1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Remove objects. Objects need removal from a process as part of: 26 * 27 * o a dlclose() request 28 * 29 * o tearing down a dlopen(), lazy-load, or filter hierarchy that failed to 30 * completely load 31 * 32 * Any other failure condition will result in process exit (in which case all 33 * we have to do is execute the fini's - tear down is unnecessary). 34 * 35 * Any removal of objects is therefore associated with a dlopen() handle. There 36 * is a small window between creation of the first dlopen() object and creating 37 * its handle (in which case remove_so() can get rid of the new link-map if 38 * necessary), but other than this all object removal is driven by inspecting 39 * the components of a handle. 40 * 41 * Things to note. The creation of a link-map, and its addition to the link-map 42 * list occurs in {elf|aout}_new_lm(), if this returns success the link-map is 43 * valid and added, otherwise any steps (allocations) in the process of creating 44 * the link-map would have been undone. If a failure occurs between creating 45 * the link-map and adding it to a handle, remove_so() is called to remove the 46 * link-map. If a failures occurs after a handle have been created, 47 * remove_hdl() is called to remove the handle and the link-map. 48 */ 49 #pragma ident "%Z%%M% %I% %E% SMI" 50 51 #include "_synonyms.h" 52 53 #include <string.h> 54 #include <stdio.h> 55 #include <unistd.h> 56 #include <dlfcn.h> 57 #include <sys/debug.h> 58 #include <sys/avl.h> 59 #include <libc_int.h> 60 #include <debug.h> 61 #include "_rtld.h" 62 #include "_audit.h" 63 #include "_elf.h" 64 #include "msg.h" 65 66 /* 67 * Atexit callback provided by libc. As part of dlclose() determine the address 68 * ranges of all objects that are to be deleted. Pass this information to 69 * libc's pre-atexit routine. Libc will purge any registered atexit() calls 70 * related to those objects about to be deleted. 71 */ 72 static int 73 purge_exit_handlers(Lm_list *lml, Rt_map **tobj) 74 { 75 uint_t num; 76 Rt_map **_tobj; 77 Lc_addr_range_t *addr, *_addr; 78 int error; 79 int (*fptr)(Lc_addr_range_t *, uint_t); 80 81 /* 82 * Has a callback been established? 83 */ 84 if ((fptr = lml->lm_lcs[CI_ATEXIT].lc_un.lc_func) == NULL) 85 return (0); 86 87 /* 88 * Determine the total number of mapped segments that will be unloaded. 89 */ 90 for (num = 0, _tobj = tobj; *_tobj != NULL; _tobj++) { 91 Rt_map * lmp = *_tobj; 92 93 num += MMAPCNT(lmp); 94 } 95 96 /* 97 * Account for a null entry at the end of the address range array. 98 */ 99 if (num++ == 0) 100 return (0); 101 102 /* 103 * Allocate an array for the address range. 104 */ 105 if ((addr = malloc(num * sizeof (Lc_addr_range_t))) == 0) 106 return (1); 107 108 /* 109 * Fill the address range with each loadable segments size and address. 110 */ 111 for (_tobj = tobj, _addr = addr; *_tobj != NULL; _tobj++) { 112 Rt_map *lmp = *_tobj; 113 Mmap *mmaps; 114 115 for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) { 116 _addr->lb = (void *)mmaps->m_vaddr; 117 _addr->ub = (void *)(mmaps->m_vaddr + mmaps->m_msize); 118 _addr++; 119 } 120 } 121 _addr->lb = _addr->ub = 0; 122 123 leave(LIST(*tobj)); 124 error = (*fptr)(addr, (num - 1)); 125 (void) enter(); 126 127 /* 128 * If we fail to converse with libc, generate an error message to 129 * satisfy any dlerror() usage. 130 */ 131 if (error) 132 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_ARG_ATEXIT), error); 133 134 free(addr); 135 return (error); 136 } 137 138 /* 139 * Remove any rejection message allocations. 140 */ 141 void 142 remove_rej(Rej_desc * rej) 143 { 144 if (rej && (rej->rej_type)) { 145 if (rej->rej_name) 146 free((void *)rej->rej_name); 147 if (rej->rej_str && (rej->rej_str != MSG_ORIG(MSG_EMG_ENOMEM))) 148 free((void *)rej->rej_str); 149 } 150 } 151 152 /* 153 * Break down a Pnode list. 154 */ 155 void 156 remove_pnode(Pnode * pnp) 157 { 158 Pnode * opnp; 159 160 for (opnp = 0; pnp; opnp = pnp, pnp = pnp->p_next) { 161 if (pnp->p_name) 162 free((void *)pnp->p_name); 163 if (pnp->p_oname) 164 free((void *)pnp->p_oname); 165 if (opnp) 166 free((void *)opnp); 167 } 168 if (opnp) 169 free((void *)opnp); 170 } 171 172 173 /* 174 * Remove a link-map list descriptor. This is called to finalize the removal 175 * of an entire link-map list, after all link-maps have been removed, or none 176 * got added. As load_one() can process a list of potential candidates objects, 177 * the link-map descriptor must be maintained as each object is processed. Only 178 * after all objects have been processed can a failure condition finally tear 179 * down the link-map list descriptor. 180 */ 181 void 182 remove_lml(Lm_list *lml) 183 { 184 if (lml && (lml->lm_head == 0)) { 185 if (lml->lm_lmidstr) 186 free(lml->lm_lmidstr); 187 if (lml->lm_alp) 188 free(lml->lm_alp); 189 if (lml->lm_lists) 190 free(lml->lm_lists); 191 192 /* 193 * Cleanup any pending RTLDINFO in the case where it was 194 * allocated but not called (see _relocate_lmc()). 195 */ 196 if (lml->lm_rti) 197 free(lml->lm_rti); 198 if (lml->lm_fpavl) { 199 /* 200 * As we are freeing the link-map list, all nodes must 201 * have previously been removed. 202 */ 203 ASSERT(avl_numnodes(lml->lm_fpavl) == 0); 204 free(lml->lm_fpavl); 205 } 206 list_delete(&dynlm_list, lml); 207 free(lml); 208 } 209 } 210 211 /* 212 * Remove a link-map. This removes a link-map from its associated list and 213 * free's up the link-map itself. Note, all components that are freed are local 214 * to the link-map, no inter-link-map lists are operated on as these are all 215 * broken down by dlclose() while all objects are still mapped. 216 * 217 * This routine is called from dlclose() to zap individual link-maps after their 218 * interdependencies (DEPENDS(), CALLER(), handles, etc.) have been removed. 219 * This routine is also called from the bowels of load_one() in the case of a 220 * link-map creation failure. 221 */ 222 void 223 remove_so(Lm_list *lml, Rt_map *lmp) 224 { 225 Dyninfo *dip; 226 227 if (lmp == 0) 228 return; 229 230 /* 231 * Unlink the link map from the link-map list. 232 */ 233 if (lml && lmp) 234 lm_delete(lml, lmp); 235 236 /* 237 * If this object contributed any local external vectors for the current 238 * link-map list, remove the vectors. If this object contributed any 239 * global external vectors we should find some new candidates, or leave 240 * this object lying around. 241 */ 242 if (lml) { 243 int tag; 244 245 for (tag = 0; tag < CI_MAX; tag++) { 246 if (lml->lm_lcs[tag].lc_lmp == lmp) { 247 lml->lm_lcs[tag].lc_lmp = 0; 248 lml->lm_lcs[tag].lc_un.lc_val = 0; 249 } 250 if (glcs[tag].lc_lmp == lmp) { 251 ASSERT(glcs[tag].lc_lmp != 0); 252 glcs[tag].lc_lmp = 0; 253 glcs[tag].lc_un.lc_val = 0; 254 } 255 } 256 } 257 258 DBG_CALL(Dbg_file_delete(lmp)); 259 260 /* 261 * Unmap the object. 262 */ 263 LM_UNMAP_SO(lmp)(lmp); 264 265 /* 266 * Remove any FullpathNode AVL names if they still exist. 267 */ 268 if (FPNODE(lmp)) 269 fpavl_remove(lmp); 270 271 /* 272 * Remove any alias names. 273 */ 274 if (ALIAS(lmp)) { 275 Aliste off; 276 char ** cpp; 277 278 for (ALIST_TRAVERSE(ALIAS(lmp), off, cpp)) 279 free(*cpp); 280 free(ALIAS(lmp)); 281 } 282 283 /* 284 * Free the various names, as these were duplicated so that they were 285 * available in core files. 286 * The original name is set to the pathname by default (see fullpath()), 287 * but is overridden if the file is an alternative. The pathname is set 288 * to the name by default (see [aout|elf]_new_lm()), but is overridden 289 * if the fullpath/resolve path differs (see fullpath()). The original 290 * name is always duplicated, as it typically exists as a text string 291 * (see DT_NEEDED pointer) or was passed in from user code. 292 */ 293 if (ORIGNAME(lmp) != PATHNAME(lmp)) 294 free(ORIGNAME(lmp)); 295 if (PATHNAME(lmp) != NAME(lmp)) 296 free(PATHNAME(lmp)); 297 free(NAME(lmp)); 298 299 /* 300 * Remove any of this objects filtee infrastructure. The filtees them- 301 * selves have already been removed. 302 */ 303 if (((dip = DYNINFO(lmp)) != 0) && (FLAGS1(lmp) & MSK_RT_FILTER)) { 304 uint_t cnt, max = DYNINFOCNT(lmp); 305 306 for (cnt = 0; cnt < max; cnt++, dip++) { 307 if (dip->di_info && (dip->di_flags & MSK_DI_FILTER)) 308 remove_pnode((Pnode *)dip->di_info); 309 } 310 } 311 if (dip) 312 free(DYNINFO(lmp)); 313 314 /* 315 * Deallocate any remaining cruft and free the link-map. 316 */ 317 if (RLIST(lmp)) 318 remove_pnode(RLIST(lmp)); 319 320 if (REFNAME(lmp)) 321 free(REFNAME(lmp)); 322 if (ELFPRV(lmp)) 323 free(ELFPRV(lmp)); 324 if (AUDITORS(lmp)) 325 audit_desc_cleanup(AUDITORS(lmp), lmp); 326 if (AUDINFO(lmp)) 327 audit_info_cleanup(AUDINFO(lmp)); 328 329 if (CONDVAR(lmp)) 330 free(CONDVAR(lmp)); 331 if (COPY(lmp)) 332 free(COPY(lmp)); 333 if (MMAPS(lmp)) 334 free(MMAPS(lmp)); 335 336 /* 337 * During a dlclose() any groups this object was a part of will have 338 * been torn down. However, we can get here to remove an object that 339 * has failed to load, perhaps because its addition to a handle failed. 340 * Therefore if this object indicates that its part of a group tear 341 * these associations down. 342 */ 343 if (GROUPS(lmp)) { 344 Aliste off1; 345 Grp_hdl ** ghpp; 346 347 for (ALIST_TRAVERSE(GROUPS(lmp), off1, ghpp)) { 348 Grp_hdl * ghp = *ghpp; 349 Grp_desc * gdp; 350 Aliste off2; 351 352 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 353 if (gdp->gd_depend != lmp) 354 continue; 355 356 (void) alist_delete(ghp->gh_depends, 0, &off2); 357 break; 358 } 359 } 360 free(GROUPS(lmp)); 361 } 362 if (HANDLES(lmp)) 363 free(HANDLES(lmp)); 364 365 /* 366 * Clean up reglist if needed 367 */ 368 if (reglist != (Reglist *)0) { 369 Reglist * cur, * prv, * del; 370 371 cur = prv = reglist; 372 while (cur != (Reglist *)0) { 373 if (cur->rl_lmp == lmp) { 374 del = cur; 375 if (cur == reglist) { 376 reglist = cur->rl_next; 377 cur = prv = reglist; 378 } else { 379 prv->rl_next = cur->rl_next; 380 cur = cur->rl_next; 381 } 382 free(del); 383 } else { 384 prv = cur; 385 cur = cur->rl_next; 386 } 387 } 388 } 389 390 free(lmp); 391 } 392 393 394 /* 395 * Traverse an objects dependency list removing callers and dependencies. 396 * There's a chicken and egg problem with tearing down link-maps. Any 397 * relationship between link-maps is maintained on a DEPENDS, and associated 398 * CALLERS list. These lists can't be broken down at the time a single link- 399 * map is removed as any related link-map may have already been removed. Thus, 400 * lists between link-maps must be broken down before the individual link-maps 401 * themselves. 402 */ 403 void 404 remove_lists(Rt_map * lmp, int lazy) 405 { 406 Aliste off1; 407 Bnd_desc ** bdpp; 408 409 /* 410 * First, traverse this objects dependencies. 411 */ 412 for (ALIST_TRAVERSE(DEPENDS(lmp), off1, bdpp)) { 413 Bnd_desc * bdp = *bdpp; 414 Rt_map * dlmp = bdp->b_depend; 415 416 /* 417 * Remove this object from the dependencies callers. 418 */ 419 (void) alist_delete(CALLERS(dlmp), &bdp, 0); 420 free(bdp); 421 } 422 if (DEPENDS(lmp)) { 423 free(DEPENDS(lmp)); 424 DEPENDS(lmp) = 0; 425 } 426 427 /* 428 * Second, traverse this objects callers. 429 */ 430 for (ALIST_TRAVERSE(CALLERS(lmp), off1, bdpp)) { 431 Bnd_desc * bdp = *bdpp; 432 Rt_map * clmp = bdp->b_caller; 433 434 /* 435 * If we're removing an object that was triggered by a lazyload, 436 * remove the callers DYNINFO() entry and bump the lazy counts. 437 * This reinitialization of the lazy information allows a lazy 438 * object to be reloaded again later. Although we may be 439 * breaking down a group of lazyloaded objects because one has 440 * failed to relocate, it's possible that one or more of the 441 * individual objects can be reloaded without a problem. 442 */ 443 if (lazy) { 444 Dyninfo * dip; 445 446 if ((dip = DYNINFO(clmp)) != 0) { 447 uint_t cnt, max = DYNINFOCNT(clmp); 448 449 for (cnt = 0; cnt < max; cnt++, dip++) { 450 if ((dip->di_flags & 451 FLG_DI_NEEDED) == 0) 452 continue; 453 454 if (dip->di_info == (void *)lmp) { 455 dip->di_info = 0; 456 457 if (LAZY(clmp)++ == 0) 458 LIST(clmp)->lm_lazy++; 459 } 460 } 461 } 462 } 463 464 (void) alist_delete(DEPENDS(clmp), &bdp, 0); 465 free(bdp); 466 } 467 if (CALLERS(lmp)) { 468 free(CALLERS(lmp)); 469 CALLERS(lmp) = 0; 470 } 471 } 472 473 /* 474 * Delete any temporary link-map control list. 475 */ 476 void 477 remove_cntl(Lm_list *lml, Aliste lmco) 478 { 479 if (lmco && (lmco != ALO_DATA)) { 480 Aliste _lmco = lmco; 481 #if DEBUG 482 Lm_cntl *lmc = (Lm_cntl *)((char *)lml->lm_lists + lmco); 483 484 /* 485 * This element should be empty. 486 */ 487 ASSERT(lmc->lc_head == 0); 488 #endif 489 (void) alist_delete(lml->lm_lists, 0, &_lmco); 490 } 491 } 492 493 /* 494 * If a lazy loaded object, or filtee fails to load, possibly because it, or 495 * one of its dependencies can't be relocated, then tear down any objects 496 * that are apart of this link-map control list. 497 */ 498 void 499 remove_incomplete(Lm_list *lml, Aliste lmco) 500 { 501 Rt_map *lmp; 502 Lm_cntl *lmc; 503 504 /* LINTED */ 505 lmc = (Lm_cntl *)((char *)lml->lm_lists + lmco); 506 507 /* 508 * First, remove any lists that may point between objects. 509 */ 510 for (lmp = lmc->lc_head; lmp; lmp = (Rt_map *)NEXT(lmp)) 511 remove_lists(lmp, 1); 512 513 /* 514 * Finally, remove each object. remove_so() calls lm_delete(), thus 515 * effectively the link-map control head gets updated to point to the 516 * next link-map. 517 */ 518 while ((lmp = lmc->lc_head) != 0) 519 remove_so(lml, lmp); 520 521 lmc->lc_head = lmc->lc_tail = 0; 522 } 523 524 /* 525 * Determine whether an object is deletable. 526 */ 527 int 528 is_deletable(Alist ** lmalp, Alist ** ghalp, Rt_map * lmp) 529 { 530 Aliste off; 531 Bnd_desc ** bdpp; 532 Grp_hdl ** ghpp; 533 534 /* 535 * If the object hasn't yet been relocated take this as a sign that 536 * it's loading failed, thus we're here to cleanup. If the object is 537 * relocated it will only be retained if it was marked non-deletable, 538 * and exists on the main link-map control list. 539 */ 540 if ((FLAGS(lmp) & FLG_RT_RELOCED) && 541 (MODE(lmp) & RTLD_NODELETE) && (CNTL(lmp) == ALO_DATA)) 542 return (0); 543 544 /* 545 * If this object is the head of a handle that has not been captured as 546 * a candidate for deletion, then this object is in use from a dlopen() 547 * outside of the scope of this dlclose() family. Dlopen'ed objects, 548 * and filtees, have group descriptors for their callers. Typically 549 * this parent will have callers that are not apart of this dlclose() 550 * family, and thus would be caught by the CALLERS test below. However, 551 * if the caller had itself been dlopen'ed, it may not have any explicit 552 * callers registered for itself. Thus, but looking for objects with 553 * handles we can ferret out these outsiders. 554 */ 555 for (ALIST_TRAVERSE(HANDLES(lmp), off, ghpp)) { 556 if (alist_test(ghalp, *ghpp, 557 sizeof (Grp_hdl *), 0) != ALE_EXISTS) 558 return (0); 559 } 560 561 /* 562 * If this object is called by any object outside of the family of 563 * objects selected for deletion, it can't be deleted. 564 */ 565 for (ALIST_TRAVERSE(CALLERS(lmp), off, bdpp)) { 566 if (alist_test(lmalp, (*bdpp)->b_caller, 567 sizeof (Rt_map *), 0) != ALE_EXISTS) 568 return (0); 569 } 570 571 /* 572 * This object is a candidate for deletion. 573 */ 574 return (1); 575 } 576 577 /* 578 * Collect the groups (handles) and associated objects that are candidates for 579 * deletion. The criteria for deleting an object is whether it is only refer- 580 * enced from the objects within the groups that are candidates for deletion. 581 */ 582 static int 583 gdp_collect(Alist **ghalpp, Alist **lmalpp, Grp_hdl *ghp1) 584 { 585 Aliste off; 586 Grp_desc *gdp; 587 int action; 588 589 /* 590 * Add this group to our group collection. If it isn't added either an 591 * allocation has failed, or it already exists. 592 */ 593 if ((action = alist_test(ghalpp, ghp1, sizeof (Grp_hdl *), 594 AL_CNT_GRPCLCT)) != ALE_CREATE) 595 return (action); 596 597 /* 598 * Traverse the dependencies of the group and collect the associated 599 * objects. 600 */ 601 for (ALIST_TRAVERSE(ghp1->gh_depends, off, gdp)) { 602 Rt_map * lmp = gdp->gd_depend; 603 604 /* 605 * We only want to process dependencies for deletion. Although 606 * we want to purge group descriptors for parents, we don't want 607 * to analyze the parent itself for additional filters or 608 * deletion. 609 */ 610 if ((gdp->gd_flags & GPD_ADDEPS) == 0) 611 continue; 612 613 if ((action = alist_test(lmalpp, lmp, sizeof (Rt_map *), 614 AL_CNT_GRPCLCT)) == 0) 615 return (0); 616 if (action == ALE_EXISTS) 617 continue; 618 619 /* 620 * If this object hasn't yet been relocated take this as a sign 621 * that it's loading failed, thus we're here to cleanup. Or, 622 * if this object isn't obviously non-deletable, determine 623 * whether it provides any filtees. Add these groups to the 624 * group collection. 625 */ 626 if ((((FLAGS(lmp) & FLG_RT_RELOCED) == 0) || 627 ((MODE(lmp) & RTLD_NODELETE) == 0)) && 628 (FLAGS1(lmp) & MSK_RT_FILTER)) { 629 Dyninfo * dip = DYNINFO(lmp); 630 uint_t cnt, max = DYNINFOCNT(lmp); 631 632 for (cnt = 0; cnt < max; cnt++, dip++) { 633 Pnode * pnp; 634 635 if ((dip->di_info == 0) || 636 ((dip->di_flags & MSK_DI_FILTER) == 0)) 637 continue; 638 639 for (pnp = (Pnode *)dip->di_info; pnp; 640 pnp = pnp->p_next) { 641 Grp_hdl * ghp2; 642 643 if ((pnp->p_len == 0) || ((ghp2 = 644 (Grp_hdl *)pnp->p_info) == 0)) 645 continue; 646 647 if (gdp_collect(ghalpp, lmalpp, 648 ghp2) == 0) 649 return (0); 650 } 651 } 652 } 653 } 654 return (1); 655 } 656 657 /* 658 * Traverse the list of deletable candidates. If an object can't be deleted 659 * then neither can its dependencies or filtees. Any object that is cleared 660 * from being deleted drops the deletion count, plus, if there are no longer 661 * any deletions pending we can discontinue any further processing. 662 */ 663 static int 664 remove_rescan(Alist * lmalp, Alist * ghalp, int *delcnt) 665 { 666 Aliste off1; 667 Rt_map ** lmpp; 668 int rescan = 0; 669 670 for (ALIST_TRAVERSE(lmalp, off1, lmpp)) { 671 Aliste off2; 672 Bnd_desc ** bdpp; 673 Rt_map * lmp = *lmpp; 674 Dyninfo * dip; 675 uint_t cnt, max; 676 677 if (FLAGS(lmp) & FLG_RT_DELETE) 678 continue; 679 680 /* 681 * As this object can't be deleted, make sure its dependencies 682 * aren't deleted either. 683 */ 684 for (ALIST_TRAVERSE(DEPENDS(lmp), off2, bdpp)) { 685 Rt_map * dlmp = (*bdpp)->b_depend; 686 687 if (FLAGS(dlmp) & FLG_RT_DELETE) { 688 FLAGS(dlmp) &= ~FLG_RT_DELETE; 689 if (--(*delcnt) == 0) 690 return (0); 691 rescan = 1; 692 } 693 } 694 695 /* 696 * If this object is a filtee and one of its filters is outside 697 * of this dlclose family, then it can't be deleted either. 698 */ 699 if ((FLAGS1(lmp) & MSK_RT_FILTER) == 0) 700 continue; 701 702 dip = DYNINFO(lmp); 703 max = DYNINFOCNT(lmp); 704 705 for (cnt = 0; cnt < max; cnt++, dip++) { 706 Pnode * pnp; 707 708 if ((dip->di_info == 0) || 709 ((dip->di_flags & MSK_DI_FILTER) == 0)) 710 continue; 711 712 for (pnp = (Pnode *)dip->di_info; pnp; 713 pnp = pnp->p_next) { 714 Grp_hdl * ghp; 715 Grp_desc * gdp; 716 717 if ((pnp->p_len == 0) || 718 ((ghp = (Grp_hdl *)pnp->p_info) == 0)) 719 continue; 720 721 if (alist_test(&ghalp, ghp, 722 sizeof (Grp_hdl *), 0) == ALE_EXISTS) 723 continue; 724 725 for (ALIST_TRAVERSE(ghp->gh_depends, off2, 726 gdp)) { 727 Rt_map * dlmp = gdp->gd_depend; 728 729 if (FLAGS(dlmp) & FLG_RT_DELETE) { 730 FLAGS(dlmp) &= ~FLG_RT_DELETE; 731 if (--(*delcnt) == 0) 732 return (0); 733 rescan = 1; 734 } 735 } 736 737 /* 738 * Remove this group handle from our dynamic 739 * deletion list. 740 */ 741 (void) alist_delete(ghalp, &ghp, 0); 742 } 743 } 744 } 745 return (rescan); 746 } 747 748 /* 749 * Cleanup any collection alists we've created. 750 */ 751 static void 752 remove_collect(Alist * ghalp, Alist * lmalp) 753 { 754 if (ghalp) 755 free(ghalp); 756 if (lmalp) 757 free(lmalp); 758 } 759 760 /* 761 * Remove a handle, leaving the associated objects intact. Besides the classic 762 * dlopen() usage, handles are used as a means of associating a group of objects 763 * and promoting modes. Once object promotion is completed, the handle should 764 * be discarded while leaving the associated objects intact. Leaving the handle 765 * would prevent the object from being deleted (as it looks like it's in use 766 * by another user). 767 */ 768 void 769 free_hdl(Grp_hdl *ghp) 770 { 771 if (--(ghp->gh_refcnt) == 0) { 772 Grp_desc *gdp; 773 uintptr_t ndx; 774 Aliste off; 775 776 for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) { 777 Rt_map *lmp = gdp->gd_depend; 778 779 if (ghp->gh_ownlmp == lmp) 780 (void) alist_delete(HANDLES(lmp), &ghp, 0); 781 (void) alist_delete(GROUPS(lmp), &ghp, 0); 782 } 783 (void) free(ghp->gh_depends); 784 785 /* LINTED */ 786 ndx = (uintptr_t)ghp % HDLIST_SZ; 787 list_delete(&hdl_list[ndx], ghp); 788 789 (void) free(ghp); 790 } 791 } 792 793 /* 794 * Remove a caller from a group handle. This breaks the bond between a caller 795 * and a hierarchy of dependencies represented by a handle, thus the caller 796 * doesn't lock the hierarchy and prevent their deletion should their processing 797 * fail to complete. If the handle count drops to zero, the handle is marked 798 * as sticky to prevent it's removal, or to confuse orphan handle processing. 799 * The caller may establish a binding to this handle again, once the hierarchy 800 * processing has completed, thus retaining the handle saves having to recreate 801 * it over and over again. 802 */ 803 void 804 remove_caller(Grp_hdl *ghp, Rt_map *clmp) 805 { 806 Grp_desc *gdp; 807 Aliste off; 808 809 if (--(ghp->gh_refcnt) == 0) 810 ghp->gh_flags |= GPH_STICKY; 811 812 for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) { 813 Rt_map *lmp = gdp->gd_depend; 814 815 if (lmp == clmp) { 816 (void) alist_delete(GROUPS(lmp), &ghp, 0); 817 (void) alist_delete(ghp->gh_depends, 0, &off); 818 break; 819 } 820 } 821 } 822 823 /* 824 * Remove the objects associated with a handle. There are two goals here, to 825 * delete the objects associated with the handle, and to remove the handle 826 * itself. Things get a little more complex if the objects selected for 827 * deletion are filters, in this case we also need to collect their filtees, 828 * and process the combined groups as a whole. But, care still must be exer- 829 * cised to make sure any filtees found aren't being used by filters outside of 830 * the groups we've collect. The series of events is basically: 831 * 832 * o Determine the groups (handles) that might be deletable. 833 * 834 * o Determine the objects of these handles that can be deleted. 835 * 836 * o Fire the fini's of those objects selected for deletion. 837 * 838 * o Remove all inter-dependency linked lists while the objects link-maps 839 * are still available. 840 * 841 * o Remove all deletable objects link-maps and unmap the objects themselves. 842 * 843 * o Remove the handle descriptors for each deleted object, and hopefully 844 * the whole handle. 845 * 846 * An handle that can't be deleted is added to an orphans list. This list is 847 * revisited any time another dlclose() request results in handle descriptors 848 * being deleted. These deleted descriptors can be sufficient to allow the 849 * final deletion of the orphaned handles. 850 */ 851 int 852 remove_hdl(Grp_hdl *ghp, Rt_map *clmp, int *removed) 853 { 854 Rt_map * lmp, ** lmpp; 855 int rescan = 0; 856 int delcnt = 0, rmcnt = 0, error = 0, orphans; 857 Alist * lmalp = 0, * ghalp = 0; 858 Aliste off1, off2; 859 Grp_hdl ** ghpp; 860 Grp_desc * gdp; 861 Lm_list * lml = 0; 862 863 /* 864 * Generate the family of groups and objects that are candidates for 865 * deletion. This consists of the objects that are explicitly defined 866 * as dependencies of this handle, plus any filtee handles and their 867 * associated objects. 868 */ 869 if (gdp_collect(&ghalp, &lmalp, ghp) == 0) { 870 remove_collect(ghalp, lmalp); 871 return (0); 872 } 873 874 DBG_CALL(Dbg_file_hdl_title(DBG_DEP_DELETE)); 875 876 /* 877 * Traverse the groups we've collected to determine if any filtees are 878 * included. If so, and the filtee handle is in use by a filter outside 879 * of the family of objects collected for this deletion, it can not be 880 * removed. 881 */ 882 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 883 Grp_hdl * ghp = *ghpp; 884 885 DBG_CALL(Dbg_file_hdl_collect(ghp, 0)); 886 887 if ((ghp->gh_flags & GPH_FILTEE) == 0) 888 continue; 889 890 /* 891 * Special case for ld.so.1. There can be multiple instances of 892 * libdl.so.1 using this handle, so although we want the handles 893 * reference count to be decremented, we don't want the handle 894 * removed. 895 */ 896 if (ghp->gh_flags & GPH_LDSO) { 897 DBG_CALL(Dbg_file_hdl_collect(ghp, 898 NAME(lml_rtld.lm_head))); 899 (void) alist_delete(ghalp, 0, &off1); 900 continue; 901 } 902 903 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 904 Grp_hdl ** ghpp3; 905 Aliste off3; 906 907 /* 908 * Determine whether this dependency is the filtee's 909 * parent filter, and that it isn't also an explicit 910 * dependency (in which case it would have added its own 911 * dependencies to the handle). 912 */ 913 if ((gdp->gd_flags & 914 (GPD_FILTER | GPD_ADDEPS)) != GPD_FILTER) 915 continue; 916 917 if (alist_test(&lmalp, gdp->gd_depend, 918 sizeof (Rt_map *), 0) == ALE_EXISTS) 919 continue; 920 921 /* 922 * Remove this group handle from our dynamic deletion 923 * list. In addition, recompute the list of objects 924 * that are candidates for deletion to continue this 925 * group verification. 926 */ 927 DBG_CALL(Dbg_file_hdl_collect(ghp, 928 NAME(gdp->gd_depend))); 929 (void) alist_delete(ghalp, 0, &off1); 930 931 free(lmalp); 932 lmalp = 0; 933 for (ALIST_TRAVERSE(ghalp, off3, ghpp3)) { 934 Aliste off4; 935 Grp_desc * gdp4; 936 937 for (ALIST_TRAVERSE((*ghpp3)->gh_depends, 938 off4, gdp4)) { 939 if ((gdp4->gd_flags & GPD_ADDEPS) == 0) 940 continue; 941 if (alist_test(&lmalp, gdp4->gd_depend, 942 sizeof (Rt_map *), 943 AL_CNT_GRPCLCT) == 0) { 944 remove_collect(ghalp, lmalp); 945 return (0); 946 } 947 } 948 } 949 break; 950 } 951 } 952 953 /* 954 * Now that we've collected all the handles dependencies, traverse the 955 * collection determining whether they are a candidate for deletion. 956 */ 957 for (ALIST_TRAVERSE(lmalp, off1, lmpp)) { 958 lmp = *lmpp; 959 960 /* 961 * Establish which link-map list we're dealing with for later 962 * .fini processing. 963 */ 964 if (lml == 0) 965 lml = LIST(lmp); 966 967 /* 968 * If an object isn't a candidate for deletion we'll have to 969 * rescan the handle insuring that this objects dependencies 970 * aren't deleted either. 971 */ 972 if (is_deletable(&lmalp, &ghalp, lmp)) { 973 FLAGS(lmp) |= FLG_RT_DELETE; 974 delcnt++; 975 } else 976 rescan = 1; 977 } 978 979 /* 980 * Rescan the handle if any objects where found non-deletable. 981 */ 982 while (rescan) 983 rescan = remove_rescan(lmalp, ghalp, &delcnt); 984 985 /* 986 * Now that we have determined the number of groups that are candidates 987 * for removal, mark each group descriptor as a candidate for removal 988 * from the group. 989 */ 990 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 991 for (ALIST_TRAVERSE((*ghpp)->gh_depends, off2, gdp)) 992 gdp->gd_flags |= GPD_REMOVE; 993 } 994 995 /* 996 * Now that we know which objects on this handle can't be deleted 997 * determine whether they still need to remain identified as belonging 998 * to this group to be able to continue binding to one another. 999 */ 1000 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 1001 Grp_hdl * ghp = *ghpp; 1002 1003 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 1004 Aliste off3; 1005 Bnd_desc ** bdpp; 1006 1007 lmp = gdp->gd_depend; 1008 1009 if (FLAGS(lmp) & FLG_RT_DELETE) 1010 continue; 1011 1012 for (ALIST_TRAVERSE(DEPENDS(lmp), off3, bdpp)) { 1013 Aliste off4; 1014 Grp_desc * gdp4; 1015 Rt_map * dlmp = (*bdpp)->b_depend; 1016 1017 /* 1018 * If this dependency (dlmp) can be referenced 1019 * by the caller (clmp) without being part of 1020 * this group (ghp) then belonging to this group 1021 * is no longer necessary. This can occur when 1022 * objects are part of multiple handles, or if a 1023 * previously deleted handle was moved to the 1024 * orphan list and has been reopened. Note, 1025 * first make sure the caller can reference the 1026 * dependency with this group, if it can't we 1027 * must be bound to a filtee, so there's no need 1028 * to remain a part of this group either. 1029 */ 1030 if ((callable(lmp, dlmp, 0) == 0) || 1031 callable(lmp, dlmp, ghp)) 1032 continue; 1033 1034 if (gdp->gd_flags & GPD_REMOVE) 1035 gdp->gd_flags &= ~GPD_REMOVE; 1036 1037 for (ALIST_TRAVERSE(ghp->gh_depends, 1038 off4, gdp4)) { 1039 if (gdp4->gd_depend != dlmp) 1040 continue; 1041 1042 if (gdp4->gd_flags & GPD_REMOVE) 1043 gdp4->gd_flags &= ~GPD_REMOVE; 1044 } 1045 } 1046 } 1047 } 1048 1049 /* 1050 * If the owner of a handle can't be deleted and it's handle descriptor 1051 * must remain also, don't delete the handle at all. Leave it for 1052 * possible later use. Although it's left intact, it will still be 1053 * moved to the orphans list, as we might be able to revisit it on later 1054 * dlclose() operations and finally remove the underlying objects. Note 1055 * that the handle still remains attached to the owner via the HANDLES 1056 * list, so that it can be re-associated to the owner if a dlopen() 1057 * of this object reoccurs. 1058 */ 1059 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 1060 Grp_hdl * ghp = *ghpp; 1061 1062 /* 1063 * If this handle is already an orphan, or if it's owner is 1064 * deletable there's no need to inspect its dependencies. 1065 */ 1066 if ((ghp->gh_ownlmp == 0) || 1067 (FLAGS(ghp->gh_ownlmp) & FLG_RT_DELETE)) 1068 continue; 1069 1070 /* 1071 * Make sure all handle dependencies aren't removed or the 1072 * dependencies themselves aren't deleted. 1073 */ 1074 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 1075 lmp = gdp->gd_depend; 1076 1077 /* 1078 * The first dependency of a non-orphaned handle is the 1079 * owner. If the handle descriptor for this isn't 1080 * required there's no need to look at any other of the 1081 * handles dependencies. 1082 */ 1083 if ((lmp == ghp->gh_ownlmp) && 1084 (gdp->gd_flags & GPD_REMOVE)) 1085 break; 1086 1087 if (gdp->gd_flags & GPD_REMOVE) 1088 gdp->gd_flags &= ~GPD_REMOVE; 1089 if (FLAGS(lmp) & FLG_RT_DELETE) { 1090 FLAGS(lmp) &= ~FLG_RT_DELETE; 1091 delcnt--; 1092 } 1093 } 1094 } 1095 1096 /* 1097 * Final scan of objects to see if any objects are to to be deleted. 1098 * Also - display diagnostic information on what operations are to be 1099 * performed on the collected handles before firing .fini's (which 1100 * produces additional diagnostics). 1101 */ 1102 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 1103 Grp_hdl * ghp = *ghpp; 1104 1105 DBG_CALL(Dbg_file_hdl_title(DBG_DEP_DELETE)); 1106 1107 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 1108 int flag; 1109 1110 lmp = gdp->gd_depend; 1111 1112 if (FLAGS(lmp) & FLG_RT_DELETE) { 1113 flag = DBG_DEP_DELETE; 1114 /* 1115 * Remove any pathnames from the FullpathNode 1116 * AVL tree. As we're about to fire .fini's, 1117 * it's possible this object will be required 1118 * again, in which case we want to make sure a 1119 * new version of the object gets loaded. 1120 */ 1121 if (FPNODE(lmp)) 1122 fpavl_remove(lmp); 1123 } else if (gdp->gd_flags & GPD_REMOVE) 1124 flag = DBG_DEP_REMOVE; 1125 else 1126 flag = DBG_DEP_REMAIN; 1127 1128 DBG_CALL(Dbg_file_hdl_action(ghp, lmp, flag)); 1129 } 1130 } 1131 1132 /* 1133 * If there are objects to be deleted process their .fini's. 1134 */ 1135 if (delcnt) { 1136 Rt_map ** tobj; 1137 1138 /* 1139 * If we're being audited tell the audit library that we're 1140 * about to go deleting dependencies. 1141 */ 1142 if (clmp && ((LIST(clmp)->lm_tflags | FLAGS1(clmp)) & 1143 LML_TFLG_AUD_ACTIVITY)) 1144 audit_activity(clmp, LA_ACT_DELETE); 1145 1146 /* 1147 * Sort and fire all fini's of the objects selected for 1148 * deletion. Note that we have to start our search from the 1149 * link-map head - there's no telling whether this object has 1150 * dependencies on objects that were loaded before it and which 1151 * can now be deleted. If the tsort() fails because of an 1152 * allocation error then that might just be a symptom of why 1153 * we're here in the first place - forgo the fini's but 1154 * continue to try cleaning up. 1155 */ 1156 lml->lm_flags |= LML_FLG_OBJDELETED; 1157 1158 if (((tobj = tsort(lml->lm_head, delcnt, 1159 (RT_SORT_DELETE | RT_SORT_FWD))) != 0) && 1160 (tobj != (Rt_map **)S_ERROR)) { 1161 error = purge_exit_handlers(lml, tobj); 1162 call_fini(lml, tobj); 1163 } 1164 1165 /* 1166 * Audit the closure of the dlopen'ed object to any local 1167 * auditors. Any global auditors would have been caught by 1168 * call_fini(), but as the link-maps CALLERS was removed 1169 * already we do the local auditors explicitly. 1170 */ 1171 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 1172 Grp_hdl * ghp = *ghpp; 1173 Rt_map * dlmp = ghp->gh_ownlmp; 1174 1175 if (clmp && dlmp && 1176 ((LIST(dlmp)->lm_flags & LML_FLG_NOAUDIT) == 0) && 1177 (FLAGS1(clmp) & LML_TFLG_AUD_OBJCLOSE)) 1178 _audit_objclose(&(AUDITORS(clmp)->ad_list), 1179 dlmp); 1180 } 1181 } 1182 1183 /* 1184 * Now that .fini processing (which may have involved new bindings) 1185 * is complete, remove all inter-dependency lists from those objects 1186 * selected for deletion. 1187 */ 1188 for (ALIST_TRAVERSE(lmalp, off1, lmpp)) { 1189 Dyninfo * dip; 1190 uint_t cnt, max; 1191 1192 lmp = *lmpp; 1193 1194 if (FLAGS(lmp) & FLG_RT_DELETE) 1195 remove_lists(lmp, 0); 1196 1197 /* 1198 * Determine whether we're dealing with a filter, and if so 1199 * process any inter-dependencies with its filtee's. 1200 */ 1201 if ((FLAGS1(lmp) & MSK_RT_FILTER) == 0) 1202 continue; 1203 1204 dip = DYNINFO(lmp); 1205 max = DYNINFOCNT(lmp); 1206 1207 for (cnt = 0; cnt < max; cnt++, dip++) { 1208 Pnode * pnp; 1209 1210 if ((dip->di_info == 0) || 1211 ((dip->di_flags & MSK_DI_FILTER) == 0)) 1212 continue; 1213 1214 for (pnp = (Pnode *)dip->di_info; pnp; 1215 pnp = pnp->p_next) { 1216 Grp_hdl * ghp; 1217 1218 if ((pnp->p_len == 0) || 1219 ((ghp = (Grp_hdl *)pnp->p_info) == 0)) 1220 continue; 1221 1222 /* 1223 * Determine whether this filtee's handle is a 1224 * part of the list of handles being deleted. 1225 */ 1226 if (alist_test(&ghalp, ghp, 1227 sizeof (Grp_hdl *), 0) == ALE_EXISTS) { 1228 /* 1229 * If this handle exists on the deletion 1230 * list, then it has been removed. If 1231 * this filter isn't going to be 1232 * deleted, server its reference to the 1233 * handle. 1234 */ 1235 pnp->p_info = 0; 1236 } else { 1237 /* 1238 * If this handle isn't on the deletion 1239 * list, then it must still exist. If 1240 * this filter is being deleted, make 1241 * sure the filtees reference count 1242 * gets decremented. 1243 */ 1244 if (FLAGS(lmp) & FLG_RT_DELETE) 1245 (void) dlclose_core(ghp, lmp); 1246 } 1247 } 1248 } 1249 } 1250 1251 /* 1252 * If called from dlclose(), determine if there are already handles on 1253 * the orphans list that we can reinvestigate. 1254 */ 1255 if ((removed == 0) && hdl_list[HDLIST_ORP].head) 1256 orphans = 1; 1257 else 1258 orphans = 0; 1259 1260 /* 1261 * Finally remove any handle infrastructure and remove any objects 1262 * marked for deletion. 1263 */ 1264 for (ALIST_TRAVERSE(ghalp, off1, ghpp)) { 1265 Grp_hdl * ghp = *ghpp; 1266 1267 /* 1268 * If we're not dealing with orphaned handles remove this handle 1269 * from its present handle list. 1270 */ 1271 if (removed == 0) { 1272 uintptr_t ndx; 1273 1274 /* LINTED */ 1275 ndx = (uintptr_t)ghp % HDLIST_SZ; 1276 list_delete(&hdl_list[ndx], ghp); 1277 } 1278 1279 /* 1280 * Traverse each handle dependency. 1281 */ 1282 for (ALIST_TRAVERSE(ghp->gh_depends, off2, gdp)) { 1283 if ((gdp->gd_flags & GPD_REMOVE) == 0) 1284 continue; 1285 1286 lmp = gdp->gd_depend; 1287 rmcnt++; 1288 1289 /* 1290 * If this object is the owner of the handle break that 1291 * association in case the handle is retained. 1292 */ 1293 if (ghp->gh_ownlmp == lmp) { 1294 (void) alist_delete(HANDLES(lmp), &ghp, 0); 1295 ghp->gh_ownlmp = 0; 1296 } 1297 1298 (void) alist_delete(GROUPS(lmp), &ghp, 0); 1299 (void) alist_delete(ghp->gh_depends, 0, &off2); 1300 1301 /* 1302 * Complete the link-map deletion if appropriate. 1303 */ 1304 if (FLAGS(lmp) & FLG_RT_DELETE) { 1305 tls_modaddrem(lmp, TM_FLG_MODREM); 1306 remove_so(LIST(lmp), lmp); 1307 } 1308 } 1309 1310 /* 1311 * If we've deleted all the dependencies of the handle finalize 1312 * the cleanup by removing the handle itself. 1313 * 1314 * Otherwise we're left with a handle containing one or more 1315 * objects that can not be deleted (they're in use by other 1316 * handles, non-deletable, etc.), but require to remain a part 1317 * of this group to allow them to continue binding to one 1318 * another. Should any other dlclose() operation occur that 1319 * results in the removal of handle descriptors, these orphan 1320 * handles are re-examined to determine if their deletion can be 1321 * completed. 1322 */ 1323 if (ghp->gh_depends->al_data[0] == 0) { 1324 remove_lml(lml); 1325 free(ghp->gh_depends); 1326 free(ghp); 1327 } else if (removed == 0) { 1328 /* 1329 * Move this handle to the orphans list (if it isn't 1330 * already there). 1331 */ 1332 (void) list_append(&hdl_list[HDLIST_ORP], ghp); 1333 1334 if (DBG_ENABLED) { 1335 DBG_CALL(Dbg_file_hdl_title(DBG_DEP_ORPHAN)); 1336 for (ALIST_TRAVERSE(ghp->gh_depends, off1, gdp)) 1337 DBG_CALL(Dbg_file_hdl_action(ghp, 1338 gdp->gd_depend, DBG_DEP_REMAIN)); 1339 } 1340 } 1341 } 1342 1343 /* 1344 * If no handle descriptors got removed there's no point in looking for 1345 * orphans to process. 1346 */ 1347 if (rmcnt == 0) 1348 orphans = 0; 1349 1350 /* 1351 * Cleanup any alists we've created. 1352 */ 1353 remove_collect(ghalp, lmalp); 1354 1355 /* 1356 * If orphan processing isn't required we're done. If our processing 1357 * originated from investigating orphans, return the number of handle 1358 * descriptors removed as an indication whether orphan processing 1359 * should continue. 1360 */ 1361 if (orphans == 0) { 1362 if (removed) 1363 *removed = rmcnt; 1364 return (error); 1365 } 1366 1367 /* 1368 * Traverse the orphans list as many times as necessary until no 1369 * handle removals occur. 1370 */ 1371 do { 1372 List list; 1373 Listnode *lnp; 1374 Grp_hdl *ghp, *oghp = 0; 1375 int title = 0; 1376 1377 /* 1378 * Effectively clean the HDLIST_ORP list. Any object that can't 1379 * be removed will be re-added to the list. 1380 */ 1381 list = hdl_list[HDLIST_ORP]; 1382 hdl_list[HDLIST_ORP].head = hdl_list[HDLIST_ORP].tail = 0; 1383 1384 rescan = 0; 1385 for (LIST_TRAVERSE(&list, lnp, ghp)) { 1386 int _error, _remove; 1387 1388 if (title++ == 0) 1389 DBG_CALL(Dbg_file_del_rescan(ghp->gh_ownlml)); 1390 1391 if (oghp) { 1392 list_delete(&list, oghp); 1393 oghp = 0; 1394 } 1395 1396 if (((_error = remove_hdl(ghp, clmp, &_remove)) != 0) && 1397 (error == 0)) 1398 error = _error; 1399 1400 if (_remove) 1401 rescan++; 1402 1403 oghp = ghp; 1404 } 1405 if (oghp) { 1406 list_delete(&list, oghp); 1407 oghp = 0; 1408 } 1409 1410 } while (rescan && hdl_list[HDLIST_ORP].head); 1411 1412 return (error); 1413 } 1414