1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 #pragma ident "%Z%%M% %I% %E% SMI" 33 34 /* 35 * x86 machine dependent and ELF file class dependent functions. 36 * Contains routines for performing function binding and symbol relocations. 37 */ 38 39 #include <stdio.h> 40 #include <sys/elf.h> 41 #include <sys/elf_386.h> 42 #include <sys/mman.h> 43 #include <dlfcn.h> 44 #include <synch.h> 45 #include <string.h> 46 #include <debug.h> 47 #include <reloc.h> 48 #include <conv.h> 49 #include "_rtld.h" 50 #include "_audit.h" 51 #include "_elf.h" 52 #include "msg.h" 53 54 55 extern void elf_rtbndr(Rt_map *, ulong_t, caddr_t); 56 57 int 58 elf_mach_flags_check(Rej_desc *rej, Ehdr *ehdr) 59 { 60 /* 61 * Check machine type and flags. 62 */ 63 if (ehdr->e_flags != 0) { 64 rej->rej_type = SGS_REJ_BADFLAG; 65 rej->rej_info = (uint_t)ehdr->e_flags; 66 return (0); 67 } 68 return (1); 69 } 70 71 void 72 ldso_plt_init(Rt_map * lmp) 73 { 74 /* 75 * There is no need to analyze ld.so because we don't map in any of 76 * its dependencies. However we may map these dependencies in later 77 * (as if ld.so had dlopened them), so initialize the plt and the 78 * permission information. 79 */ 80 if (PLTGOT(lmp)) 81 elf_plt_init((PLTGOT(lmp)), (caddr_t)lmp); 82 } 83 84 static const uchar_t dyn_plt_template[] = { 85 /* 0x00 */ 0x55, /* pushl %ebp */ 86 /* 0x01 */ 0x8b, 0xec, /* movl %esp, %ebp */ 87 /* 0x03 */ 0x68, 0x00, 0x00, 0x00, 0x00, /* pushl trace_fields */ 88 /* 0x08 */ 0xe9, 0xfc, 0xff, 0xff, 0xff, 0xff /* jmp elf_plt_trace */ 89 }; 90 int dyn_plt_ent_size = sizeof (dyn_plt_template); 91 92 /* 93 * the dynamic plt entry is: 94 * 95 * pushl %ebp 96 * movl %esp, %ebp 97 * pushl tfp 98 * jmp elf_plt_trace 99 * dyn_data: 100 * .align 4 101 * uintptr_t reflmp 102 * uintptr_t deflmp 103 * uint_t symndx 104 * uint_t sb_flags 105 * Sym symdef 106 */ 107 static caddr_t 108 elf_plt_trace_write(uint_t roffset, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, 109 uint_t symndx, uint_t pltndx, caddr_t to, uint_t sb_flags, int *fail) 110 { 111 extern int elf_plt_trace(); 112 ulong_t got_entry; 113 uchar_t *dyn_plt; 114 uintptr_t *dyndata; 115 116 /* 117 * We only need to add the glue code if there is an auditing 118 * library that is interested in this binding. 119 */ 120 dyn_plt = (uchar_t *)((uintptr_t)AUDINFO(rlmp)->ai_dynplts + 121 (pltndx * dyn_plt_ent_size)); 122 123 /* 124 * Have we initialized this dynamic plt entry yet? If we haven't do it 125 * now. Otherwise this function has been called before, but from a 126 * different plt (ie. from another shared object). In that case 127 * we just set the plt to point to the new dyn_plt. 128 */ 129 if (*dyn_plt == 0) { 130 Sym *symp; 131 Word symvalue; 132 Lm_list *lml = LIST(rlmp); 133 134 (void) memcpy((void *)dyn_plt, dyn_plt_template, 135 sizeof (dyn_plt_template)); 136 dyndata = (uintptr_t *)((uintptr_t)dyn_plt + 137 ROUND(sizeof (dyn_plt_template), M_WORD_ALIGN)); 138 139 /* 140 * relocate: 141 * pushl dyn_data 142 */ 143 symvalue = (Word)dyndata; 144 if (do_reloc_rtld(R_386_32, &dyn_plt[4], &symvalue, 145 MSG_ORIG(MSG_SYM_LADYNDATA), 146 MSG_ORIG(MSG_SPECFIL_DYNPLT), lml) == 0) { 147 *fail = 1; 148 return (0); 149 } 150 151 /* 152 * jmps are relative, so I need to figure out the relative 153 * address to elf_plt_trace. 154 * 155 * relocating: 156 * jmp elf_plt_trace 157 */ 158 symvalue = (ulong_t)(elf_plt_trace) - (ulong_t)(dyn_plt + 9); 159 if (do_reloc_rtld(R_386_PC32, &dyn_plt[9], &symvalue, 160 MSG_ORIG(MSG_SYM_ELFPLTTRACE), 161 MSG_ORIG(MSG_SPECFIL_DYNPLT), lml) == 0) { 162 *fail = 1; 163 return (0); 164 } 165 166 *dyndata++ = (uintptr_t)rlmp; 167 *dyndata++ = (uintptr_t)dlmp; 168 *dyndata++ = (uint_t)symndx; 169 *dyndata++ = (uint_t)sb_flags; 170 symp = (Sym *)dyndata; 171 *symp = *sym; 172 symp->st_name += (Word)STRTAB(dlmp); 173 symp->st_value = (Addr)to; 174 } 175 176 got_entry = (ulong_t)roffset; 177 *(ulong_t *)got_entry = (ulong_t)dyn_plt; 178 return ((caddr_t)dyn_plt); 179 } 180 181 182 /* 183 * Function binding routine - invoked on the first call to a function through 184 * the procedure linkage table; 185 * passes first through an assembly language interface. 186 * 187 * Takes the offset into the relocation table of the associated 188 * relocation entry and the address of the link map (rt_private_map struct) 189 * for the entry. 190 * 191 * Returns the address of the function referenced after re-writing the PLT 192 * entry to invoke the function directly. 193 * 194 * On error, causes process to terminate with a signal. 195 */ 196 ulong_t 197 elf_bndr(Rt_map *lmp, ulong_t reloff, caddr_t from) 198 { 199 Rt_map *nlmp, *llmp; 200 ulong_t addr, symval, rsymndx; 201 char *name; 202 Rel *rptr; 203 Sym *rsym, *nsym; 204 uint_t binfo, sb_flags = 0, dbg_class; 205 Slookup sl; 206 int entry, lmflags; 207 Lm_list *lml; 208 209 /* 210 * For compatibility with libthread (TI_VERSION 1) we track the entry 211 * value. A zero value indicates we have recursed into ld.so.1 to 212 * further process a locking request. Under this recursion we disable 213 * tsort and cleanup activities. 214 */ 215 entry = enter(0); 216 217 lml = LIST(lmp); 218 if ((lmflags = lml->lm_flags) & LML_FLG_RTLDLM) { 219 dbg_class = dbg_desc->d_class; 220 dbg_desc->d_class = 0; 221 } 222 223 /* 224 * Perform some basic sanity checks. If we didn't get a load map or 225 * the relocation offset is invalid then its possible someone has walked 226 * over the .got entries or jumped to plt0 out of the blue. 227 */ 228 if (!lmp || ((reloff % sizeof (Rel)) != 0)) { 229 Conv_inv_buf_t inv_buf; 230 231 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_PLTREF), 232 conv_reloc_386_type(R_386_JMP_SLOT, 0, &inv_buf), 233 EC_NATPTR(lmp), EC_XWORD(reloff), EC_NATPTR(from)); 234 rtldexit(lml, 1); 235 } 236 237 /* 238 * Use relocation entry to get symbol table entry and symbol name. 239 */ 240 addr = (ulong_t)JMPREL(lmp); 241 rptr = (Rel *)(addr + reloff); 242 rsymndx = ELF_R_SYM(rptr->r_info); 243 rsym = (Sym *)((ulong_t)SYMTAB(lmp) + (rsymndx * SYMENT(lmp))); 244 name = (char *)(STRTAB(lmp) + rsym->st_name); 245 246 /* 247 * Determine the last link-map of this list, this'll be the starting 248 * point for any tsort() processing. 249 */ 250 llmp = lml->lm_tail; 251 252 /* 253 * Find definition for symbol. Initialize the symbol lookup data 254 * structure. 255 */ 256 SLOOKUP_INIT(sl, name, lmp, lml->lm_head, ld_entry_cnt, 0, 257 rsymndx, rsym, 0, LKUP_DEFT); 258 259 if ((nsym = lookup_sym(&sl, &nlmp, &binfo, NULL)) == 0) { 260 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 261 demangle(name)); 262 rtldexit(lml, 1); 263 } 264 265 symval = nsym->st_value; 266 if (!(FLAGS(nlmp) & FLG_RT_FIXED) && 267 (nsym->st_shndx != SHN_ABS)) 268 symval += ADDR(nlmp); 269 if ((lmp != nlmp) && ((FLAGS1(nlmp) & FL1_RT_NOINIFIN) == 0)) { 270 /* 271 * Record that this new link map is now bound to the caller. 272 */ 273 if (bind_one(lmp, nlmp, BND_REFER) == 0) 274 rtldexit(lml, 1); 275 } 276 277 if ((lml->lm_tflags | FLAGS1(lmp)) & LML_TFLG_AUD_SYMBIND) { 278 uint_t symndx = (((uintptr_t)nsym - 279 (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); 280 symval = audit_symbind(lmp, nlmp, nsym, symndx, symval, 281 &sb_flags); 282 } 283 284 if (!(rtld_flags & RT_FL_NOBIND)) { 285 addr = rptr->r_offset; 286 if (!(FLAGS(lmp) & FLG_RT_FIXED)) 287 addr += ADDR(lmp); 288 if (((lml->lm_tflags | FLAGS1(lmp)) & 289 (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && 290 AUDINFO(lmp)->ai_dynplts) { 291 int fail = 0; 292 uint_t pltndx = reloff / sizeof (Rel); 293 uint_t symndx = (((uintptr_t)nsym - 294 (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); 295 296 symval = (ulong_t)elf_plt_trace_write(addr, lmp, nlmp, 297 nsym, symndx, pltndx, (caddr_t)symval, sb_flags, 298 &fail); 299 if (fail) 300 rtldexit(lml, 1); 301 } else { 302 /* 303 * Write standard PLT entry to jump directly 304 * to newly bound function. 305 */ 306 *(ulong_t *)addr = symval; 307 } 308 } 309 310 /* 311 * Print binding information and rebuild PLT entry. 312 */ 313 DBG_CALL(Dbg_bind_global(lmp, (Addr)from, (Off)(from - ADDR(lmp)), 314 (Xword)(reloff / sizeof (Rel)), PLT_T_FULL, nlmp, (Addr)symval, 315 nsym->st_value, name, binfo)); 316 317 /* 318 * Complete any processing for newly loaded objects. Note we don't 319 * know exactly where any new objects are loaded (we know the object 320 * that supplied the symbol, but others may have been loaded lazily as 321 * we searched for the symbol), so sorting starts from the last 322 * link-map know on entry to this routine. 323 */ 324 if (entry) 325 load_completion(llmp); 326 327 /* 328 * Some operations like dldump() or dlopen()'ing a relocatable object 329 * result in objects being loaded on rtld's link-map, make sure these 330 * objects are initialized also. 331 */ 332 if ((LIST(nlmp)->lm_flags & LML_FLG_RTLDLM) && LIST(nlmp)->lm_init) 333 load_completion(nlmp); 334 335 /* 336 * If the object we've bound to is in the process of being initialized 337 * by another thread, determine whether we should block. 338 */ 339 is_dep_ready(nlmp, lmp, DBG_WAIT_SYMBOL); 340 341 /* 342 * Make sure the object to which we've bound has had it's .init fired. 343 * Cleanup before return to user code. 344 */ 345 if (entry) { 346 is_dep_init(nlmp, lmp); 347 leave(lml, 0); 348 } 349 350 if (lmflags & LML_FLG_RTLDLM) 351 dbg_desc->d_class = dbg_class; 352 353 return (symval); 354 } 355 356 357 /* 358 * When the relocation loop realizes that it's dealing with relative 359 * relocations in a shared object, it breaks into this tighter loop 360 * as an optimization. 361 */ 362 ulong_t 363 elf_reloc_relative(ulong_t relbgn, ulong_t relend, ulong_t relsiz, 364 ulong_t basebgn, ulong_t etext, ulong_t emap) 365 { 366 ulong_t roffset = ((Rel *)relbgn)->r_offset; 367 char rtype; 368 369 do { 370 roffset += basebgn; 371 372 /* 373 * If this relocation is against an address not mapped in, 374 * then break out of the relative relocation loop, falling 375 * back on the main relocation loop. 376 */ 377 if (roffset < etext || roffset > emap) 378 break; 379 380 /* 381 * Perform the actual relocation. 382 */ 383 *((ulong_t *)roffset) += basebgn; 384 385 relbgn += relsiz; 386 387 if (relbgn >= relend) 388 break; 389 390 rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); 391 roffset = ((Rel *)relbgn)->r_offset; 392 393 } while (rtype == R_386_RELATIVE); 394 395 return (relbgn); 396 } 397 398 /* 399 * This is the tightest loop for RELATIVE relocations for those 400 * objects built with the DT_RELACOUNT .dynamic entry. 401 */ 402 ulong_t 403 elf_reloc_relacount(ulong_t relbgn, ulong_t relacount, ulong_t relsiz, 404 ulong_t basebgn) 405 { 406 ulong_t roffset = ((Rel *) relbgn)->r_offset; 407 408 for (; relacount; relacount--) { 409 roffset += basebgn; 410 411 /* 412 * Perform the actual relocation. 413 */ 414 *((ulong_t *)roffset) += basebgn; 415 416 relbgn += relsiz; 417 418 roffset = ((Rel *)relbgn)->r_offset; 419 420 } 421 422 return (relbgn); 423 } 424 425 /* 426 * Read and process the relocations for one link object, we assume all 427 * relocation sections for loadable segments are stored contiguously in 428 * the file. 429 */ 430 int 431 elf_reloc(Rt_map *lmp, uint_t plt, int *in_nfavl) 432 { 433 ulong_t relbgn, relend, relsiz, basebgn; 434 ulong_t pltbgn, pltend, _pltbgn, _pltend; 435 ulong_t roffset, rsymndx, psymndx = 0, etext = ETEXT(lmp); 436 ulong_t emap, dsymndx; 437 uchar_t rtype; 438 long value, pvalue; 439 Sym *symref, *psymref, *symdef, *psymdef; 440 char *name, *pname; 441 Rt_map *_lmp, *plmp; 442 int textrel = 0, ret = 1, noplt = 0; 443 int relacount = RELACOUNT(lmp), plthint = 0; 444 Rel *rel; 445 uint_t binfo, pbinfo; 446 APlist *bound = NULL; 447 448 /* 449 * Although only necessary for lazy binding, initialize the first 450 * global offset entry to go to elf_rtbndr(). dbx(1) seems 451 * to find this useful. 452 */ 453 if ((plt == 0) && PLTGOT(lmp)) { 454 if ((ulong_t)PLTGOT(lmp) < etext) { 455 if (elf_set_prot(lmp, PROT_WRITE) == 0) 456 return (0); 457 textrel = 1; 458 } 459 elf_plt_init(PLTGOT(lmp), (caddr_t)lmp); 460 } 461 462 /* 463 * Initialize the plt start and end addresses. 464 */ 465 if ((pltbgn = (ulong_t)JMPREL(lmp)) != 0) 466 pltend = pltbgn + (ulong_t)(PLTRELSZ(lmp)); 467 468 469 relsiz = (ulong_t)(RELENT(lmp)); 470 basebgn = ADDR(lmp); 471 emap = ADDR(lmp) + MSIZE(lmp); 472 473 if (PLTRELSZ(lmp)) 474 plthint = PLTRELSZ(lmp) / relsiz; 475 476 /* 477 * If we've been called upon to promote an RTLD_LAZY object to an 478 * RTLD_NOW then we're only interested in scaning the .plt table. 479 * An uninitialized .plt is the case where the associated got entry 480 * points back to the plt itself. Determine the range of the real .plt 481 * entries using the _PROCEDURE_LINKAGE_TABLE_ symbol. 482 */ 483 if (plt) { 484 Slookup sl; 485 486 relbgn = pltbgn; 487 relend = pltend; 488 if (!relbgn || (relbgn == relend)) 489 return (1); 490 491 /* 492 * Initialize the symbol lookup data structure. 493 */ 494 SLOOKUP_INIT(sl, MSG_ORIG(MSG_SYM_PLT), lmp, lmp, ld_entry_cnt, 495 elf_hash(MSG_ORIG(MSG_SYM_PLT)), 0, 0, 0, LKUP_DEFT); 496 497 if ((symdef = elf_find_sym(&sl, &_lmp, &binfo, NULL)) == 0) 498 return (1); 499 500 _pltbgn = symdef->st_value; 501 if (!(FLAGS(lmp) & FLG_RT_FIXED) && 502 (symdef->st_shndx != SHN_ABS)) 503 _pltbgn += basebgn; 504 _pltend = _pltbgn + (((PLTRELSZ(lmp) / relsiz)) * 505 M_PLT_ENTSIZE) + M_PLT_RESERVSZ; 506 507 } else { 508 /* 509 * The relocation sections appear to the run-time linker as a 510 * single table. Determine the address of the beginning and end 511 * of this table. There are two different interpretations of 512 * the ABI at this point: 513 * 514 * o The REL table and its associated RELSZ indicate the 515 * concatenation of *all* relocation sections (this is the 516 * model our link-editor constructs). 517 * 518 * o The REL table and its associated RELSZ indicate the 519 * concatenation of all *but* the .plt relocations. These 520 * relocations are specified individually by the JMPREL and 521 * PLTRELSZ entries. 522 * 523 * Determine from our knowledege of the relocation range and 524 * .plt range, the range of the total relocation table. Note 525 * that one other ABI assumption seems to be that the .plt 526 * relocations always follow any other relocations, the 527 * following range checking drops that assumption. 528 */ 529 relbgn = (ulong_t)(REL(lmp)); 530 relend = relbgn + (ulong_t)(RELSZ(lmp)); 531 if (pltbgn) { 532 if (!relbgn || (relbgn > pltbgn)) 533 relbgn = pltbgn; 534 if (!relbgn || (relend < pltend)) 535 relend = pltend; 536 } 537 } 538 if (!relbgn || (relbgn == relend)) { 539 DBG_CALL(Dbg_reloc_run(lmp, 0, plt, DBG_REL_NONE)); 540 return (1); 541 } 542 DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, plt, DBG_REL_START)); 543 544 /* 545 * If we're processing a dynamic executable in lazy mode there is no 546 * need to scan the .rel.plt table, however if we're processing a shared 547 * object in lazy mode the .got addresses associated to each .plt must 548 * be relocated to reflect the location of the shared object. 549 */ 550 if (pltbgn && ((MODE(lmp) & RTLD_NOW) == 0) && 551 (FLAGS(lmp) & FLG_RT_FIXED)) 552 noplt = 1; 553 554 /* 555 * Loop through relocations. 556 */ 557 while (relbgn < relend) { 558 uint_t sb_flags = 0; 559 560 rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); 561 562 /* 563 * If this is a RELATIVE relocation in a shared object (the 564 * common case), and if we are not debugging, then jump into a 565 * tighter relocation loop (elf_reloc_relative). Only make the 566 * jump if we've been given a hint on the number of relocations. 567 */ 568 if ((rtype == R_386_RELATIVE) && 569 ((FLAGS(lmp) & FLG_RT_FIXED) == 0) && (DBG_ENABLED == 0)) { 570 /* 571 * It's possible that the relative relocation block 572 * has relocations against the text segment as well 573 * as the data segment. Since our optimized relocation 574 * engine does not check which segment the relocation 575 * is against - just mprotect it now if it's been 576 * marked as containing TEXTREL's. 577 */ 578 if ((textrel == 0) && (FLAGS1(lmp) & FL1_RT_TEXTREL)) { 579 if (elf_set_prot(lmp, PROT_WRITE) == 0) { 580 ret = 0; 581 break; 582 } 583 textrel = 1; 584 } 585 586 if (relacount) { 587 relbgn = elf_reloc_relacount(relbgn, relacount, 588 relsiz, basebgn); 589 relacount = 0; 590 } else { 591 relbgn = elf_reloc_relative(relbgn, relend, 592 relsiz, basebgn, etext, emap); 593 } 594 if (relbgn >= relend) 595 break; 596 rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); 597 } 598 599 roffset = ((Rel *)relbgn)->r_offset; 600 601 /* 602 * If this is a shared object, add the base address to offset. 603 */ 604 if (!(FLAGS(lmp) & FLG_RT_FIXED)) { 605 606 /* 607 * If we're processing lazy bindings, we have to step 608 * through the plt entries and add the base address 609 * to the corresponding got entry. 610 */ 611 if (plthint && (plt == 0) && 612 (rtype == R_386_JMP_SLOT) && 613 ((MODE(lmp) & RTLD_NOW) == 0)) { 614 relbgn = elf_reloc_relacount(relbgn, 615 plthint, relsiz, basebgn); 616 plthint = 0; 617 continue; 618 } 619 roffset += basebgn; 620 } 621 622 rsymndx = ELF_R_SYM(((Rel *)relbgn)->r_info); 623 rel = (Rel *)relbgn; 624 relbgn += relsiz; 625 626 /* 627 * Optimizations. 628 */ 629 if (rtype == R_386_NONE) 630 continue; 631 if (noplt && ((ulong_t)rel >= pltbgn) && 632 ((ulong_t)rel < pltend)) { 633 relbgn = pltend; 634 continue; 635 } 636 637 /* 638 * If we're promoting plts determine if this one has already 639 * been written. 640 */ 641 if (plt) { 642 if ((*(ulong_t *)roffset < _pltbgn) || 643 (*(ulong_t *)roffset > _pltend)) 644 continue; 645 } 646 647 /* 648 * If this relocation is not against part of the image 649 * mapped into memory we skip it. 650 */ 651 if ((roffset < ADDR(lmp)) || (roffset > (ADDR(lmp) + 652 MSIZE(lmp)))) { 653 elf_reloc_bad(lmp, (void *)rel, rtype, roffset, 654 rsymndx); 655 continue; 656 } 657 658 binfo = 0; 659 /* 660 * If a symbol index is specified then get the symbol table 661 * entry, locate the symbol definition, and determine its 662 * address. 663 */ 664 if (rsymndx) { 665 /* 666 * Get the local symbol table entry. 667 */ 668 symref = (Sym *)((ulong_t)SYMTAB(lmp) + 669 (rsymndx * SYMENT(lmp))); 670 671 /* 672 * If this is a local symbol, just use the base address. 673 * (we should have no local relocations in the 674 * executable). 675 */ 676 if (ELF_ST_BIND(symref->st_info) == STB_LOCAL) { 677 value = basebgn; 678 name = (char *)0; 679 680 /* 681 * Special case TLS relocations. 682 */ 683 if (rtype == R_386_TLS_DTPMOD32) { 684 /* 685 * Use the TLS modid. 686 */ 687 value = TLSMODID(lmp); 688 689 } else if (rtype == R_386_TLS_TPOFF) { 690 if ((value = elf_static_tls(lmp, symref, 691 rel, rtype, 0, roffset, 0)) == 0) { 692 ret = 0; 693 break; 694 } 695 } 696 } else { 697 /* 698 * If the symbol index is equal to the previous 699 * symbol index relocation we processed then 700 * reuse the previous values. (Note that there 701 * have been cases where a relocation exists 702 * against a copy relocation symbol, our ld(1) 703 * should optimize this away, but make sure we 704 * don't use the same symbol information should 705 * this case exist). 706 */ 707 if ((rsymndx == psymndx) && 708 (rtype != R_386_COPY)) { 709 /* LINTED */ 710 if (psymdef == 0) { 711 DBG_CALL(Dbg_bind_weak(lmp, 712 (Addr)roffset, (Addr) 713 (roffset - basebgn), name)); 714 continue; 715 } 716 /* LINTED */ 717 value = pvalue; 718 /* LINTED */ 719 name = pname; 720 /* LINTED */ 721 symdef = psymdef; 722 /* LINTED */ 723 symref = psymref; 724 /* LINTED */ 725 _lmp = plmp; 726 /* LINTED */ 727 binfo = pbinfo; 728 729 if ((LIST(_lmp)->lm_tflags | 730 FLAGS1(_lmp)) & 731 LML_TFLG_AUD_SYMBIND) { 732 value = audit_symbind(lmp, _lmp, 733 /* LINTED */ 734 symdef, dsymndx, value, 735 &sb_flags); 736 } 737 } else { 738 Slookup sl; 739 740 /* 741 * Lookup the symbol definition. 742 * Initialize the symbol lookup data 743 * structure. 744 */ 745 name = (char *)(STRTAB(lmp) + 746 symref->st_name); 747 748 SLOOKUP_INIT(sl, name, lmp, 0, 749 ld_entry_cnt, 0, rsymndx, symref, 750 rtype, LKUP_STDRELOC); 751 752 symdef = lookup_sym(&sl, &_lmp, 753 &binfo, in_nfavl); 754 755 /* 756 * If the symbol is not found and the 757 * reference was not to a weak symbol, 758 * report an error. Weak references 759 * may be unresolved. 760 */ 761 /* BEGIN CSTYLED */ 762 if (symdef == 0) { 763 if (sl.sl_bind != STB_WEAK) { 764 if (elf_reloc_error(lmp, name, 765 rel, binfo)) 766 continue; 767 768 ret = 0; 769 break; 770 771 } else { 772 psymndx = rsymndx; 773 psymdef = 0; 774 775 DBG_CALL(Dbg_bind_weak(lmp, 776 (Addr)roffset, (Addr) 777 (roffset - basebgn), name)); 778 continue; 779 } 780 } 781 /* END CSTYLED */ 782 783 /* 784 * If symbol was found in an object 785 * other than the referencing object 786 * then record the binding. 787 */ 788 if ((lmp != _lmp) && ((FLAGS1(_lmp) & 789 FL1_RT_NOINIFIN) == 0)) { 790 if (aplist_test(&bound, _lmp, 791 AL_CNT_RELBIND) == 0) { 792 ret = 0; 793 break; 794 } 795 } 796 797 /* 798 * Calculate the location of definition; 799 * symbol value plus base address of 800 * containing shared object. 801 */ 802 if (IS_SIZE(rtype)) 803 value = symdef->st_size; 804 else 805 value = symdef->st_value; 806 807 if (!(FLAGS(_lmp) & FLG_RT_FIXED) && 808 !(IS_SIZE(rtype)) && 809 (symdef->st_shndx != SHN_ABS) && 810 (ELF_ST_TYPE(symdef->st_info) != 811 STT_TLS)) 812 value += ADDR(_lmp); 813 814 /* 815 * Retain this symbol index and the 816 * value in case it can be used for the 817 * subsequent relocations. 818 */ 819 if (rtype != R_386_COPY) { 820 psymndx = rsymndx; 821 pvalue = value; 822 pname = name; 823 psymdef = symdef; 824 psymref = symref; 825 plmp = _lmp; 826 pbinfo = binfo; 827 } 828 if ((LIST(_lmp)->lm_tflags | 829 FLAGS1(_lmp)) & 830 LML_TFLG_AUD_SYMBIND) { 831 dsymndx = (((uintptr_t)symdef - 832 (uintptr_t)SYMTAB(_lmp)) / 833 SYMENT(_lmp)); 834 value = audit_symbind(lmp, _lmp, 835 symdef, dsymndx, value, 836 &sb_flags); 837 } 838 } 839 840 /* 841 * If relocation is PC-relative, subtract 842 * offset address. 843 */ 844 if (IS_PC_RELATIVE(rtype)) 845 value -= roffset; 846 847 /* 848 * Special case TLS relocations. 849 */ 850 if (rtype == R_386_TLS_DTPMOD32) { 851 /* 852 * Relocation value is the TLS modid. 853 */ 854 value = TLSMODID(_lmp); 855 856 } else if (rtype == R_386_TLS_TPOFF) { 857 if ((value = elf_static_tls(_lmp, 858 symdef, rel, rtype, name, roffset, 859 value)) == 0) { 860 ret = 0; 861 break; 862 } 863 } 864 } 865 } else { 866 /* 867 * Special cases. 868 */ 869 if (rtype == R_386_TLS_DTPMOD32) { 870 /* 871 * TLS relocation value is the TLS modid. 872 */ 873 value = TLSMODID(lmp); 874 } else 875 value = basebgn; 876 name = (char *)0; 877 } 878 879 DBG_CALL(Dbg_reloc_in(LIST(lmp), ELF_DBG_RTLD, M_MACH, 880 M_REL_SHT_TYPE, rel, NULL, name)); 881 882 /* 883 * If this object has relocations in the text segment, turn 884 * off the write protect. 885 */ 886 if ((roffset < etext) && (textrel == 0)) { 887 if (elf_set_prot(lmp, PROT_WRITE) == 0) { 888 ret = 0; 889 break; 890 } 891 textrel = 1; 892 } 893 894 /* 895 * Call relocation routine to perform required relocation. 896 */ 897 switch (rtype) { 898 case R_386_COPY: 899 if (elf_copy_reloc(name, symref, lmp, (void *)roffset, 900 symdef, _lmp, (const void *)value) == 0) 901 ret = 0; 902 break; 903 case R_386_JMP_SLOT: 904 if (((LIST(lmp)->lm_tflags | FLAGS1(lmp)) & 905 (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && 906 AUDINFO(lmp)->ai_dynplts) { 907 int fail = 0; 908 int pltndx = (((ulong_t)rel - 909 (uintptr_t)JMPREL(lmp)) / relsiz); 910 int symndx = (((uintptr_t)symdef - 911 (uintptr_t)SYMTAB(_lmp)) / SYMENT(_lmp)); 912 913 (void) elf_plt_trace_write(roffset, lmp, _lmp, 914 symdef, symndx, pltndx, (caddr_t)value, 915 sb_flags, &fail); 916 if (fail) 917 ret = 0; 918 } else { 919 /* 920 * Write standard PLT entry to jump directly 921 * to newly bound function. 922 */ 923 DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), 924 ELF_DBG_RTLD, (Xword)roffset, 925 (Xword)value)); 926 *(ulong_t *)roffset = value; 927 } 928 break; 929 default: 930 /* 931 * Write the relocation out. 932 */ 933 if (do_reloc_rtld(rtype, (uchar_t *)roffset, 934 (Word *)&value, name, NAME(lmp), LIST(lmp)) == 0) 935 ret = 0; 936 937 DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), ELF_DBG_RTLD, 938 (Xword)roffset, (Xword)value)); 939 } 940 941 if ((ret == 0) && 942 ((LIST(lmp)->lm_flags & LML_FLG_TRC_WARN) == 0)) 943 break; 944 945 if (binfo) { 946 DBG_CALL(Dbg_bind_global(lmp, (Addr)roffset, 947 (Off)(roffset - basebgn), (Xword)(-1), PLT_T_FULL, 948 _lmp, (Addr)value, symdef->st_value, name, binfo)); 949 } 950 } 951 952 return (relocate_finish(lmp, bound, textrel, ret)); 953 } 954 955 /* 956 * Initialize the first few got entries so that function calls go to 957 * elf_rtbndr: 958 * 959 * GOT[GOT_XLINKMAP] = the address of the link map 960 * GOT[GOT_XRTLD] = the address of rtbinder 961 */ 962 void 963 elf_plt_init(void *got, caddr_t l) 964 { 965 uint_t *_got; 966 /* LINTED */ 967 Rt_map *lmp = (Rt_map *)l; 968 969 _got = (uint_t *)got + M_GOT_XLINKMAP; 970 *_got = (uint_t)lmp; 971 _got = (uint_t *)got + M_GOT_XRTLD; 972 *_got = (uint_t)elf_rtbndr; 973 } 974 975 /* 976 * For SVR4 Intel compatability. USL uses /usr/lib/libc.so.1 as the run-time 977 * linker, so the interpreter's address will differ from /usr/lib/ld.so.1. 978 * Further, USL has special _iob[] and _ctype[] processing that makes up for the 979 * fact that these arrays do not have associated copy relocations. So we try 980 * and make up for that here. Any relocations found will be added to the global 981 * copy relocation list and will be processed in setup(). 982 */ 983 static int 984 _elf_copy_reloc(const char *name, Rt_map *rlmp, Rt_map *dlmp) 985 { 986 Sym *symref, *symdef; 987 caddr_t ref, def; 988 Rt_map *_lmp; 989 Rel rel; 990 Slookup sl; 991 uint_t binfo; 992 993 /* 994 * Determine if the special symbol exists as a reference in the dynamic 995 * executable, and that an associated definition exists in libc.so.1. 996 * 997 * Initialize the symbol lookup data structure. 998 */ 999 SLOOKUP_INIT(sl, name, rlmp, rlmp, ld_entry_cnt, 0, 0, 0, 0, 1000 LKUP_FIRST); 1001 1002 if ((symref = lookup_sym(&sl, &_lmp, &binfo, NULL)) == 0) 1003 return (1); 1004 1005 sl.sl_imap = dlmp; 1006 sl.sl_flags = LKUP_DEFT; 1007 1008 if ((symdef = lookup_sym(&sl, &_lmp, &binfo, NULL)) == 0) 1009 return (1); 1010 if (strcmp(NAME(_lmp), MSG_ORIG(MSG_PTH_LIBC))) 1011 return (1); 1012 1013 /* 1014 * Determine the reference and definition addresses. 1015 */ 1016 ref = (void *)(symref->st_value); 1017 if (!(FLAGS(rlmp) & FLG_RT_FIXED)) 1018 ref += ADDR(rlmp); 1019 def = (void *)(symdef->st_value); 1020 if (!(FLAGS(_lmp) & FLG_RT_FIXED)) 1021 def += ADDR(_lmp); 1022 1023 /* 1024 * Set up a relocation entry for debugging and call the generic copy 1025 * relocation function to provide symbol size error checking and to 1026 * record the copy relocation that must be performed. 1027 */ 1028 rel.r_offset = (Addr)ref; 1029 rel.r_info = (Word)R_386_COPY; 1030 DBG_CALL(Dbg_reloc_in(LIST(rlmp), ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, 1031 &rel, NULL, name)); 1032 1033 return (elf_copy_reloc((char *)name, symref, rlmp, (void *)ref, symdef, 1034 _lmp, (void *)def)); 1035 } 1036 1037 int 1038 elf_copy_gen(Rt_map *lmp) 1039 { 1040 if (interp && ((ulong_t)interp->i_faddr != 1041 r_debug.rtd_rdebug.r_ldbase) && 1042 !(strcmp(interp->i_name, MSG_ORIG(MSG_PTH_LIBC)))) { 1043 1044 DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, 0, 1045 DBG_REL_START)); 1046 1047 if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_CTYPE), lmp, 1048 (Rt_map *)NEXT(lmp)) == 0) 1049 return (0); 1050 if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_IOB), lmp, 1051 (Rt_map *)NEXT(lmp)) == 0) 1052 return (0); 1053 } 1054 return (1); 1055 } 1056 1057 /* 1058 * Plt writing interface to allow debugging initialization to be generic. 1059 */ 1060 Pltbindtype 1061 /* ARGSUSED1 */ 1062 elf_plt_write(uintptr_t addr, uintptr_t vaddr, void *rptr, uintptr_t symval, 1063 Xword pltndx) 1064 { 1065 Rel *rel = (Rel*)rptr; 1066 uintptr_t pltaddr; 1067 1068 pltaddr = addr + rel->r_offset; 1069 *(ulong_t *)pltaddr = (ulong_t)symval; 1070 DBG_CALL(pltcntfull++); 1071 return (PLT_T_FULL); 1072 } 1073 1074 /* 1075 * Provide a machine specific interface to the conversion routine. By calling 1076 * the machine specific version, rather than the generic version, we insure that 1077 * the data tables/strings for all known machine versions aren't dragged into 1078 * ld.so.1. 1079 */ 1080 const char * 1081 _conv_reloc_type(uint_t rel) 1082 { 1083 static Conv_inv_buf_t inv_buf; 1084 1085 return (conv_reloc_386_type(rel, 0, &inv_buf)); 1086 } 1087