1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Object file dependent support for ELF objects. 34 */ 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline.h" 49 #include "msg.h" 50 51 /* 52 * Default and secure dependency search paths. 53 */ 54 static Spath_defn _elf_def_dirs[] = { 55 #if defined(_ELF64) 56 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 57 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 58 #else 59 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 60 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 61 #endif 62 { 0, 0 } 63 }; 64 65 static Spath_defn _elf_sec_dirs[] = { 66 #if defined(_ELF64) 67 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 68 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 69 #else 70 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 71 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 72 #endif 73 { 0, 0 } 74 }; 75 76 Alist *elf_def_dirs = NULL; 77 Alist *elf_sec_dirs = NULL; 78 79 /* 80 * Defines for local functions. 81 */ 82 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 83 static Addr elf_entry_point(void); 84 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 85 static Alist **elf_get_def_dirs(void); 86 static Alist **elf_get_sec_dirs(void); 87 static char *elf_get_so(const char *, const char *, size_t, size_t); 88 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 89 90 /* 91 * Functions and data accessed through indirect pointers. 92 */ 93 Fct elf_fct = { 94 elf_verify, 95 elf_new_lmp, 96 elf_entry_point, 97 elf_needed, 98 lookup_sym, 99 elf_reloc, 100 elf_get_def_dirs, 101 elf_get_sec_dirs, 102 elf_fix_name, 103 elf_get_so, 104 elf_dladdr, 105 dlsym_handle 106 }; 107 108 /* 109 * Default and secure dependency search paths. 110 */ 111 static Alist ** 112 elf_get_def_dirs() 113 { 114 if (elf_def_dirs == NULL) 115 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 116 return (&elf_def_dirs); 117 } 118 119 static Alist ** 120 elf_get_sec_dirs() 121 { 122 if (elf_sec_dirs == NULL) 123 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 124 return (&elf_sec_dirs); 125 } 126 127 /* 128 * Redefine NEEDED name if necessary. 129 */ 130 static int 131 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 132 uint_t orig) 133 { 134 /* 135 * For ABI compliance, if we are asked for ld.so.1, then really give 136 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 137 */ 138 if (((*name == '/') && 139 /* BEGIN CSTYLED */ 140 #if defined(_ELF64) 141 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 142 #else 143 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 144 #endif 145 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 146 /* END CSTYLED */ 147 Pdesc *pdp; 148 149 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 150 MSG_ORIG(MSG_PTH_LIBSYS))); 151 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc), 152 alni)) == NULL) 153 return (0); 154 155 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS); 156 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE; 157 pdp->pd_flags = PD_FLG_PNSLASH; 158 159 return (1); 160 } 161 162 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 163 } 164 165 /* 166 * Determine whether this object requires any hardware or software capabilities. 167 */ 168 static int 169 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 170 { 171 Phdr *phdr; 172 int cnt; 173 174 /* LINTED */ 175 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 176 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 177 Cap *cptr; 178 179 if (phdr->p_type != PT_SUNWCAP) 180 continue; 181 182 /* LINTED */ 183 cptr = (Cap *)((char *)ehdr + phdr->p_offset); 184 while (cptr->c_tag != CA_SUNW_NULL) { 185 if (cptr->c_tag == CA_SUNW_HW_1) { 186 /* 187 * Verify the hardware capabilities. 188 */ 189 if (hwcap_check(cptr->c_un.c_val, rej) == 0) 190 return (0); 191 192 /* 193 * Retain this hardware capabilities value for 194 * possible later inspection should this object 195 * be processed as a filtee. 196 */ 197 fdp->fd_hwcap = cptr->c_un.c_val; 198 } 199 if (cptr->c_tag == CA_SUNW_SF_1) { 200 /* 201 * Verify the software capabilities. 202 */ 203 if (sfcap_check(cptr->c_un.c_val, rej) == 0) 204 return (0); 205 } 206 cptr++; 207 } 208 } 209 return (1); 210 } 211 212 /* 213 * Determine if we have been given an ELF file and if so determine if the file 214 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 215 * with associated error information. 216 */ 217 Fct * 218 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 219 Rej_desc *rej) 220 { 221 Ehdr *ehdr; 222 char *caddr = (char *)addr; 223 224 /* 225 * Determine if we're an elf file. If not simply return, we don't set 226 * any rejection information as this test allows use to scroll through 227 * the objects we support (ELF, AOUT). 228 */ 229 if (size < sizeof (Ehdr) || 230 caddr[EI_MAG0] != ELFMAG0 || 231 caddr[EI_MAG1] != ELFMAG1 || 232 caddr[EI_MAG2] != ELFMAG2 || 233 caddr[EI_MAG3] != ELFMAG3) { 234 return (NULL); 235 } 236 237 /* 238 * Check class and encoding. 239 */ 240 /* LINTED */ 241 ehdr = (Ehdr *)addr; 242 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 243 rej->rej_type = SGS_REJ_CLASS; 244 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 245 return (NULL); 246 } 247 if (ehdr->e_ident[EI_DATA] != M_DATA) { 248 rej->rej_type = SGS_REJ_DATA; 249 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 250 return (NULL); 251 } 252 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 253 (ehdr->e_type != ET_DYN)) { 254 rej->rej_type = SGS_REJ_TYPE; 255 rej->rej_info = (uint_t)ehdr->e_type; 256 return (NULL); 257 } 258 259 /* 260 * Verify ELF version. 261 */ 262 if (ehdr->e_version > EV_CURRENT) { 263 rej->rej_type = SGS_REJ_VERSION; 264 rej->rej_info = (uint_t)ehdr->e_version; 265 return (NULL); 266 } 267 268 /* 269 * Verify machine specific flags. 270 */ 271 if (elf_mach_flags_check(rej, ehdr) == 0) 272 return (NULL); 273 274 /* 275 * Verify any hardware/software capability requirements. Note, if this 276 * object is an explicitly defined shared object under inspection by 277 * ldd(1), and contains an incompatible hardware capabilities 278 * requirement, then inform the user, but continue processing. 279 */ 280 if (elf_cap_check(fdp, ehdr, rej) == 0) { 281 Rt_map *lmp = lml_main.lm_head; 282 283 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp && 284 (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) { 285 const char *fmt; 286 287 if (rej->rej_type == SGS_REJ_HWCAP_1) 288 fmt = MSG_INTL(MSG_LDD_GEN_HWCAP_1); 289 else 290 fmt = MSG_INTL(MSG_LDD_GEN_SFCAP_1); 291 (void) printf(fmt, name, rej->rej_str); 292 return (&elf_fct); 293 } 294 return (NULL); 295 } 296 return (&elf_fct); 297 } 298 299 /* 300 * The runtime linker employs lazy loading to provide the libraries needed for 301 * debugging, preloading .o's and dldump(). As these are seldom used, the 302 * standard startup of ld.so.1 doesn't initialize all the information necessary 303 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 304 * is called we get here to perform these initializations: 305 * 306 * o elf_needed() is called to set up the DYNINFO() indexes for each lazy 307 * dependency. Typically, for all other objects, this is called during 308 * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 309 * 310 * o For intel, ld.so.1's JMPSLOT relocations need relative updates. These 311 * are by default skipped thus delaying all relative relocation processing 312 * on every invocation of ld.so.1. 313 */ 314 int 315 elf_rtld_load() 316 { 317 Lm_list *lml = &lml_rtld; 318 Rt_map *lmp = lml->lm_head; 319 320 if (lml->lm_flags & LML_FLG_PLTREL) 321 return (1); 322 323 /* 324 * As we need to refer to the DYNINFO() information, insure that it has 325 * been initialized. 326 */ 327 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 328 return (0); 329 330 #if defined(__i386) 331 /* 332 * This is a kludge to give ld.so.1 a performance benefit on i386. 333 * It's based around two factors. 334 * 335 * o JMPSLOT relocations (PLT's) actually need a relative relocation 336 * applied to the GOT entry so that they can find PLT0. 337 * 338 * o ld.so.1 does not exercise *any* PLT's before it has made a call 339 * to elf_lazy_load(). This is because all dynamic dependencies 340 * are recorded as lazy dependencies. 341 */ 342 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 343 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 344 (ulong_t)ADDR(lmp), lmp, NULL); 345 #endif 346 347 lml->lm_flags |= LML_FLG_PLTREL; 348 return (1); 349 } 350 351 /* 352 * Lazy load an object. 353 */ 354 Rt_map * 355 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 356 int *in_nfavl) 357 { 358 Alist *palp = NULL; 359 Rt_map *nlmp; 360 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 361 uint_t flags = 0; 362 const char *name; 363 Lm_list *lml = LIST(clmp); 364 Aliste lmco; 365 366 /* 367 * If this dependency has already been processed, we're done. 368 */ 369 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 370 (dip->di_flags & FLG_DI_LDD_DONE)) 371 return (nlmp); 372 373 /* 374 * If we're running under ldd(1), indicate that this dependency has been 375 * processed (see test above). It doesn't matter whether the object is 376 * successfully loaded or not, this flag simply ensures that we don't 377 * repeatedly attempt to load an object that has already failed to load. 378 * To do so would create multiple failure diagnostics for the same 379 * object under ldd(1). 380 */ 381 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 382 dip->di_flags |= FLG_DI_LDD_DONE; 383 384 /* 385 * Determine the initial dependency name. 386 */ 387 name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; 388 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 389 390 /* 391 * If this object needs to establish its own group, make sure a handle 392 * is created. 393 */ 394 if (dip->di_flags & FLG_DI_GROUP) 395 flags |= (FLG_RT_SETGROUP | FLG_RT_HANDLE); 396 397 /* 398 * Lazy dependencies are identified as DT_NEEDED entries with a 399 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 400 * dynamic information element that corresponds to the DT_POSFLAG_1 401 * entry is free, and thus used to store the present entrance 402 * identifier. This identifier is used to prevent multiple attempts to 403 * load a failed lazy loadable dependency within the same runtime linker 404 * operation. However, future attempts to reload this dependency are 405 * still possible. 406 */ 407 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 408 pdip->di_info = (void *)slp->sl_id; 409 410 /* 411 * Expand the requested name if necessary. 412 */ 413 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 414 return (NULL); 415 416 /* 417 * Establish a link-map control list for this request. 418 */ 419 if ((lmco = create_cntl(lml, 0)) == NULL) { 420 remove_plist(&palp, 1); 421 return (NULL); 422 } 423 424 /* 425 * Load the associated object. 426 */ 427 dip->di_info = nlmp = 428 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, 0, in_nfavl); 429 430 /* 431 * Remove any expanded pathname infrastructure. Reduce the pending lazy 432 * dependency count of the caller, together with the link-map lists 433 * count of objects that still have lazy dependencies pending. 434 */ 435 remove_plist(&palp, 1); 436 if (--LAZY(clmp) == 0) 437 LIST(clmp)->lm_lazy--; 438 439 /* 440 * Finish processing the objects associated with this request, and 441 * create an association between the caller and this dependency. 442 */ 443 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 444 ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) || 445 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 446 dip->di_info = nlmp = NULL; 447 448 /* 449 * If this lazyload has failed, and we've created a new link-map 450 * control list to which this request has added objects, then remove 451 * all the objects that have been associated to this request. 452 */ 453 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 454 remove_lmc(lml, clmp, lmco, name); 455 456 /* 457 * Remove any temporary link-map control list. 458 */ 459 if (lmco != ALIST_OFF_DATA) 460 remove_cntl(lml, lmco); 461 462 /* 463 * If this lazy loading failed, record the fact, and bump the lazy 464 * counts. 465 */ 466 if (nlmp == NULL) { 467 dip->di_flags |= FLG_DI_LAZYFAIL; 468 if (LAZY(clmp)++ == 0) 469 LIST(clmp)->lm_lazy++; 470 } 471 472 return (nlmp); 473 } 474 475 /* 476 * Return the entry point of the ELF executable. 477 */ 478 static Addr 479 elf_entry_point(void) 480 { 481 Rt_map *lmp = lml_main.lm_head; 482 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 483 Addr addr = (Addr)(ehdr->e_entry); 484 485 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 486 addr += ADDR(lmp); 487 488 return (addr); 489 } 490 491 /* 492 * Determine if a dependency requires a particular version and if so verify 493 * that the version exists in the dependency. 494 */ 495 int 496 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 497 { 498 Verneed *vnd = VERNEED(clmp); 499 int _num, num = VERNEEDNUM(clmp); 500 char *cstrs = (char *)STRTAB(clmp); 501 Lm_list *lml = LIST(clmp); 502 503 /* 504 * Traverse the callers version needed information and determine if any 505 * specific versions are required from the dependency. 506 */ 507 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 508 for (_num = 1; _num <= num; _num++, 509 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 510 Half cnt = vnd->vn_cnt; 511 Vernaux *vnap; 512 char *nstrs, *need; 513 514 /* 515 * Determine if a needed entry matches this dependency. 516 */ 517 need = (char *)(cstrs + vnd->vn_file); 518 if (strcmp(name, need) != 0) 519 continue; 520 521 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 522 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 523 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 524 525 /* 526 * Validate that each version required actually exists in the 527 * dependency. 528 */ 529 nstrs = (char *)STRTAB(nlmp); 530 531 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 532 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 533 char *version, *define; 534 Verdef *vdf = VERDEF(nlmp); 535 ulong_t _num, num = VERDEFNUM(nlmp); 536 int found = 0; 537 538 /* 539 * Skip validation of versions that are marked 540 * INFO. This optimization is used for versions 541 * that are inherited by another version. Verification 542 * of the inheriting version is sufficient. 543 * 544 * Such versions are recorded in the object for the 545 * benefit of VERSYM entries that refer to them. This 546 * provides a purely diagnositic benefit. 547 */ 548 if (vnap->vna_flags & VER_FLG_INFO) 549 continue; 550 551 version = (char *)(cstrs + vnap->vna_name); 552 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 553 554 for (_num = 1; _num <= num; _num++, 555 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 556 Verdaux *vdap; 557 558 if (vnap->vna_hash != vdf->vd_hash) 559 continue; 560 561 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 562 define = (char *)(nstrs + vdap->vda_name); 563 if (strcmp(version, define) != 0) 564 continue; 565 566 found++; 567 break; 568 } 569 570 /* 571 * If we're being traced print out any matched version 572 * when the verbose (-v) option is in effect. Always 573 * print any unmatched versions. 574 */ 575 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 576 /* BEGIN CSTYLED */ 577 if (found) { 578 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 579 continue; 580 581 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 582 need, version, NAME(nlmp)); 583 } else { 584 if (rtld_flags & RT_FL_SILENCERR) 585 continue; 586 587 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 588 need, version); 589 } 590 /* END CSTYLED */ 591 continue; 592 } 593 594 /* 595 * If the version hasn't been found then this is a 596 * candidate for a fatal error condition. Weak 597 * version definition requirements are silently 598 * ignored. Also, if the image inspected for a version 599 * definition has no versioning recorded at all then 600 * silently ignore this (this provides better backward 601 * compatibility to old images created prior to 602 * versioning being available). Both of these skipped 603 * diagnostics are available under tracing (see above). 604 */ 605 if ((found == 0) && (num != 0) && 606 (!(vnap->vna_flags & VER_FLG_WEAK))) { 607 eprintf(lml, ERR_FATAL, 608 MSG_INTL(MSG_VER_NFOUND), need, version, 609 NAME(clmp)); 610 return (0); 611 } 612 } 613 } 614 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD)); 615 return (1); 616 } 617 618 /* 619 * Search through the dynamic section for DT_NEEDED entries and perform one 620 * of two functions. If only the first argument is specified then load the 621 * defined shared object, otherwise add the link map representing the defined 622 * link map the the dlopen list. 623 */ 624 static int 625 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 626 { 627 Alist *palp = NULL; 628 Dyn *dyn, *pdyn; 629 ulong_t ndx = 0; 630 uint_t lazy, flags; 631 Word lmflags = lml->lm_flags; 632 Word lmtflags = lml->lm_tflags; 633 634 /* 635 * Process each shared object on needed list. 636 */ 637 if (DYN(clmp) == NULL) 638 return (1); 639 640 for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL; 641 pdyn = dyn++, ndx++) { 642 Dyninfo *dip = &DYNINFO(clmp)[ndx]; 643 Rt_map *nlmp = NULL; 644 char *name; 645 int silent = 0; 646 647 switch (dyn->d_tag) { 648 case DT_POSFLAG_1: 649 dip->di_flags |= FLG_DI_POSFLAG1; 650 continue; 651 case DT_NEEDED: 652 case DT_USED: 653 lazy = flags = 0; 654 dip->di_flags |= FLG_DI_NEEDED; 655 656 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 657 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 658 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) { 659 dip->di_flags |= FLG_DI_LAZY; 660 lazy = 1; 661 } 662 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) { 663 dip->di_flags |= FLG_DI_GROUP; 664 flags = 665 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 666 } 667 } 668 669 name = (char *)STRTAB(clmp) + dyn->d_un.d_val; 670 671 /* 672 * NOTE, libc.so.1 can't be lazy loaded. Although a 673 * lazy position flag won't be produced when a RTLDINFO 674 * .dynamic entry is found (introduced with the UPM in 675 * Solaris 10), it was possible to mark libc for lazy 676 * loading on previous releases. To reduce the overhead 677 * of testing for this occurrence, only carry out this 678 * check for the first object on the link-map list 679 * (there aren't many applications built without libc). 680 */ 681 if (lazy && (lml->lm_head == clmp) && 682 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 683 lazy = 0; 684 685 /* 686 * Don't bring in lazy loaded objects yet unless we've 687 * been asked to attempt to load all available objects 688 * (crle(1) sets LD_FLAGS=loadavail). Even under 689 * RTLD_NOW we don't process this - RTLD_NOW will cause 690 * relocation processing which in turn might trigger 691 * lazy loading, but its possible that the object has a 692 * lazy loaded file with no bindings (i.e., it should 693 * never have been a dependency in the first place). 694 */ 695 if (lazy) { 696 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 697 LAZY(clmp)++; 698 lazy = flags = 0; 699 continue; 700 } 701 702 /* 703 * Silence any error messages - see description 704 * under elf_lookup_filtee(). 705 */ 706 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 707 rtld_flags |= RT_FL_SILENCERR; 708 silent = 1; 709 } 710 } 711 break; 712 case DT_AUXILIARY: 713 dip->di_flags |= FLG_DI_AUXFLTR; 714 continue; 715 case DT_SUNW_AUXILIARY: 716 dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 717 continue; 718 case DT_FILTER: 719 dip->di_flags |= FLG_DI_STDFLTR; 720 continue; 721 case DT_SUNW_FILTER: 722 dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 723 continue; 724 default: 725 continue; 726 } 727 728 DBG_CALL(Dbg_file_needed(clmp, name)); 729 730 /* 731 * If we're running under ldd(1), indicate that this dependency 732 * has been processed. It doesn't matter whether the object is 733 * successfully loaded or not, this flag simply ensures that we 734 * don't repeatedly attempt to load an object that has already 735 * failed to load. To do so would create multiple failure 736 * diagnostics for the same object under ldd(1). 737 */ 738 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 739 dip->di_flags |= FLG_DI_LDD_DONE; 740 741 /* 742 * Establish the objects name, load it and establish a binding 743 * with the caller. 744 */ 745 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 746 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 747 flags, 0, in_nfavl)) == NULL) || 748 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 749 nlmp = NULL; 750 751 /* 752 * Clean up any infrastructure, including the removal of the 753 * error suppression state, if it had been previously set in 754 * this routine. 755 */ 756 remove_plist(&palp, 0); 757 758 if (silent) 759 rtld_flags &= ~RT_FL_SILENCERR; 760 761 if ((dip->di_info = (void *)nlmp) == NULL) { 762 /* 763 * If the object could not be mapped, continue if error 764 * suppression is established or we're here with ldd(1). 765 */ 766 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 767 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 768 continue; 769 else { 770 remove_plist(&palp, 1); 771 return (0); 772 } 773 } 774 } 775 776 if (LAZY(clmp)) 777 lml->lm_lazy++; 778 779 remove_plist(&palp, 1); 780 return (1); 781 } 782 783 /* 784 * A null symbol interpretor. Used if a filter has no associated filtees. 785 */ 786 /* ARGSUSED0 */ 787 static Sym * 788 elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 789 { 790 return (NULL); 791 } 792 793 /* 794 * Disable filtee use. 795 */ 796 static void 797 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 798 { 799 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 800 /* 801 * If this is an object filter, null out the reference name. 802 */ 803 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 804 REFNAME(lmp) = NULL; 805 OBJFLTRNDX(lmp) = FLTR_DISABLED; 806 807 /* 808 * Indicate that this filtee is no longer available. 809 */ 810 if (dip->di_flags & FLG_DI_STDFLTR) 811 SYMINTP(lmp) = elf_null_find_sym; 812 813 } 814 } else if (dip->di_flags & FLG_DI_STDFLTR) { 815 /* 816 * Indicate that this standard filtee is no longer available. 817 */ 818 if (SYMSFLTRCNT(lmp)) 819 SYMSFLTRCNT(lmp)--; 820 } else { 821 /* 822 * Indicate that this auxiliary filtee is no longer available. 823 */ 824 if (SYMAFLTRCNT(lmp)) 825 SYMAFLTRCNT(lmp)--; 826 } 827 dip->di_flags &= ~MSK_DI_FILTER; 828 } 829 830 /* 831 * Find symbol interpreter - filters. 832 * This function is called when the symbols from a shared object should 833 * be resolved from the shared objects filtees instead of from within itself. 834 * 835 * A symbol name of 0 is used to trigger filtee loading. 836 */ 837 static Sym * 838 _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 839 int *in_nfavl) 840 { 841 const char *name = slp->sl_name, *filtees; 842 Rt_map *clmp = slp->sl_cmap; 843 Rt_map *ilmp = slp->sl_imap; 844 Pdesc *pdp; 845 int any; 846 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 847 Lm_list *lml = LIST(ilmp); 848 Aliste idx; 849 850 /* 851 * Indicate that the filter has been used. If a binding already exists 852 * to the caller, indicate that this object is referenced. This insures 853 * we don't generate false unreferenced diagnostics from ldd -u/U or 854 * debugging. Don't create a binding regardless, as this filter may 855 * have been dlopen()'ed. 856 */ 857 if (name && (ilmp != clmp)) { 858 Word tracing = (LIST(clmp)->lm_flags & 859 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 860 861 if (tracing || DBG_ENABLED) { 862 Bnd_desc *bdp; 863 Aliste idx; 864 865 FLAGS1(ilmp) |= FL1_RT_USED; 866 867 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 868 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 869 if (bdp->b_caller == clmp) { 870 bdp->b_flags |= BND_REFER; 871 break; 872 } 873 } 874 } 875 } 876 } 877 878 /* 879 * If this is the first call to process this filter, establish the 880 * filtee list. If a configuration file exists, determine if any 881 * filtee associations for this filter, and its filtee reference, are 882 * defined. Otherwise, process the filtee reference. Any token 883 * expansion is also completed at this point (i.e., $PLATFORM). 884 */ 885 filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; 886 if (dip->di_info == NULL) { 887 if (rtld_flags2 & RT_FL2_FLTCFG) 888 elf_config_flt(lml, PATHNAME(ilmp), filtees, 889 (Alist **)&dip->di_info, AL_CNT_FILTEES); 890 891 if (dip->di_info == NULL) { 892 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 893 if ((lml->lm_flags & 894 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 895 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 896 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 897 NAME(ilmp), filtees); 898 899 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 900 AL_CNT_FILTEES, 0, 0) == 0) { 901 elf_disable_filtee(ilmp, dip); 902 return (NULL); 903 } 904 } 905 } 906 907 /* 908 * Traverse the filtee list, dlopen()'ing any objects specified and 909 * using their group handle to lookup the symbol. 910 */ 911 any = 0; 912 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 913 int mode; 914 Grp_hdl *ghp; 915 Rt_map *nlmp = NULL; 916 917 if (pdp->pd_plen == 0) 918 continue; 919 920 /* 921 * Establish the mode of the filtee from the filter. As filtees 922 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 923 * and the filtees aren't global. It would be nice to have 924 * RTLD_FIRST used here also, but as filters got out long before 925 * RTLD_FIRST was introduced it's a little too late now. 926 */ 927 mode = MODE(ilmp) | RTLD_GROUP; 928 mode &= ~RTLD_GLOBAL; 929 930 /* 931 * Insure that any auxiliary filter can locate symbols from its 932 * caller. 933 */ 934 if (dip->di_flags & FLG_DI_AUXFLTR) 935 mode |= RTLD_PARENT; 936 937 /* 938 * Process any hardware capability directory. Establish a new 939 * link-map control list from which to analyze any newly added 940 * objects. 941 */ 942 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_HWCAP)) { 943 const char *dir = pdp->pd_pname; 944 Aliste lmco; 945 946 /* 947 * Establish a link-map control list for this request. 948 */ 949 if ((lmco = create_cntl(lml, 0)) == NULL) 950 return (NULL); 951 952 /* 953 * Determine the hardware capability filtees. If none 954 * can be found, provide suitable diagnostics. 955 */ 956 DBG_CALL(Dbg_cap_hw_filter(lml, dir, ilmp)); 957 if (hwcap_filtees((Alist **)&dip->di_info, idx, dir, 958 lmco, ilmp, filtees, mode, 959 (FLG_RT_HANDLE | FLG_RT_HWCAP), in_nfavl) == 0) { 960 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 961 (dip->di_flags & FLG_DI_AUXFLTR) && 962 (rtld_flags & RT_FL_WARNFLTR)) { 963 (void) printf( 964 MSG_INTL(MSG_LDD_HWCAP_NFOUND), 965 dir); 966 } 967 DBG_CALL(Dbg_cap_hw_filter(lml, dir, 0)); 968 } 969 970 /* 971 * Re-establish the originating path name descriptor, as 972 * the expansion of hardware capabilities filtees may 973 * have re-allocated the controlling Alist. Mark this 974 * original pathname descriptor as unused so that the 975 * descriptor isn't revisited for processing. Any real 976 * hardware capabilities filtees have been added as new 977 * pathname descriptors following this descriptor. 978 */ 979 pdp = alist_item((Alist *)dip->di_info, idx); 980 pdp->pd_flags &= ~PD_TKN_HWCAP; 981 pdp->pd_plen = 0; 982 983 /* 984 * Now that any hardware capability objects have been 985 * processed, remove any temporary link-map control 986 * list. 987 */ 988 if (lmco != ALIST_OFF_DATA) 989 remove_cntl(lml, lmco); 990 } 991 992 if (pdp->pd_plen == 0) 993 continue; 994 995 /* 996 * Process an individual filtee. 997 */ 998 if (pdp->pd_info == NULL) { 999 const char *filtee = pdp->pd_pname; 1000 int audit = 0; 1001 1002 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 1003 1004 ghp = NULL; 1005 1006 /* 1007 * Determine if the reference link map is already 1008 * loaded. As an optimization compare the filtee with 1009 * our interpretor. The most common filter is 1010 * libdl.so.1, which is a filter on ld.so.1. 1011 */ 1012 #if defined(_ELF64) 1013 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 1014 #else 1015 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 1016 #endif 1017 /* 1018 * Create an association between ld.so.1 and the 1019 * filter. As an optimization, a handle for 1020 * ld.so.1 itself (required for the dlopen() 1021 * family filtering mechanism) shouldn't search 1022 * any dependencies of ld.so.1. Omitting 1023 * GPD_ADDEPS prevents the addition of any 1024 * ld.so.1 dependencies to this handle. 1025 */ 1026 nlmp = lml_rtld.lm_head; 1027 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1028 (GPH_LDSO | GPH_FIRST | GPH_FILTEE), 1029 (GPD_DLSYM | GPD_RELOC), GPD_PARENT)) == 1030 NULL) 1031 nlmp = NULL; 1032 1033 /* 1034 * Establish the filter handle to prevent any 1035 * recursion. 1036 */ 1037 if (nlmp && ghp) 1038 pdp->pd_info = (void *)ghp; 1039 1040 /* 1041 * Audit the filter/filtee established. Ignore 1042 * any return from the auditor, as we can't 1043 * allow ignore filtering to ld.so.1, otherwise 1044 * nothing is going to work. 1045 */ 1046 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1047 LML_TFLG_AUD_OBJFILTER)) 1048 (void) audit_objfilter(ilmp, filtees, 1049 nlmp, 0); 1050 1051 } else { 1052 Rej_desc rej = { 0 }; 1053 Fdesc fd = { 0 }; 1054 Aliste lmco; 1055 1056 /* 1057 * Trace the inspection of this file, determine 1058 * any auditor substitution, and seed the file 1059 * descriptor with the originating name. 1060 */ 1061 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1062 continue; 1063 1064 /* 1065 * Establish a link-map control list for this 1066 * request. 1067 */ 1068 if ((lmco = create_cntl(lml, 0)) == NULL) 1069 return (NULL); 1070 1071 /* 1072 * Locate and load the filtee. 1073 */ 1074 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1075 FLG_RT_HANDLE, &ghp, &fd, &rej, 1076 in_nfavl)) == NULL) 1077 file_notfound(LIST(ilmp), filtee, ilmp, 1078 FLG_RT_HANDLE, &rej); 1079 1080 filtee = pdp->pd_pname; 1081 1082 /* 1083 * Establish the filter handle to prevent any 1084 * recursion. 1085 */ 1086 if (nlmp && ghp) { 1087 ghp->gh_flags |= GPH_FILTEE; 1088 pdp->pd_info = (void *)ghp; 1089 1090 FLAGS1(nlmp) |= FL1_RT_USED; 1091 } 1092 1093 /* 1094 * Audit the filter/filtee established. A 1095 * return of 0 indicates the auditor wishes to 1096 * ignore this filtee. 1097 */ 1098 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1099 LML_TFLG_AUD_OBJFILTER)) { 1100 if (audit_objfilter(ilmp, filtees, 1101 nlmp, 0) == 0) { 1102 audit = 1; 1103 nlmp = NULL; 1104 } 1105 } 1106 1107 /* 1108 * Finish processing the objects associated with 1109 * this request. Create an association between 1110 * this object and the originating filter to 1111 * provide sufficient information to tear down 1112 * this filtee if necessary. 1113 */ 1114 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1115 lmco, nlmp, in_nfavl)) == NULL) || 1116 (relocate_lmc(lml, lmco, ilmp, nlmp, 1117 in_nfavl) == 0))) 1118 nlmp = NULL; 1119 1120 /* 1121 * If the filtee has been successfully 1122 * processed, then create an association 1123 * between the filter and filtee. This 1124 * association provides sufficient information 1125 * to tear down the filter and filtee if 1126 * necessary. 1127 */ 1128 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1129 if (nlmp && ghp && 1130 (hdl_add(ghp, ilmp, GPD_FILTER) == 0)) 1131 nlmp = NULL; 1132 1133 /* 1134 * Generate a diagnostic if the filtee couldn't 1135 * be loaded. 1136 */ 1137 if (nlmp == NULL) 1138 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1139 audit)); 1140 1141 /* 1142 * If this filtee loading has failed, and we've 1143 * created a new link-map control list to which 1144 * this request has added objects, then remove 1145 * all the objects that have been associated to 1146 * this request. 1147 */ 1148 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA)) 1149 remove_lmc(lml, clmp, lmco, name); 1150 1151 /* 1152 * Remove any temporary link-map control list. 1153 */ 1154 if (lmco != ALIST_OFF_DATA) 1155 remove_cntl(lml, lmco); 1156 } 1157 1158 /* 1159 * If the filtee couldn't be loaded, null out the 1160 * path name descriptor entry, and continue the search. 1161 * Otherwise, the group handle is retained for future 1162 * symbol searches. 1163 */ 1164 if (nlmp == NULL) { 1165 pdp->pd_info = NULL; 1166 pdp->pd_plen = 0; 1167 continue; 1168 } 1169 } 1170 1171 ghp = (Grp_hdl *)pdp->pd_info; 1172 1173 /* 1174 * If we're just here to trigger filtee loading skip the symbol 1175 * lookup so we'll continue looking for additional filtees. 1176 */ 1177 if (name) { 1178 Grp_desc *gdp; 1179 Sym *sym = NULL; 1180 Aliste idx; 1181 Slookup sl = *slp; 1182 1183 sl.sl_flags |= LKUP_FIRST; 1184 any++; 1185 1186 /* 1187 * Look for the symbol in the handles dependencies. 1188 */ 1189 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1190 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1191 continue; 1192 1193 /* 1194 * If our parent is a dependency don't look at 1195 * it (otherwise we are in a recursive loop). 1196 * This situation can occur with auxiliary 1197 * filters if the filtee has a dependency on the 1198 * filter. This dependency isn't necessary as 1199 * auxiliary filters are opened RTLD_PARENT, but 1200 * users may still unknowingly add an explicit 1201 * dependency to the parent. 1202 */ 1203 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1204 continue; 1205 1206 if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp, 1207 binfo, in_nfavl)) != NULL) || 1208 (ghp->gh_flags & GPH_FIRST)) 1209 break; 1210 } 1211 1212 /* 1213 * If a symbol has been found, indicate the binding 1214 * and return the symbol. 1215 */ 1216 if (sym) { 1217 *binfo |= DBG_BINFO_FILTEE; 1218 return (sym); 1219 } 1220 } 1221 1222 /* 1223 * If this object is tagged to terminate filtee processing we're 1224 * done. 1225 */ 1226 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1227 break; 1228 } 1229 1230 /* 1231 * If we're just here to trigger filtee loading then we're done. 1232 */ 1233 if (name == NULL) 1234 return (NULL); 1235 1236 /* 1237 * If no filtees have been found for a filter, clean up any path name 1238 * descriptors and disable their search completely. For auxiliary 1239 * filters we can reselect the symbol search function so that we never 1240 * enter this routine again for this object. For standard filters we 1241 * use the null symbol routine. 1242 */ 1243 if (any == 0) { 1244 remove_plist((Alist **)&(dip->di_info), 1); 1245 elf_disable_filtee(ilmp, dip); 1246 return (NULL); 1247 } 1248 1249 return (NULL); 1250 } 1251 1252 /* 1253 * Focal point for disabling error messages for auxiliary filters. As an 1254 * auxiliary filter allows for filtee use, but provides a fallback should a 1255 * filtee not exist (or fail to load), any errors generated as a consequence of 1256 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1257 * suppresses errors generated by eprint(), but insures a debug diagnostic is 1258 * produced. ldd(1) employs printf(), and here, the selection of whether to 1259 * print a diagnostic in regards to auxiliary filters is a little more complex. 1260 * 1261 * . The determination of whether to produce an ldd message, or a fatal 1262 * error message is driven by LML_FLG_TRC_ENABLE. 1263 * . More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1264 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1265 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1266 * 1267 * . If the calling object is lddstub, then several classes of message are 1268 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1269 * a stub executable employed to preload a user specified library against. 1270 * 1271 * . If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1272 * be suppressed. All detailed ldd messages should still be produced. 1273 */ 1274 Sym * 1275 elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 1276 int *in_nfavl) 1277 { 1278 Sym *sym; 1279 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1280 int silent = 0; 1281 1282 /* 1283 * Make sure this entry is still acting as a filter. We may have tried 1284 * to process this previously, and disabled it if the filtee couldn't 1285 * be processed. However, other entries may provide different filtees 1286 * that are yet to be completed. 1287 */ 1288 if (dip->di_flags == 0) 1289 return (NULL); 1290 1291 /* 1292 * Indicate whether an error message is required should this filtee not 1293 * be found, based on the type of filter. 1294 */ 1295 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1296 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1297 rtld_flags |= RT_FL_SILENCERR; 1298 silent = 1; 1299 } 1300 1301 sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx, in_nfavl); 1302 1303 if (silent) 1304 rtld_flags &= ~RT_FL_SILENCERR; 1305 1306 return (sym); 1307 } 1308 1309 /* 1310 * Compute the elf hash value (as defined in the ELF access library). 1311 * The form of the hash table is: 1312 * 1313 * |--------------| 1314 * | # of buckets | 1315 * |--------------| 1316 * | # of chains | 1317 * |--------------| 1318 * | bucket[] | 1319 * |--------------| 1320 * | chain[] | 1321 * |--------------| 1322 */ 1323 ulong_t 1324 elf_hash(const char *name) 1325 { 1326 uint_t hval = 0; 1327 1328 while (*name) { 1329 uint_t g; 1330 hval = (hval << 4) + *name++; 1331 if ((g = (hval & 0xf0000000)) != 0) 1332 hval ^= g >> 24; 1333 hval &= ~g; 1334 } 1335 return ((ulong_t)hval); 1336 } 1337 1338 /* 1339 * If flag argument has LKUP_SPEC set, we treat undefined symbols of type 1340 * function specially in the executable - if they have a value, even though 1341 * undefined, we use that value. This allows us to associate all references 1342 * to a function's address to a single place in the process: the plt entry 1343 * for that function in the executable. Calls to lookup from plt binding 1344 * routines do NOT set LKUP_SPEC in the flag. 1345 */ 1346 Sym * 1347 elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 1348 { 1349 const char *name = slp->sl_name; 1350 Rt_map *ilmp = slp->sl_imap; 1351 ulong_t hash = slp->sl_hash; 1352 uint_t ndx, htmp, buckets, *chainptr; 1353 Sym *sym, *symtabptr; 1354 char *strtabptr, *strtabname; 1355 uint_t flags1; 1356 Syminfo *sip; 1357 1358 /* 1359 * If we're only here to establish a symbols index, skip the diagnostic 1360 * used to trace a symbol search. 1361 */ 1362 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1363 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1364 1365 if (HASH(ilmp) == NULL) 1366 return (NULL); 1367 1368 buckets = HASH(ilmp)[0]; 1369 /* LINTED */ 1370 htmp = (uint_t)hash % buckets; 1371 1372 /* 1373 * Get the first symbol on hash chain and initialize the string 1374 * and symbol table pointers. 1375 */ 1376 if ((ndx = HASH(ilmp)[htmp + 2]) == 0) 1377 return (NULL); 1378 1379 chainptr = HASH(ilmp) + 2 + buckets; 1380 strtabptr = STRTAB(ilmp); 1381 symtabptr = SYMTAB(ilmp); 1382 1383 while (ndx) { 1384 sym = symtabptr + ndx; 1385 strtabname = strtabptr + sym->st_name; 1386 1387 /* 1388 * Compare the symbol found with the name required. If the 1389 * names don't match continue with the next hash entry. 1390 */ 1391 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1392 if ((ndx = chainptr[ndx]) != 0) 1393 continue; 1394 return (NULL); 1395 } 1396 1397 /* 1398 * The Solaris ld does not put DT_VERSYM in the dynamic 1399 * section, but the GNU ld does. The GNU runtime linker 1400 * interprets the top bit of the 16-bit Versym value 1401 * (0x8000) as the "hidden" bit. If this bit is set, 1402 * the linker is supposed to act as if that symbol does 1403 * not exist. The hidden bit supports their versioning 1404 * scheme, which allows multiple incompatible functions 1405 * with the same name to exist at different versions 1406 * within an object. The Solaris linker does not support this 1407 * mechanism, or the model of interface evolution that 1408 * it allows, but we honor the hidden bit in GNU ld 1409 * produced objects in order to interoperate with them. 1410 */ 1411 if ((VERSYM(ilmp) != NULL) && 1412 ((VERSYM(ilmp)[ndx] & 0x8000) != 0)) { 1413 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1414 ndx, VERSYM(ilmp)[ndx])); 1415 if ((ndx = chainptr[ndx]) != 0) 1416 continue; 1417 return (NULL); 1418 } 1419 1420 /* 1421 * If we're only here to establish a symbols index, we're done. 1422 */ 1423 if (slp->sl_flags & LKUP_SYMNDX) 1424 return (sym); 1425 1426 /* 1427 * If we find a match and the symbol is defined, return the 1428 * symbol pointer and the link map in which it was found. 1429 */ 1430 if (sym->st_shndx != SHN_UNDEF) { 1431 *dlmp = ilmp; 1432 *binfo |= DBG_BINFO_FOUND; 1433 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1434 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1435 is_sym_interposer(ilmp, sym))) 1436 *binfo |= DBG_BINFO_INTERPOSE; 1437 break; 1438 1439 /* 1440 * If we find a match and the symbol is undefined, the 1441 * symbol type is a function, and the value of the symbol 1442 * is non zero, then this is a special case. This allows 1443 * the resolution of a function address to the plt[] entry. 1444 * See SPARC ABI, Dynamic Linking, Function Addresses for 1445 * more details. 1446 */ 1447 } else if ((slp->sl_flags & LKUP_SPEC) && 1448 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1449 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1450 *dlmp = ilmp; 1451 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1452 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1453 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1454 is_sym_interposer(ilmp, sym))) 1455 *binfo |= DBG_BINFO_INTERPOSE; 1456 return (sym); 1457 } 1458 1459 /* 1460 * Undefined symbol. 1461 */ 1462 return (NULL); 1463 } 1464 1465 /* 1466 * We've found a match. Determine if the defining object contains 1467 * symbol binding information. 1468 */ 1469 if ((sip = SYMINFO(ilmp)) != NULL) 1470 sip += ndx; 1471 1472 /* 1473 * If this definition is a singleton, and we haven't followed a default 1474 * symbol search knowing that we're looking for a singleton (presumably 1475 * because the symbol definition has been changed since the referring 1476 * object was built), then reject this binding so that the caller can 1477 * fall back to a standard symbol search. 1478 */ 1479 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1480 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1481 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1482 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1483 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1484 DBG_BNDREJ_SINGLE)); 1485 *binfo |= BINFO_REJSINGLE; 1486 *binfo &= ~DBG_BINFO_MSK; 1487 return (NULL); 1488 } 1489 1490 /* 1491 * If this is a direct binding request, but the symbol definition has 1492 * disabled directly binding to it (presumably because the symbol 1493 * definition has been changed since the referring object was built), 1494 * reject this binding so that the caller can fall back to a standard 1495 * symbol search. 1496 */ 1497 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1498 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1499 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1500 DBG_BNDREJ_DIRECT)); 1501 *binfo |= BINFO_REJDIRECT; 1502 *binfo &= ~DBG_BINFO_MSK; 1503 return (NULL); 1504 } 1505 1506 /* 1507 * If this is a binding request within an RTLD_GROUP family, and the 1508 * symbol has disabled directly binding to it, reject this binding so 1509 * that the caller can fall back to a standard symbol search. 1510 * 1511 * Effectively, an RTLD_GROUP family achieves what can now be 1512 * established with direct bindings. However, various symbols have 1513 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1514 * 1515 * A symbol marked as no-direct cannot be used within a group without 1516 * first ensuring that the symbol has not been interposed upon outside 1517 * of the group. A common example occurs when users implement their own 1518 * version of malloc() in the executable. Such a malloc() interposes on 1519 * the libc:malloc, and this interposition must be honored within the 1520 * group as well. 1521 * 1522 * Following any rejection, LKUP_WORLD is established as a means of 1523 * overriding this test as we return to a standard search. 1524 */ 1525 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1526 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1527 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1528 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1529 DBG_BNDREJ_GROUP)); 1530 *binfo |= BINFO_REJGROUP; 1531 *binfo &= ~DBG_BINFO_MSK; 1532 return (NULL); 1533 } 1534 1535 /* 1536 * Determine whether this object is acting as a filter. 1537 */ 1538 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1539 return (sym); 1540 1541 /* 1542 * Determine if this object offers per-symbol filtering, and if so, 1543 * whether this symbol references a filtee. 1544 */ 1545 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1546 /* 1547 * If this is a standard filter reference, and no standard 1548 * filtees remain to be inspected, we're done. If this is an 1549 * auxiliary filter reference, and no auxiliary filtees remain, 1550 * we'll fall through in case any object filtering is available. 1551 */ 1552 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1553 (SYMSFLTRCNT(ilmp) == 0)) 1554 return (NULL); 1555 1556 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1557 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1558 SYMAFLTRCNT(ilmp))) { 1559 Sym *fsym; 1560 1561 /* 1562 * This symbol has an associated filtee. Lookup the 1563 * symbol in the filtee, and if it is found return it. 1564 * If the symbol doesn't exist, and this is a standard 1565 * filter, return an error, otherwise fall through to 1566 * catch any object filtering that may be available. 1567 */ 1568 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1569 sip->si_boundto, in_nfavl)) != NULL) 1570 return (fsym); 1571 if (sip->si_flags & SYMINFO_FLG_FILTER) 1572 return (NULL); 1573 } 1574 } 1575 1576 /* 1577 * Determine if this object provides global filtering. 1578 */ 1579 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1580 Sym *fsym; 1581 1582 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1583 /* 1584 * This object has an associated filtee. Lookup the 1585 * symbol in the filtee, and if it is found return it. 1586 * If the symbol doesn't exist, and this is a standard 1587 * filter, return and error, otherwise return the symbol 1588 * within the filter itself. 1589 */ 1590 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1591 OBJFLTRNDX(ilmp), in_nfavl)) != NULL) 1592 return (fsym); 1593 } 1594 1595 if (flags1 & FL1_RT_OBJSFLTR) 1596 return (NULL); 1597 } 1598 return (sym); 1599 } 1600 1601 /* 1602 * Create a new Rt_map structure for an ELF object and initialize 1603 * all values. 1604 */ 1605 Rt_map * 1606 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1607 void *odyn, int *in_nfavl) 1608 { 1609 const char *name = fdp->fd_nname; 1610 Rt_map *lmp; 1611 Ehdr *ehdr = (Ehdr *)addr; 1612 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1613 Dyn *dyn = (Dyn *)odyn; 1614 Cap *cap = NULL; 1615 int ndx; 1616 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1617 Xword rpath = 0; 1618 size_t lmsz, rtsz, epsz, dynsz = 0; 1619 uint_t dyncnt = 0; 1620 1621 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1622 1623 /* 1624 * If this is a shared object, the base address of the shared object is 1625 * added to all address values defined within the object. Otherwise, if 1626 * this is an executable, all object addresses are used as is. 1627 */ 1628 if (ehdr->e_type == ET_EXEC) 1629 base = 0; 1630 else 1631 base = addr; 1632 1633 /* 1634 * Traverse the program header table, picking off required items. This 1635 * traversal also provides for the sizing of the PT_DYNAMIC section. 1636 */ 1637 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1638 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1639 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1640 switch (phdr->p_type) { 1641 case PT_DYNAMIC: 1642 dphdr = phdr; 1643 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1644 break; 1645 case PT_TLS: 1646 tphdr = phdr; 1647 break; 1648 case PT_SUNWCAP: 1649 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1650 break; 1651 case PT_SUNW_UNWIND: 1652 case PT_SUNW_EH_FRAME: 1653 uphdr = phdr; 1654 break; 1655 default: 1656 break; 1657 } 1658 } 1659 1660 /* 1661 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1662 * allocation. Sadly, this is a little larger than we really need, 1663 * as there are typically padding DT_NULL entries. However, adding 1664 * this data to the initial link-map allocation is a win. 1665 */ 1666 if (dyn) { 1667 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1668 dynsz = dyncnt * sizeof (Dyninfo); 1669 } 1670 1671 /* 1672 * Allocate space for the link-map, private elf information, and 1673 * DYNINFO() data. Once these are allocated and initialized, 1674 * remove_so(0, lmp) can be used to tear down the link-map allocation 1675 * should any failures occur. 1676 */ 1677 rtsz = S_DROUND(sizeof (Rt_map)); 1678 epsz = S_DROUND(sizeof (Rt_elfp)); 1679 lmsz = rtsz + epsz + dynsz; 1680 if ((lmp = calloc(lmsz, 1)) == NULL) 1681 return (NULL); 1682 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1683 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1684 LMSIZE(lmp) = lmsz; 1685 1686 /* 1687 * All fields not filled in were set to 0 by calloc. 1688 */ 1689 NAME(lmp) = (char *)name; 1690 ADDR(lmp) = addr; 1691 MSIZE(lmp) = msize; 1692 SYMINTP(lmp) = elf_find_sym; 1693 FCT(lmp) = &elf_fct; 1694 LIST(lmp) = lml; 1695 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1696 SORTVAL(lmp) = -1; 1697 DYN(lmp) = dyn; 1698 DYNINFOCNT(lmp) = dyncnt; 1699 PTUNWIND(lmp) = uphdr; 1700 1701 if (ehdr->e_type == ET_EXEC) 1702 FLAGS(lmp) |= FLG_RT_FIXED; 1703 1704 /* 1705 * Fill in rest of the link map entries with information from the file's 1706 * dynamic structure. 1707 */ 1708 if (dyn) { 1709 uint_t dynndx = 0; 1710 Xword pltpadsz = 0; 1711 Rti_desc *rti; 1712 1713 /* CSTYLED */ 1714 for ( ; dyn->d_tag != DT_NULL; ++dyn, dynndx++) { 1715 switch ((Xword)dyn->d_tag) { 1716 case DT_SYMTAB: 1717 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1718 break; 1719 case DT_SUNW_SYMTAB: 1720 SUNWSYMTAB(lmp) = 1721 (void *)(dyn->d_un.d_ptr + base); 1722 break; 1723 case DT_SUNW_SYMSZ: 1724 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1725 break; 1726 case DT_STRTAB: 1727 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1728 break; 1729 case DT_SYMENT: 1730 SYMENT(lmp) = dyn->d_un.d_val; 1731 break; 1732 case DT_FEATURE_1: 1733 dyn->d_un.d_val |= DTF_1_PARINIT; 1734 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1735 crle = 1; 1736 break; 1737 case DT_MOVESZ: 1738 MOVESZ(lmp) = dyn->d_un.d_val; 1739 FLAGS(lmp) |= FLG_RT_MOVE; 1740 break; 1741 case DT_MOVEENT: 1742 MOVEENT(lmp) = dyn->d_un.d_val; 1743 break; 1744 case DT_MOVETAB: 1745 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1746 break; 1747 case DT_REL: 1748 case DT_RELA: 1749 /* 1750 * At this time, ld.so. can only handle one 1751 * type of relocation per object. 1752 */ 1753 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1754 break; 1755 case DT_RELSZ: 1756 case DT_RELASZ: 1757 RELSZ(lmp) = dyn->d_un.d_val; 1758 break; 1759 case DT_RELENT: 1760 case DT_RELAENT: 1761 RELENT(lmp) = dyn->d_un.d_val; 1762 break; 1763 case DT_RELCOUNT: 1764 case DT_RELACOUNT: 1765 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1766 break; 1767 case DT_HASH: 1768 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1769 break; 1770 case DT_PLTGOT: 1771 PLTGOT(lmp) = 1772 (uint_t *)(dyn->d_un.d_ptr + base); 1773 break; 1774 case DT_PLTRELSZ: 1775 PLTRELSZ(lmp) = dyn->d_un.d_val; 1776 break; 1777 case DT_JMPREL: 1778 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1779 break; 1780 case DT_INIT: 1781 if (dyn->d_un.d_ptr != NULL) 1782 INIT(lmp) = 1783 (void (*)())(dyn->d_un.d_ptr + 1784 base); 1785 break; 1786 case DT_FINI: 1787 if (dyn->d_un.d_ptr != NULL) 1788 FINI(lmp) = 1789 (void (*)())(dyn->d_un.d_ptr + 1790 base); 1791 break; 1792 case DT_INIT_ARRAY: 1793 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1794 base); 1795 break; 1796 case DT_INIT_ARRAYSZ: 1797 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1798 break; 1799 case DT_FINI_ARRAY: 1800 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1801 base); 1802 break; 1803 case DT_FINI_ARRAYSZ: 1804 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1805 break; 1806 case DT_PREINIT_ARRAY: 1807 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1808 base); 1809 break; 1810 case DT_PREINIT_ARRAYSZ: 1811 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1812 break; 1813 case DT_RPATH: 1814 case DT_RUNPATH: 1815 rpath = dyn->d_un.d_val; 1816 break; 1817 case DT_FILTER: 1818 fltr = dyn->d_un.d_val; 1819 OBJFLTRNDX(lmp) = dynndx; 1820 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1821 break; 1822 case DT_AUXILIARY: 1823 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1824 fltr = dyn->d_un.d_val; 1825 OBJFLTRNDX(lmp) = dynndx; 1826 } 1827 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1828 break; 1829 case DT_SUNW_FILTER: 1830 SYMSFLTRCNT(lmp)++; 1831 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1832 break; 1833 case DT_SUNW_AUXILIARY: 1834 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1835 SYMAFLTRCNT(lmp)++; 1836 } 1837 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1838 break; 1839 case DT_DEPAUDIT: 1840 if (!(rtld_flags & RT_FL_NOAUDIT)) 1841 audit = dyn->d_un.d_val; 1842 break; 1843 case DT_CONFIG: 1844 cfile = dyn->d_un.d_val; 1845 break; 1846 case DT_DEBUG: 1847 /* 1848 * DT_DEBUG entries are only created in 1849 * dynamic objects that require an interpretor 1850 * (ie. all dynamic executables and some shared 1851 * objects), and provide for a hand-shake with 1852 * old debuggers. This entry is initialized to 1853 * zero by the link-editor. If a debugger is 1854 * monitoring us, and has updated this entry, 1855 * set the debugger monitor flag, and finish 1856 * initializing the debugging structure. See 1857 * setup(). Also, switch off any configuration 1858 * object use as most debuggers can't handle 1859 * fixed dynamic executables as dependencies. 1860 */ 1861 if (dyn->d_un.d_ptr) 1862 rtld_flags |= 1863 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1864 dyn->d_un.d_ptr = (Addr)&r_debug; 1865 break; 1866 case DT_VERNEED: 1867 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1868 base); 1869 break; 1870 case DT_VERNEEDNUM: 1871 /* LINTED */ 1872 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1873 break; 1874 case DT_VERDEF: 1875 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1876 base); 1877 break; 1878 case DT_VERDEFNUM: 1879 /* LINTED */ 1880 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1881 break; 1882 case DT_VERSYM: 1883 /* 1884 * The Solaris ld does not produce DT_VERSYM, 1885 * but the GNU ld does, in order to support 1886 * their style of versioning, which differs 1887 * from ours in some ways, while using the 1888 * same data structures. The presence of 1889 * DT_VERSYM therefore means that GNU 1890 * versioning rules apply to the given file. 1891 * If DT_VERSYM is not present, then Solaris 1892 * versioning rules apply. 1893 */ 1894 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1895 base); 1896 break; 1897 case DT_BIND_NOW: 1898 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1899 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1900 MODE(lmp) |= RTLD_NOW; 1901 MODE(lmp) &= ~RTLD_LAZY; 1902 } 1903 break; 1904 case DT_FLAGS: 1905 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1906 if (dyn->d_un.d_val & DF_SYMBOLIC) 1907 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1908 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1909 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1910 MODE(lmp) |= RTLD_NOW; 1911 MODE(lmp) &= ~RTLD_LAZY; 1912 } 1913 /* 1914 * Capture any static TLS use, and enforce that 1915 * this object be non-deletable. 1916 */ 1917 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1918 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1919 MODE(lmp) |= RTLD_NODELETE; 1920 } 1921 break; 1922 case DT_FLAGS_1: 1923 if (dyn->d_un.d_val & DF_1_DISPRELPND) 1924 FLAGS1(lmp) |= FL1_RT_DISPREL; 1925 if (dyn->d_un.d_val & DF_1_GROUP) 1926 FLAGS(lmp) |= 1927 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 1928 if ((dyn->d_un.d_val & DF_1_NOW) && 1929 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1930 MODE(lmp) |= RTLD_NOW; 1931 MODE(lmp) &= ~RTLD_LAZY; 1932 } 1933 if (dyn->d_un.d_val & DF_1_NODELETE) 1934 MODE(lmp) |= RTLD_NODELETE; 1935 if (dyn->d_un.d_val & DF_1_INITFIRST) 1936 FLAGS(lmp) |= FLG_RT_INITFRST; 1937 if (dyn->d_un.d_val & DF_1_NOOPEN) 1938 FLAGS(lmp) |= FLG_RT_NOOPEN; 1939 if (dyn->d_un.d_val & DF_1_LOADFLTR) 1940 FLAGS(lmp) |= FLG_RT_LOADFLTR; 1941 if (dyn->d_un.d_val & DF_1_NODUMP) 1942 FLAGS(lmp) |= FLG_RT_NODUMP; 1943 if (dyn->d_un.d_val & DF_1_CONFALT) 1944 crle = 1; 1945 if (dyn->d_un.d_val & DF_1_DIRECT) 1946 FLAGS1(lmp) |= FL1_RT_DIRECT; 1947 if (dyn->d_un.d_val & DF_1_NODEFLIB) 1948 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 1949 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 1950 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 1951 if (dyn->d_un.d_val & DF_1_TRANS) 1952 FLAGS(lmp) |= FLG_RT_TRANS; 1953 1954 /* 1955 * Global auditing is only meaningful when 1956 * specified by the initiating object of the 1957 * process - typically the dynamic executable. 1958 * If this is the initiaiting object, its link- 1959 * map will not yet have been added to the 1960 * link-map list, and consequently the link-map 1961 * list is empty. (see setup()). 1962 */ 1963 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 1964 if (lml_main.lm_head == NULL) 1965 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 1966 else 1967 DBG_CALL(Dbg_audit_ignore(lmp)); 1968 } 1969 1970 /* 1971 * If this object identifies itself as an 1972 * interposer, but relocation processing has 1973 * already started, then demote it. It's too 1974 * late to guarantee complete interposition. 1975 */ 1976 /* BEGIN CSTYLED */ 1977 if (dyn->d_un.d_val & 1978 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 1979 if (lml->lm_flags & LML_FLG_STARTREL) { 1980 DBG_CALL(Dbg_util_intoolate(lmp)); 1981 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 1982 (void) printf( 1983 MSG_INTL(MSG_LDD_REL_ERR2), 1984 NAME(lmp)); 1985 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 1986 FLAGS(lmp) |= FLG_RT_OBJINTPO; 1987 else 1988 FLAGS(lmp) |= FLG_RT_SYMINTPO; 1989 } 1990 /* END CSTYLED */ 1991 break; 1992 case DT_SYMINFO: 1993 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 1994 base); 1995 break; 1996 case DT_SYMINENT: 1997 SYMINENT(lmp) = dyn->d_un.d_val; 1998 break; 1999 case DT_PLTPAD: 2000 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2001 break; 2002 case DT_PLTPADSZ: 2003 pltpadsz = dyn->d_un.d_val; 2004 break; 2005 case DT_SUNW_RTLDINF: 2006 /* 2007 * Maintain a list of RTLDINFO structures. 2008 * Typically, libc is the only supplier, and 2009 * only one structure is provided. However, 2010 * multiple suppliers and multiple structures 2011 * are supported. For example, one structure 2012 * may provide thread_init, and another 2013 * structure may provide atexit reservations. 2014 */ 2015 if ((rti = alist_append(&lml->lm_rti, NULL, 2016 sizeof (Rti_desc), 2017 AL_CNT_RTLDINFO)) == NULL) { 2018 remove_so(0, lmp); 2019 return (NULL); 2020 } 2021 rti->rti_lmp = lmp; 2022 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2023 base); 2024 break; 2025 case DT_SUNW_SORTENT: 2026 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2027 break; 2028 case DT_SUNW_SYMSORT: 2029 SUNWSYMSORT(lmp) = 2030 (void *)(dyn->d_un.d_ptr + base); 2031 break; 2032 case DT_SUNW_SYMSORTSZ: 2033 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2034 break; 2035 case DT_DEPRECATED_SPARC_REGISTER: 2036 case M_DT_REGISTER: 2037 FLAGS(lmp) |= FLG_RT_REGSYMS; 2038 break; 2039 } 2040 } 2041 2042 if (PLTPAD(lmp)) { 2043 if (pltpadsz == (Xword)0) 2044 PLTPAD(lmp) = NULL; 2045 else 2046 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2047 pltpadsz); 2048 } 2049 } 2050 2051 /* 2052 * A dynsym contains only global functions. We want to have 2053 * a version of it that also includes local functions, so that 2054 * dladdr() will be able to report names for local functions 2055 * when used to generate a stack trace for a stripped file. 2056 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2057 * 2058 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2059 * in order to avoid having to have two copies of the global 2060 * symbols held in DT_SYMTAB: The local symbols are placed in 2061 * a separate section than the globals in the dynsym, but the 2062 * linker conspires to put the data for these two sections adjacent 2063 * to each other. DT_SUNW_SYMTAB points at the top of the local 2064 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2065 * 2066 * If the two sections are not adjacent, then something went wrong 2067 * at link time. We use ASSERT to kill the process if this is 2068 * a debug build. In a production build, we will silently ignore 2069 * the presence of the .ldynsym and proceed. We can detect this 2070 * situation by checking to see that DT_SYMTAB lies in 2071 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2072 */ 2073 if ((SUNWSYMTAB(lmp) != NULL) && 2074 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2075 (((char *)SYMTAB(lmp) >= 2076 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2077 ASSERT(0); 2078 SUNWSYMTAB(lmp) = NULL; 2079 SUNWSYMSZ(lmp) = 0; 2080 } 2081 2082 /* 2083 * If configuration file use hasn't been disabled, and a configuration 2084 * file hasn't already been set via an environment variable, see if any 2085 * application specific configuration file is specified. An LD_CONFIG 2086 * setting is used first, but if this image was generated via crle(1) 2087 * then a default configuration file is a fall-back. 2088 */ 2089 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) { 2090 if (cfile) 2091 config->c_name = (const char *)(cfile + 2092 (char *)STRTAB(lmp)); 2093 else if (crle) 2094 rtld_flags |= RT_FL_CONFAPP; 2095 } 2096 2097 if (rpath) 2098 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2099 if (fltr) 2100 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2101 2102 /* 2103 * For Intel ABI compatibility. It's possible that a JMPREL can be 2104 * specified without any other relocations (e.g. a dynamic executable 2105 * normally only contains .plt relocations). If this is the case then 2106 * no REL, RELSZ or RELENT will have been created. For us to be able 2107 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2108 * the RELENT for these relocations. Refer to elf_reloc() for more 2109 * details. 2110 */ 2111 if (!RELENT(lmp) && JMPREL(lmp)) 2112 RELENT(lmp) = sizeof (M_RELOC); 2113 2114 /* 2115 * Establish any per-object auditing. If we're establishing `main's 2116 * link-map its too early to go searching for audit objects so just 2117 * hold the object name for later (see setup()). 2118 */ 2119 if (audit) { 2120 char *cp = audit + (char *)STRTAB(lmp); 2121 2122 if (*cp) { 2123 if (((AUDITORS(lmp) = 2124 calloc(1, sizeof (Audit_desc))) == NULL) || 2125 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2126 remove_so(0, lmp); 2127 return (NULL); 2128 } 2129 if (lml_main.lm_head) { 2130 if (audit_setup(lmp, AUDITORS(lmp), 0, 2131 in_nfavl) == 0) { 2132 remove_so(0, lmp); 2133 return (NULL); 2134 } 2135 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2136 lml->lm_flags |= LML_FLG_LOCAUDIT; 2137 } 2138 } 2139 } 2140 2141 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2142 remove_so(0, lmp); 2143 return (NULL); 2144 } 2145 2146 if (cap) 2147 cap_assign(cap, lmp); 2148 2149 /* 2150 * Add the mapped object to the end of the link map list. 2151 */ 2152 lm_append(lml, lmco, lmp); 2153 2154 /* 2155 * Start the system loading in the ELF information we'll be processing. 2156 */ 2157 if (REL(lmp)) { 2158 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2159 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2160 MADV_WILLNEED); 2161 } 2162 return (lmp); 2163 } 2164 2165 /* 2166 * Assign hardware/software capabilities. 2167 */ 2168 void 2169 cap_assign(Cap *cap, Rt_map *lmp) 2170 { 2171 while (cap->c_tag != CA_SUNW_NULL) { 2172 switch (cap->c_tag) { 2173 case CA_SUNW_HW_1: 2174 HWCAP(lmp) = cap->c_un.c_val; 2175 break; 2176 case CA_SUNW_SF_1: 2177 SFCAP(lmp) = cap->c_un.c_val; 2178 } 2179 cap++; 2180 } 2181 } 2182 2183 /* 2184 * Build full pathname of shared object from given directory name and filename. 2185 */ 2186 static char * 2187 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2188 { 2189 static char pname[PATH_MAX]; 2190 2191 (void) strncpy(pname, dir, dlen); 2192 pname[dlen++] = '/'; 2193 (void) strncpy(&pname[dlen], file, flen + 1); 2194 return (pname); 2195 } 2196 2197 /* 2198 * The copy relocation is recorded in a copy structure which will be applied 2199 * after all other relocations are carried out. This provides for copying data 2200 * that must be relocated itself (ie. pointers in shared objects). This 2201 * structure also provides a means of binding RTLD_GROUP dependencies to any 2202 * copy relocations that have been taken from any group members. 2203 * 2204 * If the size of the .bss area available for the copy information is not the 2205 * same as the source of the data inform the user if we're under ldd(1) control 2206 * (this checking was only established in 5.3, so by only issuing an error via 2207 * ldd(1) we maintain the standard set by previous releases). 2208 */ 2209 int 2210 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2211 Rt_map *dlmp, const void *dadd) 2212 { 2213 Rel_copy rc; 2214 Lm_list *lml = LIST(rlmp); 2215 2216 rc.r_name = name; 2217 rc.r_rsym = rsym; /* the new reference symbol and its */ 2218 rc.r_rlmp = rlmp; /* associated link-map */ 2219 rc.r_dlmp = dlmp; /* the defining link-map */ 2220 rc.r_dsym = dsym; /* the original definition */ 2221 rc.r_radd = radd; 2222 rc.r_dadd = dadd; 2223 2224 if (rsym->st_size > dsym->st_size) 2225 rc.r_size = (size_t)dsym->st_size; 2226 else 2227 rc.r_size = (size_t)rsym->st_size; 2228 2229 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2230 AL_CNT_COPYREL) == NULL) { 2231 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2232 return (0); 2233 else 2234 return (1); 2235 } 2236 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2237 if (aplist_append(©_S(rlmp), dlmp, 2238 AL_CNT_COPYREL) == NULL) { 2239 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2240 return (0); 2241 else 2242 return (1); 2243 } 2244 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2245 } 2246 2247 /* 2248 * If we are tracing (ldd), warn the user if 2249 * 1) the size from the reference symbol differs from the 2250 * copy definition. We can only copy as much data as the 2251 * reference (dynamic executables) entry allows. 2252 * 2) the copy definition has STV_PROTECTED visibility. 2253 */ 2254 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2255 if (rsym->st_size != dsym->st_size) { 2256 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2257 _conv_reloc_type(M_R_COPY), demangle(name), 2258 NAME(rlmp), EC_XWORD(rsym->st_size), 2259 NAME(dlmp), EC_XWORD(dsym->st_size)); 2260 if (rsym->st_size > dsym->st_size) 2261 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2262 NAME(dlmp)); 2263 else 2264 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2265 NAME(rlmp)); 2266 } 2267 2268 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2269 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2270 _conv_reloc_type(M_R_COPY), demangle(name), 2271 NAME(dlmp)); 2272 } 2273 } 2274 2275 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2276 (Xword)rc.r_size)); 2277 return (1); 2278 } 2279 2280 /* 2281 * Determine the symbol location of an address within a link-map. Look for 2282 * the nearest symbol (whose value is less than or equal to the required 2283 * address). This is the object specific part of dladdr(). 2284 */ 2285 static void 2286 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2287 { 2288 ulong_t ndx, cnt, base, _value; 2289 Sym *sym, *_sym = NULL; 2290 const char *str; 2291 int _flags; 2292 uint_t *dynaddr_ndx; 2293 uint_t dynaddr_n = 0; 2294 ulong_t value; 2295 2296 /* 2297 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2298 * the dynsym that starts with any local function symbols that exist in 2299 * the library and then moves to the data held in SYMTAB(). In this 2300 * case, SUNWSYMSZ tells us how long the symbol table is. The 2301 * availability of local function symbols will enhance the results 2302 * we can provide. 2303 * 2304 * If SUNWSYMTAB() is non-NULL, then there might also be a 2305 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2306 * an array of indices into SUNWSYMTAB, sorted by increasing 2307 * address. We can use this to do an O(log N) search instead of a 2308 * brute force search. 2309 * 2310 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2311 * contains only global symbols. In that case, the length of 2312 * the symbol table comes from the nchain field of the related 2313 * symbol lookup hash table. 2314 */ 2315 str = STRTAB(lmp); 2316 if (SUNWSYMSZ(lmp) == NULL) { 2317 sym = SYMTAB(lmp); 2318 /* 2319 * If we don't have a .hash table there are no symbols 2320 * to look at. 2321 */ 2322 if (HASH(lmp) == NULL) 2323 return; 2324 cnt = HASH(lmp)[1]; 2325 } else { 2326 sym = SUNWSYMTAB(lmp); 2327 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2328 dynaddr_ndx = SUNWSYMSORT(lmp); 2329 if (dynaddr_ndx != NULL) 2330 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2331 } 2332 2333 if (FLAGS(lmp) & FLG_RT_FIXED) 2334 base = 0; 2335 else 2336 base = ADDR(lmp); 2337 2338 if (dynaddr_n > 0) { /* Binary search */ 2339 long low = 0, low_bnd; 2340 long high = dynaddr_n - 1, high_bnd; 2341 long mid; 2342 Sym *mid_sym; 2343 2344 /* 2345 * Note that SUNWSYMSORT only contains symbols types that 2346 * supply memory addresses, so there's no need to check and 2347 * filter out any other types. 2348 */ 2349 low_bnd = low; 2350 high_bnd = high; 2351 while (low <= high) { 2352 mid = (low + high) / 2; 2353 mid_sym = &sym[dynaddr_ndx[mid]]; 2354 value = mid_sym->st_value + base; 2355 if (addr < value) { 2356 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2357 addr) 2358 high_bnd = high; 2359 high = mid - 1; 2360 } else if (addr > value) { 2361 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2362 addr) 2363 low_bnd = low; 2364 low = mid + 1; 2365 } else { 2366 _sym = mid_sym; 2367 _value = value; 2368 break; 2369 } 2370 } 2371 /* 2372 * If the above didn't find it exactly, then we must 2373 * return the closest symbol with a value that doesn't 2374 * exceed the one we are looking for. If that symbol exists, 2375 * it will lie in the range bounded by low_bnd and 2376 * high_bnd. This is a linear search, but a short one. 2377 */ 2378 if (_sym == NULL) { 2379 for (mid = low_bnd; mid <= high_bnd; mid++) { 2380 mid_sym = &sym[dynaddr_ndx[mid]]; 2381 value = mid_sym->st_value + base; 2382 if (addr >= value) { 2383 _sym = mid_sym; 2384 _value = value; 2385 } else { 2386 break; 2387 } 2388 } 2389 } 2390 } else { /* Linear search */ 2391 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2392 /* 2393 * Skip expected symbol types that are not functions 2394 * or data: 2395 * - A symbol table starts with an undefined symbol 2396 * in slot 0. If we are using SUNWSYMTAB(), 2397 * there will be a second undefined symbol 2398 * right before the globals. 2399 * - The local part of SUNWSYMTAB() contains a 2400 * series of function symbols. Each section 2401 * starts with an initial STT_FILE symbol. 2402 */ 2403 if ((sym->st_shndx == SHN_UNDEF) || 2404 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2405 continue; 2406 2407 value = sym->st_value + base; 2408 if (value > addr) 2409 continue; 2410 if (value < _value) 2411 continue; 2412 2413 _sym = sym; 2414 _value = value; 2415 2416 /* 2417 * Note, because we accept local and global symbols 2418 * we could find a section symbol that matches the 2419 * associated address, which means that the symbol 2420 * name will be null. In this case continue the 2421 * search in case we can find a global symbol of 2422 * the same value. 2423 */ 2424 if ((value == addr) && 2425 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2426 break; 2427 } 2428 } 2429 2430 _flags = flags & RTLD_DL_MASK; 2431 if (_sym) { 2432 if (_flags == RTLD_DL_SYMENT) 2433 *info = (void *)_sym; 2434 else if (_flags == RTLD_DL_LINKMAP) 2435 *info = (void *)lmp; 2436 2437 dlip->dli_sname = str + _sym->st_name; 2438 dlip->dli_saddr = (void *)_value; 2439 } else { 2440 /* 2441 * addr lies between the beginning of the mapped segment and 2442 * the first global symbol. We have no symbol to return 2443 * and the caller requires one. We use _START_, the base 2444 * address of the mapping. 2445 */ 2446 2447 if (_flags == RTLD_DL_SYMENT) { 2448 /* 2449 * An actual symbol struct is needed, so we 2450 * construct one for _START_. To do this in a 2451 * fully accurate way requires a different symbol 2452 * for each mapped segment. This requires the 2453 * use of dynamic memory and a mutex. That's too much 2454 * plumbing for a fringe case of limited importance. 2455 * 2456 * Fortunately, we can simplify: 2457 * - Only the st_size and st_info fields are useful 2458 * outside of the linker internals. The others 2459 * reference things that outside code cannot see, 2460 * and can be set to 0. 2461 * - It's just a label and there is no size 2462 * to report. So, the size should be 0. 2463 * This means that only st_info needs a non-zero 2464 * (constant) value. A static struct will suffice. 2465 * It must be const (readonly) so the caller can't 2466 * change its meaning for subsequent callers. 2467 */ 2468 static const Sym fsym = { 0, 0, 0, 2469 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2470 *info = (void *) &fsym; 2471 } 2472 2473 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2474 dlip->dli_saddr = (void *) ADDR(lmp); 2475 } 2476 } 2477 2478 static void 2479 elf_lazy_cleanup(APlist *alp) 2480 { 2481 Rt_map *lmp; 2482 Aliste idx; 2483 2484 /* 2485 * Cleanup any link-maps added to this dynamic list and free it. 2486 */ 2487 for (APLIST_TRAVERSE(alp, idx, lmp)) 2488 FLAGS(lmp) &= ~FLG_RT_TMPLIST; 2489 free(alp); 2490 } 2491 2492 /* 2493 * This routine is called as a last fall-back to search for a symbol from a 2494 * standard relocation. To maintain lazy loadings goal of reducing the number 2495 * of objects mapped, any symbol search is first carried out using the objects 2496 * that already exist in the process (either on a link-map list or handle). 2497 * If a symbol can't be found, and lazy dependencies are still pending, this 2498 * routine loads the dependencies in an attempt to locate the symbol. 2499 * 2500 * Only new objects are inspected as we will have already inspected presently 2501 * loaded objects before calling this routine. However, a new object may not 2502 * be new - although the di_lmp might be zero, the object may have been mapped 2503 * as someone elses dependency. Thus there's a possibility of some symbol 2504 * search duplication. 2505 */ 2506 Sym * 2507 elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo, int *in_nfavl) 2508 { 2509 Sym *sym = NULL; 2510 APlist *alist = NULL; 2511 Aliste idx; 2512 Rt_map *lmp1, *lmp = slp->sl_imap; 2513 const char *name = slp->sl_name; 2514 2515 /* 2516 * Generate a local list of new objects to process. This list can grow 2517 * as each object supplies its own lazy dependencies. 2518 */ 2519 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2520 return (NULL); 2521 FLAGS(lmp) |= FLG_RT_TMPLIST; 2522 2523 for (APLIST_TRAVERSE(alist, idx, lmp1)) { 2524 uint_t cnt = 0; 2525 Slookup sl = *slp; 2526 Dyninfo *dip, *pdip; 2527 2528 /* 2529 * Discard any relocation index from further symbol searches. 2530 * This index will have already been used to trigger any 2531 * necessary lazy-loads, and it might be because one of these 2532 * lazy loads have failed that we're here performing this 2533 * fallback. By removing the relocation index we don't try 2534 * and perform the same failed lazy loading activity again. 2535 */ 2536 sl.sl_rsymndx = 0; 2537 2538 /* 2539 * Loop through the lazy DT_NEEDED entries examining each object 2540 * for the required symbol. If the symbol is not found, the 2541 * object is in turn added to the local alist, so that the 2542 * objects lazy DT_NEEDED entries can be examined. 2543 */ 2544 lmp = lmp1; 2545 for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp); 2546 cnt++, pdip = dip++) { 2547 Rt_map *nlmp; 2548 2549 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2550 dip->di_info) 2551 continue; 2552 2553 /* 2554 * If this object has already failed to lazy load, and 2555 * we're still processing the same runtime linker 2556 * operation that produced the failure, don't bother 2557 * to try and load the object again. 2558 */ 2559 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2560 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2561 if (pdip->di_info == (void *)ld_entry_cnt) 2562 continue; 2563 2564 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2565 pdip->di_info = NULL; 2566 } 2567 2568 /* 2569 * Try loading this lazy dependency. If the object 2570 * can't be loaded, consider this non-fatal and continue 2571 * the search. Lazy loaded dependencies need not exist 2572 * and their loading should only turn out to be fatal 2573 * if they are required to satisfy a relocation. 2574 * 2575 * If the file is already loaded and relocated we must 2576 * still inspect it for symbols, even though it might 2577 * have already been searched. This lazy load operation 2578 * might have promoted the permissions of the object, 2579 * and thus made the object applicable for this symbol 2580 * search, whereas before the object might have been 2581 * skipped. 2582 */ 2583 if ((nlmp = elf_lazy_load(lmp, &sl, cnt, 2584 name, in_nfavl)) == NULL) 2585 continue; 2586 2587 /* 2588 * If this object isn't yet a part of the dynamic list 2589 * then inspect it for the symbol. If the symbol isn't 2590 * found add the object to the dynamic list so that we 2591 * can inspect its dependencies. 2592 */ 2593 if (FLAGS(nlmp) & FLG_RT_TMPLIST) 2594 continue; 2595 2596 sl.sl_imap = nlmp; 2597 if (sym = lookup_sym(&sl, _lmp, binfo, in_nfavl)) 2598 break; 2599 2600 /* 2601 * Some dlsym() operations are already traversing a 2602 * link-map (dlopen(0)), and thus there's no need to 2603 * build our own dynamic dependency list. 2604 */ 2605 if ((sl.sl_flags & LKUP_NODESCENT) == 0) { 2606 if (aplist_append(&alist, nlmp, 2607 AL_CNT_LAZYFIND) == NULL) { 2608 elf_lazy_cleanup(alist); 2609 return (NULL); 2610 } 2611 FLAGS(nlmp) |= FLG_RT_TMPLIST; 2612 } 2613 } 2614 if (sym) 2615 break; 2616 } 2617 2618 elf_lazy_cleanup(alist); 2619 return (sym); 2620 } 2621 2622 /* 2623 * Warning message for bad r_offset. 2624 */ 2625 void 2626 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2627 ulong_t rsymndx) 2628 { 2629 const char *name = NULL; 2630 Lm_list *lml = LIST(lmp); 2631 int trace; 2632 2633 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2634 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2635 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2636 trace = 1; 2637 else 2638 trace = 0; 2639 2640 if ((trace == 0) && (DBG_ENABLED == 0)) 2641 return; 2642 2643 if (rsymndx) { 2644 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2645 (rsymndx * SYMENT(lmp))); 2646 2647 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2648 name = (char *)(STRTAB(lmp) + symref->st_name); 2649 } 2650 2651 if (name == NULL) 2652 name = MSG_INTL(MSG_STR_UNKNOWN); 2653 2654 if (trace) { 2655 const char *rstr; 2656 2657 rstr = _conv_reloc_type((uint_t)rtype); 2658 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2659 EC_ADDR(roffset)); 2660 return; 2661 } 2662 2663 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2664 } 2665 2666 /* 2667 * Resolve a static TLS relocation. 2668 */ 2669 long 2670 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2671 ulong_t roffset, long value) 2672 { 2673 Lm_list *lml = LIST(lmp); 2674 2675 /* 2676 * Relocations against a static TLS block have limited support once 2677 * process initialization has completed. Any error condition should be 2678 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2679 * however individual relocations are tested in case the dynamic flag 2680 * had not been set when this object was built. 2681 */ 2682 if (PTTLS(lmp) == NULL) { 2683 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2684 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2685 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2686 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2687 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2688 return (0); 2689 } 2690 2691 /* 2692 * If no static TLS has been set aside for this object, determine if 2693 * any can be obtained. Enforce that any object using static TLS is 2694 * non-deletable. 2695 */ 2696 if (TLSSTATOFF(lmp) == 0) { 2697 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2698 MODE(lmp) |= RTLD_NODELETE; 2699 2700 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2701 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2702 M_REL_SHT_TYPE, rel, NULL, 0, name)); 2703 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2704 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2705 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2706 return (0); 2707 } 2708 } 2709 2710 /* 2711 * Typically, a static TLS offset is maintained as a symbols value. 2712 * For local symbols that are not apart of the dynamic symbol table, 2713 * the TLS relocation points to a section symbol, and the static TLS 2714 * offset was deposited in the associated GOT table. Make sure the GOT 2715 * is cleared, so that the value isn't reused in do_reloc(). 2716 */ 2717 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2718 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2719 value = *(long *)roffset; 2720 *(long *)roffset = 0; 2721 } else { 2722 value = sym->st_value; 2723 } 2724 } 2725 return (-(TLSSTATOFF(lmp) - value)); 2726 } 2727 2728 /* 2729 * If the symbol is not found and the reference was not to a weak symbol, report 2730 * an error. Weak references may be unresolved. 2731 */ 2732 int 2733 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2734 { 2735 Lm_list *lml = LIST(lmp); 2736 2737 /* 2738 * Under crle(1), relocation failures are ignored. 2739 */ 2740 if (lml->lm_flags & LML_FLG_IGNRELERR) 2741 return (1); 2742 2743 /* 2744 * Under ldd(1), unresolved references are reported. However, if the 2745 * original reference is EXTERN or PARENT these references are ignored 2746 * unless ldd's -p option is in effect. 2747 */ 2748 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2749 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2750 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2751 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2752 demangle(name), NAME(lmp)); 2753 } 2754 return (1); 2755 } 2756 2757 /* 2758 * Otherwise, the unresolved references is fatal. 2759 */ 2760 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2761 NULL, 0, name)); 2762 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2763 demangle(name)); 2764 2765 return (0); 2766 } 2767 2768 /* 2769 * Generic relative relocation function. 2770 */ 2771 inline static ulong_t 2772 _elf_reloc_relative(ulong_t rbgn, ulong_t base, Rt_map *lmp, APlist **textrel) 2773 { 2774 mmapobj_result_t *mpp; 2775 ulong_t roffset; 2776 2777 roffset = ((M_RELOC *)rbgn)->r_offset; 2778 roffset += base; 2779 2780 /* 2781 * If this relocation is against an address that is not associated with 2782 * a mapped segment, fall back to the generic relocation loop to 2783 * collect the associated error. 2784 */ 2785 if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) 2786 return (0); 2787 2788 /* 2789 * If this relocation is against a segment that does not provide write 2790 * access, set the write permission for all non-writable mappings. 2791 */ 2792 if (((mpp->mr_prot & PROT_WRITE) == 0) && textrel && 2793 ((set_prot(lmp, mpp, 1) == 0) || 2794 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) 2795 return (0); 2796 2797 /* 2798 * Perform the actual relocation. Note, for backward compatibility, 2799 * SPARC relocations are added to the offset contents (there was a time 2800 * when the offset was used to contain the addend, rather than using 2801 * the addend itself). 2802 */ 2803 #if defined(__sparc) 2804 *((ulong_t *)roffset) += base + ((M_RELOC *)rbgn)->r_addend; 2805 #elif defined(__amd64) 2806 *((ulong_t *)roffset) = base + ((M_RELOC *)rbgn)->r_addend; 2807 #else 2808 *((ulong_t *)roffset) += base; 2809 #endif 2810 return (1); 2811 } 2812 2813 /* 2814 * When a generic relocation loop realizes that it's dealing with relative 2815 * relocations, but no DT_RELCOUNT .dynamic tag is present, this tighter loop 2816 * is entered as an optimization. 2817 */ 2818 ulong_t 2819 elf_reloc_relative(ulong_t rbgn, ulong_t rend, ulong_t rsize, ulong_t base, 2820 Rt_map *lmp, APlist **textrel) 2821 { 2822 char rtype; 2823 2824 do { 2825 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2826 break; 2827 2828 rbgn += rsize; 2829 if (rbgn >= rend) 2830 break; 2831 2832 /* 2833 * Make sure the next type is a relative relocation. 2834 */ 2835 rtype = ELF_R_TYPE(((M_RELOC *)rbgn)->r_info, M_MACH); 2836 2837 } while (rtype == M_R_RELATIVE); 2838 2839 return (rbgn); 2840 } 2841 2842 /* 2843 * This is the tightest loop for RELATIVE relocations for those objects built 2844 * with the DT_RELACOUNT .dynamic entry. 2845 */ 2846 ulong_t 2847 elf_reloc_relative_count(ulong_t rbgn, ulong_t rcount, ulong_t rsize, 2848 ulong_t base, Rt_map *lmp, APlist **textrel) 2849 { 2850 for (; rcount; rcount--) { 2851 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2852 break; 2853 2854 rbgn += rsize; 2855 } 2856 return (rbgn); 2857 } 2858