xref: /titanic_50/usr/src/cmd/sgs/rtld/common/elf.c (revision 8c4f9701439555b41fbfe7848508f53b52166007)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  *	Copyright (c) 1988 AT&T
29  *	  All Rights Reserved
30  */
31 
32 /*
33  * Object file dependent support for ELF objects.
34  */
35 
36 #include	<stdio.h>
37 #include	<sys/procfs.h>
38 #include	<sys/mman.h>
39 #include	<sys/debug.h>
40 #include	<string.h>
41 #include	<limits.h>
42 #include	<dlfcn.h>
43 #include	<debug.h>
44 #include	<conv.h>
45 #include	"_rtld.h"
46 #include	"_audit.h"
47 #include	"_elf.h"
48 #include	"_inline.h"
49 #include	"msg.h"
50 
51 /*
52  * Default and secure dependency search paths.
53  */
54 static Spath_defn _elf_def_dirs[] = {
55 #if	defined(_ELF64)
56 	{ MSG_ORIG(MSG_PTH_LIB_64),		MSG_PTH_LIB_64_SIZE },
57 	{ MSG_ORIG(MSG_PTH_USRLIB_64),		MSG_PTH_USRLIB_64_SIZE },
58 #else
59 	{ MSG_ORIG(MSG_PTH_LIB),		MSG_PTH_LIB_SIZE },
60 	{ MSG_ORIG(MSG_PTH_USRLIB),		MSG_PTH_USRLIB_SIZE },
61 #endif
62 	{ 0, 0 }
63 };
64 
65 static Spath_defn _elf_sec_dirs[] = {
66 #if	defined(_ELF64)
67 	{ MSG_ORIG(MSG_PTH_LIBSE_64),		MSG_PTH_LIBSE_64_SIZE },
68 	{ MSG_ORIG(MSG_PTH_USRLIBSE_64),	MSG_PTH_USRLIBSE_64_SIZE },
69 #else
70 	{ MSG_ORIG(MSG_PTH_LIBSE),		MSG_PTH_LIBSE_SIZE },
71 	{ MSG_ORIG(MSG_PTH_USRLIBSE),		MSG_PTH_USRLIBSE_SIZE },
72 #endif
73 	{ 0, 0 }
74 };
75 
76 Alist	*elf_def_dirs = NULL;
77 Alist	*elf_sec_dirs = NULL;
78 
79 /*
80  * Defines for local functions.
81  */
82 static void	elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
83 static Addr	elf_entry_point(void);
84 static int	elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t);
85 static Alist	**elf_get_def_dirs(void);
86 static Alist	**elf_get_sec_dirs(void);
87 static char	*elf_get_so(const char *, const char *, size_t, size_t);
88 static int	elf_needed(Lm_list *, Aliste, Rt_map *, int *);
89 
90 /*
91  * Functions and data accessed through indirect pointers.
92  */
93 Fct elf_fct = {
94 	elf_verify,
95 	elf_new_lmp,
96 	elf_entry_point,
97 	elf_needed,
98 	lookup_sym,
99 	elf_reloc,
100 	elf_get_def_dirs,
101 	elf_get_sec_dirs,
102 	elf_fix_name,
103 	elf_get_so,
104 	elf_dladdr,
105 	dlsym_handle
106 };
107 
108 /*
109  * Default and secure dependency search paths.
110  */
111 static Alist **
112 elf_get_def_dirs()
113 {
114 	if (elf_def_dirs == NULL)
115 		set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT);
116 	return (&elf_def_dirs);
117 }
118 
119 static Alist **
120 elf_get_sec_dirs()
121 {
122 	if (elf_sec_dirs == NULL)
123 		set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE);
124 	return (&elf_sec_dirs);
125 }
126 
127 /*
128  * Redefine NEEDED name if necessary.
129  */
130 static int
131 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni,
132     uint_t orig)
133 {
134 	/*
135 	 * For ABI compliance, if we are asked for ld.so.1, then really give
136 	 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1).
137 	 */
138 	if (((*name == '/') &&
139 	/* BEGIN CSTYLED */
140 #if	defined(_ELF64)
141 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) ||
142 #else
143 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) ||
144 #endif
145 	    (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) {
146 		/* END CSTYLED */
147 		Pdesc	*pdp;
148 
149 		DBG_CALL(Dbg_file_fixname(LIST(clmp), name,
150 		    MSG_ORIG(MSG_PTH_LIBSYS)));
151 		if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc),
152 		    alni)) == NULL)
153 			return (0);
154 
155 		pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS);
156 		pdp->pd_plen = MSG_PTH_LIBSYS_SIZE;
157 		pdp->pd_flags = PD_FLG_PNSLASH;
158 
159 		return (1);
160 	}
161 
162 	return (expand_paths(clmp, name, alpp, alni, orig, 0));
163 }
164 
165 /*
166  * Determine whether this object requires capabilities.
167  */
168 inline static int
169 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej)
170 {
171 	Phdr	*phdr;
172 	Cap	*cap = NULL;
173 	Dyn	*dyn = NULL;
174 	char	*str = NULL;
175 	Addr	base;
176 	int	cnt;
177 
178 	/*
179 	 * If this is a shared object, the base address of the shared object is
180 	 * added to all address values defined within the object.  Otherwise, if
181 	 * this is an executable, all object addresses are used as is.
182 	 */
183 	if (ehdr->e_type == ET_EXEC)
184 		base = 0;
185 	else
186 		base = (Addr)ehdr;
187 
188 	/* LINTED */
189 	phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff);
190 	for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) {
191 		if (phdr->p_type == PT_DYNAMIC) {
192 			/* LINTED */
193 			dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
194 		} else if (phdr->p_type == PT_SUNWCAP) {
195 			/* LINTED */
196 			cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
197 		}
198 	}
199 
200 	if (cap) {
201 		/*
202 		 * From the .dynamic section, determine the associated string
203 		 * table.  Required for CA_SUNW_MACH and CA_SUNW_PLAT
204 		 * processing.
205 		 */
206 		while (dyn) {
207 			if (dyn->d_tag == DT_NULL) {
208 				break;
209 			} else if (dyn->d_tag == DT_STRTAB) {
210 				str = (char *)(dyn->d_un.d_ptr + base);
211 				break;
212 			}
213 			dyn++;
214 		}
215 	}
216 
217 	/*
218 	 * Establish any alternative capabilities, and validate this object
219 	 * if it defines it's own capabilities information.
220 	 */
221 	return (cap_check_fdesc(fdp, cap, str, rej));
222 }
223 
224 /*
225  * Determine if we have been given an ELF file and if so determine if the file
226  * is compatible.  Returns 1 if true, else 0 and sets the reject descriptor
227  * with associated error information.
228  */
229 Fct *
230 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name,
231     Rej_desc *rej)
232 {
233 	Ehdr	*ehdr;
234 	char	*caddr = (char *)addr;
235 
236 	/*
237 	 * Determine if we're an elf file.  If not simply return, we don't set
238 	 * any rejection information as this test allows use to scroll through
239 	 * the objects we support (ELF, AOUT).
240 	 */
241 	if (size < sizeof (Ehdr) ||
242 	    caddr[EI_MAG0] != ELFMAG0 ||
243 	    caddr[EI_MAG1] != ELFMAG1 ||
244 	    caddr[EI_MAG2] != ELFMAG2 ||
245 	    caddr[EI_MAG3] != ELFMAG3) {
246 		return (NULL);
247 	}
248 
249 	/*
250 	 * Check class and encoding.
251 	 */
252 	/* LINTED */
253 	ehdr = (Ehdr *)addr;
254 	if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
255 		rej->rej_type = SGS_REJ_CLASS;
256 		rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
257 		return (NULL);
258 	}
259 	if (ehdr->e_ident[EI_DATA] != M_DATA) {
260 		rej->rej_type = SGS_REJ_DATA;
261 		rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
262 		return (NULL);
263 	}
264 	if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
265 	    (ehdr->e_type != ET_DYN)) {
266 		rej->rej_type = SGS_REJ_TYPE;
267 		rej->rej_info = (uint_t)ehdr->e_type;
268 		return (NULL);
269 	}
270 
271 	/*
272 	 * Verify ELF version.
273 	 */
274 	if (ehdr->e_version > EV_CURRENT) {
275 		rej->rej_type = SGS_REJ_VERSION;
276 		rej->rej_info = (uint_t)ehdr->e_version;
277 		return (NULL);
278 	}
279 
280 	/*
281 	 * Verify machine specific flags.
282 	 */
283 	if (elf_mach_flags_check(rej, ehdr) == 0)
284 		return (NULL);
285 
286 	/*
287 	 * Verify any capability requirements.  Note, if this object is a shared
288 	 * object that is explicitly defined on the ldd(1) command line, and it
289 	 * contains an incompatible capabilities requirement, then inform the
290 	 * user, but continue processing.
291 	 */
292 	if (elf_cap_check(fdp, ehdr, rej) == 0) {
293 		Rt_map	*lmp = lml_main.lm_head;
294 
295 		if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp &&
296 		    (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) {
297 			/* LINTED */
298 			(void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name,
299 			    rej->rej_str);
300 			return (&elf_fct);
301 		}
302 		return (NULL);
303 	}
304 	return (&elf_fct);
305 }
306 
307 /*
308  * The runtime linker employs lazy loading to provide the libraries needed for
309  * debugging, preloading .o's and dldump().  As these are seldom used, the
310  * standard startup of ld.so.1 doesn't initialize all the information necessary
311  * to perform plt relocation on ld.so.1's link-map.  The first time lazy loading
312  * is called we get here to perform these initializations:
313  *
314  *  -	elf_needed() is called to set up the DYNINFO() indexes for each lazy
315  *	dependency.  Typically, for all other objects, this is called during
316  *	analyze_so(), but as ld.so.1 is set-contained we skip this processing.
317  *
318  *  -	For intel, ld.so.1's JMPSLOT relocations need relative updates. These
319  *	are by default skipped thus delaying all relative relocation processing
320  * 	on every invocation of ld.so.1.
321  */
322 int
323 elf_rtld_load()
324 {
325 	Lm_list	*lml = &lml_rtld;
326 	Rt_map	*lmp = lml->lm_head;
327 
328 	if (lml->lm_flags & LML_FLG_PLTREL)
329 		return (1);
330 
331 	/*
332 	 * As we need to refer to the DYNINFO() information, insure that it has
333 	 * been initialized.
334 	 */
335 	if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0)
336 		return (0);
337 
338 #if	defined(__i386)
339 	/*
340 	 * This is a kludge to give ld.so.1 a performance benefit on i386.
341 	 * It's based around two factors.
342 	 *
343 	 *  -	JMPSLOT relocations (PLT's) actually need a relative relocation
344 	 *	applied to the GOT entry so that they can find PLT0.
345 	 *
346 	 *  -	ld.so.1 does not exercise *any* PLT's before it has made a call
347 	 *	to elf_lazy_load().  This is because all dynamic dependencies
348 	 * 	are recorded as lazy dependencies.
349 	 */
350 	(void) elf_reloc_relative_count((ulong_t)JMPREL(lmp),
351 	    (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
352 	    (ulong_t)ADDR(lmp), lmp, NULL);
353 #endif
354 
355 	lml->lm_flags |= LML_FLG_PLTREL;
356 	return (1);
357 }
358 
359 /*
360  * Lazy load an object.
361  */
362 Rt_map *
363 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym,
364     uint_t flags, Grp_hdl **hdl, int *in_nfavl)
365 {
366 	Alist		*palp = NULL;
367 	Rt_map		*nlmp;
368 	Dyninfo		*dip = &DYNINFO(clmp)[ndx], *pdip;
369 	const char	*name;
370 	Lm_list		*lml = LIST(clmp);
371 	Aliste		lmco;
372 
373 	/*
374 	 * If this dependency has already been processed, we're done.
375 	 */
376 	if (((nlmp = (Rt_map *)dip->di_info) != NULL) ||
377 	    (dip->di_flags & FLG_DI_LDD_DONE))
378 		return (nlmp);
379 
380 	/*
381 	 * If we're running under ldd(1), indicate that this dependency has been
382 	 * processed (see test above).  It doesn't matter whether the object is
383 	 * successfully loaded or not, this flag simply ensures that we don't
384 	 * repeatedly attempt to load an object that has already failed to load.
385 	 * To do so would create multiple failure diagnostics for the same
386 	 * object under ldd(1).
387 	 */
388 	if (lml->lm_flags & LML_FLG_TRC_ENABLE)
389 		dip->di_flags |= FLG_DI_LDD_DONE;
390 
391 	/*
392 	 * Determine the initial dependency name.
393 	 */
394 	name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val;
395 	DBG_CALL(Dbg_file_lazyload(clmp, name, sym));
396 
397 	/*
398 	 * If this object needs to establish its own group, make sure a handle
399 	 * is created.
400 	 */
401 	if (dip->di_flags & FLG_DI_GROUP)
402 		flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
403 
404 	/*
405 	 * Lazy dependencies are identified as DT_NEEDED entries with a
406 	 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element.  The
407 	 * dynamic information element that corresponds to the DT_POSFLAG_1
408 	 * entry is free, and thus used to store the present entrance
409 	 * identifier.  This identifier is used to prevent multiple attempts to
410 	 * load a failed lazy loadable dependency within the same runtime linker
411 	 * operation.  However, future attempts to reload this dependency are
412 	 * still possible.
413 	 */
414 	if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1))
415 		pdip->di_info = (void *)slp->sl_id;
416 
417 	/*
418 	 * Expand the requested name if necessary.
419 	 */
420 	if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0)
421 		return (NULL);
422 
423 	/*
424 	 * Establish a link-map control list for this request.
425 	 */
426 	if ((lmco = create_cntl(lml, 0)) == NULL) {
427 		remove_plist(&palp, 1);
428 		return (NULL);
429 	}
430 
431 	/*
432 	 * Load the associated object.
433 	 */
434 	dip->di_info = nlmp =
435 	    load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl);
436 
437 	/*
438 	 * Remove any expanded pathname infrastructure.  Reduce the pending lazy
439 	 * dependency count of the caller, together with the link-map lists
440 	 * count of objects that still have lazy dependencies pending.
441 	 */
442 	remove_plist(&palp, 1);
443 	if (--LAZY(clmp) == 0)
444 		LIST(clmp)->lm_lazy--;
445 
446 	/*
447 	 * Finish processing the objects associated with this request, and
448 	 * create an association between the caller and this dependency.
449 	 */
450 	if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) ||
451 	    ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) ||
452 	    (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0)))
453 		dip->di_info = nlmp = NULL;
454 
455 	/*
456 	 * If this lazyload has failed, and we've created a new link-map
457 	 * control list to which this request has added objects, then remove
458 	 * all the objects that have been associated to this request.
459 	 */
460 	if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
461 		remove_lmc(lml, clmp, lmco, name);
462 
463 	/*
464 	 * Remove any temporary link-map control list.
465 	 */
466 	if (lmco != ALIST_OFF_DATA)
467 		remove_cntl(lml, lmco);
468 
469 	/*
470 	 * If this lazy loading failed, record the fact, and bump the lazy
471 	 * counts.
472 	 */
473 	if (nlmp == NULL) {
474 		dip->di_flags |= FLG_DI_LAZYFAIL;
475 		if (LAZY(clmp)++ == 0)
476 			LIST(clmp)->lm_lazy++;
477 	}
478 
479 	return (nlmp);
480 }
481 
482 /*
483  * Return the entry point of the ELF executable.
484  */
485 static Addr
486 elf_entry_point(void)
487 {
488 	Rt_map	*lmp = lml_main.lm_head;
489 	Ehdr	*ehdr = (Ehdr *)ADDR(lmp);
490 	Addr	addr = (Addr)(ehdr->e_entry);
491 
492 	if ((FLAGS(lmp) & FLG_RT_FIXED) == 0)
493 		addr += ADDR(lmp);
494 
495 	return (addr);
496 }
497 
498 /*
499  * Determine if a dependency requires a particular version and if so verify
500  * that the version exists in the dependency.
501  */
502 int
503 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
504 {
505 	Verneed		*vnd = VERNEED(clmp);
506 	int		_num, num = VERNEEDNUM(clmp);
507 	char		*cstrs = (char *)STRTAB(clmp);
508 	Lm_list		*lml = LIST(clmp);
509 
510 	/*
511 	 * Traverse the callers version needed information and determine if any
512 	 * specific versions are required from the dependency.
513 	 */
514 	DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp)));
515 	for (_num = 1; _num <= num; _num++,
516 	    vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
517 		Half		cnt = vnd->vn_cnt;
518 		Vernaux		*vnap;
519 		char		*nstrs, *need;
520 
521 		/*
522 		 * Determine if a needed entry matches this dependency.
523 		 */
524 		need = (char *)(cstrs + vnd->vn_file);
525 		if (strcmp(name, need) != 0)
526 			continue;
527 
528 		if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
529 		    ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
530 			(void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
531 
532 		/*
533 		 * Validate that each version required actually exists in the
534 		 * dependency.
535 		 */
536 		nstrs = (char *)STRTAB(nlmp);
537 
538 		for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
539 		    cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
540 			char		*version, *define;
541 			Verdef		*vdf = VERDEF(nlmp);
542 			ulong_t		_num, num = VERDEFNUM(nlmp);
543 			int		found = 0;
544 
545 			/*
546 			 * Skip validation of versions that are marked
547 			 * INFO. This optimization is used for versions
548 			 * that are inherited by another version. Verification
549 			 * of the inheriting version is sufficient.
550 			 *
551 			 * Such versions are recorded in the object for the
552 			 * benefit of VERSYM entries that refer to them. This
553 			 * provides a purely diagnostic benefit.
554 			 */
555 			if (vnap->vna_flags & VER_FLG_INFO)
556 				continue;
557 
558 			version = (char *)(cstrs + vnap->vna_name);
559 			DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version));
560 
561 			for (_num = 1; _num <= num; _num++,
562 			    vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
563 				Verdaux		*vdap;
564 
565 				if (vnap->vna_hash != vdf->vd_hash)
566 					continue;
567 
568 				vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
569 				define = (char *)(nstrs + vdap->vda_name);
570 				if (strcmp(version, define) != 0)
571 					continue;
572 
573 				found++;
574 				break;
575 			}
576 
577 			/*
578 			 * If we're being traced print out any matched version
579 			 * when the verbose (-v) option is in effect.  Always
580 			 * print any unmatched versions.
581 			 */
582 			if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
583 				/* BEGIN CSTYLED */
584 				if (found) {
585 				    if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
586 					continue;
587 
588 				    (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
589 					need, version, NAME(nlmp));
590 				} else {
591 				    if (rtld_flags & RT_FL_SILENCERR)
592 					continue;
593 
594 				    (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
595 					need, version);
596 				}
597 				/* END CSTYLED */
598 				continue;
599 			}
600 
601 			/*
602 			 * If the version hasn't been found then this is a
603 			 * candidate for a fatal error condition.  Weak
604 			 * version definition requirements are silently
605 			 * ignored.  Also, if the image inspected for a version
606 			 * definition has no versioning recorded at all then
607 			 * silently ignore this (this provides better backward
608 			 * compatibility to old images created prior to
609 			 * versioning being available).  Both of these skipped
610 			 * diagnostics are available under tracing (see above).
611 			 */
612 			if ((found == 0) && (num != 0) &&
613 			    (!(vnap->vna_flags & VER_FLG_WEAK))) {
614 				eprintf(lml, ERR_FATAL,
615 				    MSG_INTL(MSG_VER_NFOUND), need, version,
616 				    NAME(clmp));
617 				return (0);
618 			}
619 		}
620 	}
621 	DBG_CALL(Dbg_ver_need_done(lml));
622 	return (1);
623 }
624 
625 /*
626  * Search through the dynamic section for DT_NEEDED entries and perform one
627  * of two functions.  If only the first argument is specified then load the
628  * defined shared object, otherwise add the link map representing the defined
629  * link map the the dlopen list.
630  */
631 static int
632 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl)
633 {
634 	Alist		*palp = NULL;
635 	Dyn		*dyn, *pdyn;
636 	ulong_t		ndx = 0;
637 	uint_t		lazy, flags;
638 	Word		lmflags = lml->lm_flags;
639 	Word		lmtflags = lml->lm_tflags;
640 
641 	/*
642 	 * Process each shared object on needed list.
643 	 */
644 	if (DYN(clmp) == NULL)
645 		return (1);
646 
647 	for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL;
648 	    pdyn = dyn++, ndx++) {
649 		Dyninfo	*dip = &DYNINFO(clmp)[ndx];
650 		Rt_map	*nlmp = NULL;
651 		char	*name;
652 		int	silent = 0;
653 
654 		switch (dyn->d_tag) {
655 		case DT_POSFLAG_1:
656 			dip->di_flags |= FLG_DI_POSFLAG1;
657 			continue;
658 		case DT_NEEDED:
659 		case DT_USED:
660 			lazy = flags = 0;
661 			dip->di_flags |= FLG_DI_NEEDED;
662 
663 			if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) {
664 				if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) &&
665 				    ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) {
666 					dip->di_flags |= FLG_DI_LAZY;
667 					lazy = 1;
668 				}
669 				if (pdyn->d_un.d_val & DF_P1_GROUPPERM) {
670 					dip->di_flags |= FLG_DI_GROUP;
671 					flags =
672 					    (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
673 				}
674 			}
675 
676 			name = (char *)STRTAB(clmp) + dyn->d_un.d_val;
677 
678 			/*
679 			 * NOTE, libc.so.1 can't be lazy loaded.  Although a
680 			 * lazy position flag won't be produced when a RTLDINFO
681 			 * .dynamic entry is found (introduced with the UPM in
682 			 * Solaris 10), it was possible to mark libc for lazy
683 			 * loading on previous releases.  To reduce the overhead
684 			 * of testing for this occurrence, only carry out this
685 			 * check for the first object on the link-map list
686 			 * (there aren't many applications built without libc).
687 			 */
688 			if (lazy && (lml->lm_head == clmp) &&
689 			    (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
690 				lazy = 0;
691 
692 			/*
693 			 * Don't bring in lazy loaded objects yet unless we've
694 			 * been asked to attempt to load all available objects
695 			 * (crle(1) sets LD_FLAGS=loadavail).  Even under
696 			 * RTLD_NOW we don't process this - RTLD_NOW will cause
697 			 * relocation processing which in turn might trigger
698 			 * lazy loading, but its possible that the object has a
699 			 * lazy loaded file with no bindings (i.e., it should
700 			 * never have been a dependency in the first place).
701 			 */
702 			if (lazy) {
703 				if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
704 					LAZY(clmp)++;
705 					lazy = flags = 0;
706 					continue;
707 				}
708 
709 				/*
710 				 * Silence any error messages - see description
711 				 * under elf_lookup_filtee().
712 				 */
713 				if ((rtld_flags & RT_FL_SILENCERR) == 0) {
714 					rtld_flags |= RT_FL_SILENCERR;
715 					silent = 1;
716 				}
717 			}
718 			break;
719 		case DT_AUXILIARY:
720 			dip->di_flags |= FLG_DI_AUXFLTR;
721 			continue;
722 		case DT_SUNW_AUXILIARY:
723 			dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
724 			continue;
725 		case DT_FILTER:
726 			dip->di_flags |= FLG_DI_STDFLTR;
727 			continue;
728 		case DT_SUNW_FILTER:
729 			dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
730 			continue;
731 		default:
732 			continue;
733 		}
734 
735 		DBG_CALL(Dbg_file_needed(clmp, name));
736 
737 		/*
738 		 * If we're running under ldd(1), indicate that this dependency
739 		 * has been processed.  It doesn't matter whether the object is
740 		 * successfully loaded or not, this flag simply ensures that we
741 		 * don't repeatedly attempt to load an object that has already
742 		 * failed to load.  To do so would create multiple failure
743 		 * diagnostics for the same object under ldd(1).
744 		 */
745 		if (lml->lm_flags & LML_FLG_TRC_ENABLE)
746 			dip->di_flags |= FLG_DI_LDD_DONE;
747 
748 		/*
749 		 * Establish the objects name, load it and establish a binding
750 		 * with the caller.
751 		 */
752 		if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) ||
753 		    ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp),
754 		    flags, 0, in_nfavl)) == NULL) ||
755 		    (bind_one(clmp, nlmp, BND_NEEDED) == 0))
756 			nlmp = NULL;
757 
758 		/*
759 		 * Clean up any infrastructure, including the removal of the
760 		 * error suppression state, if it had been previously set in
761 		 * this routine.
762 		 */
763 		remove_plist(&palp, 0);
764 
765 		if (silent)
766 			rtld_flags &= ~RT_FL_SILENCERR;
767 
768 		if ((dip->di_info = (void *)nlmp) == NULL) {
769 			/*
770 			 * If the object could not be mapped, continue if error
771 			 * suppression is established or we're here with ldd(1).
772 			 */
773 			if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
774 			    (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
775 				continue;
776 			else {
777 				remove_plist(&palp, 1);
778 				return (0);
779 			}
780 		}
781 	}
782 
783 	if (LAZY(clmp))
784 		lml->lm_lazy++;
785 
786 	remove_plist(&palp, 1);
787 	return (1);
788 }
789 
790 /*
791  * A null symbol interpretor.  Used if a filter has no associated filtees.
792  */
793 /* ARGSUSED0 */
794 static int
795 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
796 {
797 	return (0);
798 }
799 
800 /*
801  * Disable filtee use.
802  */
803 static void
804 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip)
805 {
806 	if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
807 		/*
808 		 * If this is an object filter, null out the reference name.
809 		 */
810 		if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
811 			REFNAME(lmp) = NULL;
812 			OBJFLTRNDX(lmp) = FLTR_DISABLED;
813 
814 			/*
815 			 * Indicate that this filtee is no longer available.
816 			 */
817 			if (dip->di_flags & FLG_DI_STDFLTR)
818 				SYMINTP(lmp) = elf_null_find_sym;
819 
820 		}
821 	} else if (dip->di_flags & FLG_DI_STDFLTR) {
822 		/*
823 		 * Indicate that this standard filtee is no longer available.
824 		 */
825 		if (SYMSFLTRCNT(lmp))
826 			SYMSFLTRCNT(lmp)--;
827 	} else {
828 		/*
829 		 * Indicate that this auxiliary filtee is no longer available.
830 		 */
831 		if (SYMAFLTRCNT(lmp))
832 			SYMAFLTRCNT(lmp)--;
833 	}
834 	dip->di_flags &= ~MSK_DI_FILTER;
835 }
836 
837 /*
838  * Find symbol interpreter - filters.
839  * This function is called when the symbols from a shared object should
840  * be resolved from the shared objects filtees instead of from within itself.
841  *
842  * A symbol name of 0 is used to trigger filtee loading.
843  */
844 static int
845 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
846     int *in_nfavl)
847 {
848 	const char	*name = slp->sl_name, *filtees;
849 	Rt_map		*clmp = slp->sl_cmap;
850 	Rt_map		*ilmp = slp->sl_imap;
851 	Pdesc		*pdp;
852 	int		any;
853 	Dyninfo		*dip = &DYNINFO(ilmp)[ndx];
854 	Lm_list		*lml = LIST(ilmp);
855 	Aliste		idx;
856 
857 	/*
858 	 * Indicate that the filter has been used.  If a binding already exists
859 	 * to the caller, indicate that this object is referenced.  This insures
860 	 * we don't generate false unreferenced diagnostics from ldd -u/U or
861 	 * debugging.  Don't create a binding regardless, as this filter may
862 	 * have been dlopen()'ed.
863 	 */
864 	if (name && (ilmp != clmp)) {
865 		Word	tracing = (LIST(clmp)->lm_flags &
866 		    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
867 
868 		if (tracing || DBG_ENABLED) {
869 			Bnd_desc 	*bdp;
870 			Aliste		idx;
871 
872 			FLAGS1(ilmp) |= FL1_RT_USED;
873 
874 			if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) {
875 				for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) {
876 					if (bdp->b_caller == clmp) {
877 						bdp->b_flags |= BND_REFER;
878 						break;
879 					}
880 				}
881 			}
882 		}
883 	}
884 
885 	/*
886 	 * If this is the first call to process this filter, establish the
887 	 * filtee list.  If a configuration file exists, determine if any
888 	 * filtee associations for this filter, and its filtee reference, are
889 	 * defined.  Otherwise, process the filtee reference.  Any token
890 	 * expansion is also completed at this point (i.e., $PLATFORM).
891 	 */
892 	filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val;
893 	if (dip->di_info == NULL) {
894 		if (rtld_flags2 & RT_FL2_FLTCFG) {
895 			elf_config_flt(lml, PATHNAME(ilmp), filtees,
896 			    (Alist **)&dip->di_info, AL_CNT_FILTEES);
897 		}
898 		if (dip->di_info == NULL) {
899 			DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0));
900 			if ((lml->lm_flags &
901 			    (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
902 			    ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
903 				(void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
904 				    NAME(ilmp), filtees);
905 
906 			if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info,
907 			    AL_CNT_FILTEES, 0, 0) == 0) {
908 				elf_disable_filtee(ilmp, dip);
909 				return (0);
910 			}
911 		}
912 	}
913 
914 	/*
915 	 * Traverse the filtee list, dlopen()'ing any objects specified and
916 	 * using their group handle to lookup the symbol.
917 	 */
918 	any = 0;
919 	for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) {
920 		int	mode;
921 		Grp_hdl	*ghp;
922 		Rt_map	*nlmp = NULL;
923 
924 		if (pdp->pd_plen == 0)
925 			continue;
926 
927 		/*
928 		 * Establish the mode of the filtee from the filter.  As filtees
929 		 * are loaded via a dlopen(), make sure that RTLD_GROUP is set
930 		 * and the filtees aren't global.  It would be nice to have
931 		 * RTLD_FIRST used here also, but as filters got out long before
932 		 * RTLD_FIRST was introduced it's a little too late now.
933 		 */
934 		mode = MODE(ilmp) | RTLD_GROUP;
935 		mode &= ~RTLD_GLOBAL;
936 
937 		/*
938 		 * Insure that any auxiliary filter can locate symbols from its
939 		 * caller.
940 		 */
941 		if (dip->di_flags & FLG_DI_AUXFLTR)
942 			mode |= RTLD_PARENT;
943 
944 		/*
945 		 * Process any capability directory.  Establish a new link-map
946 		 * control list from which to analyze any newly added objects.
947 		 */
948 		if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) {
949 			const char	*dir = pdp->pd_pname;
950 			Aliste		lmco;
951 
952 			/*
953 			 * Establish a link-map control list for this request.
954 			 */
955 			if ((lmco = create_cntl(lml, 0)) == NULL)
956 				return (NULL);
957 
958 			/*
959 			 * Determine the capability filtees.  If none can be
960 			 * found, provide suitable diagnostics.
961 			 */
962 			DBG_CALL(Dbg_cap_filter(lml, dir, ilmp));
963 			if (cap_filtees((Alist **)&dip->di_info, idx, dir,
964 			    lmco, ilmp, filtees, mode,
965 			    (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) {
966 				if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
967 				    (dip->di_flags & FLG_DI_AUXFLTR) &&
968 				    (rtld_flags & RT_FL_WARNFLTR)) {
969 					(void) printf(
970 					    MSG_INTL(MSG_LDD_CAP_NFOUND), dir);
971 				}
972 				DBG_CALL(Dbg_cap_filter(lml, dir, 0));
973 			}
974 
975 			/*
976 			 * Re-establish the originating path name descriptor,
977 			 * as the expansion of capabilities filtees may have
978 			 * re-allocated the controlling Alist.  Mark this
979 			 * original pathname descriptor as unused so that the
980 			 * descriptor isn't revisited for processing.  Any real
981 			 * capabilities filtees have been added as new pathname
982 			 * descriptors following this descriptor.
983 			 */
984 			pdp = alist_item((Alist *)dip->di_info, idx);
985 			pdp->pd_flags &= ~PD_TKN_CAP;
986 			pdp->pd_plen = 0;
987 
988 			/*
989 			 * Now that any capability objects have been processed,
990 			 * remove any temporary link-map control list.
991 			 */
992 			if (lmco != ALIST_OFF_DATA)
993 				remove_cntl(lml, lmco);
994 		}
995 
996 		if (pdp->pd_plen == 0)
997 			continue;
998 
999 		/*
1000 		 * Process an individual filtee.
1001 		 */
1002 		if (pdp->pd_info == NULL) {
1003 			const char	*filtee = pdp->pd_pname;
1004 			int		audit = 0;
1005 
1006 			DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0));
1007 
1008 			ghp = NULL;
1009 
1010 			/*
1011 			 * Determine if the reference link map is already
1012 			 * loaded.  As an optimization compare the filtee with
1013 			 * our interpretor.  The most common filter is
1014 			 * libdl.so.1, which is a filter on ld.so.1.
1015 			 */
1016 #if	defined(_ELF64)
1017 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
1018 #else
1019 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
1020 #endif
1021 				uint_t	hflags, rdflags, cdflags;
1022 
1023 				/*
1024 				 * Establish any flags for the handle (Grp_hdl).
1025 				 *
1026 				 *  -	This is a special, public, ld.so.1
1027 				 *	handle.
1028 				 *  -	Only the first object on this handle
1029 				 *	can supply symbols.
1030 				 *  -	This handle provides a filtee.
1031 				 *
1032 				 * Essentially, this handle allows a caller to
1033 				 * reference the dl*() family of interfaces from
1034 				 * ld.so.1.
1035 				 */
1036 				hflags = (GPH_PUBLIC | GPH_LDSO |
1037 				    GPH_FIRST | GPH_FILTEE);
1038 
1039 				/*
1040 				 * Establish the flags for the referenced
1041 				 * dependency descriptor (Grp_desc).
1042 				 *
1043 				 *  -	ld.so.1 is available for dlsym().
1044 				 *  -	ld.so.1 is available to relocate
1045 				 *	against.
1046 				 *  -	There's no need to add an dependencies
1047 				 * 	to this handle.
1048 				 */
1049 				rdflags = (GPD_DLSYM | GPD_RELOC);
1050 
1051 				/*
1052 				 * Establish the flags for this callers
1053 				 * dependency descriptor (Grp_desc).
1054 				 *
1055 				 *  -   The explicit creation of a handle
1056 				 *	creates a descriptor for the referenced
1057 				 *	object and the parent (caller).
1058 				 */
1059 				cdflags = GPD_PARENT;
1060 
1061 				nlmp = lml_rtld.lm_head;
1062 				if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1063 				    hflags, rdflags, cdflags)) == NULL)
1064 					nlmp = NULL;
1065 
1066 				/*
1067 				 * Establish the filter handle to prevent any
1068 				 * recursion.
1069 				 */
1070 				if (nlmp && ghp)
1071 					pdp->pd_info = (void *)ghp;
1072 
1073 				/*
1074 				 * Audit the filter/filtee established.  Ignore
1075 				 * any return from the auditor, as we can't
1076 				 * allow ignore filtering to ld.so.1, otherwise
1077 				 * nothing is going to work.
1078 				 */
1079 				if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) &
1080 				    LML_TFLG_AUD_OBJFILTER))
1081 					(void) audit_objfilter(ilmp, filtees,
1082 					    nlmp, 0);
1083 
1084 			} else {
1085 				Rej_desc	rej = { 0 };
1086 				Fdesc		fd = { 0 };
1087 				Aliste		lmco;
1088 
1089 				/*
1090 				 * Trace the inspection of this file, determine
1091 				 * any auditor substitution, and seed the file
1092 				 * descriptor with the originating name.
1093 				 */
1094 				if (load_trace(lml, pdp, clmp, &fd) == NULL)
1095 					continue;
1096 
1097 				/*
1098 				 * Establish a link-map control list for this
1099 				 * request.
1100 				 */
1101 				if ((lmco = create_cntl(lml, 0)) == NULL)
1102 					return (NULL);
1103 
1104 				/*
1105 				 * Locate and load the filtee.
1106 				 */
1107 				if ((nlmp = load_path(lml, lmco, ilmp, mode,
1108 				    FLG_RT_PUBHDL, &ghp, &fd, &rej,
1109 				    in_nfavl)) == NULL)
1110 					file_notfound(LIST(ilmp), filtee, ilmp,
1111 					    FLG_RT_PUBHDL, &rej);
1112 
1113 				filtee = pdp->pd_pname;
1114 
1115 				/*
1116 				 * Establish the filter handle to prevent any
1117 				 * recursion.
1118 				 */
1119 				if (nlmp && ghp) {
1120 					ghp->gh_flags |= GPH_FILTEE;
1121 					pdp->pd_info = (void *)ghp;
1122 
1123 					FLAGS1(nlmp) |= FL1_RT_USED;
1124 				}
1125 
1126 				/*
1127 				 * Audit the filter/filtee established.  A
1128 				 * return of 0 indicates the auditor wishes to
1129 				 * ignore this filtee.
1130 				 */
1131 				if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1132 				    LML_TFLG_AUD_OBJFILTER)) {
1133 					if (audit_objfilter(ilmp, filtees,
1134 					    nlmp, 0) == 0) {
1135 						audit = 1;
1136 						nlmp = NULL;
1137 					}
1138 				}
1139 
1140 				/*
1141 				 * Finish processing the objects associated with
1142 				 * this request.  Create an association between
1143 				 * this object and the originating filter to
1144 				 * provide sufficient information to tear down
1145 				 * this filtee if necessary.
1146 				 */
1147 				if (nlmp && ghp && (((nlmp = analyze_lmc(lml,
1148 				    lmco, nlmp, in_nfavl)) == NULL) ||
1149 				    (relocate_lmc(lml, lmco, ilmp, nlmp,
1150 				    in_nfavl) == 0)))
1151 					nlmp = NULL;
1152 
1153 				/*
1154 				 * If the filtee has been successfully
1155 				 * processed, then create an association
1156 				 * between the filter and filtee.  This
1157 				 * association provides sufficient information
1158 				 * to tear down the filter and filtee if
1159 				 * necessary.
1160 				 */
1161 				DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD));
1162 				if (nlmp && ghp && (hdl_add(ghp, ilmp,
1163 				    GPD_FILTER, NULL) == NULL))
1164 					nlmp = NULL;
1165 
1166 				/*
1167 				 * Generate a diagnostic if the filtee couldn't
1168 				 * be loaded.
1169 				 */
1170 				if (nlmp == NULL)
1171 					DBG_CALL(Dbg_file_filtee(lml, 0, filtee,
1172 					    audit));
1173 
1174 				/*
1175 				 * If this filtee loading has failed, and we've
1176 				 * created a new link-map control list to which
1177 				 * this request has added objects, then remove
1178 				 * all the objects that have been associated to
1179 				 * this request.
1180 				 */
1181 				if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
1182 					remove_lmc(lml, clmp, lmco, name);
1183 
1184 				/*
1185 				 * Remove any temporary link-map control list.
1186 				 */
1187 				if (lmco != ALIST_OFF_DATA)
1188 					remove_cntl(lml, lmco);
1189 			}
1190 
1191 			/*
1192 			 * If the filtee couldn't be loaded, null out the
1193 			 * path name descriptor entry, and continue the search.
1194 			 * Otherwise, the group handle is retained for future
1195 			 * symbol searches.
1196 			 */
1197 			if (nlmp == NULL) {
1198 				pdp->pd_info = NULL;
1199 				pdp->pd_plen = 0;
1200 				continue;
1201 			}
1202 		}
1203 
1204 		ghp = (Grp_hdl *)pdp->pd_info;
1205 
1206 		/*
1207 		 * If name is NULL, we're here to trigger filtee loading.
1208 		 * Skip the symbol lookup so that we'll continue looking for
1209 		 * additional filtees.
1210 		 */
1211 		if (name) {
1212 			Grp_desc	*gdp;
1213 			int		ret = 0;
1214 			Aliste		idx;
1215 			Slookup		sl = *slp;
1216 
1217 			sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM);
1218 			any++;
1219 
1220 			/*
1221 			 * Look for the symbol in the handles dependencies.
1222 			 */
1223 			for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) {
1224 				if ((gdp->gd_flags & GPD_DLSYM) == 0)
1225 					continue;
1226 
1227 				/*
1228 				 * If our parent is a dependency don't look at
1229 				 * it (otherwise we are in a recursive loop).
1230 				 * This situation can occur with auxiliary
1231 				 * filters if the filtee has a dependency on the
1232 				 * filter.  This dependency isn't necessary as
1233 				 * auxiliary filters are opened RTLD_PARENT, but
1234 				 * users may still unknowingly add an explicit
1235 				 * dependency to the parent.
1236 				 */
1237 				if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1238 					continue;
1239 
1240 				if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo,
1241 				    in_nfavl)) != 0) ||
1242 				    (ghp->gh_flags & GPH_FIRST))
1243 					break;
1244 			}
1245 
1246 			/*
1247 			 * If a symbol has been found, indicate the binding
1248 			 * and return the symbol.
1249 			 */
1250 			if (ret) {
1251 				*binfo |= DBG_BINFO_FILTEE;
1252 				return (1);
1253 			}
1254 		}
1255 
1256 		/*
1257 		 * If this object is tagged to terminate filtee processing we're
1258 		 * done.
1259 		 */
1260 		if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE)
1261 			break;
1262 	}
1263 
1264 	/*
1265 	 * If we're just here to trigger filtee loading then we're done.
1266 	 */
1267 	if (name == NULL)
1268 		return (0);
1269 
1270 	/*
1271 	 * If no filtees have been found for a filter, clean up any path name
1272 	 * descriptors and disable their search completely.  For auxiliary
1273 	 * filters we can reselect the symbol search function so that we never
1274 	 * enter this routine again for this object.  For standard filters we
1275 	 * use the null symbol routine.
1276 	 */
1277 	if (any == 0) {
1278 		remove_plist((Alist **)&(dip->di_info), 1);
1279 		elf_disable_filtee(ilmp, dip);
1280 	}
1281 
1282 	return (0);
1283 }
1284 
1285 /*
1286  * Focal point for disabling error messages for auxiliary filters.  As an
1287  * auxiliary filter allows for filtee use, but provides a fallback should a
1288  * filtee not exist (or fail to load), any errors generated as a consequence of
1289  * trying to load the filtees are typically suppressed.  Setting RT_FL_SILENCERR
1290  * suppresses errors generated by eprintf(), but ensures a debug diagnostic is
1291  * produced.  ldd(1) employs printf(), and here the selection of whether to
1292  * print a diagnostic in regards to auxiliary filters is a little more complex.
1293  *
1294  *   -	The determination of whether to produce an ldd message, or a fatal
1295  *	error message is driven by LML_FLG_TRC_ENABLE.
1296  *   -	More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1297  *	(ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1298  *	and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1299  *   -	If the calling object is lddstub, then several classes of message are
1300  *	suppressed.  The user isn't trying to diagnose lddstub, this is simply
1301  *	a stub executable employed to preload a user specified library against.
1302  *   -	If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1303  *	be suppressed.  All detailed ldd messages should still be produced.
1304  */
1305 int
1306 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
1307     int *in_nfavl)
1308 {
1309 	Dyninfo	*dip = &DYNINFO(slp->sl_imap)[ndx];
1310 	int	ret, silent = 0;
1311 
1312 	/*
1313 	 * Make sure this entry is still acting as a filter.  We may have tried
1314 	 * to process this previously, and disabled it if the filtee couldn't
1315 	 * be processed.  However, other entries may provide different filtees
1316 	 * that are yet to be completed.
1317 	 */
1318 	if (dip->di_flags == 0)
1319 		return (0);
1320 
1321 	/*
1322 	 * Indicate whether an error message is required should this filtee not
1323 	 * be found, based on the type of filter.
1324 	 */
1325 	if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1326 	    ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1327 		rtld_flags |= RT_FL_SILENCERR;
1328 		silent = 1;
1329 	}
1330 
1331 	ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl);
1332 
1333 	if (silent)
1334 		rtld_flags &= ~RT_FL_SILENCERR;
1335 
1336 	return (ret);
1337 }
1338 
1339 /*
1340  * Compute the elf hash value (as defined in the ELF access library).
1341  * The form of the hash table is:
1342  *
1343  *	|--------------|
1344  *	| # of buckets |
1345  *	|--------------|
1346  *	| # of chains  |
1347  *	|--------------|
1348  *	|   bucket[]   |
1349  *	|--------------|
1350  *	|   chain[]    |
1351  *	|--------------|
1352  */
1353 ulong_t
1354 elf_hash(const char *name)
1355 {
1356 	uint_t	hval = 0;
1357 
1358 	while (*name) {
1359 		uint_t	g;
1360 		hval = (hval << 4) + *name++;
1361 		if ((g = (hval & 0xf0000000)) != 0)
1362 			hval ^= g >> 24;
1363 		hval &= ~g;
1364 	}
1365 	return ((ulong_t)hval);
1366 }
1367 
1368 /*
1369  * Look up a symbol.  The callers lookup information is passed in the Slookup
1370  * structure, and any resultant binding information is returned in the Sresult
1371  * structure.
1372  */
1373 int
1374 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
1375 {
1376 	const char	*name = slp->sl_name;
1377 	Rt_map		*ilmp = slp->sl_imap;
1378 	ulong_t		hash = slp->sl_hash;
1379 	uint_t		ndx, hashoff, buckets, *chainptr;
1380 	Sym		*sym, *symtabptr;
1381 	char		*strtabptr, *strtabname;
1382 	uint_t		flags1;
1383 	Syminfo		*sip;
1384 
1385 	/*
1386 	 * If we're only here to establish a symbols index, skip the diagnostic
1387 	 * used to trace a symbol search.
1388 	 */
1389 	if ((slp->sl_flags & LKUP_SYMNDX) == 0)
1390 		DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF)));
1391 
1392 	if (HASH(ilmp) == NULL)
1393 		return (0);
1394 
1395 	buckets = HASH(ilmp)[0];
1396 	/* LINTED */
1397 	hashoff = ((uint_t)hash % buckets) + 2;
1398 
1399 	/*
1400 	 * Get the first symbol from the hash chain and initialize the string
1401 	 * and symbol table pointers.
1402 	 */
1403 	if ((ndx = HASH(ilmp)[hashoff]) == 0)
1404 		return (0);
1405 
1406 	chainptr = HASH(ilmp) + 2 + buckets;
1407 	strtabptr = STRTAB(ilmp);
1408 	symtabptr = SYMTAB(ilmp);
1409 
1410 	while (ndx) {
1411 		sym = symtabptr + ndx;
1412 		strtabname = strtabptr + sym->st_name;
1413 
1414 		/*
1415 		 * Compare the symbol found with the name required.  If the
1416 		 * names don't match continue with the next hash entry.
1417 		 */
1418 		if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1419 			hashoff = ndx + buckets + 2;
1420 			if ((ndx = chainptr[ndx]) != 0)
1421 				continue;
1422 			return (0);
1423 		}
1424 
1425 		/*
1426 		 * Symbols that are defined as hidden within an object usually
1427 		 * have any references from within the same object bound at
1428 		 * link-edit time, thus ld.so.1 is not involved.  However, if
1429 		 * these are capabilities symbols, then references to them must
1430 		 * be resolved at runtime.  A hidden symbol can only be bound
1431 		 * to by the object that defines the symbol.
1432 		 */
1433 		if ((sym->st_shndx != SHN_UNDEF) &&
1434 		    (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) &&
1435 		    (slp->sl_cmap != ilmp))
1436 			return (0);
1437 
1438 		/*
1439 		 * The Solaris ld does not put DT_VERSYM in the dynamic
1440 		 * section, but the GNU ld does. The GNU runtime linker
1441 		 * interprets the top bit of the 16-bit Versym value
1442 		 * (0x8000) as the "hidden" bit. If this bit is set,
1443 		 * the linker is supposed to act as if that symbol does
1444 		 * not exist. The hidden bit supports their versioning
1445 		 * scheme, which allows multiple incompatible functions
1446 		 * with the same name to exist at different versions
1447 		 * within an object. The Solaris linker does not support this
1448 		 * mechanism, or the model of interface evolution that
1449 		 * it allows, but we honor the hidden bit in GNU ld
1450 		 * produced objects in order to interoperate with them.
1451 		 */
1452 		if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) {
1453 			DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name,
1454 			    ndx, VERSYM(ilmp)[ndx]));
1455 			return (0);
1456 		}
1457 
1458 		/*
1459 		 * If we're only here to establish a symbol's index, we're done.
1460 		 */
1461 		if (slp->sl_flags & LKUP_SYMNDX) {
1462 			srp->sr_dmap = ilmp;
1463 			srp->sr_sym = sym;
1464 			return (1);
1465 		}
1466 
1467 		/*
1468 		 * If we find a match and the symbol is defined, capture the
1469 		 * symbol pointer and the link map in which it was found.
1470 		 */
1471 		if (sym->st_shndx != SHN_UNDEF) {
1472 			srp->sr_dmap = ilmp;
1473 			srp->sr_sym = sym;
1474 			*binfo |= DBG_BINFO_FOUND;
1475 
1476 			if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1477 			    ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1478 			    is_sym_interposer(ilmp, sym)))
1479 				*binfo |= DBG_BINFO_INTERPOSE;
1480 			break;
1481 
1482 		/*
1483 		 * If we find a match and the symbol is undefined, the
1484 		 * symbol type is a function, and the value of the symbol
1485 		 * is non zero, then this is a special case.  This allows
1486 		 * the resolution of a function address to the plt[] entry.
1487 		 * See SPARC ABI, Dynamic Linking, Function Addresses for
1488 		 * more details.
1489 		 */
1490 		} else if ((slp->sl_flags & LKUP_SPEC) &&
1491 		    (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1492 		    (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1493 			srp->sr_dmap = ilmp;
1494 			srp->sr_sym = sym;
1495 			*binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1496 
1497 			if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1498 			    ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1499 			    is_sym_interposer(ilmp, sym)))
1500 				*binfo |= DBG_BINFO_INTERPOSE;
1501 			return (1);
1502 		}
1503 
1504 		/*
1505 		 * Undefined symbol.
1506 		 */
1507 		return (0);
1508 	}
1509 
1510 	/*
1511 	 * We've found a match.  Determine if the defining object contains
1512 	 * symbol binding information.
1513 	 */
1514 	if ((sip = SYMINFO(ilmp)) != NULL)
1515 		sip += ndx;
1516 
1517 	/*
1518 	 * If this definition is a singleton, and we haven't followed a default
1519 	 * symbol search knowing that we're looking for a singleton (presumably
1520 	 * because the symbol definition has been changed since the referring
1521 	 * object was built), then reject this binding so that the caller can
1522 	 * fall back to a standard symbol search.
1523 	 */
1524 	if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) &&
1525 	    (((slp->sl_flags & LKUP_STANDARD) == 0) ||
1526 	    (((slp->sl_flags & LKUP_SINGLETON) == 0) &&
1527 	    (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) {
1528 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1529 		    DBG_BNDREJ_SINGLE));
1530 		*binfo |= BINFO_REJSINGLE;
1531 		*binfo &= ~DBG_BINFO_MSK;
1532 		return (0);
1533 	}
1534 
1535 	/*
1536 	 * If this is a direct binding request, but the symbol definition has
1537 	 * disabled directly binding to it (presumably because the symbol
1538 	 * definition has been changed since the referring object was built),
1539 	 * reject this binding so that the caller can fall back to a standard
1540 	 * symbol search.
1541 	 */
1542 	if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1543 	    (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1544 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1545 		    DBG_BNDREJ_DIRECT));
1546 		*binfo |= BINFO_REJDIRECT;
1547 		*binfo &= ~DBG_BINFO_MSK;
1548 		return (0);
1549 	}
1550 
1551 	/*
1552 	 * If this is a binding request within an RTLD_GROUP family, and the
1553 	 * symbol has disabled directly binding to it, reject this binding so
1554 	 * that the caller can fall back to a standard symbol search.
1555 	 *
1556 	 * Effectively, an RTLD_GROUP family achieves what can now be
1557 	 * established with direct bindings.  However, various symbols have
1558 	 * been tagged as inappropriate for direct binding to (ie. libc:malloc).
1559 	 *
1560 	 * A symbol marked as no-direct cannot be used within a group without
1561 	 * first ensuring that the symbol has not been interposed upon outside
1562 	 * of the group.  A common example occurs when users implement their own
1563 	 * version of malloc() in the executable.  Such a malloc() interposes on
1564 	 * the libc:malloc, and this interposition must be honored within the
1565 	 * group as well.
1566 	 *
1567 	 * Following any rejection, LKUP_WORLD is established as a means of
1568 	 * overriding this test as we return to a standard search.
1569 	 */
1570 	if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) &&
1571 	    ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) &&
1572 	    ((slp->sl_flags & LKUP_WORLD) == 0)) {
1573 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1574 		    DBG_BNDREJ_GROUP));
1575 		*binfo |= BINFO_REJGROUP;
1576 		*binfo &= ~DBG_BINFO_MSK;
1577 		return (0);
1578 	}
1579 
1580 	/*
1581 	 * If this symbol is associated with capabilities, then each of the
1582 	 * capabilities instances needs to be compared against the system
1583 	 * capabilities.  The best instance will be chosen to satisfy this
1584 	 * binding.
1585 	 */
1586 	if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) &&
1587 	    (cap_match(srp, ndx, symtabptr, strtabptr) == 0))
1588 		return (0);
1589 
1590 	/*
1591 	 * Determine whether this object is acting as a filter.
1592 	 */
1593 	if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1594 		return (1);
1595 
1596 	/*
1597 	 * Determine if this object offers per-symbol filtering, and if so,
1598 	 * whether this symbol references a filtee.
1599 	 */
1600 	if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1601 		/*
1602 		 * If this is a standard filter reference, and no standard
1603 		 * filtees remain to be inspected, we're done.  If this is an
1604 		 * auxiliary filter reference, and no auxiliary filtees remain,
1605 		 * we'll fall through in case any object filtering is available.
1606 		 */
1607 		if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1608 		    (SYMSFLTRCNT(ilmp) == 0))
1609 			return (0);
1610 
1611 		if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1612 		    ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1613 		    SYMAFLTRCNT(ilmp))) {
1614 			Sresult	sr;
1615 
1616 			/*
1617 			 * Initialize a local symbol result descriptor, using
1618 			 * the original symbol name.
1619 			 */
1620 			SRESULT_INIT(sr, slp->sl_name);
1621 
1622 			/*
1623 			 * This symbol has an associated filtee.  Lookup the
1624 			 * symbol in the filtee, and if it is found return it.
1625 			 * If the symbol doesn't exist, and this is a standard
1626 			 * filter, return an error, otherwise fall through to
1627 			 * catch any object filtering that may be available.
1628 			 */
1629 			if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto,
1630 			    in_nfavl)) {
1631 				*srp = sr;
1632 				return (1);
1633 			}
1634 			if (sip->si_flags & SYMINFO_FLG_FILTER)
1635 				return (0);
1636 		}
1637 	}
1638 
1639 	/*
1640 	 * Determine if this object provides global filtering.
1641 	 */
1642 	if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1643 		if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1644 			Sresult	sr;
1645 
1646 			/*
1647 			 * Initialize a local symbol result descriptor, using
1648 			 * the original symbol name.
1649 			 */
1650 			SRESULT_INIT(sr, slp->sl_name);
1651 
1652 			/*
1653 			 * This object has an associated filtee.  Lookup the
1654 			 * symbol in the filtee, and if it is found return it.
1655 			 * If the symbol doesn't exist, and this is a standard
1656 			 * filter, return and error, otherwise return the symbol
1657 			 * within the filter itself.
1658 			 */
1659 			if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp),
1660 			    in_nfavl)) {
1661 				*srp = sr;
1662 				return (1);
1663 			}
1664 		}
1665 
1666 		if (flags1 & FL1_RT_OBJSFLTR)
1667 			return (0);
1668 	}
1669 	return (1);
1670 }
1671 
1672 /*
1673  * Create a new Rt_map structure for an ELF object and initialize
1674  * all values.
1675  */
1676 Rt_map *
1677 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize,
1678     void *odyn, int *in_nfavl)
1679 {
1680 	const char	*name = fdp->fd_nname;
1681 	Rt_map		*lmp;
1682 	Ehdr		*ehdr = (Ehdr *)addr;
1683 	Phdr		*phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL;
1684 	Dyn		*dyn = (Dyn *)odyn;
1685 	Cap		*cap = NULL;
1686 	int		ndx;
1687 	Addr		base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1688 	Xword		rpath = 0;
1689 	size_t		lmsz, rtsz, epsz, dynsz = 0;
1690 	uint_t		dyncnt = 0;
1691 
1692 	DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco));
1693 
1694 	/*
1695 	 * If this is a shared object, the base address of the shared object is
1696 	 * added to all address values defined within the object.  Otherwise, if
1697 	 * this is an executable, all object addresses are used as is.
1698 	 */
1699 	if (ehdr->e_type == ET_EXEC)
1700 		base = 0;
1701 	else
1702 		base = addr;
1703 
1704 	/*
1705 	 * Traverse the program header table, picking off required items.  This
1706 	 * traversal also provides for the sizing of the PT_DYNAMIC section.
1707 	 */
1708 	phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff);
1709 	for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++,
1710 	    phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) {
1711 		switch (phdr->p_type) {
1712 		case PT_DYNAMIC:
1713 			dphdr = phdr;
1714 			dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
1715 			break;
1716 		case PT_TLS:
1717 			tphdr = phdr;
1718 			break;
1719 		case PT_SUNWCAP:
1720 			cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
1721 			break;
1722 		case PT_SUNW_UNWIND:
1723 		case PT_SUNW_EH_FRAME:
1724 			uphdr = phdr;
1725 			break;
1726 		default:
1727 			break;
1728 		}
1729 	}
1730 
1731 	/*
1732 	 * Determine the number of PT_DYNAMIC entries for the DYNINFO()
1733 	 * allocation.  Sadly, this is a little larger than we really need,
1734 	 * as there are typically padding DT_NULL entries.  However, adding
1735 	 * this data to the initial link-map allocation is a win.
1736 	 */
1737 	if (dyn) {
1738 		dyncnt = dphdr->p_filesz / sizeof (Dyn);
1739 		dynsz = dyncnt * sizeof (Dyninfo);
1740 	}
1741 
1742 	/*
1743 	 * Allocate space for the link-map, private elf information, and
1744 	 * DYNINFO() data.  Once these are allocated and initialized,
1745 	 * remove_so(0, lmp) can be used to tear down the link-map allocation
1746 	 * should any failures occur.
1747 	 */
1748 	rtsz = S_DROUND(sizeof (Rt_map));
1749 	epsz = S_DROUND(sizeof (Rt_elfp));
1750 	lmsz = rtsz + epsz + dynsz;
1751 	if ((lmp = calloc(lmsz, 1)) == NULL)
1752 		return (NULL);
1753 	ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz);
1754 	DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz);
1755 	LMSIZE(lmp) = lmsz;
1756 
1757 	/*
1758 	 * All fields not filled in were set to 0 by calloc.
1759 	 */
1760 	NAME(lmp) = (char *)name;
1761 	ADDR(lmp) = addr;
1762 	MSIZE(lmp) = msize;
1763 	SYMINTP(lmp) = elf_find_sym;
1764 	FCT(lmp) = &elf_fct;
1765 	LIST(lmp) = lml;
1766 	OBJFLTRNDX(lmp) = FLTR_DISABLED;
1767 	SORTVAL(lmp) = -1;
1768 	DYN(lmp) = dyn;
1769 	DYNINFOCNT(lmp) = dyncnt;
1770 	PTUNWIND(lmp) = uphdr;
1771 
1772 	if (ehdr->e_type == ET_EXEC)
1773 		FLAGS(lmp) |= FLG_RT_FIXED;
1774 
1775 	/*
1776 	 * Fill in rest of the link map entries with information from the file's
1777 	 * dynamic structure.
1778 	 */
1779 	if (dyn) {
1780 		uint_t		dynndx = 0;
1781 		Xword		pltpadsz = 0;
1782 		Rti_desc	*rti;
1783 
1784 		/* CSTYLED */
1785 		for ( ; dyn->d_tag != DT_NULL; ++dyn, dynndx++) {
1786 			switch ((Xword)dyn->d_tag) {
1787 			case DT_SYMTAB:
1788 				SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1789 				break;
1790 			case DT_SUNW_SYMTAB:
1791 				SUNWSYMTAB(lmp) =
1792 				    (void *)(dyn->d_un.d_ptr + base);
1793 				break;
1794 			case DT_SUNW_SYMSZ:
1795 				SUNWSYMSZ(lmp) = dyn->d_un.d_val;
1796 				break;
1797 			case DT_STRTAB:
1798 				STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1799 				break;
1800 			case DT_SYMENT:
1801 				SYMENT(lmp) = dyn->d_un.d_val;
1802 				break;
1803 			case DT_FEATURE_1:
1804 				dyn->d_un.d_val |= DTF_1_PARINIT;
1805 				if (dyn->d_un.d_val & DTF_1_CONFEXP)
1806 					crle = 1;
1807 				break;
1808 			case DT_MOVESZ:
1809 				MOVESZ(lmp) = dyn->d_un.d_val;
1810 				FLAGS(lmp) |= FLG_RT_MOVE;
1811 				break;
1812 			case DT_MOVEENT:
1813 				MOVEENT(lmp) = dyn->d_un.d_val;
1814 				break;
1815 			case DT_MOVETAB:
1816 				MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1817 				break;
1818 			case DT_REL:
1819 			case DT_RELA:
1820 				/*
1821 				 * At this time, ld.so. can only handle one
1822 				 * type of relocation per object.
1823 				 */
1824 				REL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1825 				break;
1826 			case DT_RELSZ:
1827 			case DT_RELASZ:
1828 				RELSZ(lmp) = dyn->d_un.d_val;
1829 				break;
1830 			case DT_RELENT:
1831 			case DT_RELAENT:
1832 				RELENT(lmp) = dyn->d_un.d_val;
1833 				break;
1834 			case DT_RELCOUNT:
1835 			case DT_RELACOUNT:
1836 				RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val;
1837 				break;
1838 			case DT_HASH:
1839 				HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base);
1840 				break;
1841 			case DT_PLTGOT:
1842 				PLTGOT(lmp) =
1843 				    (uint_t *)(dyn->d_un.d_ptr + base);
1844 				break;
1845 			case DT_PLTRELSZ:
1846 				PLTRELSZ(lmp) = dyn->d_un.d_val;
1847 				break;
1848 			case DT_JMPREL:
1849 				JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1850 				break;
1851 			case DT_INIT:
1852 				if (dyn->d_un.d_ptr != NULL)
1853 					INIT(lmp) =
1854 					    (void (*)())(dyn->d_un.d_ptr +
1855 					    base);
1856 				break;
1857 			case DT_FINI:
1858 				if (dyn->d_un.d_ptr != NULL)
1859 					FINI(lmp) =
1860 					    (void (*)())(dyn->d_un.d_ptr +
1861 					    base);
1862 				break;
1863 			case DT_INIT_ARRAY:
1864 				INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1865 				    base);
1866 				break;
1867 			case DT_INIT_ARRAYSZ:
1868 				INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1869 				break;
1870 			case DT_FINI_ARRAY:
1871 				FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1872 				    base);
1873 				break;
1874 			case DT_FINI_ARRAYSZ:
1875 				FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1876 				break;
1877 			case DT_PREINIT_ARRAY:
1878 				PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1879 				    base);
1880 				break;
1881 			case DT_PREINIT_ARRAYSZ:
1882 				PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1883 				break;
1884 			case DT_RPATH:
1885 			case DT_RUNPATH:
1886 				rpath = dyn->d_un.d_val;
1887 				break;
1888 			case DT_FILTER:
1889 				fltr = dyn->d_un.d_val;
1890 				OBJFLTRNDX(lmp) = dynndx;
1891 				FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
1892 				break;
1893 			case DT_AUXILIARY:
1894 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1895 					fltr = dyn->d_un.d_val;
1896 					OBJFLTRNDX(lmp) = dynndx;
1897 				}
1898 				FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
1899 				break;
1900 			case DT_SUNW_FILTER:
1901 				SYMSFLTRCNT(lmp)++;
1902 				FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
1903 				break;
1904 			case DT_SUNW_AUXILIARY:
1905 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1906 					SYMAFLTRCNT(lmp)++;
1907 				}
1908 				FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
1909 				break;
1910 			case DT_DEPAUDIT:
1911 				if (!(rtld_flags & RT_FL_NOAUDIT))
1912 					audit = dyn->d_un.d_val;
1913 				break;
1914 			case DT_CONFIG:
1915 				cfile = dyn->d_un.d_val;
1916 				break;
1917 			case DT_DEBUG:
1918 				/*
1919 				 * DT_DEBUG entries are only created in
1920 				 * dynamic objects that require an interpretor
1921 				 * (ie. all dynamic executables and some shared
1922 				 * objects), and provide for a hand-shake with
1923 				 * old debuggers.  This entry is initialized to
1924 				 * zero by the link-editor.  If a debugger is
1925 				 * monitoring us, and has updated this entry,
1926 				 * set the debugger monitor flag, and finish
1927 				 * initializing the debugging structure.  See
1928 				 * setup().  Also, switch off any configuration
1929 				 * object use as most debuggers can't handle
1930 				 * fixed dynamic executables as dependencies.
1931 				 */
1932 				if (dyn->d_un.d_ptr)
1933 					rtld_flags |=
1934 					    (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
1935 				dyn->d_un.d_ptr = (Addr)&r_debug;
1936 				break;
1937 			case DT_VERNEED:
1938 				VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr +
1939 				    base);
1940 				break;
1941 			case DT_VERNEEDNUM:
1942 				/* LINTED */
1943 				VERNEEDNUM(lmp) = (int)dyn->d_un.d_val;
1944 				break;
1945 			case DT_VERDEF:
1946 				VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr +
1947 				    base);
1948 				break;
1949 			case DT_VERDEFNUM:
1950 				/* LINTED */
1951 				VERDEFNUM(lmp) = (int)dyn->d_un.d_val;
1952 				break;
1953 			case DT_VERSYM:
1954 				/*
1955 				 * The Solaris ld does not produce DT_VERSYM,
1956 				 * but the GNU ld does, in order to support
1957 				 * their style of versioning, which differs
1958 				 * from ours in some ways, while using the
1959 				 * same data structures. The presence of
1960 				 * DT_VERSYM therefore means that GNU
1961 				 * versioning rules apply to the given file.
1962 				 * If DT_VERSYM is not present, then Solaris
1963 				 * versioning rules apply.
1964 				 */
1965 				VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr +
1966 				    base);
1967 				break;
1968 			case DT_BIND_NOW:
1969 				if ((dyn->d_un.d_val & DF_BIND_NOW) &&
1970 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
1971 					MODE(lmp) |= RTLD_NOW;
1972 					MODE(lmp) &= ~RTLD_LAZY;
1973 				}
1974 				break;
1975 			case DT_FLAGS:
1976 				FLAGS1(lmp) |= FL1_RT_DTFLAGS;
1977 				if (dyn->d_un.d_val & DF_SYMBOLIC)
1978 					FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
1979 				if ((dyn->d_un.d_val & DF_BIND_NOW) &&
1980 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
1981 					MODE(lmp) |= RTLD_NOW;
1982 					MODE(lmp) &= ~RTLD_LAZY;
1983 				}
1984 				/*
1985 				 * Capture any static TLS use, and enforce that
1986 				 * this object be non-deletable.
1987 				 */
1988 				if (dyn->d_un.d_val & DF_STATIC_TLS) {
1989 					FLAGS1(lmp) |= FL1_RT_TLSSTAT;
1990 					MODE(lmp) |= RTLD_NODELETE;
1991 				}
1992 				break;
1993 			case DT_FLAGS_1:
1994 				if (dyn->d_un.d_val & DF_1_DISPRELPND)
1995 					FLAGS1(lmp) |= FL1_RT_DISPREL;
1996 				if (dyn->d_un.d_val & DF_1_GROUP)
1997 					FLAGS(lmp) |=
1998 					    (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
1999 				if ((dyn->d_un.d_val & DF_1_NOW) &&
2000 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2001 					MODE(lmp) |= RTLD_NOW;
2002 					MODE(lmp) &= ~RTLD_LAZY;
2003 				}
2004 				if (dyn->d_un.d_val & DF_1_NODELETE)
2005 					MODE(lmp) |= RTLD_NODELETE;
2006 				if (dyn->d_un.d_val & DF_1_INITFIRST)
2007 					FLAGS(lmp) |= FLG_RT_INITFRST;
2008 				if (dyn->d_un.d_val & DF_1_NOOPEN)
2009 					FLAGS(lmp) |= FLG_RT_NOOPEN;
2010 				if (dyn->d_un.d_val & DF_1_LOADFLTR)
2011 					FLAGS(lmp) |= FLG_RT_LOADFLTR;
2012 				if (dyn->d_un.d_val & DF_1_NODUMP)
2013 					FLAGS(lmp) |= FLG_RT_NODUMP;
2014 				if (dyn->d_un.d_val & DF_1_CONFALT)
2015 					crle = 1;
2016 				if (dyn->d_un.d_val & DF_1_DIRECT)
2017 					FLAGS1(lmp) |= FL1_RT_DIRECT;
2018 				if (dyn->d_un.d_val & DF_1_NODEFLIB)
2019 					FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2020 				if (dyn->d_un.d_val & DF_1_ENDFILTEE)
2021 					FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2022 				if (dyn->d_un.d_val & DF_1_TRANS)
2023 					FLAGS(lmp) |= FLG_RT_TRANS;
2024 
2025 				/*
2026 				 * Global auditing is only meaningful when
2027 				 * specified by the initiating object of the
2028 				 * process - typically the dynamic executable.
2029 				 * If this is the initiating object, its link-
2030 				 * map will not yet have been added to the
2031 				 * link-map list, and consequently the link-map
2032 				 * list is empty.  (see setup()).
2033 				 */
2034 				if (dyn->d_un.d_val & DF_1_GLOBAUDIT) {
2035 					if (lml_main.lm_head == NULL)
2036 						FLAGS1(lmp) |= FL1_RT_GLOBAUD;
2037 					else
2038 						DBG_CALL(Dbg_audit_ignore(lmp));
2039 				}
2040 
2041 				/*
2042 				 * If this object identifies itself as an
2043 				 * interposer, but relocation processing has
2044 				 * already started, then demote it.  It's too
2045 				 * late to guarantee complete interposition.
2046 				 */
2047 				/* BEGIN CSTYLED */
2048 				if (dyn->d_un.d_val &
2049 				    (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) {
2050 				    if (lml->lm_flags & LML_FLG_STARTREL) {
2051 					DBG_CALL(Dbg_util_intoolate(lmp));
2052 					if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2053 					    (void) printf(
2054 						MSG_INTL(MSG_LDD_REL_ERR2),
2055 						NAME(lmp));
2056 				    } else if (dyn->d_un.d_val & DF_1_INTERPOSE)
2057 					FLAGS(lmp) |= FLG_RT_OBJINTPO;
2058 				    else
2059 					FLAGS(lmp) |= FLG_RT_SYMINTPO;
2060 				}
2061 				/* END CSTYLED */
2062 				break;
2063 			case DT_SYMINFO:
2064 				SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr +
2065 				    base);
2066 				break;
2067 			case DT_SYMINENT:
2068 				SYMINENT(lmp) = dyn->d_un.d_val;
2069 				break;
2070 			case DT_PLTPAD:
2071 				PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base);
2072 				break;
2073 			case DT_PLTPADSZ:
2074 				pltpadsz = dyn->d_un.d_val;
2075 				break;
2076 			case DT_SUNW_RTLDINF:
2077 				/*
2078 				 * Maintain a list of RTLDINFO structures.
2079 				 * Typically, libc is the only supplier, and
2080 				 * only one structure is provided.  However,
2081 				 * multiple suppliers and multiple structures
2082 				 * are supported.  For example, one structure
2083 				 * may provide thread_init, and another
2084 				 * structure may provide atexit reservations.
2085 				 */
2086 				if ((rti = alist_append(&lml->lm_rti, NULL,
2087 				    sizeof (Rti_desc),
2088 				    AL_CNT_RTLDINFO)) == NULL) {
2089 					remove_so(0, lmp);
2090 					return (NULL);
2091 				}
2092 				rti->rti_lmp = lmp;
2093 				rti->rti_info = (void *)(dyn->d_un.d_ptr +
2094 				    base);
2095 				break;
2096 			case DT_SUNW_SORTENT:
2097 				SUNWSORTENT(lmp) = dyn->d_un.d_val;
2098 				break;
2099 			case DT_SUNW_SYMSORT:
2100 				SUNWSYMSORT(lmp) =
2101 				    (void *)(dyn->d_un.d_ptr + base);
2102 				break;
2103 			case DT_SUNW_SYMSORTSZ:
2104 				SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val;
2105 				break;
2106 			case DT_DEPRECATED_SPARC_REGISTER:
2107 			case M_DT_REGISTER:
2108 				FLAGS(lmp) |= FLG_RT_REGSYMS;
2109 				break;
2110 			case DT_SUNW_CAP:
2111 				CAP(lmp) = (void *)(dyn->d_un.d_ptr + base);
2112 				break;
2113 			case DT_SUNW_CAPINFO:
2114 				CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base);
2115 				break;
2116 			case DT_SUNW_CAPCHAIN:
2117 				CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr +
2118 				    base);
2119 				break;
2120 			case DT_SUNW_CAPCHAINENT:
2121 				CAPCHAINENT(lmp) = dyn->d_un.d_val;
2122 				break;
2123 			case DT_SUNW_CAPCHAINSZ:
2124 				CAPCHAINSZ(lmp) = dyn->d_un.d_val;
2125 				break;
2126 			}
2127 		}
2128 
2129 		if (PLTPAD(lmp)) {
2130 			if (pltpadsz == (Xword)0)
2131 				PLTPAD(lmp) = NULL;
2132 			else
2133 				PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2134 				    pltpadsz);
2135 		}
2136 	}
2137 
2138 	/*
2139 	 * A dynsym contains only global functions. We want to have
2140 	 * a version of it that also includes local functions, so that
2141 	 * dladdr() will be able to report names for local functions
2142 	 * when used to generate a stack trace for a stripped file.
2143 	 * This version of the dynsym is provided via DT_SUNW_SYMTAB.
2144 	 *
2145 	 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick
2146 	 * in order to avoid having to have two copies of the global
2147 	 * symbols held in DT_SYMTAB: The local symbols are placed in
2148 	 * a separate section than the globals in the dynsym, but the
2149 	 * linker conspires to put the data for these two sections adjacent
2150 	 * to each other. DT_SUNW_SYMTAB points at the top of the local
2151 	 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables.
2152 	 *
2153 	 * If the two sections are not adjacent, then something went wrong
2154 	 * at link time. We use ASSERT to kill the process if this is
2155 	 * a debug build. In a production build, we will silently ignore
2156 	 * the presence of the .ldynsym and proceed. We can detect this
2157 	 * situation by checking to see that DT_SYMTAB lies in
2158 	 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ.
2159 	 */
2160 	if ((SUNWSYMTAB(lmp) != NULL) &&
2161 	    (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) ||
2162 	    (((char *)SYMTAB(lmp) >=
2163 	    (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) {
2164 		ASSERT(0);
2165 		SUNWSYMTAB(lmp) = NULL;
2166 		SUNWSYMSZ(lmp) = 0;
2167 	}
2168 
2169 	/*
2170 	 * If configuration file use hasn't been disabled, and a configuration
2171 	 * file hasn't already been set via an environment variable, see if any
2172 	 * application specific configuration file is specified.  An LD_CONFIG
2173 	 * setting is used first, but if this image was generated via crle(1)
2174 	 * then a default configuration file is a fall-back.
2175 	 */
2176 	if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) {
2177 		if (cfile)
2178 			config->c_name = (const char *)(cfile +
2179 			    (char *)STRTAB(lmp));
2180 		else if (crle)
2181 			rtld_flags |= RT_FL_CONFAPP;
2182 	}
2183 
2184 	if (rpath)
2185 		RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2186 	if (fltr)
2187 		REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp));
2188 
2189 	/*
2190 	 * For Intel ABI compatibility.  It's possible that a JMPREL can be
2191 	 * specified without any other relocations (e.g. a dynamic executable
2192 	 * normally only contains .plt relocations).  If this is the case then
2193 	 * no REL, RELSZ or RELENT will have been created.  For us to be able
2194 	 * to traverse the .plt relocations under LD_BIND_NOW we need to know
2195 	 * the RELENT for these relocations.  Refer to elf_reloc() for more
2196 	 * details.
2197 	 */
2198 	if (!RELENT(lmp) && JMPREL(lmp))
2199 		RELENT(lmp) = sizeof (M_RELOC);
2200 
2201 	/*
2202 	 * Establish any per-object auditing.  If we're establishing `main's
2203 	 * link-map its too early to go searching for audit objects so just
2204 	 * hold the object name for later (see setup()).
2205 	 */
2206 	if (audit) {
2207 		char	*cp = audit + (char *)STRTAB(lmp);
2208 
2209 		if (*cp) {
2210 			if (((AUDITORS(lmp) =
2211 			    calloc(1, sizeof (Audit_desc))) == NULL) ||
2212 			    ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) {
2213 				remove_so(0, lmp);
2214 				return (NULL);
2215 			}
2216 			if (lml_main.lm_head) {
2217 				if (audit_setup(lmp, AUDITORS(lmp), 0,
2218 				    in_nfavl) == 0) {
2219 					remove_so(0, lmp);
2220 					return (NULL);
2221 				}
2222 				AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags;
2223 				lml->lm_flags |= LML_FLG_LOCAUDIT;
2224 			}
2225 		}
2226 	}
2227 
2228 	if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) {
2229 		remove_so(0, lmp);
2230 		return (NULL);
2231 	}
2232 
2233 	/*
2234 	 * A capabilities section should be identified by a DT_SUNW_CAP entry,
2235 	 * and if non-empty object capabilities are included, a PT_SUNWCAP
2236 	 * header should reference the section.  Make sure CAP() is set
2237 	 * regardless.
2238 	 */
2239 	if ((CAP(lmp) == NULL) && cap)
2240 		CAP(lmp) = cap;
2241 
2242 	/*
2243 	 * Make sure any capabilities information or chain can be handled.
2244 	 */
2245 	if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT))
2246 		CAPINFO(lmp) = NULL;
2247 	if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT))
2248 		CAPCHAIN(lmp) = NULL;
2249 
2250 	/*
2251 	 * As part of processing dependencies, a file descriptor is populated
2252 	 * with capabilities information following validation.
2253 	 */
2254 	if (fdp->fd_flags & FLG_FD_ALTCHECK) {
2255 		FLAGS1(lmp) |= FL1_RT_ALTCHECK;
2256 		CAPSET(lmp) = fdp->fd_scapset;
2257 
2258 		if (fdp->fd_flags & FLG_FD_ALTCAP)
2259 			FLAGS1(lmp) |= FL1_RT_ALTCAP;
2260 
2261 	} else if ((cap = CAP(lmp)) != NULL) {
2262 		/*
2263 		 * Processing of the a.out and ld.so.1 does not involve a file
2264 		 * descriptor as exec() did all the work, so capture the
2265 		 * capabilities for these cases.
2266 		 */
2267 		while (cap->c_tag != CA_SUNW_NULL) {
2268 			switch (cap->c_tag) {
2269 			case CA_SUNW_HW_1:
2270 				CAPSET(lmp).sc_hw_1 = cap->c_un.c_val;
2271 				break;
2272 			case CA_SUNW_SF_1:
2273 				CAPSET(lmp).sc_sf_1 = cap->c_un.c_val;
2274 				break;
2275 			case CA_SUNW_HW_2:
2276 				CAPSET(lmp).sc_hw_2 = cap->c_un.c_val;
2277 				break;
2278 			case CA_SUNW_PLAT:
2279 				CAPSET(lmp).sc_plat = STRTAB(lmp) +
2280 				    cap->c_un.c_ptr;
2281 				break;
2282 			case CA_SUNW_MACH:
2283 				CAPSET(lmp).sc_mach = STRTAB(lmp) +
2284 				    cap->c_un.c_ptr;
2285 				break;
2286 			}
2287 			cap++;
2288 		}
2289 	}
2290 
2291 	/*
2292 	 * If a capabilities chain table exists, duplicate it.  The chain table
2293 	 * is inspected for each initial call to a capabilities family lead
2294 	 * symbol.  From this chain, each family member is inspected to
2295 	 * determine the 'best' family member.  The chain table is then updated
2296 	 * so that the best member is immediately selected for any further
2297 	 * family searches.
2298 	 */
2299 	if (CAPCHAIN(lmp)) {
2300 		Capchain	*capchain;
2301 
2302 		if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL)
2303 			return (NULL);
2304 		(void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp));
2305 		CAPCHAIN(lmp) = capchain;
2306 	}
2307 
2308 	/*
2309 	 * Add the mapped object to the end of the link map list.
2310 	 */
2311 	lm_append(lml, lmco, lmp);
2312 
2313 	/*
2314 	 * Start the system loading in the ELF information we'll be processing.
2315 	 */
2316 	if (REL(lmp)) {
2317 		(void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2318 		    (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2319 		    MADV_WILLNEED);
2320 	}
2321 	return (lmp);
2322 }
2323 
2324 /*
2325  * Build full pathname of shared object from given directory name and filename.
2326  */
2327 static char *
2328 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen)
2329 {
2330 	static char	pname[PATH_MAX];
2331 
2332 	(void) strncpy(pname, dir, dlen);
2333 	pname[dlen++] = '/';
2334 	(void) strncpy(&pname[dlen], file, flen + 1);
2335 	return (pname);
2336 }
2337 
2338 /*
2339  * The copy relocation is recorded in a copy structure which will be applied
2340  * after all other relocations are carried out.  This provides for copying data
2341  * that must be relocated itself (ie. pointers in shared objects).  This
2342  * structure also provides a means of binding RTLD_GROUP dependencies to any
2343  * copy relocations that have been taken from any group members.
2344  *
2345  * If the size of the .bss area available for the copy information is not the
2346  * same as the source of the data inform the user if we're under ldd(1) control
2347  * (this checking was only established in 5.3, so by only issuing an error via
2348  * ldd(1) we maintain the standard set by previous releases).
2349  */
2350 int
2351 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2352     Rt_map *dlmp, const void *dadd)
2353 {
2354 	Rel_copy	rc;
2355 	Lm_list		*lml = LIST(rlmp);
2356 
2357 	rc.r_name = name;
2358 	rc.r_rsym = rsym;		/* the new reference symbol and its */
2359 	rc.r_rlmp = rlmp;		/*	associated link-map */
2360 	rc.r_dlmp = dlmp;		/* the defining link-map */
2361 	rc.r_dsym = dsym;		/* the original definition */
2362 	rc.r_radd = radd;
2363 	rc.r_dadd = dadd;
2364 
2365 	if (rsym->st_size > dsym->st_size)
2366 		rc.r_size = (size_t)dsym->st_size;
2367 	else
2368 		rc.r_size = (size_t)rsym->st_size;
2369 
2370 	if (alist_append(&COPY_R(dlmp), &rc, sizeof (Rel_copy),
2371 	    AL_CNT_COPYREL) == NULL) {
2372 		if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2373 			return (0);
2374 		else
2375 			return (1);
2376 	}
2377 	if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2378 		if (aplist_append(&COPY_S(rlmp), dlmp,
2379 		    AL_CNT_COPYREL) == NULL) {
2380 			if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2381 				return (0);
2382 			else
2383 				return (1);
2384 		}
2385 		FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2386 	}
2387 
2388 	/*
2389 	 * If we are tracing (ldd), warn the user if
2390 	 *	1) the size from the reference symbol differs from the
2391 	 *	   copy definition. We can only copy as much data as the
2392 	 *	   reference (dynamic executables) entry allows.
2393 	 *	2) the copy definition has STV_PROTECTED visibility.
2394 	 */
2395 	if (lml->lm_flags & LML_FLG_TRC_WARN) {
2396 		if (rsym->st_size != dsym->st_size) {
2397 			(void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2398 			    _conv_reloc_type(M_R_COPY), demangle(name),
2399 			    NAME(rlmp), EC_XWORD(rsym->st_size),
2400 			    NAME(dlmp), EC_XWORD(dsym->st_size));
2401 			if (rsym->st_size > dsym->st_size)
2402 				(void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2403 				    NAME(dlmp));
2404 			else
2405 				(void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2406 				    NAME(rlmp));
2407 		}
2408 
2409 		if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2410 			(void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2411 			    _conv_reloc_type(M_R_COPY), demangle(name),
2412 			    NAME(dlmp));
2413 		}
2414 	}
2415 
2416 	DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd,
2417 	    (Xword)rc.r_size));
2418 	return (1);
2419 }
2420 
2421 /*
2422  * Determine the symbol location of an address within a link-map.  Look for
2423  * the nearest symbol (whose value is less than or equal to the required
2424  * address).  This is the object specific part of dladdr().
2425  */
2426 static void
2427 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2428 {
2429 	ulong_t		ndx, cnt, base, _value;
2430 	Sym		*sym, *_sym = NULL;
2431 	const char	*str;
2432 	int		_flags;
2433 	uint_t		*dynaddr_ndx;
2434 	uint_t		dynaddr_n = 0;
2435 	ulong_t		value;
2436 
2437 	/*
2438 	 * If SUNWSYMTAB() is non-NULL, then it sees a special version of
2439 	 * the dynsym that starts with any local function symbols that exist in
2440 	 * the library and then moves to the data held in SYMTAB(). In this
2441 	 * case, SUNWSYMSZ tells us how long the symbol table is. The
2442 	 * availability of local function symbols will enhance the results
2443 	 * we can provide.
2444 	 *
2445 	 * If SUNWSYMTAB() is non-NULL, then there might also be a
2446 	 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains
2447 	 * an array of indices into SUNWSYMTAB, sorted by increasing
2448 	 * address. We can use this to do an O(log N) search instead of a
2449 	 * brute force search.
2450 	 *
2451 	 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that
2452 	 * contains only global symbols. In that case, the length of
2453 	 * the symbol table comes from the nchain field of the related
2454 	 * symbol lookup hash table.
2455 	 */
2456 	str = STRTAB(lmp);
2457 	if (SUNWSYMSZ(lmp) == NULL) {
2458 		sym = SYMTAB(lmp);
2459 		/*
2460 		 * If we don't have a .hash table there are no symbols
2461 		 * to look at.
2462 		 */
2463 		if (HASH(lmp) == NULL)
2464 			return;
2465 		cnt = HASH(lmp)[1];
2466 	} else {
2467 		sym = SUNWSYMTAB(lmp);
2468 		cnt = SUNWSYMSZ(lmp) / SYMENT(lmp);
2469 		dynaddr_ndx = SUNWSYMSORT(lmp);
2470 		if (dynaddr_ndx != NULL)
2471 			dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp);
2472 	}
2473 
2474 	if (FLAGS(lmp) & FLG_RT_FIXED)
2475 		base = 0;
2476 	else
2477 		base = ADDR(lmp);
2478 
2479 	if (dynaddr_n > 0) {		/* Binary search */
2480 		long	low = 0, low_bnd;
2481 		long	high = dynaddr_n - 1, high_bnd;
2482 		long	mid;
2483 		Sym	*mid_sym;
2484 
2485 		/*
2486 		 * Note that SUNWSYMSORT only contains symbols types that
2487 		 * supply memory addresses, so there's no need to check and
2488 		 * filter out any other types.
2489 		 */
2490 		low_bnd = low;
2491 		high_bnd = high;
2492 		while (low <= high) {
2493 			mid = (low + high) / 2;
2494 			mid_sym = &sym[dynaddr_ndx[mid]];
2495 			value = mid_sym->st_value + base;
2496 			if (addr < value) {
2497 				if ((sym[dynaddr_ndx[high]].st_value + base) >=
2498 				    addr)
2499 					high_bnd = high;
2500 				high = mid - 1;
2501 			} else if (addr > value) {
2502 				if ((sym[dynaddr_ndx[low]].st_value + base) <=
2503 				    addr)
2504 					low_bnd = low;
2505 				low = mid + 1;
2506 			} else {
2507 				_sym = mid_sym;
2508 				_value = value;
2509 				break;
2510 			}
2511 		}
2512 		/*
2513 		 * If the above didn't find it exactly, then we must
2514 		 * return the closest symbol with a value that doesn't
2515 		 * exceed the one we are looking for. If that symbol exists,
2516 		 * it will lie in the range bounded by low_bnd and
2517 		 * high_bnd. This is a linear search, but a short one.
2518 		 */
2519 		if (_sym == NULL) {
2520 			for (mid = low_bnd; mid <= high_bnd; mid++) {
2521 				mid_sym = &sym[dynaddr_ndx[mid]];
2522 				value = mid_sym->st_value + base;
2523 				if (addr >= value) {
2524 					_sym = mid_sym;
2525 					_value = value;
2526 				} else {
2527 					break;
2528 				}
2529 			}
2530 		}
2531 	} else {			/* Linear search */
2532 		for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2533 			/*
2534 			 * Skip expected symbol types that are not functions
2535 			 * or data:
2536 			 *	- A symbol table starts with an undefined symbol
2537 			 *		in slot 0. If we are using SUNWSYMTAB(),
2538 			 *		there will be a second undefined symbol
2539 			 *		right before the globals.
2540 			 *	- The local part of SUNWSYMTAB() contains a
2541 			 *		series of function symbols. Each section
2542 			 *		starts with an initial STT_FILE symbol.
2543 			 */
2544 			if ((sym->st_shndx == SHN_UNDEF) ||
2545 			    (ELF_ST_TYPE(sym->st_info) == STT_FILE))
2546 				continue;
2547 
2548 			value = sym->st_value + base;
2549 			if (value > addr)
2550 				continue;
2551 			if (value < _value)
2552 				continue;
2553 
2554 			_sym = sym;
2555 			_value = value;
2556 
2557 			/*
2558 			 * Note, because we accept local and global symbols
2559 			 * we could find a section symbol that matches the
2560 			 * associated address, which means that the symbol
2561 			 * name will be null.  In this case continue the
2562 			 * search in case we can find a global symbol of
2563 			 * the same value.
2564 			 */
2565 			if ((value == addr) &&
2566 			    (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2567 				break;
2568 		}
2569 	}
2570 
2571 	_flags = flags & RTLD_DL_MASK;
2572 	if (_sym) {
2573 		if (_flags == RTLD_DL_SYMENT)
2574 			*info = (void *)_sym;
2575 		else if (_flags == RTLD_DL_LINKMAP)
2576 			*info = (void *)lmp;
2577 
2578 		dlip->dli_sname = str + _sym->st_name;
2579 		dlip->dli_saddr = (void *)_value;
2580 	} else {
2581 		/*
2582 		 * addr lies between the beginning of the mapped segment and
2583 		 * the first global symbol. We have no symbol to return
2584 		 * and the caller requires one. We use _START_, the base
2585 		 * address of the mapping.
2586 		 */
2587 
2588 		if (_flags == RTLD_DL_SYMENT) {
2589 			/*
2590 			 * An actual symbol struct is needed, so we
2591 			 * construct one for _START_. To do this in a
2592 			 * fully accurate way requires a different symbol
2593 			 * for each mapped segment. This requires the
2594 			 * use of dynamic memory and a mutex. That's too much
2595 			 * plumbing for a fringe case of limited importance.
2596 			 *
2597 			 * Fortunately, we can simplify:
2598 			 *    - Only the st_size and st_info fields are useful
2599 			 *	outside of the linker internals. The others
2600 			 *	reference things that outside code cannot see,
2601 			 *	and can be set to 0.
2602 			 *    - It's just a label and there is no size
2603 			 *	to report. So, the size should be 0.
2604 			 * This means that only st_info needs a non-zero
2605 			 * (constant) value. A static struct will suffice.
2606 			 * It must be const (readonly) so the caller can't
2607 			 * change its meaning for subsequent callers.
2608 			 */
2609 			static const Sym fsym = { 0, 0, 0,
2610 			    ELF_ST_INFO(STB_LOCAL, STT_OBJECT) };
2611 			*info = (void *) &fsym;
2612 		}
2613 
2614 		dlip->dli_sname = MSG_ORIG(MSG_SYM_START);
2615 		dlip->dli_saddr = (void *) ADDR(lmp);
2616 	}
2617 }
2618 
2619 /*
2620  * This routine is called as a last fall-back to search for a symbol from a
2621  * standard relocation or dlsym().  To maintain lazy loadings goal of reducing
2622  * the number of objects mapped, any symbol search is first carried out using
2623  * the objects that already exist in the process (either on a link-map list or
2624  * handle).  If a symbol can't be found, and lazy dependencies are still
2625  * pending, this routine loads the dependencies in an attempt to locate the
2626  * symbol.
2627  */
2628 int
2629 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
2630 {
2631 	static APlist	*alist = NULL;
2632 	Aliste		idx1;
2633 	Rt_map		*lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap;
2634 	const char	*name = slp->sl_name;
2635 	Slookup		sl1 = *slp;
2636 	Lm_list		*lml;
2637 	Lm_cntl		*lmc;
2638 
2639 	/*
2640 	 * It's quite possible we've been here before to process objects,
2641 	 * therefore reinitialize our dynamic list.
2642 	 */
2643 	if (alist)
2644 		aplist_reset(alist);
2645 
2646 	/*
2647 	 * Discard any relocation index from further symbol searches.  This
2648 	 * index has already been used to trigger any necessary lazy-loads,
2649 	 * and it might be because one of these lazy loads has failed that
2650 	 * we're performing this fallback.  By removing the relocation index
2651 	 * we don't try and perform the same failed lazy loading activity again.
2652 	 */
2653 	sl1.sl_rsymndx = 0;
2654 
2655 	/*
2656 	 * Determine the callers link-map list so that we can monitor whether
2657 	 * new objects have been added.
2658 	 */
2659 	lml = LIST(clmp);
2660 	lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp));
2661 
2662 	/*
2663 	 * Generate a local list of new objects to process.  This list can grow
2664 	 * as each object supplies its own lazy dependencies.
2665 	 */
2666 	if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL)
2667 		return (NULL);
2668 
2669 	for (APLIST_TRAVERSE(alist, idx1, lmp1)) {
2670 		uint_t	cnt = 0;
2671 		Dyninfo	*dip, *pdip;
2672 
2673 		/*
2674 		 * Loop through the lazy DT_NEEDED entries examining each object
2675 		 * for the required symbol.  If the symbol is not found, the
2676 		 * object is in turn added to the local alist, so that the
2677 		 * objects lazy DT_NEEDED entries can be examined.
2678 		 */
2679 		lmp = lmp1;
2680 		for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp);
2681 		    cnt++, pdip = dip++) {
2682 			Grp_hdl		*ghp;
2683 			Grp_desc	*gdp;
2684 			Rt_map		*nlmp, *llmp;
2685 			Slookup		sl2;
2686 			Sresult		sr;
2687 			Aliste		idx2;
2688 
2689 			if (((dip->di_flags & FLG_DI_LAZY) == 0) ||
2690 			    dip->di_info)
2691 				continue;
2692 
2693 			/*
2694 			 * If this object has already failed to lazy load, and
2695 			 * we're still processing the same runtime linker
2696 			 * operation that produced the failure, don't bother
2697 			 * to try and load the object again.
2698 			 */
2699 			if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip &&
2700 			    (pdip->di_flags & FLG_DI_POSFLAG1)) {
2701 				if (pdip->di_info == (void *)ld_entry_cnt)
2702 					continue;
2703 
2704 				dip->di_flags &= ~FLG_DI_LAZYFAIL;
2705 				pdip->di_info = NULL;
2706 			}
2707 
2708 			/*
2709 			 * Determine the last link-map presently on the callers
2710 			 * link-map control list.
2711 			 */
2712 			llmp = lmc->lc_tail;
2713 
2714 			/*
2715 			 * Try loading this lazy dependency.  If the object
2716 			 * can't be loaded, consider this non-fatal and continue
2717 			 * the search.  Lazy loaded dependencies need not exist
2718 			 * and their loading should only turn out to be fatal
2719 			 * if they are required to satisfy a relocation.
2720 			 *
2721 			 * A successful lazy load can mean one of two things:
2722 			 *
2723 			 *  -	new objects have been loaded, in which case the
2724 			 * 	objects will have been analyzed, relocated, and
2725 			 * 	finally moved to the callers control list.
2726 			 *  -	the objects are already loaded, and this lazy
2727 			 *	load has simply associated the referenced object
2728 			 *	with it's lazy dependencies.
2729 			 *
2730 			 * If new objects are loaded, look in these objects
2731 			 * first.  Note, a new object can be the object being
2732 			 * referenced by this lazy load, however we can also
2733 			 * descend into multiple lazy loads as we relocate this
2734 			 * reference.
2735 			 *
2736 			 * If the symbol hasn't been found, use the referenced
2737 			 * objects handle, as it might have dependencies on
2738 			 * objects that are already loaded.  Note that existing
2739 			 * objects might have already been searched and skipped
2740 			 * as non-available to this caller.   However, a lazy
2741 			 * load might have caused the promotion of modes, or
2742 			 * added this object to the family of the caller.  In
2743 			 * either case, the handle associated with the object
2744 			 * is then used to carry out the symbol search.
2745 			 */
2746 			if ((nlmp = elf_lazy_load(lmp, &sl1, cnt, name,
2747 			    FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL)
2748 				continue;
2749 
2750 			if (NEXT_RT_MAP(llmp)) {
2751 				/*
2752 				 * Look in any new objects.
2753 				 */
2754 				sl1.sl_imap = NEXT_RT_MAP(llmp);
2755 				sl1.sl_flags &= ~LKUP_STDRELOC;
2756 
2757 				/*
2758 				 * Initialize a local symbol result descriptor,
2759 				 * using the original symbol name.
2760 				 */
2761 				SRESULT_INIT(sr, slp->sl_name);
2762 
2763 				if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) {
2764 					*srp = sr;
2765 					return (1);
2766 				}
2767 			}
2768 
2769 			/*
2770 			 * Use the objects handle to inspect the family of
2771 			 * objects associated with the handle.  Note, there's
2772 			 * a possibility of overlap with the above search,
2773 			 * should a lazy load bring in new objects and
2774 			 * reference existing objects.
2775 			 */
2776 			sl2 = sl1;
2777 			for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) {
2778 				if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) &&
2779 				    (gdp->gd_flags & GPD_DLSYM)) {
2780 
2781 					sl2.sl_imap = gdp->gd_depend;
2782 					sl2.sl_flags |= LKUP_FIRST;
2783 
2784 					/*
2785 					 * Initialize a local symbol result
2786 					 * descriptor, using the original
2787 					 * symbol name.
2788 					 */
2789 					SRESULT_INIT(sr, slp->sl_name);
2790 
2791 					if (lookup_sym(&sl2, &sr, binfo,
2792 					    in_nfavl)) {
2793 						*srp = sr;
2794 						return (1);
2795 					}
2796 				}
2797 			}
2798 
2799 			/*
2800 			 * Some dlsym() operations are already traversing a
2801 			 * link-map (dlopen(0)), and thus there's no need to
2802 			 * save them on the dynamic dependency list.
2803 			 */
2804 			if (slp->sl_flags & LKUP_NODESCENT)
2805 				continue;
2806 
2807 			if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL)
2808 				return (0);
2809 		}
2810 	}
2811 
2812 	return (0);
2813 }
2814 
2815 /*
2816  * Warning message for bad r_offset.
2817  */
2818 void
2819 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
2820     ulong_t rsymndx)
2821 {
2822 	const char	*name = NULL;
2823 	Lm_list		*lml = LIST(lmp);
2824 	int		trace;
2825 
2826 	if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
2827 	    (((rtld_flags & RT_FL_SILENCERR) == 0) ||
2828 	    (lml->lm_flags & LML_FLG_TRC_VERBOSE)))
2829 		trace = 1;
2830 	else
2831 		trace = 0;
2832 
2833 	if ((trace == 0) && (DBG_ENABLED == 0))
2834 		return;
2835 
2836 	if (rsymndx) {
2837 		Sym	*symref = (Sym *)((ulong_t)SYMTAB(lmp) +
2838 		    (rsymndx * SYMENT(lmp)));
2839 
2840 		if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
2841 			name = (char *)(STRTAB(lmp) + symref->st_name);
2842 	}
2843 
2844 	if (name == NULL)
2845 		name = MSG_INTL(MSG_STR_UNKNOWN);
2846 
2847 	if (trace) {
2848 		const char *rstr;
2849 
2850 		rstr = _conv_reloc_type((uint_t)rtype);
2851 		(void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
2852 		    EC_ADDR(roffset));
2853 		return;
2854 	}
2855 
2856 	Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name);
2857 }
2858 
2859 /*
2860  * Resolve a static TLS relocation.
2861  */
2862 long
2863 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name,
2864     ulong_t roffset, long value)
2865 {
2866 	Lm_list	*lml = LIST(lmp);
2867 
2868 	/*
2869 	 * Relocations against a static TLS block have limited support once
2870 	 * process initialization has completed.  Any error condition should be
2871 	 * discovered by testing for DF_STATIC_TLS as part of loading an object,
2872 	 * however individual relocations are tested in case the dynamic flag
2873 	 * had not been set when this object was built.
2874 	 */
2875 	if (PTTLS(lmp) == NULL) {
2876 		DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2877 		    M_REL_SHT_TYPE, rel, NULL, 0, name));
2878 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2879 		    _conv_reloc_type((uint_t)rtype), NAME(lmp),
2880 		    name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2881 		return (0);
2882 	}
2883 
2884 	/*
2885 	 * If no static TLS has been set aside for this object, determine if
2886 	 * any can be obtained.  Enforce that any object using static TLS is
2887 	 * non-deletable.
2888 	 */
2889 	if (TLSSTATOFF(lmp) == 0) {
2890 		FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2891 		MODE(lmp) |= RTLD_NODELETE;
2892 
2893 		if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) {
2894 			DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2895 			    M_REL_SHT_TYPE, rel, NULL, 0, name));
2896 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2897 			    _conv_reloc_type((uint_t)rtype), NAME(lmp),
2898 			    name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2899 			return (0);
2900 		}
2901 	}
2902 
2903 	/*
2904 	 * Typically, a static TLS offset is maintained as a symbols value.
2905 	 * For local symbols that are not apart of the dynamic symbol table,
2906 	 * the TLS relocation points to a section symbol, and the static TLS
2907 	 * offset was deposited in the associated GOT table.  Make sure the GOT
2908 	 * is cleared, so that the value isn't reused in do_reloc().
2909 	 */
2910 	if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) {
2911 		if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) {
2912 			value = *(long *)roffset;
2913 			*(long *)roffset = 0;
2914 		} else {
2915 			value = sym->st_value;
2916 		}
2917 	}
2918 	return (-(TLSSTATOFF(lmp) - value));
2919 }
2920 
2921 /*
2922  * If the symbol is not found and the reference was not to a weak symbol, report
2923  * an error.  Weak references may be unresolved.
2924  */
2925 int
2926 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo)
2927 {
2928 	Lm_list	*lml = LIST(lmp);
2929 
2930 	/*
2931 	 * Under crle(1), relocation failures are ignored.
2932 	 */
2933 	if (lml->lm_flags & LML_FLG_IGNRELERR)
2934 		return (1);
2935 
2936 	/*
2937 	 * Under ldd(1), unresolved references are reported.  However, if the
2938 	 * original reference is EXTERN or PARENT these references are ignored
2939 	 * unless ldd's -p option is in effect.
2940 	 */
2941 	if (lml->lm_flags & LML_FLG_TRC_WARN) {
2942 		if (((binfo & DBG_BINFO_REF_MSK) == 0) ||
2943 		    ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) {
2944 			(void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND),
2945 			    demangle(name), NAME(lmp));
2946 		}
2947 		return (1);
2948 	}
2949 
2950 	/*
2951 	 * Otherwise, the unresolved references is fatal.
2952 	 */
2953 	DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel,
2954 	    NULL, 0, name));
2955 	eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp),
2956 	    demangle(name));
2957 
2958 	return (0);
2959 }
2960 
2961 /*
2962  * Generic relative relocation function.
2963  */
2964 inline static ulong_t
2965 _elf_reloc_relative(ulong_t rbgn, ulong_t base, Rt_map *lmp, APlist **textrel)
2966 {
2967 	mmapobj_result_t	*mpp;
2968 	ulong_t			roffset;
2969 
2970 	roffset = ((M_RELOC *)rbgn)->r_offset;
2971 	roffset += base;
2972 
2973 	/*
2974 	 * If this relocation is against an address that is not associated with
2975 	 * a mapped segment, fall back to the generic relocation loop to
2976 	 * collect the associated error.
2977 	 */
2978 	if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL)
2979 		return (0);
2980 
2981 	/*
2982 	 * If this relocation is against a segment that does not provide write
2983 	 * access, set the write permission for all non-writable mappings.
2984 	 */
2985 	if (((mpp->mr_prot & PROT_WRITE) == 0) && textrel &&
2986 	    ((set_prot(lmp, mpp, 1) == 0) ||
2987 	    (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL)))
2988 		return (0);
2989 
2990 	/*
2991 	 * Perform the actual relocation.  Note, for backward compatibility,
2992 	 * SPARC relocations are added to the offset contents (there was a time
2993 	 * when the offset was used to contain the addend, rather than using
2994 	 * the addend itself).
2995 	 */
2996 #if	defined(__sparc)
2997 	*((ulong_t *)roffset) += base + ((M_RELOC *)rbgn)->r_addend;
2998 #elif	defined(__amd64)
2999 	*((ulong_t *)roffset) = base + ((M_RELOC *)rbgn)->r_addend;
3000 #else
3001 	*((ulong_t *)roffset) += base;
3002 #endif
3003 	return (1);
3004 }
3005 
3006 /*
3007  * When a generic relocation loop realizes that it's dealing with relative
3008  * relocations, but no DT_RELCOUNT .dynamic tag is present, this tighter loop
3009  * is entered as an optimization.
3010  */
3011 ulong_t
3012 elf_reloc_relative(ulong_t rbgn, ulong_t rend, ulong_t rsize, ulong_t base,
3013     Rt_map *lmp, APlist **textrel)
3014 {
3015 	char	rtype;
3016 
3017 	do {
3018 		if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0)
3019 			break;
3020 
3021 		rbgn += rsize;
3022 		if (rbgn >= rend)
3023 			break;
3024 
3025 		/*
3026 		 * Make sure the next type is a relative relocation.
3027 		 */
3028 		rtype = ELF_R_TYPE(((M_RELOC *)rbgn)->r_info, M_MACH);
3029 
3030 	} while (rtype == M_R_RELATIVE);
3031 
3032 	return (rbgn);
3033 }
3034 
3035 /*
3036  * This is the tightest loop for RELATIVE relocations for those objects built
3037  * with the DT_RELACOUNT .dynamic entry.
3038  */
3039 ulong_t
3040 elf_reloc_relative_count(ulong_t rbgn, ulong_t rcount, ulong_t rsize,
3041     ulong_t base, Rt_map *lmp, APlist **textrel)
3042 {
3043 	for (; rcount; rcount--) {
3044 		if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0)
3045 			break;
3046 
3047 		rbgn += rsize;
3048 	}
3049 	return (rbgn);
3050 }
3051