xref: /titanic_50/usr/src/lib/libproc/common/Psymtab.c (revision 49f9b365248ee858ee91baa36eab27c5200f6dca)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #include <assert.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <stddef.h>
30 #include <unistd.h>
31 #include <ctype.h>
32 #include <fcntl.h>
33 #include <string.h>
34 #include <strings.h>
35 #include <memory.h>
36 #include <errno.h>
37 #include <dirent.h>
38 #include <signal.h>
39 #include <limits.h>
40 #include <libgen.h>
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <sys/systeminfo.h>
44 #include <sys/sysmacros.h>
45 
46 #include "libproc.h"
47 #include "Pcontrol.h"
48 #include "Putil.h"
49 #include "Psymtab_machelf.h"
50 
51 static file_info_t *build_map_symtab(struct ps_prochandle *, map_info_t *);
52 static map_info_t *exec_map(struct ps_prochandle *);
53 static map_info_t *object_to_map(struct ps_prochandle *, Lmid_t, const char *);
54 static map_info_t *object_name_to_map(struct ps_prochandle *,
55 	Lmid_t, const char *);
56 static GElf_Sym *sym_by_name(sym_tbl_t *, const char *, GElf_Sym *, uint_t *);
57 static int read_ehdr32(struct ps_prochandle *, Elf32_Ehdr *, uint_t *,
58     uintptr_t);
59 #ifdef _LP64
60 static int read_ehdr64(struct ps_prochandle *, Elf64_Ehdr *, uint_t *,
61     uintptr_t);
62 #endif
63 
64 #define	DATA_TYPES	\
65 	((1 << STT_OBJECT) | (1 << STT_FUNC) | \
66 	(1 << STT_COMMON) | (1 << STT_TLS))
67 #define	IS_DATA_TYPE(tp)	(((1 << (tp)) & DATA_TYPES) != 0)
68 
69 #define	MA_RWX	(MA_READ | MA_WRITE | MA_EXEC)
70 
71 typedef enum {
72 	PRO_NATURAL,
73 	PRO_BYADDR,
74 	PRO_BYNAME
75 } pr_order_t;
76 
77 static int
78 addr_cmp(const void *aa, const void *bb)
79 {
80 	uintptr_t a = *((uintptr_t *)aa);
81 	uintptr_t b = *((uintptr_t *)bb);
82 
83 	if (a > b)
84 		return (1);
85 	if (a < b)
86 		return (-1);
87 	return (0);
88 }
89 
90 /*
91  * This function creates a list of addresses for a load object's sections.
92  * The list is in ascending address order and alternates start address
93  * then end address for each section we're interested in. The function
94  * returns a pointer to the list, which must be freed by the caller.
95  */
96 static uintptr_t *
97 get_saddrs(struct ps_prochandle *P, uintptr_t ehdr_start, uint_t *n)
98 {
99 	uintptr_t a, addr, *addrs, last = 0;
100 	uint_t i, naddrs = 0, unordered = 0;
101 
102 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
103 		Elf32_Ehdr ehdr;
104 		Elf32_Phdr phdr;
105 		uint_t phnum;
106 
107 		if (read_ehdr32(P, &ehdr, &phnum, ehdr_start) != 0)
108 			return (NULL);
109 
110 		addrs = malloc(sizeof (uintptr_t) * phnum * 2);
111 		a = ehdr_start + ehdr.e_phoff;
112 		for (i = 0; i < phnum; i++, a += ehdr.e_phentsize) {
113 			if (Pread(P, &phdr, sizeof (phdr), a) !=
114 			    sizeof (phdr)) {
115 				free(addrs);
116 				return (NULL);
117 			}
118 			if (phdr.p_type != PT_LOAD || phdr.p_memsz == 0)
119 				continue;
120 
121 			addr = phdr.p_vaddr;
122 			if (ehdr.e_type == ET_DYN)
123 				addr += ehdr_start;
124 			if (last > addr)
125 				unordered = 1;
126 			addrs[naddrs++] = addr;
127 			addrs[naddrs++] = last = addr + phdr.p_memsz - 1;
128 		}
129 #ifdef _LP64
130 	} else {
131 		Elf64_Ehdr ehdr;
132 		Elf64_Phdr phdr;
133 		uint_t phnum;
134 
135 		if (read_ehdr64(P, &ehdr, &phnum, ehdr_start) != 0)
136 			return (NULL);
137 
138 		addrs = malloc(sizeof (uintptr_t) * phnum * 2);
139 		a = ehdr_start + ehdr.e_phoff;
140 		for (i = 0; i < phnum; i++, a += ehdr.e_phentsize) {
141 			if (Pread(P, &phdr, sizeof (phdr), a) !=
142 			    sizeof (phdr)) {
143 				free(addrs);
144 				return (NULL);
145 			}
146 			if (phdr.p_type != PT_LOAD || phdr.p_memsz == 0)
147 				continue;
148 
149 			addr = phdr.p_vaddr;
150 			if (ehdr.e_type == ET_DYN)
151 				addr += ehdr_start;
152 			if (last > addr)
153 				unordered = 1;
154 			addrs[naddrs++] = addr;
155 			addrs[naddrs++] = last = addr + phdr.p_memsz - 1;
156 		}
157 #endif
158 	}
159 
160 	if (unordered)
161 		qsort(addrs, naddrs, sizeof (uintptr_t), addr_cmp);
162 
163 	*n = naddrs;
164 	return (addrs);
165 }
166 
167 /*
168  * Allocation function for a new file_info_t
169  */
170 file_info_t *
171 file_info_new(struct ps_prochandle *P, map_info_t *mptr)
172 {
173 	file_info_t *fptr;
174 	map_info_t *mp;
175 	uintptr_t mstart, mend, sstart, send;
176 	uint_t i;
177 
178 	if ((fptr = calloc(1, sizeof (file_info_t))) == NULL)
179 		return (NULL);
180 
181 	list_link(fptr, &P->file_head);
182 	(void) strcpy(fptr->file_pname, mptr->map_pmap.pr_mapname);
183 	mptr->map_file = fptr;
184 	fptr->file_ref = 1;
185 	fptr->file_fd = -1;
186 	P->num_files++;
187 
188 	/*
189 	 * To figure out which map_info_t instances correspond to the mappings
190 	 * for this load object we try to obtain the start and end address
191 	 * for each section of our in-memory ELF image. If successful, we
192 	 * walk down the list of addresses and the list of map_info_t
193 	 * instances in lock step to correctly find the mappings that
194 	 * correspond to this load object.
195 	 */
196 	if ((fptr->file_saddrs = get_saddrs(P, mptr->map_pmap.pr_vaddr,
197 	    &fptr->file_nsaddrs)) == NULL)
198 		return (fptr);
199 
200 	mp = P->mappings;
201 	i = 0;
202 	while (mp < P->mappings + P->map_count && i < fptr->file_nsaddrs) {
203 
204 		/* Calculate the start and end of the mapping and section */
205 		mstart = mp->map_pmap.pr_vaddr;
206 		mend = mp->map_pmap.pr_vaddr + mp->map_pmap.pr_size;
207 		sstart = fptr->file_saddrs[i];
208 		send = fptr->file_saddrs[i + 1];
209 
210 		if (mend <= sstart) {
211 			/* This mapping is below the current section */
212 			mp++;
213 		} else if (mstart >= send) {
214 			/* This mapping is above the current section */
215 			i += 2;
216 		} else {
217 			/* This mapping overlaps the current section */
218 			if (mp->map_file == NULL) {
219 				dprintf("file_info_new: associating "
220 				    "segment at %p\n",
221 				    (void *)mp->map_pmap.pr_vaddr);
222 				mp->map_file = fptr;
223 				fptr->file_ref++;
224 			} else {
225 				dprintf("file_info_new: segment at %p "
226 				    "already associated with %s\n",
227 				    (void *)mp->map_pmap.pr_vaddr,
228 				    (mp == mptr ? "this file" :
229 				    mp->map_file->file_pname));
230 			}
231 			mp++;
232 		}
233 	}
234 
235 	return (fptr);
236 }
237 
238 /*
239  * Deallocation function for a file_info_t
240  */
241 static void
242 file_info_free(struct ps_prochandle *P, file_info_t *fptr)
243 {
244 	if (--fptr->file_ref == 0) {
245 		list_unlink(fptr);
246 		if (fptr->file_symtab.sym_elf) {
247 			(void) elf_end(fptr->file_symtab.sym_elf);
248 			free(fptr->file_symtab.sym_elfmem);
249 		}
250 		if (fptr->file_symtab.sym_byname)
251 			free(fptr->file_symtab.sym_byname);
252 		if (fptr->file_symtab.sym_byaddr)
253 			free(fptr->file_symtab.sym_byaddr);
254 
255 		if (fptr->file_dynsym.sym_elf) {
256 			(void) elf_end(fptr->file_dynsym.sym_elf);
257 			free(fptr->file_dynsym.sym_elfmem);
258 		}
259 		if (fptr->file_dynsym.sym_byname)
260 			free(fptr->file_dynsym.sym_byname);
261 		if (fptr->file_dynsym.sym_byaddr)
262 			free(fptr->file_dynsym.sym_byaddr);
263 
264 		if (fptr->file_lo)
265 			free(fptr->file_lo);
266 		if (fptr->file_lname)
267 			free(fptr->file_lname);
268 		if (fptr->file_rname)
269 			free(fptr->file_rname);
270 		if (fptr->file_elf)
271 			(void) elf_end(fptr->file_elf);
272 		if (fptr->file_elfmem != NULL)
273 			free(fptr->file_elfmem);
274 		if (fptr->file_fd >= 0)
275 			(void) close(fptr->file_fd);
276 		if (fptr->file_ctfp) {
277 			ctf_close(fptr->file_ctfp);
278 			free(fptr->file_ctf_buf);
279 		}
280 		if (fptr->file_saddrs)
281 			free(fptr->file_saddrs);
282 		free(fptr);
283 		P->num_files--;
284 	}
285 }
286 
287 /*
288  * Deallocation function for a map_info_t
289  */
290 static void
291 map_info_free(struct ps_prochandle *P, map_info_t *mptr)
292 {
293 	file_info_t *fptr;
294 
295 	if ((fptr = mptr->map_file) != NULL) {
296 		if (fptr->file_map == mptr)
297 			fptr->file_map = NULL;
298 		file_info_free(P, fptr);
299 	}
300 	if (P->execname && mptr == P->map_exec) {
301 		free(P->execname);
302 		P->execname = NULL;
303 	}
304 	if (P->auxv && (mptr == P->map_exec || mptr == P->map_ldso)) {
305 		free(P->auxv);
306 		P->auxv = NULL;
307 		P->nauxv = 0;
308 	}
309 	if (mptr == P->map_exec)
310 		P->map_exec = NULL;
311 	if (mptr == P->map_ldso)
312 		P->map_ldso = NULL;
313 }
314 
315 /*
316  * Call-back function for librtld_db to iterate through all of its shared
317  * libraries.  We use this to get the load object names for the mappings.
318  */
319 static int
320 map_iter(const rd_loadobj_t *lop, void *cd)
321 {
322 	char buf[PATH_MAX];
323 	struct ps_prochandle *P = cd;
324 	map_info_t *mptr;
325 	file_info_t *fptr;
326 
327 	dprintf("encountered rd object at %p\n", (void *)lop->rl_base);
328 
329 	if ((mptr = Paddr2mptr(P, lop->rl_base)) == NULL) {
330 		dprintf("map_iter: base address doesn't match any mapping\n");
331 		return (1); /* Base address does not match any mapping */
332 	}
333 
334 	if ((fptr = mptr->map_file) == NULL &&
335 	    (fptr = file_info_new(P, mptr)) == NULL) {
336 		dprintf("map_iter: failed to allocate a new file_info_t\n");
337 		return (1); /* Failed to allocate a new file_info_t */
338 	}
339 
340 	if ((fptr->file_lo == NULL) &&
341 	    (fptr->file_lo = malloc(sizeof (rd_loadobj_t))) == NULL) {
342 		dprintf("map_iter: failed to allocate rd_loadobj_t\n");
343 		file_info_free(P, fptr);
344 		return (1); /* Failed to allocate rd_loadobj_t */
345 	}
346 
347 	fptr->file_map = mptr;
348 	*fptr->file_lo = *lop;
349 
350 	fptr->file_lo->rl_plt_base = fptr->file_plt_base;
351 	fptr->file_lo->rl_plt_size = fptr->file_plt_size;
352 
353 	if (fptr->file_lname) {
354 		free(fptr->file_lname);
355 		fptr->file_lname = NULL;
356 		fptr->file_lbase = NULL;
357 	}
358 	if (fptr->file_rname) {
359 		free(fptr->file_rname);
360 		fptr->file_rname = NULL;
361 		fptr->file_rbase = NULL;
362 	}
363 
364 	if (Pread_string(P, buf, sizeof (buf), lop->rl_nameaddr) > 0) {
365 		if ((fptr->file_lname = strdup(buf)) != NULL)
366 			fptr->file_lbase = basename(fptr->file_lname);
367 	} else {
368 		dprintf("map_iter: failed to read string at %p\n",
369 		    (void *)lop->rl_nameaddr);
370 	}
371 
372 	if ((Pfindmap(P, mptr, buf, sizeof (buf)) != NULL) &&
373 	    ((fptr->file_rname = strdup(buf)) != NULL))
374 		fptr->file_rbase = basename(fptr->file_rname);
375 
376 	dprintf("loaded rd object %s lmid %lx\n",
377 	    fptr->file_lname ? buf : "<NULL>", lop->rl_lmident);
378 	return (1);
379 }
380 
381 static void
382 map_set(struct ps_prochandle *P, map_info_t *mptr, const char *lname)
383 {
384 	file_info_t *fptr;
385 	char buf[PATH_MAX];
386 
387 	if ((fptr = mptr->map_file) == NULL &&
388 	    (fptr = file_info_new(P, mptr)) == NULL)
389 		return; /* Failed to allocate a new file_info_t */
390 
391 	fptr->file_map = mptr;
392 
393 	if ((fptr->file_lo == NULL) &&
394 	    (fptr->file_lo = malloc(sizeof (rd_loadobj_t))) == NULL) {
395 		file_info_free(P, fptr);
396 		return; /* Failed to allocate rd_loadobj_t */
397 	}
398 
399 	(void) memset(fptr->file_lo, 0, sizeof (rd_loadobj_t));
400 	fptr->file_lo->rl_base = mptr->map_pmap.pr_vaddr;
401 	fptr->file_lo->rl_bend =
402 	    mptr->map_pmap.pr_vaddr + mptr->map_pmap.pr_size;
403 
404 	fptr->file_lo->rl_plt_base = fptr->file_plt_base;
405 	fptr->file_lo->rl_plt_size = fptr->file_plt_size;
406 
407 	if ((fptr->file_lname == NULL) &&
408 	    (fptr->file_lname = strdup(lname)) != NULL)
409 		fptr->file_lbase = basename(fptr->file_lname);
410 
411 	if ((Pfindmap(P, mptr, buf, sizeof (buf)) != NULL) &&
412 	    ((fptr->file_rname = strdup(buf)) != NULL))
413 		fptr->file_rbase = basename(fptr->file_rname);
414 }
415 
416 static void
417 load_static_maps(struct ps_prochandle *P)
418 {
419 	map_info_t *mptr;
420 
421 	/*
422 	 * Construct the map for the a.out.
423 	 */
424 	if ((mptr = object_name_to_map(P, PR_LMID_EVERY, PR_OBJ_EXEC)) != NULL)
425 		map_set(P, mptr, "a.out");
426 
427 	/*
428 	 * If the dynamic linker exists for this process,
429 	 * construct the map for it.
430 	 */
431 	if (Pgetauxval(P, AT_BASE) != -1L &&
432 	    (mptr = object_name_to_map(P, PR_LMID_EVERY, PR_OBJ_LDSO)) != NULL)
433 		map_set(P, mptr, "ld.so.1");
434 }
435 
436 /*
437  * Go through all the address space mappings, validating or updating
438  * the information already gathered, or gathering new information.
439  *
440  * This function is only called when we suspect that the mappings have changed
441  * because this is the first time we're calling it or because of rtld activity.
442  */
443 void
444 Pupdate_maps(struct ps_prochandle *P)
445 {
446 	char mapfile[PATH_MAX];
447 	int mapfd;
448 	struct stat statb;
449 	prmap_t *Pmap = NULL;
450 	prmap_t *pmap;
451 	ssize_t nmap;
452 	int i;
453 	uint_t oldmapcount;
454 	map_info_t *newmap, *newp;
455 	map_info_t *mptr;
456 
457 	if (P->info_valid || P->state == PS_UNDEAD)
458 		return;
459 
460 	Preadauxvec(P);
461 
462 	(void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
463 	    procfs_path, (int)P->pid);
464 	if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
465 	    fstat(mapfd, &statb) != 0 ||
466 	    statb.st_size < sizeof (prmap_t) ||
467 	    (Pmap = malloc(statb.st_size)) == NULL ||
468 	    (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
469 	    (nmap /= sizeof (prmap_t)) == 0) {
470 		if (Pmap != NULL)
471 			free(Pmap);
472 		if (mapfd >= 0)
473 			(void) close(mapfd);
474 		Preset_maps(P);	/* utter failure; destroy tables */
475 		return;
476 	}
477 	(void) close(mapfd);
478 
479 	if ((newmap = calloc(1, nmap * sizeof (map_info_t))) == NULL)
480 		return;
481 
482 	/*
483 	 * We try to merge any file information we may have for existing
484 	 * mappings, to avoid having to rebuild the file info.
485 	 */
486 	mptr = P->mappings;
487 	pmap = Pmap;
488 	newp = newmap;
489 	oldmapcount = P->map_count;
490 	for (i = 0; i < nmap; i++, pmap++, newp++) {
491 
492 		if (oldmapcount == 0) {
493 			/*
494 			 * We've exhausted all the old mappings.  Every new
495 			 * mapping should be added.
496 			 */
497 			newp->map_pmap = *pmap;
498 
499 		} else if (pmap->pr_vaddr == mptr->map_pmap.pr_vaddr &&
500 		    pmap->pr_size == mptr->map_pmap.pr_size &&
501 		    pmap->pr_offset == mptr->map_pmap.pr_offset &&
502 		    (pmap->pr_mflags & ~(MA_BREAK | MA_STACK)) ==
503 		    (mptr->map_pmap.pr_mflags & ~(MA_BREAK | MA_STACK)) &&
504 		    pmap->pr_pagesize == mptr->map_pmap.pr_pagesize &&
505 		    pmap->pr_shmid == mptr->map_pmap.pr_shmid &&
506 		    strcmp(pmap->pr_mapname, mptr->map_pmap.pr_mapname) == 0) {
507 
508 			/*
509 			 * This mapping matches exactly.  Copy over the old
510 			 * mapping, taking care to get the latest flags.
511 			 * Make sure the associated file_info_t is updated
512 			 * appropriately.
513 			 */
514 			*newp = *mptr;
515 			if (P->map_exec == mptr)
516 				P->map_exec = newp;
517 			if (P->map_ldso == mptr)
518 				P->map_ldso = newp;
519 			newp->map_pmap.pr_mflags = pmap->pr_mflags;
520 			if (mptr->map_file != NULL &&
521 			    mptr->map_file->file_map == mptr)
522 				mptr->map_file->file_map = newp;
523 			oldmapcount--;
524 			mptr++;
525 
526 		} else if (pmap->pr_vaddr + pmap->pr_size >
527 		    mptr->map_pmap.pr_vaddr) {
528 
529 			/*
530 			 * The old mapping doesn't exist any more, remove it
531 			 * from the list.
532 			 */
533 			map_info_free(P, mptr);
534 			oldmapcount--;
535 			i--;
536 			newp--;
537 			pmap--;
538 			mptr++;
539 
540 		} else {
541 
542 			/*
543 			 * This is a new mapping, add it directly.
544 			 */
545 			newp->map_pmap = *pmap;
546 		}
547 	}
548 
549 	/*
550 	 * Free any old maps
551 	 */
552 	while (oldmapcount) {
553 		map_info_free(P, mptr);
554 		oldmapcount--;
555 		mptr++;
556 	}
557 
558 	free(Pmap);
559 	if (P->mappings != NULL)
560 		free(P->mappings);
561 	P->mappings = newmap;
562 	P->map_count = P->map_alloc = nmap;
563 	P->info_valid = 1;
564 
565 	/*
566 	 * Consult librtld_db to get the load object
567 	 * names for all of the shared libraries.
568 	 */
569 	if (P->rap != NULL)
570 		(void) rd_loadobj_iter(P->rap, map_iter, P);
571 }
572 
573 /*
574  * Update all of the mappings and rtld_db as if by Pupdate_maps(), and then
575  * forcibly cache all of the symbol tables associated with all object files.
576  */
577 void
578 Pupdate_syms(struct ps_prochandle *P)
579 {
580 	file_info_t *fptr;
581 	int i;
582 
583 	Pupdate_maps(P);
584 
585 	for (i = 0, fptr = list_next(&P->file_head); i < P->num_files;
586 	    i++, fptr = list_next(fptr)) {
587 		Pbuild_file_symtab(P, fptr);
588 		(void) Pbuild_file_ctf(P, fptr);
589 	}
590 }
591 
592 /*
593  * Return the librtld_db agent handle for the victim process.
594  * The handle will become invalid at the next successful exec() and the
595  * client (caller of proc_rd_agent()) must not use it beyond that point.
596  * If the process is already dead, we've already tried our best to
597  * create the agent during core file initialization.
598  */
599 rd_agent_t *
600 Prd_agent(struct ps_prochandle *P)
601 {
602 	if (P->rap == NULL && P->state != PS_DEAD && P->state != PS_IDLE) {
603 		Pupdate_maps(P);
604 		if (P->num_files == 0)
605 			load_static_maps(P);
606 		rd_log(_libproc_debug);
607 		if ((P->rap = rd_new(P)) != NULL)
608 			(void) rd_loadobj_iter(P->rap, map_iter, P);
609 	}
610 	return (P->rap);
611 }
612 
613 /*
614  * Return the prmap_t structure containing 'addr', but only if it
615  * is in the dynamic linker's link map and is the text section.
616  */
617 const prmap_t *
618 Paddr_to_text_map(struct ps_prochandle *P, uintptr_t addr)
619 {
620 	map_info_t *mptr;
621 
622 	if (!P->info_valid)
623 		Pupdate_maps(P);
624 
625 	if ((mptr = Paddr2mptr(P, addr)) != NULL) {
626 		file_info_t *fptr = build_map_symtab(P, mptr);
627 		const prmap_t *pmp = &mptr->map_pmap;
628 
629 		/*
630 		 * Assume that if rl_data_base is NULL, it means that no
631 		 * data section was found for this load object, and that
632 		 * a section must be text. Otherwise, a section will be
633 		 * text unless it ends above the start of the data
634 		 * section.
635 		 */
636 		if (fptr != NULL && fptr->file_lo != NULL &&
637 		    (fptr->file_lo->rl_data_base == NULL ||
638 		    pmp->pr_vaddr + pmp->pr_size <=
639 		    fptr->file_lo->rl_data_base))
640 			return (pmp);
641 	}
642 
643 	return (NULL);
644 }
645 
646 /*
647  * Return the prmap_t structure containing 'addr' (no restrictions on
648  * the type of mapping).
649  */
650 const prmap_t *
651 Paddr_to_map(struct ps_prochandle *P, uintptr_t addr)
652 {
653 	map_info_t *mptr;
654 
655 	if (!P->info_valid)
656 		Pupdate_maps(P);
657 
658 	if ((mptr = Paddr2mptr(P, addr)) != NULL)
659 		return (&mptr->map_pmap);
660 
661 	return (NULL);
662 }
663 
664 /*
665  * Convert a full or partial load object name to the prmap_t for its
666  * corresponding primary text mapping.
667  */
668 const prmap_t *
669 Plmid_to_map(struct ps_prochandle *P, Lmid_t lmid, const char *name)
670 {
671 	map_info_t *mptr;
672 
673 	if (name == PR_OBJ_EVERY)
674 		return (NULL); /* A reasonable mistake */
675 
676 	if ((mptr = object_name_to_map(P, lmid, name)) != NULL)
677 		return (&mptr->map_pmap);
678 
679 	return (NULL);
680 }
681 
682 const prmap_t *
683 Pname_to_map(struct ps_prochandle *P, const char *name)
684 {
685 	return (Plmid_to_map(P, PR_LMID_EVERY, name));
686 }
687 
688 const rd_loadobj_t *
689 Paddr_to_loadobj(struct ps_prochandle *P, uintptr_t addr)
690 {
691 	map_info_t *mptr;
692 
693 	if (!P->info_valid)
694 		Pupdate_maps(P);
695 
696 	if ((mptr = Paddr2mptr(P, addr)) == NULL)
697 		return (NULL);
698 
699 	/*
700 	 * By building the symbol table, we implicitly bring the PLT
701 	 * information up to date in the load object.
702 	 */
703 	(void) build_map_symtab(P, mptr);
704 
705 	return (mptr->map_file->file_lo);
706 }
707 
708 const rd_loadobj_t *
709 Plmid_to_loadobj(struct ps_prochandle *P, Lmid_t lmid, const char *name)
710 {
711 	map_info_t *mptr;
712 
713 	if (name == PR_OBJ_EVERY)
714 		return (NULL);
715 
716 	if ((mptr = object_name_to_map(P, lmid, name)) == NULL)
717 		return (NULL);
718 
719 	/*
720 	 * By building the symbol table, we implicitly bring the PLT
721 	 * information up to date in the load object.
722 	 */
723 	(void) build_map_symtab(P, mptr);
724 
725 	return (mptr->map_file->file_lo);
726 }
727 
728 const rd_loadobj_t *
729 Pname_to_loadobj(struct ps_prochandle *P, const char *name)
730 {
731 	return (Plmid_to_loadobj(P, PR_LMID_EVERY, name));
732 }
733 
734 ctf_file_t *
735 Pbuild_file_ctf(struct ps_prochandle *P, file_info_t *fptr)
736 {
737 	ctf_sect_t ctdata, symtab, strtab;
738 	sym_tbl_t *symp;
739 	int err;
740 
741 	if (fptr->file_ctfp != NULL)
742 		return (fptr->file_ctfp);
743 
744 	Pbuild_file_symtab(P, fptr);
745 
746 	if (fptr->file_ctf_size == 0)
747 		return (NULL);
748 
749 	symp = fptr->file_ctf_dyn ? &fptr->file_dynsym : &fptr->file_symtab;
750 	if (symp->sym_data_pri == NULL)
751 		return (NULL);
752 
753 	/*
754 	 * The buffer may alread be allocated if this is a core file that
755 	 * contained CTF data for this file.
756 	 */
757 	if (fptr->file_ctf_buf == NULL) {
758 		fptr->file_ctf_buf = malloc(fptr->file_ctf_size);
759 		if (fptr->file_ctf_buf == NULL) {
760 			dprintf("failed to allocate ctf buffer\n");
761 			return (NULL);
762 		}
763 
764 		if (pread(fptr->file_fd, fptr->file_ctf_buf,
765 		    fptr->file_ctf_size, fptr->file_ctf_off) !=
766 		    fptr->file_ctf_size) {
767 			free(fptr->file_ctf_buf);
768 			fptr->file_ctf_buf = NULL;
769 			dprintf("failed to read ctf data\n");
770 			return (NULL);
771 		}
772 	}
773 
774 	ctdata.cts_name = ".SUNW_ctf";
775 	ctdata.cts_type = SHT_PROGBITS;
776 	ctdata.cts_flags = 0;
777 	ctdata.cts_data = fptr->file_ctf_buf;
778 	ctdata.cts_size = fptr->file_ctf_size;
779 	ctdata.cts_entsize = 1;
780 	ctdata.cts_offset = 0;
781 
782 	symtab.cts_name = fptr->file_ctf_dyn ? ".dynsym" : ".symtab";
783 	symtab.cts_type = symp->sym_hdr_pri.sh_type;
784 	symtab.cts_flags = symp->sym_hdr_pri.sh_flags;
785 	symtab.cts_data = symp->sym_data_pri->d_buf;
786 	symtab.cts_size = symp->sym_hdr_pri.sh_size;
787 	symtab.cts_entsize = symp->sym_hdr_pri.sh_entsize;
788 	symtab.cts_offset = symp->sym_hdr_pri.sh_offset;
789 
790 	strtab.cts_name = fptr->file_ctf_dyn ? ".dynstr" : ".strtab";
791 	strtab.cts_type = symp->sym_strhdr.sh_type;
792 	strtab.cts_flags = symp->sym_strhdr.sh_flags;
793 	strtab.cts_data = symp->sym_strs;
794 	strtab.cts_size = symp->sym_strhdr.sh_size;
795 	strtab.cts_entsize = symp->sym_strhdr.sh_entsize;
796 	strtab.cts_offset = symp->sym_strhdr.sh_offset;
797 
798 	fptr->file_ctfp = ctf_bufopen(&ctdata, &symtab, &strtab, &err);
799 	if (fptr->file_ctfp == NULL) {
800 		dprintf("ctf_bufopen() failed, error code %d\n", err);
801 		free(fptr->file_ctf_buf);
802 		fptr->file_ctf_buf = NULL;
803 		return (NULL);
804 	}
805 
806 	dprintf("loaded %lu bytes of CTF data for %s\n",
807 	    (ulong_t)fptr->file_ctf_size, fptr->file_pname);
808 
809 	return (fptr->file_ctfp);
810 }
811 
812 ctf_file_t *
813 Paddr_to_ctf(struct ps_prochandle *P, uintptr_t addr)
814 {
815 	map_info_t *mptr;
816 	file_info_t *fptr;
817 
818 	if (!P->info_valid)
819 		Pupdate_maps(P);
820 
821 	if ((mptr = Paddr2mptr(P, addr)) == NULL ||
822 	    (fptr = mptr->map_file) == NULL)
823 		return (NULL);
824 
825 	return (Pbuild_file_ctf(P, fptr));
826 }
827 
828 ctf_file_t *
829 Plmid_to_ctf(struct ps_prochandle *P, Lmid_t lmid, const char *name)
830 {
831 	map_info_t *mptr;
832 	file_info_t *fptr;
833 
834 	if (name == PR_OBJ_EVERY)
835 		return (NULL);
836 
837 	if ((mptr = object_name_to_map(P, lmid, name)) == NULL ||
838 	    (fptr = mptr->map_file) == NULL)
839 		return (NULL);
840 
841 	return (Pbuild_file_ctf(P, fptr));
842 }
843 
844 ctf_file_t *
845 Pname_to_ctf(struct ps_prochandle *P, const char *name)
846 {
847 	return (Plmid_to_ctf(P, PR_LMID_EVERY, name));
848 }
849 
850 /*
851  * If we're not a core file, re-read the /proc/<pid>/auxv file and store
852  * its contents in P->auxv.  In the case of a core file, we either
853  * initialized P->auxv in Pcore() from the NT_AUXV, or we don't have an
854  * auxv because the note was missing.
855  */
856 void
857 Preadauxvec(struct ps_prochandle *P)
858 {
859 	char auxfile[64];
860 	struct stat statb;
861 	ssize_t naux;
862 	int fd;
863 
864 	if (P->state == PS_DEAD)
865 		return; /* Already read during Pgrab_core() */
866 	if (P->state == PS_IDLE)
867 		return; /* No aux vec for Pgrab_file() */
868 
869 	if (P->auxv != NULL) {
870 		free(P->auxv);
871 		P->auxv = NULL;
872 		P->nauxv = 0;
873 	}
874 
875 	(void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
876 	    procfs_path, (int)P->pid);
877 	if ((fd = open(auxfile, O_RDONLY)) < 0)
878 		return;
879 
880 	if (fstat(fd, &statb) == 0 &&
881 	    statb.st_size >= sizeof (auxv_t) &&
882 	    (P->auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
883 		if ((naux = read(fd, P->auxv, statb.st_size)) < 0 ||
884 		    (naux /= sizeof (auxv_t)) < 1) {
885 			free(P->auxv);
886 			P->auxv = NULL;
887 		} else {
888 			P->auxv[naux].a_type = AT_NULL;
889 			P->auxv[naux].a_un.a_val = 0L;
890 			P->nauxv = (int)naux;
891 		}
892 	}
893 
894 	(void) close(fd);
895 }
896 
897 /*
898  * Return a requested element from the process's aux vector.
899  * Return -1 on failure (this is adequate for our purposes).
900  */
901 long
902 Pgetauxval(struct ps_prochandle *P, int type)
903 {
904 	auxv_t *auxv;
905 
906 	if (P->auxv == NULL)
907 		Preadauxvec(P);
908 
909 	if (P->auxv == NULL)
910 		return (-1);
911 
912 	for (auxv = P->auxv; auxv->a_type != AT_NULL; auxv++) {
913 		if (auxv->a_type == type)
914 			return (auxv->a_un.a_val);
915 	}
916 
917 	return (-1);
918 }
919 
920 /*
921  * Return a pointer to our internal copy of the process's aux vector.
922  * The caller should not hold on to this pointer across any libproc calls.
923  */
924 const auxv_t *
925 Pgetauxvec(struct ps_prochandle *P)
926 {
927 	static const auxv_t empty = { AT_NULL, 0L };
928 
929 	if (P->auxv == NULL)
930 		Preadauxvec(P);
931 
932 	if (P->auxv == NULL)
933 		return (&empty);
934 
935 	return (P->auxv);
936 }
937 
938 /*
939  * Return 1 if the given mapping corresponds to the given file_info_t's
940  * load object; return 0 otherwise.
941  */
942 static int
943 is_mapping_in_file(struct ps_prochandle *P, map_info_t *mptr, file_info_t *fptr)
944 {
945 	prmap_t *pmap = &mptr->map_pmap;
946 	rd_loadobj_t *lop = fptr->file_lo;
947 	uint_t i;
948 	uintptr_t mstart, mend, sstart, send;
949 
950 	/*
951 	 * We can get for free the start address of the text and data
952 	 * sections of the load object. Start by seeing if the mapping
953 	 * encloses either of these.
954 	 */
955 	if ((pmap->pr_vaddr <= lop->rl_base &&
956 	    lop->rl_base < pmap->pr_vaddr + pmap->pr_size) ||
957 	    (pmap->pr_vaddr <= lop->rl_data_base &&
958 	    lop->rl_data_base < pmap->pr_vaddr + pmap->pr_size))
959 		return (1);
960 
961 	/*
962 	 * It's still possible that this mapping correponds to the load
963 	 * object. Consider the example of a mapping whose start and end
964 	 * addresses correspond to those of the load object's text section.
965 	 * If the mapping splits, e.g. as a result of a segment demotion,
966 	 * then although both mappings are still backed by the same section,
967 	 * only one will be seen to enclose that section's start address.
968 	 * Thus, to be rigorous, we ask not whether this mapping encloses
969 	 * the start of a section, but whether there exists a section that
970 	 * overlaps this mapping.
971 	 *
972 	 * If we don't already have the section addresses, and we successfully
973 	 * get them, then we cache them in case we come here again.
974 	 */
975 	if (fptr->file_saddrs == NULL &&
976 	    (fptr->file_saddrs = get_saddrs(P,
977 	    fptr->file_map->map_pmap.pr_vaddr, &fptr->file_nsaddrs)) == NULL)
978 		return (0);
979 
980 	mstart = mptr->map_pmap.pr_vaddr;
981 	mend = mptr->map_pmap.pr_vaddr + mptr->map_pmap.pr_size;
982 	for (i = 0; i < fptr->file_nsaddrs; i += 2) {
983 		/* Does this section overlap the mapping? */
984 		sstart = fptr->file_saddrs[i];
985 		send = fptr->file_saddrs[i + 1];
986 		if (!(mend <= sstart || mstart >= send))
987 			return (1);
988 	}
989 
990 	return (0);
991 }
992 
993 /*
994  * Find or build the symbol table for the given mapping.
995  */
996 static file_info_t *
997 build_map_symtab(struct ps_prochandle *P, map_info_t *mptr)
998 {
999 	prmap_t *pmap = &mptr->map_pmap;
1000 	file_info_t *fptr;
1001 	uint_t i;
1002 
1003 	if ((fptr = mptr->map_file) != NULL) {
1004 		Pbuild_file_symtab(P, fptr);
1005 		return (fptr);
1006 	}
1007 
1008 	if (pmap->pr_mapname[0] == '\0')
1009 		return (NULL);
1010 
1011 	/*
1012 	 * Attempt to find a matching file.
1013 	 * (A file can be mapped at several different addresses.)
1014 	 */
1015 	for (i = 0, fptr = list_next(&P->file_head); i < P->num_files;
1016 	    i++, fptr = list_next(fptr)) {
1017 		if (strcmp(fptr->file_pname, pmap->pr_mapname) == 0 &&
1018 		    fptr->file_lo && is_mapping_in_file(P, mptr, fptr)) {
1019 			mptr->map_file = fptr;
1020 			fptr->file_ref++;
1021 			Pbuild_file_symtab(P, fptr);
1022 			return (fptr);
1023 		}
1024 	}
1025 
1026 	/*
1027 	 * If we need to create a new file_info structure, iterate
1028 	 * through the load objects in order to attempt to connect
1029 	 * this new file with its primary text mapping.  We again
1030 	 * need to handle ld.so as a special case because we need
1031 	 * to be able to bootstrap librtld_db.
1032 	 */
1033 	if ((fptr = file_info_new(P, mptr)) == NULL)
1034 		return (NULL);
1035 
1036 	if (P->map_ldso != mptr) {
1037 		if (P->rap != NULL)
1038 			(void) rd_loadobj_iter(P->rap, map_iter, P);
1039 		else
1040 			(void) Prd_agent(P);
1041 	} else {
1042 		fptr->file_map = mptr;
1043 	}
1044 
1045 	/*
1046 	 * If librtld_db wasn't able to help us connect the file to a primary
1047 	 * text mapping, set file_map to the current mapping because we require
1048 	 * fptr->file_map to be set in Pbuild_file_symtab.  librtld_db may be
1049 	 * unaware of what's going on in the rare case that a legitimate ELF
1050 	 * file has been mmap(2)ed into the process address space *without*
1051 	 * the use of dlopen(3x).
1052 	 */
1053 	if (fptr->file_map == NULL)
1054 		fptr->file_map = mptr;
1055 
1056 	Pbuild_file_symtab(P, fptr);
1057 
1058 	return (fptr);
1059 }
1060 
1061 static int
1062 read_ehdr32(struct ps_prochandle *P, Elf32_Ehdr *ehdr, uint_t *phnum,
1063     uintptr_t addr)
1064 {
1065 	if (Pread(P, ehdr, sizeof (*ehdr), addr) != sizeof (*ehdr))
1066 		return (-1);
1067 
1068 	if (ehdr->e_ident[EI_MAG0] != ELFMAG0 ||
1069 	    ehdr->e_ident[EI_MAG1] != ELFMAG1 ||
1070 	    ehdr->e_ident[EI_MAG2] != ELFMAG2 ||
1071 	    ehdr->e_ident[EI_MAG3] != ELFMAG3 ||
1072 	    ehdr->e_ident[EI_CLASS] != ELFCLASS32 ||
1073 #ifdef _BIG_ENDIAN
1074 	    ehdr->e_ident[EI_DATA] != ELFDATA2MSB ||
1075 #else
1076 	    ehdr->e_ident[EI_DATA] != ELFDATA2LSB ||
1077 #endif
1078 	    ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1079 		return (-1);
1080 
1081 	if ((*phnum = ehdr->e_phnum) == PN_XNUM) {
1082 		Elf32_Shdr shdr0;
1083 
1084 		if (ehdr->e_shoff == 0 || ehdr->e_shentsize < sizeof (shdr0) ||
1085 		    Pread(P, &shdr0, sizeof (shdr0), addr + ehdr->e_shoff) !=
1086 		    sizeof (shdr0))
1087 			return (-1);
1088 
1089 		if (shdr0.sh_info != 0)
1090 			*phnum = shdr0.sh_info;
1091 	}
1092 
1093 	return (0);
1094 }
1095 
1096 static int
1097 read_dynamic_phdr32(struct ps_prochandle *P, const Elf32_Ehdr *ehdr,
1098     uint_t phnum, Elf32_Phdr *phdr, uintptr_t addr)
1099 {
1100 	uint_t i;
1101 
1102 	for (i = 0; i < phnum; i++) {
1103 		uintptr_t a = addr + ehdr->e_phoff + i * ehdr->e_phentsize;
1104 		if (Pread(P, phdr, sizeof (*phdr), a) != sizeof (*phdr))
1105 			return (-1);
1106 
1107 		if (phdr->p_type == PT_DYNAMIC)
1108 			return (0);
1109 	}
1110 
1111 	return (-1);
1112 }
1113 
1114 #ifdef _LP64
1115 static int
1116 read_ehdr64(struct ps_prochandle *P, Elf64_Ehdr *ehdr, uint_t *phnum,
1117     uintptr_t addr)
1118 {
1119 	if (Pread(P, ehdr, sizeof (Elf64_Ehdr), addr) != sizeof (Elf64_Ehdr))
1120 		return (-1);
1121 
1122 	if (ehdr->e_ident[EI_MAG0] != ELFMAG0 ||
1123 	    ehdr->e_ident[EI_MAG1] != ELFMAG1 ||
1124 	    ehdr->e_ident[EI_MAG2] != ELFMAG2 ||
1125 	    ehdr->e_ident[EI_MAG3] != ELFMAG3 ||
1126 	    ehdr->e_ident[EI_CLASS] != ELFCLASS64 ||
1127 #ifdef _BIG_ENDIAN
1128 	    ehdr->e_ident[EI_DATA] != ELFDATA2MSB ||
1129 #else
1130 	    ehdr->e_ident[EI_DATA] != ELFDATA2LSB ||
1131 #endif
1132 	    ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1133 		return (-1);
1134 
1135 	if ((*phnum = ehdr->e_phnum) == PN_XNUM) {
1136 		Elf64_Shdr shdr0;
1137 
1138 		if (ehdr->e_shoff == 0 || ehdr->e_shentsize < sizeof (shdr0) ||
1139 		    Pread(P, &shdr0, sizeof (shdr0), addr + ehdr->e_shoff) !=
1140 		    sizeof (shdr0))
1141 			return (-1);
1142 
1143 		if (shdr0.sh_info != 0)
1144 			*phnum = shdr0.sh_info;
1145 	}
1146 
1147 	return (0);
1148 }
1149 
1150 static int
1151 read_dynamic_phdr64(struct ps_prochandle *P, const Elf64_Ehdr *ehdr,
1152     uint_t phnum, Elf64_Phdr *phdr, uintptr_t addr)
1153 {
1154 	uint_t i;
1155 
1156 	for (i = 0; i < phnum; i++) {
1157 		uintptr_t a = addr + ehdr->e_phoff + i * ehdr->e_phentsize;
1158 		if (Pread(P, phdr, sizeof (*phdr), a) != sizeof (*phdr))
1159 			return (-1);
1160 
1161 		if (phdr->p_type == PT_DYNAMIC)
1162 			return (0);
1163 	}
1164 
1165 	return (-1);
1166 }
1167 #endif	/* _LP64 */
1168 
1169 /*
1170  * The text segment for each load object contains the elf header and
1171  * program headers. We can use this information to determine if the
1172  * file that corresponds to the load object is the same file that
1173  * was loaded into the process's address space. There can be a discrepency
1174  * if a file is recompiled after the process is started or if the target
1175  * represents a core file from a differently configured system -- two
1176  * common examples. The DT_CHECKSUM entry in the dynamic section
1177  * provides an easy method of comparison. It is important to note that
1178  * the dynamic section usually lives in the data segment, but the meta
1179  * data we use to find the dynamic section lives in the text segment so
1180  * if either of those segments is absent we can't proceed.
1181  *
1182  * We're looking through the elf file for several items: the symbol tables
1183  * (both dynsym and symtab), the procedure linkage table (PLT) base,
1184  * size, and relocation base, and the CTF information. Most of this can
1185  * be recovered from the loaded image of the file itself, the exceptions
1186  * being the symtab and CTF data.
1187  *
1188  * First we try to open the file that we think corresponds to the load
1189  * object, if the DT_CHECKSUM values match, we're all set, and can simply
1190  * recover all the information we need from the file. If the values of
1191  * DT_CHECKSUM don't match, or if we can't access the file for whatever
1192  * reasaon, we fake up a elf file to use in its stead. If we can't read
1193  * the elf data in the process's address space, we fall back to using
1194  * the file even though it may give inaccurate information.
1195  *
1196  * The elf file that we fake up has to consist of sections for the
1197  * dynsym, the PLT and the dynamic section. Note that in the case of a
1198  * core file, we'll get the CTF data in the file_info_t later on from
1199  * a section embedded the core file (if it's present).
1200  *
1201  * file_differs() conservatively looks for mismatched files, identifying
1202  * a match when there is any ambiguity (since that's the legacy behavior).
1203  */
1204 static int
1205 file_differs(struct ps_prochandle *P, Elf *elf, file_info_t *fptr)
1206 {
1207 	Elf_Scn *scn;
1208 	GElf_Shdr shdr;
1209 	GElf_Dyn dyn;
1210 	Elf_Data *data;
1211 	uint_t i, ndyn;
1212 	GElf_Xword cksum;
1213 	uintptr_t addr;
1214 
1215 	if (fptr->file_map == NULL)
1216 		return (0);
1217 
1218 	if ((Pcontent(P) & (CC_CONTENT_TEXT | CC_CONTENT_DATA)) !=
1219 	    (CC_CONTENT_TEXT | CC_CONTENT_DATA))
1220 		return (0);
1221 
1222 	/*
1223 	 * First, we find the checksum value in the elf file.
1224 	 */
1225 	scn = NULL;
1226 	while ((scn = elf_nextscn(elf, scn)) != NULL) {
1227 		if (gelf_getshdr(scn, &shdr) != NULL &&
1228 		    shdr.sh_type == SHT_DYNAMIC)
1229 			goto found_shdr;
1230 	}
1231 	return (0);
1232 
1233 found_shdr:
1234 	if ((data = elf_getdata(scn, NULL)) == NULL)
1235 		return (0);
1236 
1237 	if (P->status.pr_dmodel == PR_MODEL_ILP32)
1238 		ndyn = shdr.sh_size / sizeof (Elf32_Dyn);
1239 #ifdef _LP64
1240 	else if (P->status.pr_dmodel == PR_MODEL_LP64)
1241 		ndyn = shdr.sh_size / sizeof (Elf64_Dyn);
1242 #endif
1243 	else
1244 		return (0);
1245 
1246 	for (i = 0; i < ndyn; i++) {
1247 		if (gelf_getdyn(data, i, &dyn) != NULL &&
1248 		    dyn.d_tag == DT_CHECKSUM)
1249 			goto found_cksum;
1250 	}
1251 
1252 	/*
1253 	 * The in-memory ELF has no DT_CHECKSUM section, but we will report it
1254 	 * as matching the file anyhow.
1255 	 */
1256 	return (0);
1257 
1258 found_cksum:
1259 	cksum = dyn.d_un.d_val;
1260 	dprintf("elf cksum value is %llx\n", (u_longlong_t)cksum);
1261 
1262 	/*
1263 	 * Get the base of the text mapping that corresponds to this file.
1264 	 */
1265 	addr = fptr->file_map->map_pmap.pr_vaddr;
1266 
1267 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1268 		Elf32_Ehdr ehdr;
1269 		Elf32_Phdr phdr;
1270 		Elf32_Dyn dync, *dynp;
1271 		uint_t phnum, i;
1272 
1273 		if (read_ehdr32(P, &ehdr, &phnum, addr) != 0 ||
1274 		    read_dynamic_phdr32(P, &ehdr, phnum, &phdr, addr) != 0)
1275 			return (0);
1276 
1277 		if (ehdr.e_type == ET_DYN)
1278 			phdr.p_vaddr += addr;
1279 		if ((dynp = malloc(phdr.p_filesz)) == NULL)
1280 			return (0);
1281 		dync.d_tag = DT_NULL;
1282 		if (Pread(P, dynp, phdr.p_filesz, phdr.p_vaddr) !=
1283 		    phdr.p_filesz) {
1284 			free(dynp);
1285 			return (0);
1286 		}
1287 
1288 		for (i = 0; i < phdr.p_filesz / sizeof (Elf32_Dyn); i++) {
1289 			if (dynp[i].d_tag == DT_CHECKSUM)
1290 				dync = dynp[i];
1291 		}
1292 
1293 		free(dynp);
1294 
1295 		if (dync.d_tag != DT_CHECKSUM)
1296 			return (0);
1297 
1298 		dprintf("image cksum value is %llx\n",
1299 		    (u_longlong_t)dync.d_un.d_val);
1300 		return (dync.d_un.d_val != cksum);
1301 #ifdef _LP64
1302 	} else if (P->status.pr_dmodel == PR_MODEL_LP64) {
1303 		Elf64_Ehdr ehdr;
1304 		Elf64_Phdr phdr;
1305 		Elf64_Dyn dync, *dynp;
1306 		uint_t phnum, i;
1307 
1308 		if (read_ehdr64(P, &ehdr, &phnum, addr) != 0 ||
1309 		    read_dynamic_phdr64(P, &ehdr, phnum, &phdr, addr) != 0)
1310 			return (0);
1311 
1312 		if (ehdr.e_type == ET_DYN)
1313 			phdr.p_vaddr += addr;
1314 		if ((dynp = malloc(phdr.p_filesz)) == NULL)
1315 			return (0);
1316 		dync.d_tag = DT_NULL;
1317 		if (Pread(P, dynp, phdr.p_filesz, phdr.p_vaddr) !=
1318 		    phdr.p_filesz) {
1319 			free(dynp);
1320 			return (0);
1321 		}
1322 
1323 		for (i = 0; i < phdr.p_filesz / sizeof (Elf64_Dyn); i++) {
1324 			if (dynp[i].d_tag == DT_CHECKSUM)
1325 				dync = dynp[i];
1326 		}
1327 
1328 		free(dynp);
1329 
1330 		if (dync.d_tag != DT_CHECKSUM)
1331 			return (0);
1332 
1333 		dprintf("image cksum value is %llx\n",
1334 		    (u_longlong_t)dync.d_un.d_val);
1335 		return (dync.d_un.d_val != cksum);
1336 #endif	/* _LP64 */
1337 	}
1338 
1339 	return (0);
1340 }
1341 
1342 /*
1343  * Read data from the specified process and construct an in memory
1344  * image of an ELF file that represents it well enough to let
1345  * us probe it for information.
1346  */
1347 static Elf *
1348 fake_elf(struct ps_prochandle *P, file_info_t *fptr)
1349 {
1350 	Elf *elf;
1351 	uintptr_t addr;
1352 	uint_t phnum;
1353 
1354 	if (fptr->file_map == NULL)
1355 		return (NULL);
1356 
1357 	if ((Pcontent(P) & (CC_CONTENT_TEXT | CC_CONTENT_DATA)) !=
1358 	    (CC_CONTENT_TEXT | CC_CONTENT_DATA))
1359 		return (NULL);
1360 
1361 	addr = fptr->file_map->map_pmap.pr_vaddr;
1362 
1363 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1364 		Elf32_Ehdr ehdr;
1365 		Elf32_Phdr phdr;
1366 
1367 		if ((read_ehdr32(P, &ehdr, &phnum, addr) != 0) ||
1368 		    read_dynamic_phdr32(P, &ehdr, phnum, &phdr, addr) != 0)
1369 			return (NULL);
1370 
1371 		elf = fake_elf32(P, fptr, addr, &ehdr, phnum, &phdr);
1372 #ifdef _LP64
1373 	} else {
1374 		Elf64_Ehdr ehdr;
1375 		Elf64_Phdr phdr;
1376 
1377 		if (read_ehdr64(P, &ehdr, &phnum, addr) != 0 ||
1378 		    read_dynamic_phdr64(P, &ehdr, phnum, &phdr, addr) != 0)
1379 			return (NULL);
1380 
1381 		elf = fake_elf64(P, fptr, addr, &ehdr, phnum, &phdr);
1382 #endif
1383 	}
1384 
1385 	return (elf);
1386 }
1387 
1388 /*
1389  * We wouldn't need these if qsort(3C) took an argument for the callback...
1390  */
1391 static mutex_t sort_mtx = DEFAULTMUTEX;
1392 static char *sort_strs;
1393 static GElf_Sym *sort_syms;
1394 
1395 int
1396 byaddr_cmp_common(GElf_Sym *a, char *aname, GElf_Sym *b, char *bname)
1397 {
1398 	if (a->st_value < b->st_value)
1399 		return (-1);
1400 	if (a->st_value > b->st_value)
1401 		return (1);
1402 
1403 	/*
1404 	 * Prefer the function to the non-function.
1405 	 */
1406 	if (GELF_ST_TYPE(a->st_info) != GELF_ST_TYPE(b->st_info)) {
1407 		if (GELF_ST_TYPE(a->st_info) == STT_FUNC)
1408 			return (-1);
1409 		if (GELF_ST_TYPE(b->st_info) == STT_FUNC)
1410 			return (1);
1411 	}
1412 
1413 	/*
1414 	 * Prefer the weak or strong global symbol to the local symbol.
1415 	 */
1416 	if (GELF_ST_BIND(a->st_info) != GELF_ST_BIND(b->st_info)) {
1417 		if (GELF_ST_BIND(b->st_info) == STB_LOCAL)
1418 			return (-1);
1419 		if (GELF_ST_BIND(a->st_info) == STB_LOCAL)
1420 			return (1);
1421 	}
1422 
1423 	/*
1424 	 * Prefer the symbol that doesn't begin with a '$' since compilers and
1425 	 * other symbol generators often use it as a prefix.
1426 	 */
1427 	if (*bname == '$')
1428 		return (-1);
1429 	if (*aname == '$')
1430 		return (1);
1431 
1432 	/*
1433 	 * Prefer the name with fewer leading underscores in the name.
1434 	 */
1435 	while (*aname == '_' && *bname == '_') {
1436 		aname++;
1437 		bname++;
1438 	}
1439 
1440 	if (*bname == '_')
1441 		return (-1);
1442 	if (*aname == '_')
1443 		return (1);
1444 
1445 	/*
1446 	 * Prefer the symbol with the smaller size.
1447 	 */
1448 	if (a->st_size < b->st_size)
1449 		return (-1);
1450 	if (a->st_size > b->st_size)
1451 		return (1);
1452 
1453 	/*
1454 	 * All other factors being equal, fall back to lexicographic order.
1455 	 */
1456 	return (strcmp(aname, bname));
1457 }
1458 
1459 static int
1460 byaddr_cmp(const void *aa, const void *bb)
1461 {
1462 	GElf_Sym *a = &sort_syms[*(uint_t *)aa];
1463 	GElf_Sym *b = &sort_syms[*(uint_t *)bb];
1464 	char *aname = sort_strs + a->st_name;
1465 	char *bname = sort_strs + b->st_name;
1466 
1467 	return (byaddr_cmp_common(a, aname, b, bname));
1468 }
1469 
1470 static int
1471 byname_cmp(const void *aa, const void *bb)
1472 {
1473 	GElf_Sym *a = &sort_syms[*(uint_t *)aa];
1474 	GElf_Sym *b = &sort_syms[*(uint_t *)bb];
1475 	char *aname = sort_strs + a->st_name;
1476 	char *bname = sort_strs + b->st_name;
1477 
1478 	return (strcmp(aname, bname));
1479 }
1480 
1481 /*
1482  * Given a symbol index, look up the corresponding symbol from the
1483  * given symbol table.
1484  *
1485  * This function allows the caller to treat the symbol table as a single
1486  * logical entity even though there may be 2 actual ELF symbol tables
1487  * involved. See the comments in Pcontrol.h for details.
1488  */
1489 static GElf_Sym *
1490 symtab_getsym(sym_tbl_t *symtab, int ndx, GElf_Sym *dst)
1491 {
1492 	/* If index is in range of primary symtab, look it up there */
1493 	if (ndx >= symtab->sym_symn_aux) {
1494 		return (gelf_getsym(symtab->sym_data_pri,
1495 		    ndx - symtab->sym_symn_aux, dst));
1496 	}
1497 
1498 	/* Not in primary: Look it up in the auxiliary symtab */
1499 	return (gelf_getsym(symtab->sym_data_aux, ndx, dst));
1500 }
1501 
1502 void
1503 optimize_symtab(sym_tbl_t *symtab)
1504 {
1505 	GElf_Sym *symp, *syms;
1506 	uint_t i, *indexa, *indexb;
1507 	size_t symn, strsz, count;
1508 
1509 	if (symtab == NULL || symtab->sym_data_pri == NULL ||
1510 	    symtab->sym_byaddr != NULL)
1511 		return;
1512 
1513 	symn = symtab->sym_symn;
1514 	strsz = symtab->sym_strsz;
1515 
1516 	symp = syms = malloc(sizeof (GElf_Sym) * symn);
1517 	if (symp == NULL) {
1518 		dprintf("optimize_symtab: failed to malloc symbol array");
1519 		return;
1520 	}
1521 
1522 	/*
1523 	 * First record all the symbols into a table and count up the ones
1524 	 * that we're interested in. We mark symbols as invalid by setting
1525 	 * the st_name to an illegal value.
1526 	 */
1527 	for (i = 0, count = 0; i < symn; i++, symp++) {
1528 		if (symtab_getsym(symtab, i, symp) != NULL &&
1529 		    symp->st_name < strsz &&
1530 		    IS_DATA_TYPE(GELF_ST_TYPE(symp->st_info)))
1531 			count++;
1532 		else
1533 			symp->st_name = strsz;
1534 	}
1535 
1536 	/*
1537 	 * Allocate sufficient space for both tables and populate them
1538 	 * with the same symbols we just counted.
1539 	 */
1540 	symtab->sym_count = count;
1541 	indexa = symtab->sym_byaddr = calloc(sizeof (uint_t), count);
1542 	indexb = symtab->sym_byname = calloc(sizeof (uint_t), count);
1543 	if (indexa == NULL || indexb == NULL) {
1544 		dprintf(
1545 		    "optimize_symtab: failed to malloc symbol index arrays");
1546 		symtab->sym_count = 0;
1547 		if (indexa != NULL) {	/* First alloc succeeded. Free it */
1548 			free(indexa);
1549 			symtab->sym_byaddr = NULL;
1550 		}
1551 		free(syms);
1552 		return;
1553 	}
1554 	for (i = 0, symp = syms; i < symn; i++, symp++) {
1555 		if (symp->st_name < strsz)
1556 			*indexa++ = *indexb++ = i;
1557 	}
1558 
1559 	/*
1560 	 * Sort the two tables according to the appropriate criteria,
1561 	 * unless the user has overridden this behaviour.
1562 	 *
1563 	 * An example where we might not sort the tables is the relatively
1564 	 * unusual case of a process with very large symbol tables in which
1565 	 * we perform few lookups. In such a case the total time would be
1566 	 * dominated by the sort. It is difficult to determine a priori
1567 	 * how many lookups an arbitrary client will perform, and
1568 	 * hence whether the symbol tables should be sorted. We therefore
1569 	 * sort the tables by default, but provide the user with a
1570 	 * "chicken switch" in the form of the LIBPROC_NO_QSORT
1571 	 * environment variable.
1572 	 */
1573 	if (!_libproc_no_qsort) {
1574 		(void) mutex_lock(&sort_mtx);
1575 		sort_strs = symtab->sym_strs;
1576 		sort_syms = syms;
1577 
1578 		qsort(symtab->sym_byaddr, count, sizeof (uint_t), byaddr_cmp);
1579 		qsort(symtab->sym_byname, count, sizeof (uint_t), byname_cmp);
1580 
1581 		sort_strs = NULL;
1582 		sort_syms = NULL;
1583 		(void) mutex_unlock(&sort_mtx);
1584 	}
1585 
1586 	free(syms);
1587 }
1588 
1589 
1590 static Elf *
1591 build_fake_elf(struct ps_prochandle *P, file_info_t *fptr, GElf_Ehdr *ehdr,
1592 	size_t *nshdrs, Elf_Data **shdata)
1593 {
1594 	size_t shstrndx;
1595 	Elf_Scn *scn;
1596 	Elf *elf;
1597 
1598 	if ((elf = fake_elf(P, fptr)) == NULL ||
1599 	    elf_kind(elf) != ELF_K_ELF ||
1600 	    gelf_getehdr(elf, ehdr) == NULL ||
1601 	    elf_getshdrnum(elf, nshdrs) == -1 ||
1602 	    elf_getshdrstrndx(elf, &shstrndx) == -1 ||
1603 	    (scn = elf_getscn(elf, shstrndx)) == NULL ||
1604 	    (*shdata = elf_getdata(scn, NULL)) == NULL) {
1605 		if (elf != NULL)
1606 			(void) elf_end(elf);
1607 		dprintf("failed to fake up ELF file\n");
1608 		return (NULL);
1609 	}
1610 
1611 	return (elf);
1612 }
1613 
1614 /*
1615  * Build the symbol table for the given mapped file.
1616  */
1617 void
1618 Pbuild_file_symtab(struct ps_prochandle *P, file_info_t *fptr)
1619 {
1620 	char objectfile[PATH_MAX];
1621 	uint_t i;
1622 
1623 	GElf_Ehdr ehdr;
1624 	GElf_Sym s;
1625 
1626 	Elf_Data *shdata;
1627 	Elf_Scn *scn;
1628 	Elf *elf;
1629 	size_t nshdrs, shstrndx;
1630 
1631 	struct {
1632 		GElf_Shdr c_shdr;
1633 		Elf_Data *c_data;
1634 		const char *c_name;
1635 	} *cp, *cache = NULL, *dyn = NULL, *plt = NULL, *ctf = NULL;
1636 
1637 	if (fptr->file_init)
1638 		return;	/* We've already processed this file */
1639 
1640 	/*
1641 	 * Mark the file_info struct as having the symbol table initialized
1642 	 * even if we fail below.  We tried once; we don't try again.
1643 	 */
1644 	fptr->file_init = 1;
1645 
1646 	if (elf_version(EV_CURRENT) == EV_NONE) {
1647 		dprintf("libproc ELF version is more recent than libelf\n");
1648 		return;
1649 	}
1650 
1651 	if (P->state == PS_DEAD || P->state == PS_IDLE) {
1652 		char *name;
1653 		/*
1654 		 * If we're a not live, we can't open files from the /proc
1655 		 * object directory; we have only the mapping and file names
1656 		 * to guide us.  We prefer the file_lname, but need to handle
1657 		 * the case of it being NULL in order to bootstrap: we first
1658 		 * come here during rd_new() when the only information we have
1659 		 * is interpreter name associated with the AT_BASE mapping.
1660 		 *
1661 		 * Also, if the zone associated with the core file seems
1662 		 * to exists on this machine we'll try to open the object
1663 		 * file within the zone.
1664 		 */
1665 		if (fptr->file_rname != NULL)
1666 			name = fptr->file_rname;
1667 		else if (fptr->file_lname != NULL)
1668 			name = fptr->file_lname;
1669 		else
1670 			name = fptr->file_pname;
1671 		(void) strlcpy(objectfile, name, sizeof (objectfile));
1672 	} else {
1673 		(void) snprintf(objectfile, sizeof (objectfile),
1674 		    "%s/%d/object/%s",
1675 		    procfs_path, (int)P->pid, fptr->file_pname);
1676 	}
1677 
1678 	/*
1679 	 * Open the object file, create the elf file, and then get the elf
1680 	 * header and .shstrtab data buffer so we can process sections by
1681 	 * name. If anything goes wrong try to fake up an elf file from
1682 	 * the in-core elf image.
1683 	 */
1684 
1685 	if (_libproc_incore_elf) {
1686 		dprintf("Pbuild_file_symtab: using in-core data for: %s\n",
1687 		    fptr->file_pname);
1688 
1689 		if ((elf = build_fake_elf(P, fptr, &ehdr, &nshdrs, &shdata)) ==
1690 		    NULL)
1691 			return;
1692 
1693 	} else if ((fptr->file_fd = open(objectfile, O_RDONLY)) < 0) {
1694 		dprintf("Pbuild_file_symtab: failed to open %s: %s\n",
1695 		    objectfile, strerror(errno));
1696 
1697 		if ((elf = build_fake_elf(P, fptr, &ehdr, &nshdrs, &shdata)) ==
1698 		    NULL)
1699 			return;
1700 
1701 	} else if ((elf = elf_begin(fptr->file_fd, ELF_C_READ, NULL)) == NULL ||
1702 	    elf_kind(elf) != ELF_K_ELF ||
1703 	    gelf_getehdr(elf, &ehdr) == NULL ||
1704 	    elf_getshdrnum(elf, &nshdrs) == -1 ||
1705 	    elf_getshdrstrndx(elf, &shstrndx) == -1 ||
1706 	    (scn = elf_getscn(elf, shstrndx)) == NULL ||
1707 	    (shdata = elf_getdata(scn, NULL)) == NULL) {
1708 		int err = elf_errno();
1709 
1710 		dprintf("failed to process ELF file %s: %s\n",
1711 		    objectfile, (err == 0) ? "<null>" : elf_errmsg(err));
1712 		(void) elf_end(elf);
1713 
1714 		if ((elf = build_fake_elf(P, fptr, &ehdr, &nshdrs, &shdata)) ==
1715 		    NULL)
1716 			return;
1717 
1718 	} else if (file_differs(P, elf, fptr)) {
1719 		Elf *newelf;
1720 
1721 		/*
1722 		 * Before we get too excited about this elf file, we'll check
1723 		 * its checksum value against the value we have in memory. If
1724 		 * they don't agree, we try to fake up a new elf file and
1725 		 * proceed with that instead.
1726 		 */
1727 		dprintf("ELF file %s (%lx) doesn't match in-core image\n",
1728 		    fptr->file_pname,
1729 		    (ulong_t)fptr->file_map->map_pmap.pr_vaddr);
1730 
1731 		if ((newelf = build_fake_elf(P, fptr, &ehdr, &nshdrs, &shdata))
1732 		    != NULL) {
1733 			(void) elf_end(elf);
1734 			elf = newelf;
1735 			dprintf("switched to faked up ELF file\n");
1736 		}
1737 	}
1738 
1739 	if ((cache = malloc(nshdrs * sizeof (*cache))) == NULL) {
1740 		dprintf("failed to malloc section cache for %s\n", objectfile);
1741 		goto bad;
1742 	}
1743 
1744 	dprintf("processing ELF file %s\n", objectfile);
1745 	fptr->file_class = ehdr.e_ident[EI_CLASS];
1746 	fptr->file_etype = ehdr.e_type;
1747 	fptr->file_elf = elf;
1748 	fptr->file_shstrs = shdata->d_buf;
1749 	fptr->file_shstrsz = shdata->d_size;
1750 
1751 	/*
1752 	 * Iterate through each section, caching its section header, data
1753 	 * pointer, and name.  We use this for handling sh_link values below.
1754 	 */
1755 	for (cp = cache + 1, scn = NULL; scn = elf_nextscn(elf, scn); cp++) {
1756 		if (gelf_getshdr(scn, &cp->c_shdr) == NULL) {
1757 			dprintf("Pbuild_file_symtab: Failed to get section "
1758 			    "header\n");
1759 			goto bad; /* Failed to get section header */
1760 		}
1761 
1762 		if ((cp->c_data = elf_getdata(scn, NULL)) == NULL) {
1763 			dprintf("Pbuild_file_symtab: Failed to get section "
1764 			    "data\n");
1765 			goto bad; /* Failed to get section data */
1766 		}
1767 
1768 		if (cp->c_shdr.sh_name >= shdata->d_size) {
1769 			dprintf("Pbuild_file_symtab: corrupt section name");
1770 			goto bad; /* Corrupt section name */
1771 		}
1772 
1773 		cp->c_name = (const char *)shdata->d_buf + cp->c_shdr.sh_name;
1774 	}
1775 
1776 	/*
1777 	 * Now iterate through the section cache in order to locate info
1778 	 * for the .symtab, .dynsym, .SUNW_ldynsym, .dynamic, .plt,
1779 	 * and .SUNW_ctf sections:
1780 	 */
1781 	for (i = 1, cp = cache + 1; i < nshdrs; i++, cp++) {
1782 		GElf_Shdr *shp = &cp->c_shdr;
1783 
1784 		if (shp->sh_type == SHT_SYMTAB || shp->sh_type == SHT_DYNSYM) {
1785 			sym_tbl_t *symp = shp->sh_type == SHT_SYMTAB ?
1786 			    &fptr->file_symtab : &fptr->file_dynsym;
1787 			/*
1788 			 * It's possible that the we already got the symbol
1789 			 * table from the core file itself. Either the file
1790 			 * differs in which case our faked up elf file will
1791 			 * only contain the dynsym (not the symtab) or the
1792 			 * file matches in which case we'll just be replacing
1793 			 * the symbol table we pulled out of the core file
1794 			 * with an equivalent one. In either case, this
1795 			 * check isn't essential, but it's a good idea.
1796 			 */
1797 			if (symp->sym_data_pri == NULL) {
1798 				dprintf("Symbol table found for %s\n",
1799 				    objectfile);
1800 				symp->sym_data_pri = cp->c_data;
1801 				symp->sym_symn +=
1802 				    shp->sh_size / shp->sh_entsize;
1803 				symp->sym_strs =
1804 				    cache[shp->sh_link].c_data->d_buf;
1805 				symp->sym_strsz =
1806 				    cache[shp->sh_link].c_data->d_size;
1807 				symp->sym_hdr_pri = cp->c_shdr;
1808 				symp->sym_strhdr = cache[shp->sh_link].c_shdr;
1809 			} else {
1810 				dprintf("Symbol table already there for %s\n",
1811 				    objectfile);
1812 			}
1813 		} else if (shp->sh_type == SHT_SUNW_LDYNSYM) {
1814 			/* .SUNW_ldynsym section is auxiliary to .dynsym */
1815 			if (fptr->file_dynsym.sym_data_aux == NULL) {
1816 				dprintf(".SUNW_ldynsym symbol table"
1817 				    " found for %s\n", objectfile);
1818 				fptr->file_dynsym.sym_data_aux = cp->c_data;
1819 				fptr->file_dynsym.sym_symn_aux =
1820 				    shp->sh_size / shp->sh_entsize;
1821 				fptr->file_dynsym.sym_symn +=
1822 				    fptr->file_dynsym.sym_symn_aux;
1823 				fptr->file_dynsym.sym_hdr_aux = cp->c_shdr;
1824 			} else {
1825 				dprintf(".SUNW_ldynsym symbol table already"
1826 				    " there for %s\n", objectfile);
1827 			}
1828 		} else if (shp->sh_type == SHT_DYNAMIC) {
1829 			dyn = cp;
1830 		} else if (strcmp(cp->c_name, ".plt") == 0) {
1831 			plt = cp;
1832 		} else if (strcmp(cp->c_name, ".SUNW_ctf") == 0) {
1833 			/*
1834 			 * Skip over bogus CTF sections so they don't come back
1835 			 * to haunt us later.
1836 			 */
1837 			if (shp->sh_link == 0 ||
1838 			    shp->sh_link >= nshdrs ||
1839 			    (cache[shp->sh_link].c_shdr.sh_type != SHT_DYNSYM &&
1840 			    cache[shp->sh_link].c_shdr.sh_type != SHT_SYMTAB)) {
1841 				dprintf("Bad sh_link %d for "
1842 				    "CTF\n", shp->sh_link);
1843 				continue;
1844 			}
1845 			ctf = cp;
1846 		}
1847 	}
1848 
1849 	/*
1850 	 * At this point, we've found all the symbol tables we're ever going
1851 	 * to find: the ones in the loop above and possibly the symtab that
1852 	 * was included in the core file. Before we perform any lookups, we
1853 	 * create sorted versions to optimize for lookups.
1854 	 */
1855 	optimize_symtab(&fptr->file_symtab);
1856 	optimize_symtab(&fptr->file_dynsym);
1857 
1858 	/*
1859 	 * Fill in the base address of the text mapping for shared libraries.
1860 	 * This allows us to translate symbols before librtld_db is ready.
1861 	 */
1862 	if (fptr->file_etype == ET_DYN) {
1863 		fptr->file_dyn_base = fptr->file_map->map_pmap.pr_vaddr -
1864 		    fptr->file_map->map_pmap.pr_offset;
1865 		dprintf("setting file_dyn_base for %s to %lx\n",
1866 		    objectfile, (long)fptr->file_dyn_base);
1867 	}
1868 
1869 	/*
1870 	 * Record the CTF section information in the file info structure.
1871 	 */
1872 	if (ctf != NULL) {
1873 		fptr->file_ctf_off = ctf->c_shdr.sh_offset;
1874 		fptr->file_ctf_size = ctf->c_shdr.sh_size;
1875 		if (ctf->c_shdr.sh_link != 0 &&
1876 		    cache[ctf->c_shdr.sh_link].c_shdr.sh_type == SHT_DYNSYM)
1877 			fptr->file_ctf_dyn = 1;
1878 	}
1879 
1880 	if (fptr->file_lo == NULL)
1881 		goto done; /* Nothing else to do if no load object info */
1882 
1883 	/*
1884 	 * If the object is a shared library and we have a different rl_base
1885 	 * value, reset file_dyn_base according to librtld_db's information.
1886 	 */
1887 	if (fptr->file_etype == ET_DYN &&
1888 	    fptr->file_lo->rl_base != fptr->file_dyn_base) {
1889 		dprintf("resetting file_dyn_base for %s to %lx\n",
1890 		    objectfile, (long)fptr->file_lo->rl_base);
1891 		fptr->file_dyn_base = fptr->file_lo->rl_base;
1892 	}
1893 
1894 	/*
1895 	 * Fill in the PLT information for this file if a PLT symbol is found.
1896 	 */
1897 	if (sym_by_name(&fptr->file_dynsym, "_PROCEDURE_LINKAGE_TABLE_", &s,
1898 	    NULL) != NULL) {
1899 		fptr->file_plt_base = s.st_value + fptr->file_dyn_base;
1900 		fptr->file_plt_size = (plt != NULL) ? plt->c_shdr.sh_size : 0;
1901 
1902 		/*
1903 		 * Bring the load object up to date; it is the only way the
1904 		 * user has to access the PLT data. The PLT information in the
1905 		 * rd_loadobj_t is not set in the call to map_iter() (the
1906 		 * callback for rd_loadobj_iter) where we set file_lo.
1907 		 */
1908 		fptr->file_lo->rl_plt_base = fptr->file_plt_base;
1909 		fptr->file_lo->rl_plt_size = fptr->file_plt_size;
1910 
1911 		dprintf("PLT found at %p, size = %lu\n",
1912 		    (void *)fptr->file_plt_base, (ulong_t)fptr->file_plt_size);
1913 	}
1914 
1915 	/*
1916 	 * Fill in the PLT information.
1917 	 */
1918 	if (dyn != NULL) {
1919 		uintptr_t dynaddr = dyn->c_shdr.sh_addr + fptr->file_dyn_base;
1920 		size_t ndyn = dyn->c_shdr.sh_size / dyn->c_shdr.sh_entsize;
1921 		GElf_Dyn d;
1922 
1923 		for (i = 0; i < ndyn; i++) {
1924 			if (gelf_getdyn(dyn->c_data, i, &d) == NULL)
1925 				continue;
1926 
1927 			switch (d.d_tag) {
1928 			case DT_JMPREL:
1929 				dprintf("DT_JMPREL is %p\n",
1930 				    (void *)(uintptr_t)d.d_un.d_ptr);
1931 				fptr->file_jmp_rel =
1932 				    d.d_un.d_ptr + fptr->file_dyn_base;
1933 				break;
1934 			case DT_STRTAB:
1935 				dprintf("DT_STRTAB is %p\n",
1936 				    (void *)(uintptr_t)d.d_un.d_ptr);
1937 				break;
1938 			case DT_PLTGOT:
1939 				dprintf("DT_PLTGOT is %p\n",
1940 				    (void *)(uintptr_t)d.d_un.d_ptr);
1941 				break;
1942 			case DT_SUNW_SYMTAB:
1943 				dprintf("DT_SUNW_SYMTAB is %p\n",
1944 				    (void *)(uintptr_t)d.d_un.d_ptr);
1945 				break;
1946 			case DT_SYMTAB:
1947 				dprintf("DT_SYMTAB is %p\n",
1948 				    (void *)(uintptr_t)d.d_un.d_ptr);
1949 				break;
1950 			case DT_HASH:
1951 				dprintf("DT_HASH is %p\n",
1952 				    (void *)(uintptr_t)d.d_un.d_ptr);
1953 				break;
1954 			}
1955 		}
1956 
1957 		dprintf("_DYNAMIC found at %p, %lu entries, DT_JMPREL = %p\n",
1958 		    (void *)dynaddr, (ulong_t)ndyn, (void *)fptr->file_jmp_rel);
1959 	}
1960 
1961 done:
1962 	free(cache);
1963 	return;
1964 
1965 bad:
1966 	if (cache != NULL)
1967 		free(cache);
1968 
1969 	(void) elf_end(elf);
1970 	fptr->file_elf = NULL;
1971 	if (fptr->file_elfmem != NULL) {
1972 		free(fptr->file_elfmem);
1973 		fptr->file_elfmem = NULL;
1974 	}
1975 	(void) close(fptr->file_fd);
1976 	fptr->file_fd = -1;
1977 }
1978 
1979 /*
1980  * Given a process virtual address, return the map_info_t containing it.
1981  * If none found, return NULL.
1982  */
1983 map_info_t *
1984 Paddr2mptr(struct ps_prochandle *P, uintptr_t addr)
1985 {
1986 	int lo = 0;
1987 	int hi = P->map_count - 1;
1988 	int mid;
1989 	map_info_t *mp;
1990 
1991 	while (lo <= hi) {
1992 
1993 		mid = (lo + hi) / 2;
1994 		mp = &P->mappings[mid];
1995 
1996 		/* check that addr is in [vaddr, vaddr + size) */
1997 		if ((addr - mp->map_pmap.pr_vaddr) < mp->map_pmap.pr_size)
1998 			return (mp);
1999 
2000 		if (addr < mp->map_pmap.pr_vaddr)
2001 			hi = mid - 1;
2002 		else
2003 			lo = mid + 1;
2004 	}
2005 
2006 	return (NULL);
2007 }
2008 
2009 /*
2010  * Return the map_info_t for the executable file.
2011  * If not found, return NULL.
2012  */
2013 static map_info_t *
2014 exec_map(struct ps_prochandle *P)
2015 {
2016 	uint_t i;
2017 	map_info_t *mptr;
2018 	map_info_t *mold = NULL;
2019 	file_info_t *fptr;
2020 	uintptr_t base;
2021 
2022 	for (i = 0, mptr = P->mappings; i < P->map_count; i++, mptr++) {
2023 		if (mptr->map_pmap.pr_mapname[0] == '\0')
2024 			continue;
2025 		if (strcmp(mptr->map_pmap.pr_mapname, "a.out") == 0) {
2026 			if ((fptr = mptr->map_file) != NULL &&
2027 			    fptr->file_lo != NULL) {
2028 				base = fptr->file_lo->rl_base;
2029 				if (base >= mptr->map_pmap.pr_vaddr &&
2030 				    base < mptr->map_pmap.pr_vaddr +
2031 				    mptr->map_pmap.pr_size)	/* text space */
2032 					return (mptr);
2033 				mold = mptr;	/* must be the data */
2034 				continue;
2035 			}
2036 			/* This is a poor way to test for text space */
2037 			if (!(mptr->map_pmap.pr_mflags & MA_EXEC) ||
2038 			    (mptr->map_pmap.pr_mflags & MA_WRITE)) {
2039 				mold = mptr;
2040 				continue;
2041 			}
2042 			return (mptr);
2043 		}
2044 	}
2045 
2046 	return (mold);
2047 }
2048 
2049 /*
2050  * Given a shared object name, return the map_info_t for it.  If no matching
2051  * object is found, return NULL.  Normally, the link maps contain the full
2052  * object pathname, e.g. /usr/lib/libc.so.1.  We allow the object name to
2053  * take one of the following forms:
2054  *
2055  * 1. An exact match (i.e. a full pathname): "/usr/lib/libc.so.1"
2056  * 2. An exact basename match: "libc.so.1"
2057  * 3. An initial basename match up to a '.' suffix: "libc.so" or "libc"
2058  * 4. The literal string "a.out" is an alias for the executable mapping
2059  *
2060  * The third case is a convenience for callers and may not be necessary.
2061  *
2062  * As the exact same object name may be loaded on different link maps (see
2063  * dlmopen(3DL)), we also allow the caller to resolve the object name by
2064  * specifying a particular link map id.  If lmid is PR_LMID_EVERY, the
2065  * first matching name will be returned, regardless of the link map id.
2066  */
2067 static map_info_t *
2068 object_to_map(struct ps_prochandle *P, Lmid_t lmid, const char *objname)
2069 {
2070 	map_info_t *mp;
2071 	file_info_t *fp;
2072 	size_t objlen;
2073 	uint_t i;
2074 
2075 	/*
2076 	 * If we have no rtld_db, then always treat a request as one for all
2077 	 * link maps.
2078 	 */
2079 	if (P->rap == NULL)
2080 		lmid = PR_LMID_EVERY;
2081 
2082 	/*
2083 	 * First pass: look for exact matches of the entire pathname or
2084 	 * basename (cases 1 and 2 above):
2085 	 */
2086 	for (i = 0, mp = P->mappings; i < P->map_count; i++, mp++) {
2087 
2088 		if (mp->map_pmap.pr_mapname[0] == '\0' ||
2089 		    (fp = mp->map_file) == NULL ||
2090 		    ((fp->file_lname == NULL) && (fp->file_rname == NULL)))
2091 			continue;
2092 
2093 		if (lmid != PR_LMID_EVERY &&
2094 		    (fp->file_lo == NULL || lmid != fp->file_lo->rl_lmident))
2095 			continue;
2096 
2097 		/*
2098 		 * If we match, return the primary text mapping; otherwise
2099 		 * just return the mapping we matched.
2100 		 */
2101 		if ((fp->file_lbase && strcmp(fp->file_lbase, objname) == 0) ||
2102 		    (fp->file_rbase && strcmp(fp->file_rbase, objname) == 0) ||
2103 		    (fp->file_lname && strcmp(fp->file_lname, objname) == 0) ||
2104 		    (fp->file_rname && strcmp(fp->file_rname, objname) == 0))
2105 			return (fp->file_map ? fp->file_map : mp);
2106 	}
2107 
2108 	objlen = strlen(objname);
2109 
2110 	/*
2111 	 * Second pass: look for partial matches (case 3 above):
2112 	 */
2113 	for (i = 0, mp = P->mappings; i < P->map_count; i++, mp++) {
2114 
2115 		if (mp->map_pmap.pr_mapname[0] == '\0' ||
2116 		    (fp = mp->map_file) == NULL ||
2117 		    ((fp->file_lname == NULL) && (fp->file_rname == NULL)))
2118 			continue;
2119 
2120 		if (lmid != PR_LMID_EVERY &&
2121 		    (fp->file_lo == NULL || lmid != fp->file_lo->rl_lmident))
2122 			continue;
2123 
2124 		/*
2125 		 * If we match, return the primary text mapping; otherwise
2126 		 * just return the mapping we matched.
2127 		 */
2128 		if ((fp->file_lbase != NULL) &&
2129 		    (strncmp(fp->file_lbase, objname, objlen) == 0) &&
2130 		    (fp->file_lbase[objlen] == '.'))
2131 			return (fp->file_map ? fp->file_map : mp);
2132 		if ((fp->file_rbase != NULL) &&
2133 		    (strncmp(fp->file_rbase, objname, objlen) == 0) &&
2134 		    (fp->file_rbase[objlen] == '.'))
2135 			return (fp->file_map ? fp->file_map : mp);
2136 	}
2137 
2138 	/*
2139 	 * One last check: we allow "a.out" to always alias the executable,
2140 	 * assuming this name was not in use for something else.
2141 	 */
2142 	if ((lmid == PR_LMID_EVERY || lmid == LM_ID_BASE) &&
2143 	    (strcmp(objname, "a.out") == 0))
2144 		return (P->map_exec);
2145 
2146 	return (NULL);
2147 }
2148 
2149 static map_info_t *
2150 object_name_to_map(struct ps_prochandle *P, Lmid_t lmid, const char *name)
2151 {
2152 	map_info_t *mptr;
2153 
2154 	if (!P->info_valid)
2155 		Pupdate_maps(P);
2156 
2157 	if (P->map_exec == NULL && ((mptr = Paddr2mptr(P,
2158 	    Pgetauxval(P, AT_ENTRY))) != NULL || (mptr = exec_map(P)) != NULL))
2159 		P->map_exec = mptr;
2160 
2161 	if (P->map_ldso == NULL && (mptr = Paddr2mptr(P,
2162 	    Pgetauxval(P, AT_BASE))) != NULL)
2163 		P->map_ldso = mptr;
2164 
2165 	if (name == PR_OBJ_EXEC)
2166 		mptr = P->map_exec;
2167 	else if (name == PR_OBJ_LDSO)
2168 		mptr = P->map_ldso;
2169 	else if (Prd_agent(P) != NULL || P->state == PS_IDLE)
2170 		mptr = object_to_map(P, lmid, name);
2171 	else
2172 		mptr = NULL;
2173 
2174 	return (mptr);
2175 }
2176 
2177 /*
2178  * When two symbols are found by address, decide which one is to be preferred.
2179  */
2180 static GElf_Sym *
2181 sym_prefer(GElf_Sym *sym1, char *name1, GElf_Sym *sym2, char *name2)
2182 {
2183 	/*
2184 	 * Prefer the non-NULL symbol.
2185 	 */
2186 	if (sym1 == NULL)
2187 		return (sym2);
2188 	if (sym2 == NULL)
2189 		return (sym1);
2190 
2191 	/*
2192 	 * Defer to the sort ordering...
2193 	 */
2194 	return (byaddr_cmp_common(sym1, name1, sym2, name2) <= 0 ? sym1 : sym2);
2195 }
2196 
2197 /*
2198  * Use a binary search to do the work of sym_by_addr().
2199  */
2200 static GElf_Sym *
2201 sym_by_addr_binary(sym_tbl_t *symtab, GElf_Addr addr, GElf_Sym *symp,
2202     uint_t *idp)
2203 {
2204 	GElf_Sym sym, osym;
2205 	uint_t i, oid, *byaddr = symtab->sym_byaddr;
2206 	int min, max, mid, omid, found = 0;
2207 
2208 	if (symtab->sym_data_pri == NULL || symtab->sym_count == 0)
2209 		return (NULL);
2210 
2211 	min = 0;
2212 	max = symtab->sym_count - 1;
2213 	osym.st_value = 0;
2214 
2215 	/*
2216 	 * We can't return when we've found a match, we have to continue
2217 	 * searching for the closest matching symbol.
2218 	 */
2219 	while (min <= max) {
2220 		mid = (max + min) / 2;
2221 
2222 		i = byaddr[mid];
2223 		(void) symtab_getsym(symtab, i, &sym);
2224 
2225 		if (addr >= sym.st_value &&
2226 		    addr < sym.st_value + sym.st_size &&
2227 		    (!found || sym.st_value > osym.st_value)) {
2228 			osym = sym;
2229 			omid = mid;
2230 			oid = i;
2231 			found = 1;
2232 		}
2233 
2234 		if (addr < sym.st_value)
2235 			max = mid - 1;
2236 		else
2237 			min = mid + 1;
2238 	}
2239 
2240 	if (!found)
2241 		return (NULL);
2242 
2243 	/*
2244 	 * There may be many symbols with identical values so we walk
2245 	 * backward in the byaddr table to find the best match.
2246 	 */
2247 	do {
2248 		sym = osym;
2249 		i = oid;
2250 
2251 		if (omid == 0)
2252 			break;
2253 
2254 		oid = byaddr[--omid];
2255 		(void) symtab_getsym(symtab, oid, &osym);
2256 	} while (addr >= osym.st_value &&
2257 	    addr < sym.st_value + osym.st_size &&
2258 	    osym.st_value == sym.st_value);
2259 
2260 	*symp = sym;
2261 	if (idp != NULL)
2262 		*idp = i;
2263 	return (symp);
2264 }
2265 
2266 /*
2267  * Use a linear search to do the work of sym_by_addr().
2268  */
2269 static GElf_Sym *
2270 sym_by_addr_linear(sym_tbl_t *symtab, GElf_Addr addr, GElf_Sym *symbolp,
2271     uint_t *idp)
2272 {
2273 	size_t symn = symtab->sym_symn;
2274 	char *strs = symtab->sym_strs;
2275 	GElf_Sym sym, *symp = NULL;
2276 	GElf_Sym osym, *osymp = NULL;
2277 	int i, id;
2278 
2279 	if (symtab->sym_data_pri == NULL || symn == 0 || strs == NULL)
2280 		return (NULL);
2281 
2282 	for (i = 0; i < symn; i++) {
2283 		if ((symp = symtab_getsym(symtab, i, &sym)) != NULL) {
2284 			if (addr >= sym.st_value &&
2285 			    addr < sym.st_value + sym.st_size) {
2286 				if (osymp)
2287 					symp = sym_prefer(
2288 					    symp, strs + symp->st_name,
2289 					    osymp, strs + osymp->st_name);
2290 				if (symp != osymp) {
2291 					osym = sym;
2292 					osymp = &osym;
2293 					id = i;
2294 				}
2295 			}
2296 		}
2297 	}
2298 	if (osymp) {
2299 		*symbolp = osym;
2300 		if (idp)
2301 			*idp = id;
2302 		return (symbolp);
2303 	}
2304 	return (NULL);
2305 }
2306 
2307 /*
2308  * Look up a symbol by address in the specified symbol table.
2309  * Adjustment to 'addr' must already have been made for the
2310  * offset of the symbol if this is a dynamic library symbol table.
2311  *
2312  * Use a linear or a binary search depending on whether or not we
2313  * chose to sort the table in optimize_symtab().
2314  */
2315 static GElf_Sym *
2316 sym_by_addr(sym_tbl_t *symtab, GElf_Addr addr, GElf_Sym *symp, uint_t *idp)
2317 {
2318 	if (_libproc_no_qsort) {
2319 		return (sym_by_addr_linear(symtab, addr, symp, idp));
2320 	} else {
2321 		return (sym_by_addr_binary(symtab, addr, symp, idp));
2322 	}
2323 }
2324 
2325 /*
2326  * Use a binary search to do the work of sym_by_name().
2327  */
2328 static GElf_Sym *
2329 sym_by_name_binary(sym_tbl_t *symtab, const char *name, GElf_Sym *symp,
2330     uint_t *idp)
2331 {
2332 	char *strs = symtab->sym_strs;
2333 	uint_t i, *byname = symtab->sym_byname;
2334 	int min, mid, max, cmp;
2335 
2336 	if (symtab->sym_data_pri == NULL || strs == NULL ||
2337 	    symtab->sym_count == 0)
2338 		return (NULL);
2339 
2340 	min = 0;
2341 	max = symtab->sym_count - 1;
2342 
2343 	while (min <= max) {
2344 		mid = (max + min) / 2;
2345 
2346 		i = byname[mid];
2347 		(void) symtab_getsym(symtab, i, symp);
2348 
2349 		if ((cmp = strcmp(name, strs + symp->st_name)) == 0) {
2350 			if (idp != NULL)
2351 				*idp = i;
2352 			return (symp);
2353 		}
2354 
2355 		if (cmp < 0)
2356 			max = mid - 1;
2357 		else
2358 			min = mid + 1;
2359 	}
2360 
2361 	return (NULL);
2362 }
2363 
2364 /*
2365  * Use a linear search to do the work of sym_by_name().
2366  */
2367 static GElf_Sym *
2368 sym_by_name_linear(sym_tbl_t *symtab, const char *name, GElf_Sym *symp,
2369     uint_t *idp)
2370 {
2371 	size_t symn = symtab->sym_symn;
2372 	char *strs = symtab->sym_strs;
2373 	int i;
2374 
2375 	if (symtab->sym_data_pri == NULL || symn == 0 || strs == NULL)
2376 		return (NULL);
2377 
2378 	for (i = 0; i < symn; i++) {
2379 		if (symtab_getsym(symtab, i, symp) &&
2380 		    strcmp(name, strs + symp->st_name) == 0) {
2381 			if (idp)
2382 				*idp = i;
2383 			return (symp);
2384 		}
2385 	}
2386 
2387 	return (NULL);
2388 }
2389 
2390 /*
2391  * Look up a symbol by name in the specified symbol table.
2392  *
2393  * Use a linear or a binary search depending on whether or not we
2394  * chose to sort the table in optimize_symtab().
2395  */
2396 static GElf_Sym *
2397 sym_by_name(sym_tbl_t *symtab, const char *name, GElf_Sym *symp, uint_t *idp)
2398 {
2399 	if (_libproc_no_qsort) {
2400 		return (sym_by_name_linear(symtab, name, symp, idp));
2401 	} else {
2402 		return (sym_by_name_binary(symtab, name, symp, idp));
2403 	}
2404 }
2405 
2406 /*
2407  * Search the process symbol tables looking for a symbol whose
2408  * value to value+size contain the address specified by addr.
2409  * Return values are:
2410  *	sym_name_buffer containing the symbol name
2411  *	GElf_Sym symbol table entry
2412  *	prsyminfo_t ancillary symbol information
2413  * Returns 0 on success, -1 on failure.
2414  */
2415 static int
2416 i_Pxlookup_by_addr(
2417 	struct ps_prochandle *P,
2418 	int lmresolve,			/* use resolve linker object names */
2419 	uintptr_t addr,			/* process address being sought */
2420 	char *sym_name_buffer,		/* buffer for the symbol name */
2421 	size_t bufsize,			/* size of sym_name_buffer */
2422 	GElf_Sym *symbolp,		/* returned symbol table entry */
2423 	prsyminfo_t *sip)		/* returned symbol info */
2424 {
2425 	GElf_Sym	*symp;
2426 	char		*name;
2427 	GElf_Sym	sym1, *sym1p = NULL;
2428 	GElf_Sym	sym2, *sym2p = NULL;
2429 	char		*name1 = NULL;
2430 	char		*name2 = NULL;
2431 	uint_t		i1;
2432 	uint_t		i2;
2433 	map_info_t	*mptr;
2434 	file_info_t	*fptr;
2435 
2436 	(void) Prd_agent(P);
2437 
2438 	if ((mptr = Paddr2mptr(P, addr)) == NULL ||	/* no such address */
2439 	    (fptr = build_map_symtab(P, mptr)) == NULL || /* no mapped file */
2440 	    fptr->file_elf == NULL)			/* not an ELF file */
2441 		return (-1);
2442 
2443 	/*
2444 	 * Adjust the address by the load object base address in
2445 	 * case the address turns out to be in a shared library.
2446 	 */
2447 	addr -= fptr->file_dyn_base;
2448 
2449 	/*
2450 	 * Search both symbol tables, symtab first, then dynsym.
2451 	 */
2452 	if ((sym1p = sym_by_addr(&fptr->file_symtab, addr, &sym1, &i1)) != NULL)
2453 		name1 = fptr->file_symtab.sym_strs + sym1.st_name;
2454 	if ((sym2p = sym_by_addr(&fptr->file_dynsym, addr, &sym2, &i2)) != NULL)
2455 		name2 = fptr->file_dynsym.sym_strs + sym2.st_name;
2456 
2457 	if ((symp = sym_prefer(sym1p, name1, sym2p, name2)) == NULL)
2458 		return (-1);
2459 
2460 	name = (symp == sym1p) ? name1 : name2;
2461 	if (bufsize > 0) {
2462 		(void) strncpy(sym_name_buffer, name, bufsize);
2463 		sym_name_buffer[bufsize - 1] = '\0';
2464 	}
2465 
2466 	*symbolp = *symp;
2467 	if (sip != NULL) {
2468 		sip->prs_name = bufsize == 0 ? NULL : sym_name_buffer;
2469 		if (lmresolve && (fptr->file_rname != NULL))
2470 			sip->prs_object = fptr->file_rbase;
2471 		else
2472 			sip->prs_object = fptr->file_lbase;
2473 		sip->prs_id = (symp == sym1p) ? i1 : i2;
2474 		sip->prs_table = (symp == sym1p) ? PR_SYMTAB : PR_DYNSYM;
2475 		sip->prs_lmid = (fptr->file_lo == NULL) ? LM_ID_BASE :
2476 		    fptr->file_lo->rl_lmident;
2477 	}
2478 
2479 	if (GELF_ST_TYPE(symbolp->st_info) != STT_TLS)
2480 		symbolp->st_value += fptr->file_dyn_base;
2481 
2482 	return (0);
2483 }
2484 
2485 int
2486 Pxlookup_by_addr(struct ps_prochandle *P, uintptr_t addr, char *buf,
2487     size_t bufsize, GElf_Sym *symp, prsyminfo_t *sip)
2488 {
2489 	return (i_Pxlookup_by_addr(P, B_FALSE, addr, buf, bufsize, symp, sip));
2490 }
2491 
2492 int
2493 Pxlookup_by_addr_resolved(struct ps_prochandle *P, uintptr_t addr, char *buf,
2494     size_t bufsize, GElf_Sym *symp, prsyminfo_t *sip)
2495 {
2496 	return (i_Pxlookup_by_addr(P, B_TRUE, addr, buf, bufsize, symp, sip));
2497 }
2498 
2499 int
2500 Plookup_by_addr(struct ps_prochandle *P, uintptr_t addr, char *buf,
2501     size_t size, GElf_Sym *symp)
2502 {
2503 	return (i_Pxlookup_by_addr(P, B_FALSE, addr, buf, size, symp, NULL));
2504 }
2505 
2506 /*
2507  * Search the process symbol tables looking for a symbol whose name matches the
2508  * specified name and whose object and link map optionally match the specified
2509  * parameters.  On success, the function returns 0 and fills in the GElf_Sym
2510  * symbol table entry.  On failure, -1 is returned.
2511  */
2512 int
2513 Pxlookup_by_name(
2514 	struct ps_prochandle *P,
2515 	Lmid_t lmid,			/* link map to match, or -1 for any */
2516 	const char *oname,		/* load object name */
2517 	const char *sname,		/* symbol name */
2518 	GElf_Sym *symp,			/* returned symbol table entry */
2519 	prsyminfo_t *sip)		/* returned symbol info */
2520 {
2521 	map_info_t *mptr;
2522 	file_info_t *fptr;
2523 	int cnt;
2524 
2525 	GElf_Sym sym;
2526 	prsyminfo_t si;
2527 	int rv = -1;
2528 	uint_t id;
2529 
2530 	if (oname == PR_OBJ_EVERY) {
2531 		/* create all the file_info_t's for all the mappings */
2532 		(void) Prd_agent(P);
2533 		cnt = P->num_files;
2534 		fptr = list_next(&P->file_head);
2535 	} else {
2536 		cnt = 1;
2537 		if ((mptr = object_name_to_map(P, lmid, oname)) == NULL ||
2538 		    (fptr = build_map_symtab(P, mptr)) == NULL)
2539 			return (-1);
2540 	}
2541 
2542 	/*
2543 	 * Iterate through the loaded object files and look for the symbol
2544 	 * name in the .symtab and .dynsym of each.  If we encounter a match
2545 	 * with SHN_UNDEF, keep looking in hopes of finding a better match.
2546 	 * This means that a name such as "puts" will match the puts function
2547 	 * in libc instead of matching the puts PLT entry in the a.out file.
2548 	 */
2549 	for (; cnt > 0; cnt--, fptr = list_next(fptr)) {
2550 		Pbuild_file_symtab(P, fptr);
2551 
2552 		if (fptr->file_elf == NULL)
2553 			continue;
2554 
2555 		if (lmid != PR_LMID_EVERY && fptr->file_lo != NULL &&
2556 		    lmid != fptr->file_lo->rl_lmident)
2557 			continue;
2558 
2559 		if (fptr->file_symtab.sym_data_pri != NULL &&
2560 		    sym_by_name(&fptr->file_symtab, sname, symp, &id)) {
2561 			if (sip != NULL) {
2562 				sip->prs_id = id;
2563 				sip->prs_table = PR_SYMTAB;
2564 				sip->prs_object = oname;
2565 				sip->prs_name = sname;
2566 				sip->prs_lmid = fptr->file_lo == NULL ?
2567 				    LM_ID_BASE : fptr->file_lo->rl_lmident;
2568 			}
2569 		} else if (fptr->file_dynsym.sym_data_pri != NULL &&
2570 		    sym_by_name(&fptr->file_dynsym, sname, symp, &id)) {
2571 			if (sip != NULL) {
2572 				sip->prs_id = id;
2573 				sip->prs_table = PR_DYNSYM;
2574 				sip->prs_object = oname;
2575 				sip->prs_name = sname;
2576 				sip->prs_lmid = fptr->file_lo == NULL ?
2577 				    LM_ID_BASE : fptr->file_lo->rl_lmident;
2578 			}
2579 		} else {
2580 			continue;
2581 		}
2582 
2583 		if (GELF_ST_TYPE(symp->st_info) != STT_TLS)
2584 			symp->st_value += fptr->file_dyn_base;
2585 
2586 		if (symp->st_shndx != SHN_UNDEF)
2587 			return (0);
2588 
2589 		if (rv != 0) {
2590 			if (sip != NULL)
2591 				si = *sip;
2592 			sym = *symp;
2593 			rv = 0;
2594 		}
2595 	}
2596 
2597 	if (rv == 0) {
2598 		if (sip != NULL)
2599 			*sip = si;
2600 		*symp = sym;
2601 	}
2602 
2603 	return (rv);
2604 }
2605 
2606 /*
2607  * Search the process symbol tables looking for a symbol whose name matches the
2608  * specified name, but without any restriction on the link map id.
2609  */
2610 int
2611 Plookup_by_name(struct ps_prochandle *P, const char *object,
2612 	const char *symbol, GElf_Sym *symp)
2613 {
2614 	return (Pxlookup_by_name(P, PR_LMID_EVERY, object, symbol, symp, NULL));
2615 }
2616 
2617 /*
2618  * Iterate over the process's address space mappings.
2619  */
2620 static int
2621 i_Pmapping_iter(struct ps_prochandle *P, boolean_t lmresolve,
2622     proc_map_f *func, void *cd)
2623 {
2624 	map_info_t *mptr;
2625 	file_info_t *fptr;
2626 	char *object_name;
2627 	int rc = 0;
2628 	int i;
2629 
2630 	/* create all the file_info_t's for all the mappings */
2631 	(void) Prd_agent(P);
2632 
2633 	for (i = 0, mptr = P->mappings; i < P->map_count; i++, mptr++) {
2634 		if ((fptr = mptr->map_file) == NULL)
2635 			object_name = NULL;
2636 		else if (lmresolve && (fptr->file_rname != NULL))
2637 			object_name = fptr->file_rname;
2638 		else
2639 			object_name = fptr->file_lname;
2640 		if ((rc = func(cd, &mptr->map_pmap, object_name)) != 0)
2641 			return (rc);
2642 	}
2643 	return (0);
2644 }
2645 
2646 int
2647 Pmapping_iter(struct ps_prochandle *P, proc_map_f *func, void *cd)
2648 {
2649 	return (i_Pmapping_iter(P, B_FALSE, func, cd));
2650 }
2651 
2652 int
2653 Pmapping_iter_resolved(struct ps_prochandle *P, proc_map_f *func, void *cd)
2654 {
2655 	return (i_Pmapping_iter(P, B_TRUE, func, cd));
2656 }
2657 
2658 /*
2659  * Iterate over the process's mapped objects.
2660  */
2661 static int
2662 i_Pobject_iter(struct ps_prochandle *P, boolean_t lmresolve,
2663     proc_map_f *func, void *cd)
2664 {
2665 	map_info_t *mptr;
2666 	file_info_t *fptr;
2667 	uint_t cnt;
2668 	int rc = 0;
2669 
2670 	(void) Prd_agent(P); /* create file_info_t's for all the mappings */
2671 	Pupdate_maps(P);
2672 
2673 	for (cnt = P->num_files, fptr = list_next(&P->file_head);
2674 	    cnt; cnt--, fptr = list_next(fptr)) {
2675 		const char *lname;
2676 
2677 		if (lmresolve && (fptr->file_rname != NULL))
2678 			lname = fptr->file_rname;
2679 		else if (fptr->file_lname != NULL)
2680 			lname = fptr->file_lname;
2681 		else
2682 			lname = "";
2683 
2684 		if ((mptr = fptr->file_map) == NULL)
2685 			continue;
2686 
2687 		if ((rc = func(cd, &mptr->map_pmap, lname)) != 0)
2688 			return (rc);
2689 
2690 		if (!P->info_valid)
2691 			Pupdate_maps(P);
2692 	}
2693 	return (0);
2694 }
2695 
2696 int
2697 Pobject_iter(struct ps_prochandle *P, proc_map_f *func, void *cd)
2698 {
2699 	return (i_Pobject_iter(P, B_FALSE, func, cd));
2700 }
2701 
2702 int
2703 Pobject_iter_resolved(struct ps_prochandle *P, proc_map_f *func, void *cd)
2704 {
2705 	return (i_Pobject_iter(P, B_TRUE, func, cd));
2706 }
2707 
2708 static char *
2709 i_Pobjname(struct ps_prochandle *P, boolean_t lmresolve, uintptr_t addr,
2710 	char *buffer, size_t bufsize)
2711 {
2712 	map_info_t *mptr;
2713 	file_info_t *fptr;
2714 
2715 	/* create all the file_info_t's for all the mappings */
2716 	(void) Prd_agent(P);
2717 
2718 	if ((mptr = Paddr2mptr(P, addr)) == NULL)
2719 		return (NULL);
2720 
2721 	if (!lmresolve) {
2722 		if (((fptr = mptr->map_file) == NULL) ||
2723 		    (fptr->file_lname == NULL))
2724 			return (NULL);
2725 		(void) strlcpy(buffer, fptr->file_lname, bufsize);
2726 		return (buffer);
2727 	}
2728 
2729 	/* Check for a cached copy of the resolved path */
2730 	if (Pfindmap(P, mptr, buffer, bufsize) != NULL)
2731 		return (buffer);
2732 
2733 	return (NULL);
2734 }
2735 
2736 /*
2737  * Given a virtual address, return the name of the underlying
2738  * mapped object (file) as provided by the dynamic linker.
2739  * Return NULL if we can't find any name information for the object.
2740  */
2741 char *
2742 Pobjname(struct ps_prochandle *P, uintptr_t addr,
2743 	char *buffer, size_t bufsize)
2744 {
2745 	return (i_Pobjname(P, B_FALSE, addr, buffer, bufsize));
2746 }
2747 
2748 /*
2749  * Given a virtual address, try to return a filesystem path to the
2750  * underlying mapped object (file).  If we're in the global zone,
2751  * this path could resolve to an object in another zone.  If we're
2752  * unable return a valid filesystem path, we'll fall back to providing
2753  * the mapped object (file) name provided by the dynamic linker in
2754  * the target process (ie, the object reported by Pobjname()).
2755  */
2756 char *
2757 Pobjname_resolved(struct ps_prochandle *P, uintptr_t addr,
2758 	char *buffer, size_t bufsize)
2759 {
2760 	return (i_Pobjname(P, B_TRUE, addr, buffer, bufsize));
2761 }
2762 
2763 /*
2764  * Given a virtual address, return the link map id of the underlying mapped
2765  * object (file), as provided by the dynamic linker.  Return -1 on failure.
2766  */
2767 int
2768 Plmid(struct ps_prochandle *P, uintptr_t addr, Lmid_t *lmidp)
2769 {
2770 	map_info_t *mptr;
2771 	file_info_t *fptr;
2772 
2773 	/* create all the file_info_t's for all the mappings */
2774 	(void) Prd_agent(P);
2775 
2776 	if ((mptr = Paddr2mptr(P, addr)) != NULL &&
2777 	    (fptr = mptr->map_file) != NULL && fptr->file_lo != NULL) {
2778 		*lmidp = fptr->file_lo->rl_lmident;
2779 		return (0);
2780 	}
2781 
2782 	return (-1);
2783 }
2784 
2785 /*
2786  * Given an object name and optional lmid, iterate over the object's symbols.
2787  * If which == PR_SYMTAB, search the normal symbol table.
2788  * If which == PR_DYNSYM, search the dynamic symbol table.
2789  */
2790 static int
2791 Psymbol_iter_com(struct ps_prochandle *P, Lmid_t lmid, const char *object_name,
2792     int which, int mask, pr_order_t order, proc_xsym_f *func, void *cd)
2793 {
2794 #if STT_NUM != (STT_TLS + 1)
2795 #error "STT_NUM has grown. update Psymbol_iter_com()"
2796 #endif
2797 
2798 	GElf_Sym sym;
2799 	GElf_Shdr shdr;
2800 	map_info_t *mptr;
2801 	file_info_t *fptr;
2802 	sym_tbl_t *symtab;
2803 	size_t symn;
2804 	const char *strs;
2805 	size_t strsz;
2806 	prsyminfo_t si;
2807 	int rv;
2808 	uint_t *map, i, count, ndx;
2809 
2810 	if ((mptr = object_name_to_map(P, lmid, object_name)) == NULL)
2811 		return (-1);
2812 
2813 	if ((fptr = build_map_symtab(P, mptr)) == NULL || /* no mapped file */
2814 	    fptr->file_elf == NULL)			/* not an ELF file */
2815 		return (-1);
2816 
2817 	/*
2818 	 * Search the specified symbol table.
2819 	 */
2820 	switch (which) {
2821 	case PR_SYMTAB:
2822 		symtab = &fptr->file_symtab;
2823 		si.prs_table = PR_SYMTAB;
2824 		break;
2825 	case PR_DYNSYM:
2826 		symtab = &fptr->file_dynsym;
2827 		si.prs_table = PR_DYNSYM;
2828 		break;
2829 	default:
2830 		return (-1);
2831 	}
2832 
2833 	si.prs_object = object_name;
2834 	si.prs_lmid = fptr->file_lo == NULL ?
2835 	    LM_ID_BASE : fptr->file_lo->rl_lmident;
2836 
2837 	symn = symtab->sym_symn;
2838 	strs = symtab->sym_strs;
2839 	strsz = symtab->sym_strsz;
2840 
2841 	switch (order) {
2842 	case PRO_NATURAL:
2843 		map = NULL;
2844 		count = symn;
2845 		break;
2846 	case PRO_BYNAME:
2847 		map = symtab->sym_byname;
2848 		count = symtab->sym_count;
2849 		break;
2850 	case PRO_BYADDR:
2851 		map = symtab->sym_byaddr;
2852 		count = symtab->sym_count;
2853 		break;
2854 	default:
2855 		return (-1);
2856 	}
2857 
2858 	if (symtab->sym_data_pri == NULL || strs == NULL || count == 0)
2859 		return (-1);
2860 
2861 	rv = 0;
2862 
2863 	for (i = 0; i < count; i++) {
2864 		ndx = map == NULL ? i : map[i];
2865 		if (symtab_getsym(symtab, ndx, &sym) != NULL) {
2866 			uint_t s_bind, s_type, type;
2867 
2868 			if (sym.st_name >= strsz)	/* invalid st_name */
2869 				continue;
2870 
2871 			s_bind = GELF_ST_BIND(sym.st_info);
2872 			s_type = GELF_ST_TYPE(sym.st_info);
2873 
2874 			/*
2875 			 * In case you haven't already guessed, this relies on
2876 			 * the bitmask used in <libproc.h> for encoding symbol
2877 			 * type and binding matching the order of STB and STT
2878 			 * constants in <sys/elf.h>.  Changes to ELF must
2879 			 * maintain binary compatibility, so I think this is
2880 			 * reasonably fair game.
2881 			 */
2882 			if (s_bind < STB_NUM && s_type < STT_NUM) {
2883 				type = (1 << (s_type + 8)) | (1 << s_bind);
2884 				if ((type & ~mask) != 0)
2885 					continue;
2886 			} else
2887 				continue; /* Invalid type or binding */
2888 
2889 			if (GELF_ST_TYPE(sym.st_info) != STT_TLS)
2890 				sym.st_value += fptr->file_dyn_base;
2891 
2892 			si.prs_name = strs + sym.st_name;
2893 
2894 			/*
2895 			 * If symbol's type is STT_SECTION, then try to lookup
2896 			 * the name of the corresponding section.
2897 			 */
2898 			if (GELF_ST_TYPE(sym.st_info) == STT_SECTION &&
2899 			    fptr->file_shstrs != NULL &&
2900 			    gelf_getshdr(elf_getscn(fptr->file_elf,
2901 			    sym.st_shndx), &shdr) != NULL &&
2902 			    shdr.sh_name != 0 &&
2903 			    shdr.sh_name < fptr->file_shstrsz)
2904 				si.prs_name = fptr->file_shstrs + shdr.sh_name;
2905 
2906 			si.prs_id = ndx;
2907 			if ((rv = func(cd, &sym, si.prs_name, &si)) != 0)
2908 				break;
2909 		}
2910 	}
2911 
2912 	return (rv);
2913 }
2914 
2915 int
2916 Pxsymbol_iter(struct ps_prochandle *P, Lmid_t lmid, const char *object_name,
2917     int which, int mask, proc_xsym_f *func, void *cd)
2918 {
2919 	return (Psymbol_iter_com(P, lmid, object_name, which, mask,
2920 	    PRO_NATURAL, func, cd));
2921 }
2922 
2923 int
2924 Psymbol_iter_by_lmid(struct ps_prochandle *P, Lmid_t lmid,
2925     const char *object_name, int which, int mask, proc_sym_f *func, void *cd)
2926 {
2927 	return (Psymbol_iter_com(P, lmid, object_name, which, mask,
2928 	    PRO_NATURAL, (proc_xsym_f *)func, cd));
2929 }
2930 
2931 int
2932 Psymbol_iter(struct ps_prochandle *P,
2933     const char *object_name, int which, int mask, proc_sym_f *func, void *cd)
2934 {
2935 	return (Psymbol_iter_com(P, PR_LMID_EVERY, object_name, which, mask,
2936 	    PRO_NATURAL, (proc_xsym_f *)func, cd));
2937 }
2938 
2939 int
2940 Psymbol_iter_by_addr(struct ps_prochandle *P,
2941     const char *object_name, int which, int mask, proc_sym_f *func, void *cd)
2942 {
2943 	return (Psymbol_iter_com(P, PR_LMID_EVERY, object_name, which, mask,
2944 	    PRO_BYADDR, (proc_xsym_f *)func, cd));
2945 }
2946 
2947 int
2948 Psymbol_iter_by_name(struct ps_prochandle *P,
2949     const char *object_name, int which, int mask, proc_sym_f *func, void *cd)
2950 {
2951 	return (Psymbol_iter_com(P, PR_LMID_EVERY, object_name, which, mask,
2952 	    PRO_BYNAME, (proc_xsym_f *)func, cd));
2953 }
2954 
2955 /*
2956  * Get the platform string from the core file if we have it;
2957  * just perform the system call for the caller if this is a live process.
2958  */
2959 char *
2960 Pplatform(struct ps_prochandle *P, char *s, size_t n)
2961 {
2962 	if (P->state == PS_IDLE) {
2963 		errno = ENODATA;
2964 		return (NULL);
2965 	}
2966 
2967 	if (P->state == PS_DEAD) {
2968 		if (P->core->core_platform == NULL) {
2969 			errno = ENODATA;
2970 			return (NULL);
2971 		}
2972 		(void) strncpy(s, P->core->core_platform, n - 1);
2973 		s[n - 1] = '\0';
2974 
2975 	} else if (sysinfo(SI_PLATFORM, s, n) == -1)
2976 		return (NULL);
2977 
2978 	return (s);
2979 }
2980 
2981 /*
2982  * Get the uname(2) information from the core file if we have it;
2983  * just perform the system call for the caller if this is a live process.
2984  */
2985 int
2986 Puname(struct ps_prochandle *P, struct utsname *u)
2987 {
2988 	if (P->state == PS_IDLE) {
2989 		errno = ENODATA;
2990 		return (-1);
2991 	}
2992 
2993 	if (P->state == PS_DEAD) {
2994 		if (P->core->core_uts == NULL) {
2995 			errno = ENODATA;
2996 			return (-1);
2997 		}
2998 		(void) memcpy(u, P->core->core_uts, sizeof (struct utsname));
2999 		return (0);
3000 	}
3001 	return (uname(u));
3002 }
3003 
3004 /*
3005  * Called from Pcreate(), Pgrab(), and Pfgrab_core() to initialize
3006  * the symbol table heads in the new ps_prochandle.
3007  */
3008 void
3009 Pinitsym(struct ps_prochandle *P)
3010 {
3011 	P->num_files = 0;
3012 	list_link(&P->file_head, NULL);
3013 }
3014 
3015 /*
3016  * Called from Prelease() to destroy the symbol tables.
3017  * Must be called by the client after an exec() in the victim process.
3018  */
3019 void
3020 Preset_maps(struct ps_prochandle *P)
3021 {
3022 	int i;
3023 
3024 	if (P->rap != NULL) {
3025 		rd_delete(P->rap);
3026 		P->rap = NULL;
3027 	}
3028 
3029 	if (P->execname != NULL) {
3030 		free(P->execname);
3031 		P->execname = NULL;
3032 	}
3033 
3034 	if (P->auxv != NULL) {
3035 		free(P->auxv);
3036 		P->auxv = NULL;
3037 		P->nauxv = 0;
3038 	}
3039 
3040 	for (i = 0; i < P->map_count; i++)
3041 		map_info_free(P, &P->mappings[i]);
3042 
3043 	if (P->mappings != NULL) {
3044 		free(P->mappings);
3045 		P->mappings = NULL;
3046 	}
3047 	P->map_count = P->map_alloc = 0;
3048 
3049 	P->info_valid = 0;
3050 }
3051 
3052 typedef struct getenv_data {
3053 	char *buf;
3054 	size_t bufsize;
3055 	const char *search;
3056 	size_t searchlen;
3057 } getenv_data_t;
3058 
3059 /*ARGSUSED*/
3060 static int
3061 getenv_func(void *data, struct ps_prochandle *P, uintptr_t addr,
3062     const char *nameval)
3063 {
3064 	getenv_data_t *d = data;
3065 	size_t len;
3066 
3067 	if (nameval == NULL)
3068 		return (0);
3069 
3070 	if (d->searchlen < strlen(nameval) &&
3071 	    strncmp(nameval, d->search, d->searchlen) == 0 &&
3072 	    nameval[d->searchlen] == '=') {
3073 		len = MIN(strlen(nameval), d->bufsize - 1);
3074 		(void) strncpy(d->buf, nameval, len);
3075 		d->buf[len] = '\0';
3076 		return (1);
3077 	}
3078 
3079 	return (0);
3080 }
3081 
3082 char *
3083 Pgetenv(struct ps_prochandle *P, const char *name, char *buf, size_t buflen)
3084 {
3085 	getenv_data_t d;
3086 
3087 	d.buf = buf;
3088 	d.bufsize = buflen;
3089 	d.search = name;
3090 	d.searchlen = strlen(name);
3091 
3092 	if (Penv_iter(P, getenv_func, &d) == 1) {
3093 		char *equals = strchr(d.buf, '=');
3094 
3095 		if (equals != NULL) {
3096 			(void) memmove(d.buf, equals + 1,
3097 			    d.buf + buflen - equals - 1);
3098 			d.buf[d.buf + buflen - equals] = '\0';
3099 
3100 			return (buf);
3101 		}
3102 	}
3103 
3104 	return (NULL);
3105 }
3106 
3107 /* number of argument or environment pointers to read all at once */
3108 #define	NARG	100
3109 
3110 int
3111 Penv_iter(struct ps_prochandle *P, proc_env_f *func, void *data)
3112 {
3113 	const psinfo_t *psp;
3114 	uintptr_t envpoff;
3115 	GElf_Sym sym;
3116 	int ret;
3117 	char *buf, *nameval;
3118 	size_t buflen;
3119 
3120 	int nenv = NARG;
3121 	long envp[NARG];
3122 
3123 	/*
3124 	 * Attempt to find the "_environ" variable in the process.
3125 	 * Failing that, use the original value provided by Ppsinfo().
3126 	 */
3127 	if ((psp = Ppsinfo(P)) == NULL)
3128 		return (-1);
3129 
3130 	envpoff = psp->pr_envp; /* Default if no _environ found */
3131 
3132 	if (Plookup_by_name(P, PR_OBJ_EXEC, "_environ", &sym) == 0) {
3133 		if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3134 			if (Pread(P, &envpoff, sizeof (envpoff),
3135 			    sym.st_value) != sizeof (envpoff))
3136 				envpoff = psp->pr_envp;
3137 		} else if (P->status.pr_dmodel == PR_MODEL_ILP32) {
3138 			uint32_t envpoff32;
3139 
3140 			if (Pread(P, &envpoff32, sizeof (envpoff32),
3141 			    sym.st_value) != sizeof (envpoff32))
3142 				envpoff = psp->pr_envp;
3143 			else
3144 				envpoff = envpoff32;
3145 		}
3146 	}
3147 
3148 	buflen = 128;
3149 	buf = malloc(buflen);
3150 
3151 	ret = 0;
3152 	for (;;) {
3153 		uintptr_t envoff;
3154 
3155 		if (nenv == NARG) {
3156 			(void) memset(envp, 0, sizeof (envp));
3157 			if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3158 				if (Pread(P, envp,
3159 				    sizeof (envp), envpoff) <= 0) {
3160 					ret = -1;
3161 					break;
3162 				}
3163 			} else if (P->status.pr_dmodel == PR_MODEL_ILP32) {
3164 				uint32_t e32[NARG];
3165 				int i;
3166 
3167 				(void) memset(e32, 0, sizeof (e32));
3168 				if (Pread(P, e32, sizeof (e32), envpoff) <= 0) {
3169 					ret = -1;
3170 					break;
3171 				}
3172 				for (i = 0; i < NARG; i++)
3173 					envp[i] = e32[i];
3174 			}
3175 			nenv = 0;
3176 		}
3177 
3178 		if ((envoff = envp[nenv++]) == NULL)
3179 			break;
3180 
3181 		/*
3182 		 * Attempt to read the string from the process.
3183 		 */
3184 again:
3185 		ret = Pread_string(P, buf, buflen, envoff);
3186 
3187 		if (ret <= 0) {
3188 			nameval = NULL;
3189 		} else if (ret == buflen - 1) {
3190 			free(buf);
3191 			/*
3192 			 * Bail if we have a corrupted environment
3193 			 */
3194 			if (buflen >= ARG_MAX)
3195 				return (-1);
3196 			buflen *= 2;
3197 			buf = malloc(buflen);
3198 			goto again;
3199 		} else {
3200 			nameval = buf;
3201 		}
3202 
3203 		if ((ret = func(data, P, envoff, nameval)) != 0)
3204 			break;
3205 
3206 		envpoff += (P->status.pr_dmodel == PR_MODEL_LP64)? 8 : 4;
3207 	}
3208 
3209 	free(buf);
3210 
3211 	return (ret);
3212 }
3213