1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /* 27 * Copyright (c) 1988 AT&T 28 * All Rights Reserved 29 */ 30 /* 31 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 32 */ 33 34 /* 35 * Run time linker common setup. 36 * 37 * Called from _setup to get the process going at startup. 38 */ 39 40 #include <stdlib.h> 41 #include <fcntl.h> 42 #include <stdio.h> 43 #include <sys/types.h> 44 #include <sys/stat.h> 45 #include <sys/mman.h> 46 #include <string.h> 47 #include <unistd.h> 48 #include <dlfcn.h> 49 #include <sys/sysconfig.h> 50 #include <sys/auxv.h> 51 #include <debug.h> 52 #include <conv.h> 53 #include "_rtld.h" 54 #include "_audit.h" 55 #include "_elf.h" 56 #include "_a.out.h" 57 #include "msg.h" 58 59 60 extern int _end, _edata, _etext; 61 extern void _init(void); 62 extern int _brk_unlocked(void *); 63 64 #ifndef SGS_PRE_UNIFIED_PROCESS 65 /* needed for _brk_unlocked() */ 66 void *_nd = &_end; 67 #endif 68 69 /* 70 * Counters that are incremented every time an object is mapped/unmapped. 71 * 72 * Note that exec() will usually map 2 objects before we receive control, 73 * but this can be 1 if ld.so.1 is executed directly. We count one of these 74 * here, and add another as necessary in setup(). 75 */ 76 u_longlong_t cnt_map = 1; 77 u_longlong_t cnt_unmap = 0; 78 79 80 /* 81 * Define for the executable's interpreter. 82 * Usually it is ld.so.1, but for the first release of ICL binaries 83 * it is libc.so.1. We keep this information so that we don't end 84 * up mapping libc twice if it is the interpreter. 85 */ 86 static Interp _interp; 87 88 /* 89 * LD_PRELOAD objects. 90 */ 91 static int 92 preload(const char *str, Rt_map *mlmp, Rt_map **clmp) 93 { 94 Alist *palp = NULL; 95 char *objs, *ptr, *next; 96 Word lmflags = lml_main.lm_flags; 97 int lddstub; 98 99 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 100 101 if ((objs = strdup(str)) == NULL) 102 return (0); 103 104 /* 105 * Determine if we've been called from lddstub. 106 */ 107 lddstub = (lmflags & LML_FLG_TRC_ENABLE) && 108 (FLAGS1(*clmp) & FL1_RT_LDDSTUB); 109 110 111 for (ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); 112 ptr != NULL; 113 ptr = strtok_r(NULL, MSG_ORIG(MSG_STR_DELIMIT), &next)) { 114 Rt_map *nlmp = NULL; 115 uint_t flags; 116 117 DBG_CALL(Dbg_file_preload(&lml_main, ptr)); 118 119 /* 120 * Establish the flags for loading each object. If we're 121 * called via lddstub, then the first preloaded object is the 122 * object being inspected by ldd(1). This object should not be 123 * marked as an interposer, as this object is intended to act 124 * as the target object of the process. 125 */ 126 if (lddstub) 127 flags = FLG_RT_PRELOAD; 128 else 129 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); 130 131 /* 132 * If this a secure application, then preload errors are 133 * reduced to warnings, as the errors are non-fatal. 134 */ 135 if (rtld_flags & RT_FL_SECURE) 136 rtld_flags2 |= RT_FL2_FTL2WARN; 137 if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED, 138 PD_FLG_EXTLOAD, 0) != 0) 139 nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp, 140 MODE(mlmp), flags, 0, NULL); 141 remove_alist(&palp, 0); 142 if (rtld_flags & RT_FL_SECURE) 143 rtld_flags2 &= ~RT_FL2_FTL2WARN; 144 if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0)) 145 nlmp = NULL; 146 147 if (lddstub && nlmp) { 148 lddstub = 0; 149 150 /* 151 * Fabricate a binding between the target shared object 152 * and lddstub so that the target object isn't called 153 * out from unused() processing. 154 */ 155 if (lmflags & 156 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) { 157 if (bind_one(*clmp, nlmp, BND_REFER) == 0) 158 nlmp = NULL; 159 } 160 161 /* 162 * By identifying lddstub as the caller, several 163 * confusing ldd() diagnostics get suppressed. These 164 * diagnostics would reveal how the target shared object 165 * was found from lddstub. Now that the real target is 166 * loaded, identify the target as the caller so that all 167 * ldd() diagnostics are enabled for subsequent objects. 168 */ 169 if (nlmp) 170 *clmp = nlmp; 171 } 172 173 /* 174 * If no error occurred with loading this object, indicate that 175 * this link-map list contains an interposer. 176 */ 177 if (nlmp == NULL) { 178 if ((lmflags & LML_FLG_TRC_ENABLE) || 179 (rtld_flags & RT_FL_SECURE)) 180 continue; 181 else 182 return (0); 183 } 184 if (flags & FLG_RT_OBJINTPO) 185 lml_main.lm_flags |= LML_FLG_INTRPOSE; 186 187 } 188 189 free(palp); 190 free(objs); 191 return (1); 192 } 193 194 Rt_map * 195 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, 196 char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr, 197 char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid, 198 void *aoutdyn, int auxflags, uint_t *hwcap) 199 { 200 Rt_map *rlmp, *mlmp, *clmp, **tobj = NULL; 201 Ehdr *ehdr; 202 rtld_stat_t status; 203 int features = 0, ldsoexec = 0; 204 size_t eaddr, esize; 205 char *str, *argvname; 206 Word lmflags; 207 mmapobj_result_t *mpp; 208 Fdesc fdr = { 0 }, fdm = { 0 }; 209 Rej_desc rej = { 0 }; 210 APlist *ealp = NULL; 211 212 /* 213 * Now that ld.so has relocated itself, initialize our own 'environ' so 214 * as to establish an address suitable for any libc requirements. 215 */ 216 _environ = (char **)((ulong_t)auxv - sizeof (char *)); 217 _init(); 218 _environ = envp; 219 220 /* 221 * Establish a base time. Total time diagnostics start from entering 222 * ld.so.1 here, however the base time is reset each time the ld.so.1 223 * is re-entered. Note also, there will be a large time associated 224 * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1 225 * and establishing the liblddbg infrastructure takes some time. 226 */ 227 (void) gettimeofday(&DBG_TOTALTIME, NULL); 228 DBG_DELTATIME = DBG_TOTALTIME; 229 230 /* 231 * Determine how ld.so.1 has been executed. 232 */ 233 if ((fd == -1) && (phdr == NULL)) { 234 /* 235 * If we received neither the AT_EXECFD nor the AT_PHDR aux 236 * vector, ld.so.1 must have been invoked directly from the 237 * command line. 238 */ 239 ldsoexec = 1; 240 241 /* 242 * AT_SUN_EXECNAME provides the most precise name, if it is 243 * available, otherwise fall back to argv[0]. At this time, 244 * there is no process name. 245 */ 246 if (execname) 247 rtldname = execname; 248 else if (argv[0]) 249 rtldname = argv[0]; 250 else 251 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 252 } else { 253 /* 254 * Otherwise, we have a standard process. AT_SUN_EXECNAME 255 * provides the most precise name, if it is available, 256 * otherwise fall back to argv[0]. Provided the application 257 * is already mapped, the process is the application, so 258 * simplify the application name for use in any diagnostics. 259 */ 260 if (execname) 261 argvname = execname; 262 else if (argv[0]) 263 argvname = execname = argv[0]; 264 else 265 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 266 267 if (fd == -1) { 268 if ((str = strrchr(argvname, '/')) != NULL) 269 procname = ++str; 270 else 271 procname = argvname; 272 } 273 274 /* 275 * At this point, we don't know the runtime linkers full path 276 * name. The _rtldname passed to us is the SONAME of the 277 * runtime linker, which is typically /lib/ld.so.1 no matter 278 * what the full path is. Use this for now, we'll reset the 279 * runtime linkers name once the application is analyzed. 280 */ 281 if (_rtldname) { 282 if ((str = strrchr(_rtldname, '/')) != NULL) 283 rtldname = ++str; 284 else 285 rtldname = _rtldname; 286 } else 287 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 288 289 /* exec() brought in two objects for us. Count the second one */ 290 cnt_map++; 291 } 292 293 /* 294 * Initialize any global variables. 295 */ 296 at_flags = _flags; 297 298 if ((org_scapset->sc_plat = _platform) != NULL) 299 org_scapset->sc_platsz = strlen(_platform); 300 301 if (org_scapset->sc_plat == NULL) 302 platform_name(org_scapset); 303 if (org_scapset->sc_mach == NULL) 304 machine_name(org_scapset); 305 306 /* 307 * If pagesize is unspecified find its value. 308 */ 309 if ((syspagsz = _syspagsz) == 0) 310 syspagsz = _sysconfig(_CONFIG_PAGESIZE); 311 312 /* 313 * Add the unused portion of the last data page to the free space list. 314 * The page size must be set before doing this. Here, _end refers to 315 * the end of the runtime linkers bss. Note that we do not use the 316 * unused data pages from any included .so's to supplement this free 317 * space as badly behaved .os's may corrupt this data space, and in so 318 * doing ruin our data. 319 */ 320 eaddr = S_DROUND((size_t)&_end); 321 esize = eaddr % syspagsz; 322 if (esize) { 323 esize = syspagsz - esize; 324 addfree((void *)eaddr, esize); 325 } 326 327 /* 328 * Establish initial link-map list flags, and link-map list alists. 329 */ 330 if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl), 331 AL_CNT_LMLISTS) == NULL) 332 return (0); 333 lml_main.lm_flags |= LML_FLG_BASELM; 334 lml_main.lm_lmid = LM_ID_BASE; 335 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); 336 337 if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl), 338 AL_CNT_LMLISTS) == NULL) 339 return (0); 340 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_HOLDLOCK); 341 lml_rtld.lm_tflags |= LML_TFLG_NOAUDIT; 342 lml_rtld.lm_lmid = LM_ID_LDSO; 343 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); 344 345 /* 346 * Determine whether we have a secure executable. 347 */ 348 security(uid, euid, gid, egid, auxflags); 349 350 /* 351 * Make an initial pass of environment variables to pick off those 352 * related to locale processing. At the same time, collect and save 353 * any LD_XXXX variables for later processing. Note that this later 354 * processing will be skipped if ld.so.1 is invoked from the command 355 * line with -e LD_NOENVIRON. 356 */ 357 if (envp && (readenv_user((const char **)envp, &ealp) == 1)) 358 return (0); 359 360 /* 361 * If ld.so.1 has been invoked directly, process its arguments. 362 */ 363 if (ldsoexec) { 364 /* 365 * Process any arguments that are specific to ld.so.1, and 366 * reorganize the process stack to effectively remove ld.so.1 367 * from the stack. Reinitialize the environment pointer, as 368 * this pointer may have been shifted after skipping ld.so.1's 369 * arguments. 370 */ 371 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), 372 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { 373 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); 374 return (0); 375 } 376 _environ = envp; 377 378 /* 379 * Open the object that ld.so.1 is to execute. 380 */ 381 argvname = execname = argv[0]; 382 383 if ((fd = open(argvname, O_RDONLY)) == -1) { 384 int err = errno; 385 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), 386 argvname, strerror(err)); 387 return (0); 388 } 389 } 390 391 /* 392 * Having processed any ld.so.1 command line options, return to process 393 * any LD_XXXX environment variables. 394 */ 395 if (ealp) { 396 if (((rtld_flags & RT_FL_NOENVIRON) == 0) && 397 (procenv_user(ealp, &(lml_main.lm_flags), 398 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1)) 399 return (0); 400 free(ealp); 401 } 402 403 /* 404 * Initialize a hardware capability descriptor for use in comparing 405 * each loaded object. The aux vector must provide AF_SUN_HWCAPVERIFY, 406 * as prior to this setting any hardware capabilities that were found 407 * could not be relied upon. 408 */ 409 if (auxflags & AF_SUN_HWCAPVERIFY) { 410 rtld_flags2 |= RT_FL2_HWCAP; 411 org_scapset->sc_hw_1 = (Xword)hwcap[0]; 412 org_scapset->sc_hw_2 = (Xword)hwcap[1]; 413 } 414 415 /* 416 * Create a mapping descriptor for ld.so.1. We can determine our 417 * two segments information from known symbols. 418 */ 419 if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL) 420 return (0); 421 mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base); 422 mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr; 423 mpp[0].mr_fsize = mpp[0].mr_msize; 424 mpp[0].mr_prot = (PROT_READ | PROT_EXEC); 425 426 mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug); 427 mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr; 428 mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr; 429 mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC); 430 431 if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL) 432 return (0); 433 if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr, 434 (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base), 435 NULL, NULL, NULL)) == NULL) 436 return (0); 437 438 MMAPS(rlmp) = mpp; 439 MMAPCNT(rlmp) = 2; 440 PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr; 441 PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr + 442 (ulong_t)mpp[1].mr_msize; 443 444 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 445 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | 446 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); 447 448 /* 449 * Initialize the runtime linkers information. 450 */ 451 interp = &_interp; 452 interp->i_name = (char *)rtldname; 453 interp->i_faddr = (caddr_t)ADDR(rlmp); 454 ldso_plt_init(rlmp); 455 456 /* 457 * Map in the file, if exec has not already done so, or if the file 458 * was passed as an argument to an explicit execution of ld.so.1 from 459 * the command line. 460 */ 461 if (fd != -1) { 462 /* 463 * Map the file. Once the object is mapped we no longer need 464 * the file descriptor. 465 */ 466 (void) rtld_fstat(fd, &status); 467 fdm.fd_oname = argvname; 468 fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname, 469 fd, &rej); 470 (void) close(fd); 471 472 if (fdm.fd_ftp == NULL) { 473 Conv_reject_desc_buf_t rej_buf; 474 475 eprintf(&lml_main, ERR_FATAL, 476 MSG_INTL(err_reject[rej.rej_type]), argvname, 477 conv_reject_desc(&rej, &rej_buf, M_MACH)); 478 return (0); 479 } 480 481 /* 482 * Finish processing the loading of the file. 483 */ 484 if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL) 485 return (0); 486 fdm.fd_dev = status.st_dev; 487 fdm.fd_ino = status.st_ino; 488 489 if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, NULL, &fdm, 490 NULL)) == NULL) 491 return (0); 492 493 /* 494 * We now have a process name for error diagnostics. 495 */ 496 if ((str = strrchr(argvname, '/')) != NULL) 497 procname = ++str; 498 else 499 procname = argvname; 500 501 if (ldsoexec) { 502 mmapobj_result_t *mpp = MMAPS(mlmp); 503 uint_t mnum, mapnum = MMAPCNT(mlmp); 504 void *brkbase = NULL; 505 506 /* 507 * Since ld.so.1 was the primary executed object - the 508 * brk() base has not yet been initialized, we need to 509 * initialize it. For an executable, initialize it to 510 * the end of the object. For a shared object (ET_DYN) 511 * initialize it to the first page in memory. 512 */ 513 for (mnum = 0; mnum < mapnum; mnum++, mpp++) 514 brkbase = mpp->mr_addr + mpp->mr_msize; 515 516 if (brkbase == NULL) 517 brkbase = (void *)syspagsz; 518 519 if (_brk_unlocked(brkbase) == -1) { 520 int err = errno; 521 522 eprintf(&lml_main, ERR_FATAL, 523 MSG_INTL(MSG_SYS_BRK), argvname, 524 strerror(err)); 525 return (0); 526 } 527 } 528 } else { 529 /* 530 * Set up function ptr and arguments according to the type 531 * of file class the executable is. (Currently only supported 532 * types are ELF and a.out format.) Then create a link map 533 * for the executable. 534 */ 535 if (aoutdyn) { 536 #ifdef A_OUT 537 mmapobj_result_t *mpp; 538 539 /* 540 * Create a mapping structure sufficient to describe 541 * a single two segments. The ADDR() of the a.out is 542 * established as 0, which is required but the AOUT 543 * relocation code. 544 */ 545 if ((mpp = 546 calloc(sizeof (mmapobj_result_t), 2)) == NULL) 547 return (0); 548 549 if ((fdm.fd_nname = 550 stravl_insert(execname, 0, 0, 0)) == NULL) 551 return (0); 552 if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA, 553 &fdm, 0, 0, aoutdyn, NULL, NULL)) == NULL) 554 return (0); 555 556 /* 557 * Establish the true mapping information for the a.out. 558 */ 559 if (aout_get_mmap(&lml_main, mpp)) { 560 free(mpp); 561 return (0); 562 } 563 564 MSIZE(mlmp) = 565 (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) - 566 S_ALIGN((size_t)mpp[0].mr_addr, syspagsz); 567 MMAPS(mlmp) = mpp; 568 MMAPCNT(mlmp) = 2; 569 PADSTART(mlmp) = (ulong_t)mpp->mr_addr; 570 PADIMLEN(mlmp) = mpp->mr_msize; 571 572 /* 573 * Disable any object configuration cache (BCP apps 574 * bring in sbcp which can benefit from any object 575 * cache, but both the app and sbcp can't use the same 576 * objects). 577 */ 578 rtld_flags |= RT_FL_NOOBJALT; 579 580 /* 581 * Make sure no-direct bindings are in effect. 582 */ 583 lml_main.lm_tflags |= LML_TFLG_NODIRECT; 584 #else 585 eprintf(&lml_main, ERR_FATAL, 586 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); 587 return (0); 588 #endif 589 } else if (phdr) { 590 Phdr *pptr; 591 Off i_offset = 0; 592 Addr base = 0; 593 ulong_t phsize; 594 mmapobj_result_t *mpp, *fmpp, *hmpp = NULL; 595 uint_t mapnum = 0; 596 int i; 597 size_t msize; 598 599 /* 600 * Using the executables phdr address determine the base 601 * address of the input file. NOTE, this assumes the 602 * program headers and elf header are part of the same 603 * mapped segment. Although this has held for many 604 * years now, it might be more flexible if the kernel 605 * gave use the ELF headers start address, rather than 606 * the Program headers. 607 * 608 * Determine from the ELF header if we're been called 609 * from a shared object or dynamic executable. If the 610 * latter, then any addresses within the object are used 611 * as is. Addresses within shared objects must be added 612 * to the process's base address. 613 */ 614 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); 615 phsize = ehdr->e_phentsize; 616 if (ehdr->e_type == ET_DYN) 617 base = (Addr)ehdr; 618 619 /* 620 * Allocate a mapping array to retain mapped segment 621 * information. 622 */ 623 if ((fmpp = mpp = calloc(ehdr->e_phnum, 624 sizeof (mmapobj_result_t))) == NULL) 625 return (0); 626 627 /* 628 * Extract the needed information from the segment 629 * headers. 630 */ 631 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { 632 if (pptr->p_type == PT_INTERP) { 633 i_offset = pptr->p_offset; 634 interp->i_faddr = 635 (caddr_t)interp_base; 636 } 637 if ((pptr->p_type == PT_LOAD) && 638 (pptr->p_filesz || pptr->p_memsz)) { 639 int perm = (PROT_READ | PROT_EXEC); 640 size_t off; 641 642 if (i_offset && pptr->p_filesz && 643 (i_offset >= pptr->p_offset) && 644 (i_offset <= 645 (pptr->p_memsz + pptr->p_offset))) { 646 interp->i_name = (char *) 647 pptr->p_vaddr + i_offset - 648 pptr->p_offset + base; 649 i_offset = 0; 650 } 651 652 if (pptr->p_flags & PF_W) 653 perm |= PROT_WRITE; 654 655 /* 656 * Retain segments mapping info. Round 657 * each segment to a page boundary, as 658 * this insures addresses are suitable 659 * for mprotect() if required. 660 */ 661 off = pptr->p_vaddr + base; 662 if (hmpp == NULL) { 663 hmpp = mpp; 664 mpp->mr_addr = (caddr_t)ehdr; 665 } else 666 mpp->mr_addr = (caddr_t)off; 667 668 off -= (size_t)(uintptr_t)mpp->mr_addr; 669 mpp->mr_msize = pptr->p_memsz + off; 670 mpp->mr_fsize = pptr->p_filesz + off; 671 mpp->mr_prot = perm; 672 673 mpp++, mapnum++; 674 } 675 676 pptr = (Phdr *)((ulong_t)pptr + phsize); 677 } 678 679 mpp--; 680 msize = (size_t)(mpp->mr_addr + mpp->mr_msize) - 681 S_ALIGN((size_t)fmpp->mr_addr, syspagsz); 682 683 if ((fdm.fd_nname = 684 stravl_insert(execname, 0, 0, 0)) == NULL) 685 return (0); 686 if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA, 687 &fdm, (Addr)hmpp->mr_addr, msize, 688 NULL, NULL, NULL)) == NULL) 689 return (0); 690 691 MMAPS(mlmp) = fmpp; 692 MMAPCNT(mlmp) = mapnum; 693 PADSTART(mlmp) = (ulong_t)fmpp->mr_addr; 694 PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr + 695 (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize; 696 } 697 } 698 699 /* 700 * Establish the interpretors name as that defined within the initial 701 * object (executable). This provides for ORIGIN processing of ld.so.1 702 * dependencies. Note, the NAME() of the object remains that which was 703 * passed to us as the SONAME on execution. 704 */ 705 if (ldsoexec == 0) { 706 size_t len = strlen(interp->i_name); 707 708 if (expand(&interp->i_name, &len, 0, 0, 709 (PD_TKN_ISALIST | PD_TKN_CAP), rlmp) & PD_TKN_RESOLVED) 710 fdr.fd_flags |= FLG_FD_RESOLVED; 711 } 712 fdr.fd_pname = interp->i_name; 713 (void) fullpath(rlmp, &fdr); 714 715 /* 716 * The runtime linker acts as a filtee for various dl*() functions that 717 * are defined in libc (and libdl). Make sure this standard name for 718 * the runtime linker is also registered in the FullPathNode AVL tree. 719 */ 720 (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0); 721 722 /* 723 * Having established the true runtime linkers name, simplify the name 724 * for error diagnostics. 725 */ 726 if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL) 727 rtldname = ++str; 728 else 729 rtldname = PATHNAME(rlmp); 730 731 /* 732 * Expand the fullpath name of the application. This typically occurs 733 * as a part of loading an object, but as the kernel probably mapped 734 * it in, complete this processing now. 735 */ 736 (void) fullpath(mlmp, 0); 737 738 /* 739 * Some troublesome programs will change the value of argv[0]. Dupping 740 * the process string protects us, and insures the string is left in 741 * any core files. 742 */ 743 if ((str = (char *)strdup(procname)) == NULL) 744 return (0); 745 procname = str; 746 747 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); 748 FLAGS1(mlmp) |= FL1_RT_USED; 749 750 /* 751 * It's the responsibility of MAIN(crt0) to call it's _init and _fini 752 * section, therefore null out any INIT/FINI so that this object isn't 753 * collected during tsort processing. And, if the application has no 754 * initarray or finiarray we can economize on establishing bindings. 755 */ 756 INIT(mlmp) = FINI(mlmp) = NULL; 757 if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL)) 758 FLAGS1(mlmp) |= FL1_RT_NOINIFIN; 759 760 /* 761 * Identify lddstub if necessary. 762 */ 763 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) 764 FLAGS1(mlmp) |= FL1_RT_LDDSTUB; 765 766 /* 767 * Retain our argument information for use in dlinfo. 768 */ 769 argsinfo.dla_argv = argv--; 770 argsinfo.dla_argc = (long)*argv; 771 argsinfo.dla_envp = envp; 772 argsinfo.dla_auxv = auxv; 773 774 (void) enter(0); 775 776 /* 777 * Add our two main link-maps to the dynlm_list 778 */ 779 if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL) 780 return (0); 781 782 if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL) 783 return (0); 784 785 /* 786 * Reset the link-map counts for both lists. The init count is used to 787 * track how many objects have pending init sections, this gets incre- 788 * mented each time an object is relocated. Since ld.so.1 relocates 789 * itself, it's init count will remain zero. 790 * The object count is used to track how many objects have pending fini 791 * sections, as ld.so.1 handles its own fini we can zero its count. 792 */ 793 lml_main.lm_obj = 1; 794 lml_rtld.lm_obj = 0; 795 796 /* 797 * Initialize debugger information structure. Some parts of this 798 * structure were initialized statically. 799 */ 800 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; 801 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; 802 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; 803 r_debug.rtd_dynlmlst = &dynlm_list; 804 805 /* 806 * Determine the dev/inode information for the executable to complete 807 * load_so() checking for those who might dlopen(a.out). 808 */ 809 if (rtld_stat(PATHNAME(mlmp), &status) == 0) { 810 STDEV(mlmp) = status.st_dev; 811 STINO(mlmp) = status.st_ino; 812 } 813 814 /* 815 * Initialize any configuration information. 816 */ 817 if (!(rtld_flags & RT_FL_NOCFG)) { 818 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) 819 return (0); 820 } 821 822 #if defined(_ELF64) 823 /* 824 * If this is a 64-bit process, determine whether this process has 825 * restricted the process address space to 32-bits. Any dependencies 826 * that are restricted to a 32-bit address space can only be loaded if 827 * the executable has established this requirement. 828 */ 829 if (CAPSET(mlmp).sc_sf_1 & SF1_SUNW_ADDR32) 830 rtld_flags2 |= RT_FL2_ADDR32; 831 #endif 832 /* 833 * Establish any alternative capabilities, and validate this object 834 * if it defines it's own capabilities information. 835 */ 836 if (cap_alternative() == 0) 837 return (0); 838 839 if (cap_check_lmp(mlmp, &rej) == 0) { 840 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 841 /* LINTED */ 842 (void) printf(MSG_INTL(ldd_warn[rej.rej_type]), 843 NAME(mlmp), rej.rej_str); 844 } else { 845 /* LINTED */ 846 eprintf(&lml_main, ERR_FATAL, 847 MSG_INTL(err_reject[rej.rej_type]), 848 NAME(mlmp), rej.rej_str); 849 return (0); 850 } 851 } 852 853 /* 854 * Establish the modes of the initial object. These modes are 855 * propagated to any preloaded objects and explicit shared library 856 * dependencies. 857 * 858 * If we're generating a configuration file using crle(1), remove 859 * any RTLD_NOW use, as we don't want to trigger any relocation proc- 860 * essing during crle(1)'s first past (this would just be unnecessary 861 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is 862 * not required to trigger filter loading. 863 * 864 * Note, RTLD_NOW may have been established during analysis of the 865 * application had the application been built -z now. 866 */ 867 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 868 869 if (rtld_flags & RT_FL_CONFGEN) { 870 MODE(mlmp) |= RTLD_CONFGEN; 871 MODE(mlmp) &= ~RTLD_NOW; 872 rtld_flags2 &= ~RT_FL2_BINDNOW; 873 } 874 875 if ((MODE(mlmp) & RTLD_NOW) == 0) { 876 if (rtld_flags2 & RT_FL2_BINDNOW) 877 MODE(mlmp) |= RTLD_NOW; 878 else 879 MODE(mlmp) |= RTLD_LAZY; 880 } 881 882 /* 883 * If debugging was requested initialize things now that any cache has 884 * been established. A user can specify LD_DEBUG=help to discover the 885 * list of debugging tokens available without running the application. 886 * However, don't allow this setting from a configuration file. 887 * 888 * Note, to prevent recursion issues caused by loading and binding the 889 * debugging libraries themselves, a local debugging descriptor is 890 * initialized. Once the debugging setup has completed, this local 891 * descriptor is copied to the global descriptor which effectively 892 * enables diagnostic output. 893 * 894 * Ignore any debugging request if we're being monitored by a process 895 * that expects the old getpid() initialization handshake. 896 */ 897 if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) { 898 Dbg_desc _dbg_desc = {0}; 899 struct timeval total = DBG_TOTALTIME; 900 struct timeval delta = DBG_DELTATIME; 901 902 if (rpl_debug) { 903 if (dbg_setup(rpl_debug, &_dbg_desc) == 0) 904 return (0); 905 if (_dbg_desc.d_extra & DBG_E_HELP_EXIT) 906 rtldexit(&lml_main, 0); 907 } 908 if (prm_debug) 909 (void) dbg_setup(prm_debug, &_dbg_desc); 910 911 *dbg_desc = _dbg_desc; 912 DBG_TOTALTIME = total; 913 DBG_DELTATIME = delta; 914 } 915 916 /* 917 * Now that debugging is enabled generate any diagnostics from any 918 * previous events. 919 */ 920 if (DBG_ENABLED) { 921 DBG_CALL(Dbg_cap_val(&lml_main, org_scapset, alt_scapset, 922 M_MACH)); 923 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, 924 features)); 925 926 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, 927 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); 928 929 if (THIS_IS_ELF(mlmp)) { 930 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), 931 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 932 ALIST_OFF_DATA)); 933 } else { 934 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), 935 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 936 ALIST_OFF_DATA)); 937 } 938 } 939 940 /* 941 * Enable auditing. 942 */ 943 if (rpl_audit || prm_audit || profile_lib) { 944 int ndx; 945 const char *aud[3]; 946 947 aud[0] = rpl_audit; 948 aud[1] = prm_audit; 949 aud[2] = profile_lib; 950 951 /* 952 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that 953 * can't be established is non-fatal. 954 */ 955 if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL) 956 return (0); 957 958 for (ndx = 0; ndx < 3; ndx++) { 959 if (aud[ndx]) { 960 if ((auditors->ad_name = 961 strdup(aud[ndx])) == NULL) 962 return (0); 963 rtld_flags2 |= RT_FL2_FTL2WARN; 964 (void) audit_setup(mlmp, auditors, 965 PD_FLG_EXTLOAD, NULL); 966 rtld_flags2 &= ~RT_FL2_FTL2WARN; 967 } 968 } 969 lml_main.lm_tflags |= auditors->ad_flags; 970 } 971 if (AUDITORS(mlmp)) { 972 /* 973 * Any object required auditing (set with a DT_DEPAUDIT dynamic 974 * entry) that can't be established is fatal. 975 */ 976 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { 977 /* 978 * If this object requires global auditing, use the 979 * local auditing information to set the global 980 * auditing descriptor. The effect is that a 981 * DT_DEPAUDIT act as an LD_AUDIT. 982 */ 983 if ((auditors == NULL) && ((auditors = calloc(1, 984 sizeof (Audit_desc))) == NULL)) 985 return (0); 986 987 auditors->ad_name = AUDITORS(mlmp)->ad_name; 988 if (audit_setup(mlmp, auditors, 0, NULL) == 0) 989 return (0); 990 lml_main.lm_tflags |= auditors->ad_flags; 991 992 /* 993 * Clear the local auditor information. 994 */ 995 free((void *) AUDITORS(mlmp)); 996 AUDITORS(mlmp) = NULL; 997 998 } else { 999 /* 1000 * Establish any local auditing. 1001 */ 1002 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) 1003 return (0); 1004 1005 AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags; 1006 lml_main.lm_flags |= LML_FLG_LOCAUDIT; 1007 } 1008 } 1009 1010 /* 1011 * Explicitly add the initial object and ld.so.1 to those objects being 1012 * audited. Note, although the ld.so.1 link-map isn't auditable, 1013 * establish a cookie for ld.so.1 as this may be bound to via the 1014 * dl*() family. 1015 */ 1016 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) { 1017 if (((audit_objopen(mlmp, mlmp) == 0) || 1018 (audit_objopen(mlmp, rlmp) == 0)) && 1019 (AFLAGS(mlmp) & LML_TFLG_AUD_MASK)) 1020 return (0); 1021 } 1022 1023 /* 1024 * Map in any preloadable shared objects. Establish the caller as the 1025 * head of the main link-map list. In the case of being exercised from 1026 * lddstub, the caller gets reassigned to the first target shared object 1027 * so as to provide intuitive diagnostics from ldd(). 1028 * 1029 * Note, it is valid to preload a 4.x shared object with a 5.0 1030 * executable (or visa-versa), as this functionality is required by 1031 * ldd(1). 1032 */ 1033 clmp = mlmp; 1034 if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0)) 1035 return (0); 1036 if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0)) 1037 return (0); 1038 1039 /* 1040 * Load all dependent (needed) objects. 1041 */ 1042 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == NULL) 1043 return (0); 1044 1045 /* 1046 * Relocate all the dependencies we've just added. 1047 * 1048 * If this process has been established via crle(1), the environment 1049 * variable LD_CONFGEN will have been set. crle(1) may create this 1050 * process twice. The first time crle only needs to gather dependency 1051 * information. The second time, is to dldump() the images. 1052 * 1053 * If we're only gathering dependencies, relocation is unnecessary. 1054 * As crle(1) may be building an arbitrary family of objects, they may 1055 * not fully relocate either. Hence the relocation phase is not carried 1056 * out now, but will be called by crle(1) once all objects have been 1057 * loaded. 1058 */ 1059 if ((rtld_flags & RT_FL_CONFGEN) == 0) { 1060 1061 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 1062 1063 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, 1064 mlmp, NULL) == 0) 1065 return (0); 1066 1067 /* 1068 * Inform the debuggers that basic process initialization is 1069 * complete, and that the state of ld.so.1 (link-map lists, 1070 * etc.) is stable. This handshake enables the debugger to 1071 * initialize themselves, and consequently allows the user to 1072 * set break points in .init code. 1073 * 1074 * Most new debuggers use librtld_db to monitor activity events. 1075 * Older debuggers indicated their presence by setting the 1076 * DT_DEBUG entry in the dynamic executable (see elf_new_lm()). 1077 * In this case, getpid() is called so that the debugger can 1078 * catch the system call. This old mechanism has some 1079 * restrictions, as getpid() should not be called prior to 1080 * basic process initialization being completed. This 1081 * restriction has become increasingly difficult to maintain, 1082 * as the use of auditors, LD_DEBUG, and the initialization 1083 * handshake with libc can result in "premature" getpid() 1084 * calls. The use of this getpid() handshake is expected to 1085 * disappear at some point in the future, and there is intent 1086 * to work towards that goal. 1087 */ 1088 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); 1089 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); 1090 1091 if (rtld_flags & RT_FL_DEBUGGER) { 1092 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; 1093 (void) getpid(); 1094 } 1095 } 1096 1097 /* 1098 * Indicate preinit activity, and call any auditing routines. These 1099 * routines are called before initializing any threads via libc, or 1100 * before collecting the complete set of .inits on the primary link-map. 1101 * Although most libc interfaces are encapsulated in local routines 1102 * within libc, they have been known to escape (ie. call a .plt). As 1103 * the appcert auditor uses preinit as a trigger to establish some 1104 * external interfaces to the main link-maps libc, we need to activate 1105 * this trigger before exercising any code within libc. Additionally, 1106 * I wouldn't put it past an auditor to add additional objects to the 1107 * primary link-map. Hence, we collect .inits after the audit call. 1108 */ 1109 rd_event(&lml_main, RD_PREINIT, 0); 1110 1111 if (aud_activity || 1112 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY)) 1113 audit_activity(mlmp, LA_ACT_CONSISTENT); 1114 if (aud_preinit || 1115 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT)) 1116 audit_preinit(mlmp); 1117 1118 /* 1119 * If we're creating initial configuration information, we're done 1120 * now that the auditing step has been called. 1121 */ 1122 if (rtld_flags & RT_FL_CONFGEN) { 1123 leave(LIST(mlmp), 0); 1124 return (mlmp); 1125 } 1126 1127 /* 1128 * Sort the .init sections of all objects we've added. If we're 1129 * tracing we only need to execute this under ldd(1) with the -i or -u 1130 * options. 1131 */ 1132 lmflags = lml_main.lm_flags; 1133 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || 1134 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { 1135 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, 1136 RT_SORT_REV)) == (Rt_map **)S_ERROR) 1137 return (0); 1138 } 1139 1140 /* 1141 * If we are tracing we're done. This is the one legitimate use of a 1142 * direct call to rtldexit() rather than return, as we don't want to 1143 * return and jump to the application. 1144 */ 1145 if (lmflags & LML_FLG_TRC_ENABLE) { 1146 unused(&lml_main); 1147 rtldexit(&lml_main, 0); 1148 } 1149 1150 /* 1151 * Check if this instance of the linker should have a primary link 1152 * map. This flag allows multiple copies of the -same- -version- 1153 * of the linker (and libc) to run in the same address space. 1154 * 1155 * Without this flag we only support one copy of the linker in a 1156 * process because by default the linker will always try to 1157 * initialize at one primary link map The copy of libc which is 1158 * initialized on a primary link map will initialize global TLS 1159 * data which can be shared with other copies of libc in the 1160 * process. The problem is that if there is more than one copy 1161 * of the linker, only one copy should link libc onto a primary 1162 * link map, otherwise libc will attempt to re-initialize global 1163 * TLS data. So when a copy of the linker is loaded with this 1164 * flag set, it will not initialize any primary link maps since 1165 * presumably another copy of the linker will do this. 1166 * 1167 * Note that this flag only allows multiple copies of the -same- 1168 * -version- of the linker (and libc) to coexist. This approach 1169 * will not work if we are trying to load different versions of 1170 * the linker and libc into the same process. The reason for 1171 * this is that the format of the global TLS data may not be 1172 * the same for different versions of libc. In this case each 1173 * different version of libc must have it's own primary link map 1174 * and be able to maintain it's own TLS data. The only way this 1175 * can be done is by carefully managing TLS pointers on transitions 1176 * between code associated with each of the different linkers. 1177 * Note that this is actually what is done for processes in lx 1178 * branded zones. Although in the lx branded zone case, the 1179 * other linker and libc are actually gld and glibc. But the 1180 * same general TLS management mechanism used by the lx brand 1181 * would apply to any attempts to run multiple versions of the 1182 * solaris linker and libc in a single process. 1183 */ 1184 if (auxflags & AF_SUN_NOPLM) 1185 rtld_flags2 |= RT_FL2_NOPLM; 1186 1187 /* 1188 * Establish any static TLS for this primary link-map. Note, regardless 1189 * of whether TLS is available, an initial handshake occurs with libc to 1190 * indicate we're processing the primary link-map. Having identified 1191 * the primary link-map, initialize threads. 1192 */ 1193 if (rt_get_extern(&lml_main, mlmp) == 0) 1194 return (0); 1195 1196 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { 1197 if (tls_statmod(&lml_main, mlmp) == 0) 1198 return (0); 1199 rt_thr_init(&lml_main); 1200 rtld_flags2 |= RT_FL2_PLMSETUP; 1201 } else { 1202 rt_thr_init(&lml_main); 1203 } 1204 1205 /* 1206 * Fire all dependencies .init sections. Identify any unused 1207 * dependencies, and leave the runtime linker - effectively calling 1208 * the dynamic executables entry point. 1209 */ 1210 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, 1211 SHT_PREINIT_ARRAY); 1212 1213 if (tobj) 1214 call_init(tobj, DBG_INIT_SORT); 1215 1216 rd_event(&lml_main, RD_POSTINIT, 0); 1217 1218 unused(&lml_main); 1219 1220 DBG_CALL(Dbg_util_call_main(mlmp)); 1221 1222 rtld_flags |= (RT_FL_OPERATION | RT_FL_APPLIC); 1223 1224 leave(LIST(mlmp), 0); 1225 1226 return (mlmp); 1227 } 1228