xref: /titanic_50/usr/src/cmd/sgs/rtld/common/elf.c (revision efd31e1d839d4665462b5c267a1c654548082663)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  *	Copyright (c) 1988 AT&T
24  *	  All Rights Reserved
25  *
26  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
27  */
28 
29 /*
30  * Object file dependent support for ELF objects.
31  */
32 
33 #include	<stdio.h>
34 #include	<sys/procfs.h>
35 #include	<sys/mman.h>
36 #include	<sys/debug.h>
37 #include	<string.h>
38 #include	<limits.h>
39 #include	<dlfcn.h>
40 #include	<debug.h>
41 #include	<conv.h>
42 #include	"_rtld.h"
43 #include	"_audit.h"
44 #include	"_elf.h"
45 #include	"_inline_gen.h"
46 #include	"_inline_reloc.h"
47 #include	"msg.h"
48 
49 /*
50  * Default and secure dependency search paths.
51  */
52 static Spath_defn _elf_def_dirs[] = {
53 #if	defined(_ELF64)
54 	{ MSG_ORIG(MSG_PTH_LIB_64),		MSG_PTH_LIB_64_SIZE },
55 	{ MSG_ORIG(MSG_PTH_USRLIB_64),		MSG_PTH_USRLIB_64_SIZE },
56 #else
57 	{ MSG_ORIG(MSG_PTH_LIB),		MSG_PTH_LIB_SIZE },
58 	{ MSG_ORIG(MSG_PTH_USRLIB),		MSG_PTH_USRLIB_SIZE },
59 #endif
60 	{ 0, 0 }
61 };
62 
63 static Spath_defn _elf_sec_dirs[] = {
64 #if	defined(_ELF64)
65 	{ MSG_ORIG(MSG_PTH_LIBSE_64),		MSG_PTH_LIBSE_64_SIZE },
66 	{ MSG_ORIG(MSG_PTH_USRLIBSE_64),	MSG_PTH_USRLIBSE_64_SIZE },
67 #else
68 	{ MSG_ORIG(MSG_PTH_LIBSE),		MSG_PTH_LIBSE_SIZE },
69 	{ MSG_ORIG(MSG_PTH_USRLIBSE),		MSG_PTH_USRLIBSE_SIZE },
70 #endif
71 	{ 0, 0 }
72 };
73 
74 Alist	*elf_def_dirs = NULL;
75 Alist	*elf_sec_dirs = NULL;
76 
77 /*
78  * Defines for local functions.
79  */
80 static void	elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
81 static Addr	elf_entry_point(void);
82 static int	elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t);
83 static Alist	**elf_get_def_dirs(void);
84 static Alist	**elf_get_sec_dirs(void);
85 static char	*elf_get_so(const char *, const char *, size_t, size_t);
86 static int	elf_needed(Lm_list *, Aliste, Rt_map *, int *);
87 
88 /*
89  * Functions and data accessed through indirect pointers.
90  */
91 Fct elf_fct = {
92 	elf_verify,
93 	elf_new_lmp,
94 	elf_entry_point,
95 	elf_needed,
96 	lookup_sym,
97 	elf_reloc,
98 	elf_get_def_dirs,
99 	elf_get_sec_dirs,
100 	elf_fix_name,
101 	elf_get_so,
102 	elf_dladdr,
103 	dlsym_handle
104 };
105 
106 /*
107  * Default and secure dependency search paths.
108  */
109 static Alist **
110 elf_get_def_dirs()
111 {
112 	if (elf_def_dirs == NULL)
113 		set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT);
114 	return (&elf_def_dirs);
115 }
116 
117 static Alist **
118 elf_get_sec_dirs()
119 {
120 	if (elf_sec_dirs == NULL)
121 		set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE);
122 	return (&elf_sec_dirs);
123 }
124 
125 /*
126  * Redefine NEEDED name if necessary.
127  */
128 static int
129 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni,
130     uint_t orig)
131 {
132 	/*
133 	 * For ABI compliance, if we are asked for ld.so.1, then really give
134 	 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1).
135 	 */
136 	if (((*name == '/') &&
137 	/* BEGIN CSTYLED */
138 #if	defined(_ELF64)
139 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) ||
140 #else
141 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) ||
142 #endif
143 	    (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) {
144 		/* END CSTYLED */
145 		Pdesc	*pdp;
146 
147 		DBG_CALL(Dbg_file_fixname(LIST(clmp), name,
148 		    MSG_ORIG(MSG_PTH_LIBSYS)));
149 		if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc),
150 		    alni)) == NULL)
151 			return (0);
152 
153 		pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS);
154 		pdp->pd_plen = MSG_PTH_LIBSYS_SIZE;
155 		pdp->pd_flags = PD_FLG_PNSLASH;
156 
157 		return (1);
158 	}
159 
160 	return (expand_paths(clmp, name, alpp, alni, orig, 0));
161 }
162 
163 /*
164  * Determine whether this object requires capabilities.
165  */
166 inline static int
167 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej)
168 {
169 	Phdr	*phdr;
170 	Cap	*cap = NULL;
171 	Dyn	*dyn = NULL;
172 	char	*str = NULL;
173 	Addr	base;
174 	uint_t	cnt, dyncnt;
175 
176 	/*
177 	 * If this is a shared object, the base address of the shared object is
178 	 * added to all address values defined within the object.  Otherwise, if
179 	 * this is an executable, all object addresses are used as is.
180 	 */
181 	if (ehdr->e_type == ET_EXEC)
182 		base = 0;
183 	else
184 		base = (Addr)ehdr;
185 
186 	/* LINTED */
187 	phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff);
188 	for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) {
189 		if (phdr->p_type == PT_DYNAMIC) {
190 			/* LINTED */
191 			dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
192 			dyncnt = phdr->p_filesz / sizeof (Dyn);
193 		} else if (phdr->p_type == PT_SUNWCAP) {
194 			/* LINTED */
195 			cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
196 		}
197 	}
198 
199 	if (cap) {
200 		/*
201 		 * From the .dynamic section, determine the associated string
202 		 * table.  Required for CA_SUNW_MACH and CA_SUNW_PLAT
203 		 * processing.
204 		 */
205 		while (dyn && dyncnt) {
206 			if (dyn->d_tag == DT_NULL) {
207 				break;
208 			} else if (dyn->d_tag == DT_STRTAB) {
209 				str = (char *)(dyn->d_un.d_ptr + base);
210 				break;
211 			}
212 			dyn++, dyncnt--;
213 		}
214 	}
215 
216 	/*
217 	 * Establish any alternative capabilities, and validate this object
218 	 * if it defines it's own capabilities information.
219 	 */
220 	return (cap_check_fdesc(fdp, cap, str, rej));
221 }
222 
223 /*
224  * Determine if we have been given an ELF file and if so determine if the file
225  * is compatible.  Returns 1 if true, else 0 and sets the reject descriptor
226  * with associated error information.
227  */
228 Fct *
229 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name,
230     Rej_desc *rej)
231 {
232 	Ehdr	*ehdr;
233 	char	*caddr = (char *)addr;
234 
235 	/*
236 	 * Determine if we're an elf file.  If not simply return, we don't set
237 	 * any rejection information as this test allows use to scroll through
238 	 * the objects we support (ELF, AOUT).
239 	 */
240 	if (size < sizeof (Ehdr) ||
241 	    caddr[EI_MAG0] != ELFMAG0 ||
242 	    caddr[EI_MAG1] != ELFMAG1 ||
243 	    caddr[EI_MAG2] != ELFMAG2 ||
244 	    caddr[EI_MAG3] != ELFMAG3) {
245 		return (NULL);
246 	}
247 
248 	/*
249 	 * Check class and encoding.
250 	 */
251 	/* LINTED */
252 	ehdr = (Ehdr *)addr;
253 	if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
254 		rej->rej_type = SGS_REJ_CLASS;
255 		rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
256 		return (NULL);
257 	}
258 	if (ehdr->e_ident[EI_DATA] != M_DATA) {
259 		rej->rej_type = SGS_REJ_DATA;
260 		rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
261 		return (NULL);
262 	}
263 	if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
264 	    (ehdr->e_type != ET_DYN)) {
265 		rej->rej_type = SGS_REJ_TYPE;
266 		rej->rej_info = (uint_t)ehdr->e_type;
267 		return (NULL);
268 	}
269 
270 	/*
271 	 * Verify ELF version.
272 	 */
273 	if (ehdr->e_version > EV_CURRENT) {
274 		rej->rej_type = SGS_REJ_VERSION;
275 		rej->rej_info = (uint_t)ehdr->e_version;
276 		return (NULL);
277 	}
278 
279 	/*
280 	 * Verify machine specific flags.
281 	 */
282 	if (elf_mach_flags_check(rej, ehdr) == 0)
283 		return (NULL);
284 
285 	/*
286 	 * Verify any capability requirements.  Note, if this object is a shared
287 	 * object that is explicitly defined on the ldd(1) command line, and it
288 	 * contains an incompatible capabilities requirement, then inform the
289 	 * user, but continue processing.
290 	 */
291 	if (elf_cap_check(fdp, ehdr, rej) == 0) {
292 		Rt_map	*lmp = lml_main.lm_head;
293 
294 		if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp &&
295 		    (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) {
296 			/* LINTED */
297 			(void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name,
298 			    rej->rej_str);
299 			return (&elf_fct);
300 		}
301 		return (NULL);
302 	}
303 	return (&elf_fct);
304 }
305 
306 /*
307  * The runtime linker employs lazy loading to provide the libraries needed for
308  * debugging, preloading .o's and dldump().  As these are seldom used, the
309  * standard startup of ld.so.1 doesn't initialize all the information necessary
310  * to perform plt relocation on ld.so.1's link-map.  The first time lazy loading
311  * is called we get here to perform these initializations:
312  *
313  *  -	elf_needed() is called to establish any ld.so.1 dependencies.  These
314  *	dependencies should all be lazy loaded, so this routine is typically a
315  * 	no-op.  However, we call elf_needed() for completeness, in case any
316  *	NEEDED initialization is required.
317  *
318  *  -	For intel, ld.so.1's JMPSLOT relocations need relative updates. These
319  *	are by default skipped thus delaying all relative relocation processing
320  * 	on every invocation of ld.so.1.
321  */
322 int
323 elf_rtld_load()
324 {
325 	Lm_list	*lml = &lml_rtld;
326 	Rt_map	*lmp = lml->lm_head;
327 
328 	if (lml->lm_flags & LML_FLG_PLTREL)
329 		return (1);
330 
331 	if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0)
332 		return (0);
333 
334 #if	defined(__i386)
335 	/*
336 	 * This is a kludge to give ld.so.1 a performance benefit on i386.
337 	 * It's based around two factors.
338 	 *
339 	 *  -	JMPSLOT relocations (PLT's) actually need a relative relocation
340 	 *	applied to the GOT entry so that they can find PLT0.
341 	 *
342 	 *  -	ld.so.1 does not exercise *any* PLT's before it has made a call
343 	 *	to elf_lazy_load().  This is because all dynamic dependencies
344 	 * 	are recorded as lazy dependencies.
345 	 */
346 	(void) elf_reloc_relative_count((ulong_t)JMPREL(lmp),
347 	    (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
348 	    (ulong_t)ADDR(lmp), lmp, NULL, 0);
349 #endif
350 	lml->lm_flags |= LML_FLG_PLTREL;
351 	return (1);
352 }
353 
354 /*
355  * Lazy load an object.
356  */
357 Rt_map *
358 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym,
359     uint_t flags, Grp_hdl **hdl, int *in_nfavl)
360 {
361 	Alist		*palp = NULL;
362 	Rt_map		*nlmp;
363 	Dyninfo		*dip = &DYNINFO(clmp)[ndx], *pdip;
364 	const char	*name;
365 	Lm_list		*lml = LIST(clmp);
366 	Aliste		lmco;
367 
368 	/*
369 	 * If this dependency should be ignored, or has already been processed,
370 	 * we're done.
371 	 */
372 	if (((nlmp = (Rt_map *)dip->di_info) != NULL) ||
373 	    (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE)))
374 		return (nlmp);
375 
376 	/*
377 	 * If we're running under ldd(1), indicate that this dependency has been
378 	 * processed (see test above).  It doesn't matter whether the object is
379 	 * successfully loaded or not, this flag simply ensures that we don't
380 	 * repeatedly attempt to load an object that has already failed to load.
381 	 * To do so would create multiple failure diagnostics for the same
382 	 * object under ldd(1).
383 	 */
384 	if (lml->lm_flags & LML_FLG_TRC_ENABLE)
385 		dip->di_flags |= FLG_DI_LDD_DONE;
386 
387 	/*
388 	 * Determine the initial dependency name.
389 	 */
390 	name = dip->di_name;
391 	DBG_CALL(Dbg_file_lazyload(clmp, name, sym));
392 
393 	/*
394 	 * If this object needs to establish its own group, make sure a handle
395 	 * is created.
396 	 */
397 	if (dip->di_flags & FLG_DI_GROUP)
398 		flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
399 
400 	/*
401 	 * Lazy dependencies are identified as DT_NEEDED entries with a
402 	 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element.  The
403 	 * dynamic information element that corresponds to the DT_POSFLAG_1
404 	 * entry is free, and thus used to store the present entrance
405 	 * identifier.  This identifier is used to prevent multiple attempts to
406 	 * load a failed lazy loadable dependency within the same runtime linker
407 	 * operation.  However, future attempts to reload this dependency are
408 	 * still possible.
409 	 */
410 	if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1))
411 		pdip->di_info = (void *)slp->sl_id;
412 
413 	/*
414 	 * Expand the requested name if necessary.
415 	 */
416 	if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0)
417 		return (NULL);
418 
419 	/*
420 	 * Establish a link-map control list for this request.
421 	 */
422 	if ((lmco = create_cntl(lml, 0)) == NULL) {
423 		remove_plist(&palp, 1);
424 		return (NULL);
425 	}
426 
427 	/*
428 	 * Load the associated object.
429 	 */
430 	dip->di_info = nlmp =
431 	    load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl);
432 
433 	/*
434 	 * Remove any expanded pathname infrastructure.  Reduce the pending lazy
435 	 * dependency count of the caller, together with the link-map lists
436 	 * count of objects that still have lazy dependencies pending.
437 	 */
438 	remove_plist(&palp, 1);
439 	if (--LAZY(clmp) == 0)
440 		LIST(clmp)->lm_lazy--;
441 
442 	/*
443 	 * Finish processing the objects associated with this request, and
444 	 * create an association between the caller and this dependency.
445 	 */
446 	if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) ||
447 	    ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) ||
448 	    (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0)))
449 		dip->di_info = nlmp = NULL;
450 
451 	/*
452 	 * If this lazyload has failed, and we've created a new link-map
453 	 * control list to which this request has added objects, then remove
454 	 * all the objects that have been associated to this request.
455 	 */
456 	if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
457 		remove_lmc(lml, clmp, lmco, name);
458 
459 	/*
460 	 * Remove any temporary link-map control list.
461 	 */
462 	if (lmco != ALIST_OFF_DATA)
463 		remove_cntl(lml, lmco);
464 
465 	/*
466 	 * If this lazy loading failed, record the fact, and bump the lazy
467 	 * counts.
468 	 */
469 	if (nlmp == NULL) {
470 		dip->di_flags |= FLG_DI_LAZYFAIL;
471 		if (LAZY(clmp)++ == 0)
472 			LIST(clmp)->lm_lazy++;
473 	}
474 
475 	return (nlmp);
476 }
477 
478 /*
479  * Return the entry point of the ELF executable.
480  */
481 static Addr
482 elf_entry_point(void)
483 {
484 	Rt_map	*lmp = lml_main.lm_head;
485 	Ehdr	*ehdr = (Ehdr *)ADDR(lmp);
486 	Addr	addr = (Addr)(ehdr->e_entry);
487 
488 	if ((FLAGS(lmp) & FLG_RT_FIXED) == 0)
489 		addr += ADDR(lmp);
490 
491 	return (addr);
492 }
493 
494 /*
495  * Determine if a dependency requires a particular version and if so verify
496  * that the version exists in the dependency.
497  */
498 int
499 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
500 {
501 	Verneed		*vnd = VERNEED(clmp);
502 	int		_num, num = VERNEEDNUM(clmp);
503 	char		*cstrs = (char *)STRTAB(clmp);
504 	Lm_list		*lml = LIST(clmp);
505 
506 	/*
507 	 * Traverse the callers version needed information and determine if any
508 	 * specific versions are required from the dependency.
509 	 */
510 	DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp)));
511 	for (_num = 1; _num <= num; _num++,
512 	    vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
513 		Half		cnt = vnd->vn_cnt;
514 		Vernaux		*vnap;
515 		char		*nstrs, *need;
516 
517 		/*
518 		 * Determine if a needed entry matches this dependency.
519 		 */
520 		need = (char *)(cstrs + vnd->vn_file);
521 		if (strcmp(name, need) != 0)
522 			continue;
523 
524 		if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
525 		    ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
526 			(void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
527 
528 		/*
529 		 * Validate that each version required actually exists in the
530 		 * dependency.
531 		 */
532 		nstrs = (char *)STRTAB(nlmp);
533 
534 		for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
535 		    cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
536 			char		*version, *define;
537 			Verdef		*vdf = VERDEF(nlmp);
538 			ulong_t		_num, num = VERDEFNUM(nlmp);
539 			int		found = 0;
540 
541 			/*
542 			 * Skip validation of versions that are marked
543 			 * INFO. This optimization is used for versions
544 			 * that are inherited by another version. Verification
545 			 * of the inheriting version is sufficient.
546 			 *
547 			 * Such versions are recorded in the object for the
548 			 * benefit of VERSYM entries that refer to them. This
549 			 * provides a purely diagnostic benefit.
550 			 */
551 			if (vnap->vna_flags & VER_FLG_INFO)
552 				continue;
553 
554 			version = (char *)(cstrs + vnap->vna_name);
555 			DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version));
556 
557 			for (_num = 1; _num <= num; _num++,
558 			    vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
559 				Verdaux		*vdap;
560 
561 				if (vnap->vna_hash != vdf->vd_hash)
562 					continue;
563 
564 				vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
565 				define = (char *)(nstrs + vdap->vda_name);
566 				if (strcmp(version, define) != 0)
567 					continue;
568 
569 				found++;
570 				break;
571 			}
572 
573 			/*
574 			 * If we're being traced print out any matched version
575 			 * when the verbose (-v) option is in effect.  Always
576 			 * print any unmatched versions.
577 			 */
578 			if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
579 				/* BEGIN CSTYLED */
580 				if (found) {
581 				    if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
582 					continue;
583 
584 				    (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
585 					need, version, NAME(nlmp));
586 				} else {
587 				    if (rtld_flags & RT_FL_SILENCERR)
588 					continue;
589 
590 				    (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
591 					need, version);
592 				}
593 				/* END CSTYLED */
594 				continue;
595 			}
596 
597 			/*
598 			 * If the version hasn't been found then this is a
599 			 * candidate for a fatal error condition.  Weak
600 			 * version definition requirements are silently
601 			 * ignored.  Also, if the image inspected for a version
602 			 * definition has no versioning recorded at all then
603 			 * silently ignore this (this provides better backward
604 			 * compatibility to old images created prior to
605 			 * versioning being available).  Both of these skipped
606 			 * diagnostics are available under tracing (see above).
607 			 */
608 			if ((found == 0) && (num != 0) &&
609 			    (!(vnap->vna_flags & VER_FLG_WEAK))) {
610 				eprintf(lml, ERR_FATAL,
611 				    MSG_INTL(MSG_VER_NFOUND), need, version,
612 				    NAME(clmp));
613 				return (0);
614 			}
615 		}
616 	}
617 	DBG_CALL(Dbg_ver_need_done(lml));
618 	return (1);
619 }
620 
621 /*
622  * Search through the dynamic section for DT_NEEDED entries and perform one
623  * of two functions.  If only the first argument is specified then load the
624  * defined shared object, otherwise add the link map representing the defined
625  * link map the the dlopen list.
626  */
627 static int
628 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl)
629 {
630 	Alist		*palp = NULL;
631 	Dyn		*dyn;
632 	Dyninfo		*dip;
633 	Word		lmflags = lml->lm_flags;
634 
635 	/*
636 	 * A DYNINFO() structure is created during link-map generation that
637 	 * parallels the DYN() information, and defines any flags that
638 	 * influence a dependencies loading.
639 	 */
640 	for (dyn = DYN(clmp), dip = DYNINFO(clmp);
641 	    !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
642 		uint_t		flags = 0, silent = 0;
643 		const char	*name = dip->di_name;
644 		Rt_map		*nlmp = NULL;
645 
646 		if ((dip->di_flags & FLG_DI_NEEDED) == 0)
647 			continue;
648 
649 		/*
650 		 * Skip any deferred dependencies, unless ldd(1) has forced
651 		 * their processing.  By default, deferred dependencies are
652 		 * only processed when an explicit binding to an individual
653 		 * deferred reference is made.
654 		 */
655 		if ((dip->di_flags & FLG_DI_DEFERRED) &&
656 		    ((rtld_flags & RT_FL_DEFERRED) == 0))
657 			continue;
658 
659 		/*
660 		 * NOTE, libc.so.1 can't be lazy loaded.  Although a lazy
661 		 * position flag won't be produced when a RTLDINFO .dynamic
662 		 * entry is found (introduced with the UPM in Solaris 10), it
663 		 * was possible to mark libc for lazy loading on previous
664 		 * releases.  To reduce the overhead of testing for this
665 		 * occurrence, only carry out this check for the first object
666 		 * on the link-map list (there aren't many applications built
667 		 * without libc).
668 		 */
669 		if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) &&
670 		    (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
671 			dip->di_flags &= ~FLG_DI_LAZY;
672 
673 		/*
674 		 * Don't bring in lazy loaded objects yet unless we've been
675 		 * asked to attempt to load all available objects (crle(1) sets
676 		 * LD_FLAGS=loadavail).  Even under RTLD_NOW we don't process
677 		 * this - RTLD_NOW will cause relocation processing which in
678 		 * turn might trigger lazy loading, but its possible that the
679 		 * object has a lazy loaded file with no bindings (i.e., it
680 		 * should never have been a dependency in the first place).
681 		 */
682 		if (dip->di_flags & FLG_DI_LAZY) {
683 			if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
684 				LAZY(clmp)++;
685 				continue;
686 			}
687 
688 			/*
689 			 * Silence any error messages - see description under
690 			 * elf_lookup_filtee().
691 			 */
692 			if ((rtld_flags & RT_FL_SILENCERR) == 0) {
693 				rtld_flags |= RT_FL_SILENCERR;
694 				silent = 1;
695 			}
696 		}
697 
698 		DBG_CALL(Dbg_file_needed(clmp, name));
699 
700 		/*
701 		 * If we're running under ldd(1), indicate that this dependency
702 		 * has been processed.  It doesn't matter whether the object is
703 		 * successfully loaded or not, this flag simply ensures that we
704 		 * don't repeatedly attempt to load an object that has already
705 		 * failed to load.  To do so would create multiple failure
706 		 * diagnostics for the same object under ldd(1).
707 		 */
708 		if (lml->lm_flags & LML_FLG_TRC_ENABLE)
709 			dip->di_flags |= FLG_DI_LDD_DONE;
710 
711 		/*
712 		 * Identify any group permission requirements.
713 		 */
714 		if (dip->di_flags & FLG_DI_GROUP)
715 			flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
716 
717 		/*
718 		 * Establish the objects name, load it and establish a binding
719 		 * with the caller.
720 		 */
721 		if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) ||
722 		    ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp),
723 		    flags, 0, in_nfavl)) == NULL) ||
724 		    (bind_one(clmp, nlmp, BND_NEEDED) == 0))
725 			nlmp = NULL;
726 
727 		/*
728 		 * Clean up any infrastructure, including the removal of the
729 		 * error suppression state, if it had been previously set in
730 		 * this routine.
731 		 */
732 		remove_plist(&palp, 0);
733 
734 		if (silent)
735 			rtld_flags &= ~RT_FL_SILENCERR;
736 
737 		if ((dip->di_info = (void *)nlmp) == NULL) {
738 			/*
739 			 * If the object could not be mapped, continue if error
740 			 * suppression is established or we're here with ldd(1).
741 			 */
742 			if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
743 			    (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
744 				continue;
745 			else {
746 				remove_plist(&palp, 1);
747 				return (0);
748 			}
749 		}
750 	}
751 
752 	if (LAZY(clmp))
753 		lml->lm_lazy++;
754 
755 	remove_plist(&palp, 1);
756 	return (1);
757 }
758 
759 /*
760  * A null symbol interpretor.  Used if a filter has no associated filtees.
761  */
762 /* ARGSUSED0 */
763 static int
764 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
765 {
766 	return (0);
767 }
768 
769 /*
770  * Disable filtee use.
771  */
772 static void
773 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip)
774 {
775 	if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
776 		/*
777 		 * If this is an object filter, null out the reference name.
778 		 */
779 		if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
780 			REFNAME(lmp) = NULL;
781 			OBJFLTRNDX(lmp) = FLTR_DISABLED;
782 
783 			/*
784 			 * Indicate that this filtee is no longer available.
785 			 */
786 			if (dip->di_flags & FLG_DI_STDFLTR)
787 				SYMINTP(lmp) = elf_null_find_sym;
788 
789 		}
790 	} else if (dip->di_flags & FLG_DI_STDFLTR) {
791 		/*
792 		 * Indicate that this standard filtee is no longer available.
793 		 */
794 		if (SYMSFLTRCNT(lmp))
795 			SYMSFLTRCNT(lmp)--;
796 	} else {
797 		/*
798 		 * Indicate that this auxiliary filtee is no longer available.
799 		 */
800 		if (SYMAFLTRCNT(lmp))
801 			SYMAFLTRCNT(lmp)--;
802 	}
803 	dip->di_flags &= ~MSK_DI_FILTER;
804 }
805 
806 /*
807  * Find symbol interpreter - filters.
808  * This function is called when the symbols from a shared object should
809  * be resolved from the shared objects filtees instead of from within itself.
810  *
811  * A symbol name of 0 is used to trigger filtee loading.
812  */
813 static int
814 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
815     int *in_nfavl)
816 {
817 	const char	*name = slp->sl_name, *filtees;
818 	Rt_map		*clmp = slp->sl_cmap;
819 	Rt_map		*ilmp = slp->sl_imap;
820 	Pdesc		*pdp;
821 	int		any;
822 	Dyninfo		*dip = &DYNINFO(ilmp)[ndx];
823 	Lm_list		*lml = LIST(ilmp);
824 	Aliste		idx;
825 
826 	/*
827 	 * Indicate that the filter has been used.  If a binding already exists
828 	 * to the caller, indicate that this object is referenced.  This insures
829 	 * we don't generate false unreferenced diagnostics from ldd -u/U or
830 	 * debugging.  Don't create a binding regardless, as this filter may
831 	 * have been dlopen()'ed.
832 	 */
833 	if (name && (ilmp != clmp)) {
834 		Word	tracing = (LIST(clmp)->lm_flags &
835 		    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
836 
837 		if (tracing || DBG_ENABLED) {
838 			Bnd_desc 	*bdp;
839 			Aliste		idx;
840 
841 			FLAGS1(ilmp) |= FL1_RT_USED;
842 
843 			if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) {
844 				for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) {
845 					if (bdp->b_caller == clmp) {
846 						bdp->b_flags |= BND_REFER;
847 						break;
848 					}
849 				}
850 			}
851 		}
852 	}
853 
854 	/*
855 	 * If this is the first call to process this filter, establish the
856 	 * filtee list.  If a configuration file exists, determine if any
857 	 * filtee associations for this filter, and its filtee reference, are
858 	 * defined.  Otherwise, process the filtee reference.  Any token
859 	 * expansion is also completed at this point (i.e., $PLATFORM).
860 	 */
861 	filtees = dip->di_name;
862 	if (dip->di_info == NULL) {
863 		if (rtld_flags2 & RT_FL2_FLTCFG) {
864 			elf_config_flt(lml, PATHNAME(ilmp), filtees,
865 			    (Alist **)&dip->di_info, AL_CNT_FILTEES);
866 		}
867 		if (dip->di_info == NULL) {
868 			DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0));
869 			if ((lml->lm_flags &
870 			    (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
871 			    ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
872 				(void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
873 				    NAME(ilmp), filtees);
874 
875 			if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info,
876 			    AL_CNT_FILTEES, 0, 0) == 0) {
877 				elf_disable_filtee(ilmp, dip);
878 				return (0);
879 			}
880 		}
881 	}
882 
883 	/*
884 	 * Traverse the filtee list, dlopen()'ing any objects specified and
885 	 * using their group handle to lookup the symbol.
886 	 */
887 	any = 0;
888 	for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) {
889 		int	mode;
890 		Grp_hdl	*ghp;
891 		Rt_map	*nlmp = NULL;
892 
893 		if (pdp->pd_plen == 0)
894 			continue;
895 
896 		/*
897 		 * Establish the mode of the filtee from the filter.  As filtees
898 		 * are loaded via a dlopen(), make sure that RTLD_GROUP is set
899 		 * and the filtees aren't global.  It would be nice to have
900 		 * RTLD_FIRST used here also, but as filters got out long before
901 		 * RTLD_FIRST was introduced it's a little too late now.
902 		 */
903 		mode = MODE(ilmp) | RTLD_GROUP;
904 		mode &= ~RTLD_GLOBAL;
905 
906 		/*
907 		 * Insure that any auxiliary filter can locate symbols from its
908 		 * caller.
909 		 */
910 		if (dip->di_flags & FLG_DI_AUXFLTR)
911 			mode |= RTLD_PARENT;
912 
913 		/*
914 		 * Process any capability directory.  Establish a new link-map
915 		 * control list from which to analyze any newly added objects.
916 		 */
917 		if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) {
918 			const char	*dir = pdp->pd_pname;
919 			Aliste		lmco;
920 
921 			/*
922 			 * Establish a link-map control list for this request.
923 			 */
924 			if ((lmco = create_cntl(lml, 0)) == NULL)
925 				return (NULL);
926 
927 			/*
928 			 * Determine the capability filtees.  If none can be
929 			 * found, provide suitable diagnostics.
930 			 */
931 			DBG_CALL(Dbg_cap_filter(lml, dir, ilmp));
932 			if (cap_filtees((Alist **)&dip->di_info, idx, dir,
933 			    lmco, ilmp, filtees, mode,
934 			    (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) {
935 				if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
936 				    (dip->di_flags & FLG_DI_AUXFLTR) &&
937 				    (rtld_flags & RT_FL_WARNFLTR)) {
938 					(void) printf(
939 					    MSG_INTL(MSG_LDD_CAP_NFOUND), dir);
940 				}
941 				DBG_CALL(Dbg_cap_filter(lml, dir, 0));
942 			}
943 
944 			/*
945 			 * Re-establish the originating path name descriptor,
946 			 * as the expansion of capabilities filtees may have
947 			 * re-allocated the controlling Alist.  Mark this
948 			 * original pathname descriptor as unused so that the
949 			 * descriptor isn't revisited for processing.  Any real
950 			 * capabilities filtees have been added as new pathname
951 			 * descriptors following this descriptor.
952 			 */
953 			pdp = alist_item((Alist *)dip->di_info, idx);
954 			pdp->pd_flags &= ~PD_TKN_CAP;
955 			pdp->pd_plen = 0;
956 
957 			/*
958 			 * Now that any capability objects have been processed,
959 			 * remove any temporary link-map control list.
960 			 */
961 			if (lmco != ALIST_OFF_DATA)
962 				remove_cntl(lml, lmco);
963 		}
964 
965 		if (pdp->pd_plen == 0)
966 			continue;
967 
968 		/*
969 		 * Process an individual filtee.
970 		 */
971 		if (pdp->pd_info == NULL) {
972 			const char	*filtee = pdp->pd_pname;
973 			int		audit = 0;
974 
975 			DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0));
976 
977 			ghp = NULL;
978 
979 			/*
980 			 * Determine if the reference link map is already
981 			 * loaded.  As an optimization compare the filtee with
982 			 * our interpretor.  The most common filter is
983 			 * libdl.so.1, which is a filter on ld.so.1.
984 			 */
985 #if	defined(_ELF64)
986 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
987 #else
988 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
989 #endif
990 				uint_t	hflags, rdflags, cdflags;
991 
992 				/*
993 				 * Establish any flags for the handle (Grp_hdl).
994 				 *
995 				 *  -	This is a special, public, ld.so.1
996 				 *	handle.
997 				 *  -	Only the first object on this handle
998 				 *	can supply symbols.
999 				 *  -	This handle provides a filtee.
1000 				 *
1001 				 * Essentially, this handle allows a caller to
1002 				 * reference the dl*() family of interfaces from
1003 				 * ld.so.1.
1004 				 */
1005 				hflags = (GPH_PUBLIC | GPH_LDSO |
1006 				    GPH_FIRST | GPH_FILTEE);
1007 
1008 				/*
1009 				 * Establish the flags for the referenced
1010 				 * dependency descriptor (Grp_desc).
1011 				 *
1012 				 *  -	ld.so.1 is available for dlsym().
1013 				 *  -	ld.so.1 is available to relocate
1014 				 *	against.
1015 				 *  -	There's no need to add an dependencies
1016 				 * 	to this handle.
1017 				 */
1018 				rdflags = (GPD_DLSYM | GPD_RELOC);
1019 
1020 				/*
1021 				 * Establish the flags for this callers
1022 				 * dependency descriptor (Grp_desc).
1023 				 *
1024 				 *  -   The explicit creation of a handle
1025 				 *	creates a descriptor for the referenced
1026 				 *	object and the parent (caller).
1027 				 */
1028 				cdflags = GPD_PARENT;
1029 
1030 				nlmp = lml_rtld.lm_head;
1031 				if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1032 				    hflags, rdflags, cdflags)) == NULL)
1033 					nlmp = NULL;
1034 
1035 				/*
1036 				 * Establish the filter handle to prevent any
1037 				 * recursion.
1038 				 */
1039 				if (nlmp && ghp)
1040 					pdp->pd_info = (void *)ghp;
1041 
1042 				/*
1043 				 * Audit the filter/filtee established.  Ignore
1044 				 * any return from the auditor, as we can't
1045 				 * allow ignore filtering to ld.so.1, otherwise
1046 				 * nothing is going to work.
1047 				 */
1048 				if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) &
1049 				    LML_TFLG_AUD_OBJFILTER))
1050 					(void) audit_objfilter(ilmp, filtees,
1051 					    nlmp, 0);
1052 
1053 			} else {
1054 				Rej_desc	rej = { 0 };
1055 				Fdesc		fd = { 0 };
1056 				Aliste		lmco;
1057 
1058 				/*
1059 				 * Trace the inspection of this file, determine
1060 				 * any auditor substitution, and seed the file
1061 				 * descriptor with the originating name.
1062 				 */
1063 				if (load_trace(lml, pdp, clmp, &fd) == NULL)
1064 					continue;
1065 
1066 				/*
1067 				 * Establish a link-map control list for this
1068 				 * request.
1069 				 */
1070 				if ((lmco = create_cntl(lml, 0)) == NULL)
1071 					return (NULL);
1072 
1073 				/*
1074 				 * Locate and load the filtee.
1075 				 */
1076 				if ((nlmp = load_path(lml, lmco, ilmp, mode,
1077 				    FLG_RT_PUBHDL, &ghp, &fd, &rej,
1078 				    in_nfavl)) == NULL)
1079 					file_notfound(LIST(ilmp), filtee, ilmp,
1080 					    FLG_RT_PUBHDL, &rej);
1081 
1082 				filtee = pdp->pd_pname;
1083 
1084 				/*
1085 				 * Establish the filter handle to prevent any
1086 				 * recursion.
1087 				 */
1088 				if (nlmp && ghp) {
1089 					ghp->gh_flags |= GPH_FILTEE;
1090 					pdp->pd_info = (void *)ghp;
1091 
1092 					FLAGS1(nlmp) |= FL1_RT_USED;
1093 				}
1094 
1095 				/*
1096 				 * Audit the filter/filtee established.  A
1097 				 * return of 0 indicates the auditor wishes to
1098 				 * ignore this filtee.
1099 				 */
1100 				if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1101 				    LML_TFLG_AUD_OBJFILTER)) {
1102 					if (audit_objfilter(ilmp, filtees,
1103 					    nlmp, 0) == 0) {
1104 						audit = 1;
1105 						nlmp = NULL;
1106 					}
1107 				}
1108 
1109 				/*
1110 				 * Finish processing the objects associated with
1111 				 * this request.  Create an association between
1112 				 * this object and the originating filter to
1113 				 * provide sufficient information to tear down
1114 				 * this filtee if necessary.
1115 				 */
1116 				if (nlmp && ghp && (((nlmp = analyze_lmc(lml,
1117 				    lmco, nlmp, in_nfavl)) == NULL) ||
1118 				    (relocate_lmc(lml, lmco, ilmp, nlmp,
1119 				    in_nfavl) == 0)))
1120 					nlmp = NULL;
1121 
1122 				/*
1123 				 * If the filtee has been successfully
1124 				 * processed, then create an association
1125 				 * between the filter and filtee.  This
1126 				 * association provides sufficient information
1127 				 * to tear down the filter and filtee if
1128 				 * necessary.
1129 				 */
1130 				DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD));
1131 				if (nlmp && ghp && (hdl_add(ghp, ilmp,
1132 				    GPD_FILTER, NULL) == NULL))
1133 					nlmp = NULL;
1134 
1135 				/*
1136 				 * Generate a diagnostic if the filtee couldn't
1137 				 * be loaded.
1138 				 */
1139 				if (nlmp == NULL)
1140 					DBG_CALL(Dbg_file_filtee(lml, 0, filtee,
1141 					    audit));
1142 
1143 				/*
1144 				 * If this filtee loading has failed, and we've
1145 				 * created a new link-map control list to which
1146 				 * this request has added objects, then remove
1147 				 * all the objects that have been associated to
1148 				 * this request.
1149 				 */
1150 				if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
1151 					remove_lmc(lml, clmp, lmco, name);
1152 
1153 				/*
1154 				 * Remove any temporary link-map control list.
1155 				 */
1156 				if (lmco != ALIST_OFF_DATA)
1157 					remove_cntl(lml, lmco);
1158 			}
1159 
1160 			/*
1161 			 * If the filtee couldn't be loaded, null out the
1162 			 * path name descriptor entry, and continue the search.
1163 			 * Otherwise, the group handle is retained for future
1164 			 * symbol searches.
1165 			 */
1166 			if (nlmp == NULL) {
1167 				pdp->pd_info = NULL;
1168 				pdp->pd_plen = 0;
1169 				continue;
1170 			}
1171 		}
1172 
1173 		ghp = (Grp_hdl *)pdp->pd_info;
1174 
1175 		/*
1176 		 * If name is NULL, we're here to trigger filtee loading.
1177 		 * Skip the symbol lookup so that we'll continue looking for
1178 		 * additional filtees.
1179 		 */
1180 		if (name) {
1181 			Grp_desc	*gdp;
1182 			int		ret = 0;
1183 			Aliste		idx;
1184 			Slookup		sl = *slp;
1185 
1186 			sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM);
1187 			any++;
1188 
1189 			/*
1190 			 * Look for the symbol in the handles dependencies.
1191 			 */
1192 			for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) {
1193 				if ((gdp->gd_flags & GPD_DLSYM) == 0)
1194 					continue;
1195 
1196 				/*
1197 				 * If our parent is a dependency don't look at
1198 				 * it (otherwise we are in a recursive loop).
1199 				 * This situation can occur with auxiliary
1200 				 * filters if the filtee has a dependency on the
1201 				 * filter.  This dependency isn't necessary as
1202 				 * auxiliary filters are opened RTLD_PARENT, but
1203 				 * users may still unknowingly add an explicit
1204 				 * dependency to the parent.
1205 				 */
1206 				if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1207 					continue;
1208 
1209 				if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo,
1210 				    in_nfavl)) != 0) ||
1211 				    (ghp->gh_flags & GPH_FIRST))
1212 					break;
1213 			}
1214 
1215 			/*
1216 			 * If a symbol has been found, indicate the binding
1217 			 * and return the symbol.
1218 			 */
1219 			if (ret) {
1220 				*binfo |= DBG_BINFO_FILTEE;
1221 				return (1);
1222 			}
1223 		}
1224 
1225 		/*
1226 		 * If this object is tagged to terminate filtee processing we're
1227 		 * done.
1228 		 */
1229 		if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE)
1230 			break;
1231 	}
1232 
1233 	/*
1234 	 * If we're just here to trigger filtee loading then we're done.
1235 	 */
1236 	if (name == NULL)
1237 		return (0);
1238 
1239 	/*
1240 	 * If no filtees have been found for a filter, clean up any path name
1241 	 * descriptors and disable their search completely.  For auxiliary
1242 	 * filters we can reselect the symbol search function so that we never
1243 	 * enter this routine again for this object.  For standard filters we
1244 	 * use the null symbol routine.
1245 	 */
1246 	if (any == 0) {
1247 		remove_plist((Alist **)&(dip->di_info), 1);
1248 		elf_disable_filtee(ilmp, dip);
1249 	}
1250 
1251 	return (0);
1252 }
1253 
1254 /*
1255  * Focal point for disabling error messages for auxiliary filters.  As an
1256  * auxiliary filter allows for filtee use, but provides a fallback should a
1257  * filtee not exist (or fail to load), any errors generated as a consequence of
1258  * trying to load the filtees are typically suppressed.  Setting RT_FL_SILENCERR
1259  * suppresses errors generated by eprintf(), but ensures a debug diagnostic is
1260  * produced.  ldd(1) employs printf(), and here the selection of whether to
1261  * print a diagnostic in regards to auxiliary filters is a little more complex.
1262  *
1263  *   -	The determination of whether to produce an ldd message, or a fatal
1264  *	error message is driven by LML_FLG_TRC_ENABLE.
1265  *   -	More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1266  *	(ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1267  *	and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1268  *   -	If the calling object is lddstub, then several classes of message are
1269  *	suppressed.  The user isn't trying to diagnose lddstub, this is simply
1270  *	a stub executable employed to preload a user specified library against.
1271  *   -	If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1272  *	be suppressed.  All detailed ldd messages should still be produced.
1273  */
1274 int
1275 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
1276     int *in_nfavl)
1277 {
1278 	Dyninfo	*dip = &DYNINFO(slp->sl_imap)[ndx];
1279 	int	ret, silent = 0;
1280 
1281 	/*
1282 	 * Make sure this entry is still acting as a filter.  We may have tried
1283 	 * to process this previously, and disabled it if the filtee couldn't
1284 	 * be processed.  However, other entries may provide different filtees
1285 	 * that are yet to be completed.
1286 	 */
1287 	if (dip->di_flags == 0)
1288 		return (0);
1289 
1290 	/*
1291 	 * Indicate whether an error message is required should this filtee not
1292 	 * be found, based on the type of filter.
1293 	 */
1294 	if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1295 	    ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1296 		rtld_flags |= RT_FL_SILENCERR;
1297 		silent = 1;
1298 	}
1299 
1300 	ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl);
1301 
1302 	if (silent)
1303 		rtld_flags &= ~RT_FL_SILENCERR;
1304 
1305 	return (ret);
1306 }
1307 
1308 /*
1309  * Compute the elf hash value (as defined in the ELF access library).
1310  * The form of the hash table is:
1311  *
1312  *	|--------------|
1313  *	| # of buckets |
1314  *	|--------------|
1315  *	| # of chains  |
1316  *	|--------------|
1317  *	|   bucket[]   |
1318  *	|--------------|
1319  *	|   chain[]    |
1320  *	|--------------|
1321  */
1322 ulong_t
1323 elf_hash(const char *name)
1324 {
1325 	uint_t	hval = 0;
1326 
1327 	while (*name) {
1328 		uint_t	g;
1329 		hval = (hval << 4) + *name++;
1330 		if ((g = (hval & 0xf0000000)) != 0)
1331 			hval ^= g >> 24;
1332 		hval &= ~g;
1333 	}
1334 	return ((ulong_t)hval);
1335 }
1336 
1337 /*
1338  * Look up a symbol.  The callers lookup information is passed in the Slookup
1339  * structure, and any resultant binding information is returned in the Sresult
1340  * structure.
1341  */
1342 int
1343 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
1344 {
1345 	const char	*name = slp->sl_name;
1346 	Rt_map		*ilmp = slp->sl_imap;
1347 	ulong_t		hash = slp->sl_hash;
1348 	uint_t		ndx, hashoff, buckets, *chainptr;
1349 	Sym		*sym, *symtabptr;
1350 	char		*strtabptr, *strtabname;
1351 	uint_t		flags1;
1352 	Syminfo		*sip;
1353 
1354 	/*
1355 	 * If we're only here to establish a symbols index, skip the diagnostic
1356 	 * used to trace a symbol search.
1357 	 */
1358 	if ((slp->sl_flags & LKUP_SYMNDX) == 0)
1359 		DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF)));
1360 
1361 	if (HASH(ilmp) == NULL)
1362 		return (0);
1363 
1364 	buckets = HASH(ilmp)[0];
1365 	/* LINTED */
1366 	hashoff = ((uint_t)hash % buckets) + 2;
1367 
1368 	/*
1369 	 * Get the first symbol from the hash chain and initialize the string
1370 	 * and symbol table pointers.
1371 	 */
1372 	if ((ndx = HASH(ilmp)[hashoff]) == 0)
1373 		return (0);
1374 
1375 	chainptr = HASH(ilmp) + 2 + buckets;
1376 	strtabptr = STRTAB(ilmp);
1377 	symtabptr = SYMTAB(ilmp);
1378 
1379 	while (ndx) {
1380 		sym = symtabptr + ndx;
1381 		strtabname = strtabptr + sym->st_name;
1382 
1383 		/*
1384 		 * Compare the symbol found with the name required.  If the
1385 		 * names don't match continue with the next hash entry.
1386 		 */
1387 		if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1388 			hashoff = ndx + buckets + 2;
1389 			if ((ndx = chainptr[ndx]) != 0)
1390 				continue;
1391 			return (0);
1392 		}
1393 
1394 		/*
1395 		 * Symbols that are defined as hidden within an object usually
1396 		 * have any references from within the same object bound at
1397 		 * link-edit time, thus ld.so.1 is not involved.  However, if
1398 		 * these are capabilities symbols, then references to them must
1399 		 * be resolved at runtime.  A hidden symbol can only be bound
1400 		 * to by the object that defines the symbol.
1401 		 */
1402 		if ((sym->st_shndx != SHN_UNDEF) &&
1403 		    (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) &&
1404 		    (slp->sl_cmap != ilmp))
1405 			return (0);
1406 
1407 		/*
1408 		 * The Solaris ld does not put DT_VERSYM in the dynamic
1409 		 * section, but the GNU ld does. The GNU runtime linker
1410 		 * interprets the top bit of the 16-bit Versym value
1411 		 * (0x8000) as the "hidden" bit. If this bit is set,
1412 		 * the linker is supposed to act as if that symbol does
1413 		 * not exist. The hidden bit supports their versioning
1414 		 * scheme, which allows multiple incompatible functions
1415 		 * with the same name to exist at different versions
1416 		 * within an object. The Solaris linker does not support this
1417 		 * mechanism, or the model of interface evolution that
1418 		 * it allows, but we honor the hidden bit in GNU ld
1419 		 * produced objects in order to interoperate with them.
1420 		 */
1421 		if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) {
1422 			DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name,
1423 			    ndx, VERSYM(ilmp)[ndx]));
1424 			return (0);
1425 		}
1426 
1427 		/*
1428 		 * If we're only here to establish a symbol's index, we're done.
1429 		 */
1430 		if (slp->sl_flags & LKUP_SYMNDX) {
1431 			srp->sr_dmap = ilmp;
1432 			srp->sr_sym = sym;
1433 			return (1);
1434 		}
1435 
1436 		/*
1437 		 * If we find a match and the symbol is defined, capture the
1438 		 * symbol pointer and the link map in which it was found.
1439 		 */
1440 		if (sym->st_shndx != SHN_UNDEF) {
1441 			srp->sr_dmap = ilmp;
1442 			srp->sr_sym = sym;
1443 			*binfo |= DBG_BINFO_FOUND;
1444 
1445 			if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1446 			    ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1447 			    is_sym_interposer(ilmp, sym)))
1448 				*binfo |= DBG_BINFO_INTERPOSE;
1449 			break;
1450 
1451 		/*
1452 		 * If we find a match and the symbol is undefined, the
1453 		 * symbol type is a function, and the value of the symbol
1454 		 * is non zero, then this is a special case.  This allows
1455 		 * the resolution of a function address to the plt[] entry.
1456 		 * See SPARC ABI, Dynamic Linking, Function Addresses for
1457 		 * more details.
1458 		 */
1459 		} else if ((slp->sl_flags & LKUP_SPEC) &&
1460 		    (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1461 		    (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1462 			srp->sr_dmap = ilmp;
1463 			srp->sr_sym = sym;
1464 			*binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1465 
1466 			if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1467 			    ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1468 			    is_sym_interposer(ilmp, sym)))
1469 				*binfo |= DBG_BINFO_INTERPOSE;
1470 			return (1);
1471 		}
1472 
1473 		/*
1474 		 * Undefined symbol.
1475 		 */
1476 		return (0);
1477 	}
1478 
1479 	/*
1480 	 * We've found a match.  Determine if the defining object contains
1481 	 * symbol binding information.
1482 	 */
1483 	if ((sip = SYMINFO(ilmp)) != NULL)
1484 		sip += ndx;
1485 
1486 	/*
1487 	 * If this definition is a singleton, and we haven't followed a default
1488 	 * symbol search knowing that we're looking for a singleton (presumably
1489 	 * because the symbol definition has been changed since the referring
1490 	 * object was built), then reject this binding so that the caller can
1491 	 * fall back to a standard symbol search.
1492 	 */
1493 	if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) &&
1494 	    (((slp->sl_flags & LKUP_STANDARD) == 0) ||
1495 	    (((slp->sl_flags & LKUP_SINGLETON) == 0) &&
1496 	    (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) {
1497 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1498 		    DBG_BNDREJ_SINGLE));
1499 		*binfo |= BINFO_REJSINGLE;
1500 		*binfo &= ~DBG_BINFO_MSK;
1501 		return (0);
1502 	}
1503 
1504 	/*
1505 	 * If this is a direct binding request, but the symbol definition has
1506 	 * disabled directly binding to it (presumably because the symbol
1507 	 * definition has been changed since the referring object was built),
1508 	 * reject this binding so that the caller can fall back to a standard
1509 	 * symbol search.
1510 	 */
1511 	if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1512 	    (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1513 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1514 		    DBG_BNDREJ_DIRECT));
1515 		*binfo |= BINFO_REJDIRECT;
1516 		*binfo &= ~DBG_BINFO_MSK;
1517 		return (0);
1518 	}
1519 
1520 	/*
1521 	 * If this is a binding request within an RTLD_GROUP family, and the
1522 	 * symbol has disabled directly binding to it, reject this binding so
1523 	 * that the caller can fall back to a standard symbol search.
1524 	 *
1525 	 * Effectively, an RTLD_GROUP family achieves what can now be
1526 	 * established with direct bindings.  However, various symbols have
1527 	 * been tagged as inappropriate for direct binding to (ie. libc:malloc).
1528 	 *
1529 	 * A symbol marked as no-direct cannot be used within a group without
1530 	 * first ensuring that the symbol has not been interposed upon outside
1531 	 * of the group.  A common example occurs when users implement their own
1532 	 * version of malloc() in the executable.  Such a malloc() interposes on
1533 	 * the libc:malloc, and this interposition must be honored within the
1534 	 * group as well.
1535 	 *
1536 	 * Following any rejection, LKUP_WORLD is established as a means of
1537 	 * overriding this test as we return to a standard search.
1538 	 */
1539 	if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) &&
1540 	    ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) &&
1541 	    ((slp->sl_flags & LKUP_WORLD) == 0)) {
1542 		DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1543 		    DBG_BNDREJ_GROUP));
1544 		*binfo |= BINFO_REJGROUP;
1545 		*binfo &= ~DBG_BINFO_MSK;
1546 		return (0);
1547 	}
1548 
1549 	/*
1550 	 * If this symbol is associated with capabilities, then each of the
1551 	 * capabilities instances needs to be compared against the system
1552 	 * capabilities.  The best instance will be chosen to satisfy this
1553 	 * binding.
1554 	 */
1555 	if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) &&
1556 	    (cap_match(srp, ndx, symtabptr, strtabptr) == 0))
1557 		return (0);
1558 
1559 	/*
1560 	 * Determine whether this object is acting as a filter.
1561 	 */
1562 	if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1563 		return (1);
1564 
1565 	/*
1566 	 * Determine if this object offers per-symbol filtering, and if so,
1567 	 * whether this symbol references a filtee.
1568 	 */
1569 	if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1570 		/*
1571 		 * If this is a standard filter reference, and no standard
1572 		 * filtees remain to be inspected, we're done.  If this is an
1573 		 * auxiliary filter reference, and no auxiliary filtees remain,
1574 		 * we'll fall through in case any object filtering is available.
1575 		 */
1576 		if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1577 		    (SYMSFLTRCNT(ilmp) == 0))
1578 			return (0);
1579 
1580 		if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1581 		    ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1582 		    SYMAFLTRCNT(ilmp))) {
1583 			Sresult	sr;
1584 
1585 			/*
1586 			 * Initialize a local symbol result descriptor, using
1587 			 * the original symbol name.
1588 			 */
1589 			SRESULT_INIT(sr, slp->sl_name);
1590 
1591 			/*
1592 			 * This symbol has an associated filtee.  Lookup the
1593 			 * symbol in the filtee, and if it is found return it.
1594 			 * If the symbol doesn't exist, and this is a standard
1595 			 * filter, return an error, otherwise fall through to
1596 			 * catch any object filtering that may be available.
1597 			 */
1598 			if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto,
1599 			    in_nfavl)) {
1600 				*srp = sr;
1601 				return (1);
1602 			}
1603 			if (sip->si_flags & SYMINFO_FLG_FILTER)
1604 				return (0);
1605 		}
1606 	}
1607 
1608 	/*
1609 	 * Determine if this object provides global filtering.
1610 	 */
1611 	if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1612 		if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1613 			Sresult	sr;
1614 
1615 			/*
1616 			 * Initialize a local symbol result descriptor, using
1617 			 * the original symbol name.
1618 			 */
1619 			SRESULT_INIT(sr, slp->sl_name);
1620 
1621 			/*
1622 			 * This object has an associated filtee.  Lookup the
1623 			 * symbol in the filtee, and if it is found return it.
1624 			 * If the symbol doesn't exist, and this is a standard
1625 			 * filter, return and error, otherwise return the symbol
1626 			 * within the filter itself.
1627 			 */
1628 			if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp),
1629 			    in_nfavl)) {
1630 				*srp = sr;
1631 				return (1);
1632 			}
1633 		}
1634 
1635 		if (flags1 & FL1_RT_OBJSFLTR)
1636 			return (0);
1637 	}
1638 	return (1);
1639 }
1640 
1641 /*
1642  * Create a new Rt_map structure for an ELF object and initialize
1643  * all values.
1644  */
1645 Rt_map *
1646 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize,
1647     void *odyn, int *in_nfavl)
1648 {
1649 	const char	*name = fdp->fd_nname;
1650 	Rt_map		*lmp;
1651 	Ehdr		*ehdr = (Ehdr *)addr;
1652 	Phdr		*phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL;
1653 	Dyn		*dyn = (Dyn *)odyn;
1654 	Cap		*cap = NULL;
1655 	int		ndx;
1656 	Addr		base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1657 	Xword		rpath = 0;
1658 	size_t		lmsz, rtsz, epsz, dynsz = 0;
1659 	uint_t		dyncnt = 0;
1660 
1661 	DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco));
1662 
1663 	/*
1664 	 * If this is a shared object, the base address of the shared object is
1665 	 * added to all address values defined within the object.  Otherwise, if
1666 	 * this is an executable, all object addresses are used as is.
1667 	 */
1668 	if (ehdr->e_type == ET_EXEC)
1669 		base = 0;
1670 	else
1671 		base = addr;
1672 
1673 	/*
1674 	 * Traverse the program header table, picking off required items.  This
1675 	 * traversal also provides for the sizing of the PT_DYNAMIC section.
1676 	 */
1677 	phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff);
1678 	for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++,
1679 	    phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) {
1680 		switch (phdr->p_type) {
1681 		case PT_DYNAMIC:
1682 			dphdr = phdr;
1683 			dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
1684 			break;
1685 		case PT_TLS:
1686 			tphdr = phdr;
1687 			break;
1688 		case PT_SUNWCAP:
1689 			cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
1690 			break;
1691 		case PT_SUNW_UNWIND:
1692 		case PT_SUNW_EH_FRAME:
1693 			uphdr = phdr;
1694 			break;
1695 		default:
1696 			break;
1697 		}
1698 	}
1699 
1700 	/*
1701 	 * Determine the number of PT_DYNAMIC entries for the DYNINFO()
1702 	 * allocation.  Sadly, this is a little larger than we really need,
1703 	 * as there are typically padding DT_NULL entries.  However, adding
1704 	 * this data to the initial link-map allocation is a win.
1705 	 */
1706 	if (dyn) {
1707 		dyncnt = dphdr->p_filesz / sizeof (Dyn);
1708 		dynsz = dyncnt * sizeof (Dyninfo);
1709 	}
1710 
1711 	/*
1712 	 * Allocate space for the link-map, private elf information, and
1713 	 * DYNINFO() data.  Once these are allocated and initialized,
1714 	 * remove_so(0, lmp) can be used to tear down the link-map allocation
1715 	 * should any failures occur.
1716 	 */
1717 	rtsz = S_DROUND(sizeof (Rt_map));
1718 	epsz = S_DROUND(sizeof (Rt_elfp));
1719 	lmsz = rtsz + epsz + dynsz;
1720 	if ((lmp = calloc(lmsz, 1)) == NULL)
1721 		return (NULL);
1722 	ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz);
1723 	DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz);
1724 	LMSIZE(lmp) = lmsz;
1725 
1726 	/*
1727 	 * All fields not filled in were set to 0 by calloc.
1728 	 */
1729 	NAME(lmp) = (char *)name;
1730 	ADDR(lmp) = addr;
1731 	MSIZE(lmp) = msize;
1732 	SYMINTP(lmp) = elf_find_sym;
1733 	FCT(lmp) = &elf_fct;
1734 	LIST(lmp) = lml;
1735 	OBJFLTRNDX(lmp) = FLTR_DISABLED;
1736 	SORTVAL(lmp) = -1;
1737 	DYN(lmp) = dyn;
1738 	DYNINFOCNT(lmp) = dyncnt;
1739 	PTUNWIND(lmp) = uphdr;
1740 
1741 	if (ehdr->e_type == ET_EXEC)
1742 		FLAGS(lmp) |= FLG_RT_FIXED;
1743 
1744 	/*
1745 	 * Fill in rest of the link map entries with information from the file's
1746 	 * dynamic structure.
1747 	 */
1748 	if (dyn) {
1749 		Dyninfo		*dip;
1750 		uint_t		dynndx;
1751 		Xword		pltpadsz = 0;
1752 		Rti_desc	*rti;
1753 		Dyn		*pdyn;
1754 		Word		lmtflags = lml->lm_tflags;
1755 		int		ignore = 0;
1756 
1757 		/*
1758 		 * Note, we use DT_NULL to terminate processing, and the
1759 		 * dynamic entry count as a fall back.  Normally, a DT_NULL
1760 		 * entry marks the end of the dynamic section.  Any non-NULL
1761 		 * items following the first DT_NULL are silently ignored.
1762 		 * This situation should only occur through use of elfedit(1)
1763 		 * or a similar tool.
1764 		 */
1765 		for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp);
1766 		    dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) {
1767 
1768 			if (ignore) {
1769 				dip->di_flags |= FLG_DI_IGNORE;
1770 				continue;
1771 			}
1772 
1773 			switch ((Xword)dyn->d_tag) {
1774 			case DT_NULL:
1775 				dip->di_flags |= ignore = FLG_DI_IGNORE;
1776 				break;
1777 			case DT_POSFLAG_1:
1778 				dip->di_flags |= FLG_DI_POSFLAG1;
1779 				break;
1780 			case DT_NEEDED:
1781 			case DT_USED:
1782 				dip->di_flags |= FLG_DI_NEEDED;
1783 
1784 				/* BEGIN CSTYLED */
1785 				if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) {
1786 				    /*
1787 				     * Identify any non-deferred lazy load for
1788 				     * future processing, unless LD_NOLAZYLOAD
1789 				     * has been set.
1790 				     */
1791 				    if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) &&
1792 					((lmtflags & LML_TFLG_NOLAZYLD) == 0))
1793 					    dip->di_flags |= FLG_DI_LAZY;
1794 
1795 				    /*
1796 				     * Identify any group permission
1797 				     * requirements.
1798 				     */
1799 				    if (pdyn->d_un.d_val & DF_P1_GROUPPERM)
1800 					    dip->di_flags |= FLG_DI_GROUP;
1801 
1802 				    /*
1803 				     * Identify any deferred dependencies.
1804 				     */
1805 				    if (pdyn->d_un.d_val & DF_P1_DEFERRED)
1806 					    dip->di_flags |= FLG_DI_DEFERRED;
1807 				}
1808 				/* END CSTYLED */
1809 				break;
1810 			case DT_SYMTAB:
1811 				SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1812 				break;
1813 			case DT_SUNW_SYMTAB:
1814 				SUNWSYMTAB(lmp) =
1815 				    (void *)(dyn->d_un.d_ptr + base);
1816 				break;
1817 			case DT_SUNW_SYMSZ:
1818 				SUNWSYMSZ(lmp) = dyn->d_un.d_val;
1819 				break;
1820 			case DT_STRTAB:
1821 				STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1822 				break;
1823 			case DT_SYMENT:
1824 				SYMENT(lmp) = dyn->d_un.d_val;
1825 				break;
1826 			case DT_FEATURE_1:
1827 				dyn->d_un.d_val |= DTF_1_PARINIT;
1828 				if (dyn->d_un.d_val & DTF_1_CONFEXP)
1829 					crle = 1;
1830 				break;
1831 			case DT_MOVESZ:
1832 				MOVESZ(lmp) = dyn->d_un.d_val;
1833 				FLAGS(lmp) |= FLG_RT_MOVE;
1834 				break;
1835 			case DT_MOVEENT:
1836 				MOVEENT(lmp) = dyn->d_un.d_val;
1837 				break;
1838 			case DT_MOVETAB:
1839 				MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1840 				break;
1841 			case DT_REL:
1842 			case DT_RELA:
1843 				/*
1844 				 * At this time, ld.so. can only handle one
1845 				 * type of relocation per object.
1846 				 */
1847 				REL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1848 				break;
1849 			case DT_RELSZ:
1850 			case DT_RELASZ:
1851 				RELSZ(lmp) = dyn->d_un.d_val;
1852 				break;
1853 			case DT_RELENT:
1854 			case DT_RELAENT:
1855 				RELENT(lmp) = dyn->d_un.d_val;
1856 				break;
1857 			case DT_RELCOUNT:
1858 			case DT_RELACOUNT:
1859 				RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val;
1860 				break;
1861 			case DT_HASH:
1862 				HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base);
1863 				break;
1864 			case DT_PLTGOT:
1865 				PLTGOT(lmp) =
1866 				    (uint_t *)(dyn->d_un.d_ptr + base);
1867 				break;
1868 			case DT_PLTRELSZ:
1869 				PLTRELSZ(lmp) = dyn->d_un.d_val;
1870 				break;
1871 			case DT_JMPREL:
1872 				JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1873 				break;
1874 			case DT_INIT:
1875 				if (dyn->d_un.d_ptr != NULL)
1876 					INIT(lmp) =
1877 					    (void (*)())(dyn->d_un.d_ptr +
1878 					    base);
1879 				break;
1880 			case DT_FINI:
1881 				if (dyn->d_un.d_ptr != NULL)
1882 					FINI(lmp) =
1883 					    (void (*)())(dyn->d_un.d_ptr +
1884 					    base);
1885 				break;
1886 			case DT_INIT_ARRAY:
1887 				INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1888 				    base);
1889 				break;
1890 			case DT_INIT_ARRAYSZ:
1891 				INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1892 				break;
1893 			case DT_FINI_ARRAY:
1894 				FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1895 				    base);
1896 				break;
1897 			case DT_FINI_ARRAYSZ:
1898 				FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1899 				break;
1900 			case DT_PREINIT_ARRAY:
1901 				PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1902 				    base);
1903 				break;
1904 			case DT_PREINIT_ARRAYSZ:
1905 				PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1906 				break;
1907 			case DT_RPATH:
1908 			case DT_RUNPATH:
1909 				rpath = dyn->d_un.d_val;
1910 				break;
1911 			case DT_FILTER:
1912 				dip->di_flags |= FLG_DI_STDFLTR;
1913 				fltr = dyn->d_un.d_val;
1914 				OBJFLTRNDX(lmp) = dynndx;
1915 				FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
1916 				break;
1917 			case DT_AUXILIARY:
1918 				dip->di_flags |= FLG_DI_AUXFLTR;
1919 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1920 					fltr = dyn->d_un.d_val;
1921 					OBJFLTRNDX(lmp) = dynndx;
1922 				}
1923 				FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
1924 				break;
1925 			case DT_SUNW_FILTER:
1926 				dip->di_flags |=
1927 				    (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
1928 				SYMSFLTRCNT(lmp)++;
1929 				FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
1930 				break;
1931 			case DT_SUNW_AUXILIARY:
1932 				dip->di_flags |=
1933 				    (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
1934 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1935 					SYMAFLTRCNT(lmp)++;
1936 				}
1937 				FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
1938 				break;
1939 			case DT_DEPAUDIT:
1940 				if (!(rtld_flags & RT_FL_NOAUDIT))
1941 					audit = dyn->d_un.d_val;
1942 				break;
1943 			case DT_CONFIG:
1944 				cfile = dyn->d_un.d_val;
1945 				break;
1946 			case DT_DEBUG:
1947 				/*
1948 				 * DT_DEBUG entries are only created in
1949 				 * dynamic objects that require an interpretor
1950 				 * (ie. all dynamic executables and some shared
1951 				 * objects), and provide for a hand-shake with
1952 				 * old debuggers.  This entry is initialized to
1953 				 * zero by the link-editor.  If a debugger is
1954 				 * monitoring us, and has updated this entry,
1955 				 * set the debugger monitor flag, and finish
1956 				 * initializing the debugging structure.  See
1957 				 * setup().  Also, switch off any configuration
1958 				 * object use as most debuggers can't handle
1959 				 * fixed dynamic executables as dependencies.
1960 				 */
1961 				if (dyn->d_un.d_ptr)
1962 					rtld_flags |=
1963 					    (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
1964 				dyn->d_un.d_ptr = (Addr)&r_debug;
1965 				break;
1966 			case DT_VERNEED:
1967 				VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr +
1968 				    base);
1969 				break;
1970 			case DT_VERNEEDNUM:
1971 				/* LINTED */
1972 				VERNEEDNUM(lmp) = (int)dyn->d_un.d_val;
1973 				break;
1974 			case DT_VERDEF:
1975 				VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr +
1976 				    base);
1977 				break;
1978 			case DT_VERDEFNUM:
1979 				/* LINTED */
1980 				VERDEFNUM(lmp) = (int)dyn->d_un.d_val;
1981 				break;
1982 			case DT_VERSYM:
1983 				/*
1984 				 * The Solaris ld does not produce DT_VERSYM,
1985 				 * but the GNU ld does, in order to support
1986 				 * their style of versioning, which differs
1987 				 * from ours in some ways, while using the
1988 				 * same data structures. The presence of
1989 				 * DT_VERSYM therefore means that GNU
1990 				 * versioning rules apply to the given file.
1991 				 * If DT_VERSYM is not present, then Solaris
1992 				 * versioning rules apply.
1993 				 */
1994 				VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr +
1995 				    base);
1996 				break;
1997 			case DT_BIND_NOW:
1998 				if ((dyn->d_un.d_val & DF_BIND_NOW) &&
1999 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2000 					MODE(lmp) |= RTLD_NOW;
2001 					MODE(lmp) &= ~RTLD_LAZY;
2002 				}
2003 				break;
2004 			case DT_FLAGS:
2005 				FLAGS1(lmp) |= FL1_RT_DTFLAGS;
2006 				if (dyn->d_un.d_val & DF_SYMBOLIC)
2007 					FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
2008 				if ((dyn->d_un.d_val & DF_BIND_NOW) &&
2009 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2010 					MODE(lmp) |= RTLD_NOW;
2011 					MODE(lmp) &= ~RTLD_LAZY;
2012 				}
2013 				/*
2014 				 * Capture any static TLS use, and enforce that
2015 				 * this object be non-deletable.
2016 				 */
2017 				if (dyn->d_un.d_val & DF_STATIC_TLS) {
2018 					FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2019 					MODE(lmp) |= RTLD_NODELETE;
2020 				}
2021 				break;
2022 			case DT_FLAGS_1:
2023 				if (dyn->d_un.d_val & DF_1_DISPRELPND)
2024 					FLAGS1(lmp) |= FL1_RT_DISPREL;
2025 				if (dyn->d_un.d_val & DF_1_GROUP)
2026 					FLAGS(lmp) |=
2027 					    (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
2028 				if ((dyn->d_un.d_val & DF_1_NOW) &&
2029 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2030 					MODE(lmp) |= RTLD_NOW;
2031 					MODE(lmp) &= ~RTLD_LAZY;
2032 				}
2033 				if (dyn->d_un.d_val & DF_1_NODELETE)
2034 					MODE(lmp) |= RTLD_NODELETE;
2035 				if (dyn->d_un.d_val & DF_1_INITFIRST)
2036 					FLAGS(lmp) |= FLG_RT_INITFRST;
2037 				if (dyn->d_un.d_val & DF_1_NOOPEN)
2038 					FLAGS(lmp) |= FLG_RT_NOOPEN;
2039 				if (dyn->d_un.d_val & DF_1_LOADFLTR)
2040 					FLAGS(lmp) |= FLG_RT_LOADFLTR;
2041 				if (dyn->d_un.d_val & DF_1_NODUMP)
2042 					FLAGS(lmp) |= FLG_RT_NODUMP;
2043 				if (dyn->d_un.d_val & DF_1_CONFALT)
2044 					crle = 1;
2045 				if (dyn->d_un.d_val & DF_1_DIRECT)
2046 					FLAGS1(lmp) |= FL1_RT_DIRECT;
2047 				if (dyn->d_un.d_val & DF_1_NODEFLIB)
2048 					FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2049 				if (dyn->d_un.d_val & DF_1_ENDFILTEE)
2050 					FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2051 				if (dyn->d_un.d_val & DF_1_TRANS)
2052 					FLAGS(lmp) |= FLG_RT_TRANS;
2053 
2054 				/*
2055 				 * Global auditing is only meaningful when
2056 				 * specified by the initiating object of the
2057 				 * process - typically the dynamic executable.
2058 				 * If this is the initiating object, its link-
2059 				 * map will not yet have been added to the
2060 				 * link-map list, and consequently the link-map
2061 				 * list is empty.  (see setup()).
2062 				 */
2063 				if (dyn->d_un.d_val & DF_1_GLOBAUDIT) {
2064 					if (lml_main.lm_head == NULL)
2065 						FLAGS1(lmp) |= FL1_RT_GLOBAUD;
2066 					else
2067 						DBG_CALL(Dbg_audit_ignore(lmp));
2068 				}
2069 
2070 				/*
2071 				 * If this object identifies itself as an
2072 				 * interposer, but relocation processing has
2073 				 * already started, then demote it.  It's too
2074 				 * late to guarantee complete interposition.
2075 				 */
2076 				/* BEGIN CSTYLED */
2077 				if (dyn->d_un.d_val &
2078 				    (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) {
2079 				    if (lml->lm_flags & LML_FLG_STARTREL) {
2080 					DBG_CALL(Dbg_util_intoolate(lmp));
2081 					if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2082 					    (void) printf(
2083 						MSG_INTL(MSG_LDD_REL_ERR2),
2084 						NAME(lmp));
2085 				    } else if (dyn->d_un.d_val & DF_1_INTERPOSE)
2086 					FLAGS(lmp) |= FLG_RT_OBJINTPO;
2087 				    else
2088 					FLAGS(lmp) |= FLG_RT_SYMINTPO;
2089 				}
2090 				/* END CSTYLED */
2091 				break;
2092 			case DT_SYMINFO:
2093 				SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr +
2094 				    base);
2095 				break;
2096 			case DT_SYMINENT:
2097 				SYMINENT(lmp) = dyn->d_un.d_val;
2098 				break;
2099 			case DT_PLTPAD:
2100 				PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base);
2101 				break;
2102 			case DT_PLTPADSZ:
2103 				pltpadsz = dyn->d_un.d_val;
2104 				break;
2105 			case DT_SUNW_RTLDINF:
2106 				/*
2107 				 * Maintain a list of RTLDINFO structures.
2108 				 * Typically, libc is the only supplier, and
2109 				 * only one structure is provided.  However,
2110 				 * multiple suppliers and multiple structures
2111 				 * are supported.  For example, one structure
2112 				 * may provide thread_init, and another
2113 				 * structure may provide atexit reservations.
2114 				 */
2115 				if ((rti = alist_append(&lml->lm_rti, NULL,
2116 				    sizeof (Rti_desc),
2117 				    AL_CNT_RTLDINFO)) == NULL) {
2118 					remove_so(0, lmp);
2119 					return (NULL);
2120 				}
2121 				rti->rti_lmp = lmp;
2122 				rti->rti_info = (void *)(dyn->d_un.d_ptr +
2123 				    base);
2124 				break;
2125 			case DT_SUNW_SORTENT:
2126 				SUNWSORTENT(lmp) = dyn->d_un.d_val;
2127 				break;
2128 			case DT_SUNW_SYMSORT:
2129 				SUNWSYMSORT(lmp) =
2130 				    (void *)(dyn->d_un.d_ptr + base);
2131 				break;
2132 			case DT_SUNW_SYMSORTSZ:
2133 				SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val;
2134 				break;
2135 			case DT_DEPRECATED_SPARC_REGISTER:
2136 			case M_DT_REGISTER:
2137 				dip->di_flags |= FLG_DI_REGISTER;
2138 				FLAGS(lmp) |= FLG_RT_REGSYMS;
2139 				break;
2140 			case DT_SUNW_CAP:
2141 				CAP(lmp) = (void *)(dyn->d_un.d_ptr + base);
2142 				break;
2143 			case DT_SUNW_CAPINFO:
2144 				CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base);
2145 				break;
2146 			case DT_SUNW_CAPCHAIN:
2147 				CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr +
2148 				    base);
2149 				break;
2150 			case DT_SUNW_CAPCHAINENT:
2151 				CAPCHAINENT(lmp) = dyn->d_un.d_val;
2152 				break;
2153 			case DT_SUNW_CAPCHAINSZ:
2154 				CAPCHAINSZ(lmp) = dyn->d_un.d_val;
2155 				break;
2156 			}
2157 		}
2158 
2159 		/*
2160 		 * Update any Dyninfo string pointers now that STRTAB() is
2161 		 * known.
2162 		 */
2163 		for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp);
2164 		    !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
2165 
2166 			switch ((Xword)dyn->d_tag) {
2167 			case DT_NEEDED:
2168 			case DT_USED:
2169 			case DT_FILTER:
2170 			case DT_AUXILIARY:
2171 			case DT_SUNW_FILTER:
2172 			case DT_SUNW_AUXILIARY:
2173 				dip->di_name = STRTAB(lmp) + dyn->d_un.d_val;
2174 				break;
2175 			}
2176 		}
2177 
2178 		/*
2179 		 * Assign any padding.
2180 		 */
2181 		if (PLTPAD(lmp)) {
2182 			if (pltpadsz == (Xword)0)
2183 				PLTPAD(lmp) = NULL;
2184 			else
2185 				PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2186 				    pltpadsz);
2187 		}
2188 	}
2189 
2190 	/*
2191 	 * A dynsym contains only global functions. We want to have
2192 	 * a version of it that also includes local functions, so that
2193 	 * dladdr() will be able to report names for local functions
2194 	 * when used to generate a stack trace for a stripped file.
2195 	 * This version of the dynsym is provided via DT_SUNW_SYMTAB.
2196 	 *
2197 	 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick
2198 	 * in order to avoid having to have two copies of the global
2199 	 * symbols held in DT_SYMTAB: The local symbols are placed in
2200 	 * a separate section than the globals in the dynsym, but the
2201 	 * linker conspires to put the data for these two sections adjacent
2202 	 * to each other. DT_SUNW_SYMTAB points at the top of the local
2203 	 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables.
2204 	 *
2205 	 * If the two sections are not adjacent, then something went wrong
2206 	 * at link time. We use ASSERT to kill the process if this is
2207 	 * a debug build. In a production build, we will silently ignore
2208 	 * the presence of the .ldynsym and proceed. We can detect this
2209 	 * situation by checking to see that DT_SYMTAB lies in
2210 	 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ.
2211 	 */
2212 	if ((SUNWSYMTAB(lmp) != NULL) &&
2213 	    (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) ||
2214 	    (((char *)SYMTAB(lmp) >=
2215 	    (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) {
2216 		ASSERT(0);
2217 		SUNWSYMTAB(lmp) = NULL;
2218 		SUNWSYMSZ(lmp) = 0;
2219 	}
2220 
2221 	/*
2222 	 * If configuration file use hasn't been disabled, and a configuration
2223 	 * file hasn't already been set via an environment variable, see if any
2224 	 * application specific configuration file is specified.  An LD_CONFIG
2225 	 * setting is used first, but if this image was generated via crle(1)
2226 	 * then a default configuration file is a fall-back.
2227 	 */
2228 	if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) {
2229 		if (cfile)
2230 			config->c_name = (const char *)(cfile +
2231 			    (char *)STRTAB(lmp));
2232 		else if (crle)
2233 			rtld_flags |= RT_FL_CONFAPP;
2234 	}
2235 
2236 	if (rpath)
2237 		RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2238 	if (fltr)
2239 		REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp));
2240 
2241 	/*
2242 	 * For Intel ABI compatibility.  It's possible that a JMPREL can be
2243 	 * specified without any other relocations (e.g. a dynamic executable
2244 	 * normally only contains .plt relocations).  If this is the case then
2245 	 * no REL, RELSZ or RELENT will have been created.  For us to be able
2246 	 * to traverse the .plt relocations under LD_BIND_NOW we need to know
2247 	 * the RELENT for these relocations.  Refer to elf_reloc() for more
2248 	 * details.
2249 	 */
2250 	if (!RELENT(lmp) && JMPREL(lmp))
2251 		RELENT(lmp) = sizeof (M_RELOC);
2252 
2253 	/*
2254 	 * Establish any per-object auditing.  If we're establishing main's
2255 	 * link-map its too early to go searching for audit objects so just
2256 	 * hold the object name for later (see setup()).
2257 	 */
2258 	if (audit) {
2259 		char	*cp = audit + (char *)STRTAB(lmp);
2260 
2261 		if (*cp) {
2262 			if (((AUDITORS(lmp) =
2263 			    calloc(1, sizeof (Audit_desc))) == NULL) ||
2264 			    ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) {
2265 				remove_so(0, lmp);
2266 				return (NULL);
2267 			}
2268 			if (lml_main.lm_head) {
2269 				if (audit_setup(lmp, AUDITORS(lmp), 0,
2270 				    in_nfavl) == 0) {
2271 					remove_so(0, lmp);
2272 					return (NULL);
2273 				}
2274 				AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags;
2275 				lml->lm_flags |= LML_FLG_LOCAUDIT;
2276 			}
2277 		}
2278 	}
2279 
2280 	if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) {
2281 		remove_so(0, lmp);
2282 		return (NULL);
2283 	}
2284 
2285 	/*
2286 	 * A capabilities section should be identified by a DT_SUNW_CAP entry,
2287 	 * and if non-empty object capabilities are included, a PT_SUNWCAP
2288 	 * header should reference the section.  Make sure CAP() is set
2289 	 * regardless.
2290 	 */
2291 	if ((CAP(lmp) == NULL) && cap)
2292 		CAP(lmp) = cap;
2293 
2294 	/*
2295 	 * Make sure any capabilities information or chain can be handled.
2296 	 */
2297 	if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT))
2298 		CAPINFO(lmp) = NULL;
2299 	if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT))
2300 		CAPCHAIN(lmp) = NULL;
2301 
2302 	/*
2303 	 * As part of processing dependencies, a file descriptor is populated
2304 	 * with capabilities information following validation.
2305 	 */
2306 	if (fdp->fd_flags & FLG_FD_ALTCHECK) {
2307 		FLAGS1(lmp) |= FL1_RT_ALTCHECK;
2308 		CAPSET(lmp) = fdp->fd_scapset;
2309 
2310 		if (fdp->fd_flags & FLG_FD_ALTCAP)
2311 			FLAGS1(lmp) |= FL1_RT_ALTCAP;
2312 
2313 	} else if ((cap = CAP(lmp)) != NULL) {
2314 		/*
2315 		 * Processing of the a.out and ld.so.1 does not involve a file
2316 		 * descriptor as exec() did all the work, so capture the
2317 		 * capabilities for these cases.
2318 		 */
2319 		while (cap->c_tag != CA_SUNW_NULL) {
2320 			switch (cap->c_tag) {
2321 			case CA_SUNW_HW_1:
2322 				CAPSET(lmp).sc_hw_1 = cap->c_un.c_val;
2323 				break;
2324 			case CA_SUNW_SF_1:
2325 				CAPSET(lmp).sc_sf_1 = cap->c_un.c_val;
2326 				break;
2327 			case CA_SUNW_HW_2:
2328 				CAPSET(lmp).sc_hw_2 = cap->c_un.c_val;
2329 				break;
2330 			case CA_SUNW_PLAT:
2331 				CAPSET(lmp).sc_plat = STRTAB(lmp) +
2332 				    cap->c_un.c_ptr;
2333 				break;
2334 			case CA_SUNW_MACH:
2335 				CAPSET(lmp).sc_mach = STRTAB(lmp) +
2336 				    cap->c_un.c_ptr;
2337 				break;
2338 			}
2339 			cap++;
2340 		}
2341 	}
2342 
2343 	/*
2344 	 * If a capabilities chain table exists, duplicate it.  The chain table
2345 	 * is inspected for each initial call to a capabilities family lead
2346 	 * symbol.  From this chain, each family member is inspected to
2347 	 * determine the 'best' family member.  The chain table is then updated
2348 	 * so that the best member is immediately selected for any further
2349 	 * family searches.
2350 	 */
2351 	if (CAPCHAIN(lmp)) {
2352 		Capchain	*capchain;
2353 
2354 		if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL)
2355 			return (NULL);
2356 		(void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp));
2357 		CAPCHAIN(lmp) = capchain;
2358 	}
2359 
2360 	/*
2361 	 * Add the mapped object to the end of the link map list.
2362 	 */
2363 	lm_append(lml, lmco, lmp);
2364 
2365 	/*
2366 	 * Start the system loading in the ELF information we'll be processing.
2367 	 */
2368 	if (REL(lmp)) {
2369 		(void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2370 		    (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2371 		    MADV_WILLNEED);
2372 	}
2373 	return (lmp);
2374 }
2375 
2376 /*
2377  * Build full pathname of shared object from given directory name and filename.
2378  */
2379 static char *
2380 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen)
2381 {
2382 	static char	pname[PATH_MAX];
2383 
2384 	(void) strncpy(pname, dir, dlen);
2385 	pname[dlen++] = '/';
2386 	(void) strncpy(&pname[dlen], file, flen + 1);
2387 	return (pname);
2388 }
2389 
2390 /*
2391  * The copy relocation is recorded in a copy structure which will be applied
2392  * after all other relocations are carried out.  This provides for copying data
2393  * that must be relocated itself (ie. pointers in shared objects).  This
2394  * structure also provides a means of binding RTLD_GROUP dependencies to any
2395  * copy relocations that have been taken from any group members.
2396  *
2397  * If the size of the .bss area available for the copy information is not the
2398  * same as the source of the data inform the user if we're under ldd(1) control
2399  * (this checking was only established in 5.3, so by only issuing an error via
2400  * ldd(1) we maintain the standard set by previous releases).
2401  */
2402 int
2403 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2404     Rt_map *dlmp, const void *dadd)
2405 {
2406 	Rel_copy	rc;
2407 	Lm_list		*lml = LIST(rlmp);
2408 
2409 	rc.r_name = name;
2410 	rc.r_rsym = rsym;		/* the new reference symbol and its */
2411 	rc.r_rlmp = rlmp;		/*	associated link-map */
2412 	rc.r_dlmp = dlmp;		/* the defining link-map */
2413 	rc.r_dsym = dsym;		/* the original definition */
2414 	rc.r_radd = radd;
2415 	rc.r_dadd = dadd;
2416 
2417 	if (rsym->st_size > dsym->st_size)
2418 		rc.r_size = (size_t)dsym->st_size;
2419 	else
2420 		rc.r_size = (size_t)rsym->st_size;
2421 
2422 	if (alist_append(&COPY_R(dlmp), &rc, sizeof (Rel_copy),
2423 	    AL_CNT_COPYREL) == NULL) {
2424 		if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2425 			return (0);
2426 		else
2427 			return (1);
2428 	}
2429 	if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2430 		if (aplist_append(&COPY_S(rlmp), dlmp,
2431 		    AL_CNT_COPYREL) == NULL) {
2432 			if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2433 				return (0);
2434 			else
2435 				return (1);
2436 		}
2437 		FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2438 	}
2439 
2440 	/*
2441 	 * If we are tracing (ldd), warn the user if
2442 	 *	1) the size from the reference symbol differs from the
2443 	 *	   copy definition. We can only copy as much data as the
2444 	 *	   reference (dynamic executables) entry allows.
2445 	 *	2) the copy definition has STV_PROTECTED visibility.
2446 	 */
2447 	if (lml->lm_flags & LML_FLG_TRC_WARN) {
2448 		if (rsym->st_size != dsym->st_size) {
2449 			(void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2450 			    _conv_reloc_type(M_R_COPY), demangle(name),
2451 			    NAME(rlmp), EC_XWORD(rsym->st_size),
2452 			    NAME(dlmp), EC_XWORD(dsym->st_size));
2453 			if (rsym->st_size > dsym->st_size)
2454 				(void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2455 				    NAME(dlmp));
2456 			else
2457 				(void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2458 				    NAME(rlmp));
2459 		}
2460 
2461 		if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2462 			(void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2463 			    _conv_reloc_type(M_R_COPY), demangle(name),
2464 			    NAME(dlmp));
2465 		}
2466 	}
2467 
2468 	DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd,
2469 	    (Xword)rc.r_size));
2470 	return (1);
2471 }
2472 
2473 /*
2474  * Determine the symbol location of an address within a link-map.  Look for
2475  * the nearest symbol (whose value is less than or equal to the required
2476  * address).  This is the object specific part of dladdr().
2477  */
2478 static void
2479 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2480 {
2481 	ulong_t		ndx, cnt, base, _value;
2482 	Sym		*sym, *_sym = NULL;
2483 	const char	*str;
2484 	int		_flags;
2485 	uint_t		*dynaddr_ndx;
2486 	uint_t		dynaddr_n = 0;
2487 	ulong_t		value;
2488 
2489 	/*
2490 	 * If SUNWSYMTAB() is non-NULL, then it sees a special version of
2491 	 * the dynsym that starts with any local function symbols that exist in
2492 	 * the library and then moves to the data held in SYMTAB(). In this
2493 	 * case, SUNWSYMSZ tells us how long the symbol table is. The
2494 	 * availability of local function symbols will enhance the results
2495 	 * we can provide.
2496 	 *
2497 	 * If SUNWSYMTAB() is non-NULL, then there might also be a
2498 	 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains
2499 	 * an array of indices into SUNWSYMTAB, sorted by increasing
2500 	 * address. We can use this to do an O(log N) search instead of a
2501 	 * brute force search.
2502 	 *
2503 	 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that
2504 	 * contains only global symbols. In that case, the length of
2505 	 * the symbol table comes from the nchain field of the related
2506 	 * symbol lookup hash table.
2507 	 */
2508 	str = STRTAB(lmp);
2509 	if (SUNWSYMSZ(lmp) == NULL) {
2510 		sym = SYMTAB(lmp);
2511 		/*
2512 		 * If we don't have a .hash table there are no symbols
2513 		 * to look at.
2514 		 */
2515 		if (HASH(lmp) == NULL)
2516 			return;
2517 		cnt = HASH(lmp)[1];
2518 	} else {
2519 		sym = SUNWSYMTAB(lmp);
2520 		cnt = SUNWSYMSZ(lmp) / SYMENT(lmp);
2521 		dynaddr_ndx = SUNWSYMSORT(lmp);
2522 		if (dynaddr_ndx != NULL)
2523 			dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp);
2524 	}
2525 
2526 	if (FLAGS(lmp) & FLG_RT_FIXED)
2527 		base = 0;
2528 	else
2529 		base = ADDR(lmp);
2530 
2531 	if (dynaddr_n > 0) {		/* Binary search */
2532 		long	low = 0, low_bnd;
2533 		long	high = dynaddr_n - 1, high_bnd;
2534 		long	mid;
2535 		Sym	*mid_sym;
2536 
2537 		/*
2538 		 * Note that SUNWSYMSORT only contains symbols types that
2539 		 * supply memory addresses, so there's no need to check and
2540 		 * filter out any other types.
2541 		 */
2542 		low_bnd = low;
2543 		high_bnd = high;
2544 		while (low <= high) {
2545 			mid = (low + high) / 2;
2546 			mid_sym = &sym[dynaddr_ndx[mid]];
2547 			value = mid_sym->st_value + base;
2548 			if (addr < value) {
2549 				if ((sym[dynaddr_ndx[high]].st_value + base) >=
2550 				    addr)
2551 					high_bnd = high;
2552 				high = mid - 1;
2553 			} else if (addr > value) {
2554 				if ((sym[dynaddr_ndx[low]].st_value + base) <=
2555 				    addr)
2556 					low_bnd = low;
2557 				low = mid + 1;
2558 			} else {
2559 				_sym = mid_sym;
2560 				_value = value;
2561 				break;
2562 			}
2563 		}
2564 		/*
2565 		 * If the above didn't find it exactly, then we must
2566 		 * return the closest symbol with a value that doesn't
2567 		 * exceed the one we are looking for. If that symbol exists,
2568 		 * it will lie in the range bounded by low_bnd and
2569 		 * high_bnd. This is a linear search, but a short one.
2570 		 */
2571 		if (_sym == NULL) {
2572 			for (mid = low_bnd; mid <= high_bnd; mid++) {
2573 				mid_sym = &sym[dynaddr_ndx[mid]];
2574 				value = mid_sym->st_value + base;
2575 				if (addr >= value) {
2576 					_sym = mid_sym;
2577 					_value = value;
2578 				} else {
2579 					break;
2580 				}
2581 			}
2582 		}
2583 	} else {			/* Linear search */
2584 		for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2585 			/*
2586 			 * Skip expected symbol types that are not functions
2587 			 * or data:
2588 			 *	- A symbol table starts with an undefined symbol
2589 			 *		in slot 0. If we are using SUNWSYMTAB(),
2590 			 *		there will be a second undefined symbol
2591 			 *		right before the globals.
2592 			 *	- The local part of SUNWSYMTAB() contains a
2593 			 *		series of function symbols. Each section
2594 			 *		starts with an initial STT_FILE symbol.
2595 			 */
2596 			if ((sym->st_shndx == SHN_UNDEF) ||
2597 			    (ELF_ST_TYPE(sym->st_info) == STT_FILE))
2598 				continue;
2599 
2600 			value = sym->st_value + base;
2601 			if (value > addr)
2602 				continue;
2603 			if (value < _value)
2604 				continue;
2605 
2606 			_sym = sym;
2607 			_value = value;
2608 
2609 			/*
2610 			 * Note, because we accept local and global symbols
2611 			 * we could find a section symbol that matches the
2612 			 * associated address, which means that the symbol
2613 			 * name will be null.  In this case continue the
2614 			 * search in case we can find a global symbol of
2615 			 * the same value.
2616 			 */
2617 			if ((value == addr) &&
2618 			    (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2619 				break;
2620 		}
2621 	}
2622 
2623 	_flags = flags & RTLD_DL_MASK;
2624 	if (_sym) {
2625 		if (_flags == RTLD_DL_SYMENT)
2626 			*info = (void *)_sym;
2627 		else if (_flags == RTLD_DL_LINKMAP)
2628 			*info = (void *)lmp;
2629 
2630 		dlip->dli_sname = str + _sym->st_name;
2631 		dlip->dli_saddr = (void *)_value;
2632 	} else {
2633 		/*
2634 		 * addr lies between the beginning of the mapped segment and
2635 		 * the first global symbol. We have no symbol to return
2636 		 * and the caller requires one. We use _START_, the base
2637 		 * address of the mapping.
2638 		 */
2639 
2640 		if (_flags == RTLD_DL_SYMENT) {
2641 			/*
2642 			 * An actual symbol struct is needed, so we
2643 			 * construct one for _START_. To do this in a
2644 			 * fully accurate way requires a different symbol
2645 			 * for each mapped segment. This requires the
2646 			 * use of dynamic memory and a mutex. That's too much
2647 			 * plumbing for a fringe case of limited importance.
2648 			 *
2649 			 * Fortunately, we can simplify:
2650 			 *    - Only the st_size and st_info fields are useful
2651 			 *	outside of the linker internals. The others
2652 			 *	reference things that outside code cannot see,
2653 			 *	and can be set to 0.
2654 			 *    - It's just a label and there is no size
2655 			 *	to report. So, the size should be 0.
2656 			 * This means that only st_info needs a non-zero
2657 			 * (constant) value. A static struct will suffice.
2658 			 * It must be const (readonly) so the caller can't
2659 			 * change its meaning for subsequent callers.
2660 			 */
2661 			static const Sym fsym = { 0, 0, 0,
2662 			    ELF_ST_INFO(STB_LOCAL, STT_OBJECT) };
2663 			*info = (void *) &fsym;
2664 		}
2665 
2666 		dlip->dli_sname = MSG_ORIG(MSG_SYM_START);
2667 		dlip->dli_saddr = (void *) ADDR(lmp);
2668 	}
2669 }
2670 
2671 /*
2672  * This routine is called as a last fall-back to search for a symbol from a
2673  * standard relocation or dlsym().  To maintain lazy loadings goal of reducing
2674  * the number of objects mapped, any symbol search is first carried out using
2675  * the objects that already exist in the process (either on a link-map list or
2676  * handle).  If a symbol can't be found, and lazy dependencies are still
2677  * pending, this routine loads the dependencies in an attempt to locate the
2678  * symbol.
2679  */
2680 int
2681 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
2682 {
2683 	static APlist	*alist = NULL;
2684 	Aliste		idx1;
2685 	Rt_map		*lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap;
2686 	const char	*name = slp->sl_name;
2687 	Slookup		sl1 = *slp;
2688 	Lm_list		*lml;
2689 	Lm_cntl		*lmc;
2690 
2691 	/*
2692 	 * It's quite possible we've been here before to process objects,
2693 	 * therefore reinitialize our dynamic list.
2694 	 */
2695 	if (alist)
2696 		aplist_reset(alist);
2697 
2698 	/*
2699 	 * Discard any relocation index from further symbol searches.  This
2700 	 * index has already been used to trigger any necessary lazy-loads,
2701 	 * and it might be because one of these lazy loads has failed that
2702 	 * we're performing this fallback.  By removing the relocation index
2703 	 * we don't try and perform the same failed lazy loading activity again.
2704 	 */
2705 	sl1.sl_rsymndx = 0;
2706 
2707 	/*
2708 	 * Determine the callers link-map list so that we can monitor whether
2709 	 * new objects have been added.
2710 	 */
2711 	lml = LIST(clmp);
2712 	lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp));
2713 
2714 	/*
2715 	 * Generate a local list of new objects to process.  This list can grow
2716 	 * as each object supplies its own lazy dependencies.
2717 	 */
2718 	if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL)
2719 		return (NULL);
2720 
2721 	for (APLIST_TRAVERSE(alist, idx1, lmp1)) {
2722 		uint_t	dynndx;
2723 		Dyninfo	*dip, *pdip;
2724 
2725 		/*
2726 		 * Loop through the lazy DT_NEEDED entries examining each object
2727 		 * for the required symbol.  If the symbol is not found, the
2728 		 * object is in turn added to the local alist, so that the
2729 		 * objects lazy DT_NEEDED entries can be examined.
2730 		 */
2731 		lmp = lmp1;
2732 		for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL;
2733 		    !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) {
2734 			Grp_hdl		*ghp;
2735 			Grp_desc	*gdp;
2736 			Rt_map		*nlmp, *llmp;
2737 			Slookup		sl2;
2738 			Sresult		sr;
2739 			Aliste		idx2;
2740 
2741 			if (((dip->di_flags & FLG_DI_LAZY) == 0) ||
2742 			    dip->di_info)
2743 				continue;
2744 
2745 			/*
2746 			 * If this object has already failed to lazy load, and
2747 			 * we're still processing the same runtime linker
2748 			 * operation that produced the failure, don't bother
2749 			 * to try and load the object again.
2750 			 */
2751 			if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip &&
2752 			    (pdip->di_flags & FLG_DI_POSFLAG1)) {
2753 				if (pdip->di_info == (void *)ld_entry_cnt)
2754 					continue;
2755 
2756 				dip->di_flags &= ~FLG_DI_LAZYFAIL;
2757 				pdip->di_info = NULL;
2758 			}
2759 
2760 			/*
2761 			 * Determine the last link-map presently on the callers
2762 			 * link-map control list.
2763 			 */
2764 			llmp = lmc->lc_tail;
2765 
2766 			/*
2767 			 * Try loading this lazy dependency.  If the object
2768 			 * can't be loaded, consider this non-fatal and continue
2769 			 * the search.  Lazy loaded dependencies need not exist
2770 			 * and their loading should only turn out to be fatal
2771 			 * if they are required to satisfy a relocation.
2772 			 *
2773 			 * A successful lazy load can mean one of two things:
2774 			 *
2775 			 *  -	new objects have been loaded, in which case the
2776 			 * 	objects will have been analyzed, relocated, and
2777 			 * 	finally moved to the callers control list.
2778 			 *  -	the objects are already loaded, and this lazy
2779 			 *	load has simply associated the referenced object
2780 			 *	with it's lazy dependencies.
2781 			 *
2782 			 * If new objects are loaded, look in these objects
2783 			 * first.  Note, a new object can be the object being
2784 			 * referenced by this lazy load, however we can also
2785 			 * descend into multiple lazy loads as we relocate this
2786 			 * reference.
2787 			 *
2788 			 * If the symbol hasn't been found, use the referenced
2789 			 * objects handle, as it might have dependencies on
2790 			 * objects that are already loaded.  Note that existing
2791 			 * objects might have already been searched and skipped
2792 			 * as non-available to this caller.   However, a lazy
2793 			 * load might have caused the promotion of modes, or
2794 			 * added this object to the family of the caller.  In
2795 			 * either case, the handle associated with the object
2796 			 * is then used to carry out the symbol search.
2797 			 */
2798 			if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name,
2799 			    FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL)
2800 				continue;
2801 
2802 			if (NEXT_RT_MAP(llmp)) {
2803 				/*
2804 				 * Look in any new objects.
2805 				 */
2806 				sl1.sl_imap = NEXT_RT_MAP(llmp);
2807 				sl1.sl_flags &= ~LKUP_STDRELOC;
2808 
2809 				/*
2810 				 * Initialize a local symbol result descriptor,
2811 				 * using the original symbol name.
2812 				 */
2813 				SRESULT_INIT(sr, slp->sl_name);
2814 
2815 				if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) {
2816 					*srp = sr;
2817 					return (1);
2818 				}
2819 			}
2820 
2821 			/*
2822 			 * Use the objects handle to inspect the family of
2823 			 * objects associated with the handle.  Note, there's
2824 			 * a possibility of overlap with the above search,
2825 			 * should a lazy load bring in new objects and
2826 			 * reference existing objects.
2827 			 */
2828 			sl2 = sl1;
2829 			for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) {
2830 				if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) &&
2831 				    (gdp->gd_flags & GPD_DLSYM)) {
2832 
2833 					sl2.sl_imap = gdp->gd_depend;
2834 					sl2.sl_flags |= LKUP_FIRST;
2835 
2836 					/*
2837 					 * Initialize a local symbol result
2838 					 * descriptor, using the original
2839 					 * symbol name.
2840 					 */
2841 					SRESULT_INIT(sr, slp->sl_name);
2842 
2843 					if (lookup_sym(&sl2, &sr, binfo,
2844 					    in_nfavl)) {
2845 						*srp = sr;
2846 						return (1);
2847 					}
2848 				}
2849 			}
2850 
2851 			/*
2852 			 * Some dlsym() operations are already traversing a
2853 			 * link-map (dlopen(0)), and thus there's no need to
2854 			 * save them on the dynamic dependency list.
2855 			 */
2856 			if (slp->sl_flags & LKUP_NODESCENT)
2857 				continue;
2858 
2859 			if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL)
2860 				return (0);
2861 		}
2862 	}
2863 
2864 	return (0);
2865 }
2866 
2867 /*
2868  * Warning message for bad r_offset.
2869  */
2870 void
2871 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
2872     ulong_t rsymndx)
2873 {
2874 	const char	*name = NULL;
2875 	Lm_list		*lml = LIST(lmp);
2876 	int		trace;
2877 
2878 	if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
2879 	    (((rtld_flags & RT_FL_SILENCERR) == 0) ||
2880 	    (lml->lm_flags & LML_FLG_TRC_VERBOSE)))
2881 		trace = 1;
2882 	else
2883 		trace = 0;
2884 
2885 	if ((trace == 0) && (DBG_ENABLED == 0))
2886 		return;
2887 
2888 	if (rsymndx) {
2889 		Sym	*symref = (Sym *)((ulong_t)SYMTAB(lmp) +
2890 		    (rsymndx * SYMENT(lmp)));
2891 
2892 		if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
2893 			name = (char *)(STRTAB(lmp) + symref->st_name);
2894 	}
2895 
2896 	if (name == NULL)
2897 		name = MSG_INTL(MSG_STR_UNKNOWN);
2898 
2899 	if (trace) {
2900 		const char *rstr;
2901 
2902 		rstr = _conv_reloc_type((uint_t)rtype);
2903 		(void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
2904 		    EC_ADDR(roffset));
2905 		return;
2906 	}
2907 
2908 	Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name);
2909 }
2910 
2911 /*
2912  * Resolve a static TLS relocation.
2913  */
2914 long
2915 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name,
2916     ulong_t roffset, long value)
2917 {
2918 	Lm_list	*lml = LIST(lmp);
2919 
2920 	/*
2921 	 * Relocations against a static TLS block have limited support once
2922 	 * process initialization has completed.  Any error condition should be
2923 	 * discovered by testing for DF_STATIC_TLS as part of loading an object,
2924 	 * however individual relocations are tested in case the dynamic flag
2925 	 * had not been set when this object was built.
2926 	 */
2927 	if (PTTLS(lmp) == NULL) {
2928 		DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2929 		    M_REL_SHT_TYPE, rel, NULL, 0, name));
2930 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2931 		    _conv_reloc_type((uint_t)rtype), NAME(lmp),
2932 		    name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2933 		return (0);
2934 	}
2935 
2936 	/*
2937 	 * If no static TLS has been set aside for this object, determine if
2938 	 * any can be obtained.  Enforce that any object using static TLS is
2939 	 * non-deletable.
2940 	 */
2941 	if (TLSSTATOFF(lmp) == 0) {
2942 		FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2943 		MODE(lmp) |= RTLD_NODELETE;
2944 
2945 		if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) {
2946 			DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2947 			    M_REL_SHT_TYPE, rel, NULL, 0, name));
2948 			eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2949 			    _conv_reloc_type((uint_t)rtype), NAME(lmp),
2950 			    name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2951 			return (0);
2952 		}
2953 	}
2954 
2955 	/*
2956 	 * Typically, a static TLS offset is maintained as a symbols value.
2957 	 * For local symbols that are not apart of the dynamic symbol table,
2958 	 * the TLS relocation points to a section symbol, and the static TLS
2959 	 * offset was deposited in the associated GOT table.  Make sure the GOT
2960 	 * is cleared, so that the value isn't reused in do_reloc().
2961 	 */
2962 	if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) {
2963 		if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) {
2964 			value = *(long *)roffset;
2965 			*(long *)roffset = 0;
2966 		} else {
2967 			value = sym->st_value;
2968 		}
2969 	}
2970 	return (-(TLSSTATOFF(lmp) - value));
2971 }
2972 
2973 /*
2974  * If the symbol is not found and the reference was not to a weak symbol, report
2975  * an error.  Weak references may be unresolved.
2976  */
2977 int
2978 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo)
2979 {
2980 	Lm_list	*lml = LIST(lmp);
2981 
2982 	/*
2983 	 * Under crle(1), relocation failures are ignored.
2984 	 */
2985 	if (lml->lm_flags & LML_FLG_IGNRELERR)
2986 		return (1);
2987 
2988 	/*
2989 	 * Under ldd(1), unresolved references are reported.  However, if the
2990 	 * original reference is EXTERN or PARENT these references are ignored
2991 	 * unless ldd's -p option is in effect.
2992 	 */
2993 	if (lml->lm_flags & LML_FLG_TRC_WARN) {
2994 		if (((binfo & DBG_BINFO_REF_MSK) == 0) ||
2995 		    ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) {
2996 			(void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND),
2997 			    demangle(name), NAME(lmp));
2998 		}
2999 		return (1);
3000 	}
3001 
3002 	/*
3003 	 * Otherwise, the unresolved references is fatal.
3004 	 */
3005 	DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel,
3006 	    NULL, 0, name));
3007 	eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp),
3008 	    demangle(name));
3009 
3010 	return (0);
3011 }
3012