1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Object file dependent support for ELF objects. 34 */ 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline.h" 49 #include "msg.h" 50 51 /* 52 * Default and secure dependency search paths. 53 */ 54 static Spath_defn _elf_def_dirs[] = { 55 #if defined(_ELF64) 56 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 57 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 58 #else 59 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 60 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 61 #endif 62 { 0, 0 } 63 }; 64 65 static Spath_defn _elf_sec_dirs[] = { 66 #if defined(_ELF64) 67 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 68 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 69 #else 70 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 71 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 72 #endif 73 { 0, 0 } 74 }; 75 76 Alist *elf_def_dirs = NULL; 77 Alist *elf_sec_dirs = NULL; 78 79 /* 80 * Defines for local functions. 81 */ 82 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 83 static Addr elf_entry_point(void); 84 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 85 static Alist **elf_get_def_dirs(void); 86 static Alist **elf_get_sec_dirs(void); 87 static char *elf_get_so(const char *, const char *, size_t, size_t); 88 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 89 90 /* 91 * Functions and data accessed through indirect pointers. 92 */ 93 Fct elf_fct = { 94 elf_verify, 95 elf_new_lmp, 96 elf_entry_point, 97 elf_needed, 98 lookup_sym, 99 elf_reloc, 100 elf_get_def_dirs, 101 elf_get_sec_dirs, 102 elf_fix_name, 103 elf_get_so, 104 elf_dladdr, 105 dlsym_handle 106 }; 107 108 /* 109 * Default and secure dependency search paths. 110 */ 111 static Alist ** 112 elf_get_def_dirs() 113 { 114 if (elf_def_dirs == NULL) 115 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 116 return (&elf_def_dirs); 117 } 118 119 static Alist ** 120 elf_get_sec_dirs() 121 { 122 if (elf_sec_dirs == NULL) 123 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 124 return (&elf_sec_dirs); 125 } 126 127 /* 128 * Redefine NEEDED name if necessary. 129 */ 130 static int 131 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 132 uint_t orig) 133 { 134 /* 135 * For ABI compliance, if we are asked for ld.so.1, then really give 136 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 137 */ 138 if (((*name == '/') && 139 /* BEGIN CSTYLED */ 140 #if defined(_ELF64) 141 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 142 #else 143 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 144 #endif 145 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 146 /* END CSTYLED */ 147 Pdesc *pdp; 148 149 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 150 MSG_ORIG(MSG_PTH_LIBSYS))); 151 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc), 152 alni)) == NULL) 153 return (0); 154 155 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS); 156 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE; 157 pdp->pd_flags = PD_FLG_PNSLASH; 158 159 return (1); 160 } 161 162 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 163 } 164 165 /* 166 * Determine whether this object requires capabilities. 167 */ 168 inline static int 169 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 170 { 171 Phdr *phdr; 172 Cap *cap = NULL; 173 Dyn *dyn = NULL; 174 char *str = NULL; 175 Addr base; 176 int cnt; 177 178 /* 179 * If this is a shared object, the base address of the shared object is 180 * added to all address values defined within the object. Otherwise, if 181 * this is an executable, all object addresses are used as is. 182 */ 183 if (ehdr->e_type == ET_EXEC) 184 base = 0; 185 else 186 base = (Addr)ehdr; 187 188 /* LINTED */ 189 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 190 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 191 if (phdr->p_type == PT_DYNAMIC) { 192 /* LINTED */ 193 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 194 } else if (phdr->p_type == PT_SUNWCAP) { 195 /* LINTED */ 196 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 197 } 198 } 199 200 if (cap) { 201 /* 202 * From the .dynamic section, determine the associated string 203 * table. Required for CA_SUNW_MACH and CA_SUNW_PLAT 204 * processing. 205 */ 206 while (dyn) { 207 if (dyn->d_tag == DT_NULL) { 208 break; 209 } else if (dyn->d_tag == DT_STRTAB) { 210 str = (char *)(dyn->d_un.d_ptr + base); 211 break; 212 } 213 dyn++; 214 } 215 } 216 217 /* 218 * Establish any alternative capabilities, and validate this object 219 * if it defines it's own capabilities information. 220 */ 221 return (cap_check_fdesc(fdp, cap, str, rej)); 222 } 223 224 /* 225 * Determine if we have been given an ELF file and if so determine if the file 226 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 227 * with associated error information. 228 */ 229 Fct * 230 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 231 Rej_desc *rej) 232 { 233 Ehdr *ehdr; 234 char *caddr = (char *)addr; 235 236 /* 237 * Determine if we're an elf file. If not simply return, we don't set 238 * any rejection information as this test allows use to scroll through 239 * the objects we support (ELF, AOUT). 240 */ 241 if (size < sizeof (Ehdr) || 242 caddr[EI_MAG0] != ELFMAG0 || 243 caddr[EI_MAG1] != ELFMAG1 || 244 caddr[EI_MAG2] != ELFMAG2 || 245 caddr[EI_MAG3] != ELFMAG3) { 246 return (NULL); 247 } 248 249 /* 250 * Check class and encoding. 251 */ 252 /* LINTED */ 253 ehdr = (Ehdr *)addr; 254 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 255 rej->rej_type = SGS_REJ_CLASS; 256 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 257 return (NULL); 258 } 259 if (ehdr->e_ident[EI_DATA] != M_DATA) { 260 rej->rej_type = SGS_REJ_DATA; 261 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 262 return (NULL); 263 } 264 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 265 (ehdr->e_type != ET_DYN)) { 266 rej->rej_type = SGS_REJ_TYPE; 267 rej->rej_info = (uint_t)ehdr->e_type; 268 return (NULL); 269 } 270 271 /* 272 * Verify ELF version. 273 */ 274 if (ehdr->e_version > EV_CURRENT) { 275 rej->rej_type = SGS_REJ_VERSION; 276 rej->rej_info = (uint_t)ehdr->e_version; 277 return (NULL); 278 } 279 280 /* 281 * Verify machine specific flags. 282 */ 283 if (elf_mach_flags_check(rej, ehdr) == 0) 284 return (NULL); 285 286 /* 287 * Verify any capability requirements. Note, if this object is a shared 288 * object that is explicitly defined on the ldd(1) command line, and it 289 * contains an incompatible capabilities requirement, then inform the 290 * user, but continue processing. 291 */ 292 if (elf_cap_check(fdp, ehdr, rej) == 0) { 293 Rt_map *lmp = lml_main.lm_head; 294 295 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 296 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 297 /* LINTED */ 298 (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name, 299 rej->rej_str); 300 return (&elf_fct); 301 } 302 return (NULL); 303 } 304 return (&elf_fct); 305 } 306 307 /* 308 * The runtime linker employs lazy loading to provide the libraries needed for 309 * debugging, preloading .o's and dldump(). As these are seldom used, the 310 * standard startup of ld.so.1 doesn't initialize all the information necessary 311 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 312 * is called we get here to perform these initializations: 313 * 314 * - elf_needed() is called to set up the DYNINFO() indexes for each lazy 315 * dependency. Typically, for all other objects, this is called during 316 * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 317 * 318 * - For intel, ld.so.1's JMPSLOT relocations need relative updates. These 319 * are by default skipped thus delaying all relative relocation processing 320 * on every invocation of ld.so.1. 321 */ 322 int 323 elf_rtld_load() 324 { 325 Lm_list *lml = &lml_rtld; 326 Rt_map *lmp = lml->lm_head; 327 328 if (lml->lm_flags & LML_FLG_PLTREL) 329 return (1); 330 331 /* 332 * As we need to refer to the DYNINFO() information, insure that it has 333 * been initialized. 334 */ 335 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 336 return (0); 337 338 #if defined(__i386) 339 /* 340 * This is a kludge to give ld.so.1 a performance benefit on i386. 341 * It's based around two factors. 342 * 343 * - JMPSLOT relocations (PLT's) actually need a relative relocation 344 * applied to the GOT entry so that they can find PLT0. 345 * 346 * - ld.so.1 does not exercise *any* PLT's before it has made a call 347 * to elf_lazy_load(). This is because all dynamic dependencies 348 * are recorded as lazy dependencies. 349 */ 350 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 351 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 352 (ulong_t)ADDR(lmp), lmp, NULL); 353 #endif 354 355 lml->lm_flags |= LML_FLG_PLTREL; 356 return (1); 357 } 358 359 /* 360 * Lazy load an object. 361 */ 362 Rt_map * 363 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 364 uint_t flags, Grp_hdl **hdl, int *in_nfavl) 365 { 366 Alist *palp = NULL; 367 Rt_map *nlmp; 368 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 369 const char *name; 370 Lm_list *lml = LIST(clmp); 371 Aliste lmco; 372 373 /* 374 * If this dependency has already been processed, we're done. 375 */ 376 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 377 (dip->di_flags & FLG_DI_LDD_DONE)) 378 return (nlmp); 379 380 /* 381 * If we're running under ldd(1), indicate that this dependency has been 382 * processed (see test above). It doesn't matter whether the object is 383 * successfully loaded or not, this flag simply ensures that we don't 384 * repeatedly attempt to load an object that has already failed to load. 385 * To do so would create multiple failure diagnostics for the same 386 * object under ldd(1). 387 */ 388 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 389 dip->di_flags |= FLG_DI_LDD_DONE; 390 391 /* 392 * Determine the initial dependency name. 393 */ 394 name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; 395 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 396 397 /* 398 * If this object needs to establish its own group, make sure a handle 399 * is created. 400 */ 401 if (dip->di_flags & FLG_DI_GROUP) 402 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 403 404 /* 405 * Lazy dependencies are identified as DT_NEEDED entries with a 406 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 407 * dynamic information element that corresponds to the DT_POSFLAG_1 408 * entry is free, and thus used to store the present entrance 409 * identifier. This identifier is used to prevent multiple attempts to 410 * load a failed lazy loadable dependency within the same runtime linker 411 * operation. However, future attempts to reload this dependency are 412 * still possible. 413 */ 414 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 415 pdip->di_info = (void *)slp->sl_id; 416 417 /* 418 * Expand the requested name if necessary. 419 */ 420 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 421 return (NULL); 422 423 /* 424 * Establish a link-map control list for this request. 425 */ 426 if ((lmco = create_cntl(lml, 0)) == NULL) { 427 remove_plist(&palp, 1); 428 return (NULL); 429 } 430 431 /* 432 * Load the associated object. 433 */ 434 dip->di_info = nlmp = 435 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl); 436 437 /* 438 * Remove any expanded pathname infrastructure. Reduce the pending lazy 439 * dependency count of the caller, together with the link-map lists 440 * count of objects that still have lazy dependencies pending. 441 */ 442 remove_plist(&palp, 1); 443 if (--LAZY(clmp) == 0) 444 LIST(clmp)->lm_lazy--; 445 446 /* 447 * Finish processing the objects associated with this request, and 448 * create an association between the caller and this dependency. 449 */ 450 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 451 ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) || 452 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 453 dip->di_info = nlmp = NULL; 454 455 /* 456 * If this lazyload has failed, and we've created a new link-map 457 * control list to which this request has added objects, then remove 458 * all the objects that have been associated to this request. 459 */ 460 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 461 remove_lmc(lml, clmp, lmco, name); 462 463 /* 464 * Remove any temporary link-map control list. 465 */ 466 if (lmco != ALIST_OFF_DATA) 467 remove_cntl(lml, lmco); 468 469 /* 470 * If this lazy loading failed, record the fact, and bump the lazy 471 * counts. 472 */ 473 if (nlmp == NULL) { 474 dip->di_flags |= FLG_DI_LAZYFAIL; 475 if (LAZY(clmp)++ == 0) 476 LIST(clmp)->lm_lazy++; 477 } 478 479 return (nlmp); 480 } 481 482 /* 483 * Return the entry point of the ELF executable. 484 */ 485 static Addr 486 elf_entry_point(void) 487 { 488 Rt_map *lmp = lml_main.lm_head; 489 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 490 Addr addr = (Addr)(ehdr->e_entry); 491 492 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 493 addr += ADDR(lmp); 494 495 return (addr); 496 } 497 498 /* 499 * Determine if a dependency requires a particular version and if so verify 500 * that the version exists in the dependency. 501 */ 502 int 503 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 504 { 505 Verneed *vnd = VERNEED(clmp); 506 int _num, num = VERNEEDNUM(clmp); 507 char *cstrs = (char *)STRTAB(clmp); 508 Lm_list *lml = LIST(clmp); 509 510 /* 511 * Traverse the callers version needed information and determine if any 512 * specific versions are required from the dependency. 513 */ 514 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 515 for (_num = 1; _num <= num; _num++, 516 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 517 Half cnt = vnd->vn_cnt; 518 Vernaux *vnap; 519 char *nstrs, *need; 520 521 /* 522 * Determine if a needed entry matches this dependency. 523 */ 524 need = (char *)(cstrs + vnd->vn_file); 525 if (strcmp(name, need) != 0) 526 continue; 527 528 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 529 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 530 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 531 532 /* 533 * Validate that each version required actually exists in the 534 * dependency. 535 */ 536 nstrs = (char *)STRTAB(nlmp); 537 538 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 539 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 540 char *version, *define; 541 Verdef *vdf = VERDEF(nlmp); 542 ulong_t _num, num = VERDEFNUM(nlmp); 543 int found = 0; 544 545 /* 546 * Skip validation of versions that are marked 547 * INFO. This optimization is used for versions 548 * that are inherited by another version. Verification 549 * of the inheriting version is sufficient. 550 * 551 * Such versions are recorded in the object for the 552 * benefit of VERSYM entries that refer to them. This 553 * provides a purely diagnostic benefit. 554 */ 555 if (vnap->vna_flags & VER_FLG_INFO) 556 continue; 557 558 version = (char *)(cstrs + vnap->vna_name); 559 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 560 561 for (_num = 1; _num <= num; _num++, 562 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 563 Verdaux *vdap; 564 565 if (vnap->vna_hash != vdf->vd_hash) 566 continue; 567 568 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 569 define = (char *)(nstrs + vdap->vda_name); 570 if (strcmp(version, define) != 0) 571 continue; 572 573 found++; 574 break; 575 } 576 577 /* 578 * If we're being traced print out any matched version 579 * when the verbose (-v) option is in effect. Always 580 * print any unmatched versions. 581 */ 582 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 583 /* BEGIN CSTYLED */ 584 if (found) { 585 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 586 continue; 587 588 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 589 need, version, NAME(nlmp)); 590 } else { 591 if (rtld_flags & RT_FL_SILENCERR) 592 continue; 593 594 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 595 need, version); 596 } 597 /* END CSTYLED */ 598 continue; 599 } 600 601 /* 602 * If the version hasn't been found then this is a 603 * candidate for a fatal error condition. Weak 604 * version definition requirements are silently 605 * ignored. Also, if the image inspected for a version 606 * definition has no versioning recorded at all then 607 * silently ignore this (this provides better backward 608 * compatibility to old images created prior to 609 * versioning being available). Both of these skipped 610 * diagnostics are available under tracing (see above). 611 */ 612 if ((found == 0) && (num != 0) && 613 (!(vnap->vna_flags & VER_FLG_WEAK))) { 614 eprintf(lml, ERR_FATAL, 615 MSG_INTL(MSG_VER_NFOUND), need, version, 616 NAME(clmp)); 617 return (0); 618 } 619 } 620 } 621 DBG_CALL(Dbg_ver_need_done(lml)); 622 return (1); 623 } 624 625 /* 626 * Search through the dynamic section for DT_NEEDED entries and perform one 627 * of two functions. If only the first argument is specified then load the 628 * defined shared object, otherwise add the link map representing the defined 629 * link map the the dlopen list. 630 */ 631 static int 632 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 633 { 634 Alist *palp = NULL; 635 Dyn *dyn, *pdyn; 636 ulong_t ndx = 0; 637 uint_t lazy, flags; 638 Word lmflags = lml->lm_flags; 639 Word lmtflags = lml->lm_tflags; 640 641 /* 642 * Process each shared object on needed list. 643 */ 644 if (DYN(clmp) == NULL) 645 return (1); 646 647 for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL; 648 pdyn = dyn++, ndx++) { 649 Dyninfo *dip = &DYNINFO(clmp)[ndx]; 650 Rt_map *nlmp = NULL; 651 char *name; 652 int silent = 0; 653 654 switch (dyn->d_tag) { 655 case DT_POSFLAG_1: 656 dip->di_flags |= FLG_DI_POSFLAG1; 657 continue; 658 case DT_NEEDED: 659 case DT_USED: 660 lazy = flags = 0; 661 dip->di_flags |= FLG_DI_NEEDED; 662 663 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 664 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 665 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) { 666 dip->di_flags |= FLG_DI_LAZY; 667 lazy = 1; 668 } 669 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) { 670 dip->di_flags |= FLG_DI_GROUP; 671 flags = 672 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 673 } 674 } 675 676 name = (char *)STRTAB(clmp) + dyn->d_un.d_val; 677 678 /* 679 * NOTE, libc.so.1 can't be lazy loaded. Although a 680 * lazy position flag won't be produced when a RTLDINFO 681 * .dynamic entry is found (introduced with the UPM in 682 * Solaris 10), it was possible to mark libc for lazy 683 * loading on previous releases. To reduce the overhead 684 * of testing for this occurrence, only carry out this 685 * check for the first object on the link-map list 686 * (there aren't many applications built without libc). 687 */ 688 if (lazy && (lml->lm_head == clmp) && 689 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 690 lazy = 0; 691 692 /* 693 * Don't bring in lazy loaded objects yet unless we've 694 * been asked to attempt to load all available objects 695 * (crle(1) sets LD_FLAGS=loadavail). Even under 696 * RTLD_NOW we don't process this - RTLD_NOW will cause 697 * relocation processing which in turn might trigger 698 * lazy loading, but its possible that the object has a 699 * lazy loaded file with no bindings (i.e., it should 700 * never have been a dependency in the first place). 701 */ 702 if (lazy) { 703 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 704 LAZY(clmp)++; 705 lazy = flags = 0; 706 continue; 707 } 708 709 /* 710 * Silence any error messages - see description 711 * under elf_lookup_filtee(). 712 */ 713 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 714 rtld_flags |= RT_FL_SILENCERR; 715 silent = 1; 716 } 717 } 718 break; 719 case DT_AUXILIARY: 720 dip->di_flags |= FLG_DI_AUXFLTR; 721 continue; 722 case DT_SUNW_AUXILIARY: 723 dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 724 continue; 725 case DT_FILTER: 726 dip->di_flags |= FLG_DI_STDFLTR; 727 continue; 728 case DT_SUNW_FILTER: 729 dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 730 continue; 731 default: 732 continue; 733 } 734 735 DBG_CALL(Dbg_file_needed(clmp, name)); 736 737 /* 738 * If we're running under ldd(1), indicate that this dependency 739 * has been processed. It doesn't matter whether the object is 740 * successfully loaded or not, this flag simply ensures that we 741 * don't repeatedly attempt to load an object that has already 742 * failed to load. To do so would create multiple failure 743 * diagnostics for the same object under ldd(1). 744 */ 745 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 746 dip->di_flags |= FLG_DI_LDD_DONE; 747 748 /* 749 * Establish the objects name, load it and establish a binding 750 * with the caller. 751 */ 752 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 753 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 754 flags, 0, in_nfavl)) == NULL) || 755 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 756 nlmp = NULL; 757 758 /* 759 * Clean up any infrastructure, including the removal of the 760 * error suppression state, if it had been previously set in 761 * this routine. 762 */ 763 remove_plist(&palp, 0); 764 765 if (silent) 766 rtld_flags &= ~RT_FL_SILENCERR; 767 768 if ((dip->di_info = (void *)nlmp) == NULL) { 769 /* 770 * If the object could not be mapped, continue if error 771 * suppression is established or we're here with ldd(1). 772 */ 773 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 774 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 775 continue; 776 else { 777 remove_plist(&palp, 1); 778 return (0); 779 } 780 } 781 } 782 783 if (LAZY(clmp)) 784 lml->lm_lazy++; 785 786 remove_plist(&palp, 1); 787 return (1); 788 } 789 790 /* 791 * A null symbol interpretor. Used if a filter has no associated filtees. 792 */ 793 /* ARGSUSED0 */ 794 static int 795 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 796 { 797 return (0); 798 } 799 800 /* 801 * Disable filtee use. 802 */ 803 static void 804 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 805 { 806 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 807 /* 808 * If this is an object filter, null out the reference name. 809 */ 810 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 811 REFNAME(lmp) = NULL; 812 OBJFLTRNDX(lmp) = FLTR_DISABLED; 813 814 /* 815 * Indicate that this filtee is no longer available. 816 */ 817 if (dip->di_flags & FLG_DI_STDFLTR) 818 SYMINTP(lmp) = elf_null_find_sym; 819 820 } 821 } else if (dip->di_flags & FLG_DI_STDFLTR) { 822 /* 823 * Indicate that this standard filtee is no longer available. 824 */ 825 if (SYMSFLTRCNT(lmp)) 826 SYMSFLTRCNT(lmp)--; 827 } else { 828 /* 829 * Indicate that this auxiliary filtee is no longer available. 830 */ 831 if (SYMAFLTRCNT(lmp)) 832 SYMAFLTRCNT(lmp)--; 833 } 834 dip->di_flags &= ~MSK_DI_FILTER; 835 } 836 837 /* 838 * Find symbol interpreter - filters. 839 * This function is called when the symbols from a shared object should 840 * be resolved from the shared objects filtees instead of from within itself. 841 * 842 * A symbol name of 0 is used to trigger filtee loading. 843 */ 844 static int 845 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 846 int *in_nfavl) 847 { 848 const char *name = slp->sl_name, *filtees; 849 Rt_map *clmp = slp->sl_cmap; 850 Rt_map *ilmp = slp->sl_imap; 851 Pdesc *pdp; 852 int any; 853 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 854 Lm_list *lml = LIST(ilmp); 855 Aliste idx; 856 857 /* 858 * Indicate that the filter has been used. If a binding already exists 859 * to the caller, indicate that this object is referenced. This insures 860 * we don't generate false unreferenced diagnostics from ldd -u/U or 861 * debugging. Don't create a binding regardless, as this filter may 862 * have been dlopen()'ed. 863 */ 864 if (name && (ilmp != clmp)) { 865 Word tracing = (LIST(clmp)->lm_flags & 866 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 867 868 if (tracing || DBG_ENABLED) { 869 Bnd_desc *bdp; 870 Aliste idx; 871 872 FLAGS1(ilmp) |= FL1_RT_USED; 873 874 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 875 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 876 if (bdp->b_caller == clmp) { 877 bdp->b_flags |= BND_REFER; 878 break; 879 } 880 } 881 } 882 } 883 } 884 885 /* 886 * If this is the first call to process this filter, establish the 887 * filtee list. If a configuration file exists, determine if any 888 * filtee associations for this filter, and its filtee reference, are 889 * defined. Otherwise, process the filtee reference. Any token 890 * expansion is also completed at this point (i.e., $PLATFORM). 891 */ 892 filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; 893 if (dip->di_info == NULL) { 894 if (rtld_flags2 & RT_FL2_FLTCFG) { 895 elf_config_flt(lml, PATHNAME(ilmp), filtees, 896 (Alist **)&dip->di_info, AL_CNT_FILTEES); 897 } 898 if (dip->di_info == NULL) { 899 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 900 if ((lml->lm_flags & 901 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 902 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 903 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 904 NAME(ilmp), filtees); 905 906 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 907 AL_CNT_FILTEES, 0, 0) == 0) { 908 elf_disable_filtee(ilmp, dip); 909 return (0); 910 } 911 } 912 } 913 914 /* 915 * Traverse the filtee list, dlopen()'ing any objects specified and 916 * using their group handle to lookup the symbol. 917 */ 918 any = 0; 919 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 920 int mode; 921 Grp_hdl *ghp; 922 Rt_map *nlmp = NULL; 923 924 if (pdp->pd_plen == 0) 925 continue; 926 927 /* 928 * Establish the mode of the filtee from the filter. As filtees 929 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 930 * and the filtees aren't global. It would be nice to have 931 * RTLD_FIRST used here also, but as filters got out long before 932 * RTLD_FIRST was introduced it's a little too late now. 933 */ 934 mode = MODE(ilmp) | RTLD_GROUP; 935 mode &= ~RTLD_GLOBAL; 936 937 /* 938 * Insure that any auxiliary filter can locate symbols from its 939 * caller. 940 */ 941 if (dip->di_flags & FLG_DI_AUXFLTR) 942 mode |= RTLD_PARENT; 943 944 /* 945 * Process any capability directory. Establish a new link-map 946 * control list from which to analyze any newly added objects. 947 */ 948 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) { 949 const char *dir = pdp->pd_pname; 950 Aliste lmco; 951 952 /* 953 * Establish a link-map control list for this request. 954 */ 955 if ((lmco = create_cntl(lml, 0)) == NULL) 956 return (NULL); 957 958 /* 959 * Determine the capability filtees. If none can be 960 * found, provide suitable diagnostics. 961 */ 962 DBG_CALL(Dbg_cap_filter(lml, dir, ilmp)); 963 if (cap_filtees((Alist **)&dip->di_info, idx, dir, 964 lmco, ilmp, filtees, mode, 965 (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) { 966 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 967 (dip->di_flags & FLG_DI_AUXFLTR) && 968 (rtld_flags & RT_FL_WARNFLTR)) { 969 (void) printf( 970 MSG_INTL(MSG_LDD_CAP_NFOUND), dir); 971 } 972 DBG_CALL(Dbg_cap_filter(lml, dir, 0)); 973 } 974 975 /* 976 * Re-establish the originating path name descriptor, 977 * as the expansion of capabilities filtees may have 978 * re-allocated the controlling Alist. Mark this 979 * original pathname descriptor as unused so that the 980 * descriptor isn't revisited for processing. Any real 981 * capabilities filtees have been added as new pathname 982 * descriptors following this descriptor. 983 */ 984 pdp = alist_item((Alist *)dip->di_info, idx); 985 pdp->pd_flags &= ~PD_TKN_CAP; 986 pdp->pd_plen = 0; 987 988 /* 989 * Now that any capability objects have been processed, 990 * remove any temporary link-map control list. 991 */ 992 if (lmco != ALIST_OFF_DATA) 993 remove_cntl(lml, lmco); 994 } 995 996 if (pdp->pd_plen == 0) 997 continue; 998 999 /* 1000 * Process an individual filtee. 1001 */ 1002 if (pdp->pd_info == NULL) { 1003 const char *filtee = pdp->pd_pname; 1004 int audit = 0; 1005 1006 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 1007 1008 ghp = NULL; 1009 1010 /* 1011 * Determine if the reference link map is already 1012 * loaded. As an optimization compare the filtee with 1013 * our interpretor. The most common filter is 1014 * libdl.so.1, which is a filter on ld.so.1. 1015 */ 1016 #if defined(_ELF64) 1017 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 1018 #else 1019 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 1020 #endif 1021 uint_t hflags, rdflags, cdflags; 1022 1023 /* 1024 * Establish any flags for the handle (Grp_hdl). 1025 * 1026 * - This is a special, public, ld.so.1 1027 * handle. 1028 * - Only the first object on this handle 1029 * can supply symbols. 1030 * - This handle provides a filtee. 1031 * 1032 * Essentially, this handle allows a caller to 1033 * reference the dl*() family of interfaces from 1034 * ld.so.1. 1035 */ 1036 hflags = (GPH_PUBLIC | GPH_LDSO | 1037 GPH_FIRST | GPH_FILTEE); 1038 1039 /* 1040 * Establish the flags for the referenced 1041 * dependency descriptor (Grp_desc). 1042 * 1043 * - ld.so.1 is available for dlsym(). 1044 * - ld.so.1 is available to relocate 1045 * against. 1046 * - There's no need to add an dependencies 1047 * to this handle. 1048 */ 1049 rdflags = (GPD_DLSYM | GPD_RELOC); 1050 1051 /* 1052 * Establish the flags for this callers 1053 * dependency descriptor (Grp_desc). 1054 * 1055 * - The explicit creation of a handle 1056 * creates a descriptor for the referenced 1057 * object and the parent (caller). 1058 */ 1059 cdflags = GPD_PARENT; 1060 1061 nlmp = lml_rtld.lm_head; 1062 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1063 hflags, rdflags, cdflags)) == NULL) 1064 nlmp = NULL; 1065 1066 /* 1067 * Establish the filter handle to prevent any 1068 * recursion. 1069 */ 1070 if (nlmp && ghp) 1071 pdp->pd_info = (void *)ghp; 1072 1073 /* 1074 * Audit the filter/filtee established. Ignore 1075 * any return from the auditor, as we can't 1076 * allow ignore filtering to ld.so.1, otherwise 1077 * nothing is going to work. 1078 */ 1079 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1080 LML_TFLG_AUD_OBJFILTER)) 1081 (void) audit_objfilter(ilmp, filtees, 1082 nlmp, 0); 1083 1084 } else { 1085 Rej_desc rej = { 0 }; 1086 Fdesc fd = { 0 }; 1087 Aliste lmco; 1088 1089 /* 1090 * Trace the inspection of this file, determine 1091 * any auditor substitution, and seed the file 1092 * descriptor with the originating name. 1093 */ 1094 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1095 continue; 1096 1097 /* 1098 * Establish a link-map control list for this 1099 * request. 1100 */ 1101 if ((lmco = create_cntl(lml, 0)) == NULL) 1102 return (NULL); 1103 1104 /* 1105 * Locate and load the filtee. 1106 */ 1107 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1108 FLG_RT_PUBHDL, &ghp, &fd, &rej, 1109 in_nfavl)) == NULL) 1110 file_notfound(LIST(ilmp), filtee, ilmp, 1111 FLG_RT_PUBHDL, &rej); 1112 1113 filtee = pdp->pd_pname; 1114 1115 /* 1116 * Establish the filter handle to prevent any 1117 * recursion. 1118 */ 1119 if (nlmp && ghp) { 1120 ghp->gh_flags |= GPH_FILTEE; 1121 pdp->pd_info = (void *)ghp; 1122 1123 FLAGS1(nlmp) |= FL1_RT_USED; 1124 } 1125 1126 /* 1127 * Audit the filter/filtee established. A 1128 * return of 0 indicates the auditor wishes to 1129 * ignore this filtee. 1130 */ 1131 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1132 LML_TFLG_AUD_OBJFILTER)) { 1133 if (audit_objfilter(ilmp, filtees, 1134 nlmp, 0) == 0) { 1135 audit = 1; 1136 nlmp = NULL; 1137 } 1138 } 1139 1140 /* 1141 * Finish processing the objects associated with 1142 * this request. Create an association between 1143 * this object and the originating filter to 1144 * provide sufficient information to tear down 1145 * this filtee if necessary. 1146 */ 1147 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1148 lmco, nlmp, in_nfavl)) == NULL) || 1149 (relocate_lmc(lml, lmco, ilmp, nlmp, 1150 in_nfavl) == 0))) 1151 nlmp = NULL; 1152 1153 /* 1154 * If the filtee has been successfully 1155 * processed, then create an association 1156 * between the filter and filtee. This 1157 * association provides sufficient information 1158 * to tear down the filter and filtee if 1159 * necessary. 1160 */ 1161 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1162 if (nlmp && ghp && (hdl_add(ghp, ilmp, 1163 GPD_FILTER, NULL) == NULL)) 1164 nlmp = NULL; 1165 1166 /* 1167 * Generate a diagnostic if the filtee couldn't 1168 * be loaded. 1169 */ 1170 if (nlmp == NULL) 1171 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1172 audit)); 1173 1174 /* 1175 * If this filtee loading has failed, and we've 1176 * created a new link-map control list to which 1177 * this request has added objects, then remove 1178 * all the objects that have been associated to 1179 * this request. 1180 */ 1181 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1182 remove_lmc(lml, clmp, lmco, name); 1183 1184 /* 1185 * Remove any temporary link-map control list. 1186 */ 1187 if (lmco != ALIST_OFF_DATA) 1188 remove_cntl(lml, lmco); 1189 } 1190 1191 /* 1192 * If the filtee couldn't be loaded, null out the 1193 * path name descriptor entry, and continue the search. 1194 * Otherwise, the group handle is retained for future 1195 * symbol searches. 1196 */ 1197 if (nlmp == NULL) { 1198 pdp->pd_info = NULL; 1199 pdp->pd_plen = 0; 1200 continue; 1201 } 1202 } 1203 1204 ghp = (Grp_hdl *)pdp->pd_info; 1205 1206 /* 1207 * If name is NULL, we're here to trigger filtee loading. 1208 * Skip the symbol lookup so that we'll continue looking for 1209 * additional filtees. 1210 */ 1211 if (name) { 1212 Grp_desc *gdp; 1213 int ret = 0; 1214 Aliste idx; 1215 Slookup sl = *slp; 1216 1217 sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM); 1218 any++; 1219 1220 /* 1221 * Look for the symbol in the handles dependencies. 1222 */ 1223 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1224 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1225 continue; 1226 1227 /* 1228 * If our parent is a dependency don't look at 1229 * it (otherwise we are in a recursive loop). 1230 * This situation can occur with auxiliary 1231 * filters if the filtee has a dependency on the 1232 * filter. This dependency isn't necessary as 1233 * auxiliary filters are opened RTLD_PARENT, but 1234 * users may still unknowingly add an explicit 1235 * dependency to the parent. 1236 */ 1237 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1238 continue; 1239 1240 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo, 1241 in_nfavl)) != 0) || 1242 (ghp->gh_flags & GPH_FIRST)) 1243 break; 1244 } 1245 1246 /* 1247 * If a symbol has been found, indicate the binding 1248 * and return the symbol. 1249 */ 1250 if (ret) { 1251 *binfo |= DBG_BINFO_FILTEE; 1252 return (1); 1253 } 1254 } 1255 1256 /* 1257 * If this object is tagged to terminate filtee processing we're 1258 * done. 1259 */ 1260 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1261 break; 1262 } 1263 1264 /* 1265 * If we're just here to trigger filtee loading then we're done. 1266 */ 1267 if (name == NULL) 1268 return (0); 1269 1270 /* 1271 * If no filtees have been found for a filter, clean up any path name 1272 * descriptors and disable their search completely. For auxiliary 1273 * filters we can reselect the symbol search function so that we never 1274 * enter this routine again for this object. For standard filters we 1275 * use the null symbol routine. 1276 */ 1277 if (any == 0) { 1278 remove_plist((Alist **)&(dip->di_info), 1); 1279 elf_disable_filtee(ilmp, dip); 1280 } 1281 1282 return (0); 1283 } 1284 1285 /* 1286 * Focal point for disabling error messages for auxiliary filters. As an 1287 * auxiliary filter allows for filtee use, but provides a fallback should a 1288 * filtee not exist (or fail to load), any errors generated as a consequence of 1289 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1290 * suppresses errors generated by eprintf(), but ensures a debug diagnostic is 1291 * produced. ldd(1) employs printf(), and here the selection of whether to 1292 * print a diagnostic in regards to auxiliary filters is a little more complex. 1293 * 1294 * - The determination of whether to produce an ldd message, or a fatal 1295 * error message is driven by LML_FLG_TRC_ENABLE. 1296 * - More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1297 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1298 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1299 * - If the calling object is lddstub, then several classes of message are 1300 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1301 * a stub executable employed to preload a user specified library against. 1302 * - If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1303 * be suppressed. All detailed ldd messages should still be produced. 1304 */ 1305 int 1306 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx, 1307 int *in_nfavl) 1308 { 1309 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1310 int ret, silent = 0; 1311 1312 /* 1313 * Make sure this entry is still acting as a filter. We may have tried 1314 * to process this previously, and disabled it if the filtee couldn't 1315 * be processed. However, other entries may provide different filtees 1316 * that are yet to be completed. 1317 */ 1318 if (dip->di_flags == 0) 1319 return (0); 1320 1321 /* 1322 * Indicate whether an error message is required should this filtee not 1323 * be found, based on the type of filter. 1324 */ 1325 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1326 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1327 rtld_flags |= RT_FL_SILENCERR; 1328 silent = 1; 1329 } 1330 1331 ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl); 1332 1333 if (silent) 1334 rtld_flags &= ~RT_FL_SILENCERR; 1335 1336 return (ret); 1337 } 1338 1339 /* 1340 * Compute the elf hash value (as defined in the ELF access library). 1341 * The form of the hash table is: 1342 * 1343 * |--------------| 1344 * | # of buckets | 1345 * |--------------| 1346 * | # of chains | 1347 * |--------------| 1348 * | bucket[] | 1349 * |--------------| 1350 * | chain[] | 1351 * |--------------| 1352 */ 1353 ulong_t 1354 elf_hash(const char *name) 1355 { 1356 uint_t hval = 0; 1357 1358 while (*name) { 1359 uint_t g; 1360 hval = (hval << 4) + *name++; 1361 if ((g = (hval & 0xf0000000)) != 0) 1362 hval ^= g >> 24; 1363 hval &= ~g; 1364 } 1365 return ((ulong_t)hval); 1366 } 1367 1368 /* 1369 * Look up a symbol. The callers lookup information is passed in the Slookup 1370 * structure, and any resultant binding information is returned in the Sresult 1371 * structure. 1372 */ 1373 int 1374 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 1375 { 1376 const char *name = slp->sl_name; 1377 Rt_map *ilmp = slp->sl_imap; 1378 ulong_t hash = slp->sl_hash; 1379 uint_t ndx, hashoff, buckets, *chainptr; 1380 Sym *sym, *symtabptr; 1381 char *strtabptr, *strtabname; 1382 uint_t flags1; 1383 Syminfo *sip; 1384 1385 /* 1386 * If we're only here to establish a symbols index, skip the diagnostic 1387 * used to trace a symbol search. 1388 */ 1389 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1390 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1391 1392 if (HASH(ilmp) == NULL) 1393 return (0); 1394 1395 buckets = HASH(ilmp)[0]; 1396 /* LINTED */ 1397 hashoff = ((uint_t)hash % buckets) + 2; 1398 1399 /* 1400 * Get the first symbol from the hash chain and initialize the string 1401 * and symbol table pointers. 1402 */ 1403 if ((ndx = HASH(ilmp)[hashoff]) == 0) 1404 return (0); 1405 1406 chainptr = HASH(ilmp) + 2 + buckets; 1407 strtabptr = STRTAB(ilmp); 1408 symtabptr = SYMTAB(ilmp); 1409 1410 while (ndx) { 1411 sym = symtabptr + ndx; 1412 strtabname = strtabptr + sym->st_name; 1413 1414 /* 1415 * Compare the symbol found with the name required. If the 1416 * names don't match continue with the next hash entry. 1417 */ 1418 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1419 hashoff = ndx + buckets + 2; 1420 if ((ndx = chainptr[ndx]) != 0) 1421 continue; 1422 return (0); 1423 } 1424 1425 /* 1426 * Symbols that are defined as hidden within an object usually 1427 * have any references from within the same object bound at 1428 * link-edit time, thus ld.so.1 is not involved. However, if 1429 * these are capabilities symbols, then references to them must 1430 * be resolved at runtime. A hidden symbol can only be bound 1431 * to by the object that defines the symbol. 1432 */ 1433 if ((sym->st_shndx != SHN_UNDEF) && 1434 (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) && 1435 (slp->sl_cmap != ilmp)) 1436 return (0); 1437 1438 /* 1439 * The Solaris ld does not put DT_VERSYM in the dynamic 1440 * section, but the GNU ld does. The GNU runtime linker 1441 * interprets the top bit of the 16-bit Versym value 1442 * (0x8000) as the "hidden" bit. If this bit is set, 1443 * the linker is supposed to act as if that symbol does 1444 * not exist. The hidden bit supports their versioning 1445 * scheme, which allows multiple incompatible functions 1446 * with the same name to exist at different versions 1447 * within an object. The Solaris linker does not support this 1448 * mechanism, or the model of interface evolution that 1449 * it allows, but we honor the hidden bit in GNU ld 1450 * produced objects in order to interoperate with them. 1451 */ 1452 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) { 1453 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1454 ndx, VERSYM(ilmp)[ndx])); 1455 return (0); 1456 } 1457 1458 /* 1459 * If we're only here to establish a symbol's index, we're done. 1460 */ 1461 if (slp->sl_flags & LKUP_SYMNDX) { 1462 srp->sr_dmap = ilmp; 1463 srp->sr_sym = sym; 1464 return (1); 1465 } 1466 1467 /* 1468 * If we find a match and the symbol is defined, capture the 1469 * symbol pointer and the link map in which it was found. 1470 */ 1471 if (sym->st_shndx != SHN_UNDEF) { 1472 srp->sr_dmap = ilmp; 1473 srp->sr_sym = sym; 1474 *binfo |= DBG_BINFO_FOUND; 1475 1476 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1477 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1478 is_sym_interposer(ilmp, sym))) 1479 *binfo |= DBG_BINFO_INTERPOSE; 1480 break; 1481 1482 /* 1483 * If we find a match and the symbol is undefined, the 1484 * symbol type is a function, and the value of the symbol 1485 * is non zero, then this is a special case. This allows 1486 * the resolution of a function address to the plt[] entry. 1487 * See SPARC ABI, Dynamic Linking, Function Addresses for 1488 * more details. 1489 */ 1490 } else if ((slp->sl_flags & LKUP_SPEC) && 1491 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1492 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1493 srp->sr_dmap = ilmp; 1494 srp->sr_sym = sym; 1495 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1496 1497 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1498 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1499 is_sym_interposer(ilmp, sym))) 1500 *binfo |= DBG_BINFO_INTERPOSE; 1501 return (1); 1502 } 1503 1504 /* 1505 * Undefined symbol. 1506 */ 1507 return (0); 1508 } 1509 1510 /* 1511 * We've found a match. Determine if the defining object contains 1512 * symbol binding information. 1513 */ 1514 if ((sip = SYMINFO(ilmp)) != NULL) 1515 sip += ndx; 1516 1517 /* 1518 * If this definition is a singleton, and we haven't followed a default 1519 * symbol search knowing that we're looking for a singleton (presumably 1520 * because the symbol definition has been changed since the referring 1521 * object was built), then reject this binding so that the caller can 1522 * fall back to a standard symbol search. 1523 */ 1524 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1525 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1526 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1527 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1528 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1529 DBG_BNDREJ_SINGLE)); 1530 *binfo |= BINFO_REJSINGLE; 1531 *binfo &= ~DBG_BINFO_MSK; 1532 return (0); 1533 } 1534 1535 /* 1536 * If this is a direct binding request, but the symbol definition has 1537 * disabled directly binding to it (presumably because the symbol 1538 * definition has been changed since the referring object was built), 1539 * reject this binding so that the caller can fall back to a standard 1540 * symbol search. 1541 */ 1542 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1543 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1544 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1545 DBG_BNDREJ_DIRECT)); 1546 *binfo |= BINFO_REJDIRECT; 1547 *binfo &= ~DBG_BINFO_MSK; 1548 return (0); 1549 } 1550 1551 /* 1552 * If this is a binding request within an RTLD_GROUP family, and the 1553 * symbol has disabled directly binding to it, reject this binding so 1554 * that the caller can fall back to a standard symbol search. 1555 * 1556 * Effectively, an RTLD_GROUP family achieves what can now be 1557 * established with direct bindings. However, various symbols have 1558 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1559 * 1560 * A symbol marked as no-direct cannot be used within a group without 1561 * first ensuring that the symbol has not been interposed upon outside 1562 * of the group. A common example occurs when users implement their own 1563 * version of malloc() in the executable. Such a malloc() interposes on 1564 * the libc:malloc, and this interposition must be honored within the 1565 * group as well. 1566 * 1567 * Following any rejection, LKUP_WORLD is established as a means of 1568 * overriding this test as we return to a standard search. 1569 */ 1570 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1571 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1572 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1573 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1574 DBG_BNDREJ_GROUP)); 1575 *binfo |= BINFO_REJGROUP; 1576 *binfo &= ~DBG_BINFO_MSK; 1577 return (0); 1578 } 1579 1580 /* 1581 * If this symbol is associated with capabilities, then each of the 1582 * capabilities instances needs to be compared against the system 1583 * capabilities. The best instance will be chosen to satisfy this 1584 * binding. 1585 */ 1586 if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) && 1587 (cap_match(srp, ndx, symtabptr, strtabptr) == 0)) 1588 return (0); 1589 1590 /* 1591 * Determine whether this object is acting as a filter. 1592 */ 1593 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1594 return (1); 1595 1596 /* 1597 * Determine if this object offers per-symbol filtering, and if so, 1598 * whether this symbol references a filtee. 1599 */ 1600 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1601 /* 1602 * If this is a standard filter reference, and no standard 1603 * filtees remain to be inspected, we're done. If this is an 1604 * auxiliary filter reference, and no auxiliary filtees remain, 1605 * we'll fall through in case any object filtering is available. 1606 */ 1607 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1608 (SYMSFLTRCNT(ilmp) == 0)) 1609 return (0); 1610 1611 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1612 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1613 SYMAFLTRCNT(ilmp))) { 1614 Sresult sr; 1615 1616 /* 1617 * Initialize a local symbol result descriptor, using 1618 * the original symbol name. 1619 */ 1620 SRESULT_INIT(sr, slp->sl_name); 1621 1622 /* 1623 * This symbol has an associated filtee. Lookup the 1624 * symbol in the filtee, and if it is found return it. 1625 * If the symbol doesn't exist, and this is a standard 1626 * filter, return an error, otherwise fall through to 1627 * catch any object filtering that may be available. 1628 */ 1629 if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto, 1630 in_nfavl)) { 1631 *srp = sr; 1632 return (1); 1633 } 1634 if (sip->si_flags & SYMINFO_FLG_FILTER) 1635 return (0); 1636 } 1637 } 1638 1639 /* 1640 * Determine if this object provides global filtering. 1641 */ 1642 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1643 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1644 Sresult sr; 1645 1646 /* 1647 * Initialize a local symbol result descriptor, using 1648 * the original symbol name. 1649 */ 1650 SRESULT_INIT(sr, slp->sl_name); 1651 1652 /* 1653 * This object has an associated filtee. Lookup the 1654 * symbol in the filtee, and if it is found return it. 1655 * If the symbol doesn't exist, and this is a standard 1656 * filter, return and error, otherwise return the symbol 1657 * within the filter itself. 1658 */ 1659 if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp), 1660 in_nfavl)) { 1661 *srp = sr; 1662 return (1); 1663 } 1664 } 1665 1666 if (flags1 & FL1_RT_OBJSFLTR) 1667 return (0); 1668 } 1669 return (1); 1670 } 1671 1672 /* 1673 * Create a new Rt_map structure for an ELF object and initialize 1674 * all values. 1675 */ 1676 Rt_map * 1677 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1678 void *odyn, int *in_nfavl) 1679 { 1680 const char *name = fdp->fd_nname; 1681 Rt_map *lmp; 1682 Ehdr *ehdr = (Ehdr *)addr; 1683 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1684 Dyn *dyn = (Dyn *)odyn; 1685 Cap *cap = NULL; 1686 int ndx; 1687 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1688 Xword rpath = 0; 1689 size_t lmsz, rtsz, epsz, dynsz = 0; 1690 uint_t dyncnt = 0; 1691 1692 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1693 1694 /* 1695 * If this is a shared object, the base address of the shared object is 1696 * added to all address values defined within the object. Otherwise, if 1697 * this is an executable, all object addresses are used as is. 1698 */ 1699 if (ehdr->e_type == ET_EXEC) 1700 base = 0; 1701 else 1702 base = addr; 1703 1704 /* 1705 * Traverse the program header table, picking off required items. This 1706 * traversal also provides for the sizing of the PT_DYNAMIC section. 1707 */ 1708 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1709 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1710 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1711 switch (phdr->p_type) { 1712 case PT_DYNAMIC: 1713 dphdr = phdr; 1714 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1715 break; 1716 case PT_TLS: 1717 tphdr = phdr; 1718 break; 1719 case PT_SUNWCAP: 1720 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1721 break; 1722 case PT_SUNW_UNWIND: 1723 case PT_SUNW_EH_FRAME: 1724 uphdr = phdr; 1725 break; 1726 default: 1727 break; 1728 } 1729 } 1730 1731 /* 1732 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1733 * allocation. Sadly, this is a little larger than we really need, 1734 * as there are typically padding DT_NULL entries. However, adding 1735 * this data to the initial link-map allocation is a win. 1736 */ 1737 if (dyn) { 1738 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1739 dynsz = dyncnt * sizeof (Dyninfo); 1740 } 1741 1742 /* 1743 * Allocate space for the link-map, private elf information, and 1744 * DYNINFO() data. Once these are allocated and initialized, 1745 * remove_so(0, lmp) can be used to tear down the link-map allocation 1746 * should any failures occur. 1747 */ 1748 rtsz = S_DROUND(sizeof (Rt_map)); 1749 epsz = S_DROUND(sizeof (Rt_elfp)); 1750 lmsz = rtsz + epsz + dynsz; 1751 if ((lmp = calloc(lmsz, 1)) == NULL) 1752 return (NULL); 1753 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1754 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1755 LMSIZE(lmp) = lmsz; 1756 1757 /* 1758 * All fields not filled in were set to 0 by calloc. 1759 */ 1760 NAME(lmp) = (char *)name; 1761 ADDR(lmp) = addr; 1762 MSIZE(lmp) = msize; 1763 SYMINTP(lmp) = elf_find_sym; 1764 FCT(lmp) = &elf_fct; 1765 LIST(lmp) = lml; 1766 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1767 SORTVAL(lmp) = -1; 1768 DYN(lmp) = dyn; 1769 DYNINFOCNT(lmp) = dyncnt; 1770 PTUNWIND(lmp) = uphdr; 1771 1772 if (ehdr->e_type == ET_EXEC) 1773 FLAGS(lmp) |= FLG_RT_FIXED; 1774 1775 /* 1776 * Fill in rest of the link map entries with information from the file's 1777 * dynamic structure. 1778 */ 1779 if (dyn) { 1780 uint_t dynndx = 0; 1781 Xword pltpadsz = 0; 1782 Rti_desc *rti; 1783 1784 /* CSTYLED */ 1785 for ( ; dyn->d_tag != DT_NULL; ++dyn, dynndx++) { 1786 switch ((Xword)dyn->d_tag) { 1787 case DT_SYMTAB: 1788 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1789 break; 1790 case DT_SUNW_SYMTAB: 1791 SUNWSYMTAB(lmp) = 1792 (void *)(dyn->d_un.d_ptr + base); 1793 break; 1794 case DT_SUNW_SYMSZ: 1795 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1796 break; 1797 case DT_STRTAB: 1798 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1799 break; 1800 case DT_SYMENT: 1801 SYMENT(lmp) = dyn->d_un.d_val; 1802 break; 1803 case DT_FEATURE_1: 1804 dyn->d_un.d_val |= DTF_1_PARINIT; 1805 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1806 crle = 1; 1807 break; 1808 case DT_MOVESZ: 1809 MOVESZ(lmp) = dyn->d_un.d_val; 1810 FLAGS(lmp) |= FLG_RT_MOVE; 1811 break; 1812 case DT_MOVEENT: 1813 MOVEENT(lmp) = dyn->d_un.d_val; 1814 break; 1815 case DT_MOVETAB: 1816 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1817 break; 1818 case DT_REL: 1819 case DT_RELA: 1820 /* 1821 * At this time, ld.so. can only handle one 1822 * type of relocation per object. 1823 */ 1824 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1825 break; 1826 case DT_RELSZ: 1827 case DT_RELASZ: 1828 RELSZ(lmp) = dyn->d_un.d_val; 1829 break; 1830 case DT_RELENT: 1831 case DT_RELAENT: 1832 RELENT(lmp) = dyn->d_un.d_val; 1833 break; 1834 case DT_RELCOUNT: 1835 case DT_RELACOUNT: 1836 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1837 break; 1838 case DT_HASH: 1839 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1840 break; 1841 case DT_PLTGOT: 1842 PLTGOT(lmp) = 1843 (uint_t *)(dyn->d_un.d_ptr + base); 1844 break; 1845 case DT_PLTRELSZ: 1846 PLTRELSZ(lmp) = dyn->d_un.d_val; 1847 break; 1848 case DT_JMPREL: 1849 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1850 break; 1851 case DT_INIT: 1852 if (dyn->d_un.d_ptr != NULL) 1853 INIT(lmp) = 1854 (void (*)())(dyn->d_un.d_ptr + 1855 base); 1856 break; 1857 case DT_FINI: 1858 if (dyn->d_un.d_ptr != NULL) 1859 FINI(lmp) = 1860 (void (*)())(dyn->d_un.d_ptr + 1861 base); 1862 break; 1863 case DT_INIT_ARRAY: 1864 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1865 base); 1866 break; 1867 case DT_INIT_ARRAYSZ: 1868 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1869 break; 1870 case DT_FINI_ARRAY: 1871 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1872 base); 1873 break; 1874 case DT_FINI_ARRAYSZ: 1875 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1876 break; 1877 case DT_PREINIT_ARRAY: 1878 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1879 base); 1880 break; 1881 case DT_PREINIT_ARRAYSZ: 1882 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1883 break; 1884 case DT_RPATH: 1885 case DT_RUNPATH: 1886 rpath = dyn->d_un.d_val; 1887 break; 1888 case DT_FILTER: 1889 fltr = dyn->d_un.d_val; 1890 OBJFLTRNDX(lmp) = dynndx; 1891 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1892 break; 1893 case DT_AUXILIARY: 1894 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1895 fltr = dyn->d_un.d_val; 1896 OBJFLTRNDX(lmp) = dynndx; 1897 } 1898 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1899 break; 1900 case DT_SUNW_FILTER: 1901 SYMSFLTRCNT(lmp)++; 1902 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1903 break; 1904 case DT_SUNW_AUXILIARY: 1905 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1906 SYMAFLTRCNT(lmp)++; 1907 } 1908 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1909 break; 1910 case DT_DEPAUDIT: 1911 if (!(rtld_flags & RT_FL_NOAUDIT)) 1912 audit = dyn->d_un.d_val; 1913 break; 1914 case DT_CONFIG: 1915 cfile = dyn->d_un.d_val; 1916 break; 1917 case DT_DEBUG: 1918 /* 1919 * DT_DEBUG entries are only created in 1920 * dynamic objects that require an interpretor 1921 * (ie. all dynamic executables and some shared 1922 * objects), and provide for a hand-shake with 1923 * old debuggers. This entry is initialized to 1924 * zero by the link-editor. If a debugger is 1925 * monitoring us, and has updated this entry, 1926 * set the debugger monitor flag, and finish 1927 * initializing the debugging structure. See 1928 * setup(). Also, switch off any configuration 1929 * object use as most debuggers can't handle 1930 * fixed dynamic executables as dependencies. 1931 */ 1932 if (dyn->d_un.d_ptr) 1933 rtld_flags |= 1934 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1935 dyn->d_un.d_ptr = (Addr)&r_debug; 1936 break; 1937 case DT_VERNEED: 1938 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1939 base); 1940 break; 1941 case DT_VERNEEDNUM: 1942 /* LINTED */ 1943 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1944 break; 1945 case DT_VERDEF: 1946 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1947 base); 1948 break; 1949 case DT_VERDEFNUM: 1950 /* LINTED */ 1951 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1952 break; 1953 case DT_VERSYM: 1954 /* 1955 * The Solaris ld does not produce DT_VERSYM, 1956 * but the GNU ld does, in order to support 1957 * their style of versioning, which differs 1958 * from ours in some ways, while using the 1959 * same data structures. The presence of 1960 * DT_VERSYM therefore means that GNU 1961 * versioning rules apply to the given file. 1962 * If DT_VERSYM is not present, then Solaris 1963 * versioning rules apply. 1964 */ 1965 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1966 base); 1967 break; 1968 case DT_BIND_NOW: 1969 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1970 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1971 MODE(lmp) |= RTLD_NOW; 1972 MODE(lmp) &= ~RTLD_LAZY; 1973 } 1974 break; 1975 case DT_FLAGS: 1976 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1977 if (dyn->d_un.d_val & DF_SYMBOLIC) 1978 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1979 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1980 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1981 MODE(lmp) |= RTLD_NOW; 1982 MODE(lmp) &= ~RTLD_LAZY; 1983 } 1984 /* 1985 * Capture any static TLS use, and enforce that 1986 * this object be non-deletable. 1987 */ 1988 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1989 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1990 MODE(lmp) |= RTLD_NODELETE; 1991 } 1992 break; 1993 case DT_FLAGS_1: 1994 if (dyn->d_un.d_val & DF_1_DISPRELPND) 1995 FLAGS1(lmp) |= FL1_RT_DISPREL; 1996 if (dyn->d_un.d_val & DF_1_GROUP) 1997 FLAGS(lmp) |= 1998 (FLG_RT_SETGROUP | FLG_RT_PUBHDL); 1999 if ((dyn->d_un.d_val & DF_1_NOW) && 2000 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 2001 MODE(lmp) |= RTLD_NOW; 2002 MODE(lmp) &= ~RTLD_LAZY; 2003 } 2004 if (dyn->d_un.d_val & DF_1_NODELETE) 2005 MODE(lmp) |= RTLD_NODELETE; 2006 if (dyn->d_un.d_val & DF_1_INITFIRST) 2007 FLAGS(lmp) |= FLG_RT_INITFRST; 2008 if (dyn->d_un.d_val & DF_1_NOOPEN) 2009 FLAGS(lmp) |= FLG_RT_NOOPEN; 2010 if (dyn->d_un.d_val & DF_1_LOADFLTR) 2011 FLAGS(lmp) |= FLG_RT_LOADFLTR; 2012 if (dyn->d_un.d_val & DF_1_NODUMP) 2013 FLAGS(lmp) |= FLG_RT_NODUMP; 2014 if (dyn->d_un.d_val & DF_1_CONFALT) 2015 crle = 1; 2016 if (dyn->d_un.d_val & DF_1_DIRECT) 2017 FLAGS1(lmp) |= FL1_RT_DIRECT; 2018 if (dyn->d_un.d_val & DF_1_NODEFLIB) 2019 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 2020 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 2021 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 2022 if (dyn->d_un.d_val & DF_1_TRANS) 2023 FLAGS(lmp) |= FLG_RT_TRANS; 2024 2025 /* 2026 * Global auditing is only meaningful when 2027 * specified by the initiating object of the 2028 * process - typically the dynamic executable. 2029 * If this is the initiating object, its link- 2030 * map will not yet have been added to the 2031 * link-map list, and consequently the link-map 2032 * list is empty. (see setup()). 2033 */ 2034 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 2035 if (lml_main.lm_head == NULL) 2036 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 2037 else 2038 DBG_CALL(Dbg_audit_ignore(lmp)); 2039 } 2040 2041 /* 2042 * If this object identifies itself as an 2043 * interposer, but relocation processing has 2044 * already started, then demote it. It's too 2045 * late to guarantee complete interposition. 2046 */ 2047 /* BEGIN CSTYLED */ 2048 if (dyn->d_un.d_val & 2049 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2050 if (lml->lm_flags & LML_FLG_STARTREL) { 2051 DBG_CALL(Dbg_util_intoolate(lmp)); 2052 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2053 (void) printf( 2054 MSG_INTL(MSG_LDD_REL_ERR2), 2055 NAME(lmp)); 2056 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2057 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2058 else 2059 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2060 } 2061 /* END CSTYLED */ 2062 break; 2063 case DT_SYMINFO: 2064 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2065 base); 2066 break; 2067 case DT_SYMINENT: 2068 SYMINENT(lmp) = dyn->d_un.d_val; 2069 break; 2070 case DT_PLTPAD: 2071 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2072 break; 2073 case DT_PLTPADSZ: 2074 pltpadsz = dyn->d_un.d_val; 2075 break; 2076 case DT_SUNW_RTLDINF: 2077 /* 2078 * Maintain a list of RTLDINFO structures. 2079 * Typically, libc is the only supplier, and 2080 * only one structure is provided. However, 2081 * multiple suppliers and multiple structures 2082 * are supported. For example, one structure 2083 * may provide thread_init, and another 2084 * structure may provide atexit reservations. 2085 */ 2086 if ((rti = alist_append(&lml->lm_rti, NULL, 2087 sizeof (Rti_desc), 2088 AL_CNT_RTLDINFO)) == NULL) { 2089 remove_so(0, lmp); 2090 return (NULL); 2091 } 2092 rti->rti_lmp = lmp; 2093 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2094 base); 2095 break; 2096 case DT_SUNW_SORTENT: 2097 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2098 break; 2099 case DT_SUNW_SYMSORT: 2100 SUNWSYMSORT(lmp) = 2101 (void *)(dyn->d_un.d_ptr + base); 2102 break; 2103 case DT_SUNW_SYMSORTSZ: 2104 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2105 break; 2106 case DT_DEPRECATED_SPARC_REGISTER: 2107 case M_DT_REGISTER: 2108 FLAGS(lmp) |= FLG_RT_REGSYMS; 2109 break; 2110 case DT_SUNW_CAP: 2111 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base); 2112 break; 2113 case DT_SUNW_CAPINFO: 2114 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base); 2115 break; 2116 case DT_SUNW_CAPCHAIN: 2117 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr + 2118 base); 2119 break; 2120 case DT_SUNW_CAPCHAINENT: 2121 CAPCHAINENT(lmp) = dyn->d_un.d_val; 2122 break; 2123 case DT_SUNW_CAPCHAINSZ: 2124 CAPCHAINSZ(lmp) = dyn->d_un.d_val; 2125 break; 2126 } 2127 } 2128 2129 if (PLTPAD(lmp)) { 2130 if (pltpadsz == (Xword)0) 2131 PLTPAD(lmp) = NULL; 2132 else 2133 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2134 pltpadsz); 2135 } 2136 } 2137 2138 /* 2139 * A dynsym contains only global functions. We want to have 2140 * a version of it that also includes local functions, so that 2141 * dladdr() will be able to report names for local functions 2142 * when used to generate a stack trace for a stripped file. 2143 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2144 * 2145 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2146 * in order to avoid having to have two copies of the global 2147 * symbols held in DT_SYMTAB: The local symbols are placed in 2148 * a separate section than the globals in the dynsym, but the 2149 * linker conspires to put the data for these two sections adjacent 2150 * to each other. DT_SUNW_SYMTAB points at the top of the local 2151 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2152 * 2153 * If the two sections are not adjacent, then something went wrong 2154 * at link time. We use ASSERT to kill the process if this is 2155 * a debug build. In a production build, we will silently ignore 2156 * the presence of the .ldynsym and proceed. We can detect this 2157 * situation by checking to see that DT_SYMTAB lies in 2158 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2159 */ 2160 if ((SUNWSYMTAB(lmp) != NULL) && 2161 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2162 (((char *)SYMTAB(lmp) >= 2163 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2164 ASSERT(0); 2165 SUNWSYMTAB(lmp) = NULL; 2166 SUNWSYMSZ(lmp) = 0; 2167 } 2168 2169 /* 2170 * If configuration file use hasn't been disabled, and a configuration 2171 * file hasn't already been set via an environment variable, see if any 2172 * application specific configuration file is specified. An LD_CONFIG 2173 * setting is used first, but if this image was generated via crle(1) 2174 * then a default configuration file is a fall-back. 2175 */ 2176 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2177 if (cfile) 2178 config->c_name = (const char *)(cfile + 2179 (char *)STRTAB(lmp)); 2180 else if (crle) 2181 rtld_flags |= RT_FL_CONFAPP; 2182 } 2183 2184 if (rpath) 2185 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2186 if (fltr) 2187 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2188 2189 /* 2190 * For Intel ABI compatibility. It's possible that a JMPREL can be 2191 * specified without any other relocations (e.g. a dynamic executable 2192 * normally only contains .plt relocations). If this is the case then 2193 * no REL, RELSZ or RELENT will have been created. For us to be able 2194 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2195 * the RELENT for these relocations. Refer to elf_reloc() for more 2196 * details. 2197 */ 2198 if (!RELENT(lmp) && JMPREL(lmp)) 2199 RELENT(lmp) = sizeof (M_RELOC); 2200 2201 /* 2202 * Establish any per-object auditing. If we're establishing `main's 2203 * link-map its too early to go searching for audit objects so just 2204 * hold the object name for later (see setup()). 2205 */ 2206 if (audit) { 2207 char *cp = audit + (char *)STRTAB(lmp); 2208 2209 if (*cp) { 2210 if (((AUDITORS(lmp) = 2211 calloc(1, sizeof (Audit_desc))) == NULL) || 2212 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2213 remove_so(0, lmp); 2214 return (NULL); 2215 } 2216 if (lml_main.lm_head) { 2217 if (audit_setup(lmp, AUDITORS(lmp), 0, 2218 in_nfavl) == 0) { 2219 remove_so(0, lmp); 2220 return (NULL); 2221 } 2222 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2223 lml->lm_flags |= LML_FLG_LOCAUDIT; 2224 } 2225 } 2226 } 2227 2228 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2229 remove_so(0, lmp); 2230 return (NULL); 2231 } 2232 2233 /* 2234 * A capabilities section should be identified by a DT_SUNW_CAP entry, 2235 * and if non-empty object capabilities are included, a PT_SUNWCAP 2236 * header should reference the section. Make sure CAP() is set 2237 * regardless. 2238 */ 2239 if ((CAP(lmp) == NULL) && cap) 2240 CAP(lmp) = cap; 2241 2242 /* 2243 * Make sure any capabilities information or chain can be handled. 2244 */ 2245 if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT)) 2246 CAPINFO(lmp) = NULL; 2247 if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT)) 2248 CAPCHAIN(lmp) = NULL; 2249 2250 /* 2251 * As part of processing dependencies, a file descriptor is populated 2252 * with capabilities information following validation. 2253 */ 2254 if (fdp->fd_flags & FLG_FD_ALTCHECK) { 2255 FLAGS1(lmp) |= FL1_RT_ALTCHECK; 2256 CAPSET(lmp) = fdp->fd_scapset; 2257 2258 if (fdp->fd_flags & FLG_FD_ALTCAP) 2259 FLAGS1(lmp) |= FL1_RT_ALTCAP; 2260 2261 } else if ((cap = CAP(lmp)) != NULL) { 2262 /* 2263 * Processing of the a.out and ld.so.1 does not involve a file 2264 * descriptor as exec() did all the work, so capture the 2265 * capabilities for these cases. 2266 */ 2267 while (cap->c_tag != CA_SUNW_NULL) { 2268 switch (cap->c_tag) { 2269 case CA_SUNW_HW_1: 2270 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val; 2271 break; 2272 case CA_SUNW_SF_1: 2273 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val; 2274 break; 2275 case CA_SUNW_HW_2: 2276 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val; 2277 break; 2278 case CA_SUNW_PLAT: 2279 CAPSET(lmp).sc_plat = STRTAB(lmp) + 2280 cap->c_un.c_ptr; 2281 break; 2282 case CA_SUNW_MACH: 2283 CAPSET(lmp).sc_mach = STRTAB(lmp) + 2284 cap->c_un.c_ptr; 2285 break; 2286 } 2287 cap++; 2288 } 2289 } 2290 2291 /* 2292 * If a capabilities chain table exists, duplicate it. The chain table 2293 * is inspected for each initial call to a capabilities family lead 2294 * symbol. From this chain, each family member is inspected to 2295 * determine the 'best' family member. The chain table is then updated 2296 * so that the best member is immediately selected for any further 2297 * family searches. 2298 */ 2299 if (CAPCHAIN(lmp)) { 2300 Capchain *capchain; 2301 2302 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL) 2303 return (NULL); 2304 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp)); 2305 CAPCHAIN(lmp) = capchain; 2306 } 2307 2308 /* 2309 * Add the mapped object to the end of the link map list. 2310 */ 2311 lm_append(lml, lmco, lmp); 2312 2313 /* 2314 * Start the system loading in the ELF information we'll be processing. 2315 */ 2316 if (REL(lmp)) { 2317 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2318 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2319 MADV_WILLNEED); 2320 } 2321 return (lmp); 2322 } 2323 2324 /* 2325 * Build full pathname of shared object from given directory name and filename. 2326 */ 2327 static char * 2328 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2329 { 2330 static char pname[PATH_MAX]; 2331 2332 (void) strncpy(pname, dir, dlen); 2333 pname[dlen++] = '/'; 2334 (void) strncpy(&pname[dlen], file, flen + 1); 2335 return (pname); 2336 } 2337 2338 /* 2339 * The copy relocation is recorded in a copy structure which will be applied 2340 * after all other relocations are carried out. This provides for copying data 2341 * that must be relocated itself (ie. pointers in shared objects). This 2342 * structure also provides a means of binding RTLD_GROUP dependencies to any 2343 * copy relocations that have been taken from any group members. 2344 * 2345 * If the size of the .bss area available for the copy information is not the 2346 * same as the source of the data inform the user if we're under ldd(1) control 2347 * (this checking was only established in 5.3, so by only issuing an error via 2348 * ldd(1) we maintain the standard set by previous releases). 2349 */ 2350 int 2351 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2352 Rt_map *dlmp, const void *dadd) 2353 { 2354 Rel_copy rc; 2355 Lm_list *lml = LIST(rlmp); 2356 2357 rc.r_name = name; 2358 rc.r_rsym = rsym; /* the new reference symbol and its */ 2359 rc.r_rlmp = rlmp; /* associated link-map */ 2360 rc.r_dlmp = dlmp; /* the defining link-map */ 2361 rc.r_dsym = dsym; /* the original definition */ 2362 rc.r_radd = radd; 2363 rc.r_dadd = dadd; 2364 2365 if (rsym->st_size > dsym->st_size) 2366 rc.r_size = (size_t)dsym->st_size; 2367 else 2368 rc.r_size = (size_t)rsym->st_size; 2369 2370 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2371 AL_CNT_COPYREL) == NULL) { 2372 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2373 return (0); 2374 else 2375 return (1); 2376 } 2377 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2378 if (aplist_append(©_S(rlmp), dlmp, 2379 AL_CNT_COPYREL) == NULL) { 2380 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2381 return (0); 2382 else 2383 return (1); 2384 } 2385 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2386 } 2387 2388 /* 2389 * If we are tracing (ldd), warn the user if 2390 * 1) the size from the reference symbol differs from the 2391 * copy definition. We can only copy as much data as the 2392 * reference (dynamic executables) entry allows. 2393 * 2) the copy definition has STV_PROTECTED visibility. 2394 */ 2395 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2396 if (rsym->st_size != dsym->st_size) { 2397 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2398 _conv_reloc_type(M_R_COPY), demangle(name), 2399 NAME(rlmp), EC_XWORD(rsym->st_size), 2400 NAME(dlmp), EC_XWORD(dsym->st_size)); 2401 if (rsym->st_size > dsym->st_size) 2402 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2403 NAME(dlmp)); 2404 else 2405 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2406 NAME(rlmp)); 2407 } 2408 2409 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2410 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2411 _conv_reloc_type(M_R_COPY), demangle(name), 2412 NAME(dlmp)); 2413 } 2414 } 2415 2416 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2417 (Xword)rc.r_size)); 2418 return (1); 2419 } 2420 2421 /* 2422 * Determine the symbol location of an address within a link-map. Look for 2423 * the nearest symbol (whose value is less than or equal to the required 2424 * address). This is the object specific part of dladdr(). 2425 */ 2426 static void 2427 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2428 { 2429 ulong_t ndx, cnt, base, _value; 2430 Sym *sym, *_sym = NULL; 2431 const char *str; 2432 int _flags; 2433 uint_t *dynaddr_ndx; 2434 uint_t dynaddr_n = 0; 2435 ulong_t value; 2436 2437 /* 2438 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2439 * the dynsym that starts with any local function symbols that exist in 2440 * the library and then moves to the data held in SYMTAB(). In this 2441 * case, SUNWSYMSZ tells us how long the symbol table is. The 2442 * availability of local function symbols will enhance the results 2443 * we can provide. 2444 * 2445 * If SUNWSYMTAB() is non-NULL, then there might also be a 2446 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2447 * an array of indices into SUNWSYMTAB, sorted by increasing 2448 * address. We can use this to do an O(log N) search instead of a 2449 * brute force search. 2450 * 2451 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2452 * contains only global symbols. In that case, the length of 2453 * the symbol table comes from the nchain field of the related 2454 * symbol lookup hash table. 2455 */ 2456 str = STRTAB(lmp); 2457 if (SUNWSYMSZ(lmp) == NULL) { 2458 sym = SYMTAB(lmp); 2459 /* 2460 * If we don't have a .hash table there are no symbols 2461 * to look at. 2462 */ 2463 if (HASH(lmp) == NULL) 2464 return; 2465 cnt = HASH(lmp)[1]; 2466 } else { 2467 sym = SUNWSYMTAB(lmp); 2468 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2469 dynaddr_ndx = SUNWSYMSORT(lmp); 2470 if (dynaddr_ndx != NULL) 2471 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2472 } 2473 2474 if (FLAGS(lmp) & FLG_RT_FIXED) 2475 base = 0; 2476 else 2477 base = ADDR(lmp); 2478 2479 if (dynaddr_n > 0) { /* Binary search */ 2480 long low = 0, low_bnd; 2481 long high = dynaddr_n - 1, high_bnd; 2482 long mid; 2483 Sym *mid_sym; 2484 2485 /* 2486 * Note that SUNWSYMSORT only contains symbols types that 2487 * supply memory addresses, so there's no need to check and 2488 * filter out any other types. 2489 */ 2490 low_bnd = low; 2491 high_bnd = high; 2492 while (low <= high) { 2493 mid = (low + high) / 2; 2494 mid_sym = &sym[dynaddr_ndx[mid]]; 2495 value = mid_sym->st_value + base; 2496 if (addr < value) { 2497 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2498 addr) 2499 high_bnd = high; 2500 high = mid - 1; 2501 } else if (addr > value) { 2502 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2503 addr) 2504 low_bnd = low; 2505 low = mid + 1; 2506 } else { 2507 _sym = mid_sym; 2508 _value = value; 2509 break; 2510 } 2511 } 2512 /* 2513 * If the above didn't find it exactly, then we must 2514 * return the closest symbol with a value that doesn't 2515 * exceed the one we are looking for. If that symbol exists, 2516 * it will lie in the range bounded by low_bnd and 2517 * high_bnd. This is a linear search, but a short one. 2518 */ 2519 if (_sym == NULL) { 2520 for (mid = low_bnd; mid <= high_bnd; mid++) { 2521 mid_sym = &sym[dynaddr_ndx[mid]]; 2522 value = mid_sym->st_value + base; 2523 if (addr >= value) { 2524 _sym = mid_sym; 2525 _value = value; 2526 } else { 2527 break; 2528 } 2529 } 2530 } 2531 } else { /* Linear search */ 2532 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2533 /* 2534 * Skip expected symbol types that are not functions 2535 * or data: 2536 * - A symbol table starts with an undefined symbol 2537 * in slot 0. If we are using SUNWSYMTAB(), 2538 * there will be a second undefined symbol 2539 * right before the globals. 2540 * - The local part of SUNWSYMTAB() contains a 2541 * series of function symbols. Each section 2542 * starts with an initial STT_FILE symbol. 2543 */ 2544 if ((sym->st_shndx == SHN_UNDEF) || 2545 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2546 continue; 2547 2548 value = sym->st_value + base; 2549 if (value > addr) 2550 continue; 2551 if (value < _value) 2552 continue; 2553 2554 _sym = sym; 2555 _value = value; 2556 2557 /* 2558 * Note, because we accept local and global symbols 2559 * we could find a section symbol that matches the 2560 * associated address, which means that the symbol 2561 * name will be null. In this case continue the 2562 * search in case we can find a global symbol of 2563 * the same value. 2564 */ 2565 if ((value == addr) && 2566 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2567 break; 2568 } 2569 } 2570 2571 _flags = flags & RTLD_DL_MASK; 2572 if (_sym) { 2573 if (_flags == RTLD_DL_SYMENT) 2574 *info = (void *)_sym; 2575 else if (_flags == RTLD_DL_LINKMAP) 2576 *info = (void *)lmp; 2577 2578 dlip->dli_sname = str + _sym->st_name; 2579 dlip->dli_saddr = (void *)_value; 2580 } else { 2581 /* 2582 * addr lies between the beginning of the mapped segment and 2583 * the first global symbol. We have no symbol to return 2584 * and the caller requires one. We use _START_, the base 2585 * address of the mapping. 2586 */ 2587 2588 if (_flags == RTLD_DL_SYMENT) { 2589 /* 2590 * An actual symbol struct is needed, so we 2591 * construct one for _START_. To do this in a 2592 * fully accurate way requires a different symbol 2593 * for each mapped segment. This requires the 2594 * use of dynamic memory and a mutex. That's too much 2595 * plumbing for a fringe case of limited importance. 2596 * 2597 * Fortunately, we can simplify: 2598 * - Only the st_size and st_info fields are useful 2599 * outside of the linker internals. The others 2600 * reference things that outside code cannot see, 2601 * and can be set to 0. 2602 * - It's just a label and there is no size 2603 * to report. So, the size should be 0. 2604 * This means that only st_info needs a non-zero 2605 * (constant) value. A static struct will suffice. 2606 * It must be const (readonly) so the caller can't 2607 * change its meaning for subsequent callers. 2608 */ 2609 static const Sym fsym = { 0, 0, 0, 2610 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2611 *info = (void *) &fsym; 2612 } 2613 2614 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2615 dlip->dli_saddr = (void *) ADDR(lmp); 2616 } 2617 } 2618 2619 /* 2620 * This routine is called as a last fall-back to search for a symbol from a 2621 * standard relocation or dlsym(). To maintain lazy loadings goal of reducing 2622 * the number of objects mapped, any symbol search is first carried out using 2623 * the objects that already exist in the process (either on a link-map list or 2624 * handle). If a symbol can't be found, and lazy dependencies are still 2625 * pending, this routine loads the dependencies in an attempt to locate the 2626 * symbol. 2627 */ 2628 int 2629 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl) 2630 { 2631 static APlist *alist = NULL; 2632 Aliste idx1; 2633 Rt_map *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap; 2634 const char *name = slp->sl_name; 2635 Slookup sl1 = *slp; 2636 Lm_list *lml; 2637 Lm_cntl *lmc; 2638 2639 /* 2640 * It's quite possible we've been here before to process objects, 2641 * therefore reinitialize our dynamic list. 2642 */ 2643 if (alist) 2644 aplist_reset(alist); 2645 2646 /* 2647 * Discard any relocation index from further symbol searches. This 2648 * index has already been used to trigger any necessary lazy-loads, 2649 * and it might be because one of these lazy loads has failed that 2650 * we're performing this fallback. By removing the relocation index 2651 * we don't try and perform the same failed lazy loading activity again. 2652 */ 2653 sl1.sl_rsymndx = 0; 2654 2655 /* 2656 * Determine the callers link-map list so that we can monitor whether 2657 * new objects have been added. 2658 */ 2659 lml = LIST(clmp); 2660 lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp)); 2661 2662 /* 2663 * Generate a local list of new objects to process. This list can grow 2664 * as each object supplies its own lazy dependencies. 2665 */ 2666 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2667 return (NULL); 2668 2669 for (APLIST_TRAVERSE(alist, idx1, lmp1)) { 2670 uint_t cnt = 0; 2671 Dyninfo *dip, *pdip; 2672 2673 /* 2674 * Loop through the lazy DT_NEEDED entries examining each object 2675 * for the required symbol. If the symbol is not found, the 2676 * object is in turn added to the local alist, so that the 2677 * objects lazy DT_NEEDED entries can be examined. 2678 */ 2679 lmp = lmp1; 2680 for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp); 2681 cnt++, pdip = dip++) { 2682 Grp_hdl *ghp; 2683 Grp_desc *gdp; 2684 Rt_map *nlmp, *llmp; 2685 Slookup sl2; 2686 Sresult sr; 2687 Aliste idx2; 2688 2689 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2690 dip->di_info) 2691 continue; 2692 2693 /* 2694 * If this object has already failed to lazy load, and 2695 * we're still processing the same runtime linker 2696 * operation that produced the failure, don't bother 2697 * to try and load the object again. 2698 */ 2699 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2700 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2701 if (pdip->di_info == (void *)ld_entry_cnt) 2702 continue; 2703 2704 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2705 pdip->di_info = NULL; 2706 } 2707 2708 /* 2709 * Determine the last link-map presently on the callers 2710 * link-map control list. 2711 */ 2712 llmp = lmc->lc_tail; 2713 2714 /* 2715 * Try loading this lazy dependency. If the object 2716 * can't be loaded, consider this non-fatal and continue 2717 * the search. Lazy loaded dependencies need not exist 2718 * and their loading should only turn out to be fatal 2719 * if they are required to satisfy a relocation. 2720 * 2721 * A successful lazy load can mean one of two things: 2722 * 2723 * - new objects have been loaded, in which case the 2724 * objects will have been analyzed, relocated, and 2725 * finally moved to the callers control list. 2726 * - the objects are already loaded, and this lazy 2727 * load has simply associated the referenced object 2728 * with it's lazy dependencies. 2729 * 2730 * If new objects are loaded, look in these objects 2731 * first. Note, a new object can be the object being 2732 * referenced by this lazy load, however we can also 2733 * descend into multiple lazy loads as we relocate this 2734 * reference. 2735 * 2736 * If the symbol hasn't been found, use the referenced 2737 * objects handle, as it might have dependencies on 2738 * objects that are already loaded. Note that existing 2739 * objects might have already been searched and skipped 2740 * as non-available to this caller. However, a lazy 2741 * load might have caused the promotion of modes, or 2742 * added this object to the family of the caller. In 2743 * either case, the handle associated with the object 2744 * is then used to carry out the symbol search. 2745 */ 2746 if ((nlmp = elf_lazy_load(lmp, &sl1, cnt, name, 2747 FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL) 2748 continue; 2749 2750 if (NEXT_RT_MAP(llmp)) { 2751 /* 2752 * Look in any new objects. 2753 */ 2754 sl1.sl_imap = NEXT_RT_MAP(llmp); 2755 sl1.sl_flags &= ~LKUP_STDRELOC; 2756 2757 /* 2758 * Initialize a local symbol result descriptor, 2759 * using the original symbol name. 2760 */ 2761 SRESULT_INIT(sr, slp->sl_name); 2762 2763 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) { 2764 *srp = sr; 2765 return (1); 2766 } 2767 } 2768 2769 /* 2770 * Use the objects handle to inspect the family of 2771 * objects associated with the handle. Note, there's 2772 * a possibility of overlap with the above search, 2773 * should a lazy load bring in new objects and 2774 * reference existing objects. 2775 */ 2776 sl2 = sl1; 2777 for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) { 2778 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) && 2779 (gdp->gd_flags & GPD_DLSYM)) { 2780 2781 sl2.sl_imap = gdp->gd_depend; 2782 sl2.sl_flags |= LKUP_FIRST; 2783 2784 /* 2785 * Initialize a local symbol result 2786 * descriptor, using the original 2787 * symbol name. 2788 */ 2789 SRESULT_INIT(sr, slp->sl_name); 2790 2791 if (lookup_sym(&sl2, &sr, binfo, 2792 in_nfavl)) { 2793 *srp = sr; 2794 return (1); 2795 } 2796 } 2797 } 2798 2799 /* 2800 * Some dlsym() operations are already traversing a 2801 * link-map (dlopen(0)), and thus there's no need to 2802 * save them on the dynamic dependency list. 2803 */ 2804 if (slp->sl_flags & LKUP_NODESCENT) 2805 continue; 2806 2807 if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL) 2808 return (0); 2809 } 2810 } 2811 2812 return (0); 2813 } 2814 2815 /* 2816 * Warning message for bad r_offset. 2817 */ 2818 void 2819 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2820 ulong_t rsymndx) 2821 { 2822 const char *name = NULL; 2823 Lm_list *lml = LIST(lmp); 2824 int trace; 2825 2826 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2827 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2828 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2829 trace = 1; 2830 else 2831 trace = 0; 2832 2833 if ((trace == 0) && (DBG_ENABLED == 0)) 2834 return; 2835 2836 if (rsymndx) { 2837 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2838 (rsymndx * SYMENT(lmp))); 2839 2840 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2841 name = (char *)(STRTAB(lmp) + symref->st_name); 2842 } 2843 2844 if (name == NULL) 2845 name = MSG_INTL(MSG_STR_UNKNOWN); 2846 2847 if (trace) { 2848 const char *rstr; 2849 2850 rstr = _conv_reloc_type((uint_t)rtype); 2851 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2852 EC_ADDR(roffset)); 2853 return; 2854 } 2855 2856 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2857 } 2858 2859 /* 2860 * Resolve a static TLS relocation. 2861 */ 2862 long 2863 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2864 ulong_t roffset, long value) 2865 { 2866 Lm_list *lml = LIST(lmp); 2867 2868 /* 2869 * Relocations against a static TLS block have limited support once 2870 * process initialization has completed. Any error condition should be 2871 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2872 * however individual relocations are tested in case the dynamic flag 2873 * had not been set when this object was built. 2874 */ 2875 if (PTTLS(lmp) == NULL) { 2876 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2877 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2878 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2879 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2880 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2881 return (0); 2882 } 2883 2884 /* 2885 * If no static TLS has been set aside for this object, determine if 2886 * any can be obtained. Enforce that any object using static TLS is 2887 * non-deletable. 2888 */ 2889 if (TLSSTATOFF(lmp) == 0) { 2890 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2891 MODE(lmp) |= RTLD_NODELETE; 2892 2893 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2894 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2895 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2896 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2897 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2898 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2899 return (0); 2900 } 2901 } 2902 2903 /* 2904 * Typically, a static TLS offset is maintained as a symbols value. 2905 * For local symbols that are not apart of the dynamic symbol table, 2906 * the TLS relocation points to a section symbol, and the static TLS 2907 * offset was deposited in the associated GOT table. Make sure the GOT 2908 * is cleared, so that the value isn't reused in do_reloc(). 2909 */ 2910 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2911 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2912 value = *(long *)roffset; 2913 *(long *)roffset = 0; 2914 } else { 2915 value = sym->st_value; 2916 } 2917 } 2918 return (-(TLSSTATOFF(lmp) - value)); 2919 } 2920 2921 /* 2922 * If the symbol is not found and the reference was not to a weak symbol, report 2923 * an error. Weak references may be unresolved. 2924 */ 2925 int 2926 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2927 { 2928 Lm_list *lml = LIST(lmp); 2929 2930 /* 2931 * Under crle(1), relocation failures are ignored. 2932 */ 2933 if (lml->lm_flags & LML_FLG_IGNRELERR) 2934 return (1); 2935 2936 /* 2937 * Under ldd(1), unresolved references are reported. However, if the 2938 * original reference is EXTERN or PARENT these references are ignored 2939 * unless ldd's -p option is in effect. 2940 */ 2941 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2942 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2943 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2944 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2945 demangle(name), NAME(lmp)); 2946 } 2947 return (1); 2948 } 2949 2950 /* 2951 * Otherwise, the unresolved references is fatal. 2952 */ 2953 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2954 NULL, 0, name)); 2955 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2956 demangle(name)); 2957 2958 return (0); 2959 } 2960 2961 /* 2962 * Generic relative relocation function. 2963 */ 2964 inline static ulong_t 2965 _elf_reloc_relative(ulong_t rbgn, ulong_t base, Rt_map *lmp, APlist **textrel) 2966 { 2967 mmapobj_result_t *mpp; 2968 ulong_t roffset; 2969 2970 roffset = ((M_RELOC *)rbgn)->r_offset; 2971 roffset += base; 2972 2973 /* 2974 * If this relocation is against an address that is not associated with 2975 * a mapped segment, fall back to the generic relocation loop to 2976 * collect the associated error. 2977 */ 2978 if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) 2979 return (0); 2980 2981 /* 2982 * If this relocation is against a segment that does not provide write 2983 * access, set the write permission for all non-writable mappings. 2984 */ 2985 if (((mpp->mr_prot & PROT_WRITE) == 0) && textrel && 2986 ((set_prot(lmp, mpp, 1) == 0) || 2987 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) 2988 return (0); 2989 2990 /* 2991 * Perform the actual relocation. Note, for backward compatibility, 2992 * SPARC relocations are added to the offset contents (there was a time 2993 * when the offset was used to contain the addend, rather than using 2994 * the addend itself). 2995 */ 2996 #if defined(__sparc) 2997 *((ulong_t *)roffset) += base + ((M_RELOC *)rbgn)->r_addend; 2998 #elif defined(__amd64) 2999 *((ulong_t *)roffset) = base + ((M_RELOC *)rbgn)->r_addend; 3000 #else 3001 *((ulong_t *)roffset) += base; 3002 #endif 3003 return (1); 3004 } 3005 3006 /* 3007 * When a generic relocation loop realizes that it's dealing with relative 3008 * relocations, but no DT_RELCOUNT .dynamic tag is present, this tighter loop 3009 * is entered as an optimization. 3010 */ 3011 ulong_t 3012 elf_reloc_relative(ulong_t rbgn, ulong_t rend, ulong_t rsize, ulong_t base, 3013 Rt_map *lmp, APlist **textrel) 3014 { 3015 char rtype; 3016 3017 do { 3018 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 3019 break; 3020 3021 rbgn += rsize; 3022 if (rbgn >= rend) 3023 break; 3024 3025 /* 3026 * Make sure the next type is a relative relocation. 3027 */ 3028 rtype = ELF_R_TYPE(((M_RELOC *)rbgn)->r_info, M_MACH); 3029 3030 } while (rtype == M_R_RELATIVE); 3031 3032 return (rbgn); 3033 } 3034 3035 /* 3036 * This is the tightest loop for RELATIVE relocations for those objects built 3037 * with the DT_RELACOUNT .dynamic entry. 3038 */ 3039 ulong_t 3040 elf_reloc_relative_count(ulong_t rbgn, ulong_t rcount, ulong_t rsize, 3041 ulong_t base, Rt_map *lmp, APlist **textrel) 3042 { 3043 for (; rcount; rcount--) { 3044 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 3045 break; 3046 3047 rbgn += rsize; 3048 } 3049 return (rbgn); 3050 } 3051