1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Run time linker common setup. 34 * 35 * Called from _setup to get the process going at startup. 36 */ 37 38 #include <stdlib.h> 39 #include <fcntl.h> 40 #include <stdio.h> 41 #include <sys/types.h> 42 #include <sys/stat.h> 43 #include <sys/mman.h> 44 #include <string.h> 45 #include <stdio.h> 46 #include <unistd.h> 47 #include <dlfcn.h> 48 #include <sys/sysconfig.h> 49 #include <sys/auxv.h> 50 #include <debug.h> 51 #include <conv.h> 52 #include "_rtld.h" 53 #include "_audit.h" 54 #include "_elf.h" 55 #include "_a.out.h" 56 #include "msg.h" 57 58 59 extern int _end, _edata, _etext; 60 extern void _init(void); 61 extern int _brk_unlocked(void *); 62 63 #ifndef SGS_PRE_UNIFIED_PROCESS 64 /* needed for _brk_unlocked() */ 65 void *_nd = &_end; 66 #endif 67 68 /* 69 * Define for the executable's interpreter. 70 * Usually it is ld.so.1, but for the first release of ICL binaries 71 * it is libc.so.1. We keep this information so that we don't end 72 * up mapping libc twice if it is the interpreter. 73 */ 74 static Interp _interp; 75 76 /* 77 * LD_PRELOAD objects. 78 */ 79 static int 80 preload(const char *str, Rt_map *mlmp, Rt_map **clmp) 81 { 82 Alist *palp = NULL; 83 char *objs, *ptr, *next; 84 Word lmflags = lml_main.lm_flags; 85 int lddstub; 86 87 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 88 89 if ((objs = strdup(str)) == NULL) 90 return (0); 91 92 /* 93 * Determine if we've been called from lddstub. 94 */ 95 lddstub = (lmflags & LML_FLG_TRC_ENABLE) && 96 (FLAGS1(*clmp) & FL1_RT_LDDSTUB); 97 98 ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); 99 do { 100 Rt_map *nlmp = NULL; 101 uint_t flags; 102 103 DBG_CALL(Dbg_file_preload(&lml_main, ptr)); 104 105 /* 106 * Establish the flags for loading each object. If we're 107 * called via lddstub, then the first preloaded object is the 108 * object being inspected by ldd(1). This object should not be 109 * marked as an interposer, as this object is intended to act 110 * as the target object of the process. 111 */ 112 if (lddstub) 113 flags = FLG_RT_PRELOAD; 114 else 115 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); 116 117 /* 118 * If this a secure application, then preload errors are 119 * reduced to warnings, as the errors are non-fatal. 120 */ 121 if (rtld_flags & RT_FL_SECURE) 122 rtld_flags2 |= RT_FL2_FTL2WARN; 123 if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED, 124 PD_FLG_EXTLOAD, 0) != 0) 125 nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp, 126 MODE(mlmp), flags, 0, NULL); 127 remove_plist(&palp, 0); 128 if (rtld_flags & RT_FL_SECURE) 129 rtld_flags2 &= ~RT_FL2_FTL2WARN; 130 if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0)) 131 nlmp = NULL; 132 133 if (lddstub && nlmp) { 134 lddstub = 0; 135 136 /* 137 * Fabricate a binding between the target shared object 138 * and lddstub so that the target object isn't called 139 * out from unused() processing. 140 */ 141 if (lmflags & 142 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) { 143 if (bind_one(*clmp, nlmp, BND_REFER) == 0) 144 nlmp = NULL; 145 } 146 147 /* 148 * By identifying lddstub as the caller, several 149 * confusing ldd() diagnostics get suppressed. These 150 * diagnostics would reveal how the target shared object 151 * was found from lddstub. Now that the real target is 152 * loaded, identify the target as the caller so that all 153 * ldd() diagnostics are enabled for subsequent objects. 154 */ 155 if (nlmp) 156 *clmp = nlmp; 157 } 158 159 /* 160 * If no error occurred with loading this object, indicate that 161 * this link-map list contains an interposer. 162 */ 163 if (nlmp == NULL) { 164 if ((lmflags & LML_FLG_TRC_ENABLE) || 165 (rtld_flags & RT_FL_SECURE)) 166 continue; 167 else 168 return (0); 169 } 170 if (flags & FLG_RT_OBJINTPO) 171 lml_main.lm_flags |= LML_FLG_INTRPOSE; 172 173 } while ((ptr = strtok_r(NULL, 174 MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL); 175 176 free(palp); 177 free(objs); 178 return (1); 179 } 180 181 Rt_map * 182 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, 183 char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr, 184 char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid, 185 void *aoutdyn, int auxflags, uint_t hwcap_1) 186 { 187 Rt_map *rlmp, *mlmp, *clmp, **tobj = NULL; 188 Ehdr *ehdr; 189 rtld_stat_t status; 190 int features = 0, ldsoexec = 0; 191 size_t eaddr, esize; 192 char *str, *argvname; 193 Word lmflags; 194 mmapobj_result_t *mpp; 195 Fdesc fdr = { 0 }, fdm = { 0 }; 196 Rej_desc rej = { 0 }; 197 198 /* 199 * Now that ld.so has relocated itself, initialize our own 'environ' so 200 * as to establish an address suitable for any libc requirements. 201 */ 202 _environ = (char **)((ulong_t)auxv - sizeof (char *)); 203 _init(); 204 _environ = envp; 205 206 /* 207 * Establish a base time. Total time diagnostics start from entering 208 * ld.so.1 here, however the base time is reset each time the ld.so.1 209 * is re-entered. Note also, there will be a large time associated 210 * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1 211 * and establishing the liblddbg infrastructure takes some time. 212 */ 213 (void) gettimeofday(&DBG_TOTALTIME, NULL); 214 DBG_DELTATIME = DBG_TOTALTIME; 215 216 /* 217 * Determine how ld.so.1 has been executed. 218 */ 219 if ((fd == -1) && (phdr == NULL)) { 220 /* 221 * If we received neither the AT_EXECFD nor the AT_PHDR aux 222 * vector, ld.so.1 must have been invoked directly from the 223 * command line. 224 */ 225 ldsoexec = 1; 226 227 /* 228 * AT_SUN_EXECNAME provides the most precise name, if it is 229 * available, otherwise fall back to argv[0]. At this time, 230 * there is no process name. 231 */ 232 if (execname) 233 rtldname = execname; 234 else if (argv[0]) 235 rtldname = argv[0]; 236 else 237 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 238 } else { 239 /* 240 * Otherwise, we have a standard process. AT_SUN_EXECNAME 241 * provides the most precise name, if it is available, 242 * otherwise fall back to argv[0]. Provided the application 243 * is already mapped, the process is the application, so 244 * simplify the application name for use in any diagnostics. 245 */ 246 if (execname) 247 argvname = execname; 248 else if (argv[0]) 249 argvname = execname = argv[0]; 250 else 251 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 252 253 if (fd == -1) { 254 if ((str = strrchr(argvname, '/')) != NULL) 255 procname = ++str; 256 else 257 procname = argvname; 258 } 259 260 /* 261 * At this point, we don't know the runtime linkers full path 262 * name. The _rtldname passed to us is the SONAME of the 263 * runtime linker, which is typically /lib/ld.so.1 no matter 264 * what the full path is. Use this for now, we'll reset the 265 * runtime linkers name once the application is analyzed. 266 */ 267 if (_rtldname) { 268 if ((str = strrchr(_rtldname, '/')) != NULL) 269 rtldname = ++str; 270 else 271 rtldname = _rtldname; 272 } else 273 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 274 } 275 276 /* 277 * Initialize any global variables. 278 */ 279 at_flags = _flags; 280 platform = _platform; 281 282 /* 283 * If pagesize is unspecified find its value. 284 */ 285 if ((syspagsz = _syspagsz) == 0) 286 syspagsz = _sysconfig(_CONFIG_PAGESIZE); 287 288 /* 289 * Add the unused portion of the last data page to the free space list. 290 * The page size must be set before doing this. Here, _end refers to 291 * the end of the runtime linkers bss. Note that we do not use the 292 * unused data pages from any included .so's to supplement this free 293 * space as badly behaved .os's may corrupt this data space, and in so 294 * doing ruin our data. 295 */ 296 eaddr = S_DROUND((size_t)&_end); 297 esize = eaddr % syspagsz; 298 if (esize) { 299 esize = syspagsz - esize; 300 addfree((void *)eaddr, esize); 301 } 302 303 /* 304 * Establish initial link-map list flags, and link-map list alists. 305 */ 306 if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl), 307 AL_CNT_LMLISTS) == NULL) 308 return (0); 309 lml_main.lm_flags |= LML_FLG_BASELM; 310 lml_main.lm_lmid = LM_ID_BASE; 311 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); 312 313 if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl), 314 AL_CNT_LMLISTS) == NULL) 315 return (0); 316 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_NOAUDIT | 317 LML_FLG_HOLDLOCK); 318 lml_rtld.lm_lmid = LM_ID_LDSO; 319 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); 320 321 /* 322 * Determine whether we have a secure executable. 323 */ 324 security(uid, euid, gid, egid, auxflags); 325 326 /* 327 * Initialize a hardware capability descriptor for use in comparing 328 * each loaded object. 329 */ 330 if (auxflags & AF_SUN_HWCAPVERIFY) { 331 rtld_flags2 |= RT_FL2_HWCAP; 332 hwcap = (ulong_t)hwcap_1; 333 } 334 335 /* 336 * Look for environment strings (allows things like LD_NOAUDIT to be 337 * established, although debugging isn't enabled until later). 338 */ 339 if ((readenv_user((const char **)envp, &(lml_main.lm_flags), 340 &(lml_main.lm_tflags), (aoutdyn != 0))) == 1) 341 return (0); 342 343 /* 344 * Create a mapping descriptor for ld.so.1. We can determine our 345 * two segments information from known symbols. 346 */ 347 if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL) 348 return (0); 349 mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base); 350 mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr; 351 mpp[0].mr_fsize = mpp[0].mr_msize; 352 mpp[0].mr_prot = (PROT_READ | PROT_EXEC); 353 354 mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug); 355 mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr; 356 mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr; 357 mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC); 358 359 if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL) 360 return (0); 361 if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr, 362 (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base), 363 NULL, NULL)) == NULL) 364 return (0); 365 366 MMAPS(rlmp) = mpp; 367 MMAPCNT(rlmp) = 2; 368 PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr; 369 PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr + 370 (ulong_t)mpp[1].mr_msize; 371 372 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 373 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | 374 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); 375 376 /* 377 * Initialize the runtime linkers information. 378 */ 379 interp = &_interp; 380 interp->i_name = (char *)rtldname; 381 interp->i_faddr = (caddr_t)ADDR(rlmp); 382 ldso_plt_init(rlmp); 383 384 /* 385 * If ld.so.1 has been invoked directly, process its arguments. 386 */ 387 if (ldsoexec) { 388 /* 389 * Process any arguments that are specific to ld.so.1, and 390 * reorganize the process stack to effectively remove ld.so.1 391 * from it. Reinitialize the environment pointer, as this may 392 * have been shifted after skipping ld.so.1's arguments. 393 */ 394 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), 395 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { 396 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); 397 return (0); 398 } 399 _environ = envp; 400 401 /* 402 * Open the object that ld.so.1 is to execute. 403 */ 404 argvname = execname = argv[0]; 405 406 if ((fd = open(argvname, O_RDONLY)) == -1) { 407 int err = errno; 408 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), 409 argvname, strerror(err)); 410 return (0); 411 } 412 } 413 414 /* 415 * Map in the file, if exec has not already done so, or if the file 416 * was passed as an argument to an explicit execution of ld.so.1 from 417 * the command line. 418 */ 419 if (fd != -1) { 420 /* 421 * Map the file. Once the object is mapped we no longer need 422 * the file descriptor. 423 */ 424 (void) rtld_fstat(fd, &status); 425 fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname, 426 fd, &rej); 427 (void) close(fd); 428 429 if (fdm.fd_ftp == NULL) { 430 Conv_reject_desc_buf_t rej_buf; 431 432 eprintf(&lml_main, ERR_FATAL, 433 MSG_INTL(err_reject[rej.rej_type]), argvname, 434 conv_reject_desc(&rej, &rej_buf, M_MACH)); 435 return (0); 436 } 437 438 /* 439 * Finish processing the loading of the file. 440 */ 441 if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL) 442 return (0); 443 fdm.fd_dev = status.st_dev; 444 fdm.fd_ino = status.st_ino; 445 446 if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, &fdm, 447 NULL)) == NULL) 448 return (0); 449 450 /* 451 * We now have a process name for error diagnostics. 452 */ 453 if ((str = strrchr(argvname, '/')) != NULL) 454 procname = ++str; 455 else 456 procname = argvname; 457 458 if (ldsoexec) { 459 mmapobj_result_t *mpp = MMAPS(mlmp); 460 uint_t mnum, mapnum = MMAPCNT(mlmp); 461 void *brkbase = NULL; 462 463 /* 464 * Since ld.so.1 was the primary executed object - the 465 * brk() base has not yet been initialized, we need to 466 * initialize it. For an executable, initialize it to 467 * the end of the object. For a shared object (ET_DYN) 468 * initialize it to the first page in memory. 469 */ 470 for (mnum = 0; mnum < mapnum; mnum++, mpp++) 471 brkbase = mpp->mr_addr + mpp->mr_msize; 472 473 if (brkbase == NULL) 474 brkbase = (void *)syspagsz; 475 476 if (_brk_unlocked(brkbase) == -1) { 477 int err = errno; 478 479 eprintf(&lml_main, ERR_FATAL, 480 MSG_INTL(MSG_SYS_BRK), argvname, 481 strerror(err)); 482 return (0); 483 } 484 } 485 } else { 486 /* 487 * Set up function ptr and arguments according to the type 488 * of file class the executable is. (Currently only supported 489 * types are ELF and a.out format.) Then create a link map 490 * for the executable. 491 */ 492 if (aoutdyn) { 493 #ifdef A_OUT 494 mmapobj_result_t *mpp; 495 496 /* 497 * Create a mapping structure sufficient to describe 498 * a single two segments. The ADDR() of the a.out is 499 * established as 0, which is required but the AOUT 500 * relocation code. 501 */ 502 if ((mpp = 503 calloc(sizeof (mmapobj_result_t), 2)) == NULL) 504 return (0); 505 506 if ((fdm.fd_nname = 507 stravl_insert(execname, 0, 0, 0)) == NULL) 508 return (0); 509 if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA, 510 &fdm, 0, 0, aoutdyn, NULL)) == NULL) 511 return (0); 512 513 /* 514 * Establish the true mapping information for the a.out. 515 */ 516 if (aout_get_mmap(&lml_main, mpp)) { 517 free(mpp); 518 return (0); 519 } 520 521 MSIZE(mlmp) = 522 (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) - 523 S_ALIGN((size_t)mpp[0].mr_addr, syspagsz); 524 MMAPS(mlmp) = mpp; 525 MMAPCNT(mlmp) = 2; 526 PADSTART(mlmp) = (ulong_t)mpp->mr_addr; 527 PADIMLEN(mlmp) = mpp->mr_msize; 528 529 /* 530 * Disable any object configuration cache (BCP apps 531 * bring in sbcp which can benefit from any object 532 * cache, but both the app and sbcp can't use the same 533 * objects). 534 */ 535 rtld_flags |= RT_FL_NOOBJALT; 536 537 /* 538 * Make sure no-direct bindings are in effect. 539 */ 540 lml_main.lm_tflags |= LML_TFLG_NODIRECT; 541 #else 542 eprintf(&lml_main, ERR_FATAL, 543 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); 544 return (0); 545 #endif 546 } else if (phdr) { 547 Phdr *pptr; 548 Off i_offset = 0; 549 Addr base = 0; 550 ulong_t phsize; 551 mmapobj_result_t *mpp, *fmpp, *hmpp = NULL; 552 uint_t mapnum = 0; 553 int i; 554 size_t msize; 555 556 /* 557 * Using the executables phdr address determine the base 558 * address of the input file. NOTE, this assumes the 559 * program headers and elf header are part of the same 560 * mapped segment. Although this has held for many 561 * years now, it might be more flexible if the kernel 562 * gave use the ELF headers start address, rather than 563 * the Program headers. 564 * 565 * Determine from the ELF header if we're been called 566 * from a shared object or dynamic executable. If the 567 * latter, then any addresses within the object are used 568 * as is. Addresses within shared objects must be added 569 * to the process's base address. 570 */ 571 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); 572 phsize = ehdr->e_phentsize; 573 if (ehdr->e_type == ET_DYN) 574 base = (Addr)ehdr; 575 576 /* 577 * Allocate a mapping array to retain mapped segment 578 * information. 579 */ 580 if ((fmpp = mpp = calloc(ehdr->e_phnum, 581 sizeof (mmapobj_result_t))) == NULL) 582 return (0); 583 584 /* 585 * Extract the needed information from the segment 586 * headers. 587 */ 588 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { 589 if (pptr->p_type == PT_INTERP) { 590 i_offset = pptr->p_offset; 591 interp->i_faddr = 592 (caddr_t)interp_base; 593 } 594 if ((pptr->p_type == PT_LOAD) && 595 (pptr->p_filesz || pptr->p_memsz)) { 596 int perm = (PROT_READ | PROT_EXEC); 597 size_t off; 598 599 if (i_offset && pptr->p_filesz && 600 (i_offset >= pptr->p_offset) && 601 (i_offset <= 602 (pptr->p_memsz + pptr->p_offset))) { 603 interp->i_name = (char *) 604 pptr->p_vaddr + i_offset - 605 pptr->p_offset + base; 606 i_offset = 0; 607 } 608 609 if (pptr->p_flags & PF_W) 610 perm |= PROT_WRITE; 611 612 /* 613 * Retain segments mapping info. Round 614 * each segment to a page boundary, as 615 * this insures addresses are suitable 616 * for mprotect() if required. 617 */ 618 off = pptr->p_vaddr + base; 619 if (hmpp == NULL) { 620 hmpp = mpp; 621 mpp->mr_addr = (caddr_t)ehdr; 622 } else 623 mpp->mr_addr = (caddr_t)off; 624 625 off -= (size_t)(uintptr_t)mpp->mr_addr; 626 mpp->mr_msize = pptr->p_memsz + off; 627 mpp->mr_fsize = pptr->p_filesz + off; 628 mpp->mr_prot = perm; 629 630 mpp++, mapnum++; 631 } 632 633 pptr = (Phdr *)((ulong_t)pptr + phsize); 634 } 635 636 mpp--; 637 msize = (size_t)(mpp->mr_addr + mpp->mr_msize) - 638 S_ALIGN((size_t)fmpp->mr_addr, syspagsz); 639 640 if ((fdm.fd_nname = 641 stravl_insert(execname, 0, 0, 0)) == NULL) 642 return (0); 643 if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA, &fdm, 644 (Addr)hmpp->mr_addr, msize, NULL, NULL)) == NULL) 645 return (0); 646 647 MMAPS(mlmp) = fmpp; 648 MMAPCNT(mlmp) = mapnum; 649 PADSTART(mlmp) = (ulong_t)fmpp->mr_addr; 650 PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr + 651 (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize; 652 } 653 } 654 655 /* 656 * Establish the interpretors name as that defined within the initial 657 * object (executable). This provides for ORIGIN processing of ld.so.1 658 * dependencies. Note, the NAME() of the object remains that which was 659 * passed to us as the SONAME on execution. 660 */ 661 if (ldsoexec == 0) { 662 size_t len = strlen(interp->i_name); 663 664 if (expand(&interp->i_name, &len, 0, 0, 665 (PD_TKN_ISALIST | PD_TKN_HWCAP), rlmp) & PD_TKN_RESOLVED) 666 fdr.fd_flags |= FLG_FD_RESOLVED; 667 } 668 fdr.fd_pname = interp->i_name; 669 (void) fullpath(rlmp, &fdr); 670 671 /* 672 * The runtime linker acts as a filtee for various dl*() functions that 673 * are defined in libc (and libdl). Make sure this standard name for 674 * the runtime linker is also registered in the FullPathNode AVL tree. 675 */ 676 (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0); 677 678 /* 679 * Having established the true runtime linkers name, simplify the name 680 * for error diagnostics. 681 */ 682 if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL) 683 rtldname = ++str; 684 else 685 rtldname = PATHNAME(rlmp); 686 687 /* 688 * Expand the fullpath name of the application. This typically occurs 689 * as a part of loading an object, but as the kernel probably mapped 690 * it in, complete this processing now. 691 */ 692 (void) fullpath(mlmp, 0); 693 694 /* 695 * Some troublesome programs will change the value of argv[0]. Dupping 696 * the process string protects us, and insures the string is left in 697 * any core files. 698 */ 699 if ((str = (char *)strdup(procname)) == NULL) 700 return (0); 701 procname = str; 702 703 #if defined(_ELF64) 704 /* 705 * If this is a 64-bit process, determine whether this process has 706 * restricted the process address space to 32-bits. Any dependencies 707 * that are restricted to a 32-bit address space can only be loaded if 708 * the executable has established this requirement. 709 */ 710 if (SFCAP(mlmp) & SF1_SUNW_ADDR32) 711 rtld_flags2 |= RT_FL2_ADDR32; 712 #endif 713 /* 714 * Validate any hardware capabilities information. 715 */ 716 if (HWCAP(mlmp) && (hwcap_check(HWCAP(mlmp), &rej) == 0)) { 717 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 718 (void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1), 719 NAME(mlmp), rej.rej_str); 720 } else { 721 eprintf(&lml_main, ERR_FATAL, 722 MSG_INTL(MSG_GEN_BADHWCAP_1), rej.rej_str); 723 return (0); 724 } 725 } 726 727 /* 728 * Validate any software capabilities information, other than 729 * SF1_SUNW_ADDR32. Only dependencies need check their SF1_SUNW_ADDR32 730 * use against the application enabling a 32-bit address space. 731 */ 732 if ((SFCAP(mlmp) & ~SF1_SUNW_ADDR32) && 733 (sfcap_check(SFCAP(mlmp), &rej) == 0)) { 734 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 735 (void) printf(MSG_INTL(MSG_LDD_GEN_SFCAP_1), 736 NAME(mlmp), rej.rej_str); 737 } else { 738 eprintf(&lml_main, ERR_FATAL, 739 MSG_INTL(MSG_GEN_BADSFCAP_1), rej.rej_str); 740 return (0); 741 } 742 } 743 744 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); 745 FLAGS1(mlmp) |= FL1_RT_USED; 746 747 /* 748 * It's the responsibility of MAIN(crt0) to call it's _init and _fini 749 * section, therefore null out any INIT/FINI so that this object isn't 750 * collected during tsort processing. And, if the application has no 751 * initarray or finiarray we can economize on establishing bindings. 752 */ 753 INIT(mlmp) = FINI(mlmp) = NULL; 754 if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL)) 755 FLAGS1(mlmp) |= FL1_RT_NOINIFIN; 756 757 /* 758 * Identify lddstub if necessary. 759 */ 760 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) 761 FLAGS1(mlmp) |= FL1_RT_LDDSTUB; 762 763 /* 764 * Retain our argument information for use in dlinfo. 765 */ 766 argsinfo.dla_argv = argv--; 767 argsinfo.dla_argc = (long)*argv; 768 argsinfo.dla_envp = envp; 769 argsinfo.dla_auxv = auxv; 770 771 (void) enter(0); 772 773 /* 774 * Add our two main link-maps to the dynlm_list 775 */ 776 if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL) 777 return (0); 778 779 if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL) 780 return (0); 781 782 /* 783 * Reset the link-map counts for both lists. The init count is used to 784 * track how many objects have pending init sections, this gets incre- 785 * mented each time an object is relocated. Since ld.so.1 relocates 786 * itself, it's init count will remain zero. 787 * The object count is used to track how many objects have pending fini 788 * sections, as ld.so.1 handles its own fini we can zero its count. 789 */ 790 lml_main.lm_obj = 1; 791 lml_rtld.lm_obj = 0; 792 793 /* 794 * Initialize debugger information structure. Some parts of this 795 * structure were initialized statically. 796 */ 797 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; 798 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; 799 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; 800 r_debug.rtd_dynlmlst = &dynlm_list; 801 802 if (platform) 803 platform_sz = strlen(platform); 804 805 /* 806 * Determine the dev/inode information for the executable to complete 807 * load_so() checking for those who might dlopen(a.out). 808 */ 809 if (rtld_stat(PATHNAME(mlmp), &status) == 0) { 810 STDEV(mlmp) = status.st_dev; 811 STINO(mlmp) = status.st_ino; 812 } 813 814 /* 815 * Initialize any configuration information. 816 */ 817 if (!(rtld_flags & RT_FL_NOCFG)) { 818 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) 819 return (0); 820 } 821 822 /* 823 * Establish the modes of the initial object. These modes are 824 * propagated to any preloaded objects and explicit shared library 825 * dependencies. 826 * 827 * If we're generating a configuration file using crle(1), remove 828 * any RTLD_NOW use, as we don't want to trigger any relocation proc- 829 * essing during crle(1)'s first past (this would just be unnecessary 830 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is 831 * not required to trigger filter loading. 832 * 833 * Note, RTLD_NOW may have been established during analysis of the 834 * application had the application been built -z now. 835 */ 836 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 837 838 if (rtld_flags & RT_FL_CONFGEN) { 839 MODE(mlmp) |= RTLD_CONFGEN; 840 MODE(mlmp) &= ~RTLD_NOW; 841 rtld_flags2 &= ~RT_FL2_BINDNOW; 842 } 843 844 if ((MODE(mlmp) & RTLD_NOW) == 0) { 845 if (rtld_flags2 & RT_FL2_BINDNOW) 846 MODE(mlmp) |= RTLD_NOW; 847 else 848 MODE(mlmp) |= RTLD_LAZY; 849 } 850 851 /* 852 * If debugging was requested initialize things now that any cache has 853 * been established. A user can specify LD_DEBUG=help to discover the 854 * list of debugging tokens available without running the application. 855 * However, don't allow this setting from a configuration file. 856 * 857 * Note, to prevent recursion issues caused by loading and binding the 858 * debugging libraries themselves, a local debugging descriptor is 859 * initialized. Once the debugging setup has completed, this local 860 * descriptor is copied to the global descriptor which effectively 861 * enables diagnostic output. 862 * 863 * Ignore any debugging request if we're being monitored by a process 864 * that expects the old getpid() initialization handshake. 865 */ 866 if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) { 867 Dbg_desc _dbg_desc = {0}; 868 struct timeval total = DBG_TOTALTIME; 869 struct timeval delta = DBG_DELTATIME; 870 871 if (rpl_debug) { 872 if (dbg_setup(rpl_debug, &_dbg_desc) == 0) 873 return (0); 874 if (_dbg_desc.d_extra & DBG_E_HELP_EXIT) 875 rtldexit(&lml_main, 0); 876 } 877 if (prm_debug) 878 (void) dbg_setup(prm_debug, &_dbg_desc); 879 880 *dbg_desc = _dbg_desc; 881 DBG_TOTALTIME = total; 882 DBG_DELTATIME = delta; 883 } 884 885 /* 886 * Now that debugging is enabled generate any diagnostics from any 887 * previous events. 888 */ 889 if (hwcap) 890 DBG_CALL(Dbg_cap_val_hw1(&lml_main, hwcap, M_MACH)); 891 if (features) 892 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, 893 features)); 894 895 if (DBG_ENABLED) { 896 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, 897 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); 898 899 if (THIS_IS_ELF(mlmp)) { 900 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), 901 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 902 ALIST_OFF_DATA)); 903 } else { 904 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), 905 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 906 ALIST_OFF_DATA)); 907 } 908 } 909 910 /* 911 * Enable auditing. 912 */ 913 if (rpl_audit || prm_audit || profile_lib) { 914 int ndx; 915 const char *aud[3]; 916 917 aud[0] = rpl_audit; 918 aud[1] = prm_audit; 919 aud[2] = profile_lib; 920 921 /* 922 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that 923 * can't be established is non-fatal. 924 */ 925 if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL) 926 return (0); 927 928 for (ndx = 0; ndx < 3; ndx++) { 929 if (aud[ndx]) { 930 if ((auditors->ad_name = 931 strdup(aud[ndx])) == NULL) 932 return (0); 933 rtld_flags2 |= RT_FL2_FTL2WARN; 934 (void) audit_setup(mlmp, auditors, 935 PD_FLG_EXTLOAD, NULL); 936 rtld_flags2 &= ~RT_FL2_FTL2WARN; 937 } 938 } 939 lml_main.lm_tflags |= auditors->ad_flags; 940 } 941 if (AUDITORS(mlmp)) { 942 /* 943 * Any object required auditing (set with a DT_DEPAUDIT dynamic 944 * entry) that can't be established is fatal. 945 */ 946 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { 947 /* 948 * If this object requires global auditing, use the 949 * local auditing information to set the global 950 * auditing descriptor. The effect is that a 951 * DT_DEPAUDIT act as an LD_AUDIT. 952 */ 953 if ((auditors == NULL) && ((auditors = calloc(1, 954 sizeof (Audit_desc))) == NULL)) 955 return (0); 956 957 auditors->ad_name = AUDITORS(mlmp)->ad_name; 958 if (audit_setup(mlmp, auditors, 0, NULL) == 0) 959 return (0); 960 lml_main.lm_tflags |= auditors->ad_flags; 961 962 /* 963 * Clear the local auditor information. 964 */ 965 free((void *) AUDITORS(mlmp)); 966 AUDITORS(mlmp) = NULL; 967 968 } else { 969 /* 970 * Establish any local auditing. 971 */ 972 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) 973 return (0); 974 975 AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags; 976 lml_main.lm_flags |= LML_FLG_LOCAUDIT; 977 } 978 } 979 980 /* 981 * Explicitly add the initial object and ld.so.1 to those objects being 982 * audited. Note, although the ld.so.1 link-map isn't auditable, 983 * establish a cookie for ld.so.1 as this may be bound to via the 984 * dl*() family. 985 */ 986 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) { 987 if (((audit_objopen(mlmp, mlmp) == 0) || 988 (audit_objopen(mlmp, rlmp) == 0)) && 989 (AFLAGS(mlmp) & LML_TFLG_AUD_MASK)) 990 return (0); 991 } 992 993 /* 994 * Map in any preloadable shared objects. Establish the caller as the 995 * head of the main link-map list. In the case of being exercised from 996 * lddstub, the caller gets reassigned to the first target shared object 997 * so as to provide intuitive diagnostics from ldd(). 998 * 999 * Note, it is valid to preload a 4.x shared object with a 5.0 1000 * executable (or visa-versa), as this functionality is required by 1001 * ldd(1). 1002 */ 1003 clmp = mlmp; 1004 if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0)) 1005 return (0); 1006 if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0)) 1007 return (0); 1008 1009 /* 1010 * Load all dependent (needed) objects. 1011 */ 1012 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, NULL) == NULL) 1013 return (0); 1014 1015 /* 1016 * Relocate all the dependencies we've just added. 1017 * 1018 * If this process has been established via crle(1), the environment 1019 * variable LD_CONFGEN will have been set. crle(1) may create this 1020 * process twice. The first time crle only needs to gather dependency 1021 * information. The second time, is to dldump() the images. 1022 * 1023 * If we're only gathering dependencies, relocation is unnecessary. 1024 * As crle(1) may be building an arbitrary family of objects, they may 1025 * not fully relocate either. Hence the relocation phase is not carried 1026 * out now, but will be called by crle(1) once all objects have been 1027 * loaded. 1028 */ 1029 if ((rtld_flags & RT_FL_CONFGEN) == 0) { 1030 1031 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 1032 1033 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, 1034 mlmp, NULL) == 0) 1035 return (0); 1036 1037 /* 1038 * Inform the debuggers that basic process initialization is 1039 * complete, and that the state of ld.so.1 (link-map lists, 1040 * etc.) is stable. This handshake enables the debugger to 1041 * initialize themselves, and consequently allows the user to 1042 * set break points in .init code. 1043 * 1044 * Most new debuggers use librtld_db to monitor activity events. 1045 * Older debuggers indicated their presence by setting the 1046 * DT_DEBUG entry in the dynamic executable (see elf_new_lm()). 1047 * In this case, getpid() is called so that the debugger can 1048 * catch the system call. This old mechanism has some 1049 * restrictions, as getpid() should not be called prior to 1050 * basic process initialization being completed. This 1051 * restriction has become increasingly difficult to maintain, 1052 * as the use of auditors, LD_DEBUG, and the initialization 1053 * handshake with libc can result in "premature" getpid() 1054 * calls. The use of this getpid() handshake is expected to 1055 * disappear at some point in the future, and there is intent 1056 * to work towards that goal. 1057 */ 1058 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); 1059 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); 1060 1061 if (rtld_flags & RT_FL_DEBUGGER) { 1062 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; 1063 (void) getpid(); 1064 } 1065 } 1066 1067 /* 1068 * Indicate preinit activity, and call any auditing routines. These 1069 * routines are called before initializing any threads via libc, or 1070 * before collecting the complete set of .inits on the primary link-map. 1071 * Although most libc interfaces are encapsulated in local routines 1072 * within libc, they have been known to escape (ie. call a .plt). As 1073 * the appcert auditor uses preinit as a trigger to establish some 1074 * external interfaces to the main link-maps libc, we need to activate 1075 * this trigger before exercising any code within libc. Additionally, 1076 * I wouldn't put it past an auditor to add additional objects to the 1077 * primary link-map. Hence, we collect .inits after the audit call. 1078 */ 1079 rd_event(&lml_main, RD_PREINIT, 0); 1080 1081 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY) 1082 audit_activity(mlmp, LA_ACT_CONSISTENT); 1083 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT) 1084 audit_preinit(mlmp); 1085 1086 /* 1087 * If we're creating initial configuration information, we're done 1088 * now that the auditing step has been called. 1089 */ 1090 if (rtld_flags & RT_FL_CONFGEN) { 1091 leave(LIST(mlmp), 0); 1092 return (mlmp); 1093 } 1094 1095 /* 1096 * Sort the .init sections of all objects we've added. If we're 1097 * tracing we only need to execute this under ldd(1) with the -i or -u 1098 * options. 1099 */ 1100 lmflags = lml_main.lm_flags; 1101 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || 1102 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { 1103 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, 1104 RT_SORT_REV)) == (Rt_map **)S_ERROR) 1105 return (0); 1106 } 1107 1108 /* 1109 * If we are tracing we're done. This is the one legitimate use of a 1110 * direct call to rtldexit() rather than return, as we don't want to 1111 * return and jump to the application. 1112 */ 1113 if (lmflags & LML_FLG_TRC_ENABLE) { 1114 unused(&lml_main); 1115 rtldexit(&lml_main, 0); 1116 } 1117 1118 /* 1119 * Check if this instance of the linker should have a primary link 1120 * map. This flag allows multiple copies of the -same- -version- 1121 * of the linker (and libc) to run in the same address space. 1122 * 1123 * Without this flag we only support one copy of the linker in a 1124 * process because by default the linker will always try to 1125 * initialize at one primary link map The copy of libc which is 1126 * initialized on a primary link map will initalize global TLS 1127 * data which can be shared with other copies of libc in the 1128 * process. The problem is that if there is more than one copy 1129 * of the linker, only one copy should link libc onto a primary 1130 * link map, otherwise libc will attempt to re-initialize global 1131 * TLS data. So when a copy of the linker is loaded with this 1132 * flag set, it will not initialize any primary link maps since 1133 * persumably another copy of the linker will do this. 1134 * 1135 * Note that this flag only allows multiple copies of the -same- 1136 * -version- of the linker (and libc) to coexist. This approach 1137 * will not work if we are trying to load different versions of 1138 * the linker and libc into the same process. The reason for 1139 * this is that the format of the global TLS data may not be 1140 * the same for different versions of libc. In this case each 1141 * different version of libc must have it's own primary link map 1142 * and be able to maintain it's own TLS data. The only way this 1143 * can be done is by carefully managing TLS pointers on transitions 1144 * between code associated with each of the different linkers. 1145 * Note that this is actually what is done for processes in lx 1146 * branded zones. Although in the lx branded zone case, the 1147 * other linker and libc are actually gld and glibc. But the 1148 * same general TLS management mechanism used by the lx brand 1149 * would apply to any attempts to run multiple versions of the 1150 * solaris linker and libc in a single process. 1151 */ 1152 if (auxflags & AF_SUN_NOPLM) 1153 rtld_flags2 |= RT_FL2_NOPLM; 1154 1155 /* 1156 * Establish any static TLS for this primary link-map. Note, regardless 1157 * of whether TLS is available, an initial handshake occurs with libc to 1158 * indicate we're processing the primary link-map. Having identified 1159 * the primary link-map, initialize threads. 1160 */ 1161 if (rt_get_extern(&lml_main, mlmp) == 0) 1162 return (0); 1163 1164 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { 1165 if (tls_statmod(&lml_main, mlmp) == 0) 1166 return (0); 1167 rt_thr_init(&lml_main); 1168 rtld_flags2 |= RT_FL2_PLMSETUP; 1169 } else { 1170 rt_thr_init(&lml_main); 1171 } 1172 1173 rtld_flags |= RT_FL_APPLIC; 1174 1175 /* 1176 * Fire all dependencies .init sections. Identify any unused 1177 * dependencies, and leave the runtime linker - effectively calling 1178 * the dynamic executables entry point. 1179 */ 1180 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, 1181 SHT_PREINIT_ARRAY); 1182 1183 if (tobj) 1184 call_init(tobj, DBG_INIT_SORT); 1185 1186 rd_event(&lml_main, RD_POSTINIT, 0); 1187 1188 unused(&lml_main); 1189 1190 DBG_CALL(Dbg_util_call_main(mlmp)); 1191 1192 rtld_flags |= RT_FL_OPERATION; 1193 leave(LIST(mlmp), 0); 1194 1195 return (mlmp); 1196 } 1197