xref: /titanic_44/usr/src/cmd/sgs/rtld/common/setup.c (revision 5c066ec28ea93f3a7c93082611a61747f255290a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  *	Copyright (c) 1988 AT&T
29  *	  All Rights Reserved
30  */
31 
32 /*
33  * Run time linker common setup.
34  *
35  * Called from _setup to get the process going at startup.
36  */
37 
38 #include	<stdlib.h>
39 #include	<fcntl.h>
40 #include	<stdio.h>
41 #include	<sys/types.h>
42 #include	<sys/stat.h>
43 #include	<sys/mman.h>
44 #include	<string.h>
45 #include	<stdio.h>
46 #include	<unistd.h>
47 #include	<dlfcn.h>
48 #include	<sys/sysconfig.h>
49 #include	<sys/auxv.h>
50 #include	<debug.h>
51 #include	<conv.h>
52 #include	"_rtld.h"
53 #include	"_audit.h"
54 #include	"_elf.h"
55 #include	"_a.out.h"
56 #include	"msg.h"
57 
58 
59 extern int	_end, _edata, _etext;
60 extern void	_init(void);
61 extern int	_brk_unlocked(void *);
62 
63 #ifndef	SGS_PRE_UNIFIED_PROCESS
64 /* needed for _brk_unlocked() */
65 void *_nd = &_end;
66 #endif
67 
68 /*
69  * Define for the executable's interpreter.
70  * Usually it is ld.so.1, but for the first release of ICL binaries
71  * it is libc.so.1.  We keep this information so that we don't end
72  * up mapping libc twice if it is the interpreter.
73  */
74 static Interp _interp;
75 
76 
77 static int
78 preload(const char *str, Rt_map *lmp)
79 {
80 	Rt_map		*clmp = lmp;
81 	char		*objs, *ptr, *next;
82 	Word		lmflags = lml_main.lm_flags;
83 	uint_t		flags;
84 
85 	DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
86 
87 	if ((objs = strdup(str)) == 0)
88 		return (0);
89 
90 	/*
91 	 * Establish the flags for loading each object.  If we're called via
92 	 * lddstub, then the first shared object is the object being inspected
93 	 * by ldd(1).  This object should not be marked as an interposer, as
94 	 * it is intended to act like the first object of the process.
95 	 */
96 	if ((lmflags & LML_FLG_TRC_ENABLE) && (FLAGS1(lmp) & FL1_RT_LDDSTUB))
97 		flags = FLG_RT_PRELOAD;
98 	else
99 		flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO);
100 
101 	ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next);
102 	do {
103 		Pnode	*pnp;
104 		Rt_map	*nlmp = 0;
105 
106 		DBG_CALL(Dbg_file_preload(&lml_main, ptr));
107 
108 		/*
109 		 * If this a secure application, then preload errors are
110 		 * reduced to warnings, as the errors are non-fatal.
111 		 */
112 		if (rtld_flags & RT_FL_SECURE)
113 			rtld_flags2 |= RT_FL2_FTL2WARN;
114 		if ((pnp = expand_paths(clmp, ptr, PN_FLG_EXTLOAD, 0)) != 0)
115 			nlmp = load_one(&lml_main, ALIST_OFF_DATA, pnp, clmp,
116 			    MODE(lmp), flags, 0, NULL);
117 		if (pnp)
118 			remove_pnode(pnp);
119 		if (rtld_flags & RT_FL_SECURE)
120 			rtld_flags2 &= ~RT_FL2_FTL2WARN;
121 		if (nlmp && (bind_one(clmp, nlmp, BND_NEEDED) == 0))
122 			nlmp = 0;
123 
124 		/*
125 		 * Establish state for the next preloadable object.  If no
126 		 * error occurred with loading this object, indicate that this
127 		 * link-map list contains an interposer.
128 		 */
129 		flags |= FLG_RT_OBJINTPO;
130 		if (nlmp == 0) {
131 			if ((lmflags & LML_FLG_TRC_ENABLE) ||
132 			    (rtld_flags & RT_FL_SECURE))
133 				continue;
134 			else
135 				return (0);
136 		}
137 		lml_main.lm_flags |= LML_FLG_INTRPOSE;
138 
139 		/*
140 		 * If we're tracing shared objects via lddstub, establish a
141 		 * binding between the initial shared object and lddstub so that
142 		 * the shared object isn't called out from unused() processing.
143 		 * After the first object is loaded increment the caller to the
144 		 * initial preloaded object to provide intuitive ldd -v and -s
145 		 * diagnostics
146 		 */
147 		if ((lmflags & LML_FLG_TRC_ENABLE) &&
148 		    (FLAGS1(lmp) & FL1_RT_LDDSTUB)) {
149 			if ((lmp == clmp) && (lmflags &
150 			    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED))) {
151 				if (bind_one(clmp, nlmp, BND_REFER) == 0)
152 					continue;
153 			}
154 			clmp = NEXT_RT_MAP(lmp);
155 		}
156 
157 	} while ((ptr = strtok_r(NULL,
158 	    MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL);
159 
160 	free(objs);
161 	return (1);
162 }
163 
164 Rt_map *
165 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz,
166     char *_rtldname, Dyn *dyn_ptr, ulong_t ld_base, ulong_t interp_base, int fd,
167     Phdr *phdr, char *execname, char **argv, int dz_fd, uid_t uid,
168     uid_t euid, gid_t gid, gid_t egid, void *aoutdyn, int auxflags,
169     uint_t hwcap_1)
170 {
171 	Rt_map		*rlmp, *mlmp, **tobj = 0;
172 	Ehdr		*ehdr;
173 	rtld_stat_t	status;
174 	int		features = 0, ldsoexec = 0;
175 	size_t		eaddr, esize;
176 	char		*str, *argvname;
177 	Mmap		*mmaps;
178 	Word		lmflags;
179 
180 	/*
181 	 * Now that ld.so has relocated itself, initialize our own 'environ' so
182 	 * as to establish an address suitable for libc's hardware mul/div
183 	 * magic (libc/sparc/crt/hwmuldiv.o).
184 	 */
185 	_environ = (char **)((ulong_t)auxv - sizeof (char *));
186 	_init();
187 	_environ = envp;
188 
189 	/*
190 	 * Far the most common application execution revolves around appending
191 	 * the application name to the users PATH definition, thus a full name
192 	 * is passed to exec() which will in turn be returned via
193 	 * AT_SUN_EXECNAME.  Applications may also be invoked from the current
194 	 * working directory, or via a relative name.
195 	 *
196 	 * Determine whether the kernel has supplied a AT_SUN_EXECNAME aux
197 	 * vector.  This vector points to the full pathname, on the stack, of
198 	 * the object that started the process.  If this is null, then
199 	 * AT_SUN_EXECNAME isn't supported (if the pathname exceeded the system
200 	 * limit (PATH_MAX) the exec would have failed).  This flag is used to
201 	 * determine whether we can call resolvepath().
202 	 */
203 	if (execname)
204 		rtld_flags |= RT_FL_EXECNAME;
205 
206 	/*
207 	 * Determine how ld.so.1 has been executed.
208 	 */
209 	if ((fd == -1) && (phdr == 0)) {
210 		/*
211 		 * If we received neither the AT_EXECFD nor the AT_PHDR aux
212 		 * vector, ld.so.1 must have been invoked directly from the
213 		 * command line.
214 		 */
215 		ldsoexec = 1;
216 
217 		/*
218 		 * AT_SUN_EXECNAME provides the most precise name, if it is
219 		 * available, otherwise fall back to argv[0].  At this time,
220 		 * there is no process name.
221 		 */
222 		if (execname)
223 			rtldname = execname;
224 		else if (argv[0])
225 			rtldname = argv[0];
226 		else
227 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
228 	} else {
229 		/*
230 		 * Otherwise, we have a standard process.  AT_SUN_EXECNAME
231 		 * provides the most precise name, if it is available,
232 		 * otherwise fall back to argv[0].  Provided the application
233 		 * is already mapped, the process is the application, so
234 		 * simplify the application name for use in any diagnostics.
235 		 */
236 		if (execname)
237 			argvname = execname;
238 		else if (argv[0])
239 			argvname = execname = argv[0];
240 		else
241 			argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
242 
243 		if (fd == -1) {
244 			if ((str = strrchr(argvname, '/')) != 0)
245 				procname = ++str;
246 			else
247 				procname = argvname;
248 		}
249 
250 		/*
251 		 * At this point, we don't know the runtime linkers full path
252 		 * name.  The _rtldname passed to us is the SONAME of the
253 		 * runtime linker, which is typically /lib/ld.so.1 no matter
254 		 * what the full path is.   Use this for now, we'll reset the
255 		 * runtime linkers name once the application is analyzed.
256 		 */
257 		if (_rtldname) {
258 			if ((str = strrchr(_rtldname, '/')) != 0)
259 				rtldname = ++str;
260 			else
261 				rtldname = _rtldname;
262 		} else
263 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
264 	}
265 
266 	/*
267 	 * Initialize any global variables.
268 	 */
269 	at_flags = _flags;
270 	if (dz_fd != FD_UNAVAIL)
271 		dz_init(dz_fd);
272 	platform = _platform;
273 
274 	/*
275 	 * If pagesize is unspecified find its value.
276 	 */
277 	if ((syspagsz = _syspagsz) == 0)
278 		syspagsz = _sysconfig(_CONFIG_PAGESIZE);
279 	fmap_setup();
280 
281 	/*
282 	 * Add the unused portion of the last data page to the free space list.
283 	 * The page size must be set before doing this.  Here, _end refers to
284 	 * the end of the runtime linkers bss.  Note that we do not use the
285 	 * unused data pages from any included .so's to supplement this free
286 	 * space as badly behaved .os's may corrupt this data space, and in so
287 	 * doing ruin our data.
288 	 */
289 	eaddr = S_DROUND((size_t)&_end);
290 	esize = eaddr % syspagsz;
291 	if (esize) {
292 		esize = syspagsz - esize;
293 		addfree((void *)eaddr, esize);
294 	}
295 
296 	/*
297 	 * Establish initial link-map list flags, and link-map list alists.
298 	 */
299 	if (alist_append(&lml_main.lm_lists, 0, sizeof (Lm_cntl),
300 	    AL_CNT_LMLISTS) == 0)
301 		return (0);
302 	lml_main.lm_flags |= LML_FLG_BASELM;
303 	lml_main.lm_lmid = LM_ID_BASE;
304 	lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE);
305 
306 	if (alist_append(&lml_rtld.lm_lists, 0, sizeof (Lm_cntl),
307 	    AL_CNT_LMLISTS) == 0)
308 		return (0);
309 	lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_NOAUDIT |
310 	    LML_FLG_HOLDLOCK);
311 	lml_rtld.lm_lmid = LM_ID_LDSO;
312 	lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO);
313 
314 	/*
315 	 * Determine whether we have a secure executable.
316 	 */
317 	security(uid, euid, gid, egid, auxflags);
318 
319 	/*
320 	 * Initialize a hardware capability descriptor for use in comparing
321 	 * each loaded object.
322 	 */
323 #ifdef	AT_SUN_AUXFLAGS
324 	if (auxflags & AF_SUN_HWCAPVERIFY) {
325 		rtld_flags2 |= RT_FL2_HWCAP;
326 		hwcap = (ulong_t)hwcap_1;
327 	}
328 #endif
329 	/*
330 	 * Look for environment strings (allows things like LD_NOAUDIT to be
331 	 * established, although debugging isn't enabled until later).
332 	 */
333 	if ((readenv_user((const char **)envp, &(lml_main.lm_flags),
334 	    &(lml_main.lm_tflags), (aoutdyn != 0))) == 1)
335 		return (0);
336 
337 	/*
338 	 * Create a mapping descriptor for ld.so.1.  We can determine our
339 	 * two segments information from known symbols.
340 	 */
341 	if ((mmaps = calloc(3, sizeof (Mmap))) == 0)
342 		return (0);
343 	mmaps[0].m_vaddr = (caddr_t)M_PTRUNC(ld_base);
344 	mmaps[0].m_msize = (size_t)((caddr_t)&_etext - mmaps[0].m_vaddr);
345 	mmaps[0].m_fsize = mmaps[0].m_msize;
346 	mmaps[0].m_perm = (PROT_READ | PROT_EXEC);
347 	mmaps[1].m_vaddr = (caddr_t)M_PTRUNC((ulong_t)&r_debug);
348 	mmaps[1].m_msize = (size_t)((caddr_t)&_end - mmaps[1].m_vaddr);
349 	mmaps[1].m_fsize = (size_t)((caddr_t)&_edata - mmaps[1].m_vaddr);
350 	mmaps[1].m_perm = (PROT_READ | PROT_WRITE | PROT_EXEC);
351 
352 	/*
353 	 * Create a link map structure for ld.so.1.
354 	 */
355 	if ((rlmp = elf_new_lm(&lml_rtld, _rtldname, rtldname, dyn_ptr, ld_base,
356 	    (ulong_t)&_etext, ALIST_OFF_DATA, (ulong_t)(eaddr - ld_base), 0,
357 	    ld_base, (ulong_t)(eaddr - ld_base), mmaps, 2, NULL)) == 0) {
358 		return (0);
359 	}
360 
361 	MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
362 	FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE |
363 	    FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET);
364 
365 	/*
366 	 * Initialize the runtime linkers information.
367 	 */
368 	interp = &_interp;
369 	interp->i_name = NAME(rlmp);
370 	interp->i_faddr = (caddr_t)ADDR(rlmp);
371 	ldso_plt_init(rlmp);
372 
373 	/*
374 	 * If ld.so.1 has been invoked directly, process its arguments.
375 	 */
376 	if (ldsoexec) {
377 		/*
378 		 * Process any arguments that are specific to ld.so.1, and
379 		 * reorganize the process stack to effectively remove ld.so.1
380 		 * from it.  Reinitialize the environment pointer, as this may
381 		 * have been shifted after skipping ld.so.1's arguments.
382 		 */
383 		if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags),
384 		    &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) {
385 			eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT));
386 			return (0);
387 		}
388 		_environ = envp;
389 
390 		/*
391 		 * Open the object that ld.so.1 is to execute.
392 		 */
393 		argvname = execname = argv[0];
394 
395 		if ((fd = open(argvname, O_RDONLY)) == -1) {
396 			int	err = errno;
397 			eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN),
398 			    argvname, strerror(err));
399 			return (0);
400 		}
401 	}
402 
403 	/*
404 	 * Map in the file, if exec has not already done so.  If it has,
405 	 * simply create a new link map structure for the executable.
406 	 */
407 	if (fd != -1) {
408 		Rej_desc	rej;
409 		Fct		*ftp;
410 
411 		/*
412 		 * Find out what type of object we have.
413 		 */
414 		(void) rtld_fstat(fd, &status);
415 		if ((ftp = are_u_this(&rej, fd, &status, argvname)) == 0) {
416 			Conv_reject_desc_buf_t rej_buf;
417 
418 			eprintf(&lml_main, ERR_FATAL,
419 			    MSG_INTL(err_reject[rej.rej_type]), argvname,
420 			    conv_reject_desc(&rej, &rej_buf, M_MACH));
421 			return (0);
422 		}
423 
424 		/*
425 		 * Map in object.
426 		 */
427 		if ((mlmp = (ftp->fct_map_so)(&lml_main, ALIST_OFF_DATA,
428 		    execname, argvname, fd, NULL)) == 0)
429 			return (0);
430 
431 		/*
432 		 * We now have a process name for error diagnostics.
433 		 */
434 		if ((str = strrchr(argvname, '/')) != 0)
435 			procname = ++str;
436 		else
437 			procname = argvname;
438 
439 		if (ldsoexec) {
440 			Addr	brkbase = 0;
441 
442 			/*
443 			 * Since ld.so.1 was the primary executed object - the
444 			 * brk() base has not yet been initialized, we need to
445 			 * initialize it.  For an executable, initialize it to
446 			 * the end of the object.  For a shared object (ET_DYN)
447 			 * initialize it to the first page in memory.
448 			 */
449 			ehdr = (Ehdr *)ADDR(mlmp);
450 
451 			if ((FCT(mlmp) == &elf_fct) &&
452 			    (ehdr->e_type == ET_EXEC)) {
453 				int	i;
454 				Phdr *_phdr = (Phdr *)((uintptr_t)ADDR(mlmp) +
455 				    ehdr->e_phoff);
456 
457 				/*
458 				 * We scan the program headers to find the tail
459 				 * of the memory image.  We can't use MSIZE()
460 				 * since that's already been page aligned.
461 				 */
462 				for (i = 0; i < ehdr->e_phnum; i++, _phdr++) {
463 					if (_phdr->p_type == PT_LOAD)
464 						brkbase = _phdr->p_vaddr +
465 						    _phdr->p_memsz;
466 				}
467 			}
468 
469 			if (!brkbase)
470 				brkbase = syspagsz;
471 
472 			if (_brk_unlocked((void *)brkbase) == -1) {
473 				int	err = errno;
474 				eprintf(&lml_main, ERR_FATAL,
475 				    MSG_INTL(MSG_SYS_BRK), argvname,
476 				    strerror(err));
477 			}
478 		}
479 
480 		/*
481 		 * The object has now been mmaped, we no longer need the file
482 		 * descriptor.
483 		 */
484 		(void) close(fd);
485 
486 	} else {
487 		/*
488 		 * Set up function ptr and arguments according to the type
489 		 * of file class the executable is. (Currently only supported
490 		 * types are ELF and a.out format.)  Then create a link map
491 		 * for the executable.
492 		 */
493 		if (aoutdyn) {
494 #ifdef A_OUT
495 			if ((mlmp = aout_new_lm(&lml_main, execname, argvname,
496 			    aoutdyn, 0, 0, ALIST_OFF_DATA)) == 0)
497 				return (0);
498 
499 			/*
500 			 * Set the memory size.  Note, we only know the end of
501 			 * text, and although we could find the _end by looking
502 			 * up the symbol, this may not be present.  We should
503 			 * set ADDR to MAIN_BASE, but presently all the a.out
504 			 * relocation code assumes ADDR is 0 for the dynamic
505 			 * executable. (these data items are only used for
506 			 * dladdr(3x), and there aren't many a.out dladdr(3x)
507 			 * users to warrant spending much time on this :-).
508 			 */
509 			MSIZE(mlmp) = MAIN_BASE + ETEXT(mlmp);
510 
511 			/*
512 			 * Disable any object configuration cache (BCP apps
513 			 * bring in sbcp which can benefit from any object
514 			 * cache, but both the app and sbcp can't use the same
515 			 * objects).
516 			 */
517 			rtld_flags |= RT_FL_NOOBJALT;
518 
519 			/*
520 			 * Make sure no-direct bindings are in effect.
521 			 */
522 			lml_main.lm_tflags |= LML_TFLG_NODIRECT;
523 #else
524 			eprintf(&lml_main, ERR_FATAL,
525 			    MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname);
526 			return (0);
527 #endif
528 		} else if (phdr) {
529 			Phdr		*pptr, *firstptr = 0, *lastptr;
530 			Phdr		*tlsphdr = 0, *unwindphdr = 0;
531 			Dyn		*dyn = 0;
532 			Cap		*cap = 0;
533 			Off		i_offset = 0;
534 			Addr		base = 0;
535 			ulong_t		memsize, phsize, entry, etext;
536 			uint_t		mmapcnt = 0;
537 			int		i;
538 
539 			/*
540 			 * Using the executables phdr address determine the base
541 			 * address of the input file.  NOTE, this assumes the
542 			 * program headers and elf header are part of the same
543 			 * mapped segment.  Although this has held for many
544 			 * years now, it might be more flexible if the kernel
545 			 * gave use the ELF headers start address, rather than
546 			 * the Program headers.
547 			 *
548 			 * Determine from the ELF header if we're been called
549 			 * from a shared object or dynamic executable.  If the
550 			 * latter, then any addresses within the object are used
551 			 * as is.  Addresses within shared objects must be added
552 			 * to the process's base address.
553 			 */
554 			ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset);
555 			phsize = ehdr->e_phentsize;
556 			if (ehdr->e_type == ET_DYN)
557 				base = (Addr)ehdr;
558 
559 			/*
560 			 * Allocate a mapping array to retain mapped segment
561 			 * information.
562 			 */
563 			if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0)
564 				return (0);
565 
566 			/*
567 			 * Extract the needed information from the segment
568 			 * headers.
569 			 */
570 			for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) {
571 				if (pptr->p_type == PT_INTERP) {
572 					i_offset = pptr->p_offset;
573 					interp->i_faddr =
574 					    (caddr_t)interp_base;
575 				}
576 				if ((pptr->p_type == PT_LOAD) &&
577 				    (pptr->p_filesz || pptr->p_memsz)) {
578 					int	perm = (PROT_READ | PROT_EXEC);
579 					size_t	off;
580 
581 					if (!firstptr)
582 						firstptr = pptr;
583 					lastptr = pptr;
584 					if (i_offset && pptr->p_filesz &&
585 					    (i_offset >= pptr->p_offset) &&
586 					    (i_offset <=
587 					    (pptr->p_memsz + pptr->p_offset))) {
588 						interp->i_name = (char *)
589 						    pptr->p_vaddr + i_offset -
590 						    pptr->p_offset + base;
591 						i_offset = 0;
592 					}
593 					if ((pptr->p_flags &
594 					    (PF_R | PF_W)) == PF_R)
595 						etext = pptr->p_vaddr +
596 						    pptr->p_memsz + base;
597 					else
598 						perm |= PROT_WRITE;
599 
600 					/*
601 					 * Retain segments mapping info.  Round
602 					 * each segment to a page boundary, as
603 					 * this insures addresses are suitable
604 					 * for mprotect() if required.
605 					 */
606 					off = pptr->p_vaddr + base;
607 					mmaps[mmapcnt].m_vaddr =
608 					    (caddr_t)M_PTRUNC(off);
609 					off -= (size_t)mmaps[mmapcnt].m_vaddr;
610 					mmaps[mmapcnt].m_msize =
611 					    pptr->p_memsz + off;
612 					mmaps[mmapcnt].m_fsize =
613 					    pptr->p_filesz + off;
614 					mmaps[mmapcnt].m_perm = perm;
615 					mmapcnt++;
616 
617 				} else if (pptr->p_type == PT_DYNAMIC) {
618 					dyn = (Dyn *)(pptr->p_vaddr + base);
619 				} else if ((pptr->p_type == PT_TLS) &&
620 				    pptr->p_memsz) {
621 					tlsphdr = pptr;
622 				} else if (pptr->p_type == PT_SUNW_UNWIND) {
623 					unwindphdr = pptr;
624 				} else if (pptr->p_type == PT_SUNWCAP) {
625 					cap = (Cap *)(pptr->p_vaddr + base);
626 				}
627 				pptr = (Phdr *)((ulong_t)pptr + phsize);
628 			}
629 
630 
631 			memsize = (lastptr->p_vaddr + lastptr->p_memsz) -
632 			    S_ALIGN(firstptr->p_vaddr, syspagsz);
633 
634 			entry = ehdr->e_entry;
635 			if (ehdr->e_type == ET_DYN)
636 				entry += (ulong_t)ehdr;
637 
638 			if ((mlmp = elf_new_lm(&lml_main, execname, argvname,
639 			    dyn, (Addr)ehdr, etext, ALIST_OFF_DATA, memsize,
640 			    entry, (ulong_t)ehdr, memsize, mmaps,
641 			    mmapcnt, NULL)) == 0) {
642 				return (0);
643 			}
644 			if (tlsphdr &&
645 			    (tls_assign(&lml_main, mlmp, tlsphdr) == 0))
646 				return (0);
647 
648 			if (unwindphdr)
649 				PTUNWIND(mlmp) = unwindphdr;
650 
651 			if (cap)
652 				cap_assign(cap, mlmp);
653 		}
654 	}
655 
656 	/*
657 	 * Establish the interpretors name as that defined within the initial
658 	 * object (executable).  This provides for ORIGIN processing of ld.so.1
659 	 * dependencies.
660 	 */
661 	if (ldsoexec == 0) {
662 		size_t	len = strlen(interp->i_name);
663 		(void) expand(&interp->i_name, &len, 0, 0,
664 		    (PN_TKN_ISALIST | PN_TKN_HWCAP), rlmp);
665 	}
666 	PATHNAME(rlmp) = interp->i_name;
667 
668 	if (FLAGS1(rlmp) & FL1_RT_RELATIVE)
669 		(void) fullpath(rlmp, 0);
670 	else
671 		ORIGNAME(rlmp) = PATHNAME(rlmp) = NAME(rlmp);
672 
673 	/*
674 	 * Having established the true runtime linkers name, simplify the name
675 	 * for error diagnostics.
676 	 */
677 	if ((str = strrchr(PATHNAME(rlmp), '/')) != 0)
678 		rtldname = ++str;
679 	else
680 		rtldname = PATHNAME(rlmp);
681 
682 	/*
683 	 * Expand the fullpath name of the application.  This typically occurs
684 	 * as a part of loading an object, but as the kernel probably mapped
685 	 * it in, complete this processing now.
686 	 */
687 	if (FLAGS1(mlmp) & FL1_RT_RELATIVE)
688 		(void) fullpath(mlmp, 0);
689 
690 	/*
691 	 * Some troublesome programs will change the value of argv[0].  Dupping
692 	 * the process string protects us, and insures the string is left in
693 	 * any core files.
694 	 */
695 	if ((str = (char *)strdup(procname)) == 0)
696 		return (0);
697 	procname = str;
698 
699 	/*
700 	 * If the kernel has provided hardware capabilities information, and
701 	 * the executable contains hardware capabilities information, make
702 	 * sure it's a valid object.
703 	 */
704 	if ((rtld_flags2 & RT_FL2_HWCAP) && HWCAP(mlmp)) {
705 		ulong_t	mhwcap;
706 
707 		if ((mhwcap = (HWCAP(mlmp) & ~hwcap)) != 0) {
708 			Conv_cap_val_hw1_buf_t cap_val_hw1_buf;
709 
710 			const char *str =
711 			    conv_cap_val_hw1(mhwcap, M_MACH, 0,
712 			    &cap_val_hw1_buf);
713 
714 			if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) {
715 				(void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1),
716 				    NAME(mlmp), str);
717 			} else {
718 				eprintf(&lml_main, ERR_FATAL,
719 				    MSG_INTL(MSG_GEN_BADHWCAP_1), str);
720 				return (0);
721 			}
722 		}
723 	}
724 
725 #if	defined(_ELF64)
726 	/*
727 	 * If this is a 64-bit process, determine whether this process has
728 	 * restricted the process address space to 32-bits.  Any dependencies
729 	 * that are restricted to a 32-bit address space can only be loaded if
730 	 * the executable has established this requirement.
731 	 */
732 	if (SFCAP(mlmp) & SF1_SUNW_ADDR32)
733 		rtld_flags2 |= RT_FL2_ADDR32;
734 #endif
735 
736 	FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET);
737 	FLAGS1(mlmp) |= FL1_RT_USED;
738 
739 	/*
740 	 * It's the responsibility of MAIN(crt0) to call it's _init and _fini
741 	 * section, therefore null out any INIT/FINI so that this object isn't
742 	 * collected during tsort processing.  And, if the application has no
743 	 * initarray or finiarray we can economize on establishing bindings.
744 	 */
745 	INIT(mlmp) = FINI(mlmp) = 0;
746 	if ((INITARRAY(mlmp) == 0) && (FINIARRAY(mlmp) == 0))
747 		FLAGS1(mlmp) |= FL1_RT_NOINIFIN;
748 
749 	/*
750 	 * Identify lddstub if necessary.
751 	 */
752 	if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB)
753 		FLAGS1(mlmp) |= FL1_RT_LDDSTUB;
754 
755 	/*
756 	 * Retain our argument information for use in dlinfo.
757 	 */
758 	argsinfo.dla_argv = argv--;
759 	argsinfo.dla_argc = (long)*argv;
760 	argsinfo.dla_envp = envp;
761 	argsinfo.dla_auxv = auxv;
762 
763 	(void) enter(0);
764 
765 	/*
766 	 * Add our two main link-maps to the dynlm_list
767 	 */
768 	if (list_append(&dynlm_list, &lml_main) == 0)
769 		return (0);
770 
771 	if (list_append(&dynlm_list, &lml_rtld) == 0)
772 		return (0);
773 
774 	/*
775 	 * Reset the link-map counts for both lists.  The init count is used to
776 	 * track how many objects have pending init sections, this gets incre-
777 	 * mented each time an object is relocated.  Since ld.so.1 relocates
778 	 * itself, it's init count will remain zero.
779 	 * The object count is used to track how many objects have pending fini
780 	 * sections, as ld.so.1 handles its own fini we can zero its count.
781 	 */
782 	lml_main.lm_obj = 1;
783 	lml_rtld.lm_obj = 0;
784 
785 	/*
786 	 * Initialize debugger information structure.  Some parts of this
787 	 * structure were initialized statically.
788 	 */
789 	r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head;
790 	r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head;
791 	r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr;
792 	r_debug.rtd_dynlmlst = &dynlm_list;
793 
794 	if (platform)
795 		platform_sz = strlen(platform);
796 
797 	/*
798 	 * Determine the dev/inode information for the executable to complete
799 	 * load_so() checking for those who might dlopen(a.out).
800 	 */
801 	if ((FLAGS1(mlmp) & FL1_RT_RELATIVE) &&
802 	    (rtld_stat(PATHNAME(mlmp), &status) == 0)) {
803 		STDEV(mlmp) = status.st_dev;
804 		STINO(mlmp) = status.st_ino;
805 	}
806 
807 	/*
808 	 * Initialize any configuration information.
809 	 */
810 	if (!(rtld_flags & RT_FL_NOCFG)) {
811 		if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1)
812 			return (0);
813 	}
814 
815 	/*
816 	 * Establish the modes of the initial object.  These modes are
817 	 * propagated to any preloaded objects and explicit shared library
818 	 * dependencies.
819 	 *
820 	 * If we're generating a configuration file using crle(1), remove
821 	 * any RTLD_NOW use, as we don't want to trigger any relocation proc-
822 	 * essing during crle(1)'s first past (this would just be unnecessary
823 	 * overhead).  Any filters are explicitly loaded, and thus RTLD_NOW is
824 	 * not required to trigger filter loading.
825 	 *
826 	 * Note, RTLD_NOW may have been established during analysis of the
827 	 * application had the application been built -z now.
828 	 */
829 	MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
830 
831 	if (rtld_flags & RT_FL_CONFGEN) {
832 		MODE(mlmp) |= RTLD_CONFGEN;
833 		MODE(mlmp) &= ~RTLD_NOW;
834 		rtld_flags2 &= ~RT_FL2_BINDNOW;
835 	}
836 
837 	if ((MODE(mlmp) & RTLD_NOW) == 0) {
838 		if (rtld_flags2 & RT_FL2_BINDNOW)
839 			MODE(mlmp) |= RTLD_NOW;
840 		else
841 			MODE(mlmp) |= RTLD_LAZY;
842 	}
843 
844 	/*
845 	 * If debugging was requested initialize things now that any cache has
846 	 * been established.  A user can specify LD_DEBUG=help to discover the
847 	 * list of debugging tokens available without running the application.
848 	 * However, don't allow this setting from a configuration file.
849 	 *
850 	 * Note, to prevent recursion issues caused by loading and binding the
851 	 * debugging libraries themselves, a local debugging descriptor is
852 	 * initialized.  Once the debugging setup has completed, this local
853 	 * descriptor is copied to the global descriptor which effectively
854 	 * enables diagnostic output.
855 	 */
856 	if (rpl_debug || prm_debug) {
857 		Dbg_desc	_dbg_desc = {0, 0, 0};
858 
859 		if (rpl_debug) {
860 			uintptr_t	ret;
861 
862 			if ((ret = dbg_setup(rpl_debug, &_dbg_desc)) == S_ERROR)
863 				return (0);
864 			if (ret == 0)
865 				rtldexit(&lml_main, 0);
866 		}
867 		if (prm_debug)
868 			(void) dbg_setup(prm_debug, &_dbg_desc);
869 
870 		*dbg_desc = _dbg_desc;
871 	}
872 
873 	/*
874 	 * Now that debugging is enabled generate any diagnostics from any
875 	 * previous events.
876 	 */
877 	if (hwcap)
878 		DBG_CALL(Dbg_cap_val_hw1(&lml_main, hwcap, M_MACH));
879 	if (features)
880 		DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name,
881 		    features));
882 
883 	if (DBG_ENABLED) {
884 		DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv,
885 		    LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA));
886 
887 		if (FCT(mlmp) == &elf_fct) {
888 			DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp),
889 			    (ulong_t)DYN(mlmp), ADDR(mlmp), MSIZE(mlmp),
890 			    ENTRY(mlmp), LIST(mlmp)->lm_lmidstr,
891 			    ALIST_OFF_DATA));
892 		} else {
893 			DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp),
894 			    (ulong_t)AOUTDYN(mlmp), (ulong_t)ADDR(mlmp),
895 			    (ulong_t)MSIZE(mlmp), LIST(mlmp)->lm_lmidstr,
896 			    ALIST_OFF_DATA));
897 		}
898 	}
899 
900 	/*
901 	 * Enable auditing.
902 	 */
903 	if (rpl_audit || prm_audit || profile_lib) {
904 		int		ndx;
905 		const char	*aud[3];
906 
907 		aud[0] = rpl_audit;
908 		aud[1] = prm_audit;
909 		aud[2] = profile_lib;
910 
911 		/*
912 		 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that
913 		 * can't be established is non-fatal.
914 		 */
915 		if ((auditors = calloc(1, sizeof (Audit_desc))) == 0)
916 			return (0);
917 
918 		for (ndx = 0; ndx < 3; ndx++) {
919 			if (aud[ndx]) {
920 				if ((auditors->ad_name = strdup(aud[ndx])) == 0)
921 					return (0);
922 				rtld_flags2 |= RT_FL2_FTL2WARN;
923 				(void) audit_setup(mlmp, auditors,
924 				    PN_FLG_EXTLOAD, NULL);
925 				rtld_flags2 &= ~RT_FL2_FTL2WARN;
926 			}
927 		}
928 		lml_main.lm_tflags |= auditors->ad_flags;
929 	}
930 	if (AUDITORS(mlmp)) {
931 		/*
932 		 * Any object required auditing (set with a DT_DEPAUDIT dynamic
933 		 * entry) that can't be established is fatal.
934 		 */
935 		if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) {
936 			/*
937 			 * If this object requires global auditing, use the
938 			 * local auditing information to set the global
939 			 * auditing descriptor.  The effect is that a
940 			 * DT_DEPAUDIT act as an LD_AUDIT.
941 			 */
942 			if ((auditors == 0) &&
943 			    ((auditors = calloc(1, sizeof (Audit_desc))) == 0))
944 				return (0);
945 
946 			auditors->ad_name = AUDITORS(mlmp)->ad_name;
947 			if (audit_setup(mlmp, auditors, 0, NULL) == 0)
948 				return (0);
949 			lml_main.lm_tflags |= auditors->ad_flags;
950 
951 			/*
952 			 * Clear the local auditor information.
953 			 */
954 			free((void *) AUDITORS(mlmp));
955 			AUDITORS(mlmp) = 0;
956 
957 		} else {
958 			/*
959 			 * Establish any local auditing.
960 			 */
961 			if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0)
962 				return (0);
963 
964 			FLAGS1(mlmp) |= AUDITORS(mlmp)->ad_flags;
965 			lml_main.lm_flags |= LML_FLG_LOCAUDIT;
966 		}
967 	}
968 
969 	/*
970 	 * Explicitly add the initial object and ld.so.1 to those objects being
971 	 * audited.  Note, although the ld.so.1 link-map isn't auditable,
972 	 * establish a cookie for ld.so.1 as this may be bound to via the
973 	 * dl*() family.
974 	 */
975 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_MASK) {
976 		if (((audit_objopen(mlmp, mlmp) == 0) ||
977 		    (audit_objopen(mlmp, rlmp) == 0)) &&
978 		    (FLAGS1(mlmp) & LML_TFLG_AUD_MASK))
979 			return (0);
980 	}
981 
982 	/*
983 	 * Map in any preloadable shared objects.  Note, it is valid to preload
984 	 * a 4.x shared object with a 5.0 executable (or visa-versa), as this
985 	 * functionality is required by ldd(1).
986 	 */
987 	if (rpl_preload && (preload(rpl_preload, mlmp) == 0))
988 		return (0);
989 	if (prm_preload && (preload(prm_preload, mlmp) == 0))
990 		return (0);
991 
992 	/*
993 	 * Load all dependent (needed) objects.
994 	 */
995 	if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, NULL) == 0)
996 		return (0);
997 
998 	/*
999 	 * Relocate all the dependencies we've just added.
1000 	 *
1001 	 * If this process has been established via crle(1), the environment
1002 	 * variable LD_CONFGEN will have been set.  crle(1) may create this
1003 	 * process twice.  The first time crle only needs to gather dependency
1004 	 * information.  The second time, is to dldump() the images.
1005 	 *
1006 	 * If we're only gathering dependencies, relocation is unnecessary.
1007 	 * As crle(1) may be building an arbitrary family of objects, they may
1008 	 * not fully relocate either.  Hence the relocation phase is not carried
1009 	 * out now, but will be called by crle(1) once all objects have been
1010 	 * loaded.
1011 	 */
1012 	if ((rtld_flags & RT_FL_CONFGEN) == 0) {
1013 
1014 		DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
1015 
1016 		if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp,
1017 		    mlmp, NULL) == 0)
1018 			return (0);
1019 
1020 		/*
1021 		 * Inform the debuggers we're here and stable.  Newer debuggers
1022 		 * can indicate their presence by setting the DT_DEBUG entry in
1023 		 * the dynamic executable (see elf_new_lm()).  In this case call
1024 		 * getpid() so the debugger can catch the system call.  This
1025 		 * handshake allows the debugger to initialize, and consequently
1026 		 * allows the user to set break points in .init code.
1027 		 */
1028 		rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT);
1029 		rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT);
1030 
1031 		if (rtld_flags & RT_FL_DEBUGGER) {
1032 			r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG;
1033 			(void) getpid();
1034 		}
1035 	}
1036 
1037 	/*
1038 	 * Indicate preinit activity, and call any auditing routines.  These
1039 	 * routines are called before initializing any threads via libc, or
1040 	 * before collecting the complete set of .inits on the primary link-map.
1041 	 * Although most libc interfaces are encapsulated in local routines
1042 	 * within libc, they have been known to escape (ie. call a .plt).  As
1043 	 * the appcert auditor uses preinit as a trigger to establish some
1044 	 * external interfaces to the main link-maps libc, we need to activate
1045 	 * this trigger before exercising any code within libc.  Additionally,
1046 	 * I wouldn't put it past an auditor to add additional objects to the
1047 	 * primary link-map.  Hence, we collect .inits after the audit call.
1048 	 */
1049 	rd_event(&lml_main, RD_PREINIT, 0);
1050 
1051 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_ACTIVITY)
1052 		audit_activity(mlmp, LA_ACT_CONSISTENT);
1053 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_PREINIT)
1054 		audit_preinit(mlmp);
1055 
1056 	/*
1057 	 * If we're creating initial configuration information, we're done
1058 	 * now that the auditing step has been called.
1059 	 */
1060 	if (rtld_flags & RT_FL_CONFGEN) {
1061 		leave(LIST(mlmp), 0);
1062 		return (mlmp);
1063 	}
1064 
1065 	/*
1066 	 * Sort the .init sections of all objects we've added.  If we're
1067 	 * tracing we only need to execute this under ldd(1) with the -i or -u
1068 	 * options.
1069 	 */
1070 	lmflags = lml_main.lm_flags;
1071 	if (((lmflags & LML_FLG_TRC_ENABLE) == 0) ||
1072 	    (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) {
1073 		if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init,
1074 		    RT_SORT_REV)) == (Rt_map **)S_ERROR)
1075 			return (0);
1076 	}
1077 
1078 	/*
1079 	 * If we are tracing we're done.  This is the one legitimate use of a
1080 	 * direct call to rtldexit() rather than return, as we don't want to
1081 	 * return and jump to the application.
1082 	 */
1083 	if (lmflags & LML_FLG_TRC_ENABLE) {
1084 		unused(&lml_main);
1085 		rtldexit(&lml_main, 0);
1086 	}
1087 
1088 #ifdef	AT_SUN_AUXFLAGS
1089 	/*
1090 	 * Check if this instance of the linker should have a primary link
1091 	 * map.  This flag allows multiple copies of the -same- -version-
1092 	 * of the linker (and libc) to run in the same address space.
1093 	 *
1094 	 * Without this flag we only support one copy of the linker in a
1095 	 * process because by default the linker will always try to
1096 	 * initialize at one primary link map  The copy of libc which is
1097 	 * initialized on a primary link map will initalize global TLS
1098 	 * data which can be shared with other copies of libc in the
1099 	 * process.  The problem is that if there is more than one copy
1100 	 * of the linker, only one copy should link libc onto a primary
1101 	 * link map, otherwise libc will attempt to re-initialize global
1102 	 * TLS data.  So when a copy of the linker is loaded with this
1103 	 * flag set, it will not initialize any primary link maps since
1104 	 * persumably another copy of the linker will do this.
1105 	 *
1106 	 * Note that this flag only allows multiple copies of the -same-
1107 	 * -version- of the linker (and libc) to coexist.  This approach
1108 	 * will not work if we are trying to load different versions of
1109 	 * the linker and libc into the same process.  The reason for
1110 	 * this is that the format of the global TLS data may not be
1111 	 * the same for different versions of libc.  In this case each
1112 	 * different version of libc must have it's own primary link map
1113 	 * and be able to maintain it's own TLS data.  The only way this
1114 	 * can be done is by carefully managing TLS pointers on transitions
1115 	 * between code associated with each of the different linkers.
1116 	 * Note that this is actually what is done for processes in lx
1117 	 * branded zones.  Although in the lx branded zone case, the
1118 	 * other linker and libc are actually gld and glibc.  But the
1119 	 * same general TLS management mechanism used by the lx brand
1120 	 * would apply to any attempts to run multiple versions of the
1121 	 * solaris linker and libc in a single process.
1122 	 */
1123 	if (auxflags & AF_SUN_NOPLM)
1124 		rtld_flags2 |= RT_FL2_NOPLM;
1125 #endif
1126 	/*
1127 	 * Establish any static TLS for this primary link-map.  Note, regardless
1128 	 * of whether TLS is available, an initial handshake occurs with libc to
1129 	 * indicate we're processing the primary link-map.  Having identified
1130 	 * the primary link-map, initialize threads.
1131 	 */
1132 	if (rt_get_extern(&lml_main, mlmp) == 0)
1133 		return (0);
1134 
1135 	if ((rtld_flags2 & RT_FL2_NOPLM) == 0) {
1136 		if (tls_statmod(&lml_main, mlmp) == 0)
1137 			return (0);
1138 		rt_thr_init(&lml_main);
1139 		rtld_flags2 |= RT_FL2_PLMSETUP;
1140 	} else {
1141 		rt_thr_init(&lml_main);
1142 	}
1143 
1144 	rtld_flags |= RT_FL_APPLIC;
1145 
1146 	/*
1147 	 * Fire all dependencies .init sections.  Identify any unused
1148 	 * dependencies, and leave the runtime linker - effectively calling
1149 	 * the dynamic executables entry point.
1150 	 */
1151 	call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp,
1152 	    SHT_PREINIT_ARRAY);
1153 
1154 	if (tobj)
1155 		call_init(tobj, DBG_INIT_SORT);
1156 
1157 	rd_event(&lml_main, RD_POSTINIT, 0);
1158 
1159 	unused(&lml_main);
1160 
1161 	DBG_CALL(Dbg_util_call_main(mlmp));
1162 
1163 	rtld_flags |= RT_FL_OPERATION;
1164 	leave(LIST(mlmp), 0);
1165 
1166 	return (mlmp);
1167 }
1168