xref: /titanic_50/usr/src/cmd/sgs/rtld/common/setup.c (revision 5435d801b2b4c6124787e114cb1aa677427d3d81)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  *	Copyright (c) 1988 AT&T
24  *	  All Rights Reserved
25  *
26  *
27  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
28  * Use is subject to license terms.
29  */
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 
33 /*
34  * Run time linker common setup.
35  *
36  * Called from _setup to get the process going at startup.
37  */
38 #include	"_synonyms.h"
39 
40 #include	<stdlib.h>
41 #include	<fcntl.h>
42 #include	<stdio.h>
43 #include	<sys/types.h>
44 #include	<sys/stat.h>
45 #include	<sys/mman.h>
46 #include	<string.h>
47 #include	<stdio.h>
48 #include	<unistd.h>
49 #include	<dlfcn.h>
50 #include	<sys/sysconfig.h>
51 #include	<sys/auxv.h>
52 #include	"_rtld.h"
53 #include	"_audit.h"
54 #include	"_elf.h"
55 #include	"_a.out.h"
56 #include	"msg.h"
57 #include	"debug.h"
58 #include	"conv.h"
59 
60 
61 extern int	_end, _edata, _etext;
62 extern void	_init(void);
63 extern int	_brk_unlocked(void *);
64 
65 #ifndef	SGS_PRE_UNIFIED_PROCESS
66 /* needed for _brk_unlocked() */
67 void *_nd = &_end;
68 #endif
69 
70 /*
71  * Define for the executable's interpreter.
72  * Usually it is ld.so.1, but for the first release of ICL binaries
73  * it is libc.so.1.  We keep this information so that we don't end
74  * up mapping libc twice if it is the interpreter.
75  */
76 static Interp _interp;
77 
78 
79 static int
80 preload(const char *str, Rt_map *lmp)
81 {
82 	Rt_map		*clmp = lmp;
83 	char		*objs, *ptr, *next;
84 	Word		lmflags = lml_main.lm_flags;
85 	uint_t		flags;
86 
87 	DBG_CALL(Dbg_util_nl());
88 
89 	if ((objs = strdup(str)) == 0)
90 		return (0);
91 
92 	/*
93 	 * Establish the flags for loading each object.  If we're called via
94 	 * lddstub, then the first shared object is the object being inspected
95 	 * by ldd(1).  This object should not be marked as an interposer, as
96 	 * it is intended to act like the first object of the process.
97 	 */
98 	if ((lmflags & LML_FLG_TRC_ENABLE) && (FLAGS1(lmp) & FL1_RT_LDDSTUB))
99 		flags = FLG_RT_PRELOAD;
100 	else
101 		flags = (FLG_RT_PRELOAD | FLG_RT_INTRPOSE);
102 
103 	ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next);
104 	do {
105 		Pnode	*pnp;
106 		Rt_map	*nlmp = 0;
107 
108 		DBG_CALL(Dbg_file_preload(ptr));
109 
110 		/*
111 		 * If this a secure application, then preload errors are
112 		 * reduced to warnings, as the errors are non-fatal.
113 		 */
114 		if (rtld_flags & RT_FL_SECURE)
115 			rtld_flags2 |= RT_FL2_FTL2WARN;
116 		if ((pnp = expand_paths(clmp, ptr, PN_SER_EXTLOAD, 0)) != 0)
117 			nlmp = load_one(&lml_main, ALO_DATA, pnp, clmp,
118 			MODE(lmp), flags, 0);
119 		if (pnp)
120 			remove_pnode(pnp);
121 		if (rtld_flags & RT_FL_SECURE)
122 			rtld_flags2 &= ~RT_FL2_FTL2WARN;
123 		if (nlmp && (bind_one(clmp, nlmp, BND_NEEDED) == 0))
124 			nlmp = 0;
125 
126 		/*
127 		 * Establish state for the next preloadable object.  If no
128 		 * error occurred with loading this object, indicate that this
129 		 * link-map list contains an interposer.
130 		 */
131 		flags |= FLG_RT_INTRPOSE;
132 		if (nlmp == 0) {
133 			if ((lmflags & LML_FLG_TRC_ENABLE) ||
134 			    (rtld_flags & RT_FL_SECURE))
135 				continue;
136 			else
137 				return (0);
138 		}
139 		lml_main.lm_flags |= LML_FLG_INTRPOSE;
140 
141 		/*
142 		 * If we're tracing shared objects via lddstub, establish a
143 		 * binding between the initial shared object and lddstub so that
144 		 * the shared object isn't called out from unused() processing.
145 		 * After the first object is loaded increment the caller to the
146 		 * initial preloaded object to provide intuitive ldd -v and -s
147 		 * diagnostics
148 		 */
149 		if ((lmflags & LML_FLG_TRC_ENABLE) &&
150 		    (FLAGS1(lmp) & FL1_RT_LDDSTUB)) {
151 			if ((lmp == clmp) && (lmflags &
152 			    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED))) {
153 				if (bind_one(clmp, nlmp, BND_REFER) == 0)
154 					continue;
155 			}
156 			clmp = (Rt_map *)NEXT(lmp);
157 		}
158 
159 	} while ((ptr = strtok_r(NULL,
160 	    MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL);
161 
162 	free(objs);
163 	return (1);
164 }
165 
166 Rt_map *
167 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz,
168     char *_rtldname, Dyn *dyn_ptr, ulong_t ld_base, ulong_t interp_base, int fd,
169     Phdr *phdr, char *execname, char **argv, int dz_fd, uid_t uid,
170     uid_t euid, gid_t gid, gid_t egid, void *aoutdyn, int auxflags,
171     uint_t hwcap_1)
172 {
173 	Rt_map		*rlmp, *mlmp, **tobj = 0;
174 	Ehdr		*ehdr;
175 	struct stat	status;
176 	int		features = 0, ldsoexec = 0;
177 	size_t		eaddr, esize;
178 	char		*str, *argvname;
179 	Mmap		*mmaps;
180 
181 	/*
182 	 * Now that ld.so has relocated itself, initialize our own 'environ' so
183 	 * as to establish an address suitable for libc's hardware mul/div
184 	 * magic (libc/sparc/crt/hwmuldiv.o).
185 	 */
186 	_environ = (char **)((ulong_t)auxv - sizeof (char *));
187 	_init();
188 	_environ = envp;
189 
190 	/*
191 	 * Far the most common application execution revolves around appending
192 	 * the application name to the users PATH definition, thus a full name
193 	 * is passed to exec() which will in turn be returned via
194 	 * AT_SUN_EXECNAME.  Applications may also be invoked from the current
195 	 * working directory, or via a relative name.
196 	 *
197 	 * Determine whether the kernel has supplied a AT_SUN_EXECNAME aux
198 	 * vector.  This vector points to the full pathname, on the stack, of
199 	 * the object that started the process.  If this is null, then
200 	 * AT_SUN_EXECNAME isn't supported (if the pathname exceeded the system
201 	 * limit (PATH_MAX) the exec would have failed).  This flag is used to
202 	 * determine whether we can call resolvepath().
203 	 */
204 	if (execname)
205 		rtld_flags |= RT_FL_EXECNAME;
206 
207 	/*
208 	 * Determine how ld.so.1 has been executed.
209 	 */
210 	if ((fd == -1) && (phdr == 0)) {
211 		/*
212 		 * If we received neither the AT_EXECFD nor the AT_PHDR aux
213 		 * vector, ld.so.1 must have been invoked directly from the
214 		 * command line.
215 		 */
216 		ldsoexec = 1;
217 
218 		/*
219 		 * AT_SUN_EXECNAME provides the most precise name, if it is
220 		 * available, otherwise fall back to argv[0].  At this time,
221 		 * there is no process name.
222 		 */
223 		if (execname)
224 			rtldname = execname;
225 		else if (argv[0])
226 			rtldname = argv[0];
227 		else
228 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
229 	} else {
230 		/*
231 		 * Otherwise, we have a standard process.  AT_SUN_EXECNAME
232 		 * provides the most precise name, if it is available,
233 		 * otherwise fall back to argv[0].  Provided the application
234 		 * is already mapped, the process is the application, so
235 		 * simplify the application name for use in any diagnostics.
236 		 */
237 		if (execname)
238 			argvname = execname;
239 		else if (argv[0])
240 			argvname = execname = argv[0];
241 		else
242 			argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
243 
244 		if (fd == -1) {
245 			if ((str = strrchr(argvname, '/')) != 0)
246 				procname = ++str;
247 			else
248 				procname = argvname;
249 		}
250 
251 		/*
252 		 * At this point, we don't know the runtime linkers full path
253 		 * name.  The _rtldname passed to us is the SONAME of the
254 		 * runtime linker, which is typically /lib/ld.so.1 no matter
255 		 * what the full path is.   Use this for now, we'll reset the
256 		 * runtime linkers name once the application is analyzed.
257 		 */
258 		if (_rtldname) {
259 			if ((str = strrchr(_rtldname, '/')) != 0)
260 				rtldname = ++str;
261 			else
262 				rtldname = _rtldname;
263 		} else
264 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
265 	}
266 
267 	/*
268 	 * Initialize any global variables.
269 	 */
270 	at_flags = _flags;
271 	if (dz_fd != FD_UNAVAIL)
272 		dz_init(dz_fd);
273 	platform = _platform;
274 
275 	/*
276 	 * If pagesize is unspecified find its value.
277 	 */
278 	if ((syspagsz = _syspagsz) == 0)
279 		syspagsz = _sysconfig(_CONFIG_PAGESIZE);
280 	fmap_setup();
281 
282 	/*
283 	 * Add the unused portion of the last data page to the free space list.
284 	 * The page size must be set before doing this.  Here, _end refers to
285 	 * the end of the runtime linkers bss.  Note that we do not use the
286 	 * unused data pages from any included .so's to supplement this free
287 	 * space as badly behaved .os's may corrupt this data space, and in so
288 	 * doing ruin our data.
289 	 */
290 	eaddr = S_DROUND((size_t)&_end);
291 	esize = eaddr % syspagsz;
292 	if (esize) {
293 		esize = syspagsz - esize;
294 		addfree((void *)eaddr, esize);
295 	}
296 
297 	/*
298 	 * Establish initial link-map list flags, and link-map list alists.
299 	 */
300 	if (alist_append(&lml_main.lm_lists, 0, sizeof (Lm_cntl),
301 	    AL_CNT_LMLISTS) == 0)
302 		return (0);
303 	lml_main.lm_flags |= LML_FLG_BASELM;
304 
305 	if (alist_append(&lml_rtld.lm_lists, 0, sizeof (Lm_cntl),
306 	    AL_CNT_LMLISTS) == 0)
307 		return (0);
308 	lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_NOAUDIT |
309 	    LML_FLG_HOLDLOCK);
310 
311 	/*
312 	 * Determine whether we have a secure executable.
313 	 */
314 	security(uid, euid, gid, egid, auxflags);
315 
316 	/*
317 	 * Initialize a hardware capability descriptor for use in comparing
318 	 * each loaded object.
319 	 */
320 #ifdef	AT_SUN_AUXFLAGS
321 	if (auxflags & AF_SUN_HWCAPVERIFY) {
322 		rtld_flags2 |= RT_FL2_HWCAP;
323 		hwcap = (ulong_t)hwcap_1;
324 	}
325 #endif
326 	/*
327 	 * Look for environment strings (allows things like LD_NOAUDIT to be
328 	 * established, although debugging isn't enabled until later).
329 	 */
330 	if ((readenv_user((const char **)envp, &(lml_main.lm_flags),
331 	    &(lml_main.lm_tflags), (aoutdyn != 0))) == 1)
332 		return (0);
333 
334 	/*
335 	 * Create a mapping descriptor for ld.so.1.  We can determine our
336 	 * two segments information from known symbols.
337 	 */
338 	if ((mmaps = calloc(3, sizeof (Mmap))) == 0)
339 		return (0);
340 	mmaps[0].m_vaddr = (caddr_t)M_PTRUNC(ld_base);
341 	mmaps[0].m_msize = (size_t)((caddr_t)&_etext - mmaps[0].m_vaddr);
342 	mmaps[0].m_fsize = mmaps[0].m_msize;
343 	mmaps[0].m_perm = (PROT_READ | PROT_EXEC);
344 	mmaps[1].m_vaddr = (caddr_t)M_PTRUNC((ulong_t)&r_debug);
345 	mmaps[1].m_msize = (size_t)((caddr_t)&_end - mmaps[1].m_vaddr);
346 	mmaps[1].m_fsize = (size_t)((caddr_t)&_edata - mmaps[1].m_vaddr);
347 	mmaps[1].m_perm = (PROT_READ | PROT_WRITE | PROT_EXEC);
348 
349 	/*
350 	 * Create a link map structure for ld.so.1.
351 	 */
352 	if ((rlmp = elf_new_lm(&lml_rtld, _rtldname, rtldname, dyn_ptr, ld_base,
353 	    (ulong_t)&_etext, ALO_DATA, (ulong_t)(eaddr - ld_base), 0, ld_base,
354 	    (ulong_t)(eaddr - ld_base), mmaps, 2)) == 0) {
355 		return (0);
356 	}
357 
358 	MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
359 	FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE |
360 		FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET);
361 
362 	/*
363 	 * Initialize the runtime linkers information.
364 	 */
365 	interp = &_interp;
366 	interp->i_name = NAME(rlmp);
367 	interp->i_faddr = (caddr_t)ADDR(rlmp);
368 	ldso_plt_init(rlmp);
369 
370 	/*
371 	 * If ld.so.1 has been invoked directly, process its arguments.
372 	 */
373 	if (ldsoexec) {
374 		/*
375 		 * Process any arguments that are specific to ld.so.1, and
376 		 * reorganize the process stack to effectively remove ld.so.1
377 		 * from it.  Reinitialize the environment pointer, as this may
378 		 * have been shifted after skipping ld.so.1's arguments.
379 		 */
380 		if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags),
381 		    &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) {
382 			eprintf(ERR_NONE, MSG_INTL(MSG_USG_BADOPT));
383 			return (0);
384 		}
385 		_environ = envp;
386 
387 		/*
388 		 * Open the object that ld.so.1 is to execute.
389 		 */
390 		argvname = execname = argv[0];
391 
392 		if ((fd = open(argvname, O_RDONLY)) == -1) {
393 			int	err = errno;
394 			eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), argvname,
395 			    strerror(err));
396 			return (0);
397 		}
398 	}
399 
400 	/*
401 	 * Map in the file, if exec has not already done so.  If it has,
402 	 * simply create a new link map structure for the executable.
403 	 */
404 	if (fd != -1) {
405 		Rej_desc	rej;
406 		Fct		*ftp;
407 
408 		/*
409 		 * Find out what type of object we have.
410 		 */
411 		(void) fstat(fd, &status);
412 		if ((ftp = are_u_this(&rej, fd, &status, argvname)) == 0) {
413 			eprintf(ERR_FATAL, MSG_INTL(err_reject[rej.rej_type]),
414 			    argvname, conv_reject_str(&rej));
415 			return (0);
416 		}
417 
418 		/*
419 		 * Map in object.
420 		 */
421 		if ((mlmp = (ftp->fct_map_so)(&lml_main, ALO_DATA, execname,
422 		    argvname, fd)) == 0)
423 			return (0);
424 
425 		/*
426 		 * We now have a process name for error diagnostics.
427 		 */
428 		if ((str = strrchr(argvname, '/')) != 0)
429 			procname = ++str;
430 		else
431 			procname = argvname;
432 
433 		if (ldsoexec) {
434 			Addr	brkbase = 0;
435 
436 			/*
437 			 * Since ld.so.1 was the primary executed object - the
438 			 * brk() base has not yet been initialized, we need to
439 			 * initialize it.  For an executable, initialize it to
440 			 * the end of the object.  For a shared object (ET_DYN)
441 			 * initialize it to the first page in memory.
442 			 */
443 			ehdr = (Ehdr *)ADDR(mlmp);
444 
445 			if ((FCT(mlmp) == &elf_fct) &&
446 			    (ehdr->e_type == ET_EXEC)) {
447 				int	i;
448 				Phdr *	_phdr = (Phdr *)((uintptr_t)ADDR(mlmp) +
449 					ehdr->e_phoff);
450 
451 				/*
452 				 * We scan the program headers to find the tail
453 				 * of the memory image.  We can't use MSIZE()
454 				 * since that's already been page aligned.
455 				 */
456 				for (i = 0; i < ehdr->e_phnum; i++, _phdr++) {
457 					if (_phdr->p_type == PT_LOAD)
458 						brkbase = _phdr->p_vaddr +
459 							_phdr->p_memsz;
460 				}
461 			}
462 
463 			if (!brkbase)
464 				brkbase = syspagsz;
465 
466 			if (_brk_unlocked((void *)brkbase) == -1) {
467 				int	err = errno;
468 				eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_BRK),
469 				    argvname, strerror(err));
470 			}
471 		}
472 
473 		/*
474 		 * The object has now been mmaped, we no longer need the file
475 		 * descriptor.
476 		 */
477 		(void) close(fd);
478 
479 	} else {
480 		/*
481 		 * Set up function ptr and arguments according to the type
482 		 * of file class the executable is. (Currently only supported
483 		 * types are ELF and a.out format.)  Then create a link map
484 		 * for the executable.
485 		 */
486 		if (aoutdyn) {
487 #ifdef A_OUT
488 			if ((mlmp = aout_new_lm(&lml_main, execname, argvname,
489 			    aoutdyn, 0, 0, ALO_DATA)) == 0)
490 				return (0);
491 
492 			/*
493 			 * Set the memory size.  Note, we only know the end of
494 			 * text, and although we could find the _end by looking
495 			 * up the symbol, this may not be present.  We should
496 			 * set ADDR to MAIN_BASE, but presently all the a.out
497 			 * relocation code assumes ADDR is 0 for the dynamic
498 			 * executable. (these data items are only used for
499 			 * dladdr(3x), and there aren't many a.out dladdr(3x)
500 			 * users to warrant spending much time on this :-).
501 			 */
502 			MSIZE(mlmp) = MAIN_BASE + ETEXT(mlmp);
503 
504 			/*
505 			 * Disable any object configuration cache (BCP apps
506 			 * bring in sbcp which can benefit from any object
507 			 * cache, but both the app and sbcp can't use the same
508 			 * objects).
509 			 */
510 			rtld_flags |= RT_FL_NOOBJALT;
511 
512 			/*
513 			 * Make sure no-direct bindings are in effect.
514 			 */
515 			lml_main.lm_tflags |= LML_TFLG_NODIRECT;
516 #else
517 			eprintf(ERR_FATAL, MSG_INTL(MSG_ERR_REJ_UNKFILE),
518 			    argvname);
519 			return (0);
520 #endif
521 		} else if (phdr) {
522 			Phdr		*pptr, *firstptr = 0, *lastptr;
523 			Phdr		*tlsphdr = 0, *unwindphdr = 0;
524 			Dyn		*dyn = 0;
525 			Cap		*cap = 0;
526 			Off		i_offset = 0;
527 			Addr		base = 0;
528 			ulong_t		memsize, phsize, entry, etext;
529 			uint_t		mmapcnt = 0;
530 			int		i;
531 
532 			/*
533 			 * Using the executables phdr address determine the base
534 			 * address of the input file.  NOTE, this assumes the
535 			 * program headers and elf header are part of the same
536 			 * mapped segment.  Although this has held for many
537 			 * years now, it might be more flexible if the kernel
538 			 * gave use the ELF headers start address, rather than
539 			 * the Program headers.
540 			 *
541 			 * Determine from the ELF header if we're been called
542 			 * from a shared object or dynamic executable.  If the
543 			 * latter, then any addresses within the object are used
544 			 * as is.  Addresses within shared objects must be added
545 			 * to the process's base address.
546 			 */
547 			ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset);
548 			phsize = ehdr->e_phentsize;
549 			if (ehdr->e_type == ET_DYN)
550 				base = (Addr)ehdr;
551 
552 			/*
553 			 * Allocate a mapping array to retain mapped segment
554 			 * information.
555 			 */
556 			if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0)
557 				return (0);
558 
559 			/*
560 			 * Extract the needed information from the segment
561 			 * headers.
562 			 */
563 			for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) {
564 				if (pptr->p_type == PT_INTERP) {
565 					i_offset = pptr->p_offset;
566 					interp->i_faddr =
567 					    (caddr_t)interp_base;
568 				}
569 				if ((pptr->p_type == PT_LOAD) &&
570 				    (pptr->p_filesz || pptr->p_memsz)) {
571 					int	perm = (PROT_READ | PROT_EXEC);
572 					size_t	off;
573 
574 					if (!firstptr)
575 						firstptr = pptr;
576 					lastptr = pptr;
577 					if (i_offset && pptr->p_filesz &&
578 					    (i_offset >= pptr->p_offset) &&
579 					    (i_offset <=
580 					    (pptr->p_memsz + pptr->p_offset))) {
581 						interp->i_name = (char *)
582 						    pptr->p_vaddr + i_offset -
583 						    pptr->p_offset + base;
584 						i_offset = 0;
585 					}
586 					if ((pptr->p_flags &
587 					    (PF_R | PF_W)) == PF_R)
588 						etext = pptr->p_vaddr +
589 						    pptr->p_memsz + base;
590 					else
591 						perm |= PROT_WRITE;
592 
593 					/*
594 					 * Retain segments mapping info.  Round
595 					 * each segment to a page boundary, as
596 					 * this insures addresses are suitable
597 					 * for mprotect() if required.
598 					 */
599 					off = pptr->p_vaddr + base;
600 					mmaps[mmapcnt].m_vaddr =
601 					    (caddr_t)M_PTRUNC(off);
602 					off -= (size_t)mmaps[mmapcnt].m_vaddr;
603 					mmaps[mmapcnt].m_msize =
604 					    pptr->p_memsz + off;
605 					mmaps[mmapcnt].m_fsize =
606 					    pptr->p_filesz + off;
607 					mmaps[mmapcnt].m_perm = perm;
608 					mmapcnt++;
609 
610 				} else if (pptr->p_type == PT_DYNAMIC)
611 					dyn = (Dyn *)(pptr->p_vaddr + base);
612 				else if (pptr->p_type == PT_TLS)
613 					tlsphdr = pptr;
614 				else if (pptr->p_type == PT_SUNW_UNWIND)
615 					unwindphdr = pptr;
616 				else if (pptr->p_type == PT_SUNWCAP)
617 					cap = (Cap *)(pptr->p_vaddr + base);
618 				pptr = (Phdr *)((ulong_t)pptr + phsize);
619 			}
620 
621 
622 			memsize = (lastptr->p_vaddr + lastptr->p_memsz) -
623 				S_ALIGN(firstptr->p_vaddr, syspagsz);
624 
625 			entry = ehdr->e_entry;
626 			if (ehdr->e_type == ET_DYN)
627 				entry += (ulong_t)ehdr;
628 
629 			if ((mlmp = elf_new_lm(&lml_main, execname, argvname,
630 			    dyn, (Addr)ehdr, etext, ALO_DATA, memsize, entry,
631 			    (ulong_t)ehdr, memsize, mmaps, mmapcnt)) == 0) {
632 				return (0);
633 			}
634 			if (tlsphdr) {
635 				PTTLS(mlmp) = tlsphdr;
636 				tls_assign_soffset(mlmp);
637 			}
638 			if (unwindphdr)
639 				PTUNWIND(mlmp) = unwindphdr;
640 			if (cap)
641 				cap_assign(cap, mlmp);
642 		}
643 	}
644 
645 	/*
646 	 * Establish the interpretors name as that defined within the initial
647 	 * object (executable).  This provides for ORIGIN processing of ld.so.1
648 	 * dependencies.
649 	 */
650 	if (ldsoexec == 0) {
651 		size_t	len = strlen(interp->i_name);
652 		(void) expand(&interp->i_name, &len, 0, 0,
653 		    (PN_TKN_ISALIST | PN_TKN_HWCAP), rlmp);
654 	}
655 	PATHNAME(rlmp) = interp->i_name;
656 
657 	if (FLAGS1(rlmp) & FL1_RT_RELATIVE)
658 		(void) fullpath(rlmp, 0);
659 	else
660 		ORIGNAME(rlmp) = PATHNAME(rlmp) = NAME(rlmp);
661 
662 	/*
663 	 * Having established the true runtime linkers name, simplify the name
664 	 * for error diagnostics.
665 	 */
666 	if ((str = strrchr(PATHNAME(rlmp), '/')) != 0)
667 		rtldname = ++str;
668 	else
669 		rtldname = PATHNAME(rlmp);
670 
671 	/*
672 	 * Expand the fullpath name of the application.  This typically occurs
673 	 * as a part of loading an object, but as the kernel probably mapped
674 	 * it in, complete this processing now.
675 	 */
676 	if (FLAGS1(mlmp) & FL1_RT_RELATIVE)
677 		(void) fullpath(mlmp, 0);
678 
679 	/*
680 	 * Some troublesome programs will change the value of argv[0].  Dupping
681 	 * the process string protects us, and insures the string is left in
682 	 * any core files.
683 	 */
684 	if ((str = (char *)strdup(procname)) == 0)
685 		return (0);
686 	procname = str;
687 
688 	/*
689 	 * If the kernel has provided hardware capabilities information, and
690 	 * the executable contains hardware capabilities information, make
691 	 * sure it's a valid object.
692 	 */
693 	if ((rtld_flags2 & RT_FL2_HWCAP) && HWCAP(mlmp)) {
694 		ulong_t	mhwcap;
695 
696 		if ((mhwcap = (HWCAP(mlmp) & ~hwcap)) != 0) {
697 			if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) {
698 				(void) printf(MSG_INTL(MSG_LDD_GEN_HWCAP_1),
699 				    NAME(mlmp),
700 				    conv_hwcap_1_str(mhwcap, M_MACH));
701 			} else {
702 				eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_BADHWCAP_1),
703 				    conv_hwcap_1_str(mhwcap, M_MACH));
704 				return (0);
705 			}
706 		}
707 	}
708 
709 	FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET);
710 	FLAGS1(mlmp) |= FL1_RT_USED;
711 	if ((INITARRAY(mlmp) == 0) && (FINIARRAY(mlmp) == 0))
712 		FLAGS1(mlmp) |= FL1_RT_NOINIFIN;
713 
714 	/*
715 	 * Identify lddstub if necessary.
716 	 */
717 	if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB)
718 		FLAGS1(mlmp) |= FL1_RT_LDDSTUB;
719 
720 	/*
721 	 * Retain our argument information for use in dlinfo.
722 	 */
723 	argsinfo.dla_argv = argv--;
724 	argsinfo.dla_argc = (long)*argv;
725 	argsinfo.dla_envp = envp;
726 	argsinfo.dla_auxv = auxv;
727 
728 	(void) enter();
729 
730 	/*
731 	 * If no .initarray or .finiarray are present on the executable do not
732 	 * enter them into the 'sorting' mechanism for .init/.fini firing.
733 	 *
734 	 * This is to prevent them showing up during 'ldd -i ...'
735 	 * output when they don't do anything.
736 	 */
737 	if (INITARRAY(mlmp) == 0) {
738 		FLAGS(mlmp) |= (FLG_RT_INITCLCT | FLG_RT_INITCALL |
739 		    FLG_RT_INITDONE);
740 		LIST(mlmp)->lm_init--;
741 	}
742 
743 	if (FINIARRAY(mlmp) == 0)
744 		FLAGS(mlmp) |= FLG_RT_FINICLCT;
745 
746 	/*
747 	 * Add our two main link-maps to the dynlm_list
748 	 */
749 	if (list_append(&dynlm_list, &lml_main) == 0)
750 		return (0);
751 
752 	if (list_append(&dynlm_list, &lml_rtld) == 0)
753 		return (0);
754 
755 	/*
756 	 * Reset the link-map counts for both lists.  The init count is used to
757 	 * track how many objects have pending init sections, this gets incre-
758 	 * mented each time an object is relocated.  Since ld.so.1 relocates
759 	 * itself, it's init count will remain zero.
760 	 * The object count is used to track how many objects have pending fini
761 	 * sections, as ld.so.1 handles its own fini we can zero its count.
762 	 */
763 	lml_main.lm_obj = 1;
764 	lml_rtld.lm_obj = 0;
765 
766 	/*
767 	 * Initialize debugger information structure.  Some parts of this
768 	 * structure were initialized statically.
769 	 */
770 	r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head;
771 	r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head;
772 	r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr;
773 	r_debug.rtd_dynlmlst = &dynlm_list;
774 
775 	if (platform)
776 		platform_sz = strlen(platform);
777 
778 	/*
779 	 * Determine the dev/inode information for the executable to complete
780 	 * load_so() checking for those who might dlopen(a.out).
781 	 */
782 	if ((FLAGS1(mlmp) & FL1_RT_RELATIVE) &&
783 	    (stat(PATHNAME(mlmp), &status) == 0)) {
784 		STDEV(mlmp) = status.st_dev;
785 		STINO(mlmp) = status.st_ino;
786 	}
787 
788 	/*
789 	 * Initialize any configuration information.
790 	 */
791 	if (!(rtld_flags & RT_FL_NOCFG)) {
792 		if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1)
793 			return (0);
794 	}
795 
796 	/*
797 	 * Establish the modes of the initial object.  These modes are
798 	 * propagated to any preloaded objects and explicit shared library
799 	 * dependencies.  Note, RTLD_NOW may have been established during
800 	 * analysis of the application had it been built -z now.
801 	 */
802 	MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
803 	if (rtld_flags & RT_FL_CONFGEN)
804 		MODE(mlmp) |= RTLD_CONFGEN;
805 	if ((MODE(mlmp) & RTLD_NOW) == 0) {
806 		if (rtld_flags2 & RT_FL2_BINDNOW)
807 			MODE(mlmp) |= RTLD_NOW;
808 		else
809 			MODE(mlmp) |= RTLD_LAZY;
810 	}
811 
812 	/*
813 	 * If debugging was requested initialize things now that any cache has
814 	 * been established.
815 	 */
816 	if (rpl_debug)
817 		dbg_mask |= dbg_setup(rpl_debug);
818 	if (prm_debug)
819 		dbg_mask |= dbg_setup(prm_debug);
820 
821 	/*
822 	 * Now that debugging is enabled generate any diagnostics from any
823 	 * previous events.
824 	 */
825 	if (hwcap)
826 		DBG_CALL(Dbg_cap_hw_1(hwcap, M_MACH));
827 	if (features)
828 		DBG_CALL(Dbg_file_config_dis(config->c_name, features));
829 
830 	if (dbg_mask) {
831 		DBG_CALL(Dbg_file_ldso(PATHNAME(rlmp), (ulong_t)DYN(rlmp),
832 		    ADDR(rlmp), envp, auxv));
833 
834 		if (FCT(mlmp) == &elf_fct) {
835 			DBG_CALL(Dbg_file_elf(PATHNAME(mlmp),
836 			    (ulong_t)DYN(mlmp), ADDR(mlmp), MSIZE(mlmp),
837 			    ENTRY(mlmp), get_linkmap_id(LIST(mlmp)), ALO_DATA));
838 		} else {
839 			DBG_CALL(Dbg_file_aout(PATHNAME(mlmp),
840 			    (ulong_t)AOUTDYN(mlmp), (ulong_t)ADDR(mlmp),
841 			    (ulong_t)MSIZE(mlmp)));
842 		}
843 	}
844 
845 	/*
846 	 * Enable auditing.
847 	 */
848 	if (rpl_audit || prm_audit || profile_lib) {
849 		int		ndx;
850 		const char	*aud[3];
851 
852 		aud[0] = rpl_audit;
853 		aud[1] = prm_audit;
854 		aud[2] = profile_lib;
855 
856 		/*
857 		 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that
858 		 * can't be established is non-fatal.
859 		 */
860 		if ((auditors = calloc(1, sizeof (Audit_desc))) == 0)
861 			return (0);
862 
863 		for (ndx = 0; ndx < 3; ndx++) {
864 			if (aud[ndx]) {
865 				if ((auditors->ad_name = strdup(aud[ndx])) == 0)
866 					return (0);
867 				rtld_flags2 |= RT_FL2_FTL2WARN;
868 				(void) audit_setup(mlmp, auditors);
869 				rtld_flags2 &= ~RT_FL2_FTL2WARN;
870 			}
871 		}
872 		lml_main.lm_tflags |= auditors->ad_flags;
873 	}
874 	if (AUDITORS(mlmp)) {
875 		/*
876 		 * Any object required auditing (set with a DT_DEPAUDIT dynamic
877 		 * entry) that can't be established is fatal.
878 		 */
879 		if (audit_setup(mlmp, AUDITORS(mlmp)) == 0)
880 			return (0);
881 
882 		FLAGS1(mlmp) |= AUDITORS(mlmp)->ad_flags;
883 		lml_main.lm_flags |= LML_FLG_LOCAUDIT;
884 	}
885 
886 	/*
887 	 * Explicitly add the initial object and ld.so.1 to those objects being
888 	 * audited.  Note, although the ld.so.1 link-map isn't auditable,
889 	 * establish a cookie for ld.so.1 as this may be bound to via the
890 	 * dl*() family.
891 	 */
892 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_MASK) {
893 		if (((audit_objopen(mlmp, mlmp) == 0) ||
894 		    (audit_objopen(mlmp, rlmp) == 0)) &&
895 		    (FLAGS1(mlmp) & LML_TFLG_AUD_MASK))
896 			return (0);
897 	}
898 
899 	/*
900 	 * Map in any preloadable shared objects.  Note, it is valid to preload
901 	 * a 4.x shared object with a 5.0 executable (or visa-versa), as this
902 	 * functionality is required by ldd(1).
903 	 */
904 	if (rpl_preload && (preload(rpl_preload, mlmp) == 0))
905 		return (0);
906 	if (prm_preload && (preload(prm_preload, mlmp) == 0))
907 		return (0);
908 
909 	/*
910 	 * Load all dependent (needed) objects.
911 	 */
912 	if (analyze_lmc(&lml_main, ALO_DATA, mlmp) == 0)
913 		return (0);
914 
915 	/*
916 	 * Relocate all the dependencies we've just added.
917 	 *
918 	 * If this process has been established via crle(1), the environment
919 	 * variable LD_CONFGEN will have been set.  crle(1) may create this
920 	 * process twice.  The first time crle only needs to gather dependency
921 	 * information.  The second time, is to dldump() the images.
922 	 *
923 	 * If we're only gathering dependencies, relocation is unnecessary.
924 	 * As crle(1) may be building an arbitrary family of objects, they may
925 	 * not fully relocate either.  Hence the relocation phase is not carried
926 	 * out now, but will be called by crle(1) once all objects have been
927 	 * loaded.
928 	 */
929 	if ((rtld_flags & RT_FL_CONFGEN) == 0) {
930 		Word	lmflags;
931 
932 		DBG_CALL(Dbg_file_nl());
933 
934 		if (relocate_lmc(&lml_main, ALO_DATA, mlmp) == 0)
935 			return (0);
936 
937 		/*
938 		 * Sort the .init sections of all objects we've added.  If
939 		 * we're tracing we only need to execute this under ldd(1)
940 		 * with the -i or -u options.
941 		 */
942 		lmflags = lml_main.lm_flags;
943 		if (((lmflags & LML_FLG_TRC_ENABLE) == 0) ||
944 		    (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) {
945 			if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init,
946 			    RT_SORT_REV)) == (Rt_map **)S_ERROR)
947 				return (0);
948 		}
949 
950 		/*
951 		 * If we are tracing we're done.  This is the one legitimate use
952 		 * of a direct call to rtldexit() rather than return, as we
953 		 * don't want to return and jump to the application.
954 		 */
955 		if (lmflags & LML_FLG_TRC_ENABLE) {
956 			unused(&lml_main);
957 			rtldexit(&lml_main, 0);
958 		}
959 
960 		/*
961 		 * Inform the debuggers we're here and stable.  Newer debuggers
962 		 * can indicate their presence by setting the DT_DEBUG entry in
963 		 * the dynamic executable (see elf_new_lm()).  In this case call
964 		 * getpid() so the debugger can catch the system call.  This
965 		 * handshake allows the debugger to initialize, and consequently
966 		 * allows the user to set break points in .init code.
967 		 */
968 		rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT);
969 		rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT);
970 
971 		if (rtld_flags & RT_FL_DEBUGGER) {
972 			r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG;
973 			(void) getpid();
974 		}
975 
976 		/*
977 		 * Initialize any initial TLS storage.
978 		 */
979 		if (tls_report_modules() == 0)
980 			return (0);
981 	}
982 
983 	/*
984 	 * Call any necessary auditing routines, clean up any file descriptors
985 	 * and such, and then fire all dependencies .init sections.
986 	 */
987 	rtld_flags |= RT_FL_APPLIC;
988 
989 	rd_event(&lml_main, RD_PREINIT, 0);
990 
991 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_ACTIVITY)
992 		audit_activity(mlmp, LA_ACT_CONSISTENT);
993 	if ((lml_main.lm_tflags | FLAGS1(mlmp)) & LML_TFLG_AUD_PREINIT)
994 		audit_preinit(mlmp);
995 
996 	call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp,
997 		SHT_PREINIT_ARRAY);
998 
999 	if (tobj)
1000 		call_init(tobj, DBG_INIT_SORT);
1001 
1002 	rd_event(&lml_main, RD_POSTINIT, 0);
1003 
1004 	unused(&lml_main);
1005 
1006 	DBG_CALL(Dbg_util_call_main(NAME(mlmp)));
1007 
1008 	leave(LIST(mlmp));
1009 
1010 	return (mlmp);
1011 }
1012