1#!/usr/perl5/bin/perl -w 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2006 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27# ident "%Z%%M% %I% %E% SMI" 28# 29 30# 31# Check ELF information. 32# 33# This script descends a directory hierarchy inspecting ELF dynamic executables 34# and shared objects. The general theme is to verify that common Makefile rules 35# have been used to build these objects. Typical failures occur when Makefile 36# rules are re-invented rather than being inherited from "cmd/lib" Makefiles. 37# 38# As always, a number of components don't follow the rules, and these are 39# excluded to reduce this scripts output. Pathnames used for this exclusion 40# assume this script is being run over a "proto" area. The -a (all) option 41# skips any exclusions. 42# 43# By default any file that has conditions that should be reported is first 44# listed and then each condition follows. The -o (one-line) option produces a 45# more terse output which is better for sorting/diffing with "nightly". 46# 47# NOTE: missing dependencies, symbols or versions are reported by running the 48# file through ldd(1). As objects within a proto area are built to exist in a 49# base system, standard use of ldd(1) will bind any objects to dependencies 50# that exist in the base system. It is frequently the case that newer objects 51# exist in the proto area that are required to satisfy other objects 52# dependencies, and without using these newer objects an ldd(1) will produce 53# misleading error messages. To compensate for this, the -d option (or the 54# existence of the CODEMSG_WS/ROOT environment variables) cause the creation of 55# alternative dependency mappings via crle(1) configuration files that establish 56# any proto shared objects as alternatives to their base system location. Thus 57# ldd(1) can be executed against these configuration files so that objects in a 58# proto area bind to their dependencies in the same proto area. 59 60 61# Define all global variables (required for strict) 62use vars qw($SkipDirs $SkipFiles $SkipTextrelFiles); 63use vars qw($SkipUndefDirs $SkipUndefFiles $SkipUnusedDirs $SkipUnusedFiles); 64use vars qw($SkipStabFiles $SkipNoExStkFiles); 65use vars qw($UnusedNoise $Prog $Mach $Isalist $Env $Ena64 $Tmpdir $Error); 66use vars qw($UnusedFiles $UnusedPaths $LddNoU $Crle32 $Crle64 $Conf32 $Conf64); 67use vars qw($SkipInterps $OldDeps %opt); 68 69use strict; 70 71 72# Define any directories we should skip completely. 73$SkipDirs = qr{ 74 etc/lib | # special - used for partial statics 75 usr/lib/devfsadm | # 4382889 76 usr/lib/libc | # optimized libc 77 usr/lib/rcm | # 4426119 78 usr/perl5 | # alan's taking care of these :-) 79 usr/src # no need to look at shipped source 80}x; 81 82# Define any files we should skip completely. 83$SkipFiles = qr{ ^(?: 84 ld\.so\.1 | # confusing but correct dependencies 85 lddstub | # lddstub has no dependencies 86 libmakestate\.so\.1 | # temporary; delivered by compiler group 87 libm\.so\.1 | # temporary; delivered by compiler group 88 libm\.so\.2 | # temporary; delivered by compiler group 89 geniconvtbl\.so | # 4384329 90 libssagent\.so\.1 | # 4328854 91 libpsvcplugin_psr\.so\.1 | # 4385799 92 libpsvcpolicy_psr\.so\.1 | # " " 93 libpsvcpolicy\.so\.1 | # " " 94 picl_slm\.so | # " " 95 libcrypto_extra\.so\.0\.9\.8 | # OpenSSL SUNWcry filter lib 96 libssl_extra\.so\.0\.9\.8 | # OpenSSL SUNWcry filter lib 97 fcpackage\.so | # circular dependency on fcthread.so 98 grub 99 )$ 100}x; 101 102# Define any files that are allowed text relocations. 103$SkipTextrelFiles = qr{ ^(?: 104 unix | # kernel models are non-pic 105 mdb # relocations against __RTC (dbx) 106 )$ 107}x; 108 109# Define any files that are allowed undefined references. 110$SkipUndefDirs = qr{ 111 usr/lib/inet/ppp/ | # pppd plugins have callbacks 112 usr/lib/libp/ | # libc.so.1 requires _mcount 113 usr/lib/vold/ | # vold dependencies have callbacks 114 usr/lib/rmmount | # rmmount actions have callbacks 115 /lib/mdb/ | # mdb modules have callbacks 116 /lib/fm/fmd/plugins/ | # fmd modules have callbacks 117 /lib/fm/fmd/schemes/ | # fmd schemes have callbacks 118 /i86pc/lib/mtst/ # mtst modules have callbacks 119}x; 120 121$SkipUndefFiles = qr{ ^(?: 122 libthread_db\.so\.0 | # callbacks to proc service interface 123 libthread_db\.so\.1 | # " " " " 124 librtld_db\.so\.1 | # " " " " 125 libc_db\.so\.1 | # " " " " 126 libldstab\.so\.1 | # link-edit support libraries have 127 libld\.so\.[2-4] | # callback to the link-editors 128 liblddbg\.so\.4 | # " " " " 129 librtld\.so\.1 | # " " " " 130 libnisdb\.so\.2 | # C++ 131 libsvm\.so\.1 | # libspmicommon.so.1 lacking 132 libwanboot\.so\.1 | # libcrypto.a and libssl.a 133 libwrap\.so\.1\.0 | # uses symbols provided by application 134 fcthread\.so | # uses symbols provided by application 135 fn\.so\.2 | # callback to automount 136 preen_md\.so\.1 | # callback to driver 137 libike\.so\.1 | # callbacks to in.iked for IKE policy 138 devfsadmd_mod\.so | # sysevent module callback to syseventd 139 sysevent_conf_mod\.so | # sysevent module callback to syseventd 140 sysevent_reg_mod\.so # sysevent module callback to syseventd 141 )$ 142}x; 143 144# Define any files that have unused dependencies. 145$SkipUnusedDirs = qr{ 146 lib/picl/plugins/ | # require devtree dependencies 147 /lib/libp # profile libc makes libm an unused 148}x; # dependency of standard libc 149 150$SkipUnusedFiles = qr{ ^(?: 151 devfsadm | # 4382889 152 disks | # " " 153 tapes | # " " 154 ports | # " " 155 audlinks | # " " 156 devlinks | # " " 157 drvconfig | # " " 158 ntptrace | # on intel doesn't need libmd5 159 rmmount | # 4418770, volmgt dependency is required 160 # to compensate for SunPCi. 161 ocfserv | # libsched unreference by libjvm, 162 poold | # see 4952319. 163 libc\.so\.1\.9 | # 4lib/libc versions have private 164 libc\.so\.2\.9 # copies of stuff from libc. 165 )$ 166}x; 167 168# Define any files that should contain debugging information. 169$SkipStabFiles = qr{ ^(?: 170 abi_.* | 171 interceptors\.so\.1 | 172 unix 173 )$ 174}x; 175 176# Define any files that don't require a non-executable stack definition. 177$SkipNoExStkFiles = qr{ ^(?: 178 forth | 179 unix | 180 multiboot 181 )$ 182}x; 183 184# Define any files that should only have unused (ldd -u) processing. 185$UnusedPaths = qr{ 186 ucb/shutdown # libucb interposes on libc and makes 187 # dependencies on libc seem unnecessary 188}x; 189 190$UnusedFiles = qr{ ^(?: 191 rpc\.nisd # CCNEEDED makes pthread unreferenced 192 )$ 193}x; 194 195# Define unused dependencies we should ignore. 196# libCrun has a unnecessary dependency on libw, and libmapmalloc is often 197# defined to interpose on libc but isn't used by the application itself. 198# Threads dependencies look unused if libc is bound first. 199$UnusedNoise = qr{ 200 libw\.so\.1;\ unused | 201 unused\ object=.*libw\.so\.1 | 202 libthread\.so\.1;\ unused | 203 libpthread\.so\.1;\ unused | 204 unused\ object=.*libpthread\.so\.1 | 205 libnsl\.so\.1;\ unused\ dependency\ of\ .*libxslt\.so\.1 | 206 libdl\.so\.1;\ unused\ dependency\ of\ .*libspmicommon\.so\.1 | 207 libdl\.so\.1;\ unused\ dependency\ of\ .*libCrun\.so\.1 | 208 libfru\.so\.1;\ unused\ object=.*libdl\.so\.1 | 209 libfrupicl\.so\.1;\ unused\ object=.*libdl\.so\.1 | 210 libmapmalloc\.so\.1;\ unused | 211 unused\ dependency\ of\ .*libstdc\+\+\.so\.6 | 212 unreferenced\ object=.*libstdc\+\+\.so\.6 | 213 unused\ dependency\ of\ .*libnetsnmphelpers\.so\.5 | 214 unused\ dependency\ of\ .*libnetsnmpmibs\.so\.5 | 215 unused\ dependency\ of\ .*libnetsnmpagent\.so\.5 216}x; 217 218# Define interpreters we should ignore. 219$SkipInterps = qr{ 220 misc/krtld | 221 misc/amd64/krtld | 222 misc/sparcv9/krtld 223}x; 224 225# Catch libintl and libw, although ld(1) will bind to these and thus determine 226# they're needed, their content was moved into libc as of on297 build 7. 227# libthread and libpthread were completely moved into libc as of on10 build 53. 228# Also, catch libdl, whose content was moved into libc as of on10 build 49. 229$OldDeps = qr{ ^(?: 230 libintl\.so\.1 | 231 libw\.so\.1 | 232 libthread\.so\.1 | 233 libpthread\.so\.1 | 234 libdl\.so\.1 235 )$ 236}x; 237 238use Getopt::Std; 239 240# ----------------------------------------------------------------------------- 241 242# Reliably compare two OS revisions. Arguments are <ver1> <op> <ver2>. 243# <op> is the string form of a normal numeric comparison operator. 244sub cmp_os_ver { 245 my @ver1 = split(/\./, $_[0]); 246 my $op = $_[1]; 247 my @ver2 = split(/\./, $_[2]); 248 249 push @ver2, ("0") x $#ver1 - $#ver2; 250 push @ver1, ("0") x $#ver2 - $#ver1; 251 252 my $diff = 0; 253 while (@ver1 || @ver2) { 254 if (($diff = shift(@ver1) - shift(@ver2)) != 0) { 255 last; 256 } 257 } 258 return (eval "$diff $op 0" ? 1 : 0); 259} 260 261# This script relies on ldd returning output reflecting only the binary 262# contents. But if LD_PRELOAD* environment variables are present, libraries 263# named by them will also appear in the output, disrupting our analysis. 264# So, before we get too far, scrub the environment. 265 266delete($ENV{LD_PRELOAD}); 267delete($ENV{LD_PRELOAD_32}); 268delete($ENV{LD_PRELOAD_64}); 269 270# Establish a program name for any error diagnostics. 271chomp($Prog = `basename $0`); 272 273# Determine what machinery is available. 274$Mach = `uname -p`; 275$Isalist = `isalist`; 276$Env = ""; 277if ($Mach =~ /sparc/) { 278 if ($Isalist =~ /sparcv9/) { 279 $Ena64 = "ok"; 280 } 281} elsif ($Mach =~ /i386/) { 282 if ($Isalist =~ /amd64/) { 283 $Ena64 = "ok"; 284 } 285} 286 287# Check that we have arguments. 288if ((getopts('ad:imos', \%opt) == 0) || ($#ARGV == -1)) { 289 print "usage: $Prog [-a] [-d depdir] [-m] [-o] [-s] file | dir, ...\n"; 290 print "\t[-a]\t\tprocess all files (ignore any exception lists)\n"; 291 print "\t[-d dir]\testablish dependencies from under directory\n"; 292 print "\t[-i]\t\tproduce dynamic table entry information\n"; 293 print "\t[-m]\t\tprocess mcs(1) comments\n"; 294 print "\t[-o]\t\tproduce one-liner output (prefixed with pathname)\n"; 295 print "\t[-s]\t\tprocess .stab and .symtab entries\n"; 296 exit 1; 297} else { 298 my($Proto); 299 300 if ($opt{d}) { 301 # User specified dependency directory - make sure it exists. 302 if (! -d $opt{d}) { 303 print "$Prog: $opt{d} is not a directory\n"; 304 exit 1; 305 } 306 $Proto = $opt{d}; 307 308 } elsif ($ENV{CODEMGR_WS}) { 309 my($Root); 310 311 # Without a user specified dependency directory see if we're 312 # part of a codemanager workspace and if a proto area exists. 313 if (($Root = $ENV{ROOT}) && (-d $Root)) { 314 $Proto = $Root; 315 } 316 } 317 318 if (!($Tmpdir = $ENV{TMPDIR}) || (! -d $Tmpdir)) { 319 $Tmpdir = "/tmp"; 320 } 321 322 # Look for dependencies under $Proto. 323 if ($Proto) { 324 # To support alternative dependency mapping we'll need ldd(1)'s 325 # -e option. This is relatively new (s81_30), so make sure 326 # ldd(1)is capable before gathering any dependency information. 327 if (system('ldd -e /usr/lib/lddstub 2> /dev/null')) { 328 print "ldd: does not support -e, unable to "; 329 print "create alternative dependency mappingings.\n"; 330 print "ldd: option added under 4390308 (s81_30).\n\n"; 331 } else { 332 # Gather dependencies and construct a alternative 333 # dependency mapping via a crle(1) configuration file. 334 GetDeps($Proto, "/"); 335 GenConf(); 336 } 337 } 338 339 # To support unreferenced dependency detection we'll need ldd(1)'s -U 340 # option. This is relatively new (4638070), and if not available we 341 # can still fall back to -u. Even with this option, don't use -U with 342 # releases prior to 5.10 as the cleanup for -U use only got integrated 343 # into 5.10 under 4642023. Note, that nightly doesn't typically set a 344 # RELEASE from the standard <env> files. Users who wish to disable use 345 # of ldd(1)'s -U should set (or uncomment) RELEASE in their <env> file 346 # if using nightly, or otherwise establish it in their environment. 347 if (system('ldd -U /usr/lib/lddstub 2> /dev/null')) { 348 $LddNoU = 1; 349 } else { 350 my($Release); 351 352 if (($Release = $ENV{RELEASE}) && 353 (cmp_os_ver($Release, "<", "5.10"))) { 354 $LddNoU = 1; 355 } else { 356 $LddNoU = 0; 357 } 358 } 359 360 # For each argument determine if we're dealing with a file or directory. 361 foreach my $Arg (@ARGV) { 362 # Ignore symbolic links. 363 if (-l $Arg) { 364 next; 365 } 366 367 if (!stat($Arg)) { 368 next; 369 } 370 371 # Process simple files. 372 if (-f _) { 373 my($RelPath) = $Arg; 374 my($File) = $Arg; 375 my($Secure) = 0; 376 377 $RelPath =~ s!^.*/!./!; 378 $File =~ s!^.*/!!; 379 380 if (-u _ || -g _) { 381 $Secure = 1; 382 } 383 384 ProcFile($Arg, $RelPath, $File, $Secure); 385 next; 386 } 387 # Process directories. 388 if (-d _) { 389 ProcDir($Arg, "."); 390 next; 391 } 392 393 print "$Arg is not a file or directory\n"; 394 $Error = 1; 395 } 396 397 # Cleanup 398 CleanUp(); 399} 400 401$Error = 0; 402 403# Clean up and temporary files. 404sub CleanUp { 405 if ($Crle64) { 406 unlink $Crle64; 407 } 408 if ($Conf64) { 409 unlink $Conf64; 410 } 411 if ($Crle32) { 412 unlink $Crle32; 413 } 414 if ($Conf32) { 415 unlink $Conf32; 416 } 417} 418 419# Create an output message, either a one-liner (under -o) or preceded by the 420# files relative pathname as a title. 421sub OutMsg { 422 my($Ttl, $Path, $Msg) = @_; 423 424 if ($opt{o}) { 425 $Msg =~ s/^[ \t]*//; 426 print "$Path: $Msg\n"; 427 } else { 428 if ($Ttl eq 0) { 429 print "==== $Path ====\n"; 430 } 431 print "$Msg\n"; 432 } 433} 434 435# Determine whether this a ELF dynamic object and if so investigate its runtime 436# attributes. 437sub ProcFile { 438 my($FullPath, $RelPath, $File, $Secure) = @_; 439 my(@Elf, @Ldd, $Dyn, $Intp, $Dll, $Ttl, $Sym, $Interp, $Stack); 440 my($Sun, $Relsz, $Pltsz, $Uns, $Tex, $Stab, $Strip, $Lddopt); 441 my($Val, $Header, $SkipLdd, $IsX86, $RWX); 442 443 # Ignore symbolic links. 444 if (-l $FullPath) { 445 return; 446 } 447 448 $Ttl = 0; 449 @Ldd = 0; 450 451 # Determine whether we have access to inspect the file. 452 if (!(-r $FullPath)) { 453 OutMsg($Ttl++, $RelPath, 454 "\tunable to inspect file: permission denied"); 455 return; 456 } 457 458 # Determine if this is a file we don't care about. 459 if (!$opt{a}) { 460 if ($File =~ $SkipFiles) { 461 return; 462 } 463 } 464 465 # Determine whether we have a executable (static or dynamic) or a 466 # shared object. 467 @Elf = split(/\n/, `elfdump -epdic $FullPath 2>&1`); 468 469 $Dyn = $Intp = $Dll = $Stack = $IsX86 = $RWX = 0; 470 $Interp = 1; 471 $Header = 'None'; 472 foreach my $Line (@Elf) { 473 # If we have an invalid file type (which we can tell from the 474 # first line), or we're processing an archive, bail. 475 if ($Header eq 'None') { 476 if (($Line =~ /invalid file/) || 477 ($Line =~ /$FullPath(.*):/)) { 478 return; 479 } 480 } 481 482 if ($Line =~ /^ELF Header/) { 483 $Header = 'Ehdr'; 484 485 } elsif ($Line =~ /^Program Header/) { 486 $Header = 'Phdr'; 487 $RWX = 0; 488 489 } elsif ($Line =~ /^Interpreter/) { 490 $Header = 'Intp'; 491 492 } elsif ($Line =~ /^Dynamic Section/) { 493 # A dynamic section indicates we're a dynamic object 494 # (this makes sure we don't check static executables). 495 $Dyn = 1; 496 497 } elsif (($Header eq 'Ehdr') && ($Line =~ /e_type:/)) { 498 # The e_type field indicates whether this file is a 499 # shared object (ET_DYN) or an executable (ET_EXEC). 500 if ($Line =~ /ET_DYN/) { 501 $Dll = 1; 502 } elsif ($Line !~ /ET_EXEC/) { 503 return; 504 } 505 } elsif (($Header eq 'Ehdr') && ($Line =~ /ei_class:/)) { 506 # If we encounter a 64-bit object, but we're not running 507 # on a 64-bit system, suppress calling ldd(1). 508 if (($Line =~ /ELFCLASS64/) && !$Ena64) { 509 $SkipLdd = 1; 510 } 511 } elsif (($Header eq 'Ehdr') && ($Line =~ /e_machine:/)) { 512 # If it's a X86 object, we need to enforce RW- data. 513 if (($Line =~ /(EM_AMD64|EM_386)/)) { 514 $IsX86 = 1; 515 } 516 } elsif (($Header eq 'Phdr') && 517 ($Line =~ /\[ PF_X PF_W PF_R \]/)) { 518 # RWX segment seen. 519 $RWX = 1; 520 521 } elsif (($Header eq 'Phdr') && 522 ($Line =~ /\[ PT_LOAD \]/ && $RWX && $IsX86)) { 523 # Seen an RWX PT_LOAD segment. 524 if ($File !~ $SkipNoExStkFiles) { 525 OutMsg($Ttl++, $RelPath, 526 "\tapplication requires non-executable " . 527 "data\t<no -Mmapfile_noexdata?>"); 528 } 529 530 } elsif (($Header eq 'Phdr') && 531 ($Line =~ /\[ PT_SUNWSTACK \]/)) { 532 # This object defines a non-executable stack. 533 $Stack = 1; 534 535 } elsif (($Header eq 'Intp') && !$opt{a} && 536 ($Line =~ $SkipInterps)) { 537 # This object defines an interpretor we should skip. 538 $Interp = 0; 539 } 540 } 541 542 # Determine whether this ELF executable or shared object has a 543 # conforming mcs(1) comment section. If the correct $(POST_PROCESS) 544 # macros are used, only a 3 or 4 line .comment section should exist 545 # containing one or two "@(#)SunOS" identifying comments (one comment 546 # for a non-debug build, and two for a debug build). The results of 547 # the following split should be three or four lines, the last empty 548 # line being discarded by the split. 549 if ($opt{m}) { 550 my(@Mcs, $Con, $Dev); 551 552 @Mcs = split(/\n/, `mcs -p $FullPath 2>&1`); 553 554 $Con = $Dev = $Val = 0; 555 foreach my $Line (@Mcs) { 556 $Val++; 557 558 if (($Val == 3) && ($Line !~ /^@\(#\)SunOS/)) { 559 $Con = 1; 560 last; 561 } 562 if (($Val == 4) && ($Line =~ /^@\(#\)SunOS/)) { 563 $Dev = 1; 564 next; 565 } 566 if (($Dev == 0) && ($Val == 4)) { 567 $Con = 1; 568 last; 569 } 570 if (($Dev == 1) && ($Val == 5)) { 571 $Con = 1; 572 last; 573 } 574 } 575 if ($opt{m} && ($Con == 1)) { 576 OutMsg($Ttl++, $RelPath, 577 "\tnon-conforming mcs(1) comment\t<no \$(POST_PROCESS)?>"); 578 } 579 } 580 581 # Applications should contain a non-executable stack definition. 582 if (($Dll == 0) && ($Stack == 0)) { 583 if (!$opt{a}) { 584 if ($File =~ $SkipNoExStkFiles) { 585 goto DYN; 586 } 587 } 588 OutMsg($Ttl++, $RelPath, 589 "\tapplication requires non-executable stack\t<no -Mmapfile_noexstk?>"); 590 } 591 592DYN: 593 # Having caught any static executables in the mcs(1) check and non- 594 # executable stack definition check, continue with dynamic objects 595 # from now on. 596 if ($Dyn eq 0) { 597 return; 598 } 599 600 # Only use ldd unless we've encountered an interpreter that should 601 # ne skipped. 602 if (!$SkipLdd && $Interp) { 603 if ($Secure) { 604 # The execution of a secure application over an nfs file 605 # system mounted nosuid will result in warning messages 606 # being sent to /var/adm/messages. As this type of 607 # environment can occur with root builds, move the file 608 # being investigated to a safe place first. In addition 609 # remove its secure permission so that it can be 610 # influenced by any alternative dependency mappings. 611 612 my($TmpPath) = "$Tmpdir/$File"; 613 614 system('cp', $FullPath, $TmpPath); 615 chmod 0777, $TmpPath; 616 $FullPath = $TmpPath; 617 } 618 619 # Use ldd(1) to determine the objects relocatability and use. 620 # By default look for all unreferenced dependencies. However, 621 # some objects have legitimate dependencies that they do not 622 # reference. 623 if ($LddNoU || ($File =~ $UnusedFiles) || 624 ($RelPath =~ $UnusedPaths)) { 625 $Lddopt = "-ru"; 626 } else { 627 $Lddopt = "-rU"; 628 } 629 @Ldd = split(/\n/, `ldd $Lddopt $Env $FullPath 2>&1`); 630 if ($Secure) { 631 unlink $FullPath; 632 } 633 } 634 635 $Val = 0; 636 $Sym = 5; 637 $Uns = 1; 638 639LDD: foreach my $Line (@Ldd) { 640 641 if ($Val == 0) { 642 $Val = 1; 643 # Make sure ldd(1) worked. One possible failure is that 644 # this is an old ldd(1) prior to -e addition (4390308). 645 if ($Line =~ /usage:/) { 646 $Line =~ s/$/\t<old ldd(1)?>/; 647 OutMsg($Ttl++, $RelPath, $Line); 648 last; 649 } elsif ($Line =~ /execution failed/) { 650 OutMsg($Ttl++, $RelPath, $Line); 651 last; 652 } 653 654 # It's possible this binary can't be executed, ie. we've 655 # found a sparc binary while running on an intel system, 656 # or a sparcv9 binary on a sparcv7/8 system. 657 if ($Line =~ /wrong class/) { 658 OutMsg($Ttl++, $RelPath, 659 "\thas wrong class or data encoding"); 660 next; 661 } 662 663 # Historically, ldd(1) likes executable objects to have 664 # their execute bit set. Note that this test isn't 665 # applied unless the -a option is in effect, as any 666 # non-executable files are skipped by default to reduce 667 # the cost of running this script. 668 if ($Line =~ /not executable/) { 669 OutMsg($Ttl++, $RelPath, 670 "\tis not executable"); 671 next; 672 } 673 } 674 675 # Look for "file" or "versions" that aren't found. Note that 676 # these lines will occur before we find any symbol referencing 677 # errors. 678 if (($Sym == 5) && ($Line =~ /not found\)/)) { 679 if ($Line =~ /file not found\)/) { 680 $Line =~ s/$/\t<no -zdefs?>/; 681 } 682 OutMsg($Ttl++, $RelPath, $Line); 683 next; 684 } 685 # Look for relocations whose symbols can't be found. Note, we 686 # only print out the first 5 relocations for any file as this 687 # output can be excessive. 688 if ($Sym && ($Line =~ /symbol not found/)) { 689 # Determine if this file is allowed undefined 690 # references. 691 if ($Sym == 5) { 692 if (!$opt{a}) { 693 if ($RelPath =~ $SkipUndefDirs) { 694 $Sym = 0; 695 next LDD; 696 } 697 if ($File =~ $SkipUndefFiles) { 698 $Sym = 0; 699 next LDD; 700 } 701 } 702 } 703 if ($Sym-- == 1) { 704 if (!$opt{o}) { 705 OutMsg($Ttl++, $RelPath, 706 "\tcontinued ..."); 707 } 708 next; 709 } 710 # Just print the symbol name. 711 $Line =~ s/$/\t<no -zdefs?>/; 712 OutMsg($Ttl++, $RelPath, $Line); 713 next; 714 } 715 # Look for any unused dependencies. 716 if ($Uns && ($Line =~ /unused/)) { 717 if (!$opt{a}) { 718 if ($RelPath =~ $SkipUnusedDirs) { 719 $Uns = 0; 720 next LDD; 721 } 722 if ($File =~ $SkipUnusedFiles) { 723 $Uns = 0; 724 next LDD; 725 } 726 727 # Remove any noise. 728 if ($Line =~ $UnusedNoise) { 729 $Uns = 0; 730 next LDD; 731 } 732 } 733 if ($Secure) { 734 $Line =~ s!$Tmpdir/!!; 735 } 736 $Line =~ s/^[ \t]*(.*)/\t$1\t<remove lib or -zignore?>/; 737 OutMsg($Ttl++, $RelPath, $Line); 738 next; 739 } 740 } 741 742 # Reuse the elfdump(1) data to investigate additional dynamic linking 743 # information. 744 745 $Sun = $Relsz = $Pltsz = $Dyn = $Stab = 0; 746 $Tex = $Strip = 1; 747 748 $Header = 'None'; 749ELF: foreach my $Line (@Elf) { 750 # We're only interested in the section headers and the dynamic 751 # section. 752 if ($Line =~ /^Section Header/) { 753 $Header = 'Shdr'; 754 755 if (($Sun == 0) && ($Line =~ /\.SUNW_reloc/)) { 756 # This object has a combined relocation section. 757 $Sun = 1; 758 759 } elsif (($Stab == 0) && ($Line =~ /\.stab/)) { 760 # This object contain .stabs sections 761 $Stab = 1; 762 } 763 764 if (($Strip == 1) && ($Line =~ /\.symtab/)) { 765 # This object contains a complete symbol table. 766 $Strip = 0; 767 } 768 next; 769 770 } elsif ($Line =~ /^Dynamic Section/) { 771 $Header = 'Dyn'; 772 next; 773 } elsif ($Header ne 'Dyn') { 774 next; 775 } 776 777 # Does this object contain text relocations. 778 if ($Tex && ($Line =~ /TEXTREL/)) { 779 # Determine if this file is allowed text relocations. 780 if (!$opt{a}) { 781 if ($File =~ $SkipTextrelFiles) { 782 $Tex = 0; 783 next ELF; 784 } 785 } 786 OutMsg($Ttl++, $RelPath, 787 "\tTEXTREL .dynamic tag\t\t\t<no -Kpic?>"); 788 $Tex = 0; 789 next; 790 } 791 792 # Does this file have any relocation sections (there are a few 793 # psr libraries with no relocations at all, thus a .SUNW_reloc 794 # section won't exist either). 795 if (($Relsz == 0) && ($Line =~ / RELA?SZ/)) { 796 $Relsz = hex((split(' ', $Line))[2]); 797 next; 798 } 799 800 # Does this file have any plt relocations. If the plt size is 801 # equivalent to the total relocation size then we don't have 802 # any relocations suitable for combining into a .SUNW_reloc 803 # section. 804 if (($Pltsz == 0) && ($Line =~ / PLTRELSZ/)) { 805 $Pltsz = hex((split(' ', $Line))[2]); 806 next; 807 } 808 809 # Under the -i (information) option print out any useful dynamic 810 # entries. 811 # Does this object have any dependencies. 812 if ($opt{i} && ($Line =~ /NEEDED/)) { 813 my($Need) = (split(' ', $Line))[3]; 814 815 # Catch any old (unnecessary) dependencies. 816 if ($Need =~ $OldDeps) { 817 OutMsg($Ttl++, $RelPath, 818 "\tNEEDED=$Need\t<dependency no longer necessary>"); 819 } else { 820 OutMsg($Ttl++, $RelPath, "\tNEEDED=$Need"); 821 } 822 next; 823 } 824 825 # Does this object specify a runpath. 826 if ($opt{i} && ($Line =~ /RPATH/)) { 827 my($Rpath) = (split(' ', $Line))[3]; 828 OutMsg($Ttl++, $RelPath, "\tRPATH=$Rpath"); 829 next; 830 } 831 } 832 833 # A shared object, that contains non-plt relocations, should have a 834 # combined relocation section indicating it was built with -z combreloc. 835 if ($Dll && $Relsz && ($Relsz != $Pltsz) && ($Sun == 0)) { 836 OutMsg($Ttl++, $RelPath, 837 "\tSUNW_reloc section missing\t\t<no -zcombreloc?>"); 838 } 839 840 # No objects released to a customer should have any .stabs sections 841 # remaining, they should be stripped. 842 if ($opt{s} && $Stab) { 843 if (!$opt{a}) { 844 if ($File =~ $SkipStabFiles) { 845 goto DONESTAB; 846 } 847 } 848 OutMsg($Ttl++, $RelPath, 849 "\tdebugging sections should be deleted\t<no strip -x?>"); 850 } 851 852DONESTAB: 853 854 # All objects should have a full symbol table to provide complete 855 # debugging stack traces. 856 if ($Strip) { 857 OutMsg($Ttl++, $RelPath, 858 "\tsymbol table should not be stripped\t<remove -s?>"); 859 } 860} 861 862 863sub ProcDir { 864 my($FullDir, $RelDir) = @_; 865 my($NewFull, $NewRel); 866 867 # Determine if this is a directory we don't care about. 868 if (!$opt{a}) { 869 if ($RelDir =~ $SkipDirs) { 870 return; 871 } 872 } 873 874 # Open the directory and read each entry, omit files starting with "." 875 if (opendir(DIR, $FullDir)) { 876 foreach my $Entry (readdir(DIR)) { 877 if ($Entry =~ /^\./) { 878 next; 879 } 880 $NewFull = "$FullDir/$Entry"; 881 882 # Ignore symlinks. 883 if (-l $NewFull) { 884 next; 885 } 886 if (!stat($NewFull)) { 887 next; 888 } 889 $NewRel = "$RelDir/$Entry"; 890 891 # Descend into and process any directories. 892 if (-d _) { 893 ProcDir($NewFull, $NewRel); 894 next; 895 } 896 897 # Typically dynamic objects are executable, so we can 898 # reduce the overall cost of this script (a lot!) by 899 # screening out non-executables here, rather than pass 900 # them to file(1) later. However, it has been known 901 # for shared objects to be mistakenly left non- 902 # executable, so with -a let all files through so that 903 # this requirement can be verified (see ProcFile()). 904 if (!$opt{a}) { 905 if (! -x _) { 906 next; 907 } 908 } 909 910 # Process any standard files. 911 if (-f _) { 912 my($Secure) = 0; 913 914 if (-u _ || -g _) { 915 $Secure = 1; 916 } 917 918 ProcFile($NewFull, $NewRel, $Entry, $Secure); 919 next; 920 } 921 922 } 923 closedir(DIR); 924 } 925} 926 927# Create a crle(1) script for any 64-bit dependencies we locate. A runtime 928# configuration file will be generated to establish alternative dependency 929# mappings for all these dependencies. 930 931sub Entercrle64 { 932 my($FullDir, $RelDir, $Entry) = @_; 933 934 if (!$Crle64) { 935 # Create and initialize the script if is doesn't already exit. 936 937 $Crle64 = "$Tmpdir/$Prog.crle64.$$"; 938 open(CRLE64, "> $Crle64") || 939 die "$Prog: open failed: $Crle64: $!"; 940 941 print CRLE64 "#!/bin/sh\ncrle -64\\\n"; 942 } 943 print CRLE64 "\t-o $FullDir -a $RelDir/$Entry \\\n"; 944} 945 946# Create a crle(1) script for any 32-bit dependencies we locate. A runtime 947# configuration file will be generated to establish alternative dependency 948# mappings for all these dependencies. 949 950sub Entercrle32 { 951 my($FullDir, $RelDir, $Entry) = @_; 952 953 if (!$Crle32) { 954 # Create and initialize the script if is doesn't already exit. 955 956 $Crle32 = "$Tmpdir/$Prog.crle32.$$"; 957 open(CRLE32, "> $Crle32") || 958 die "$Prog: open failed: $Crle32: $!"; 959 960 print CRLE32 "#!/bin/sh\ncrle \\\n"; 961 } 962 print CRLE32 "\t-o $FullDir -a $RelDir/$Entry \\\n"; 963} 964 965# Having finished gathering dependencies, complete any crle(1) scripts and 966# execute them to generate the associated runtime configuration files. In 967# addition establish the environment variable required to pass the configuration 968# files to ldd(1). 969 970sub GenConf { 971 if ($Crle64) { 972 $Conf64 = "$Tmpdir/$Prog.conf64.$$"; 973 print CRLE64 "\t-c $Conf64\n"; 974 975 chmod 0755, $Crle64; 976 close CRLE64; 977 978 if (system($Crle64)) { 979 undef $Conf64; 980 } 981 } 982 if ($Crle32) { 983 $Conf32 = "$Tmpdir/$Prog.conf32.$$"; 984 print CRLE32 "\t-c $Conf32\n"; 985 986 chmod 0755, $Crle32; 987 close CRLE32; 988 989 if (system($Crle32)) { 990 undef $Conf32; 991 } 992 } 993 994 if ($Crle64 && $Conf64 && $Crle32 && $Conf32) { 995 $Env = "-e LD_FLAGS=config_64=$Conf64,config_32=$Conf32"; 996 } elsif ($Crle64 && $Conf64) { 997 $Env = "-e LD_FLAGS=config_64=$Conf64"; 998 } elsif ($Crle32 && $Conf32) { 999 $Env = "-e LD_FLAGS=config_32=$Conf32"; 1000 } 1001} 1002 1003# Recurse through a directory hierarchy looking for appropriate dependencies. 1004 1005sub GetDeps { 1006 my($FullDir, $RelDir) = @_; 1007 my($NewFull); 1008 1009 # Open the directory and read each entry, omit files starting with "." 1010 if (opendir(DIR, $FullDir)) { 1011 foreach my $Entry (readdir(DIR)) { 1012 if ($Entry =~ /^\./) { 1013 next; 1014 } 1015 $NewFull = "$FullDir/$Entry"; 1016 1017 # We need to follow links so that any dependencies 1018 # are expressed in all their available forms. 1019 # Bail on symlinks like 32 -> . 1020 if (-l $NewFull) { 1021 if (readlink($NewFull) =~ /^\.$/) { 1022 next; 1023 } 1024 } 1025 if (!stat($NewFull)) { 1026 next; 1027 } 1028 1029 # If this is a directory descend into it. 1030 if (-d _) { 1031 my($NewRel); 1032 1033 if ($RelDir =~ /^\/$/) { 1034 $NewRel = "$RelDir$Entry"; 1035 } else { 1036 $NewRel = "$RelDir/$Entry"; 1037 } 1038 1039 GetDeps($NewFull, $NewRel); 1040 next; 1041 } 1042 1043 # If this is a regular file determine if its a 1044 # valid ELF dependency. 1045 if (-f _) { 1046 my($File); 1047 1048 # Typically shared object dependencies end with 1049 # ".so" or ".so.?", hence we can reduce the cost 1050 # of this script (a lot!) by screening out files 1051 # that don't follow this pattern. 1052 if (!$opt{a}) { 1053 if ($Entry !~ /\.so(?:\.\d+)*$/) { 1054 next; 1055 } 1056 } 1057 1058 $File = `file $NewFull`; 1059 if ($File !~ /dynamic lib/) { 1060 next; 1061 } 1062 1063 if ($File =~ /32-bit/) { 1064 Entercrle32($FullDir, $RelDir, $Entry); 1065 } elsif ($Ena64) { 1066 Entercrle64($FullDir, $RelDir, $Entry); 1067 } 1068 next; 1069 } 1070 } 1071 closedir(DIR); 1072 } 1073} 1074exit $Error 1075