1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Run time linker common setup. 34 * 35 * Called from _setup to get the process going at startup. 36 */ 37 38 #include <stdlib.h> 39 #include <fcntl.h> 40 #include <stdio.h> 41 #include <sys/types.h> 42 #include <sys/stat.h> 43 #include <sys/mman.h> 44 #include <string.h> 45 #include <stdio.h> 46 #include <unistd.h> 47 #include <dlfcn.h> 48 #include <sys/sysconfig.h> 49 #include <sys/auxv.h> 50 #include <debug.h> 51 #include <conv.h> 52 #include "_rtld.h" 53 #include "_audit.h" 54 #include "_elf.h" 55 #include "_a.out.h" 56 #include "msg.h" 57 58 59 extern int _end, _edata, _etext; 60 extern void _init(void); 61 extern int _brk_unlocked(void *); 62 63 #ifndef SGS_PRE_UNIFIED_PROCESS 64 /* needed for _brk_unlocked() */ 65 void *_nd = &_end; 66 #endif 67 68 /* 69 * Define for the executable's interpreter. 70 * Usually it is ld.so.1, but for the first release of ICL binaries 71 * it is libc.so.1. We keep this information so that we don't end 72 * up mapping libc twice if it is the interpreter. 73 */ 74 static Interp _interp; 75 76 77 static int 78 preload(const char *str, Rt_map *lmp) 79 { 80 Rt_map *clmp = lmp; 81 char *objs, *ptr, *next; 82 Word lmflags = lml_main.lm_flags; 83 uint_t flags; 84 85 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 86 87 if ((objs = strdup(str)) == 0) 88 return (0); 89 90 /* 91 * Establish the flags for loading each object. If we're called via 92 * lddstub, then the first shared object is the object being inspected 93 * by ldd(1). This object should not be marked as an interposer, as 94 * it is intended to act like the first object of the process. 95 */ 96 if ((lmflags & LML_FLG_TRC_ENABLE) && (FLAGS1(lmp) & FL1_RT_LDDSTUB)) 97 flags = FLG_RT_PRELOAD; 98 else 99 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); 100 101 ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); 102 do { 103 Pnode *pnp; 104 Rt_map *nlmp = 0; 105 106 DBG_CALL(Dbg_file_preload(&lml_main, ptr)); 107 108 /* 109 * If this a secure application, then preload errors are 110 * reduced to warnings, as the errors are non-fatal. 111 */ 112 if (rtld_flags & RT_FL_SECURE) 113 rtld_flags2 |= RT_FL2_FTL2WARN; 114 if ((pnp = expand_paths(clmp, ptr, PN_FLG_EXTLOAD, 0)) != 0) 115 nlmp = load_one(&lml_main, ALIST_OFF_DATA, pnp, clmp, 116 MODE(lmp), flags, 0, NULL); 117 if (pnp) 118 remove_pnode(pnp); 119 if (rtld_flags & RT_FL_SECURE) 120 rtld_flags2 &= ~RT_FL2_FTL2WARN; 121 if (nlmp && (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 122 nlmp = 0; 123 124 /* 125 * Establish state for the next preloadable object. If no 126 * error occurred with loading this object, indicate that this 127 * link-map list contains an interposer. 128 */ 129 flags |= FLG_RT_OBJINTPO; 130 if (nlmp == 0) { 131 if ((lmflags & LML_FLG_TRC_ENABLE) || 132 (rtld_flags & RT_FL_SECURE)) 133 continue; 134 else 135 return (0); 136 } 137 lml_main.lm_flags |= LML_FLG_INTRPOSE; 138 139 /* 140 * If we're tracing shared objects via lddstub, establish a 141 * binding between the initial shared object and lddstub so that 142 * the shared object isn't called out from unused() processing. 143 * After the first object is loaded increment the caller to the 144 * initial preloaded object to provide intuitive ldd -v and -s 145 * diagnostics 146 */ 147 if ((lmflags & LML_FLG_TRC_ENABLE) && 148 (FLAGS1(lmp) & FL1_RT_LDDSTUB)) { 149 if ((lmp == clmp) && (lmflags & 150 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED))) { 151 if (bind_one(clmp, nlmp, BND_REFER) == 0) 152 continue; 153 } 154 clmp = NEXT_RT_MAP(lmp); 155 } 156 157 } while ((ptr = strtok_r(NULL, 158 MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL); 159 160 free(objs); 161 return (1); 162 } 163 164 Rt_map * 165 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, 166 char *_rtldname, Dyn *dyn_ptr, ulong_t ld_base, ulong_t interp_base, int fd, 167 Phdr *phdr, char *execname, char **argv, int dz_fd, uid_t uid, 168 uid_t euid, gid_t gid, gid_t egid, void *aoutdyn, int auxflags, 169 uint_t hwcap_1) 170 { 171 Rt_map *rlmp, *mlmp, **tobj = 0; 172 Ehdr *ehdr; 173 rtld_stat_t status; 174 int features = 0, ldsoexec = 0; 175 size_t eaddr, esize; 176 char *str, *argvname; 177 Mmap *mmaps; 178 Word lmflags; 179 180 /* 181 * Now that ld.so has relocated itself, initialize our own 'environ' so 182 * as to establish an address suitable for libc's hardware mul/div 183 * magic (libc/sparc/crt/hwmuldiv.o). 184 */ 185 _environ = (char **)((ulong_t)auxv - sizeof (char *)); 186 _init(); 187 _environ = envp; 188 189 /* 190 * Far the most common application execution revolves around appending 191 * the application name to the users PATH definition, thus a full name 192 * is passed to exec() which will in turn be returned via 193 * AT_SUN_EXECNAME. Applications may also be invoked from the current 194 * working directory, or via a relative name. 195 * 196 * Determine whether the kernel has supplied a AT_SUN_EXECNAME aux 197 * vector. This vector points to the full pathname, on the stack, of 198 * the object that started the process. If this is null, then 199 * AT_SUN_EXECNAME isn't supported (if the pathname exceeded the system 200 * limit (PATH_MAX) the exec would have failed). This flag is used to 201 * determine whether we can call resolvepath(). 202 */ 203 if (execname) 204 rtld_flags |= RT_FL_EXECNAME; 205 206 /* 207 * Determine how ld.so.1 has been executed. 208 */ 209 if ((fd == -1) && (phdr == 0)) { 210 /* 211 * If we received neither the AT_EXECFD nor the AT_PHDR aux 212 * vector, ld.so.1 must have been invoked directly from the 213 * command line. 214 */ 215 ldsoexec = 1; 216 217 /* 218 * AT_SUN_EXECNAME provides the most precise name, if it is 219 * available, otherwise fall back to argv[0]. At this time, 220 * there is no process name. 221 */ 222 if (execname) 223 rtldname = execname; 224 else if (argv[0]) 225 rtldname = argv[0]; 226 else 227 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 228 } else { 229 /* 230 * Otherwise, we have a standard process. AT_SUN_EXECNAME 231 * provides the most precise name, if it is available, 232 * otherwise fall back to argv[0]. Provided the application 233 * is already mapped, the process is the application, so 234 * simplify the application name for use in any diagnostics. 235 */ 236 if (execname) 237 argvname = execname; 238 else if (argv[0]) 239 argvname = execname = argv[0]; 240 else 241 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 242 243 if (fd == -1) { 244 if ((str = strrchr(argvname, '/')) != 0) 245 procname = ++str; 246 else 247 procname = argvname; 248 } 249 250 /* 251 * At this point, we don't know the runtime linkers full path 252 * name. The _rtldname passed to us is the SONAME of the 253 * runtime linker, which is typically /lib/ld.so.1 no matter 254 * what the full path is. Use this for now, we'll reset the 255 * runtime linkers name once the application is analyzed. 256 */ 257 if (_rtldname) { 258 if ((str = strrchr(_rtldname, '/')) != 0) 259 rtldname = ++str; 260 else 261 rtldname = _rtldname; 262 } else 263 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 264 } 265 266 /* 267 * Initialize any global variables. 268 */ 269 at_flags = _flags; 270 if (dz_fd != FD_UNAVAIL) 271 dz_init(dz_fd); 272 platform = _platform; 273 274 /* 275 * If pagesize is unspecified find its value. 276 */ 277 if ((syspagsz = _syspagsz) == 0) 278 syspagsz = _sysconfig(_CONFIG_PAGESIZE); 279 fmap_setup(); 280 281 /* 282 * Add the unused portion of the last data page to the free space list. 283 * The page size must be set before doing this. Here, _end refers to 284 * the end of the runtime linkers bss. Note that we do not use the 285 * unused data pages from any included .so's to supplement this free 286 * space as badly behaved .os's may corrupt this data space, and in so 287 * doing ruin our data. 288 */ 289 eaddr = S_DROUND((size_t)&_end); 290 esize = eaddr % syspagsz; 291 if (esize) { 292 esize = syspagsz - esize; 293 addfree((void *)eaddr, esize); 294 } 295 296 /* 297 * Establish initial link-map list flags, and link-map list alists. 298 */ 299 if (alist_append(&lml_main.lm_lists, 0, sizeof (Lm_cntl), 300 AL_CNT_LMLISTS) == 0) 301 return (0); 302 lml_main.lm_flags |= LML_FLG_BASELM; 303 lml_main.lm_lmid = LM_ID_BASE; 304 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); 305 306 if (alist_append(&lml_rtld.lm_lists, 0, sizeof (Lm_cntl), 307 AL_CNT_LMLISTS) == 0) 308 return (0); 309 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_NOAUDIT | 310 LML_FLG_HOLDLOCK); 311 lml_rtld.lm_lmid = LM_ID_LDSO; 312 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); 313 314 /* 315 * Determine whether we have a secure executable. 316 */ 317 security(uid, euid, gid, egid, auxflags); 318 319 /* 320 * Initialize a hardware capability descriptor for use in comparing 321 * each loaded object. 322 */ 323 #ifdef AT_SUN_AUXFLAGS 324 if (auxflags & AF_SUN_HWCAPVERIFY) { 325 rtld_flags2 |= RT_FL2_HWCAP; 326 hwcap = (ulong_t)hwcap_1; 327 } 328 #endif 329 /* 330 * Look for environment strings (allows things like LD_NOAUDIT to be 331 * established, although debugging isn't enabled until later). 332 */ 333 if ((readenv_user((const char **)envp, &(lml_main.lm_flags), 334 &(lml_main.lm_tflags), (aoutdyn != 0))) == 1) 335 return (0); 336 337 /* 338 * Create a mapping descriptor for ld.so.1. We can determine our 339 * two segments information from known symbols. 340 */ 341 if ((mmaps = calloc(3, sizeof (Mmap))) == 0) 342 return (0); 343 mmaps[0].m_vaddr = (caddr_t)M_PTRUNC(ld_base); 344 mmaps[0].m_msize = (size_t)((caddr_t)&_etext - mmaps[0].m_vaddr); 345 mmaps[0].m_fsize = mmaps[0].m_msize; 346 mmaps[0].m_perm = (PROT_READ | PROT_EXEC); 347 mmaps[1].m_vaddr = (caddr_t)M_PTRUNC((ulong_t)&r_debug); 348 mmaps[1].m_msize = (size_t)((caddr_t)&_end - mmaps[1].m_vaddr); 349 mmaps[1].m_fsize = (size_t)((caddr_t)&_edata - mmaps[1].m_vaddr); 350 mmaps[1].m_perm = (PROT_READ | PROT_WRITE | PROT_EXEC); 351 352 /* 353 * Create a link map structure for ld.so.1. 354 */ 355 if ((rlmp = elf_new_lm(&lml_rtld, _rtldname, rtldname, dyn_ptr, ld_base, 356 (ulong_t)&_etext, ALIST_OFF_DATA, (ulong_t)(eaddr - ld_base), 0, 357 ld_base, (ulong_t)(eaddr - ld_base), mmaps, 2, NULL)) == 0) { 358 return (0); 359 } 360 361 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 362 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | 363 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); 364 365 /* 366 * Initialize the runtime linkers information. 367 */ 368 interp = &_interp; 369 interp->i_name = NAME(rlmp); 370 interp->i_faddr = (caddr_t)ADDR(rlmp); 371 ldso_plt_init(rlmp); 372 373 /* 374 * If ld.so.1 has been invoked directly, process its arguments. 375 */ 376 if (ldsoexec) { 377 /* 378 * Process any arguments that are specific to ld.so.1, and 379 * reorganize the process stack to effectively remove ld.so.1 380 * from it. Reinitialize the environment pointer, as this may 381 * have been shifted after skipping ld.so.1's arguments. 382 */ 383 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), 384 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { 385 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); 386 return (0); 387 } 388 _environ = envp; 389 390 /* 391 * Open the object that ld.so.1 is to execute. 392 */ 393 argvname = execname = argv[0]; 394 395 if ((fd = open(argvname, O_RDONLY)) == -1) { 396 int err = errno; 397 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), 398 argvname, strerror(err)); 399 return (0); 400 } 401 } 402 403 /* 404 * Map in the file, if exec has not already done so. If it has, 405 * simply create a new link map structure for the executable. 406 */ 407 if (fd != -1) { 408 Rej_desc rej; 409 Fct *ftp; 410 411 /* 412 * Find out what type of object we have. 413 */ 414 (void) rtld_fstat(fd, &status); 415 if ((ftp = are_u_this(&rej, fd, &status, argvname)) == 0) { 416 Conv_reject_desc_buf_t rej_buf; 417 418 eprintf(&lml_main, ERR_FATAL, 419 MSG_INTL(err_reject[rej.rej_type]), argvname, 420 conv_reject_desc(&rej, &rej_buf, M_MACH)); 421 return (0); 422 } 423 424 /* 425 * Map in object. 426 */ 427 if ((mlmp = (ftp->fct_map_so)(&lml_main, ALIST_OFF_DATA, 428 execname, argvname, fd, NULL)) == 0) 429 return (0); 430 431 /* 432 * We now have a process name for error diagnostics. 433 */ 434 if ((str = strrchr(argvname, '/')) != 0) 435 procname = ++str; 436 else 437 procname = argvname; 438 439 if (ldsoexec) { 440 Addr brkbase = 0; 441 442 /* 443 * Since ld.so.1 was the primary executed object - the 444 * brk() base has not yet been initialized, we need to 445 * initialize it. For an executable, initialize it to 446 * the end of the object. For a shared object (ET_DYN) 447 * initialize it to the first page in memory. 448 */ 449 ehdr = (Ehdr *)ADDR(mlmp); 450 451 if ((FCT(mlmp) == &elf_fct) && 452 (ehdr->e_type == ET_EXEC)) { 453 int i; 454 Phdr *_phdr = (Phdr *)((uintptr_t)ADDR(mlmp) + 455 ehdr->e_phoff); 456 457 /* 458 * We scan the program headers to find the tail 459 * of the memory image. We can't use MSIZE() 460 * since that's already been page aligned. 461 */ 462 for (i = 0; i < ehdr->e_phnum; i++, _phdr++) { 463 if (_phdr->p_type == PT_LOAD) 464 brkbase = _phdr->p_vaddr + 465 _phdr->p_memsz; 466 } 467 } 468 469 if (!brkbase) 470 brkbase = syspagsz; 471 472 if (_brk_unlocked((void *)brkbase) == -1) { 473 int err = errno; 474 eprintf(&lml_main, ERR_FATAL, 475 MSG_INTL(MSG_SYS_BRK), argvname, 476 strerror(err)); 477 } 478 } 479 480 /* 481 * The object has now been mmaped, we no longer need the file 482 * descriptor. 483 */ 484 (void) close(fd); 485 486 } else { 487 /* 488 * Set up function ptr and arguments according to the type 489 * of file class the executable is. (Currently only supported 490 * types are ELF and a.out format.) Then create a link map 491 * for the executable. 492 */ 493 if (aoutdyn) { 494 #ifdef A_OUT 495 if ((mlmp = aout_new_lm(&lml_main, execname, argvname, 496 aoutdyn, 0, 0, ALIST_OFF_DATA)) == 0) 497 return (0); 498 499 /* 500 * Set the memory size. Note, we only know the end of 501 * text, and although we could find the _end by looking 502 * up the symbol, this may not be present. We should 503 * set ADDR to MAIN_BASE, but presently all the a.out 504 * relocation code assumes ADDR is 0 for the dynamic 505 * executable. (these data items are only used for 506 * dladdr(3x), and there aren't many a.out dladdr(3x) 507 * users to warrant spending much time on this :-). 508 */ 509 MSIZE(mlmp) = MAIN_BASE + ETEXT(mlmp); 510 511 /* 512 * Disable any object configuration cache (BCP apps 513 * bring in sbcp which can benefit from any object 514 * cache, but both the app and sbcp can't use the same 515 * objects). 516 */ 517 rtld_flags |= RT_FL_NOOBJALT; 518 519 /* 520 * Make sure no-direct bindings are in effect. 521 */ 522 lml_main.lm_tflags |= LML_TFLG_NODIRECT; 523 #else 524 eprintf(&lml_main, ERR_FATAL, 525 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); 526 return (0); 527 #endif 528 } else if (phdr) { 529 Phdr *pptr, *firstptr = 0, *lastptr; 530 Phdr *tlsphdr = 0, *unwindphdr = 0; 531 Dyn *dyn = 0; 532 Cap *cap = 0; 533 Off i_offset = 0; 534 Addr base = 0; 535 ulong_t memsize, phsize, entry, etext; 536 uint_t mmapcnt = 0; 537 int i; 538 539 /* 540 * Using the executables phdr address determine the base 541 * address of the input file. NOTE, this assumes the 542 * program headers and elf header are part of the same 543 * mapped segment. Although this has held for many 544 * years now, it might be more flexible if the kernel 545 * gave use the ELF headers start address, rather than 546 * the Program headers. 547 * 548 * Determine from the ELF header if we're been called 549 * from a shared object or dynamic executable. If the 550 * latter, then any addresses within the object are used 551 * as is. Addresses within shared objects must be added 552 * to the process's base address. 553 */ 554 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); 555 phsize = ehdr->e_phentsize; 556 if (ehdr->e_type == ET_DYN) 557 base = (Addr)ehdr; 558 559 /* 560 * Allocate a mapping array to retain mapped segment 561 * information. 562 */ 563 if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0) 564 return (0); 565 566 /* 567 * Extract the needed information from the segment 568 * headers. 569 */ 570 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { 571 if (pptr->p_type == PT_INTERP) { 572 i_offset = pptr->p_offset; 573 interp->i_faddr = 574 (caddr_t)interp_base; 575 } 576 if ((pptr->p_type == PT_LOAD) && 577 (pptr->p_filesz || pptr->p_memsz)) { 578 int perm = (PROT_READ | PROT_EXEC); 579 size_t off; 580 581 if (!firstptr) 582 firstptr = pptr; 583 lastptr = pptr; 584 if (i_offset && pptr->p_filesz && 585 (i_offset >= pptr->p_offset) && 586 (i_offset <= 587 (pptr->p_memsz + pptr->p_offset))) { 588 interp->i_name = (char *) 589 pptr->p_vaddr + i_offset - 590 pptr->p_offset + base; 591 i_offset = 0; 592 } 593 if ((pptr->p_flags & 594 (PF_R | PF_W)) == PF_R) 595 etext = pptr->p_vaddr + 596 pptr->p_memsz + base; 597 else 598 perm |= PROT_WRITE; 599 600 /* 601 * Retain segments mapping info. Round 602 * each segment to a page boundary, as 603 * this insures addresses are suitable 604 * for mprotect() if required. 605 */ 606 off = pptr->p_vaddr + base; 607 mmaps[mmapcnt].m_vaddr = 608 (caddr_t)M_PTRUNC(off); 609 off -= (size_t)mmaps[mmapcnt].m_vaddr; 610 mmaps[mmapcnt].m_msize = 611 pptr->p_memsz + off; 612 mmaps[mmapcnt].m_fsize = 613 pptr->p_filesz + off; 614 mmaps[mmapcnt].m_perm = perm; 615 mmapcnt++; 616 617 } else if (pptr->p_type == PT_DYNAMIC) { 618 dyn = (Dyn *)(pptr->p_vaddr + base); 619 } else if ((pptr->p_type == PT_TLS) && 620 pptr->p_memsz) { 621 tlsphdr = pptr; 622 } else if (pptr->p_type == PT_SUNW_UNWIND) { 623 unwindphdr = pptr; 624 } else if (pptr->p_type == PT_SUNWCAP) { 625 cap = (Cap *)(pptr->p_vaddr + base); 626 } 627 pptr = (Phdr *)((ulong_t)pptr + phsize); 628 } 629 630 631 memsize = (lastptr->p_vaddr + lastptr->p_memsz) - 632 S_ALIGN(firstptr->p_vaddr, syspagsz); 633 634 entry = ehdr->e_entry; 635 if (ehdr->e_type == ET_DYN) 636 entry += (ulong_t)ehdr; 637 638 if ((mlmp = elf_new_lm(&lml_main, execname, argvname, 639 dyn, (Addr)ehdr, etext, ALIST_OFF_DATA, memsize, 640 entry, (ulong_t)ehdr, memsize, mmaps, 641 mmapcnt, NULL)) == 0) { 642 return (0); 643 } 644 if (tlsphdr && 645 (tls_assign(&lml_main, mlmp, tlsphdr) == 0)) 646 return (0); 647 648 if (unwindphdr) 649 PTUNWIND(mlmp) = unwindphdr; 650 651 if (cap) 652 cap_assign(cap, mlmp); 653 } 654 } 655 656 /* 657 * Establish the interpretors name as that defined within the initial 658 * object (executable). This provides for ORIGIN processing of ld.so.1 659 * dependencies. 660 */ 661 if (ldsoexec == 0) { 662 size_t len = strlen(interp->i_name); 663 (void) expand(&interp->i_name, &len, 0, 0, 664 (PN_TKN_ISALIST | PN_TKN_HWCAP), rlmp); 665 } 666 PATHNAME(rlmp) = interp->i_name; 667 668 if (FLAGS1(rlmp) & FL1_RT_RELATIVE) 669 (void) fullpath(rlmp, 0); 670 else 671 ORIGNAME(rlmp) = PATHNAME(rlmp) = NAME(rlmp); 672 673 /* 674 * Having established the true runtime linkers name, simplify the name 675 * for error diagnostics. 676 */ 677 if ((str = strrchr(PATHNAME(rlmp), '/')) != 0) 678 rtldname = ++str; 679 else 680 rtldname = PATHNAME(rlmp); 681 682 /* 683 * Expand the fullpath name of the application. This typically occurs 684 * as a part of loading an object, but as the kernel probably mapped 685 * it in, complete this processing now. 686 */ 687 if (FLAGS1(mlmp) & FL1_RT_RELATIVE) 688 (void) fullpath(mlmp, 0); 689 690 /* 691 * Some troublesome programs will change the value of argv[0]. Dupping 692 * the process string protects us, and insures the string is left in 693 * any core files. 694 */ 695 if ((str = (char *)strdup(procname)) == 0) 696 return (0); 697 procname = str; 698 699 /* 700 * If the kernel has provided hardware capabilities information, and 701 * the executable contains hardware capabilities information, make 702 * sure it's a valid object. 703 */ 704 if ((rtld_flags2 & RT_FL2_HWCAP) && HWCAP(mlmp)) { 705 ulong_t mhwcap; 706 707 if ((mhwcap = (HWCAP(mlmp) & ~hwcap)) != 0) { 708 Conv_cap_val_hw1_buf_t cap_val_hw1_buf; 709 710 const char *str = 711 conv_cap_val_hw1(mhwcap, M_MACH, 0, 712 &cap_val_hw1_buf); 713 714 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 715 (void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1), 716 NAME(mlmp), str); 717 } else { 718 eprintf(&lml_main, ERR_FATAL, 719 MSG_INTL(MSG_GEN_BADHWCAP_1), str); 720 return (0); 721 } 722 } 723 } 724 725 #if defined(_ELF64) 726 /* 727 * If this is a 64-bit process, determine whether this process has 728 * restricted the process address space to 32-bits. Any dependencies 729 * that are restricted to a 32-bit address space can only be loaded if 730 * the executable has established this requirement. 731 */ 732 if (SFCAP(mlmp) & SF1_SUNW_ADDR32) 733 rtld_flags2 |= RT_FL2_ADDR32; 734 #endif 735 736 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); 737 FLAGS1(mlmp) |= FL1_RT_USED; 738 739 /* 740 * It's the responsibility of MAIN(crt0) to call it's _init and _fini 741 * section, therefore null out any INIT/FINI so that this object isn't 742 * collected during tsort processing. And, if the application has no 743 * initarray or finiarray we can economize on establishing bindings. 744 */ 745 INIT(mlmp) = FINI(mlmp) = 0; 746 if ((INITARRAY(mlmp) == 0) && (FINIARRAY(mlmp) == 0)) 747 FLAGS1(mlmp) |= FL1_RT_NOINIFIN; 748 749 /* 750 * Identify lddstub if necessary. 751 */ 752 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) 753 FLAGS1(mlmp) |= FL1_RT_LDDSTUB; 754 755 /* 756 * Retain our argument information for use in dlinfo. 757 */ 758 argsinfo.dla_argv = argv--; 759 argsinfo.dla_argc = (long)*argv; 760 argsinfo.dla_envp = envp; 761 argsinfo.dla_auxv = auxv; 762 763 (void) enter(0); 764 765 /* 766 * Add our two main link-maps to the dynlm_list 767 */ 768 if (list_append(&dynlm_list, &lml_main) == 0) 769 return (0); 770 771 if (list_append(&dynlm_list, &lml_rtld) == 0) 772 return (0); 773 774 /* 775 * Reset the link-map counts for both lists. The init count is used to 776 * track how many objects have pending init sections, this gets incre- 777 * mented each time an object is relocated. Since ld.so.1 relocates 778 * itself, it's init count will remain zero. 779 * The object count is used to track how many objects have pending fini 780 * sections, as ld.so.1 handles its own fini we can zero its count. 781 */ 782 lml_main.lm_obj = 1; 783 lml_rtld.lm_obj = 0; 784 785 /* 786 * Initialize debugger information structure. Some parts of this 787 * structure were initialized statically. 788 */ 789 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; 790 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; 791 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; 792 r_debug.rtd_dynlmlst = &dynlm_list; 793 794 if (platform) 795 platform_sz = strlen(platform); 796 797 /* 798 * Determine the dev/inode information for the executable to complete 799 * load_so() checking for those who might dlopen(a.out). 800 */ 801 if ((FLAGS1(mlmp) & FL1_RT_RELATIVE) && 802 (rtld_stat(PATHNAME(mlmp), &status) == 0)) { 803 STDEV(mlmp) = status.st_dev; 804 STINO(mlmp) = status.st_ino; 805 } 806 807 /* 808 * Initialize any configuration information. 809 */ 810 if (!(rtld_flags & RT_FL_NOCFG)) { 811 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) 812 return (0); 813 } 814 815 /* 816 * Establish the modes of the initial object. These modes are 817 * propagated to any preloaded objects and explicit shared library 818 * dependencies. 819 * 820 * If we're generating a configuration file using crle(1), remove 821 * any RTLD_NOW use, as we don't want to trigger any relocation proc- 822 * essing during crle(1)'s first past (this would just be unnecessary 823 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is 824 * not required to trigger filter loading. 825 * 826 * Note, RTLD_NOW may have been established during analysis of the 827 * application had the application been built -z now. 828 */ 829 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 830 831 if (rtld_flags & RT_FL_CONFGEN) { 832 MODE(mlmp) |= RTLD_CONFGEN; 833 MODE(mlmp) &= ~RTLD_NOW; 834 rtld_flags2 &= ~RT_FL2_BINDNOW; 835 } 836 837 if ((MODE(mlmp) & RTLD_NOW) == 0) { 838 if (rtld_flags2 & RT_FL2_BINDNOW) 839 MODE(mlmp) |= RTLD_NOW; 840 else 841 MODE(mlmp) |= RTLD_LAZY; 842 } 843 844 /* 845 * If debugging was requested initialize things now that any cache has 846 * been established. A user can specify LD_DEBUG=help to discover the 847 * list of debugging tokens available without running the application. 848 * However, don't allow this setting from a configuration file. 849 * 850 * Note, to prevent recursion issues caused by loading and binding the 851 * debugging libraries themselves, a local debugging descriptor is 852 * initialized. Once the debugging setup has completed, this local 853 * descriptor is copied to the global descriptor which effectively 854 * enables diagnostic output. 855 */ 856 if (rpl_debug || prm_debug) { 857 Dbg_desc _dbg_desc = {0, 0, 0}; 858 859 if (rpl_debug) { 860 uintptr_t ret; 861 862 if ((ret = dbg_setup(rpl_debug, &_dbg_desc)) == S_ERROR) 863 return (0); 864 if (ret == 0) 865 rtldexit(&lml_main, 0); 866 } 867 if (prm_debug) 868 (void) dbg_setup(prm_debug, &_dbg_desc); 869 870 *dbg_desc = _dbg_desc; 871 } 872 873 /* 874 * Now that debugging is enabled generate any diagnostics from any 875 * previous events. 876 */ 877 if (hwcap) 878 DBG_CALL(Dbg_cap_val_hw1(&lml_main, hwcap, M_MACH)); 879 if (features) 880 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, 881 features)); 882 883 if (DBG_ENABLED) { 884 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, 885 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); 886 887 if (FCT(mlmp) == &elf_fct) { 888 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), 889 (ulong_t)DYN(mlmp), ADDR(mlmp), MSIZE(mlmp), 890 ENTRY(mlmp), LIST(mlmp)->lm_lmidstr, 891 ALIST_OFF_DATA)); 892 } else { 893 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), 894 (ulong_t)AOUTDYN(mlmp), (ulong_t)ADDR(mlmp), 895 (ulong_t)MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 896 ALIST_OFF_DATA)); 897 } 898 } 899 900 /* 901 * Enable auditing. 902 */ 903 if (rpl_audit || prm_audit || profile_lib) { 904 int ndx; 905 const char *aud[3]; 906 907 aud[0] = rpl_audit; 908 aud[1] = prm_audit; 909 aud[2] = profile_lib; 910 911 /* 912 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that 913 * can't be established is non-fatal. 914 */ 915 if ((auditors = calloc(1, sizeof (Audit_desc))) == 0) 916 return (0); 917 918 for (ndx = 0; ndx < 3; ndx++) { 919 if (aud[ndx]) { 920 if ((auditors->ad_name = strdup(aud[ndx])) == 0) 921 return (0); 922 rtld_flags2 |= RT_FL2_FTL2WARN; 923 (void) audit_setup(mlmp, auditors, 924 PN_FLG_EXTLOAD, NULL); 925 rtld_flags2 &= ~RT_FL2_FTL2WARN; 926 } 927 } 928 lml_main.lm_tflags |= auditors->ad_flags; 929 } 930 if (AUDITORS(mlmp)) { 931 /* 932 * Any object required auditing (set with a DT_DEPAUDIT dynamic 933 * entry) that can't be established is fatal. 934 */ 935 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { 936 /* 937 * If this object requires global auditing, use the 938 * local auditing information to set the global 939 * auditing descriptor. The effect is that a 940 * DT_DEPAUDIT act as an LD_AUDIT. 941 */ 942 if ((auditors == 0) && 943 ((auditors = calloc(1, sizeof (Audit_desc))) == 0)) 944 return (0); 945 946 auditors->ad_name = AUDITORS(mlmp)->ad_name; 947 if (audit_setup(mlmp, auditors, 0, NULL) == 0) 948 return (0); 949 lml_main.lm_tflags |= auditors->ad_flags; 950 951 /* 952 * Clear the local auditor information. 953 */ 954 free((void *) AUDITORS(mlmp)); 955 AUDITORS(mlmp) = 0; 956 957 } else { 958 /* 959 * Establish any local auditing. 960 */ 961 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) 962 return (0); 963 964 FLAGS1(mlmp) |= AUDITORS(mlmp)->ad_flags; 965 lml_main.lm_flags |= LML_FLG_LOCAUDIT; 966 } 967 } 968 969 /* 970 * Explicitly add the initial object and ld.so.1 to those objects being 971 * audited. Note, although the ld.so.1 link-map isn't auditable, 972 * establish a cookie for ld.so.1 as this may be bound to via the 973 * dl*() family. 974 */ 975 if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_MASK) { 976 if (((audit_objopen(mlmp, mlmp) == 0) || 977 (audit_objopen(mlmp, rlmp) == 0)) && 978 (FLAGS1(mlmp) & LML_TFLG_AUD_MASK)) 979 return (0); 980 } 981 982 /* 983 * Map in any preloadable shared objects. Note, it is valid to preload 984 * a 4.x shared object with a 5.0 executable (or visa-versa), as this 985 * functionality is required by ldd(1). 986 */ 987 if (rpl_preload && (preload(rpl_preload, mlmp) == 0)) 988 return (0); 989 if (prm_preload && (preload(prm_preload, mlmp) == 0)) 990 return (0); 991 992 /* 993 * Load all dependent (needed) objects. 994 */ 995 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, NULL) == 0) 996 return (0); 997 998 /* 999 * Relocate all the dependencies we've just added. 1000 * 1001 * If this process has been established via crle(1), the environment 1002 * variable LD_CONFGEN will have been set. crle(1) may create this 1003 * process twice. The first time crle only needs to gather dependency 1004 * information. The second time, is to dldump() the images. 1005 * 1006 * If we're only gathering dependencies, relocation is unnecessary. 1007 * As crle(1) may be building an arbitrary family of objects, they may 1008 * not fully relocate either. Hence the relocation phase is not carried 1009 * out now, but will be called by crle(1) once all objects have been 1010 * loaded. 1011 */ 1012 if ((rtld_flags & RT_FL_CONFGEN) == 0) { 1013 1014 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 1015 1016 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, 1017 mlmp, NULL) == 0) 1018 return (0); 1019 1020 /* 1021 * Inform the debuggers we're here and stable. Newer debuggers 1022 * can indicate their presence by setting the DT_DEBUG entry in 1023 * the dynamic executable (see elf_new_lm()). In this case call 1024 * getpid() so the debugger can catch the system call. This 1025 * handshake allows the debugger to initialize, and consequently 1026 * allows the user to set break points in .init code. 1027 */ 1028 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); 1029 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); 1030 1031 if (rtld_flags & RT_FL_DEBUGGER) { 1032 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; 1033 (void) getpid(); 1034 } 1035 } 1036 1037 /* 1038 * Indicate preinit activity, and call any auditing routines. These 1039 * routines are called before initializing any threads via libc, or 1040 * before collecting the complete set of .inits on the primary link-map. 1041 * Although most libc interfaces are encapsulated in local routines 1042 * within libc, they have been known to escape (ie. call a .plt). As 1043 * the appcert auditor uses preinit as a trigger to establish some 1044 * external interfaces to the main link-maps libc, we need to activate 1045 * this trigger before exercising any code within libc. Additionally, 1046 * I wouldn't put it past an auditor to add additional objects to the 1047 * primary link-map. Hence, we collect .inits after the audit call. 1048 */ 1049 rd_event(&lml_main, RD_PREINIT, 0); 1050 1051 if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_ACTIVITY) 1052 audit_activity(mlmp, LA_ACT_CONSISTENT); 1053 if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_PREINIT) 1054 audit_preinit(mlmp); 1055 1056 /* 1057 * If we're creating initial configuration information, we're done 1058 * now that the auditing step has been called. 1059 */ 1060 if (rtld_flags & RT_FL_CONFGEN) { 1061 leave(LIST(mlmp), 0); 1062 return (mlmp); 1063 } 1064 1065 /* 1066 * Sort the .init sections of all objects we've added. If we're 1067 * tracing we only need to execute this under ldd(1) with the -i or -u 1068 * options. 1069 */ 1070 lmflags = lml_main.lm_flags; 1071 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || 1072 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { 1073 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, 1074 RT_SORT_REV)) == (Rt_map **)S_ERROR) 1075 return (0); 1076 } 1077 1078 /* 1079 * If we are tracing we're done. This is the one legitimate use of a 1080 * direct call to rtldexit() rather than return, as we don't want to 1081 * return and jump to the application. 1082 */ 1083 if (lmflags & LML_FLG_TRC_ENABLE) { 1084 unused(&lml_main); 1085 rtldexit(&lml_main, 0); 1086 } 1087 1088 #ifdef AT_SUN_AUXFLAGS 1089 /* 1090 * Check if this instance of the linker should have a primary link 1091 * map. This flag allows multiple copies of the -same- -version- 1092 * of the linker (and libc) to run in the same address space. 1093 * 1094 * Without this flag we only support one copy of the linker in a 1095 * process because by default the linker will always try to 1096 * initialize at one primary link map The copy of libc which is 1097 * initialized on a primary link map will initalize global TLS 1098 * data which can be shared with other copies of libc in the 1099 * process. The problem is that if there is more than one copy 1100 * of the linker, only one copy should link libc onto a primary 1101 * link map, otherwise libc will attempt to re-initialize global 1102 * TLS data. So when a copy of the linker is loaded with this 1103 * flag set, it will not initialize any primary link maps since 1104 * persumably another copy of the linker will do this. 1105 * 1106 * Note that this flag only allows multiple copies of the -same- 1107 * -version- of the linker (and libc) to coexist. This approach 1108 * will not work if we are trying to load different versions of 1109 * the linker and libc into the same process. The reason for 1110 * this is that the format of the global TLS data may not be 1111 * the same for different versions of libc. In this case each 1112 * different version of libc must have it's own primary link map 1113 * and be able to maintain it's own TLS data. The only way this 1114 * can be done is by carefully managing TLS pointers on transitions 1115 * between code associated with each of the different linkers. 1116 * Note that this is actually what is done for processes in lx 1117 * branded zones. Although in the lx branded zone case, the 1118 * other linker and libc are actually gld and glibc. But the 1119 * same general TLS management mechanism used by the lx brand 1120 * would apply to any attempts to run multiple versions of the 1121 * solaris linker and libc in a single process. 1122 */ 1123 if (auxflags & AF_SUN_NOPLM) 1124 rtld_flags2 |= RT_FL2_NOPLM; 1125 #endif 1126 /* 1127 * Establish any static TLS for this primary link-map. Note, regardless 1128 * of whether TLS is available, an initial handshake occurs with libc to 1129 * indicate we're processing the primary link-map. Having identified 1130 * the primary link-map, initialize threads. 1131 */ 1132 if (rt_get_extern(&lml_main, mlmp) == 0) 1133 return (0); 1134 1135 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { 1136 if (tls_statmod(&lml_main, mlmp) == 0) 1137 return (0); 1138 rt_thr_init(&lml_main); 1139 rtld_flags2 |= RT_FL2_PLMSETUP; 1140 } else { 1141 rt_thr_init(&lml_main); 1142 } 1143 1144 rtld_flags |= RT_FL_APPLIC; 1145 1146 /* 1147 * Fire all dependencies .init sections. Identify any unused 1148 * dependencies, and leave the runtime linker - effectively calling 1149 * the dynamic executables entry point. 1150 */ 1151 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, 1152 SHT_PREINIT_ARRAY); 1153 1154 if (tobj) 1155 call_init(tobj, DBG_INIT_SORT); 1156 1157 rd_event(&lml_main, RD_POSTINIT, 0); 1158 1159 unused(&lml_main); 1160 1161 DBG_CALL(Dbg_util_call_main(mlmp)); 1162 1163 rtld_flags |= RT_FL_OPERATION; 1164 leave(LIST(mlmp), 0); 1165 1166 return (mlmp); 1167 } 1168