { 1526 dobj = (Rtc_obj *)dir->p_info; 1527 if ((dobj->co_flags & 1528 (RTC_OBJ_NOEXIST | RTC_OBJ_ALTER)) == RTC_OBJ_NOEXIST) 1529 return (0); 1530 } else 1531 dobj = 0; 1532 1533 /* 1534 * If configuration information exists see if this directory/file 1535 * combination exists. 1536 */ 1537 if ((rtld_flags & RT_FL_DIRCFG) && 1538 ((dobj == 0) || (dobj->co_id != 0))) { 1539 Rtc_obj *fobj; 1540 const char *alt = 0; 1541 1542 /* 1543 * If this pnode has not yet been searched for in the 1544 * configuration file go find it. 1545 */ 1546 if (dobj == 0) { 1547 dobj = elf_config_ent(dir->p_name, 1548 (Word)elf_hash(dir->p_name), 0, 0); 1549 if (dobj == 0) 1550 dobj = &Obj; 1551 dir->p_info = (void *)dobj; 1552 1553 if ((dobj->co_flags & (RTC_OBJ_NOEXIST | 1554 RTC_OBJ_ALTER)) == RTC_OBJ_NOEXIST) 1555 return (0); 1556 } 1557 1558 /* 1559 * If we found a directory search for the file. 1560 */ 1561 if (dobj->co_id != 0) { 1562 if (*strhash == 0) 1563 *strhash = (Word)elf_hash(nname); 1564 fobj = elf_config_ent(nname, *strhash, 1565 dobj->co_id, &alt); 1566 1567 /* 1568 * If this object specifically does not exist, or the 1569 * object can't be found in a know-all-entries 1570 * directory, continue looking. If the object does 1571 * exist determine if an alternative object exists. 1572 */ 1573 if (fobj == 0) { 1574 if (dobj->co_flags & RTC_OBJ_ALLENTS) 1575 return (0); 1576 } else { 1577 if ((fobj->co_flags & (RTC_OBJ_NOEXIST | 1578 RTC_OBJ_ALTER)) == RTC_OBJ_NOEXIST) 1579 return (0); 1580 1581 if ((fobj->co_flags & RTC_OBJ_ALTER) && 1582 (rtld_flags & RT_FL_OBJALT) && 1583 (lml == &lml_main)) { 1584 int ret; 1585 1586 fdesc->fd_flags |= FLG_FD_ALTER; 1587 /* 1588 * Attempt to open the alternative path. 1589 * If this fails, and the alternative is 1590 * flagged as optional, fall through to 1591 * open the original path. 1592 */ 1593 ret = _find_file(lml, oname, alt, clmp, 1594 flags, fdesc, rej, dir, 1, 1595 in_nfavl); 1596 if (ret || ((fobj->co_flags & 1597 RTC_OBJ_OPTINAL) == 0)) 1598 return (ret); 1599 1600 fdesc->fd_flags &= ~FLG_FD_ALTER; 1601 } 1602 } 1603 } 1604 } 1605 1606 /* 1607 * Protect ourselves from building an invalid pathname. 1608 */ 1609 if ((olen + dir->p_len + 1) >= PATH_MAX) { 1610 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), nname, 1611 strerror(ENAMETOOLONG)); 1612 return (0); 1613 } 1614 if ((nname = (LM_GET_SO(clmp)(dir->p_name, nname))) == 0) 1615 return (0); 1616 1617 return (_find_file(lml, oname, nname, clmp, flags, fdesc, rej, 1618 dir, 0, in_nfavl)); 1619 } 1620 1621 /* 1622 * A unique file has been opened. Create a link-map to represent it, and 1623 * process the various names by which it can be referenced. 1624 */ 1625 static Rt_map * 1626 load_file(Lm_list *lml, Aliste lmco, Fdesc *fdesc, int *in_nfavl) 1627 { 1628 const char *oname = fdesc->fd_oname; 1629 const char *nname = fdesc->fd_nname; 1630 Rt_map *nlmp; 1631 1632 /* 1633 * Typically we call fct_map_so() with the full pathname of the opened 1634 * file (nname) and the name that started the search (oname), thus for 1635 * a typical dependency on libc this would be /usr/lib/libc.so.1 and 1636 * libc.so.1 (DT_NEEDED). The original name is maintained on an ALIAS 1637 * list for comparison when bringing in new dependencies. If the user 1638 * specified name as a full path (from a dlopen() for example) then 1639 * there's no need to create an ALIAS. 1640 */ 1641 if (strcmp(oname, nname) == 0) 1642 oname = 0; 1643 1644 /* 1645 * A new file has been opened, now map it into the process. Close the 1646 * original file so as not to accumulate file descriptors. 1647 */ 1648 nlmp = ((fdesc->fd_ftp)->fct_map_so)(lml, lmco, nname, oname, 1649 fdesc->fd_fd, in_nfavl); 1650 (void) close(fdesc->fd_fd); 1651 fdesc->fd_fd = 0; 1652 1653 if (nlmp == 0) 1654 return (0); 1655 1656 /* 1657 * Save the dev/inode information for later comparisons. 1658 */ 1659 STDEV(nlmp) = fdesc->fd_dev; 1660 STINO(nlmp) = fdesc->fd_ino; 1661 1662 /* 1663 * Insert the names of this link-map into the FullpathNode AVL tree. 1664 * Save both the NAME() and PATHNAME() is they differ. 1665 * 1666 * If this is an OBJECT file, don't insert it yet as this is only a 1667 * temporary link-map. During elf_obj_fini() the final link-map is 1668 * created, and its names will be inserted in the FullpathNode AVL 1669 * tree at that time. 1670 */ 1671 if ((FLAGS(nlmp) & FLG_RT_OBJECT) == 0) { 1672 /* 1673 * Update the objects full path information if necessary. 1674 * Note, with pathname expansion in effect, the fd_pname will 1675 * be used as PATHNAME(). This allocated string will be freed 1676 * should this object be deleted. However, without pathname 1677 * expansion, the fd_name should be freed now, as it is no 1678 * longer referenced. 1679 */ 1680 if (FLAGS1(nlmp) & FL1_RT_RELATIVE) 1681 (void) fullpath(nlmp, fdesc->fd_pname); 1682 else if (fdesc->fd_pname != fdesc->fd_nname) 1683 free((void *)fdesc->fd_pname); 1684 fdesc->fd_pname = 0; 1685 1686 if ((NAME(nlmp)[0] == '/') && (fpavl_insert(lml, nlmp, 1687 NAME(nlmp), fdesc->fd_avlwhere) == 0)) { 1688 remove_so(lml, nlmp); 1689 return (0); 1690 } 1691 if (((NAME(nlmp)[0] != '/') || 1692 (NAME(nlmp) != PATHNAME(nlmp))) && 1693 (fpavl_insert(lml, nlmp, PATHNAME(nlmp), 0) == 0)) { 1694 remove_so(lml, nlmp); 1695 return (0); 1696 } 1697 } 1698 1699 /* 1700 * If we're processing an alternative object reset the original name 1701 * for possible $ORIGIN processing. 1702 */ 1703 if (fdesc->fd_flags & FLG_FD_ALTER) { 1704 const char *odir; 1705 char *ndir; 1706 size_t olen; 1707 1708 FLAGS(nlmp) |= FLG_RT_ALTER; 1709 1710 /* 1711 * If we were given a pathname containing a slash then the 1712 * original name is still in oname. Otherwise the original 1713 * directory is in dir->p_name (which is all we need for 1714 * $ORIGIN). 1715 */ 1716 if (fdesc->fd_flags & FLG_FD_SLASH) { 1717 char *ofil; 1718 1719 odir = oname; 1720 ofil = strrchr(oname, '/'); 1721 olen = ofil - odir + 1; 1722 } else { 1723 odir = fdesc->fd_odir; 1724 olen = strlen(odir) + 1; 1725 } 1726 1727 if ((ndir = (char *)malloc(olen)) == 0) { 1728 remove_so(lml, nlmp); 1729 return (0); 1730 } 1731 (void) strncpy(ndir, odir, olen); 1732 ndir[--olen] = '\0'; 1733 1734 ORIGNAME(nlmp) = ndir; 1735 DIRSZ(nlmp) = olen; 1736 } 1737 1738 /* 1739 * Identify this as a new object. 1740 */ 1741 FLAGS(nlmp) |= FLG_RT_NEWLOAD; 1742 1743 return (nlmp); 1744 } 1745 1746 /* 1747 * This function loads the named file and returns a pointer to its link map. 1748 * It is assumed that the caller has already checked that the file is not 1749 * already loaded before calling this function (refer is_so_loaded()). 1750 * Find and open the file, map it into memory, add it to the end of the list 1751 * of link maps and return a pointer to the new link map. Return 0 on error. 1752 */ 1753 static Rt_map * 1754 load_so(Lm_list *lml, Aliste lmco, const char *oname, Rt_map *clmp, 1755 uint_t flags, Fdesc *nfdp, Rej_desc *rej, int *in_nfavl) 1756 { 1757 char *name; 1758 uint_t slash = 0; 1759 size_t olen; 1760 Fdesc fdesc = { 0 }; 1761 Pnode *dir; 1762 1763 /* 1764 * If the file is the run time linker then it's already loaded. 1765 */ 1766 if (interp && (strcmp(oname, NAME(lml_rtld.lm_head)) == 0)) 1767 return (lml_rtld.lm_head); 1768 1769 /* 1770 * If this isn't a hardware capabilities pathname, which is already a 1771 * full, duplicated pathname, determine whether the pathname contains 1772 * a slash, and if not determine the input filename (for max path 1773 * length verification). 1774 */ 1775 if ((flags & FLG_RT_HWCAP) == 0) { 1776 const char *str; 1777 1778 for (str = oname; *str; str++) { 1779 if (*str == '/') { 1780 slash++; 1781 break; 1782 } 1783 } 1784 if (slash == 0) 1785 olen = (str - oname) + 1; 1786 } 1787 1788 /* 1789 * If we are passed a 'null' link-map this means that this is the first 1790 * object to be loaded on this link-map list. In that case we set the 1791 * link-map to ld.so.1's link-map. 1792 * 1793 * This link-map is referenced to determine what lookup rules to use 1794 * when searching for files. By using ld.so.1's we are defaulting to 1795 * ELF look-up rules. 1796 * 1797 * Note: This case happens when loading the first object onto 1798 * the plt_tracing link-map. 1799 */ 1800 if (clmp == 0) 1801 clmp = lml_rtld.lm_head; 1802 1803 /* 1804 * If this path resulted from a $HWCAP specification, then the best 1805 * hardware capability object has already been establish, and is 1806 * available in the calling file descriptor. Perform some minor book- 1807 * keeping so that we can fall through into common code. 1808 */ 1809 if (flags & FLG_RT_HWCAP) { 1810 /* 1811 * If this object is already loaded, we're done. 1812 */ 1813 if (nfdp->fd_lmp) 1814 return (nfdp->fd_lmp); 1815 1816 /* 1817 * Obtain the avl index for this object. 1818 */ 1819 (void) fpavl_recorded(lml, nfdp->fd_nname, 1820 &(nfdp->fd_avlwhere)); 1821 1822 /* 1823 * If the name and resolved pathname differ, duplicate the path 1824 * name once more to provide for generic cleanup by the caller. 1825 */ 1826 if (nfdp->fd_pname && (nfdp->fd_nname != nfdp->fd_pname)) { 1827 char *pname; 1828 1829 if ((pname = strdup(nfdp->fd_pname)) == NULL) 1830 return (0); 1831 nfdp->fd_pname = pname; 1832 } 1833 } else if (slash) { 1834 Rej_desc _rej = { 0 }; 1835 1836 *nfdp = fdesc; 1837 nfdp->fd_flags = FLG_FD_SLASH; 1838 1839 if (find_path(lml, oname, clmp, flags, nfdp, 1840 &_rej, in_nfavl) == 0) { 1841 rejection_inherit(rej, &_rej); 1842 return (0); 1843 } 1844 1845 /* 1846 * If this object is already loaded, we're done. 1847 */ 1848 if (nfdp->fd_lmp) 1849 return (nfdp->fd_lmp); 1850 1851 } else { 1852 /* 1853 * No '/' - for each directory on list, make a pathname using 1854 * that directory and filename and try to open that file. 1855 */ 1856 Pnode *dirlist = (Pnode *)0; 1857 Word strhash = 0; 1858 #if !defined(ISSOLOAD_BASENAME_DISABLED) 1859 Rt_map *nlmp; 1860 #endif 1861 DBG_CALL(Dbg_libs_find(lml, oname)); 1862 1863 #if !defined(ISSOLOAD_BASENAME_DISABLED) 1864 if ((nlmp = is_so_loaded(lml, oname, in_nfavl))) 1865 return (nlmp); 1866 #endif 1867 /* 1868 * Make sure we clear the file descriptor new name in case the 1869 * following directory search doesn't provide any directories 1870 * (odd, but this can be forced with a -znodefaultlib test). 1871 */ 1872 *nfdp = fdesc; 1873 for (dir = get_next_dir(&dirlist, clmp, flags); dir; 1874 dir = get_next_dir(&dirlist, clmp, flags)) { 1875 Rej_desc _rej = { 0 }; 1876 1877 *nfdp = fdesc; 1878 1879 /* 1880 * Under debugging, duplicate path name entries are 1881 * tagged but remain part of the search path list so 1882 * that they can be diagnosed under "unused" processing. 1883 * Skip these entries, as this path would have already 1884 * been attempted. 1885 */ 1886 if (dir->p_orig & PN_FLG_DUPLICAT) 1887 continue; 1888 1889 /* 1890 * Try and locate this file. Make sure to clean up 1891 * any rejection information should the file have 1892 * been found, but not appropriate. 1893 */ 1894 if (find_file(lml, oname, clmp, flags, nfdp, &_rej, 1895 dir, &strhash, olen, in_nfavl) == 0) { 1896 rejection_inherit(rej, &_rej); 1897 continue; 1898 } 1899 1900 /* 1901 * Indicate that this search path has been used. If 1902 * this is an LD_LIBRARY_PATH setting, ignore any use 1903 * by ld.so.1 itself. 1904 */ 1905 if (((dir->p_orig & LA_SER_LIBPATH) == 0) || 1906 ((lml->lm_flags & LML_FLG_RTLDLM) == 0)) 1907 dir->p_orig |= PN_FLG_USED; 1908 1909 /* 1910 * If this object is already loaded, we're done. 1911 */ 1912 if (nfdp->fd_lmp) 1913 return (nfdp->fd_lmp); 1914 1915 nfdp->fd_odir = dir->p_name; 1916 break; 1917 } 1918 1919 /* 1920 * If the file couldn't be loaded, do another comparison of 1921 * loaded files using just the basename. This catches folks 1922 * who may have loaded multiple full pathname files (possibly 1923 * from setxid applications) to satisfy dependency relationships 1924 * (i.e., a file might have a dependency on foo.so.1 which has 1925 * already been opened using its full pathname). 1926 */ 1927 if (nfdp->fd_nname == NULL) 1928 return (is_so_loaded(lml, oname, in_nfavl)); 1929 } 1930 1931 /* 1932 * Duplicate the file name so that NAME() is available in core files. 1933 * Note, that hardware capability names are already duplicated, but 1934 * they get duplicated once more to insure consistent cleanup in the 1935 * event of an error condition. 1936 */ 1937 if ((name = strdup(nfdp->fd_nname)) == NULL) 1938 return (0); 1939 1940 if (nfdp->fd_nname == nfdp->fd_pname) 1941 nfdp->fd_nname = nfdp->fd_pname = name; 1942 else 1943 nfdp->fd_nname = name; 1944 1945 /* 1946 * Finish mapping the file and return the link-map descriptor. Note, 1947 * if this request originated from a HWCAP request, re-establish the 1948 * fdesc information. For single paged objects, such as filters, the 1949 * original mapping may have been sufficient to capture the file, thus 1950 * this mapping needs to be reset to insure it doesn't mistakenly get 1951 * unmapped as part of HWCAP cleanup. 1952 */ 1953 return (load_file(lml, lmco, nfdp, in_nfavl)); 1954 } 1955 1956 /* 1957 * Trace an attempt to load an object. 1958 */ 1959 int 1960 load_trace(Lm_list *lml, const char **oname, Rt_map *clmp) 1961 { 1962 const char *name = *oname; 1963 1964 /* 1965 * First generate any ldd(1) diagnostics. 1966 */ 1967 if ((lml->lm_flags & (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 1968 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 1969 (void) printf(MSG_INTL(MSG_LDD_FIL_FIND), name, NAME(clmp)); 1970 1971 /* 1972 * If we're being audited tell the audit library of the file we're 1973 * about to go search for. 1974 */ 1975 if (((lml->lm_tflags | FLAGS1(clmp)) & LML_TFLG_AUD_ACTIVITY) && 1976 (lml == LIST(clmp))) 1977 audit_activity(clmp, LA_ACT_ADD); 1978 1979 if ((lml->lm_tflags | FLAGS1(clmp)) & LML_TFLG_AUD_OBJSEARCH) { 1980 char *aname = audit_objsearch(clmp, name, LA_SER_ORIG); 1981 1982 /* 1983 * The auditor can indicate that this object should be ignored. 1984 */ 1985 if (aname == NULL) { 1986 DBG_CALL(Dbg_audit_terminate(lml, name)); 1987 return (0); 1988 } 1989 1990 /* 1991 * Protect ourselves from auditor mischief, by duplicating any 1992 * alternative name. The original name has been allocated from 1993 * expand(), so free this allocation before using the audit 1994 * alternative. 1995 */ 1996 if (name != aname) { 1997 if ((aname = strdup(aname)) == NULL) { 1998 eprintf(lml, ERR_FATAL, 1999 MSG_INTL(MSG_GEN_AUDITERM), name); 2000 return (0); 2001 } 2002 free((void *)*oname); 2003 *oname = aname; 2004 } 2005 } 2006 return (1); 2007 } 2008 2009 /* 2010 * Having loaded an object and created a link-map to describe it, finish 2011 * processing this stage, including verifying any versioning requirements, 2012 * updating the objects mode, creating a handle if necessary, and adding this 2013 * object to existing handles if required. 2014 */ 2015 static int 2016 load_finish(Lm_list *lml, const char *name, Rt_map *clmp, int nmode, 2017 uint_t flags, Grp_hdl **hdl, Rt_map *nlmp) 2018 { 2019 Aliste idx; 2020 Grp_hdl *ghp; 2021 int promote; 2022 2023 /* 2024 * If this dependency is associated with a required version insure that 2025 * the version is present in the loaded file. 2026 */ 2027 if (((rtld_flags & RT_FL_NOVERSION) == 0) && 2028 (FCT(clmp) == &elf_fct) && VERNEED(clmp) && 2029 (LM_VERIFY_VERS(clmp)(name, clmp, nlmp) == 0)) 2030 return (0); 2031 2032 /* 2033 * If this object has indicated that it should be isolated as a group 2034 * (DT_FLAGS_1 contains DF_1_GROUP - object was built with -B group), 2035 * or if the callers direct bindings indicate it should be isolated as 2036 * a group (DYNINFO flags contains FLG_DI_GROUP - dependency followed 2037 * -zgroupperm), establish the appropriate mode. 2038 * 2039 * The intent of an object defining itself as a group is to isolate the 2040 * relocation of the group within its own members, however, unless 2041 * opened through dlopen(), in which case we assume dlsym() will be used 2042 * to located symbols in the new object, we still need to associate it 2043 * with the caller for it to be bound with. This is equivalent to a 2044 * dlopen(RTLD_GROUP) and dlsym() using the returned handle. 2045 */ 2046 if ((FLAGS(nlmp) | flags) & FLG_RT_SETGROUP) { 2047 nmode &= ~RTLD_WORLD; 2048 nmode |= RTLD_GROUP; 2049 2050 /* 2051 * If the object wasn't explicitly dlopen()'ed associate it with 2052 * the parent. 2053 */ 2054 if ((flags & FLG_RT_HANDLE) == 0) 2055 nmode |= RTLD_PARENT; 2056 } 2057 2058 /* 2059 * Establish new mode and flags. 2060 * 2061 * For patch backward compatibility, the following use of update_mode() 2062 * is disabled. 2063 */ 2064 #ifdef SIEBEL_DISABLE 2065 if (rtld_flags & RT_FL_DISFIX_1) 2066 promote = MODE(nlmp) |= 2067 (nmode & ~(RTLD_PARENT | RTLD_NOLOAD | RTLD_FIRST)); 2068 else 2069 #endif 2070 promote = update_mode(nlmp, MODE(nlmp), nmode); 2071 2072 FLAGS(nlmp) |= flags; 2073 2074 /* 2075 * If this is a global object, ensure the associated link-map list can 2076 * be rescanned for global, lazy dependencies. 2077 */ 2078 if (MODE(nlmp) & RTLD_GLOBAL) 2079 LIST(nlmp)->lm_flags &= ~LML_FLG_NOPENDGLBLAZY; 2080 2081 /* 2082 * If we've been asked to establish a handle create one for this object. 2083 * Or, if this object has already been analyzed, but this reference 2084 * requires that the mode of the object be promoted, also create a 2085 * handle to propagate the new modes to all this objects dependencies. 2086 */ 2087 if (((FLAGS(nlmp) | flags) & FLG_RT_HANDLE) || (promote && 2088 (FLAGS(nlmp) & FLG_RT_ANALYZED))) { 2089 uint_t oflags, hflags = 0, cdflags; 2090 2091 /* 2092 * Establish any flags for the handle (Grp_hdl). 2093 * 2094 * . Use of the RTLD_FIRST flag indicates that only the first 2095 * dependency on the handle (the new object) can be used 2096 * to satisfy dlsym() requests. 2097 */ 2098 if (nmode & RTLD_FIRST) 2099 hflags = GPH_FIRST; 2100 2101 /* 2102 * Establish the flags for this callers dependency descriptor 2103 * (Grp_desc). 2104 * 2105 * . The creation of a handle associated a descriptor for the 2106 * new object and descriptor for the parent (caller). 2107 * Typically, the handle is created for dlopen() or for 2108 * filtering. A handle may also be created to promote 2109 * the callers modes (RTLD_NOW) to the new object. In this 2110 * latter case, the handle/descriptor are torn down once 2111 * the mode propagation has occurred. 2112 * 2113 * . Use of the RTLD_PARENT flag indicates that the parent 2114 * can be relocated against. 2115 */ 2116 if (((FLAGS(nlmp) | flags) & FLG_RT_HANDLE) == 0) 2117 cdflags = GPD_PROMOTE; 2118 else 2119 cdflags = GPD_PARENT; 2120 if (nmode & RTLD_PARENT) 2121 cdflags |= GPD_RELOC; 2122 2123 /* 2124 * Now that a handle is being created, remove this state from 2125 * the object so that it doesn't mistakenly get inherited by 2126 * a dependency. 2127 */ 2128 oflags = FLAGS(nlmp); 2129 FLAGS(nlmp) &= ~FLG_RT_HANDLE; 2130 2131 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 2132 if ((ghp = hdl_create(lml, nlmp, clmp, hflags, 2133 (GPD_DLSYM | GPD_RELOC | GPD_ADDEPS), cdflags)) == 0) 2134 return (0); 2135 2136 /* 2137 * Add any dependencies that are already loaded, to the handle. 2138 */ 2139 if (hdl_initialize(ghp, nlmp, nmode, promote) == 0) 2140 return (0); 2141 2142 if (hdl) 2143 *hdl = ghp; 2144 2145 /* 2146 * If we were asked to create a handle, we're done. 2147 */ 2148 if ((oflags | flags) & FLG_RT_HANDLE) 2149 return (1); 2150 2151 /* 2152 * If the handle was created to promote modes from the parent 2153 * (caller) to the new object, then this relationship needs to 2154 * be removed to ensure the handle doesn't prevent the new 2155 * objects from being deleted if required. If the parent is 2156 * the only dependency on the handle, then the handle can be 2157 * completely removed. However, the handle may have already 2158 * existed, in which case only the parent descriptor can be 2159 * deleted from the handle, or at least the GPD_PROMOTE flag 2160 * removed from the descriptor. 2161 * 2162 * Fall through to carry out any group processing. 2163 */ 2164 free_hdl(ghp, clmp, GPD_PROMOTE); 2165 } 2166 2167 /* 2168 * If the caller isn't part of a group we're done. 2169 */ 2170 if (GROUPS(clmp) == NULL) 2171 return (1); 2172 2173 /* 2174 * Determine if our caller is already associated with a handle, if so 2175 * we need to add this object to any handles that already exist. 2176 * Traverse the list of groups our caller is a member of and add this 2177 * new link-map to those groups. 2178 */ 2179 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 2180 for (APLIST_TRAVERSE(GROUPS(clmp), idx, ghp)) { 2181 Aliste idx1; 2182 Grp_desc *gdp; 2183 int exist; 2184 Rt_map *dlmp1; 2185 APlist *lmalp = NULL; 2186 2187 /* 2188 * If the caller doesn't indicate that its dependencies should 2189 * be added to a handle, ignore it. This case identifies a 2190 * parent of a dlopen(RTLD_PARENT) request. 2191 */ 2192 for (ALIST_TRAVERSE(ghp->gh_depends, idx1, gdp)) { 2193 if (gdp->gd_depend == clmp) 2194 break; 2195 } 2196 if ((gdp->gd_flags & GPD_ADDEPS) == 0) 2197 continue; 2198 2199 if ((exist = hdl_add(ghp, nlmp, 2200 (GPD_DLSYM | GPD_RELOC | GPD_ADDEPS))) == 0) 2201 return (0); 2202 2203 /* 2204 * If this member already exists then its dependencies will 2205 * have already been processed. 2206 */ 2207 if (exist == ALE_EXISTS) 2208 continue; 2209 2210 /* 2211 * If the object we've added has just been opened, it will not 2212 * yet have been processed for its dependencies, these will be 2213 * added on later calls to load_one(). If it doesn't have any 2214 * dependencies we're also done. 2215 */ 2216 if (((FLAGS(nlmp) & FLG_RT_ANALYZED) == 0) || 2217 (DEPENDS(nlmp) == NULL)) 2218 continue; 2219 2220 /* 2221 * Otherwise, this object exists and has dependencies, so add 2222 * all of its dependencies to the handle were operating on. 2223 */ 2224 if (aplist_append(&lmalp, nlmp, AL_CNT_DEPCLCT) == 0) 2225 return (0); 2226 2227 for (APLIST_TRAVERSE(lmalp, idx1, dlmp1)) { 2228 Aliste idx2; 2229 Bnd_desc *bdp; 2230 2231 /* 2232 * Add any dependencies of this dependency to the 2233 * dynamic dependency list so they can be further 2234 * processed. 2235 */ 2236 for (APLIST_TRAVERSE(DEPENDS(dlmp1), idx2, bdp)) { 2237 Rt_map *dlmp2 = bdp->b_depend; 2238 2239 if ((bdp->b_flags & BND_NEEDED) == 0) 2240 continue; 2241 2242 if (aplist_test(&lmalp, dlmp2, 2243 AL_CNT_DEPCLCT) == 0) { 2244 free(lmalp); 2245 return (0); 2246 } 2247 } 2248 2249 if (nlmp == dlmp1) 2250 continue; 2251 2252 if ((exist = hdl_add(ghp, dlmp1, 2253 (GPD_DLSYM | GPD_RELOC | GPD_ADDEPS))) != 0) { 2254 if (exist == ALE_CREATE) { 2255 (void) update_mode(dlmp1, MODE(dlmp1), 2256 nmode); 2257 } 2258 continue; 2259 } 2260 free(lmalp); 2261 return (0); 2262 } 2263 free(lmalp); 2264 } 2265 return (1); 2266 } 2267 2268 /* 2269 * The central routine for loading shared objects. Insures ldd() diagnostics, 2270 * handles and any other related additions are all done in one place. 2271 */ 2272 static Rt_map * 2273 _load_path(Lm_list *lml, Aliste lmco, const char **oname, Rt_map *clmp, 2274 int nmode, uint_t flags, Grp_hdl ** hdl, Fdesc *nfdp, Rej_desc *rej, 2275 int *in_nfavl) 2276 { 2277 Rt_map *nlmp; 2278 const char *name = *oname; 2279 2280 if ((nmode & RTLD_NOLOAD) == 0) { 2281 /* 2282 * If this isn't a noload request attempt to load the file. 2283 * Note, the name of the file may be changed by an auditor. 2284 */ 2285 if ((load_trace(lml, oname, clmp)) == 0) 2286 return (0); 2287 2288 name = *oname; 2289 2290 if ((nlmp = load_so(lml, lmco, name, clmp, flags, 2291 nfdp, rej, in_nfavl)) == 0) 2292 return (0); 2293 2294 /* 2295 * If we've loaded a library which identifies itself as not 2296 * being dlopen()'able catch it here. Let non-dlopen()'able 2297 * objects through under RTLD_CONFGEN as they're only being 2298 * mapped to be dldump()'ed. 2299 */ 2300 if ((rtld_flags & RT_FL_APPLIC) && ((FLAGS(nlmp) & 2301 (FLG_RT_NOOPEN | FLG_RT_RELOCED)) == FLG_RT_NOOPEN) && 2302 ((nmode & RTLD_CONFGEN) == 0)) { 2303 Rej_desc _rej = { 0 }; 2304 2305 _rej.rej_name = name; 2306 _rej.rej_type = SGS_REJ_STR; 2307 _rej.rej_str = MSG_INTL(MSG_GEN_NOOPEN); 2308 DBG_CALL(Dbg_file_rejected(lml, &_rej, M_MACH)); 2309 rejection_inherit(rej, &_rej); 2310 remove_so(lml, nlmp); 2311 return (0); 2312 } 2313 } else { 2314 /* 2315 * If it's a NOLOAD request - check to see if the object 2316 * has already been loaded. 2317 */ 2318 /* LINTED */ 2319 if (nlmp = is_so_loaded(lml, name, in_nfavl)) { 2320 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 2321 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) { 2322 (void) printf(MSG_INTL(MSG_LDD_FIL_FIND), name, 2323 NAME(clmp)); 2324 /* BEGIN CSTYLED */ 2325 if (*name == '/') 2326 (void) printf(MSG_ORIG(MSG_LDD_FIL_PATH), 2327 name, MSG_ORIG(MSG_STR_EMPTY), 2328 MSG_ORIG(MSG_STR_EMPTY)); 2329 else 2330 (void) printf(MSG_ORIG(MSG_LDD_FIL_EQUIV), 2331 name, NAME(nlmp), 2332 MSG_ORIG(MSG_STR_EMPTY), 2333 MSG_ORIG(MSG_STR_EMPTY)); 2334 /* END CSTYLED */ 2335 } 2336 } else { 2337 Rej_desc _rej = { 0 }; 2338 2339 _rej.rej_name = name; 2340 _rej.rej_type = SGS_REJ_STR; 2341 _rej.rej_str = strerror(ENOENT); 2342 DBG_CALL(Dbg_file_rejected(lml, &_rej, M_MACH)); 2343 rejection_inherit(rej, &_rej); 2344 return (0); 2345 } 2346 } 2347 2348 /* 2349 * Finish processing this loaded object. 2350 */ 2351 if (load_finish(lml, name, clmp, nmode, flags, hdl, nlmp) == 0) { 2352 FLAGS(nlmp) &= ~FLG_RT_NEWLOAD; 2353 2354 /* 2355 * If this object has already been analyzed, then it is in use, 2356 * so even though this operation has failed, it should not be 2357 * torn down. 2358 */ 2359 if ((FLAGS(nlmp) & FLG_RT_ANALYZED) == 0) 2360 remove_so(lml, nlmp); 2361 return (0); 2362 } 2363 2364 /* 2365 * If this object is new, and we're being audited, tell the audit 2366 * library of the file we've just opened. Note, if the new link-map 2367 * requires local auditing of its dependencies we also register its 2368 * opening. 2369 */ 2370 if (FLAGS(nlmp) & FLG_RT_NEWLOAD) { 2371 FLAGS(nlmp) &= ~FLG_RT_NEWLOAD; 2372 2373 if (((lml->lm_tflags | FLAGS1(clmp) | FLAGS1(nlmp)) & 2374 LML_TFLG_AUD_MASK) && (((lml->lm_flags | 2375 LIST(clmp)->lm_flags) & LML_FLG_NOAUDIT) == 0)) { 2376 if (audit_objopen(clmp, nlmp) == 0) { 2377 remove_so(lml, nlmp); 2378 return (0); 2379 } 2380 } 2381 } 2382 return (nlmp); 2383 } 2384 2385 Rt_map * 2386 load_path(Lm_list *lml, Aliste lmco, const char **name, Rt_map *clmp, int nmode, 2387 uint_t flags, Grp_hdl **hdl, Fdesc *cfdp, Rej_desc *rej, int *in_nfavl) 2388 { 2389 Rt_map *lmp; 2390 Fdesc nfdp = { 0 }; 2391 2392 /* 2393 * If this path resulted from a $HWCAP specification, then the best 2394 * hardware capability object has already been establish, and is 2395 * available in the calling file descriptor. 2396 */ 2397 if (flags & FLG_RT_HWCAP) { 2398 if (cfdp->fd_lmp == 0) { 2399 /* 2400 * If this object hasn't yet been mapped, re-establish 2401 * the file descriptor structure to reflect this objects 2402 * original initial page mapping. Make sure any present 2403 * file descriptor mapping is removed before overwriting 2404 * the structure. 2405 */ 2406 #if defined(MAP_ALIGN) 2407 if (fmap->fm_maddr && 2408 ((fmap->fm_mflags & MAP_ALIGN) == 0)) 2409 #else 2410 if (fmap->fm_maddr) 2411 #endif 2412 (void) munmap(fmap->fm_maddr, fmap->fm_msize); 2413 2414 *fmap = cfdp->fd_fmap; 2415 } 2416 nfdp = *cfdp; 2417 } 2418 2419 lmp = _load_path(lml, lmco, name, clmp, nmode, flags, hdl, &nfdp, 2420 rej, in_nfavl); 2421 2422 /* 2423 * If this path originated from a $HWCAP specification, re-establish the 2424 * fdesc information. For single paged objects, such as filters, the 2425 * original mapping may have been sufficient to capture the file, thus 2426 * this mapping needs to be reset to insure it doesn't mistakenly get 2427 * unmapped as part of HWCAP cleanup. 2428 */ 2429 if ((flags & FLG_RT_HWCAP) && (cfdp->fd_lmp == 0)) { 2430 cfdp->fd_fmap.fm_maddr = fmap->fm_maddr; 2431 cfdp->fd_fmap.fm_mflags = fmap->fm_mflags; 2432 cfdp->fd_fd = nfdp.fd_fd; 2433 } 2434 2435 return (lmp); 2436 } 2437 2438 /* 2439 * Load one object from a possible list of objects. Typically, for requests 2440 * such as NEEDED's, only one object is specified. However, this object could 2441 * be specified using $ISALIST or $HWCAP, in which case only the first object 2442 * that can be loaded is used (ie. the best). 2443 */ 2444 Rt_map * 2445 load_one(Lm_list *lml, Aliste lmco, Pnode *pnp, Rt_map *clmp, int mode, 2446 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 2447 { 2448 Rej_desc rej = { 0 }; 2449 Pnode *tpnp; 2450 const char *name; 2451 2452 for (tpnp = pnp; tpnp && tpnp->p_name; tpnp = tpnp->p_next) { 2453 Rt_map *tlmp; 2454 2455 /* 2456 * A Hardware capabilities requirement can itself expand into 2457 * a number of candidates. 2458 */ 2459 if (tpnp->p_orig & PN_TKN_HWCAP) { 2460 if ((tlmp = load_hwcap(lml, lmco, tpnp->p_name, clmp, 2461 mode, (flags | FLG_RT_HWCAP), hdl, &rej, 2462 in_nfavl)) != 0) { 2463 remove_rej(&rej); 2464 return (tlmp); 2465 } 2466 } else { 2467 if ((tlmp = load_path(lml, lmco, &tpnp->p_name, clmp, 2468 mode, flags, hdl, 0, &rej, in_nfavl)) != 0) { 2469 remove_rej(&rej); 2470 return (tlmp); 2471 } 2472 } 2473 } 2474 2475 /* 2476 * If this pathname originated from an expanded token, use the original 2477 * for any diagnostic output. 2478 */ 2479 if ((name = pnp->p_oname) == 0) 2480 name = pnp->p_name; 2481 2482 file_notfound(lml, name, clmp, flags, &rej); 2483 remove_rej(&rej); 2484 return (0); 2485 } 2486 2487 /* 2488 * Determine whether a symbol is defined as an interposer. 2489 */ 2490 int 2491 is_sym_interposer(Rt_map *lmp, Sym *sym) 2492 { 2493 Syminfo *sip = SYMINFO(lmp); 2494 2495 if (sip) { 2496 ulong_t ndx; 2497 2498 ndx = (((ulong_t)sym - (ulong_t)SYMTAB(lmp)) / SYMENT(lmp)); 2499 /* LINTED */ 2500 sip = (Syminfo *)((char *)sip + (ndx * SYMINENT(lmp))); 2501 if (sip->si_flags & SYMINFO_FLG_INTERPOSE) 2502 return (1); 2503 } 2504 return (0); 2505 } 2506 2507 /* 2508 * While processing direct or group bindings, determine whether the object to 2509 * which we've bound can be interposed upon. In this context, copy relocations 2510 * are a form of interposition. 2511 */ 2512 static Sym * 2513 lookup_sym_interpose(Slookup *slp, Rt_map **dlmp, uint_t *binfo, Lm_list *lml, 2514 Sym *osym, int *in_nfavl) 2515 { 2516 Rt_map *lmp; 2517 Slookup sl; 2518 2519 /* 2520 * If we've bound to a copy relocation definition then we need to assign 2521 * this binding to the original copy reference. Fabricate an inter- 2522 * position diagnostic, as this is a legitimate form of interposition. 2523 */ 2524 if (FLAGS1(*dlmp) & FL1_RT_COPYTOOK) { 2525 Rel_copy *rcp; 2526 Aliste idx; 2527 2528 for (ALIST_TRAVERSE(COPY_R(*dlmp), idx, rcp)) { 2529 if ((osym == rcp->r_dsym) || (osym->st_value && 2530 (osym->st_value == rcp->r_dsym->st_value))) { 2531 *dlmp = rcp->r_rlmp; 2532 *binfo |= 2533 (DBG_BINFO_INTERPOSE | DBG_BINFO_COPYREF); 2534 return (rcp->r_rsym); 2535 } 2536 } 2537 } 2538 2539 /* 2540 * Prior to Solaris 8, external references from an executable that were 2541 * bound to an uninitialized variable (.bss) within a shared object did 2542 * not establish a copy relocation. This was thought to be an 2543 * optimization, to prevent copying zero's to zero's. Typically, 2544 * interposition took its course, with the shared object binding to the 2545 * executables data definition. 2546 * 2547 * This scenario can be broken when this old executable runs against a 2548 * new shared object that is directly bound. With no copy-relocation 2549 * record, ld.so.1 has no data to trigger the normal vectoring of the 2550 * binding to the executable. 2551 * 2552 * Starting with Solaris 8, a DT_FLAGS entry is written to all objects, 2553 * regardless of there being any DF_ flags entries. Therefore, an 2554 * object without this dynamic tag is susceptible to the copy relocation 2555 * issue. If the executable has no DT_FLAGS tag, and contains the same 2556 * .bss symbol definition as has been directly bound to, redirect the 2557 * binding to the executables data definition. 2558 */ 2559 lmp = lml->lm_head; 2560 sl = *slp; 2561 sl.sl_imap = lmp; 2562 if (((FLAGS2(lmp) & FL2_RT_DTFLAGS) == 0) && 2563 copy_zerobits(*dlmp, osym)) { 2564 Rt_map *ilmp; 2565 Sym *isym; 2566 2567 /* 2568 * Determine whether the same symbol name exists within the 2569 * executable, that the size and type of symbol are the same, 2570 * and that the symbol is also associated with .bss. 2571 */ 2572 if (((isym = SYMINTP(lmp)(&sl, &ilmp, binfo, 2573 in_nfavl)) != NULL) && (isym->st_size == osym->st_size) && 2574 (isym->st_info == osym->st_info) && 2575 copy_zerobits(lmp, isym)) { 2576 *dlmp = lmp; 2577 *binfo |= (DBG_BINFO_INTERPOSE | DBG_BINFO_COPYREF); 2578 return (isym); 2579 } 2580 } 2581 2582 if ((lml->lm_flags & LML_FLG_INTRPOSE) == 0) 2583 return ((Sym *)0); 2584 2585 /* 2586 * Traverse the list of known interposers to determine whether any 2587 * offer the same symbol. Note, the head of the link-map could be 2588 * identified as an interposer. Otherwise, skip the head of the 2589 * link-map, so that we don't bind to any .plt references, or 2590 * copy-relocation destinations unintentionally. 2591 */ 2592 lmp = lml->lm_head; 2593 sl = *slp; 2594 if (((FLAGS(lmp) & MSK_RT_INTPOSE) == 0) || (sl.sl_flags & LKUP_COPY)) 2595 lmp = (Rt_map *)NEXT(lmp); 2596 2597 for (; lmp; lmp = (Rt_map *)NEXT(lmp)) { 2598 if (FLAGS(lmp) & FLG_RT_DELETE) 2599 continue; 2600 if ((FLAGS(lmp) & MSK_RT_INTPOSE) == 0) 2601 break; 2602 2603 if (callable(lmp, *dlmp, 0, sl.sl_flags)) { 2604 Rt_map *ilmp; 2605 Sym *isym; 2606 2607 sl.sl_imap = lmp; 2608 if (isym = SYMINTP(lmp)(&sl, &ilmp, binfo, in_nfavl)) { 2609 /* 2610 * If this object provides individual symbol 2611 * interposers, make sure that the symbol we 2612 * have found is tagged as an interposer. 2613 */ 2614 if ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 2615 (is_sym_interposer(ilmp, isym) == 0)) 2616 continue; 2617 2618 /* 2619 * Indicate this binding has occurred to an 2620 * interposer, and return the symbol. 2621 */ 2622 *binfo |= DBG_BINFO_INTERPOSE; 2623 *dlmp = ilmp; 2624 return (isym); 2625 } 2626 } 2627 } 2628 return ((Sym *)0); 2629 } 2630 2631 /* 2632 * If an object specifies direct bindings (it contains a syminfo structure 2633 * describing where each binding was established during link-editing, and the 2634 * object was built -Bdirect), then look for the symbol in the specific object. 2635 */ 2636 static Sym * 2637 lookup_sym_direct(Slookup *slp, Rt_map **dlmp, uint_t *binfo, Syminfo *sip, 2638 Rt_map *lmp, int *in_nfavl) 2639 { 2640 Rt_map *clmp = slp->sl_cmap; 2641 Sym *sym; 2642 Slookup sl; 2643 2644 /* 2645 * If a direct binding resolves to the definition of a copy relocated 2646 * variable, it must be redirected to the copy (in the executable) that 2647 * will eventually be made. Typically, this redirection occurs in 2648 * lookup_sym_interpose(). But, there's an edge condition. If a 2649 * directly bound executable contains pic code, there may be a 2650 * reference to a definition that will eventually have a copy made. 2651 * However, this copy relocation may not yet have occurred, because 2652 * the relocation making this reference comes before the relocation 2653 * that will create the copy. 2654 * Under direct bindings, the syminfo indicates that a copy will be 2655 * taken (SYMINFO_FLG_COPY). This can only be set in an executable. 2656 * Thus, the caller must be the executable, so bind to the destination 2657 * of the copy within the executable. 2658 */ 2659 if (((slp->sl_flags & LKUP_COPY) == 0) && 2660 (sip->si_flags & SYMINFO_FLG_COPY)) { 2661 2662 slp->sl_imap = LIST(clmp)->lm_head; 2663 if (sym = SYMINTP(clmp)(slp, dlmp, binfo, in_nfavl)) 2664 *binfo |= (DBG_BINFO_DIRECT | DBG_BINFO_COPYREF); 2665 return (sym); 2666 } 2667 2668 /* 2669 * If we need to directly bind to our parent, start looking in each 2670 * callers link map. 2671 */ 2672 sl = *slp; 2673 sl.sl_flags |= LKUP_DIRECT; 2674 sym = 0; 2675 2676 if (sip->si_boundto == SYMINFO_BT_PARENT) { 2677 Aliste idx1; 2678 Bnd_desc *bdp; 2679 Grp_hdl *ghp; 2680 2681 /* 2682 * Determine the parent of this explicit dependency from its 2683 * CALLERS()'s list. 2684 */ 2685 for (APLIST_TRAVERSE(CALLERS(clmp), idx1, bdp)) { 2686 sl.sl_imap = lmp = bdp->b_caller; 2687 if ((sym = SYMINTP(lmp)(&sl, dlmp, binfo, 2688 in_nfavl)) != NULL) 2689 goto found; 2690 } 2691 2692 /* 2693 * A caller can also be defined as the parent of a dlopen() 2694 * call. Determine whether this object has any handles. The 2695 * dependencies maintained with the handle represent the 2696 * explicit dependencies of the dlopen()'ed object, and the 2697 * calling parent. 2698 */ 2699 for (APLIST_TRAVERSE(HANDLES(clmp), idx1, ghp)) { 2700 Grp_desc *gdp; 2701 Aliste idx2; 2702 2703 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2704 if ((gdp->gd_flags & GPD_PARENT) == 0) 2705 continue; 2706 sl.sl_imap = lmp = gdp->gd_depend; 2707 if ((sym = SYMINTP(lmp)(&sl, dlmp, 2708 binfo, in_nfavl)) != NULL) 2709 goto found; 2710 } 2711 } 2712 } else { 2713 /* 2714 * If we need to direct bind to anything else look in the 2715 * link map associated with this symbol reference. 2716 */ 2717 if (sip->si_boundto == SYMINFO_BT_SELF) 2718 sl.sl_imap = lmp = clmp; 2719 else 2720 sl.sl_imap = lmp; 2721 2722 if (lmp) 2723 sym = SYMINTP(lmp)(&sl, dlmp, binfo, in_nfavl); 2724 } 2725 found: 2726 if (sym) 2727 *binfo |= DBG_BINFO_DIRECT; 2728 2729 /* 2730 * If we've bound to an object, determine whether that object can be 2731 * interposed upon for this symbol. 2732 */ 2733 if (sym && (LIST(*dlmp)->lm_head != *dlmp) && 2734 (LIST(*dlmp) == LIST(clmp))) { 2735 Sym *isym; 2736 2737 if ((isym = lookup_sym_interpose(slp, dlmp, binfo, 2738 LIST(*dlmp), sym, in_nfavl)) != 0) 2739 return (isym); 2740 } 2741 2742 return (sym); 2743 } 2744 2745 static Sym * 2746 core_lookup_sym(Rt_map *ilmp, Slookup *slp, Rt_map **dlmp, uint_t *binfo, 2747 Aliste off, int *in_nfavl) 2748 { 2749 Rt_map *lmp; 2750 2751 /* 2752 * Copy relocations should start their search after the head of the 2753 * main link-map control list. 2754 */ 2755 if ((off == ALIST_OFF_DATA) && (slp->sl_flags & LKUP_COPY) && ilmp) 2756 lmp = (Rt_map *)NEXT(ilmp); 2757 else 2758 lmp = ilmp; 2759 2760 for (; lmp; lmp = (Rt_map *)NEXT(lmp)) { 2761 if (callable(slp->sl_cmap, lmp, 0, slp->sl_flags)) { 2762 Sym *sym; 2763 2764 slp->sl_imap = lmp; 2765 if (((sym = SYMINTP(lmp)(slp, dlmp, binfo, 2766 in_nfavl)) != NULL) || (*binfo & BINFO_REJSINGLE)) 2767 return (sym); 2768 } 2769 } 2770 return (0); 2771 } 2772 2773 static Sym * 2774 _lazy_find_sym(Rt_map *ilmp, Slookup *slp, Rt_map **dlmp, uint_t *binfo, 2775 int *in_nfavl) 2776 { 2777 Rt_map *lmp; 2778 2779 for (lmp = ilmp; lmp; lmp = (Rt_map *)NEXT(lmp)) { 2780 if (LAZY(lmp) == 0) 2781 continue; 2782 if (callable(slp->sl_cmap, lmp, 0, slp->sl_flags)) { 2783 Sym *sym; 2784 2785 slp->sl_imap = lmp; 2786 if ((sym = elf_lazy_find_sym(slp, dlmp, binfo, 2787 in_nfavl)) != 0) 2788 return (sym); 2789 } 2790 } 2791 return (0); 2792 } 2793 2794 static Sym * 2795 _lookup_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 2796 { 2797 const char *name = slp->sl_name; 2798 Rt_map *clmp = slp->sl_cmap; 2799 Lm_list *lml = LIST(clmp); 2800 Rt_map *ilmp = slp->sl_imap, *lmp; 2801 ulong_t rsymndx; 2802 Sym *sym; 2803 Syminfo *sip; 2804 Slookup sl; 2805 2806 /* 2807 * Search the initial link map for the required symbol (this category is 2808 * selected by dlsym(), where individual link maps are searched for a 2809 * required symbol. Therefore, we know we have permission to look at 2810 * the link map). 2811 */ 2812 if (slp->sl_flags & LKUP_FIRST) 2813 return (SYMINTP(ilmp)(slp, dlmp, binfo, in_nfavl)); 2814 2815 /* 2816 * Determine whether this lookup can be satisfied by an objects direct, 2817 * or lazy binding information. This is triggered by a relocation from 2818 * the object (hence rsymndx is set). 2819 */ 2820 if (((rsymndx = slp->sl_rsymndx) != 0) && 2821 ((sip = SYMINFO(clmp)) != NULL)) { 2822 uint_t bound; 2823 2824 /* 2825 * Find the corresponding Syminfo entry for the original 2826 * referencing symbol. 2827 */ 2828 /* LINTED */ 2829 sip = (Syminfo *)((char *)sip + (rsymndx * SYMINENT(clmp))); 2830 bound = sip->si_boundto; 2831 2832 /* 2833 * Identify any EXTERN or PARENT references for ldd(1). 2834 */ 2835 if ((lml->lm_flags & LML_FLG_TRC_WARN) && 2836 (bound > SYMINFO_BT_LOWRESERVE)) { 2837 if (bound == SYMINFO_BT_PARENT) 2838 *binfo |= DBG_BINFO_REF_PARENT; 2839 if (bound == SYMINFO_BT_EXTERN) 2840 *binfo |= DBG_BINFO_REF_EXTERN; 2841 } 2842 2843 /* 2844 * If the symbol information indicates a direct binding, 2845 * determine the link map that is required to satisfy the 2846 * binding. Note, if the dependency can not be found, but a 2847 * direct binding isn't required, we will still fall through 2848 * to perform any default symbol search. 2849 */ 2850 if (sip->si_flags & SYMINFO_FLG_DIRECT) { 2851 2852 lmp = 0; 2853 if (bound < SYMINFO_BT_LOWRESERVE) 2854 lmp = elf_lazy_load(clmp, slp, bound, 2855 name, in_nfavl); 2856 2857 /* 2858 * If direct bindings have been disabled, and this isn't 2859 * a translator, skip any direct binding now that we've 2860 * ensured the resolving object has been loaded. 2861 * 2862 * If we need to direct bind to anything, we look in 2863 * ourselves, our parent, or in the link map we've just 2864 * loaded. Otherwise, even though we may have lazily 2865 * loaded an object we still continue to search for 2866 * symbols from the head of the link map list. 2867 */ 2868 if (((FLAGS(clmp) & FLG_RT_TRANS) || 2869 (((lml->lm_tflags & LML_TFLG_NODIRECT) == 0) && 2870 ((slp->sl_flags & LKUP_SINGLETON) == 0))) && 2871 ((FLAGS1(clmp) & FL1_RT_DIRECT) || 2872 (sip->si_flags & SYMINFO_FLG_DIRECTBIND))) { 2873 sym = lookup_sym_direct(slp, dlmp, binfo, 2874 sip, lmp, in_nfavl); 2875 2876 /* 2877 * Determine whether this direct binding has 2878 * been rejected. If we've bound to a singleton 2879 * without following a singleton search, then 2880 * return. The caller detects this condition 2881 * and will trigger a new singleton search. 2882 * 2883 * For any other rejection (such as binding to 2884 * a symbol labeled as nodirect - presumably 2885 * because the symbol definition has been 2886 * changed since the referring object was last 2887 * built), fall through to a standard symbol 2888 * search. 2889 */ 2890 if (((*binfo & BINFO_REJECTED) == 0) || 2891 (*binfo & BINFO_REJSINGLE)) 2892 return (sym); 2893 2894 *binfo &= ~BINFO_REJECTED; 2895 } 2896 } 2897 } 2898 2899 /* 2900 * Duplicate the lookup information, as we'll need to modify this 2901 * information for some of the following searches. 2902 */ 2903 sl = *slp; 2904 2905 /* 2906 * If the referencing object has the DF_SYMBOLIC flag set, look in the 2907 * referencing object for the symbol first. Failing that, fall back to 2908 * our generic search. 2909 */ 2910 if ((FLAGS1(clmp) & FL1_RT_SYMBOLIC) && 2911 ((sl.sl_flags & LKUP_SINGLETON) == 0)) { 2912 sl.sl_imap = clmp; 2913 if (sym = SYMINTP(clmp)(&sl, dlmp, binfo, in_nfavl)) { 2914 ulong_t dsymndx = (((ulong_t)sym - 2915 (ulong_t)SYMTAB(*dlmp)) / SYMENT(*dlmp)); 2916 2917 /* 2918 * Make sure this symbol hasn't explicitly been defined 2919 * as nodirect. 2920 */ 2921 if (((sip = SYMINFO(*dlmp)) == 0) || 2922 /* LINTED */ 2923 ((sip = (Syminfo *)((char *)sip + 2924 (dsymndx * SYMINENT(*dlmp)))) == 0) || 2925 ((sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) == 0)) 2926 return (sym); 2927 } 2928 } 2929 2930 sl.sl_flags |= LKUP_STANDARD; 2931 2932 /* 2933 * If this lookup originates from a standard relocation, then traverse 2934 * all link-map control lists, inspecting any object that is available 2935 * to this caller. Otherwise, traverse the link-map control list 2936 * associated with the caller. 2937 */ 2938 if (sl.sl_flags & LKUP_STDRELOC) { 2939 Aliste off; 2940 Lm_cntl *lmc; 2941 2942 sym = NULL; 2943 2944 for (ALIST_TRAVERSE_BY_OFFSET(lml->lm_lists, off, lmc)) { 2945 if (((sym = core_lookup_sym(lmc->lc_head, &sl, dlmp, 2946 binfo, off, in_nfavl)) != NULL) || 2947 (*binfo & BINFO_REJSINGLE)) 2948 break; 2949 } 2950 } else 2951 sym = core_lookup_sym(ilmp, &sl, dlmp, binfo, ALIST_OFF_DATA, 2952 in_nfavl); 2953 2954 /* 2955 * If a symbol binding was rejected, because a binding occurred to a 2956 * singleton without following the default symbol search, return so 2957 * that the search can be repreated. 2958 */ 2959 if (*binfo & BINFO_REJSINGLE) 2960 return (sym); 2961 2962 /* 2963 * To allow transitioning into a world of lazy loading dependencies see 2964 * if this link map contains objects that have lazy dependencies still 2965 * outstanding. If so, and we haven't been able to locate a non-weak 2966 * symbol reference, start bringing in any lazy dependencies to see if 2967 * the reference can be satisfied. Use of dlsym(RTLD_PROBE) sets the 2968 * LKUP_NOFALLBACK flag, and this flag disables this fall back. 2969 */ 2970 if ((sym == NULL) && ((sl.sl_flags & LKUP_NOFALLBACK) == 0)) { 2971 if ((lmp = ilmp) == 0) 2972 lmp = LIST(clmp)->lm_head; 2973 2974 lml = LIST(lmp); 2975 if ((sl.sl_flags & LKUP_WEAK) || (lml->lm_lazy == 0)) 2976 return ((Sym *)0); 2977 2978 DBG_CALL(Dbg_syms_lazy_rescan(lml, name)); 2979 2980 /* 2981 * If this request originated from a dlsym(RTLD_NEXT) then start 2982 * looking for dependencies from the caller, otherwise use the 2983 * initial link-map. 2984 */ 2985 if (sl.sl_flags & LKUP_NEXT) 2986 sym = _lazy_find_sym(clmp, &sl, dlmp, binfo, in_nfavl); 2987 else { 2988 Aliste idx; 2989 Lm_cntl *lmc; 2990 2991 for (ALIST_TRAVERSE(lml->lm_lists, idx, lmc)) { 2992 sl.sl_flags |= LKUP_NOFALLBACK; 2993 if ((sym = _lazy_find_sym(lmc->lc_head, &sl, 2994 dlmp, binfo, in_nfavl)) != 0) 2995 break; 2996 } 2997 } 2998 } 2999 return (sym); 3000 } 3001 3002 /* 3003 * Symbol lookup routine. Takes an ELF symbol name, and a list of link maps to 3004 * search. If successful, return a pointer to the symbol table entry, a 3005 * pointer to the link map of the enclosing object, and information relating 3006 * to the type of binding. Else return a null pointer. 3007 * 3008 * To improve elf performance, we first compute the elf hash value and pass 3009 * it to each find_sym() routine. The elf function will use this value to 3010 * locate the symbol, the a.out function will simply ignore it. 3011 */ 3012 Sym * 3013 lookup_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 3014 { 3015 Rt_map *clmp = slp->sl_cmap; 3016 Sym *rsym = slp->sl_rsym, *sym = 0; 3017 uchar_t rtype = slp->sl_rtype; 3018 3019 if (slp->sl_hash == 0) 3020 slp->sl_hash = elf_hash(slp->sl_name); 3021 *binfo = 0; 3022 3023 /* 3024 * Establish any state that might be associated with a symbol reference. 3025 */ 3026 if (rsym) { 3027 if ((slp->sl_flags & LKUP_STDRELOC) && 3028 (ELF_ST_BIND(rsym->st_info) == STB_WEAK)) 3029 slp->sl_flags |= LKUP_WEAK; 3030 3031 if (ELF_ST_VISIBILITY(rsym->st_other) == STV_SINGLETON) 3032 slp->sl_flags |= LKUP_SINGLETON; 3033 } 3034 3035 /* 3036 * Establish any lookup state required for this type of relocation. 3037 */ 3038 if ((slp->sl_flags & LKUP_STDRELOC) && rtype) { 3039 if (rtype == M_R_COPY) 3040 slp->sl_flags |= LKUP_COPY; 3041 3042 if (rtype != M_R_JMP_SLOT) 3043 slp->sl_flags |= LKUP_SPEC; 3044 } 3045 3046 /* 3047 * Under ldd -w, any unresolved weak references are diagnosed. Set the 3048 * symbol binding as global to trigger a relocation error if the symbol 3049 * can not be found. 3050 */ 3051 if (rsym) { 3052 if (LIST(slp->sl_cmap)->lm_flags & LML_FLG_TRC_NOUNRESWEAK) 3053 slp->sl_bind = STB_GLOBAL; 3054 else if ((slp->sl_bind = ELF_ST_BIND(rsym->st_info)) == 3055 STB_WEAK) 3056 slp->sl_flags |= LKUP_WEAK; 3057 } 3058 3059 /* 3060 * Carry out an initial symbol search. This search takes into account 3061 * all the modes of the requested search. 3062 */ 3063 if (((sym = _lookup_sym(slp, dlmp, binfo, in_nfavl)) == NULL) && 3064 (*binfo & BINFO_REJSINGLE)) { 3065 Slookup sl = *slp; 3066 3067 /* 3068 * If a binding has been rejected because of binding to a 3069 * singleton without going through a singleton search, then 3070 * reset the lookup data, and try again. 3071 */ 3072 sl.sl_imap = LIST(sl.sl_cmap)->lm_head; 3073 sl.sl_flags &= ~(LKUP_FIRST | LKUP_SELF | LKUP_NEXT); 3074 sl.sl_flags |= LKUP_SINGLETON; 3075 sl.sl_rsymndx = 0; 3076 *binfo &= ~BINFO_REJECTED; 3077 sym = _lookup_sym(&sl, dlmp, binfo, in_nfavl); 3078 } 3079 3080 /* 3081 * If the caller is restricted to a symbol search within its group, 3082 * determine if it is necessary to follow a binding from outside of 3083 * the group. 3084 */ 3085 if (sym && ((MODE(clmp) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP)) { 3086 Sym *isym; 3087 3088 if ((isym = lookup_sym_interpose(slp, dlmp, binfo, LIST(*dlmp), 3089 sym, in_nfavl)) != 0) 3090 return (isym); 3091 } 3092 return (sym); 3093 } 3094 3095 /* 3096 * Associate a binding descriptor with a caller and its dependency, or update 3097 * an existing descriptor. 3098 */ 3099 int 3100 bind_one(Rt_map *clmp, Rt_map *dlmp, uint_t flags) 3101 { 3102 Bnd_desc *bdp; 3103 Aliste idx; 3104 int found = ALE_CREATE; 3105 3106 /* 3107 * Determine whether a binding descriptor already exists between the 3108 * two objects. 3109 */ 3110 for (APLIST_TRAVERSE(DEPENDS(clmp), idx, bdp)) { 3111 if (bdp->b_depend == dlmp) { 3112 found = ALE_EXISTS; 3113 break; 3114 } 3115 } 3116 3117 if (found == ALE_CREATE) { 3118 /* 3119 * Create a new binding descriptor. 3120 */ 3121 if ((bdp = malloc(sizeof (Bnd_desc))) == 0) 3122 return (0); 3123 3124 bdp->b_caller = clmp; 3125 bdp->b_depend = dlmp; 3126 bdp->b_flags = 0; 3127 3128 /* 3129 * Append the binding descriptor to the caller and the 3130 * dependency. 3131 */ 3132 if (aplist_append(&DEPENDS(clmp), bdp, AL_CNT_DEPENDS) == 0) 3133 return (0); 3134 3135 if (aplist_append(&CALLERS(dlmp), bdp, AL_CNT_CALLERS) == 0) 3136 return (0); 3137 } 3138 3139 if ((found == ALE_CREATE) || ((bdp->b_flags & flags) != flags)) { 3140 bdp->b_flags |= flags; 3141 3142 if (flags & BND_REFER) 3143 FLAGS1(dlmp) |= FL1_RT_USED; 3144 3145 DBG_CALL(Dbg_file_bind_entry(LIST(clmp), bdp)); 3146 } 3147 return (found); 3148 } 3149 3150 /* 3151 * Cleanup after relocation processing. 3152 */ 3153 int 3154 relocate_finish(Rt_map *lmp, APlist *bound, int textrel, int ret) 3155 { 3156 DBG_CALL(Dbg_reloc_run(lmp, 0, ret, DBG_REL_FINISH)); 3157 3158 /* 3159 * Establish bindings to all objects that have been bound to. 3160 */ 3161 if (bound) { 3162 Aliste idx; 3163 Rt_map *_lmp; 3164 Word used; 3165 3166 /* 3167 * Only create bindings if the callers relocation was 3168 * successful (ret != 0), otherwise the object will eventually 3169 * be torn down. Create these bindings if running under ldd(1) 3170 * with the -U/-u options regardless of relocation errors, as 3171 * the unused processing needs to traverse these bindings to 3172 * diagnose unused objects. 3173 */ 3174 used = LIST(lmp)->lm_flags & 3175 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED); 3176 3177 if (ret || used) { 3178 for (APLIST_TRAVERSE(bound, idx, _lmp)) { 3179 if (bind_one(lmp, _lmp, BND_REFER) || used) 3180 continue; 3181 3182 ret = 0; 3183 break; 3184 } 3185 } 3186 free(bound); 3187 } 3188 3189 /* 3190 * If we write enabled the text segment to perform these relocations 3191 * re-protect by disabling writes. 3192 */ 3193 if (textrel) 3194 (void) LM_SET_PROT(lmp)(lmp, 0); 3195 3196 return (ret); 3197 } 3198