1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 27 * Use is subject to license terms. 28 */ 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * Object file dependent support for ELF objects. 33 */ 34 #include "_synonyms.h" 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "msg.h" 49 50 /* 51 * Default and secure dependency search paths. 52 */ 53 static Pnode elf_dflt_dirs[] = { 54 #if defined(_ELF64) 55 #ifndef SGS_PRE_UNIFIED_PROCESS 56 { MSG_ORIG(MSG_PTH_LIB_64), 0, MSG_PTH_LIB_64_SIZE, 57 LA_SER_DEFAULT, 0, &elf_dflt_dirs[1] }, 58 #endif 59 { MSG_ORIG(MSG_PTH_USRLIB_64), 0, MSG_PTH_USRLIB_64_SIZE, 60 LA_SER_DEFAULT, 0, 0 } 61 #else 62 #ifndef SGS_PRE_UNIFIED_PROCESS 63 { MSG_ORIG(MSG_PTH_LIB), 0, MSG_PTH_LIB_SIZE, 64 LA_SER_DEFAULT, 0, &elf_dflt_dirs[1] }, 65 #endif 66 { MSG_ORIG(MSG_PTH_USRLIB), 0, MSG_PTH_USRLIB_SIZE, 67 LA_SER_DEFAULT, 0, 0 } 68 #endif 69 }; 70 71 static Pnode elf_secure_dirs[] = { 72 #if defined(_ELF64) 73 #ifndef SGS_PRE_UNIFIED_PROCESS 74 { MSG_ORIG(MSG_PTH_LIBSE_64), 0, MSG_PTH_LIBSE_64_SIZE, 75 LA_SER_SECURE, 0, &elf_secure_dirs[1] }, 76 #endif 77 { MSG_ORIG(MSG_PTH_USRLIBSE_64), 0, 78 MSG_PTH_USRLIBSE_64_SIZE, 79 LA_SER_SECURE, 0, 0 } 80 #else 81 #ifndef SGS_PRE_UNIFIED_PROCESS 82 { MSG_ORIG(MSG_PTH_LIBSE), 0, MSG_PTH_LIBSE_SIZE, 83 LA_SER_SECURE, 0, &elf_secure_dirs[1] }, 84 #endif 85 { MSG_ORIG(MSG_PTH_USRLIBSE), 0, MSG_PTH_USRLIBSE_SIZE, 86 LA_SER_SECURE, 0, 0 } 87 #endif 88 }; 89 90 /* 91 * Defines for local functions. 92 */ 93 static Pnode *elf_fix_name(const char *, Rt_map *, uint_t); 94 static int elf_are_u(Rej_desc *); 95 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 96 static ulong_t elf_entry_pt(void); 97 static char *elf_get_so(const char *, const char *); 98 static Rt_map *elf_map_so(Lm_list *, Aliste, const char *, const char *, int); 99 static int elf_needed(Lm_list *, Aliste, Rt_map *); 100 static void elf_unmap_so(Rt_map *); 101 static int elf_verify_vers(const char *, Rt_map *, Rt_map *); 102 103 /* 104 * Functions and data accessed through indirect pointers. 105 */ 106 Fct elf_fct = { 107 elf_are_u, 108 elf_entry_pt, 109 elf_map_so, 110 elf_unmap_so, 111 elf_needed, 112 lookup_sym, 113 elf_reloc, 114 elf_dflt_dirs, 115 elf_secure_dirs, 116 elf_fix_name, 117 elf_get_so, 118 elf_dladdr, 119 dlsym_handle, 120 elf_verify_vers, 121 elf_set_prot 122 }; 123 124 125 /* 126 * Redefine NEEDED name if necessary. 127 */ 128 static Pnode * 129 elf_fix_name(const char *name, Rt_map *clmp, uint_t orig) 130 { 131 /* 132 * For ABI compliance, if we are asked for ld.so.1, then really give 133 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 134 */ 135 if (((*name == '/') && 136 /* BEGIN CSTYLED */ 137 #if defined(_ELF64) 138 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 139 #else 140 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 141 #endif 142 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 143 /* END CSTYLED */ 144 Pnode *pnp; 145 146 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 147 MSG_ORIG(MSG_PTH_LIBSYS))); 148 if (((pnp = calloc(sizeof (Pnode), 1)) == 0) || 149 ((pnp->p_name = strdup(MSG_ORIG(MSG_PTH_LIBSYS))) == 0)) { 150 if (pnp) 151 free(pnp); 152 return (0); 153 } 154 pnp->p_len = MSG_PTH_LIBSYS_SIZE; 155 pnp->p_orig = (orig & PN_SER_MASK); 156 return (pnp); 157 } 158 159 return (expand_paths(clmp, name, orig, 0)); 160 } 161 162 /* 163 * Determine if we have been given an ELF file and if so determine if the file 164 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 165 * with associated error information. 166 */ 167 static int 168 elf_are_u(Rej_desc *rej) 169 { 170 Ehdr *ehdr; 171 172 /* 173 * Determine if we're an elf file. If not simply return, we don't set 174 * any rejection information as this test allows use to scroll through 175 * the objects we support (ELF, AOUT). 176 */ 177 if (fmap->fm_fsize < sizeof (Ehdr) || 178 fmap->fm_maddr[EI_MAG0] != ELFMAG0 || 179 fmap->fm_maddr[EI_MAG1] != ELFMAG1 || 180 fmap->fm_maddr[EI_MAG2] != ELFMAG2 || 181 fmap->fm_maddr[EI_MAG3] != ELFMAG3) { 182 return (0); 183 } 184 185 /* 186 * Check class and encoding. 187 */ 188 /* LINTED */ 189 ehdr = (Ehdr *)fmap->fm_maddr; 190 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 191 rej->rej_type = SGS_REJ_CLASS; 192 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 193 return (0); 194 } 195 if (ehdr->e_ident[EI_DATA] != M_DATA) { 196 rej->rej_type = SGS_REJ_DATA; 197 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 198 return (0); 199 } 200 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 201 (ehdr->e_type != ET_DYN)) { 202 rej->rej_type = SGS_REJ_TYPE; 203 rej->rej_info = (uint_t)ehdr->e_type; 204 return (0); 205 } 206 207 /* 208 * Verify machine specific flags, and hardware capability requirements. 209 */ 210 if ((elf_mach_flags_check(rej, ehdr) == 0) || 211 ((rtld_flags2 & RT_FL2_HWCAP) && (hwcap_check(rej, ehdr) == 0))) 212 return (0); 213 214 /* 215 * Verify ELF version. ??? is this too restrictive ??? 216 */ 217 if (ehdr->e_version > EV_CURRENT) { 218 rej->rej_type = SGS_REJ_VERSION; 219 rej->rej_info = (uint_t)ehdr->e_version; 220 return (0); 221 } 222 return (1); 223 } 224 225 /* 226 * The runtime linker employs lazy loading to provide the libraries needed for 227 * debugging, preloading .o's and dldump(). As these are seldom used, the 228 * standard startup of ld.so.1 doesn't initialize all the information necessary 229 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 230 * is called we get here to perform these initializations: 231 * 232 * o elf_needed() is called to set up the DYNINFO() indexes for each lazy 233 * dependency. Typically, for all other objects, this is called during 234 * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 235 * 236 * o For intel, ld.so.1's JMPSLOT relocations need relative updates. These 237 * are by default skipped thus delaying all relative relocation processing 238 * on every invocation of ld.so.1. 239 */ 240 int 241 elf_rtld_load() 242 { 243 Lm_list *lml = &lml_rtld; 244 Rt_map *lmp = lml->lm_head; 245 246 if (lml->lm_flags & LML_FLG_PLTREL) 247 return (1); 248 249 /* 250 * As we need to refer to the DYNINFO() information, insure that it has 251 * been initialized. 252 */ 253 if (elf_needed(lml, ALIST_OFF_DATA, lmp) == 0) 254 return (0); 255 256 #if defined(__i386) 257 /* 258 * This is a kludge to give ld.so.1 a performance benefit on i386. 259 * It's based around two factors. 260 * 261 * o JMPSLOT relocations (PLT's) actually need a relative relocation 262 * applied to the GOT entry so that they can find PLT0. 263 * 264 * o ld.so.1 does not exercise *any* PLT's before it has made a call 265 * to elf_lazy_load(). This is because all dynamic dependencies 266 * are recorded as lazy dependencies. 267 */ 268 (void) elf_reloc_relacount((ulong_t)JMPREL(lmp), 269 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 270 (ulong_t)ADDR(lmp)); 271 #endif 272 273 lml->lm_flags |= LML_FLG_PLTREL; 274 return (1); 275 } 276 277 /* 278 * Lazy load an object. 279 */ 280 Rt_map * 281 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym) 282 { 283 Rt_map *nlmp, *hlmp; 284 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 285 uint_t flags = 0; 286 Pnode *pnp; 287 const char *name; 288 Lm_list *lml = LIST(clmp); 289 Lm_cntl *lmc; 290 Aliste lmco; 291 292 /* 293 * If this dependency has already been processed, we're done. 294 */ 295 if (((nlmp = (Rt_map *)dip->di_info) != 0) || 296 (dip->di_flags & FLG_DI_LDD_DONE)) 297 return (nlmp); 298 299 /* 300 * If we're running under ldd(1), indicate that this dependency has been 301 * processed (see test above). It doesn't matter whether the object is 302 * successfully loaded or not, this flag simply ensures that we don't 303 * repeatedly attempt to load an object that has already failed to load. 304 * To do so would create multiple failure diagnostics for the same 305 * object under ldd(1). 306 */ 307 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 308 dip->di_flags |= FLG_DI_LDD_DONE; 309 310 /* 311 * Determine the initial dependency name. 312 */ 313 name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; 314 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 315 316 /* 317 * If this object needs to establish its own group, make sure a handle 318 * is created. 319 */ 320 if (dip->di_flags & FLG_DI_GROUP) 321 flags |= (FLG_RT_SETGROUP | FLG_RT_HANDLE); 322 323 /* 324 * Lazy dependencies are identified as DT_NEEDED entries with a 325 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 326 * dynamic information element that corresponds to the DT_POSFLAG_1 327 * entry is free, and thus used to store the present entrance 328 * identifier. This identifier is used to prevent multiple attempts to 329 * load a failed lazy loadable dependency within the same runtime linker 330 * operation. However, future attempts to reload this dependency are 331 * still possible. 332 */ 333 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 334 pdip->di_info = (void *)slp->sl_id; 335 336 /* 337 * Expand the requested name if necessary. 338 */ 339 if ((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0) 340 return (0); 341 342 /* 343 * Provided the object on the head of the link-map has completed its 344 * relocation, create a new link-map control list for this request. 345 */ 346 hlmp = lml->lm_head; 347 if (FLAGS(hlmp) & FLG_RT_RELOCED) { 348 if ((lmc = alist_append(&lml->lm_lists, 0, sizeof (Lm_cntl), 349 AL_CNT_LMLISTS)) == 0) { 350 remove_pnode(pnp); 351 return (0); 352 } 353 lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists); 354 } else { 355 lmc = 0; 356 lmco = ALIST_OFF_DATA; 357 } 358 359 /* 360 * Load the associated object. 361 */ 362 dip->di_info = nlmp = 363 load_one(lml, lmco, pnp, clmp, MODE(clmp), flags, 0); 364 365 /* 366 * Remove any expanded pathname infrastructure. Reduce the pending lazy 367 * dependency count of the caller, together with the link-map lists 368 * count of objects that still have lazy dependencies pending. 369 */ 370 remove_pnode(pnp); 371 if (--LAZY(clmp) == 0) 372 LIST(clmp)->lm_lazy--; 373 374 /* 375 * Finish processing the objects associated with this request, and 376 * create an association between the caller and this dependency. 377 */ 378 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 379 (analyze_lmc(lml, lmco, nlmp) == 0) || 380 (relocate_lmc(lml, lmco, clmp, nlmp) == 0))) 381 dip->di_info = nlmp = 0; 382 383 /* 384 * If this lazyload has failed, and we've created a new link-map 385 * control list to which this request has added objects, then remove 386 * all the objects that have been associated to this request. 387 */ 388 if ((nlmp == 0) && lmc && lmc->lc_head) 389 remove_lmc(lml, clmp, lmc, lmco, name); 390 391 /* 392 * Finally, remove any link-map control list that was created. 393 */ 394 if (lmc) 395 remove_cntl(lml, lmco); 396 397 /* 398 * If this lazy loading failed, record the fact, and bump the lazy 399 * counts. 400 */ 401 if (nlmp == 0) { 402 dip->di_flags |= FLG_DI_LAZYFAIL; 403 if (LAZY(clmp)++ == 0) 404 LIST(clmp)->lm_lazy++; 405 } 406 407 return (nlmp); 408 } 409 410 /* 411 * Return the entry point of the ELF executable. 412 */ 413 static ulong_t 414 elf_entry_pt(void) 415 { 416 return (ENTRY(lml_main.lm_head)); 417 } 418 419 /* 420 * Unmap a given ELF shared object from the address space. 421 */ 422 static void 423 elf_unmap_so(Rt_map *lmp) 424 { 425 caddr_t addr; 426 size_t size; 427 Mmap *mmaps; 428 429 /* 430 * If this link map represents a relocatable object concatenation, then 431 * the image was simply generated in allocated memory. Free the memory. 432 * 433 * Note: the memory was originally allocated in the libelf:_elf_outmap 434 * routine and would normally have been free'd in elf_outsync(), but 435 * because we 'interpose' on that routine the memory wasn't free'd at 436 * that time. 437 */ 438 if (FLAGS(lmp) & FLG_RT_IMGALLOC) { 439 free((void *)ADDR(lmp)); 440 return; 441 } 442 443 /* 444 * If padding was enabled via rtld_db, then we have at least one page 445 * in front of the image - and possibly a trailing page. 446 * Unmap the front page first: 447 */ 448 if (PADSTART(lmp) != ADDR(lmp)) { 449 addr = (caddr_t)M_PTRUNC(PADSTART(lmp)); 450 size = ADDR(lmp) - (ulong_t)addr; 451 (void) munmap(addr, size); 452 } 453 454 /* 455 * Unmap any trailing padding. 456 */ 457 if (M_PROUND((PADSTART(lmp) + PADIMLEN(lmp))) > 458 M_PROUND(ADDR(lmp) + MSIZE(lmp))) { 459 addr = (caddr_t)M_PROUND(ADDR(lmp) + MSIZE(lmp)); 460 size = M_PROUND(PADSTART(lmp) + PADIMLEN(lmp)) - (ulong_t)addr; 461 (void) munmap(addr, size); 462 } 463 464 /* 465 * Unmmap all mapped segments. 466 */ 467 for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) 468 (void) munmap(mmaps->m_vaddr, mmaps->m_msize); 469 } 470 471 /* 472 * Determine if a dependency requires a particular version and if so verify 473 * that the version exists in the dependency. 474 */ 475 static int 476 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 477 { 478 Verneed *vnd = VERNEED(clmp); 479 int _num, num = VERNEEDNUM(clmp); 480 char *cstrs = (char *)STRTAB(clmp); 481 Lm_list *lml = LIST(clmp); 482 483 /* 484 * Traverse the callers version needed information and determine if any 485 * specific versions are required from the dependency. 486 */ 487 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 488 for (_num = 1; _num <= num; _num++, 489 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 490 Half cnt = vnd->vn_cnt; 491 Vernaux *vnap; 492 char *nstrs, *need; 493 494 /* 495 * Determine if a needed entry matches this dependency. 496 */ 497 need = (char *)(cstrs + vnd->vn_file); 498 if (strcmp(name, need) != 0) 499 continue; 500 501 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 502 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 503 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 504 505 /* 506 * Validate that each version required actually exists in the 507 * dependency. 508 */ 509 nstrs = (char *)STRTAB(nlmp); 510 511 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 512 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 513 char *version, *define; 514 Verdef *vdf = VERDEF(nlmp); 515 ulong_t _num, num = VERDEFNUM(nlmp); 516 int found = 0; 517 518 version = (char *)(cstrs + vnap->vna_name); 519 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 520 521 for (_num = 1; _num <= num; _num++, 522 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 523 Verdaux *vdap; 524 525 if (vnap->vna_hash != vdf->vd_hash) 526 continue; 527 528 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 529 define = (char *)(nstrs + vdap->vda_name); 530 if (strcmp(version, define) != 0) 531 continue; 532 533 found++; 534 break; 535 } 536 537 /* 538 * If we're being traced print out any matched version 539 * when the verbose (-v) option is in effect. Always 540 * print any unmatched versions. 541 */ 542 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 543 /* BEGIN CSTYLED */ 544 if (found) { 545 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 546 continue; 547 548 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 549 need, version, NAME(nlmp)); 550 } else { 551 if (rtld_flags & RT_FL_SILENCERR) 552 continue; 553 554 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 555 need, version); 556 } 557 /* END CSTYLED */ 558 continue; 559 } 560 561 /* 562 * If the version hasn't been found then this is a 563 * candidate for a fatal error condition. Weak 564 * version definition requirements are silently 565 * ignored. Also, if the image inspected for a version 566 * definition has no versioning recorded at all then 567 * silently ignore this (this provides better backward 568 * compatibility to old images created prior to 569 * versioning being available). Both of these skipped 570 * diagnostics are available under tracing (see above). 571 */ 572 if ((found == 0) && (num != 0) && 573 (!(vnap->vna_flags & VER_FLG_WEAK))) { 574 eprintf(lml, ERR_FATAL, 575 MSG_INTL(MSG_VER_NFOUND), need, version, 576 NAME(clmp)); 577 return (0); 578 } 579 } 580 } 581 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD)); 582 return (1); 583 } 584 585 /* 586 * Search through the dynamic section for DT_NEEDED entries and perform one 587 * of two functions. If only the first argument is specified then load the 588 * defined shared object, otherwise add the link map representing the defined 589 * link map the the dlopen list. 590 */ 591 static int 592 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp) 593 { 594 Dyn *dyn, *pdyn; 595 ulong_t ndx = 0; 596 uint_t lazy, flags; 597 Word lmflags = lml->lm_flags; 598 Word lmtflags = lml->lm_tflags; 599 600 /* 601 * Process each shared object on needed list. 602 */ 603 if (DYN(clmp) == 0) 604 return (1); 605 606 for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL; 607 pdyn = dyn++, ndx++) { 608 Dyninfo *dip = &DYNINFO(clmp)[ndx]; 609 Rt_map *nlmp = 0; 610 char *name; 611 int silent = 0; 612 Pnode *pnp; 613 614 switch (dyn->d_tag) { 615 case DT_POSFLAG_1: 616 dip->di_flags |= FLG_DI_POSFLAG1; 617 continue; 618 case DT_NEEDED: 619 case DT_USED: 620 lazy = flags = 0; 621 dip->di_flags |= FLG_DI_NEEDED; 622 623 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 624 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 625 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) { 626 dip->di_flags |= FLG_DI_LAZY; 627 lazy = 1; 628 } 629 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) { 630 dip->di_flags |= FLG_DI_GROUP; 631 flags = 632 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 633 } 634 } 635 636 name = (char *)STRTAB(clmp) + dyn->d_un.d_val; 637 638 /* 639 * NOTE, libc.so.1 can't be lazy loaded. Although a 640 * lazy position flag won't be produced when a RTLDINFO 641 * .dynamic entry is found (introduced with the UPM in 642 * Solaris 10), it was possible to mark libc for lazy 643 * loading on previous releases. To reduce the overhead 644 * of testing for this occurrence, only carry out this 645 * check for the first object on the link-map list 646 * (there aren't many applications built without libc). 647 */ 648 if (lazy && (lml->lm_head == clmp) && 649 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 650 lazy = 0; 651 652 /* 653 * Don't bring in lazy loaded objects yet unless we've 654 * been asked to attempt to load all available objects 655 * (crle(1) sets LD_FLAGS=loadavail). Even under 656 * RTLD_NOW we don't process this - RTLD_NOW will cause 657 * relocation processing which in turn might trigger 658 * lazy loading, but its possible that the object has a 659 * lazy loaded file with no bindings (i.e., it should 660 * never have been a dependency in the first place). 661 */ 662 if (lazy) { 663 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 664 LAZY(clmp)++; 665 lazy = flags = 0; 666 continue; 667 } 668 669 /* 670 * Silence any error messages - see description 671 * under elf_lookup_filtee(). 672 */ 673 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 674 rtld_flags |= RT_FL_SILENCERR; 675 silent = 1; 676 } 677 } 678 break; 679 case DT_AUXILIARY: 680 dip->di_flags |= FLG_DI_AUXFLTR; 681 continue; 682 case DT_SUNW_AUXILIARY: 683 dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 684 continue; 685 case DT_FILTER: 686 dip->di_flags |= FLG_DI_STDFLTR; 687 continue; 688 case DT_SUNW_FILTER: 689 dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 690 continue; 691 default: 692 continue; 693 } 694 695 DBG_CALL(Dbg_file_needed(clmp, name)); 696 697 /* 698 * If we're running under ldd(1), indicate that this dependency 699 * has been processed. It doesn't matter whether the object is 700 * successfully loaded or not, this flag simply ensures that we 701 * don't repeatedly attempt to load an object that has already 702 * failed to load. To do so would create multiple failure 703 * diagnostics for the same object under ldd(1). 704 */ 705 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 706 dip->di_flags |= FLG_DI_LDD_DONE; 707 708 /* 709 * Establish the objects name, load it and establish a binding 710 * with the caller. 711 */ 712 if (((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0) || 713 ((nlmp = load_one(lml, lmco, pnp, clmp, MODE(clmp), 714 flags, 0)) == 0) || (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 715 nlmp = 0; 716 717 /* 718 * Clean up any infrastructure, including the removal of the 719 * error suppression state, if it had been previously set in 720 * this routine. 721 */ 722 if (pnp) 723 remove_pnode(pnp); 724 if (silent) 725 rtld_flags &= ~RT_FL_SILENCERR; 726 727 if ((dip->di_info = (void *)nlmp) == 0) { 728 /* 729 * If the object could not be mapped, continue if error 730 * suppression is established or we're here with ldd(1). 731 */ 732 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 733 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 734 continue; 735 else 736 return (0); 737 } 738 } 739 740 if (LAZY(clmp)) 741 lml->lm_lazy++; 742 743 return (1); 744 } 745 746 static int 747 elf_map_check(Lm_list *lml, const char *name, caddr_t vaddr, Off size) 748 { 749 prmap_t *maps, *_maps; 750 int pfd, num, _num; 751 caddr_t eaddr = vaddr + size; 752 int err; 753 754 /* 755 * If memory reservations have been established for alternative objects 756 * determine if this object falls within the reservation, if it does no 757 * further checking is required. 758 */ 759 if (rtld_flags & RT_FL_MEMRESV) { 760 Rtc_head *head = (Rtc_head *)config->c_bgn; 761 762 if ((vaddr >= (caddr_t)(uintptr_t)head->ch_resbgn) && 763 (eaddr <= (caddr_t)(uintptr_t)head->ch_resend)) 764 return (0); 765 } 766 767 /* 768 * Determine the mappings presently in use by this process. 769 */ 770 if ((pfd = pr_open(lml)) == FD_UNAVAIL) 771 return (1); 772 773 if (ioctl(pfd, PIOCNMAP, (void *)&num) == -1) { 774 err = errno; 775 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_PROC), name, 776 strerror(err)); 777 return (1); 778 } 779 780 if ((maps = malloc((num + 1) * sizeof (prmap_t))) == 0) 781 return (1); 782 783 if (ioctl(pfd, PIOCMAP, (void *)maps) == -1) { 784 err = errno; 785 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_PROC), name, 786 strerror(err)); 787 free(maps); 788 return (1); 789 } 790 791 /* 792 * Determine if the supplied address clashes with any of the present 793 * process mappings. 794 */ 795 for (_num = 0, _maps = maps; _num < num; _num++, _maps++) { 796 caddr_t _eaddr = _maps->pr_vaddr + _maps->pr_size; 797 Rt_map *lmp; 798 const char *str; 799 800 if ((eaddr < _maps->pr_vaddr) || (vaddr >= _eaddr)) 801 continue; 802 803 /* 804 * We have a memory clash. See if one of the known dynamic 805 * dependency mappings represents this space so as to provide 806 * the user a more meaningful message. 807 */ 808 if ((lmp = _caller(vaddr, 0)) != 0) 809 str = NAME(lmp); 810 else 811 str = MSG_INTL(MSG_STR_UNKNOWN); 812 813 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_MAPINUSE), name, 814 EC_NATPTR(vaddr), EC_OFF(size), str); 815 return (1); 816 } 817 free(maps); 818 return (0); 819 } 820 821 /* 822 * Obtain a memory reservation. On newer systems, both MAP_ANON and MAP_ALIGN 823 * are used to obtained an aligned reservation from anonymous memory. If 824 * MAP_ANON isn't available, then MAP_ALIGN isn't either, so obtain a standard 825 * reservation using the file as backing. 826 */ 827 static Am_ret 828 elf_map_reserve(Lm_list *lml, const char *name, caddr_t *maddr, Off msize, 829 int mperm, int fd, Xword align) 830 { 831 Am_ret amret; 832 int mflag = MAP_PRIVATE | MAP_NORESERVE; 833 834 #if defined(MAP_ALIGN) 835 if ((rtld_flags2 & RT_FL2_NOMALIGN) == 0) { 836 mflag |= MAP_ALIGN; 837 *maddr = (caddr_t)align; 838 } 839 #endif 840 if ((amret = anon_map(lml, maddr, msize, PROT_NONE, mflag)) == AM_ERROR) 841 return (amret); 842 843 if (amret == AM_OK) 844 return (AM_OK); 845 846 /* 847 * If an anonymous memory request failed (which should only be the 848 * case if it is unsupported on the system we're running on), establish 849 * the initial mapping directly from the file. 850 */ 851 *maddr = 0; 852 if ((*maddr = mmap(*maddr, msize, mperm, MAP_PRIVATE, 853 fd, 0)) == MAP_FAILED) { 854 int err = errno; 855 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), name, 856 strerror(err)); 857 return (AM_ERROR); 858 } 859 return (AM_NOSUP); 860 } 861 862 static void * 863 elf_map_textdata(caddr_t addr, Off flen, int mperm, int phdr_mperm, int mflag, 864 int fd, Off foff) 865 { 866 #if defined(MAP_TEXT) && defined(MAP_INITDATA) 867 static int notd = 0; 868 869 /* 870 * If MAP_TEXT and MAP_INITDATA are available, select the appropriate 871 * flag. 872 */ 873 if (notd == 0) { 874 if ((phdr_mperm & (PROT_WRITE | PROT_EXEC)) == PROT_EXEC) 875 mflag |= MAP_TEXT; 876 else 877 mflag |= MAP_INITDATA; 878 } 879 #endif 880 if (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff) != MAP_FAILED) 881 return (0); 882 883 #if defined(MAP_TEXT) && defined(MAP_INITDATA) 884 if ((notd == 0) && (errno == EINVAL)) { 885 /* 886 * MAP_TEXT and MAP_INITDATA may not be supported on this 887 * platform, try again without. 888 */ 889 notd = 1; 890 mflag &= ~(MAP_TEXT | MAP_INITDATA); 891 892 return (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff)); 893 } 894 #endif 895 return (MAP_FAILED); 896 } 897 898 /* 899 * Map in a file. 900 */ 901 static caddr_t 902 elf_map_it( 903 Lm_list *lml, /* link-map list */ 904 const char *name, /* actual name stored for pathname */ 905 Off fsize, /* total mapping claim of the file */ 906 Ehdr *ehdr, /* ELF header of file */ 907 Phdr *fphdr, /* first loadable Phdr */ 908 Phdr *lphdr, /* last loadable Phdr */ 909 Phdr **rrphdr, /* return first Phdr in reservation */ 910 caddr_t *rraddr, /* return start of reservation */ 911 Off *rrsize, /* return total size of reservation */ 912 int fixed, /* image is resolved to a fixed addr */ 913 int fd, /* images file descriptor */ 914 Xword align, /* image segments maximum alignment */ 915 Mmap *mmaps, /* mmap information array and */ 916 uint_t *mmapcnt) /* mapping count */ 917 { 918 caddr_t raddr; /* reservation address */ 919 Off rsize; /* reservation size */ 920 Phdr *phdr; /* working program header poiner */ 921 caddr_t maddr; /* working mmap address */ 922 caddr_t faddr; /* working file address */ 923 size_t padsize; /* object padding requirement */ 924 size_t padpsize = 0; /* padding size rounded to next page */ 925 size_t padmsize = 0; /* padding size rounded for alignment */ 926 int skipfseg; /* skip mapping first segment */ 927 int mperm; /* segment permissions */ 928 Am_ret amret = AM_NOSUP; 929 930 /* 931 * If padding is required extend both the front and rear of the image. 932 * To insure the image itself is mapped at the correct alignment the 933 * initial padding is rounded up to the nearest page. Once the image is 934 * mapped the excess can be pruned to the nearest page required for the 935 * actual padding itself. 936 */ 937 if ((padsize = r_debug.rtd_objpad) != 0) { 938 padpsize = M_PROUND(padsize); 939 if (fixed) 940 padmsize = padpsize; 941 else 942 padmsize = S_ROUND(padsize, align); 943 } 944 945 /* 946 * Determine the initial permissions used to map in the first segment. 947 * If this segments memsz is greater that its filesz then the difference 948 * must be zeroed. Make sure this segment is writable. 949 */ 950 mperm = 0; 951 if (fphdr->p_flags & PF_R) 952 mperm |= PROT_READ; 953 if (fphdr->p_flags & PF_X) 954 mperm |= PROT_EXEC; 955 if ((fphdr->p_flags & PF_W) || (fphdr->p_memsz > fphdr->p_filesz)) 956 mperm |= PROT_WRITE; 957 958 /* 959 * Determine whether or not to let system reserve address space based on 960 * whether this is a dynamic executable (addresses in object are fixed) 961 * or a shared object (addresses in object are relative to the objects' 962 * base). 963 */ 964 if (fixed) { 965 /* 966 * Determine the reservation address and size, and insure that 967 * this reservation isn't already in use. 968 */ 969 faddr = maddr = (caddr_t)M_PTRUNC((ulong_t)fphdr->p_vaddr); 970 raddr = maddr - padpsize; 971 rsize = fsize + padpsize + padsize; 972 973 if (lml_main.lm_head) { 974 if (elf_map_check(lml, name, raddr, rsize) != 0) 975 return (0); 976 } 977 978 /* 979 * As this is a fixed image, all segments must be individually 980 * mapped. 981 */ 982 skipfseg = 0; 983 984 } else { 985 size_t esize; 986 987 /* 988 * If this isn't a fixed image, reserve enough address space for 989 * the entire image to be mapped. The amount of reservation is 990 * the range between the beginning of the first, and end of the 991 * last loadable segment, together with any padding, plus the 992 * alignment of the first segment. 993 * 994 * The optimal reservation is made as a no-reserve mapping from 995 * anonymous memory. Each segment is then mapped into this 996 * reservation. If the anonymous mapping capability isn't 997 * available, the reservation is obtained from the file itself. 998 * In this case the first segment of the image is mapped as part 999 * of the reservation, thus only the following segments need to 1000 * be remapped. 1001 */ 1002 rsize = fsize + padmsize + padsize; 1003 if ((amret = elf_map_reserve(lml, name, &raddr, rsize, mperm, 1004 fd, align)) == AM_ERROR) 1005 return (0); 1006 maddr = raddr + padmsize; 1007 faddr = (caddr_t)S_ROUND((Off)maddr, align); 1008 1009 /* 1010 * If this reservation has been obtained from anonymous memory, 1011 * then all segments must be individually mapped. Otherwise, 1012 * the first segment heads the reservation. 1013 */ 1014 if (amret == AM_OK) 1015 skipfseg = 0; 1016 else 1017 skipfseg = 1; 1018 1019 /* 1020 * For backward compatibility (where MAP_ALIGN isn't available), 1021 * insure the alignment of the reservation is adequate for this 1022 * object, and if not remap the object to obtain the correct 1023 * alignment. 1024 */ 1025 if (faddr != maddr) { 1026 (void) munmap(raddr, rsize); 1027 1028 rsize += align; 1029 if ((amret = elf_map_reserve(lml, name, &raddr, rsize, 1030 mperm, fd, align)) == AM_ERROR) 1031 return (0); 1032 1033 maddr = faddr = (caddr_t)S_ROUND((Off)(raddr + 1034 padpsize), align); 1035 1036 esize = maddr - raddr + padpsize; 1037 1038 /* 1039 * As ths image has been realigned, the first segment 1040 * of the file needs to be remapped to its correct 1041 * location. 1042 */ 1043 skipfseg = 0; 1044 } else 1045 esize = padmsize - padpsize; 1046 1047 /* 1048 * If this reservation included padding, remove any excess for 1049 * the start of the image (the padding was adjusted to insure 1050 * the image was aligned appropriately). 1051 */ 1052 if (esize) { 1053 (void) munmap(raddr, esize); 1054 raddr += esize; 1055 rsize -= esize; 1056 } 1057 } 1058 1059 /* 1060 * At this point we know the initial location of the image, and its 1061 * size. Pass these back to the caller for inclusion in the link-map 1062 * that will eventually be created. 1063 */ 1064 *rraddr = raddr; 1065 *rrsize = rsize; 1066 1067 /* 1068 * The first loadable segment is now pointed to by maddr. This segment 1069 * will eventually contain the elf header and program headers, so reset 1070 * the program header. Pass this back to the caller for inclusion in 1071 * the link-map so it can be used for later unmapping operations. 1072 */ 1073 /* LINTED */ 1074 *rrphdr = (Phdr *)((char *)maddr + ehdr->e_phoff); 1075 1076 /* 1077 * If padding is required at the front of the image, obtain that now. 1078 * Note, if we've already obtained a reservation from anonymous memory 1079 * then this reservation will already include suitable padding. 1080 * Otherwise this reservation is backed by the file, or in the case of 1081 * a fixed image, doesn't yet exist. Map the padding so that it is 1082 * suitably protected (PROT_NONE), and insure the first segment of the 1083 * file is mapped to its correct location. 1084 */ 1085 if (padsize) { 1086 if (amret == AM_NOSUP) { 1087 if (dz_map(lml, raddr, padpsize, PROT_NONE, 1088 (MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE)) == 1089 MAP_FAILED) 1090 return (0); 1091 1092 skipfseg = 0; 1093 } 1094 rsize -= padpsize; 1095 } 1096 1097 /* 1098 * Map individual segments. For a fixed image, these will each be 1099 * unique mappings. For a reservation these will fill in the 1100 * reservation. 1101 */ 1102 for (phdr = fphdr; phdr <= lphdr; 1103 phdr = (Phdr *)((Off)phdr + ehdr->e_phentsize)) { 1104 caddr_t addr; 1105 Off mlen, flen; 1106 size_t size; 1107 1108 /* 1109 * Skip non-loadable segments or segments that don't occupy 1110 * any memory. 1111 */ 1112 if (((phdr->p_type != PT_LOAD) && 1113 (phdr->p_type != PT_SUNWBSS)) || (phdr->p_memsz == 0)) 1114 continue; 1115 1116 /* 1117 * Establish this segments address relative to our base. 1118 */ 1119 addr = (caddr_t)M_PTRUNC((ulong_t)(phdr->p_vaddr + 1120 (fixed ? 0 : faddr))); 1121 1122 /* 1123 * Determine the mapping protection from the segment attributes. 1124 * Also determine the etext address from the last loadable 1125 * segment which has permissions but no write access. 1126 */ 1127 mperm = 0; 1128 if (phdr->p_flags) { 1129 if (phdr->p_flags & PF_R) 1130 mperm |= PROT_READ; 1131 if (phdr->p_flags & PF_X) 1132 mperm |= PROT_EXEC; 1133 if (phdr->p_flags & PF_W) 1134 mperm |= PROT_WRITE; 1135 else 1136 fmap->fm_etext = phdr->p_vaddr + phdr->p_memsz + 1137 (ulong_t)(fixed ? 0 : faddr); 1138 } 1139 1140 /* 1141 * Determine the type of mapping required. 1142 */ 1143 if (phdr->p_type == PT_SUNWBSS) { 1144 /* 1145 * Potentially, we can defer the loading of any SUNWBSS 1146 * segment, depending on whether the symbols it provides 1147 * have been bound to. In this manner, large segments 1148 * that are interposed upon between shared libraries 1149 * may not require mapping. Note, that the mapping 1150 * information is recorded in our mapping descriptor at 1151 * this time. 1152 */ 1153 mlen = phdr->p_memsz; 1154 flen = 0; 1155 1156 } else if ((phdr->p_filesz == 0) && (phdr->p_flags == 0)) { 1157 /* 1158 * If this segment has no backing file and no flags 1159 * specified, then it defines a reservation. At this 1160 * point all standard loadable segments will have been 1161 * processed. The segment reservation is mapped 1162 * directly from /dev/null. 1163 */ 1164 if (nu_map(lml, (caddr_t)addr, phdr->p_memsz, PROT_NONE, 1165 MAP_FIXED | MAP_PRIVATE) == MAP_FAILED) 1166 return (0); 1167 1168 mlen = phdr->p_memsz; 1169 flen = 0; 1170 1171 } else if (phdr->p_filesz == 0) { 1172 /* 1173 * If this segment has no backing file then it defines a 1174 * nobits segment and is mapped directly from /dev/zero. 1175 */ 1176 if (dz_map(lml, (caddr_t)addr, phdr->p_memsz, mperm, 1177 MAP_FIXED | MAP_PRIVATE) == MAP_FAILED) 1178 return (0); 1179 1180 mlen = phdr->p_memsz; 1181 flen = 0; 1182 1183 } else { 1184 Off foff; 1185 1186 /* 1187 * This mapping originates from the file. Determine the 1188 * file offset to which the mapping will be directed 1189 * (must be aligned) and how much to map (might be more 1190 * than the file in the case of .bss). 1191 */ 1192 foff = M_PTRUNC((ulong_t)phdr->p_offset); 1193 mlen = phdr->p_memsz + (phdr->p_offset - foff); 1194 flen = phdr->p_filesz + (phdr->p_offset - foff); 1195 1196 /* 1197 * If this is a non-fixed, non-anonymous mapping, and no 1198 * padding is involved, then the first loadable segment 1199 * is already part of the initial reservation. In this 1200 * case there is no need to remap this segment. 1201 */ 1202 if ((skipfseg == 0) || (phdr != fphdr)) { 1203 int phdr_mperm = mperm; 1204 /* 1205 * If this segments memsz is greater that its 1206 * filesz then the difference must be zeroed. 1207 * Make sure this segment is writable. 1208 */ 1209 if (phdr->p_memsz > phdr->p_filesz) 1210 mperm |= PROT_WRITE; 1211 1212 if (elf_map_textdata((caddr_t)addr, flen, 1213 mperm, phdr_mperm, 1214 (MAP_FIXED | MAP_PRIVATE), fd, foff) == 1215 MAP_FAILED) { 1216 int err = errno; 1217 eprintf(lml, ERR_FATAL, 1218 MSG_INTL(MSG_SYS_MMAP), name, 1219 strerror(err)); 1220 return (0); 1221 } 1222 } 1223 1224 /* 1225 * If the memory occupancy of the segment overflows the 1226 * definition in the file, we need to "zero out" the end 1227 * of the mapping we've established, and if necessary, 1228 * map some more space from /dev/zero. Note, zero'ed 1229 * memory must end on a double word boundary to satisfy 1230 * zero(). 1231 */ 1232 if (phdr->p_memsz > phdr->p_filesz) { 1233 caddr_t zaddr; 1234 size_t zlen, zplen; 1235 Off fend; 1236 1237 foff = (Off)(phdr->p_vaddr + phdr->p_filesz + 1238 (fixed ? 0 : faddr)); 1239 zaddr = (caddr_t)M_PROUND(foff); 1240 zplen = (size_t)(zaddr - foff); 1241 1242 fend = (Off)S_DROUND((size_t)(phdr->p_vaddr + 1243 phdr->p_memsz + (fixed ? 0 : faddr))); 1244 zlen = (size_t)(fend - foff); 1245 1246 /* 1247 * Determine whether the number of bytes that 1248 * must be zero'ed overflow to the next page. 1249 * If not, simply clear the exact bytes 1250 * (filesz to memsz) from this page. Otherwise, 1251 * clear the remaining bytes of this page, and 1252 * map an following pages from /dev/zero. 1253 */ 1254 if (zlen < zplen) 1255 zero((caddr_t)foff, (long)zlen); 1256 else { 1257 zero((caddr_t)foff, (long)zplen); 1258 1259 if ((zlen = (fend - (Off)zaddr)) > 0) { 1260 if (dz_map(lml, zaddr, zlen, 1261 mperm, 1262 MAP_FIXED | MAP_PRIVATE) == 1263 MAP_FAILED) 1264 return (0); 1265 } 1266 } 1267 } 1268 } 1269 1270 /* 1271 * Unmap anything from the last mapping address to this one and 1272 * update the mapping claim pointer. 1273 */ 1274 if ((fixed == 0) && ((size = addr - maddr) != 0)) { 1275 (void) munmap(maddr, size); 1276 rsize -= size; 1277 } 1278 1279 /* 1280 * Retain this segments mapping information. 1281 */ 1282 mmaps[*mmapcnt].m_vaddr = addr; 1283 mmaps[*mmapcnt].m_msize = mlen; 1284 mmaps[*mmapcnt].m_fsize = flen; 1285 mmaps[*mmapcnt].m_perm = mperm; 1286 (*mmapcnt)++; 1287 1288 maddr = addr + M_PROUND(mlen); 1289 rsize -= M_PROUND(mlen); 1290 } 1291 1292 /* 1293 * If padding is required at the end of the image, obtain that now. 1294 * Note, if we've already obtained a reservation from anonymous memory 1295 * then this reservation will already include suitable padding. 1296 */ 1297 if (padsize) { 1298 if (amret == AM_NOSUP) { 1299 /* 1300 * maddr is currently page aligned from the last segment 1301 * mapping. 1302 */ 1303 if (dz_map(lml, maddr, padsize, PROT_NONE, 1304 (MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE)) == 1305 MAP_FAILED) 1306 return (0); 1307 } 1308 maddr += padsize; 1309 rsize -= padsize; 1310 } 1311 1312 /* 1313 * Unmap any final reservation. 1314 */ 1315 if ((fixed == 0) && (rsize != 0)) 1316 (void) munmap(maddr, rsize); 1317 1318 return (faddr); 1319 } 1320 1321 /* 1322 * A null symbol interpretor. Used if a filter has no associated filtees. 1323 */ 1324 /* ARGSUSED0 */ 1325 static Sym * 1326 elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo) 1327 { 1328 return ((Sym *)0); 1329 } 1330 1331 /* 1332 * Disable filtee use. 1333 */ 1334 static void 1335 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 1336 { 1337 dip->di_info = 0; 1338 1339 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 1340 /* 1341 * If this is an object filter, free the filtee's duplication. 1342 */ 1343 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 1344 free(REFNAME(lmp)); 1345 REFNAME(lmp) = (char *)0; 1346 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1347 1348 /* 1349 * Indicate that this filtee is no longer available. 1350 */ 1351 if (dip->di_flags & FLG_DI_STDFLTR) 1352 SYMINTP(lmp) = elf_null_find_sym; 1353 1354 } 1355 } else if (dip->di_flags & FLG_DI_STDFLTR) { 1356 /* 1357 * Indicate that this standard filtee is no longer available. 1358 */ 1359 if (SYMSFLTRCNT(lmp)) 1360 SYMSFLTRCNT(lmp)--; 1361 } else { 1362 /* 1363 * Indicate that this auxiliary filtee is no longer available. 1364 */ 1365 if (SYMAFLTRCNT(lmp)) 1366 SYMAFLTRCNT(lmp)--; 1367 } 1368 dip->di_flags &= ~MSK_DI_FILTER; 1369 } 1370 1371 /* 1372 * Find symbol interpreter - filters. 1373 * This function is called when the symbols from a shared object should 1374 * be resolved from the shared objects filtees instead of from within itself. 1375 * 1376 * A symbol name of 0 is used to trigger filtee loading. 1377 */ 1378 static Sym * 1379 _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx) 1380 { 1381 const char *name = slp->sl_name, *filtees; 1382 Rt_map *clmp = slp->sl_cmap; 1383 Rt_map *ilmp = slp->sl_imap; 1384 Pnode *pnp, **pnpp; 1385 int any; 1386 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 1387 Lm_list *lml = LIST(ilmp); 1388 1389 /* 1390 * Indicate that the filter has been used. If a binding already exists 1391 * to the caller, indicate that this object is referenced. This insures 1392 * we don't generate false unreferenced diagnostics from ldd -u/U or 1393 * debugging. Don't create a binding regardless, as this filter may 1394 * have been dlopen()'ed. 1395 */ 1396 if (name && (ilmp != clmp)) { 1397 Word tracing = (LIST(clmp)->lm_flags & 1398 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 1399 1400 if (tracing || DBG_ENABLED) { 1401 Bnd_desc *bdp; 1402 Aliste idx; 1403 1404 FLAGS1(ilmp) |= FL1_RT_USED; 1405 1406 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 1407 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 1408 if (bdp->b_caller == clmp) { 1409 bdp->b_flags |= BND_REFER; 1410 break; 1411 } 1412 } 1413 } 1414 } 1415 } 1416 1417 /* 1418 * If this is the first call to process this filter, establish the 1419 * filtee list. If a configuration file exists, determine if any 1420 * filtee associations for this filter, and its filtee reference, are 1421 * defined. Otherwise, process the filtee reference. Any token 1422 * expansion is also completed at this point (i.e., $PLATFORM). 1423 */ 1424 filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; 1425 if (dip->di_info == 0) { 1426 if (rtld_flags2 & RT_FL2_FLTCFG) 1427 dip->di_info = elf_config_flt(lml, PATHNAME(ilmp), 1428 filtees); 1429 1430 if (dip->di_info == 0) { 1431 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 1432 if ((lml->lm_flags & 1433 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 1434 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 1435 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 1436 NAME(ilmp), filtees); 1437 1438 if ((dip->di_info = (void *)expand_paths(ilmp, 1439 filtees, PN_SER_FILTEE, 0)) == 0) { 1440 elf_disable_filtee(ilmp, dip); 1441 return ((Sym *)0); 1442 } 1443 } 1444 } 1445 1446 /* 1447 * Traverse the filtee list, dlopen()'ing any objects specified and 1448 * using their group handle to lookup the symbol. 1449 */ 1450 for (any = 0, pnpp = (Pnode **)&(dip->di_info), pnp = *pnpp; pnp; 1451 pnpp = &pnp->p_next, pnp = *pnpp) { 1452 int mode; 1453 Grp_hdl *ghp; 1454 Rt_map *nlmp = 0; 1455 1456 if (pnp->p_len == 0) 1457 continue; 1458 1459 /* 1460 * Establish the mode of the filtee from the filter. As filtees 1461 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 1462 * and the filtees aren't global. It would be nice to have 1463 * RTLD_FIRST used here also, but as filters got out long before 1464 * RTLD_FIRST was introduced it's a little too late now. 1465 */ 1466 mode = MODE(ilmp) | RTLD_GROUP; 1467 mode &= ~RTLD_GLOBAL; 1468 1469 /* 1470 * Insure that any auxiliary filter can locate symbols from its 1471 * caller. 1472 */ 1473 if (dip->di_flags & FLG_DI_AUXFLTR) 1474 mode |= RTLD_PARENT; 1475 1476 /* 1477 * Process any hardware capability directory. Establish a new 1478 * link-map control list from which to analyze any newly added 1479 * objects. 1480 */ 1481 if ((pnp->p_info == 0) && (pnp->p_orig & PN_TKN_HWCAP)) { 1482 Lm_cntl *lmc; 1483 Aliste lmco; 1484 1485 if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) { 1486 if ((lmc = alist_append(&lml->lm_lists, 0, 1487 sizeof (Lm_cntl), AL_CNT_LMLISTS)) == 0) 1488 return ((Sym *)0); 1489 lmco = (Aliste)((char *)lmc - 1490 (char *)lml->lm_lists); 1491 } else { 1492 lmc = 0; 1493 lmco = ALIST_OFF_DATA; 1494 } 1495 1496 pnp = hwcap_filtees(pnpp, lmco, lmc, dip, ilmp, filtees, 1497 mode, (FLG_RT_HANDLE | FLG_RT_HWCAP)); 1498 1499 /* 1500 * Now that any hardware capability objects have been 1501 * processed, remove any link-map control list. 1502 */ 1503 if (lmc) 1504 remove_cntl(lml, lmco); 1505 } 1506 1507 if (pnp->p_len == 0) 1508 continue; 1509 1510 /* 1511 * Process an individual filtee. 1512 */ 1513 if (pnp->p_info == 0) { 1514 const char *filtee = pnp->p_name; 1515 int audit = 0; 1516 1517 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 1518 1519 ghp = 0; 1520 1521 /* 1522 * Determine if the reference link map is already 1523 * loaded. As an optimization compare the filtee with 1524 * our interpretor. The most common filter is 1525 * libdl.so.1, which is a filter on ld.so.1. 1526 */ 1527 #if defined(_ELF64) 1528 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 1529 #else 1530 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 1531 #endif 1532 /* 1533 * Create an association between ld.so.1 and the 1534 * filter. As an optimization, a handle for 1535 * ld.so.1 itself (required for the dlopen() 1536 * family filtering mechanism) shouldn't search 1537 * any dependencies of ld.so.1. Omitting 1538 * GPD_ADDEPS prevents the addition of any 1539 * ld.so.1 dependencies to this handle. 1540 */ 1541 nlmp = lml_rtld.lm_head; 1542 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1543 (GPH_LDSO | GPH_FIRST | GPH_FILTEE), 1544 (GPD_DLSYM | GPD_RELOC), GPD_PARENT)) == 0) 1545 nlmp = 0; 1546 1547 /* 1548 * Establish the filter handle to prevent any 1549 * recursion. 1550 */ 1551 if (nlmp && ghp) 1552 pnp->p_info = (void *)ghp; 1553 1554 /* 1555 * Audit the filter/filtee established. Ignore 1556 * any return from the auditor, as we can't 1557 * allow ignore filtering to ld.so.1, otherwise 1558 * nothing is going to work. 1559 */ 1560 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1561 LML_TFLG_AUD_OBJFILTER)) 1562 (void) audit_objfilter(ilmp, filtees, 1563 nlmp, 0); 1564 1565 } else { 1566 Rej_desc rej = { 0 }; 1567 Lm_cntl *lmc; 1568 Aliste lmco; 1569 1570 /* 1571 * Establish a new link-map control list from 1572 * which to analyze any newly added objects. 1573 */ 1574 if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) { 1575 if ((lmc = 1576 alist_append(&lml->lm_lists, 0, 1577 sizeof (Lm_cntl), 1578 AL_CNT_LMLISTS)) == 0) 1579 return ((Sym *)0); 1580 lmco = (Aliste)((char *)lmc - 1581 (char *)lml->lm_lists); 1582 } else { 1583 lmc = 0; 1584 lmco = ALIST_OFF_DATA; 1585 } 1586 1587 /* 1588 * Load the filtee. Note, an auditor can 1589 * provide an alternative name. 1590 */ 1591 if ((nlmp = load_path(lml, lmco, &(pnp->p_name), 1592 ilmp, mode, FLG_RT_HANDLE, &ghp, 0, 1593 &rej)) == 0) { 1594 file_notfound(LIST(ilmp), filtee, ilmp, 1595 FLG_RT_HANDLE, &rej); 1596 remove_rej(&rej); 1597 } 1598 filtee = pnp->p_name; 1599 1600 /* 1601 * Establish the filter handle to prevent any 1602 * recursion. 1603 */ 1604 if (nlmp && ghp) { 1605 ghp->gh_flags |= GPH_FILTEE; 1606 pnp->p_info = (void *)ghp; 1607 } 1608 1609 /* 1610 * Audit the filter/filtee established. A 1611 * return of 0 indicates the auditor wishes to 1612 * ignore this filtee. 1613 */ 1614 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1615 LML_TFLG_AUD_OBJFILTER)) { 1616 if (audit_objfilter(ilmp, filtees, 1617 nlmp, 0) == 0) { 1618 audit = 1; 1619 nlmp = 0; 1620 } 1621 } 1622 1623 /* 1624 * Finish processing the objects associated with 1625 * this request. Create an association between 1626 * this object and the originating filter to 1627 * provide sufficient information to tear down 1628 * this filtee if necessary. 1629 */ 1630 if (nlmp && ghp && 1631 ((analyze_lmc(lml, lmco, nlmp) == 0) || 1632 (relocate_lmc(lml, lmco, ilmp, nlmp) == 0))) 1633 nlmp = 0; 1634 1635 /* 1636 * If the filtee has been successfully 1637 * processed, then create an association 1638 * between the filter and filtee. This 1639 * association provides sufficient information 1640 * to tear down the filter and filtee if 1641 * necessary. 1642 */ 1643 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1644 if (nlmp && ghp && 1645 (hdl_add(ghp, ilmp, GPD_FILTER) == 0)) 1646 nlmp = 0; 1647 1648 /* 1649 * If this filtee loading has failed, and we've 1650 * created a new link-map control list to which 1651 * this request has added objects, then remove 1652 * all the objects that have been associated to 1653 * this request. 1654 */ 1655 if ((nlmp == 0) && lmc && lmc->lc_head) 1656 remove_lmc(lml, clmp, lmc, lmco, name); 1657 1658 /* 1659 * Remove any link-map control list that was 1660 * created. 1661 */ 1662 if (lmc) 1663 remove_cntl(lml, lmco); 1664 } 1665 1666 /* 1667 * Generate a diagnostic if the filtee couldn't be 1668 * loaded, null out the pnode entry, and continue 1669 * the search. Otherwise, retain this group handle 1670 * for future symbol searches. 1671 */ 1672 if (nlmp == 0) { 1673 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1674 audit)); 1675 1676 pnp->p_info = 0; 1677 pnp->p_len = 0; 1678 continue; 1679 } 1680 } 1681 1682 ghp = (Grp_hdl *)pnp->p_info; 1683 1684 /* 1685 * If we're just here to trigger filtee loading skip the symbol 1686 * lookup so we'll continue looking for additional filtees. 1687 */ 1688 if (name) { 1689 Grp_desc *gdp; 1690 Sym *sym = 0; 1691 Aliste idx; 1692 Slookup sl = *slp; 1693 1694 sl.sl_flags |= LKUP_FIRST; 1695 any++; 1696 1697 /* 1698 * Look for the symbol in the handles dependencies. 1699 */ 1700 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1701 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1702 continue; 1703 1704 /* 1705 * If our parent is a dependency don't look at 1706 * it (otherwise we are in a recursive loop). 1707 * This situation can occur with auxiliary 1708 * filters if the filtee has a dependency on the 1709 * filter. This dependency isn't necessary as 1710 * auxiliary filters are opened RTLD_PARENT, but 1711 * users may still unknowingly add an explicit 1712 * dependency to the parent. 1713 */ 1714 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1715 continue; 1716 1717 if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp, 1718 binfo)) != 0) || 1719 (ghp->gh_flags & GPH_FIRST)) 1720 break; 1721 } 1722 1723 /* 1724 * If a symbol has been found, indicate the binding 1725 * and return the symbol. 1726 */ 1727 if (sym) { 1728 *binfo |= DBG_BINFO_FILTEE; 1729 return (sym); 1730 } 1731 } 1732 1733 /* 1734 * If this object is tagged to terminate filtee processing we're 1735 * done. 1736 */ 1737 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1738 break; 1739 } 1740 1741 /* 1742 * If we're just here to trigger filtee loading then we're done. 1743 */ 1744 if (name == 0) 1745 return ((Sym *)0); 1746 1747 /* 1748 * If no filtees have been found for a filter, clean up any Pnode 1749 * structures and disable their search completely. For auxiliary 1750 * filters we can reselect the symbol search function so that we never 1751 * enter this routine again for this object. For standard filters we 1752 * use the null symbol routine. 1753 */ 1754 if (any == 0) { 1755 remove_pnode((Pnode *)dip->di_info); 1756 elf_disable_filtee(ilmp, dip); 1757 return ((Sym *)0); 1758 } 1759 1760 return ((Sym *)0); 1761 } 1762 1763 /* 1764 * Focal point for disabling error messages for auxiliary filters. As an 1765 * auxiliary filter allows for filtee use, but provides a fallback should a 1766 * filtee not exist (or fail to load), any errors generated as a consequence of 1767 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1768 * suppresses errors generated by eprint(), but insures a debug diagnostic is 1769 * produced. ldd(1) employs printf(), and here, the selection of whether to 1770 * print a diagnostic in regards to auxiliary filters is a little more complex. 1771 * 1772 * . The determination of whether to produce an ldd message, or a fatal 1773 * error message is driven by LML_FLG_TRC_ENABLE. 1774 * . More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1775 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1776 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1777 * 1778 * . If the calling object is lddstub, then several classes of message are 1779 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1780 * a stub executable employed to preload a user specified library against. 1781 * 1782 * . If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1783 * be suppressed. All detailed ldd messages should still be produced. 1784 */ 1785 Sym * 1786 elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx) 1787 { 1788 Sym *sym; 1789 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1790 int silent = 0; 1791 1792 /* 1793 * Make sure this entry is still acting as a filter. We may have tried 1794 * to process this previously, and disabled it if the filtee couldn't 1795 * be processed. However, other entries may provide different filtees 1796 * that are yet to be completed. 1797 */ 1798 if (dip->di_flags == 0) 1799 return ((Sym *)0); 1800 1801 /* 1802 * Indicate whether an error message is required should this filtee not 1803 * be found, based on the type of filter. 1804 */ 1805 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1806 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1807 rtld_flags |= RT_FL_SILENCERR; 1808 silent = 1; 1809 } 1810 1811 sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx); 1812 1813 if (silent) 1814 rtld_flags &= ~RT_FL_SILENCERR; 1815 1816 return (sym); 1817 } 1818 1819 /* 1820 * Compute the elf hash value (as defined in the ELF access library). 1821 * The form of the hash table is: 1822 * 1823 * |--------------| 1824 * | # of buckets | 1825 * |--------------| 1826 * | # of chains | 1827 * |--------------| 1828 * | bucket[] | 1829 * |--------------| 1830 * | chain[] | 1831 * |--------------| 1832 */ 1833 ulong_t 1834 elf_hash(const char *name) 1835 { 1836 uint_t hval = 0; 1837 1838 while (*name) { 1839 uint_t g; 1840 hval = (hval << 4) + *name++; 1841 if ((g = (hval & 0xf0000000)) != 0) 1842 hval ^= g >> 24; 1843 hval &= ~g; 1844 } 1845 return ((ulong_t)hval); 1846 } 1847 1848 /* 1849 * If flag argument has LKUP_SPEC set, we treat undefined symbols of type 1850 * function specially in the executable - if they have a value, even though 1851 * undefined, we use that value. This allows us to associate all references 1852 * to a function's address to a single place in the process: the plt entry 1853 * for that function in the executable. Calls to lookup from plt binding 1854 * routines do NOT set LKUP_SPEC in the flag. 1855 */ 1856 Sym * 1857 elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo) 1858 { 1859 const char *name = slp->sl_name; 1860 Rt_map *ilmp = slp->sl_imap; 1861 ulong_t hash = slp->sl_hash; 1862 uint_t ndx, htmp, buckets, *chainptr; 1863 Sym *sym, *symtabptr; 1864 char *strtabptr, *strtabname; 1865 uint_t flags1; 1866 Syminfo *sip; 1867 1868 /* 1869 * If we're only here to establish a symbols index, skip the diagnostic 1870 * used to trace a symbol search. 1871 */ 1872 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1873 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1874 1875 if (HASH(ilmp) == 0) 1876 return ((Sym *)0); 1877 1878 buckets = HASH(ilmp)[0]; 1879 /* LINTED */ 1880 htmp = (uint_t)hash % buckets; 1881 1882 /* 1883 * Get the first symbol on hash chain and initialize the string 1884 * and symbol table pointers. 1885 */ 1886 if ((ndx = HASH(ilmp)[htmp + 2]) == 0) 1887 return ((Sym *)0); 1888 1889 chainptr = HASH(ilmp) + 2 + buckets; 1890 strtabptr = STRTAB(ilmp); 1891 symtabptr = SYMTAB(ilmp); 1892 1893 while (ndx) { 1894 sym = symtabptr + ndx; 1895 strtabname = strtabptr + sym->st_name; 1896 1897 /* 1898 * Compare the symbol found with the name required. If the 1899 * names don't match continue with the next hash entry. 1900 */ 1901 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1902 if ((ndx = chainptr[ndx]) != 0) 1903 continue; 1904 return ((Sym *)0); 1905 } 1906 1907 /* 1908 * The Solaris ld does not put DT_VERSYM in the dynamic 1909 * section, but the GNU ld does. The GNU runtime linker 1910 * interprets the top bit of the 16-bit Versym value 1911 * (0x8000) as the "hidden" bit. If this bit is set, 1912 * the linker is supposed to act as if that symbol does 1913 * not exist. The hidden bit supports their versioning 1914 * scheme, which allows multiple incompatible functions 1915 * with the same name to exist at different versions 1916 * within an object. The Solaris linker does not support this 1917 * mechanism, or the model of interface evolution that 1918 * it allows, but we honor the hidden bit in GNU ld 1919 * produced objects in order to interoperate with them. 1920 */ 1921 if ((VERSYM(ilmp) != NULL) && 1922 ((VERSYM(ilmp)[ndx] & 0x8000) != 0)) { 1923 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1924 ndx, VERSYM(ilmp)[ndx])); 1925 if ((ndx = chainptr[ndx]) != 0) 1926 continue; 1927 return ((Sym *)0); 1928 } 1929 1930 /* 1931 * If we're only here to establish a symbols index, we're done. 1932 */ 1933 if (slp->sl_flags & LKUP_SYMNDX) 1934 return (sym); 1935 1936 /* 1937 * If we find a match and the symbol is defined, return the 1938 * symbol pointer and the link map in which it was found. 1939 */ 1940 if (sym->st_shndx != SHN_UNDEF) { 1941 *dlmp = ilmp; 1942 *binfo |= DBG_BINFO_FOUND; 1943 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1944 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1945 is_sym_interposer(ilmp, sym))) 1946 *binfo |= DBG_BINFO_INTERPOSE; 1947 break; 1948 1949 /* 1950 * If we find a match and the symbol is undefined, the 1951 * symbol type is a function, and the value of the symbol 1952 * is non zero, then this is a special case. This allows 1953 * the resolution of a function address to the plt[] entry. 1954 * See SPARC ABI, Dynamic Linking, Function Addresses for 1955 * more details. 1956 */ 1957 } else if ((slp->sl_flags & LKUP_SPEC) && 1958 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1959 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1960 *dlmp = ilmp; 1961 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1962 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1963 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1964 is_sym_interposer(ilmp, sym))) 1965 *binfo |= DBG_BINFO_INTERPOSE; 1966 return (sym); 1967 } 1968 1969 /* 1970 * Undefined symbol. 1971 */ 1972 return ((Sym *)0); 1973 } 1974 1975 /* 1976 * We've found a match. Determine if the defining object contains 1977 * symbol binding information. 1978 */ 1979 if ((sip = SYMINFO(ilmp)) != 0) 1980 sip += ndx; 1981 1982 /* 1983 * If this definition is a singleton, and we haven't followed a default 1984 * symbol search knowing that we're looking for a singleton (presumably 1985 * because the symbol definition has been changed since the referring 1986 * object was built), then reject this binding so that the caller can 1987 * fall back to a standard symbol search. 1988 */ 1989 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1990 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1991 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1992 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1993 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1994 DBG_BNDREJ_SINGLE)); 1995 *binfo |= BINFO_REJSINGLE; 1996 *binfo &= ~DBG_BINFO_MSK; 1997 return ((Sym *)0); 1998 } 1999 2000 /* 2001 * If this is a direct binding request, but the symbol definition has 2002 * disabled directly binding to it (presumably because the symbol 2003 * definition has been changed since the referring object was built), 2004 * indicate this failure so that the caller can fall back to a standard 2005 * symbol search. 2006 */ 2007 if (sip && (slp->sl_flags & LKUP_DIRECT) && 2008 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 2009 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 2010 DBG_BNDREJ_NODIR)); 2011 *binfo |= BINFO_REJDIRECT; 2012 *binfo &= ~DBG_BINFO_MSK; 2013 return ((Sym *)0); 2014 } 2015 2016 /* 2017 * Determine whether this object is acting as a filter. 2018 */ 2019 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 2020 return (sym); 2021 2022 /* 2023 * Determine if this object offers per-symbol filtering, and if so, 2024 * whether this symbol references a filtee. 2025 */ 2026 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 2027 /* 2028 * If this is a standard filter reference, and no standard 2029 * filtees remain to be inspected, we're done. If this is an 2030 * auxiliary filter reference, and no auxiliary filtees remain, 2031 * we'll fall through in case any object filtering is available. 2032 */ 2033 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 2034 (SYMSFLTRCNT(ilmp) == 0)) 2035 return ((Sym *)0); 2036 2037 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 2038 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 2039 SYMAFLTRCNT(ilmp))) { 2040 Sym *fsym; 2041 2042 /* 2043 * This symbol has an associated filtee. Lookup the 2044 * symbol in the filtee, and if it is found return it. 2045 * If the symbol doesn't exist, and this is a standard 2046 * filter, return an error, otherwise fall through to 2047 * catch any object filtering that may be available. 2048 */ 2049 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 2050 sip->si_boundto)) != 0) 2051 return (fsym); 2052 if (sip->si_flags & SYMINFO_FLG_FILTER) 2053 return ((Sym *)0); 2054 } 2055 } 2056 2057 /* 2058 * Determine if this object provides global filtering. 2059 */ 2060 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 2061 Sym *fsym; 2062 2063 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 2064 /* 2065 * This object has an associated filtee. Lookup the 2066 * symbol in the filtee, and if it is found return it. 2067 * If the symbol doesn't exist, and this is a standard 2068 * filter, return and error, otherwise return the symbol 2069 * within the filter itself. 2070 */ 2071 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 2072 OBJFLTRNDX(ilmp))) != 0) 2073 return (fsym); 2074 } 2075 2076 if (flags1 & FL1_RT_OBJSFLTR) 2077 return ((Sym *)0); 2078 } 2079 return (sym); 2080 } 2081 2082 /* 2083 * Create a new Rt_map structure for an ELF object and initialize 2084 * all values. 2085 */ 2086 Rt_map * 2087 elf_new_lm(Lm_list *lml, const char *pname, const char *oname, Dyn *ld, 2088 ulong_t addr, ulong_t etext, Aliste lmco, ulong_t msize, ulong_t entry, 2089 ulong_t paddr, ulong_t padimsize, Mmap *mmaps, uint_t mmapcnt) 2090 { 2091 Rt_map *lmp; 2092 ulong_t base, fltr = 0, audit = 0, cfile = 0, crle = 0; 2093 Xword rpath = 0; 2094 Ehdr *ehdr = (Ehdr *)addr; 2095 2096 DBG_CALL(Dbg_file_elf(lml, pname, (ulong_t)ld, addr, msize, entry, 2097 lml->lm_lmidstr, lmco)); 2098 2099 /* 2100 * Allocate space for the link-map and private elf information. Once 2101 * these are allocated and initialized, we can use remove_so(0, lmp) to 2102 * tear down the link-map should any failures occur. 2103 */ 2104 if ((lmp = calloc(sizeof (Rt_map), 1)) == 0) 2105 return (0); 2106 if ((ELFPRV(lmp) = calloc(sizeof (Rt_elfp), 1)) == 0) { 2107 free(lmp); 2108 return (0); 2109 } 2110 2111 /* 2112 * All fields not filled in were set to 0 by calloc. 2113 */ 2114 ORIGNAME(lmp) = PATHNAME(lmp) = NAME(lmp) = (char *)pname; 2115 DYN(lmp) = ld; 2116 ADDR(lmp) = addr; 2117 MSIZE(lmp) = msize; 2118 ENTRY(lmp) = (Addr)entry; 2119 SYMINTP(lmp) = elf_find_sym; 2120 ETEXT(lmp) = etext; 2121 FCT(lmp) = &elf_fct; 2122 LIST(lmp) = lml; 2123 PADSTART(lmp) = paddr; 2124 PADIMLEN(lmp) = padimsize; 2125 THREADID(lmp) = rt_thr_self(); 2126 OBJFLTRNDX(lmp) = FLTR_DISABLED; 2127 SORTVAL(lmp) = -1; 2128 2129 MMAPS(lmp) = mmaps; 2130 MMAPCNT(lmp) = mmapcnt; 2131 ASSERT(mmapcnt != 0); 2132 2133 /* 2134 * If this is a shared object, add the base address to each address. 2135 * if this is an executable, use address as is. 2136 */ 2137 if (ehdr->e_type == ET_EXEC) { 2138 base = 0; 2139 FLAGS(lmp) |= FLG_RT_FIXED; 2140 } else 2141 base = addr; 2142 2143 /* 2144 * Fill in rest of the link map entries with information from the file's 2145 * dynamic structure. 2146 */ 2147 if (ld) { 2148 uint_t dynndx = 0; 2149 Xword pltpadsz = 0; 2150 Rti_desc *rti; 2151 2152 /* CSTYLED */ 2153 for ( ; ld->d_tag != DT_NULL; ++ld, dynndx++) { 2154 switch ((Xword)ld->d_tag) { 2155 case DT_SYMTAB: 2156 SYMTAB(lmp) = (void *)(ld->d_un.d_ptr + base); 2157 break; 2158 case DT_SUNW_SYMTAB: 2159 SUNWSYMTAB(lmp) = 2160 (void *)(ld->d_un.d_ptr + base); 2161 break; 2162 case DT_SUNW_SYMSZ: 2163 SUNWSYMSZ(lmp) = ld->d_un.d_val; 2164 break; 2165 case DT_STRTAB: 2166 STRTAB(lmp) = (void *)(ld->d_un.d_ptr + base); 2167 break; 2168 case DT_SYMENT: 2169 SYMENT(lmp) = ld->d_un.d_val; 2170 break; 2171 case DT_FEATURE_1: 2172 ld->d_un.d_val |= DTF_1_PARINIT; 2173 if (ld->d_un.d_val & DTF_1_CONFEXP) 2174 crle = 1; 2175 break; 2176 case DT_MOVESZ: 2177 MOVESZ(lmp) = ld->d_un.d_val; 2178 FLAGS(lmp) |= FLG_RT_MOVE; 2179 break; 2180 case DT_MOVEENT: 2181 MOVEENT(lmp) = ld->d_un.d_val; 2182 break; 2183 case DT_MOVETAB: 2184 MOVETAB(lmp) = (void *)(ld->d_un.d_ptr + base); 2185 break; 2186 case DT_REL: 2187 case DT_RELA: 2188 /* 2189 * At this time, ld.so. can only handle one 2190 * type of relocation per object. 2191 */ 2192 REL(lmp) = (void *)(ld->d_un.d_ptr + base); 2193 break; 2194 case DT_RELSZ: 2195 case DT_RELASZ: 2196 RELSZ(lmp) = ld->d_un.d_val; 2197 break; 2198 case DT_RELENT: 2199 case DT_RELAENT: 2200 RELENT(lmp) = ld->d_un.d_val; 2201 break; 2202 case DT_RELCOUNT: 2203 case DT_RELACOUNT: 2204 RELACOUNT(lmp) = (uint_t)ld->d_un.d_val; 2205 break; 2206 case DT_TEXTREL: 2207 FLAGS1(lmp) |= FL1_RT_TEXTREL; 2208 break; 2209 case DT_HASH: 2210 HASH(lmp) = (uint_t *)(ld->d_un.d_ptr + base); 2211 break; 2212 case DT_PLTGOT: 2213 PLTGOT(lmp) = (uint_t *)(ld->d_un.d_ptr + base); 2214 break; 2215 case DT_PLTRELSZ: 2216 PLTRELSZ(lmp) = ld->d_un.d_val; 2217 break; 2218 case DT_JMPREL: 2219 JMPREL(lmp) = (void *)(ld->d_un.d_ptr + base); 2220 break; 2221 case DT_INIT: 2222 if (ld->d_un.d_ptr != NULL) 2223 INIT(lmp) = 2224 (void (*)())(ld->d_un.d_ptr + base); 2225 break; 2226 case DT_FINI: 2227 if (ld->d_un.d_ptr != NULL) 2228 FINI(lmp) = 2229 (void (*)())(ld->d_un.d_ptr + base); 2230 break; 2231 case DT_INIT_ARRAY: 2232 INITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + 2233 base); 2234 break; 2235 case DT_INIT_ARRAYSZ: 2236 INITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; 2237 break; 2238 case DT_FINI_ARRAY: 2239 FINIARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + 2240 base); 2241 break; 2242 case DT_FINI_ARRAYSZ: 2243 FINIARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; 2244 break; 2245 case DT_PREINIT_ARRAY: 2246 PREINITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr + 2247 base); 2248 break; 2249 case DT_PREINIT_ARRAYSZ: 2250 PREINITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val; 2251 break; 2252 case DT_RPATH: 2253 case DT_RUNPATH: 2254 rpath = ld->d_un.d_val; 2255 break; 2256 case DT_FILTER: 2257 fltr = ld->d_un.d_val; 2258 OBJFLTRNDX(lmp) = dynndx; 2259 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 2260 break; 2261 case DT_AUXILIARY: 2262 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 2263 fltr = ld->d_un.d_val; 2264 OBJFLTRNDX(lmp) = dynndx; 2265 } 2266 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 2267 break; 2268 case DT_SUNW_FILTER: 2269 SYMSFLTRCNT(lmp)++; 2270 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 2271 break; 2272 case DT_SUNW_AUXILIARY: 2273 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 2274 SYMAFLTRCNT(lmp)++; 2275 } 2276 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 2277 break; 2278 case DT_DEPAUDIT: 2279 if (!(rtld_flags & RT_FL_NOAUDIT)) 2280 audit = ld->d_un.d_val; 2281 break; 2282 case DT_CONFIG: 2283 cfile = ld->d_un.d_val; 2284 break; 2285 case DT_DEBUG: 2286 /* 2287 * DT_DEBUG entries are only created in 2288 * dynamic objects that require an interpretor 2289 * (ie. all dynamic executables and some shared 2290 * objects), and provide for a hand-shake with 2291 * debuggers. This entry is initialized to 2292 * zero by the link-editor. If a debugger has 2293 * us and updated this entry set the debugger 2294 * flag, and finish initializing the debugging 2295 * structure (see setup() also). Switch off any 2296 * configuration object use as most debuggers 2297 * can't handle fixed dynamic executables as 2298 * dependencies, and we can't handle requests 2299 * like object padding for alternative objects. 2300 */ 2301 if (ld->d_un.d_ptr) 2302 rtld_flags |= 2303 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 2304 ld->d_un.d_ptr = (Addr)&r_debug; 2305 break; 2306 case DT_VERNEED: 2307 VERNEED(lmp) = (Verneed *)(ld->d_un.d_ptr + 2308 base); 2309 break; 2310 case DT_VERNEEDNUM: 2311 /* LINTED */ 2312 VERNEEDNUM(lmp) = (int)ld->d_un.d_val; 2313 break; 2314 case DT_VERDEF: 2315 VERDEF(lmp) = (Verdef *)(ld->d_un.d_ptr + base); 2316 break; 2317 case DT_VERDEFNUM: 2318 /* LINTED */ 2319 VERDEFNUM(lmp) = (int)ld->d_un.d_val; 2320 break; 2321 case DT_VERSYM: 2322 /* 2323 * The Solaris ld does not produce DT_VERSYM, 2324 * but the GNU ld does, in order to support 2325 * their style of versioning, which differs 2326 * from ours in some ways, while using the 2327 * same data structures. The presence of 2328 * DT_VERSYM therefore means that GNU 2329 * versioning rules apply to the given file. 2330 * If DT_VERSYM is not present, then Solaris 2331 * versioning rules apply. 2332 */ 2333 VERSYM(lmp) = (Versym *)(ld->d_un.d_ptr + base); 2334 break; 2335 case DT_BIND_NOW: 2336 if ((ld->d_un.d_val & DF_BIND_NOW) && 2337 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2338 MODE(lmp) |= RTLD_NOW; 2339 MODE(lmp) &= ~RTLD_LAZY; 2340 } 2341 break; 2342 case DT_FLAGS: 2343 if (ld->d_un.d_val & DF_SYMBOLIC) 2344 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 2345 if (ld->d_un.d_val & DF_TEXTREL) 2346 FLAGS1(lmp) |= FL1_RT_TEXTREL; 2347 if ((ld->d_un.d_val & DF_BIND_NOW) && 2348 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2349 MODE(lmp) |= RTLD_NOW; 2350 MODE(lmp) &= ~RTLD_LAZY; 2351 } 2352 /* 2353 * Capture any static TLS use, and enforce that 2354 * this object be non-deletable. 2355 */ 2356 if (ld->d_un.d_val & DF_STATIC_TLS) { 2357 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2358 MODE(lmp) |= RTLD_NODELETE; 2359 } 2360 break; 2361 case DT_FLAGS_1: 2362 if (ld->d_un.d_val & DF_1_DISPRELPND) 2363 FLAGS1(lmp) |= FL1_RT_DISPREL; 2364 if (ld->d_un.d_val & DF_1_GROUP) 2365 FLAGS(lmp) |= 2366 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 2367 if ((ld->d_un.d_val & DF_1_NOW) && 2368 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2369 MODE(lmp) |= RTLD_NOW; 2370 MODE(lmp) &= ~RTLD_LAZY; 2371 } 2372 if (ld->d_un.d_val & DF_1_NODELETE) 2373 MODE(lmp) |= RTLD_NODELETE; 2374 if (ld->d_un.d_val & DF_1_INITFIRST) 2375 FLAGS(lmp) |= FLG_RT_INITFRST; 2376 if (ld->d_un.d_val & DF_1_NOOPEN) 2377 FLAGS(lmp) |= FLG_RT_NOOPEN; 2378 if (ld->d_un.d_val & DF_1_LOADFLTR) 2379 FLAGS(lmp) |= FLG_RT_LOADFLTR; 2380 if (ld->d_un.d_val & DF_1_NODUMP) 2381 FLAGS(lmp) |= FLG_RT_NODUMP; 2382 if (ld->d_un.d_val & DF_1_CONFALT) 2383 crle = 1; 2384 if (ld->d_un.d_val & DF_1_DIRECT) 2385 FLAGS1(lmp) |= FL1_RT_DIRECT; 2386 if (ld->d_un.d_val & DF_1_NODEFLIB) 2387 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 2388 if (ld->d_un.d_val & DF_1_ENDFILTEE) 2389 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 2390 if (ld->d_un.d_val & DF_1_TRANS) 2391 FLAGS(lmp) |= FLG_RT_TRANS; 2392 #ifndef EXPAND_RELATIVE 2393 if (ld->d_un.d_val & DF_1_ORIGIN) 2394 FLAGS1(lmp) |= FL1_RT_RELATIVE; 2395 #endif 2396 /* 2397 * Global auditing is only meaningful when 2398 * specified by the initiating object of the 2399 * process - typically the dynamic executable. 2400 * If this is the initiaiting object, its link- 2401 * map will not yet have been added to the 2402 * link-map list, and consequently the link-map 2403 * list is empty. (see setup()). 2404 */ 2405 if (ld->d_un.d_val & DF_1_GLOBAUDIT) { 2406 if (lml_main.lm_head == 0) 2407 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 2408 else 2409 DBG_CALL(Dbg_audit_ignore(lmp)); 2410 } 2411 2412 /* 2413 * If this object identifies itself as an 2414 * interposer, but relocation processing has 2415 * already started, then demote it. It's too 2416 * late to guarantee complete interposition. 2417 */ 2418 /* BEGIN CSTYLED */ 2419 if (ld->d_un.d_val & 2420 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2421 if (lml->lm_flags & LML_FLG_STARTREL) { 2422 DBG_CALL(Dbg_util_intoolate(lmp)); 2423 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2424 (void) printf( 2425 MSG_INTL(MSG_LDD_REL_ERR2), 2426 NAME(lmp)); 2427 } else if (ld->d_un.d_val & DF_1_INTERPOSE) 2428 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2429 else 2430 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2431 } 2432 /* END CSTYLED */ 2433 break; 2434 case DT_SYMINFO: 2435 SYMINFO(lmp) = (Syminfo *)(ld->d_un.d_ptr + 2436 base); 2437 break; 2438 case DT_SYMINENT: 2439 SYMINENT(lmp) = ld->d_un.d_val; 2440 break; 2441 case DT_PLTPAD: 2442 PLTPAD(lmp) = (void *)(ld->d_un.d_ptr + base); 2443 break; 2444 case DT_PLTPADSZ: 2445 pltpadsz = ld->d_un.d_val; 2446 break; 2447 case DT_SUNW_RTLDINF: 2448 /* 2449 * Maintain a list of RTLDINFO structures. 2450 * Typically, libc is the only supplier, and 2451 * only one structure is provided. However, 2452 * multiple suppliers and multiple structures 2453 * are supported. For example, one structure 2454 * may provide thread_init, and another 2455 * structure may provide atexit reservations. 2456 */ 2457 if ((rti = alist_append(&lml->lm_rti, 0, 2458 sizeof (Rti_desc), AL_CNT_RTLDINFO)) == 0) { 2459 remove_so(0, lmp); 2460 return (0); 2461 } 2462 rti->rti_lmp = lmp; 2463 rti->rti_info = (void *)(ld->d_un.d_ptr + base); 2464 break; 2465 case DT_SUNW_SORTENT: 2466 SUNWSORTENT(lmp) = ld->d_un.d_val; 2467 break; 2468 case DT_SUNW_SYMSORT: 2469 SUNWSYMSORT(lmp) = 2470 (void *)(ld->d_un.d_ptr + base); 2471 break; 2472 case DT_SUNW_SYMSORTSZ: 2473 SUNWSYMSORTSZ(lmp) = ld->d_un.d_val; 2474 break; 2475 case DT_DEPRECATED_SPARC_REGISTER: 2476 case M_DT_REGISTER: 2477 FLAGS(lmp) |= FLG_RT_REGSYMS; 2478 break; 2479 case M_DT_PLTRESERVE: 2480 PLTRESERVE(lmp) = (void *)(ld->d_un.d_ptr + 2481 base); 2482 break; 2483 } 2484 } 2485 2486 if (PLTPAD(lmp)) { 2487 if (pltpadsz == (Xword)0) 2488 PLTPAD(lmp) = 0; 2489 else 2490 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2491 pltpadsz); 2492 } 2493 2494 /* 2495 * Allocate a Dynamic Info structure. 2496 */ 2497 if ((DYNINFO(lmp) = calloc((size_t)dynndx, 2498 sizeof (Dyninfo))) == 0) { 2499 remove_so(0, lmp); 2500 return (0); 2501 } 2502 DYNINFOCNT(lmp) = dynndx; 2503 } 2504 2505 /* 2506 * A dynsym contains only global functions. We want to have 2507 * a version of it that also includes local functions, so that 2508 * dladdr() will be able to report names for local functions 2509 * when used to generate a stack trace for a stripped file. 2510 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2511 * 2512 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2513 * in order to avoid having to have two copies of the global 2514 * symbols held in DT_SYMTAB: The local symbols are placed in 2515 * a separate section than the globals in the dynsym, but the 2516 * linker conspires to put the data for these two sections adjacent 2517 * to each other. DT_SUNW_SYMTAB points at the top of the local 2518 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2519 * 2520 * If the two sections are not adjacent, then something went wrong 2521 * at link time. We use ASSERT to kill the process if this is 2522 * a debug build. In a production build, we will silently ignore 2523 * the presence of the .ldynsym and proceed. We can detect this 2524 * situation by checking to see that DT_SYMTAB lies in 2525 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2526 */ 2527 if ((SUNWSYMTAB(lmp) != NULL) && 2528 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2529 (((char *)SYMTAB(lmp) >= 2530 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2531 ASSERT(0); 2532 SUNWSYMTAB(lmp) = NULL; 2533 SUNWSYMSZ(lmp) = 0; 2534 } 2535 2536 /* 2537 * If configuration file use hasn't been disabled, and a configuration 2538 * file hasn't already been set via an environment variable, see if any 2539 * application specific configuration file is specified. An LD_CONFIG 2540 * setting is used first, but if this image was generated via crle(1) 2541 * then a default configuration file is a fall-back. 2542 */ 2543 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == 0)) { 2544 if (cfile) 2545 config->c_name = (const char *)(cfile + 2546 (char *)STRTAB(lmp)); 2547 else if (crle) { 2548 rtld_flags |= RT_FL_CONFAPP; 2549 #ifndef EXPAND_RELATIVE 2550 FLAGS1(lmp) |= FL1_RT_RELATIVE; 2551 #endif 2552 } 2553 } 2554 2555 if (rpath) 2556 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2557 if (fltr) { 2558 /* 2559 * If this object is a global filter, duplicate the filtee 2560 * string name(s) so that REFNAME() is available in core files. 2561 * This cludge was useful for debuggers at one point, but only 2562 * when the filtee name was an individual full path. 2563 */ 2564 if ((REFNAME(lmp) = strdup(fltr + (char *)STRTAB(lmp))) == 0) { 2565 remove_so(0, lmp); 2566 return (0); 2567 } 2568 } 2569 2570 if (rtld_flags & RT_FL_RELATIVE) 2571 FLAGS1(lmp) |= FL1_RT_RELATIVE; 2572 2573 /* 2574 * For Intel ABI compatibility. It's possible that a JMPREL can be 2575 * specified without any other relocations (e.g. a dynamic executable 2576 * normally only contains .plt relocations). If this is the case then 2577 * no REL, RELSZ or RELENT will have been created. For us to be able 2578 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2579 * the RELENT for these relocations. Refer to elf_reloc() for more 2580 * details. 2581 */ 2582 if (!RELENT(lmp) && JMPREL(lmp)) 2583 RELENT(lmp) = sizeof (Rel); 2584 2585 /* 2586 * Establish any per-object auditing. If we're establishing `main's 2587 * link-map its too early to go searching for audit objects so just 2588 * hold the object name for later (see setup()). 2589 */ 2590 if (audit) { 2591 char *cp = audit + (char *)STRTAB(lmp); 2592 2593 if (*cp) { 2594 if (((AUDITORS(lmp) = 2595 calloc(1, sizeof (Audit_desc))) == 0) || 2596 ((AUDITORS(lmp)->ad_name = strdup(cp)) == 0)) { 2597 remove_so(0, lmp); 2598 return (0); 2599 } 2600 if (lml_main.lm_head) { 2601 if (audit_setup(lmp, AUDITORS(lmp), 0) == 0) { 2602 remove_so(0, lmp); 2603 return (0); 2604 } 2605 FLAGS1(lmp) |= AUDITORS(lmp)->ad_flags; 2606 lml->lm_flags |= LML_FLG_LOCAUDIT; 2607 } 2608 } 2609 } 2610 2611 if ((CONDVAR(lmp) = rt_cond_create()) == 0) { 2612 remove_so(0, lmp); 2613 return (0); 2614 } 2615 if (oname && ((append_alias(lmp, oname, 0)) == 0)) { 2616 remove_so(0, lmp); 2617 return (0); 2618 } 2619 2620 /* 2621 * Add the mapped object to the end of the link map list. 2622 */ 2623 lm_append(lml, lmco, lmp); 2624 return (lmp); 2625 } 2626 2627 /* 2628 * Assign hardware/software capabilities. 2629 */ 2630 void 2631 cap_assign(Cap *cap, Rt_map *lmp) 2632 { 2633 while (cap->c_tag != CA_SUNW_NULL) { 2634 switch (cap->c_tag) { 2635 case CA_SUNW_HW_1: 2636 HWCAP(lmp) = cap->c_un.c_val; 2637 break; 2638 case CA_SUNW_SF_1: 2639 SFCAP(lmp) = cap->c_un.c_val; 2640 } 2641 cap++; 2642 } 2643 } 2644 2645 /* 2646 * Map in an ELF object. 2647 * Takes an open file descriptor for the object to map and its pathname; returns 2648 * a pointer to a Rt_map structure for this object, or 0 on error. 2649 */ 2650 static Rt_map * 2651 elf_map_so(Lm_list *lml, Aliste lmco, const char *pname, const char *oname, 2652 int fd) 2653 { 2654 int i; /* general temporary */ 2655 Off memsize = 0; /* total memory size of pathname */ 2656 Off mentry; /* entry point */ 2657 Ehdr *ehdr; /* ELF header of ld.so */ 2658 Phdr *phdr; /* first Phdr in file */ 2659 Phdr *phdr0; /* Saved first Phdr in file */ 2660 Phdr *pptr; /* working Phdr */ 2661 Phdr *fph = 0; /* first loadable Phdr */ 2662 Phdr *lph; /* last loadable Phdr */ 2663 Phdr *lfph = 0; /* last loadable (filesz != 0) Phdr */ 2664 Phdr *lmph = 0; /* last loadable (memsz != 0) Phdr */ 2665 Phdr *swph = 0; /* program header for SUNWBSS */ 2666 Phdr *tlph = 0; /* program header for PT_TLS */ 2667 Phdr *unwindph = 0; /* program header for PT_SUNW_UNWIND */ 2668 Cap *cap = 0; /* program header for SUNWCAP */ 2669 Dyn *mld = 0; /* DYNAMIC structure for pathname */ 2670 size_t size; /* size of elf and program headers */ 2671 caddr_t faddr = 0; /* mapping address of pathname */ 2672 Rt_map *lmp; /* link map created */ 2673 caddr_t paddr; /* start of padded image */ 2674 Off plen; /* size of image including padding */ 2675 Half etype; 2676 int fixed; 2677 Mmap *mmaps; 2678 uint_t mmapcnt = 0; 2679 Xword align = 0; 2680 2681 /* LINTED */ 2682 ehdr = (Ehdr *)fmap->fm_maddr; 2683 2684 /* 2685 * If this a relocatable object then special processing is required. 2686 */ 2687 if ((etype = ehdr->e_type) == ET_REL) 2688 return (elf_obj_file(lml, lmco, pname, fd)); 2689 2690 /* 2691 * If this isn't a dynamic executable or shared object we can't process 2692 * it. If this is a dynamic executable then all addresses are fixed. 2693 */ 2694 if (etype == ET_EXEC) { 2695 fixed = 1; 2696 } else if (etype == ET_DYN) { 2697 fixed = 0; 2698 } else { 2699 Conv_inv_buf_t inv_buf; 2700 2701 eprintf(lml, ERR_ELF, MSG_INTL(MSG_GEN_BADTYPE), pname, 2702 conv_ehdr_type(etype, 0, &inv_buf)); 2703 return (0); 2704 } 2705 2706 /* 2707 * If our original mapped page was not large enough to hold all the 2708 * program headers remap them. 2709 */ 2710 size = (size_t)((char *)ehdr->e_phoff + 2711 (ehdr->e_phnum * ehdr->e_phentsize)); 2712 if (size > fmap->fm_fsize) { 2713 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), pname); 2714 return (0); 2715 } 2716 if (size > fmap->fm_msize) { 2717 fmap_setup(); 2718 if ((fmap->fm_maddr = mmap(fmap->fm_maddr, size, PROT_READ, 2719 fmap->fm_mflags, fd, 0)) == MAP_FAILED) { 2720 int err = errno; 2721 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), pname, 2722 strerror(err)); 2723 return (0); 2724 } 2725 fmap->fm_msize = size; 2726 /* LINTED */ 2727 ehdr = (Ehdr *)fmap->fm_maddr; 2728 } 2729 /* LINTED */ 2730 phdr0 = phdr = (Phdr *)((char *)ehdr + ehdr->e_ehsize); 2731 2732 /* 2733 * Get entry point. 2734 */ 2735 mentry = ehdr->e_entry; 2736 2737 /* 2738 * Point at program headers and perform some basic validation. 2739 */ 2740 for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++, 2741 pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) { 2742 if ((pptr->p_type == PT_LOAD) || 2743 (pptr->p_type == PT_SUNWBSS)) { 2744 2745 if (fph == 0) { 2746 fph = pptr; 2747 /* LINTED argument lph is initialized in first pass */ 2748 } else if (pptr->p_vaddr <= lph->p_vaddr) { 2749 eprintf(lml, ERR_ELF, 2750 MSG_INTL(MSG_GEN_INVPRGHDR), pname); 2751 return (0); 2752 } 2753 2754 lph = pptr; 2755 2756 if (pptr->p_memsz) 2757 lmph = pptr; 2758 if (pptr->p_filesz) 2759 lfph = pptr; 2760 if (pptr->p_type == PT_SUNWBSS) 2761 swph = pptr; 2762 if (pptr->p_align > align) 2763 align = pptr->p_align; 2764 2765 } else if (pptr->p_type == PT_DYNAMIC) { 2766 mld = (Dyn *)(pptr->p_vaddr); 2767 } else if ((pptr->p_type == PT_TLS) && pptr->p_memsz) { 2768 tlph = pptr; 2769 } else if (pptr->p_type == PT_SUNWCAP) { 2770 cap = (Cap *)(pptr->p_vaddr); 2771 } else if (pptr->p_type == PT_SUNW_UNWIND) { 2772 unwindph = pptr; 2773 } 2774 } 2775 2776 #if defined(MAP_ALIGN) 2777 /* 2778 * Make sure the maximum page alignment is a power of 2 >= the default 2779 * segment alignment, for use with MAP_ALIGN. 2780 */ 2781 align = S_ROUND(align, M_SEGM_ALIGN); 2782 #endif 2783 2784 /* 2785 * We'd better have at least one loadable segment, together with some 2786 * specified file and memory size. 2787 */ 2788 if ((fph == 0) || (lmph == 0) || (lfph == 0)) { 2789 eprintf(lml, ERR_ELF, MSG_INTL(MSG_GEN_NOLOADSEG), pname); 2790 return (0); 2791 } 2792 2793 /* 2794 * Check that the files size accounts for the loadable sections 2795 * we're going to map in (failure to do this may cause spurious 2796 * bus errors if we're given a truncated file). 2797 */ 2798 if (fmap->fm_fsize < ((size_t)lfph->p_offset + lfph->p_filesz)) { 2799 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), pname); 2800 return (0); 2801 } 2802 2803 /* 2804 * Memsize must be page rounded so that if we add object padding 2805 * at the end it will start at the beginning of a page. 2806 */ 2807 plen = memsize = M_PROUND((lmph->p_vaddr + lmph->p_memsz) - 2808 M_PTRUNC((ulong_t)fph->p_vaddr)); 2809 2810 /* 2811 * Determine if an existing mapping is acceptable. 2812 */ 2813 if (interp && (lml->lm_flags & LML_FLG_BASELM) && 2814 (strcmp(pname, interp->i_name) == 0)) { 2815 /* 2816 * If this is the interpreter then it has already been mapped 2817 * and we have the address so don't map it again. Note that 2818 * the common occurrence of a reference to the interpretor 2819 * (libdl -> ld.so.1) will have been caught during filter 2820 * initialization (see elf_lookup_filtee()). However, some 2821 * ELF implementations are known to record libc.so.1 as the 2822 * interpretor, and thus this test catches this behavior. 2823 */ 2824 paddr = faddr = interp->i_faddr; 2825 2826 } else if ((fixed == 0) && (r_debug.rtd_objpad == 0) && 2827 (memsize <= fmap->fm_msize) && ((fph->p_flags & PF_W) == 0) && 2828 (fph == lph) && (fph->p_filesz == fph->p_memsz) && 2829 (((Xword)fmap->fm_maddr % align) == 0)) { 2830 size_t rsize; 2831 2832 /* 2833 * If the file contains a single segment, and the mapping 2834 * required has already been established from the initial fmap 2835 * mapping, then we don't need to do anything more. Reset the 2836 * fmap address so that any later files start a new fmap. This 2837 * is really an optimization for filters, such as libdl.so, 2838 * libthread, etc. that are constructed to be a single text 2839 * segment. 2840 */ 2841 paddr = faddr = fmap->fm_maddr; 2842 2843 /* 2844 * Free any unused mapping by assigning the fmap buffer to the 2845 * unused region. fmap_setup() will unmap this area and 2846 * establish defaults for future mappings. 2847 */ 2848 rsize = M_PROUND(fph->p_filesz); 2849 fmap->fm_maddr += rsize; 2850 fmap->fm_msize -= rsize; 2851 fmap_setup(); 2852 } 2853 2854 /* 2855 * Allocate a mapping array to retain mapped segment information. 2856 */ 2857 if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0) 2858 return (0); 2859 2860 /* 2861 * If we're reusing an existing mapping determine the objects etext 2862 * address. Otherwise map the file (which will calculate the etext 2863 * address as part of the mapping process). 2864 */ 2865 if (faddr) { 2866 caddr_t base; 2867 2868 if (fixed) 2869 base = 0; 2870 else 2871 base = faddr; 2872 2873 /* LINTED */ 2874 phdr0 = phdr = (Phdr *)((char *)faddr + ehdr->e_ehsize); 2875 2876 for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++, 2877 pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) { 2878 if (pptr->p_type != PT_LOAD) 2879 continue; 2880 2881 mmaps[mmapcnt].m_vaddr = (pptr->p_vaddr + base); 2882 mmaps[mmapcnt].m_msize = pptr->p_memsz; 2883 mmaps[mmapcnt].m_fsize = pptr->p_filesz; 2884 mmaps[mmapcnt].m_perm = (PROT_READ | PROT_EXEC); 2885 mmapcnt++; 2886 2887 if (!(pptr->p_flags & PF_W)) { 2888 fmap->fm_etext = (ulong_t)pptr->p_vaddr + 2889 (ulong_t)pptr->p_memsz + 2890 (ulong_t)(fixed ? 0 : faddr); 2891 } 2892 } 2893 } else { 2894 /* 2895 * Map the file. 2896 */ 2897 if (!(faddr = elf_map_it(lml, pname, memsize, ehdr, fph, lph, 2898 &phdr, &paddr, &plen, fixed, fd, align, mmaps, &mmapcnt))) 2899 return (0); 2900 } 2901 2902 /* 2903 * Calculate absolute base addresses and entry points. 2904 */ 2905 if (!fixed) { 2906 if (mld) 2907 /* LINTED */ 2908 mld = (Dyn *)((Off)mld + faddr); 2909 if (cap) 2910 /* LINTED */ 2911 cap = (Cap *)((Off)cap + faddr); 2912 mentry += (Off)faddr; 2913 } 2914 2915 /* 2916 * Create new link map structure for newly mapped shared object. 2917 */ 2918 if (!(lmp = elf_new_lm(lml, pname, oname, mld, (ulong_t)faddr, 2919 fmap->fm_etext, lmco, memsize, mentry, (ulong_t)paddr, plen, mmaps, 2920 mmapcnt))) { 2921 (void) munmap((caddr_t)faddr, memsize); 2922 return (0); 2923 } 2924 2925 /* 2926 * Start the system loading in the ELF information we'll be processing. 2927 */ 2928 if (REL(lmp)) { 2929 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2930 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2931 MADV_WILLNEED); 2932 } 2933 2934 /* 2935 * If this shared object contains any special segments, record them. 2936 */ 2937 if (swph) { 2938 FLAGS(lmp) |= FLG_RT_SUNWBSS; 2939 SUNWBSS(lmp) = phdr + (swph - phdr0); 2940 } 2941 if (tlph && (tls_assign(lml, lmp, (phdr + (tlph - phdr0))) == 0)) { 2942 remove_so(lml, lmp); 2943 return (0); 2944 } 2945 2946 if (unwindph) 2947 PTUNWIND(lmp) = phdr + (unwindph - phdr0); 2948 2949 if (cap) 2950 cap_assign(cap, lmp); 2951 2952 return (lmp); 2953 } 2954 2955 /* 2956 * Function to correct protection settings. Segments are all mapped initially 2957 * with permissions as given in the segment header. We need to turn on write 2958 * permissions on a text segment if there are any relocations against that 2959 * segment, and them turn write permission back off again before returning 2960 * control to the user. This function turns the permission on or off depending 2961 * on the value of the argument. 2962 */ 2963 int 2964 elf_set_prot(Rt_map *lmp, int permission) 2965 { 2966 Mmap *mmaps; 2967 2968 /* 2969 * If this is an allocated image (ie. a relocatable object) we can't 2970 * mprotect() anything. 2971 */ 2972 if (FLAGS(lmp) & FLG_RT_IMGALLOC) 2973 return (1); 2974 2975 DBG_CALL(Dbg_file_prot(lmp, permission)); 2976 2977 for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) { 2978 if (mmaps->m_perm & PROT_WRITE) 2979 continue; 2980 2981 if (mprotect(mmaps->m_vaddr, mmaps->m_msize, 2982 (mmaps->m_perm | permission)) == -1) { 2983 int err = errno; 2984 eprintf(LIST(lmp), ERR_FATAL, MSG_INTL(MSG_SYS_MPROT), 2985 NAME(lmp), strerror(err)); 2986 return (0); 2987 } 2988 } 2989 return (1); 2990 } 2991 2992 /* 2993 * Build full pathname of shared object from given directory name and filename. 2994 */ 2995 static char * 2996 elf_get_so(const char *dir, const char *file) 2997 { 2998 static char pname[PATH_MAX]; 2999 3000 (void) snprintf(pname, PATH_MAX, MSG_ORIG(MSG_FMT_PATH), dir, file); 3001 return (pname); 3002 } 3003 3004 /* 3005 * The copy relocation is recorded in a copy structure which will be applied 3006 * after all other relocations are carried out. This provides for copying data 3007 * that must be relocated itself (ie. pointers in shared objects). This 3008 * structure also provides a means of binding RTLD_GROUP dependencies to any 3009 * copy relocations that have been taken from any group members. 3010 * 3011 * If the size of the .bss area available for the copy information is not the 3012 * same as the source of the data inform the user if we're under ldd(1) control 3013 * (this checking was only established in 5.3, so by only issuing an error via 3014 * ldd(1) we maintain the standard set by previous releases). 3015 */ 3016 int 3017 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 3018 Rt_map *dlmp, const void *dadd) 3019 { 3020 Rel_copy rc; 3021 Lm_list *lml = LIST(rlmp); 3022 3023 rc.r_name = name; 3024 rc.r_rsym = rsym; /* the new reference symbol and its */ 3025 rc.r_rlmp = rlmp; /* associated link-map */ 3026 rc.r_dlmp = dlmp; /* the defining link-map */ 3027 rc.r_dsym = dsym; /* the original definition */ 3028 rc.r_radd = radd; 3029 rc.r_dadd = dadd; 3030 3031 if (rsym->st_size > dsym->st_size) 3032 rc.r_size = (size_t)dsym->st_size; 3033 else 3034 rc.r_size = (size_t)rsym->st_size; 3035 3036 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 3037 AL_CNT_COPYREL) == 0) { 3038 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 3039 return (0); 3040 else 3041 return (1); 3042 } 3043 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 3044 if (aplist_append(©_S(rlmp), dlmp, 3045 AL_CNT_COPYREL) == NULL) { 3046 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 3047 return (0); 3048 else 3049 return (1); 3050 } 3051 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 3052 } 3053 3054 /* 3055 * If we are tracing (ldd), warn the user if 3056 * 1) the size from the reference symbol differs from the 3057 * copy definition. We can only copy as much data as the 3058 * reference (dynamic executables) entry allows. 3059 * 2) the copy definition has STV_PROTECTED visibility. 3060 */ 3061 if (lml->lm_flags & LML_FLG_TRC_WARN) { 3062 if (rsym->st_size != dsym->st_size) { 3063 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 3064 _conv_reloc_type(M_R_COPY), demangle(name), 3065 NAME(rlmp), EC_XWORD(rsym->st_size), 3066 NAME(dlmp), EC_XWORD(dsym->st_size)); 3067 if (rsym->st_size > dsym->st_size) 3068 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 3069 NAME(dlmp)); 3070 else 3071 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 3072 NAME(rlmp)); 3073 } 3074 3075 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 3076 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 3077 _conv_reloc_type(M_R_COPY), demangle(name), 3078 NAME(dlmp)); 3079 } 3080 } 3081 3082 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 3083 (Xword)rc.r_size)); 3084 return (1); 3085 } 3086 3087 /* 3088 * Determine the symbol location of an address within a link-map. Look for 3089 * the nearest symbol (whose value is less than or equal to the required 3090 * address). This is the object specific part of dladdr(). 3091 */ 3092 static void 3093 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 3094 { 3095 ulong_t ndx, cnt, base, _value; 3096 Sym *sym, *_sym = NULL; 3097 const char *str; 3098 int _flags; 3099 uint_t *dynaddr_ndx; 3100 uint_t dynaddr_n = 0; 3101 ulong_t value; 3102 3103 /* 3104 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 3105 * the dynsym that starts with any local function symbols that exist in 3106 * the library and then moves to the data held in SYMTAB(). In this 3107 * case, SUNWSYMSZ tells us how long the symbol table is. The 3108 * availability of local function symbols will enhance the results 3109 * we can provide. 3110 * 3111 * If SUNWSYMTAB() is non-NULL, then there might also be a 3112 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 3113 * an array of indices into SUNWSYMTAB, sorted by increasing 3114 * address. We can use this to do an O(log N) search instead of a 3115 * brute force search. 3116 * 3117 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 3118 * contains only global symbols. In that case, the length of 3119 * the symbol table comes from the nchain field of the related 3120 * symbol lookup hash table. 3121 */ 3122 str = STRTAB(lmp); 3123 if (SUNWSYMSZ(lmp) == NULL) { 3124 sym = SYMTAB(lmp); 3125 /* 3126 * If we don't have a .hash table there are no symbols 3127 * to look at. 3128 */ 3129 if (HASH(lmp) == 0) 3130 return; 3131 cnt = HASH(lmp)[1]; 3132 } else { 3133 sym = SUNWSYMTAB(lmp); 3134 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 3135 dynaddr_ndx = SUNWSYMSORT(lmp); 3136 if (dynaddr_ndx != NULL) 3137 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 3138 } 3139 3140 if (FLAGS(lmp) & FLG_RT_FIXED) 3141 base = 0; 3142 else 3143 base = ADDR(lmp); 3144 3145 if (dynaddr_n > 0) { /* Binary search */ 3146 long low = 0, low_bnd; 3147 long high = dynaddr_n - 1, high_bnd; 3148 long mid; 3149 Sym *mid_sym; 3150 3151 /* 3152 * Note that SUNWSYMSORT only contains symbols types that 3153 * supply memory addresses, so there's no need to check and 3154 * filter out any other types. 3155 */ 3156 low_bnd = low; 3157 high_bnd = high; 3158 while (low <= high) { 3159 mid = (low + high) / 2; 3160 mid_sym = &sym[dynaddr_ndx[mid]]; 3161 value = mid_sym->st_value + base; 3162 if (addr < value) { 3163 if ((sym[dynaddr_ndx[high]].st_value + base) >= 3164 addr) 3165 high_bnd = high; 3166 high = mid - 1; 3167 } else if (addr > value) { 3168 if ((sym[dynaddr_ndx[low]].st_value + base) <= 3169 addr) 3170 low_bnd = low; 3171 low = mid + 1; 3172 } else { 3173 _sym = mid_sym; 3174 _value = value; 3175 break; 3176 } 3177 } 3178 /* 3179 * If the above didn't find it exactly, then we must 3180 * return the closest symbol with a value that doesn't 3181 * exceed the one we are looking for. If that symbol exists, 3182 * it will lie in the range bounded by low_bnd and 3183 * high_bnd. This is a linear search, but a short one. 3184 */ 3185 if (_sym == NULL) { 3186 for (mid = low_bnd; mid <= high_bnd; mid++) { 3187 mid_sym = &sym[dynaddr_ndx[mid]]; 3188 value = mid_sym->st_value + base; 3189 if (addr >= value) { 3190 _sym = mid_sym; 3191 _value = value; 3192 } else { 3193 break; 3194 } 3195 } 3196 } 3197 } else { /* Linear search */ 3198 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 3199 /* 3200 * Skip expected symbol types that are not functions 3201 * or data: 3202 * - A symbol table starts with an undefined symbol 3203 * in slot 0. If we are using SUNWSYMTAB(), 3204 * there will be a second undefined symbol 3205 * right before the globals. 3206 * - The local part of SUNWSYMTAB() contains a 3207 * series of function symbols. Each section 3208 * starts with an initial STT_FILE symbol. 3209 */ 3210 if ((sym->st_shndx == SHN_UNDEF) || 3211 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 3212 continue; 3213 3214 value = sym->st_value + base; 3215 if (value > addr) 3216 continue; 3217 if (value < _value) 3218 continue; 3219 3220 _sym = sym; 3221 _value = value; 3222 3223 /* 3224 * Note, because we accept local and global symbols 3225 * we could find a section symbol that matches the 3226 * associated address, which means that the symbol 3227 * name will be null. In this case continue the 3228 * search in case we can find a global symbol of 3229 * the same value. 3230 */ 3231 if ((value == addr) && 3232 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 3233 break; 3234 } 3235 } 3236 3237 _flags = flags & RTLD_DL_MASK; 3238 if (_sym) { 3239 if (_flags == RTLD_DL_SYMENT) 3240 *info = (void *)_sym; 3241 else if (_flags == RTLD_DL_LINKMAP) 3242 *info = (void *)lmp; 3243 3244 dlip->dli_sname = str + _sym->st_name; 3245 dlip->dli_saddr = (void *)_value; 3246 } else { 3247 /* 3248 * addr lies between the beginning of the mapped segment and 3249 * the first global symbol. We have no symbol to return 3250 * and the caller requires one. We use _START_, the base 3251 * address of the mapping. 3252 */ 3253 3254 if (_flags == RTLD_DL_SYMENT) { 3255 /* 3256 * An actual symbol struct is needed, so we 3257 * construct one for _START_. To do this in a 3258 * fully accurate way requires a different symbol 3259 * for each mapped segment. This requires the 3260 * use of dynamic memory and a mutex. That's too much 3261 * plumbing for a fringe case of limited importance. 3262 * 3263 * Fortunately, we can simplify: 3264 * - Only the st_size and st_info fields are useful 3265 * outside of the linker internals. The others 3266 * reference things that outside code cannot see, 3267 * and can be set to 0. 3268 * - It's just a label and there is no size 3269 * to report. So, the size should be 0. 3270 * This means that only st_info needs a non-zero 3271 * (constant) value. A static struct will suffice. 3272 * It must be const (readonly) so the caller can't 3273 * change its meaning for subsequent callers. 3274 */ 3275 static const Sym fsym = { 0, 0, 0, 3276 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 3277 *info = (void *) &fsym; 3278 } 3279 3280 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 3281 dlip->dli_saddr = (void *) ADDR(lmp); 3282 } 3283 } 3284 3285 static void 3286 elf_lazy_cleanup(APlist *alp) 3287 { 3288 Rt_map *lmp; 3289 Aliste idx; 3290 3291 /* 3292 * Cleanup any link-maps added to this dynamic list and free it. 3293 */ 3294 for (APLIST_TRAVERSE(alp, idx, lmp)) 3295 FLAGS(lmp) &= ~FLG_RT_TMPLIST; 3296 free(alp); 3297 } 3298 3299 /* 3300 * This routine is called as a last fall-back to search for a symbol from a 3301 * standard relocation. To maintain lazy loadings goal of reducing the number 3302 * of objects mapped, any symbol search is first carried out using the objects 3303 * that already exist in the process (either on a link-map list or handle). 3304 * If a symbol can't be found, and lazy dependencies are still pending, this 3305 * routine loads the dependencies in an attempt to locate the symbol. 3306 * 3307 * Only new objects are inspected as we will have already inspected presently 3308 * loaded objects before calling this routine. However, a new object may not 3309 * be new - although the di_lmp might be zero, the object may have been mapped 3310 * as someone elses dependency. Thus there's a possibility of some symbol 3311 * search duplication. 3312 */ 3313 Sym * 3314 elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo) 3315 { 3316 Sym *sym = 0; 3317 APlist *alist = NULL; 3318 Aliste idx; 3319 Rt_map *lmp1, *lmp = slp->sl_imap; 3320 const char *name = slp->sl_name; 3321 3322 /* 3323 * Generate a local list of new objects to process. This list can grow 3324 * as each object supplies its own lazy dependencies. 3325 */ 3326 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 3327 return (NULL); 3328 FLAGS(lmp) |= FLG_RT_TMPLIST; 3329 3330 for (APLIST_TRAVERSE(alist, idx, lmp1)) { 3331 uint_t cnt = 0; 3332 Slookup sl = *slp; 3333 Dyninfo *dip, *pdip; 3334 3335 /* 3336 * Discard any relocation index from further symbol searches. 3337 * This index will have already been used to trigger any 3338 * necessary lazy-loads, and it might be because one of these 3339 * lazy loads have failed that we're here performing this 3340 * fallback. By removing the relocation index we don't try 3341 * and perform the same failed lazy loading activity again. 3342 */ 3343 sl.sl_rsymndx = 0; 3344 3345 /* 3346 * Loop through the lazy DT_NEEDED entries examining each object 3347 * for the required symbol. If the symbol is not found, the 3348 * object is in turn added to the local alist, so that the 3349 * objects lazy DT_NEEDED entries can be examined. 3350 */ 3351 lmp = lmp1; 3352 for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp); 3353 cnt++, pdip = dip++) { 3354 Rt_map *nlmp; 3355 3356 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 3357 dip->di_info) 3358 continue; 3359 3360 /* 3361 * If this object has already failed to lazy load, and 3362 * we're still processing the same runtime linker 3363 * operation that produced the failure, don't bother 3364 * to try and load the object again. 3365 */ 3366 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 3367 (pdip->di_flags & FLG_DI_POSFLAG1)) { 3368 if (pdip->di_info == (void *)ld_entry_cnt) 3369 continue; 3370 3371 dip->di_flags &= ~FLG_DI_LAZYFAIL; 3372 pdip->di_info = NULL; 3373 } 3374 3375 /* 3376 * Try loading this lazy dependency. If the object 3377 * can't be loaded, consider this non-fatal and continue 3378 * the search. Lazy loaded dependencies need not exist 3379 * and their loading should only turn out to be fatal 3380 * if they are required to satisfy a relocation. 3381 * 3382 * If the file is already loaded and relocated we must 3383 * still inspect it for symbols, even though it might 3384 * have already been searched. This lazy load operation 3385 * might have promoted the permissions of the object, 3386 * and thus made the object applicable for this symbol 3387 * search, whereas before the object might have been 3388 * skipped. 3389 */ 3390 if ((nlmp = elf_lazy_load(lmp, &sl, cnt, name)) == 0) 3391 continue; 3392 3393 /* 3394 * If this object isn't yet a part of the dynamic list 3395 * then inspect it for the symbol. If the symbol isn't 3396 * found add the object to the dynamic list so that we 3397 * can inspect its dependencies. 3398 */ 3399 if (FLAGS(nlmp) & FLG_RT_TMPLIST) 3400 continue; 3401 3402 sl.sl_imap = nlmp; 3403 if (sym = LM_LOOKUP_SYM(sl.sl_cmap)(&sl, _lmp, binfo)) 3404 break; 3405 3406 /* 3407 * Some dlsym() operations are already traversing a 3408 * link-map (dlopen(0)), and thus there's no need to 3409 * build our own dynamic dependency list. 3410 */ 3411 if ((sl.sl_flags & LKUP_NODESCENT) == 0) { 3412 if (aplist_append(&alist, nlmp, 3413 AL_CNT_LAZYFIND) == 0) { 3414 elf_lazy_cleanup(alist); 3415 return (0); 3416 } 3417 FLAGS(nlmp) |= FLG_RT_TMPLIST; 3418 } 3419 } 3420 if (sym) 3421 break; 3422 } 3423 3424 elf_lazy_cleanup(alist); 3425 return (sym); 3426 } 3427 3428 /* 3429 * Warning message for bad r_offset. 3430 */ 3431 void 3432 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 3433 ulong_t rsymndx) 3434 { 3435 const char *name = (char *)0; 3436 Lm_list *lml = LIST(lmp); 3437 int trace; 3438 3439 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 3440 (((rtld_flags & RT_FL_SILENCERR) == 0) || 3441 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 3442 trace = 1; 3443 else 3444 trace = 0; 3445 3446 if ((trace == 0) && (DBG_ENABLED == 0)) 3447 return; 3448 3449 if (rsymndx) { 3450 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 3451 (rsymndx * SYMENT(lmp))); 3452 3453 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 3454 name = (char *)(STRTAB(lmp) + symref->st_name); 3455 } 3456 3457 if (name == 0) 3458 name = MSG_ORIG(MSG_STR_EMPTY); 3459 3460 if (trace) { 3461 const char *rstr; 3462 3463 rstr = _conv_reloc_type((uint_t)rtype); 3464 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 3465 EC_ADDR(roffset)); 3466 return; 3467 } 3468 3469 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 3470 } 3471 3472 /* 3473 * Resolve a static TLS relocation. 3474 */ 3475 long 3476 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 3477 ulong_t roffset, long value) 3478 { 3479 Lm_list *lml = LIST(lmp); 3480 3481 /* 3482 * Relocations against a static TLS block have limited support once 3483 * process initialization has completed. Any error condition should be 3484 * discovered by testing for DF_STATIC_TLS as part of loading an object, 3485 * however individual relocations are tested in case the dynamic flag 3486 * had not been set when this object was built. 3487 */ 3488 if (PTTLS(lmp) == 0) { 3489 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 3490 M_REL_SHT_TYPE, rel, NULL, name)); 3491 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 3492 _conv_reloc_type((uint_t)rtype), NAME(lmp), 3493 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 3494 return (0); 3495 } 3496 3497 /* 3498 * If no static TLS has been set aside for this object, determine if 3499 * any can be obtained. Enforce that any object using static TLS is 3500 * non-deletable. 3501 */ 3502 if (TLSSTATOFF(lmp) == 0) { 3503 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 3504 MODE(lmp) |= RTLD_NODELETE; 3505 3506 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 3507 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 3508 M_REL_SHT_TYPE, rel, NULL, name)); 3509 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 3510 _conv_reloc_type((uint_t)rtype), NAME(lmp), 3511 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 3512 return (0); 3513 } 3514 } 3515 3516 /* 3517 * Typically, a static TLS offset is maintained as a symbols value. 3518 * For local symbols that are not apart of the dynamic symbol table, 3519 * the TLS relocation points to a section symbol, and the static TLS 3520 * offset was deposited in the associated GOT table. Make sure the GOT 3521 * is cleared, so that the value isn't reused in do_reloc(). 3522 */ 3523 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 3524 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 3525 value = *(long *)roffset; 3526 *(long *)roffset = 0; 3527 } else { 3528 value = sym->st_value; 3529 } 3530 } 3531 return (-(TLSSTATOFF(lmp) - value)); 3532 } 3533