1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Dump an elf file. 29 */ 30 #include <stddef.h> 31 #include <sys/elf_386.h> 32 #include <sys/elf_amd64.h> 33 #include <sys/elf_SPARC.h> 34 #include <_libelf.h> 35 #include <dwarf.h> 36 #include <stdio.h> 37 #include <unistd.h> 38 #include <errno.h> 39 #include <strings.h> 40 #include <debug.h> 41 #include <conv.h> 42 #include <msg.h> 43 #include <_elfdump.h> 44 45 46 /* 47 * VERSYM_STATE is used to maintain information about the VERSYM section 48 * in the object being analyzed. It is filled in by versions(), and used 49 * by init_symtbl_state() when displaying symbol information. 50 * 51 * There are three forms of symbol versioning known to us: 52 * 53 * 1) The original form, introduced with Solaris 2.5, in which 54 * the Versym contains indexes to Verdef records, and the 55 * Versym values for UNDEF symbols resolved by other objects 56 * are all set to 0. 57 * 2) The GNU form, which is backward compatible with the original 58 * Solaris form, but which adds several extensions: 59 * - The Versym also contains indexes to Verneed records, recording 60 * which object/version contributed the external symbol at 61 * link time. These indexes start with the next value following 62 * the final Verdef index. The index is written to the previously 63 * reserved vna_other field of the ELF Vernaux structure. 64 * - The top bit of the Versym value is no longer part of the index, 65 * but is used as a "hidden bit" to prevent binding to the symbol. 66 * - Multiple implementations of a given symbol, contained in varying 67 * versions are allowed, using special assembler pseudo ops, 68 * and encoded in the symbol name using '@' characters. 69 * 3) Modified Solaris form, in which we adopt the first GNU extension 70 * (Versym indexes to Verneed records), but not the others. 71 * 72 * elfdump can handle any of these cases. The presence of a DT_VERSYM 73 * dynamic element indicates a full GNU object. An object that lacks 74 * a DT_VERSYM entry, but which has non-zero vna_other fields in the Vernaux 75 * structures is a modified Solaris object. An object that has neither of 76 * these uses the original form. 77 * 78 * max_verndx contains the largest version index that can appear 79 * in a Versym entry. This can never be less than 1: In the case where 80 * there is no verdef/verneed sections, the [0] index is reserved 81 * for local symbols, and the [1] index for globals. If the original 82 * Solaris versioning rules are in effect and there is a verdef section, 83 * then max_verndex is the number of defined versions. If one of the 84 * other versioning forms is in effect, then: 85 * 1) If there is no verneed section, it is the same as for 86 * original Solaris versioning. 87 * 2) If there is a verneed section, the vna_other field of the 88 * Vernaux structs contain versions, and max_verndx is the 89 * largest such index. 90 * 91 * If gnu_full is True, the object uses the full GNU form of versioning. 92 * The value of the gnu_full field is based on the presence of 93 * a DT_VERSYM entry in the dynamic section: GNU ld produces these, and 94 * Solaris ld does not. 95 * 96 * The gnu_needed field is True if the Versym contains indexes to 97 * Verneed records, as indicated by non-zero vna_other fields in the Verneed 98 * section. If gnu_full is True, then gnu_needed will always be true. 99 * However, gnu_needed can be true without gnu_full. This is the modified 100 * Solaris form. 101 */ 102 typedef struct { 103 Cache *cache; /* Pointer to cache entry for VERSYM */ 104 Versym *data; /* Pointer to versym array */ 105 int gnu_full; /* True if object uses GNU versioning rules */ 106 int gnu_needed; /* True if object uses VERSYM indexes for */ 107 /* VERNEED (subset of gnu_full) */ 108 int max_verndx; /* largest versym index value */ 109 } VERSYM_STATE; 110 111 /* 112 * SYMTBL_STATE is used to maintain information about a single symbol 113 * table section, for use by the routines that display symbol information. 114 */ 115 typedef struct { 116 const char *file; /* Name of file */ 117 Ehdr *ehdr; /* ELF header for file */ 118 Cache *cache; /* Cache of all section headers */ 119 uchar_t osabi; /* OSABI to use */ 120 Word shnum; /* # of sections in cache */ 121 Cache *seccache; /* Cache of symbol table section hdr */ 122 Word secndx; /* Index of symbol table section hdr */ 123 const char *secname; /* Name of section */ 124 uint_t flags; /* Command line option flags */ 125 struct { /* Extended section index data */ 126 int checked; /* TRUE if already checked for shxndx */ 127 Word *data; /* NULL, or extended section index */ 128 /* used for symbol table entries */ 129 uint_t n; /* # items in shxndx.data */ 130 } shxndx; 131 VERSYM_STATE *versym; /* NULL, or associated VERSYM section */ 132 Sym *sym; /* Array of symbols */ 133 Word symn; /* # of symbols */ 134 } SYMTBL_STATE; 135 136 /* 137 * A variable of this type is used to track information related to 138 * .eh_frame and .eh_frame_hdr sections across calls to unwind_eh_frame(). 139 */ 140 typedef struct { 141 Word frame_cnt; /* # .eh_frame sections seen */ 142 Word frame_ndx; /* Section index of 1st .eh_frame */ 143 Word hdr_cnt; /* # .eh_frame_hdr sections seen */ 144 Word hdr_ndx; /* Section index of 1st .eh_frame_hdr */ 145 uint64_t frame_ptr; /* Value of FramePtr field from first */ 146 /* .eh_frame_hdr section */ 147 uint64_t frame_base; /* Data addr of 1st .eh_frame */ 148 } gnu_eh_state_t; 149 150 /* 151 * C++ .exception_ranges entries make use of the signed ptrdiff_t 152 * type to record self-relative pointer values. We need a type 153 * for this that is matched to the ELFCLASS being processed. 154 */ 155 #if defined(_ELF64) 156 typedef int64_t PTRDIFF_T; 157 #else 158 typedef int32_t PTRDIFF_T; 159 #endif 160 161 /* 162 * The Sun C++ ABI uses this struct to define each .exception_ranges 163 * entry. From the ABI: 164 * 165 * The field ret_addr is a self relative pointer to the start of the address 166 * range. The name was chosen because in the current implementation the range 167 * typically starts at the return address for a call site. 168 * 169 * The field length is the difference, in bytes, between the pc of the last 170 * instruction covered by the exception range and the first. When only a 171 * single call site is represented without optimization, this will equal zero. 172 * 173 * The field handler_addr is a relative pointer which stores the difference 174 * between the start of the exception range and the address of all code to 175 * catch exceptions and perform the cleanup for stack unwinding. 176 * 177 * The field type_block is a relative pointer which stores the difference 178 * between the start of the exception range and the address of an array used 179 * for storing a list of the types of exceptions which can be caught within 180 * the exception range. 181 */ 182 typedef struct { 183 PTRDIFF_T ret_addr; 184 Xword length; 185 PTRDIFF_T handler_addr; 186 PTRDIFF_T type_block; 187 Xword reserved; 188 } exception_range_entry; 189 190 /* 191 * Focal point for verifying symbol names. 192 */ 193 static const char * 194 string(Cache *refsec, Word ndx, Cache *strsec, const char *file, Word name) 195 { 196 /* 197 * If an error in this routine is due to a property of the string 198 * section, as opposed to a bad offset into the section (a property of 199 * the referencing section), then we will detect the same error on 200 * every call involving those sections. We use these static variables 201 * to retain the information needed to only issue each such error once. 202 */ 203 static Cache *last_refsec; /* Last referencing section seen */ 204 static int strsec_err; /* True if error issued */ 205 206 const char *strs; 207 Word strn; 208 209 if (strsec->c_data == NULL) 210 return (NULL); 211 212 strs = (char *)strsec->c_data->d_buf; 213 strn = strsec->c_data->d_size; 214 215 /* 216 * We only print a diagnostic regarding a bad string table once per 217 * input section being processed. If the refsec has changed, reset 218 * our retained error state. 219 */ 220 if (last_refsec != refsec) { 221 last_refsec = refsec; 222 strsec_err = 0; 223 } 224 225 /* Verify that strsec really is a string table */ 226 if (strsec->c_shdr->sh_type != SHT_STRTAB) { 227 if (!strsec_err) { 228 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOTSTRTAB), 229 file, strsec->c_ndx, refsec->c_ndx); 230 strsec_err = 1; 231 } 232 return (MSG_INTL(MSG_STR_UNKNOWN)); 233 } 234 235 /* 236 * Is the string table offset within range of the available strings? 237 */ 238 if (name >= strn) { 239 /* 240 * Do we have a empty string table? 241 */ 242 if (strs == NULL) { 243 if (!strsec_err) { 244 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 245 file, strsec->c_name); 246 strsec_err = 1; 247 } 248 } else { 249 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSTOFF), 250 file, refsec->c_name, EC_WORD(ndx), strsec->c_name, 251 EC_WORD(name), EC_WORD(strn - 1)); 252 } 253 254 /* 255 * Return the empty string so that the calling function can 256 * continue it's output diagnostics. 257 */ 258 return (MSG_INTL(MSG_STR_UNKNOWN)); 259 } 260 return (strs + name); 261 } 262 263 /* 264 * Relocations can reference section symbols and standard symbols. If the 265 * former, establish the section name. 266 */ 267 static const char * 268 relsymname(Cache *cache, Cache *csec, Cache *strsec, Word symndx, Word symnum, 269 Word relndx, Sym *syms, char *secstr, size_t secsz, const char *file) 270 { 271 Sym *sym; 272 const char *name; 273 274 if (symndx >= symnum) { 275 (void) fprintf(stderr, MSG_INTL(MSG_ERR_RELBADSYMNDX), 276 file, EC_WORD(symndx), EC_WORD(relndx)); 277 return (MSG_INTL(MSG_STR_UNKNOWN)); 278 } 279 280 sym = (Sym *)(syms + symndx); 281 name = string(csec, symndx, strsec, file, sym->st_name); 282 283 /* 284 * If the symbol represents a section offset construct an appropriate 285 * string. Note, although section symbol table entries typically have 286 * a NULL name pointer, entries do exist that point into the string 287 * table to their own NULL strings. 288 */ 289 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION) && 290 ((sym->st_name == 0) || (*name == '\0'))) { 291 (void) snprintf(secstr, secsz, MSG_INTL(MSG_STR_SECTION), 292 cache[sym->st_shndx].c_name); 293 return ((const char *)secstr); 294 } 295 296 return (name); 297 } 298 299 /* 300 * Focal point for establishing a string table section. Data such as the 301 * dynamic information simply points to a string table. Data such as 302 * relocations, reference a symbol table, which in turn is associated with a 303 * string table. 304 */ 305 static int 306 stringtbl(Cache *cache, int symtab, Word ndx, Word shnum, const char *file, 307 Word *symnum, Cache **symsec, Cache **strsec) 308 { 309 Shdr *shdr = cache[ndx].c_shdr; 310 311 if (symtab) { 312 /* 313 * Validate the symbol table section. 314 */ 315 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 316 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 317 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 318 return (0); 319 } 320 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 321 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 322 file, cache[ndx].c_name); 323 return (0); 324 } 325 326 /* 327 * Obtain, and verify the symbol table data. 328 */ 329 if ((cache[ndx].c_data == NULL) || 330 (cache[ndx].c_data->d_buf == NULL)) { 331 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 332 file, cache[ndx].c_name); 333 return (0); 334 } 335 336 /* 337 * Establish the string table index. 338 */ 339 ndx = shdr->sh_link; 340 shdr = cache[ndx].c_shdr; 341 342 /* 343 * Return symbol table information. 344 */ 345 if (symnum) 346 *symnum = (shdr->sh_size / shdr->sh_entsize); 347 if (symsec) 348 *symsec = &cache[ndx]; 349 } 350 351 /* 352 * Validate the associated string table section. 353 */ 354 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 355 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 356 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 357 return (0); 358 } 359 360 if (strsec) 361 *strsec = &cache[shdr->sh_link]; 362 363 return (1); 364 } 365 366 /* 367 * Lookup a symbol and set Sym accordingly. 368 * 369 * entry: 370 * name - Name of symbol to lookup 371 * cache - Cache of all section headers 372 * shnum - # of sections in cache 373 * sym - Address of pointer to receive symbol 374 * target - NULL, or section to which the symbol must be associated. 375 * symtab - Symbol table to search for symbol 376 * file - Name of file 377 * 378 * exit: 379 * If the symbol is found, *sym is set to reference it, and True is 380 * returned. If target is non-NULL, the symbol must reference the given 381 * section --- otherwise the section is not checked. 382 * 383 * If no symbol is found, False is returned. 384 */ 385 static int 386 symlookup(const char *name, Cache *cache, Word shnum, Sym **sym, 387 Cache *target, Cache *symtab, const char *file) 388 { 389 Shdr *shdr; 390 Word symn, cnt; 391 Sym *syms; 392 393 if (symtab == 0) 394 return (0); 395 396 shdr = symtab->c_shdr; 397 398 /* 399 * Determine the symbol data and number. 400 */ 401 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 402 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 403 file, symtab->c_name); 404 return (0); 405 } 406 if (symtab->c_data == NULL) 407 return (0); 408 409 /* LINTED */ 410 symn = (Word)(shdr->sh_size / shdr->sh_entsize); 411 syms = (Sym *)symtab->c_data->d_buf; 412 413 /* 414 * Get the associated string table section. 415 */ 416 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 417 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 418 file, symtab->c_name, EC_WORD(shdr->sh_link)); 419 return (0); 420 } 421 422 /* 423 * Loop through the symbol table to find a match. 424 */ 425 *sym = NULL; 426 for (cnt = 0; cnt < symn; syms++, cnt++) { 427 const char *symname; 428 429 symname = string(symtab, cnt, &cache[shdr->sh_link], file, 430 syms->st_name); 431 432 if (symname && (strcmp(name, symname) == 0) && 433 ((target == NULL) || (target->c_ndx == syms->st_shndx))) { 434 /* 435 * It is possible, though rare, for a local and 436 * global symbol of the same name to exist, each 437 * contributed by a different input object. If the 438 * symbol just found is local, remember it, but 439 * continue looking. 440 */ 441 *sym = syms; 442 if (ELF_ST_BIND(syms->st_info) != STB_LOCAL) 443 break; 444 } 445 } 446 447 return (*sym != NULL); 448 } 449 450 /* 451 * Print section headers. 452 */ 453 static void 454 sections(const char *file, Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi) 455 { 456 size_t seccnt; 457 458 for (seccnt = 1; seccnt < shnum; seccnt++) { 459 Cache *_cache = &cache[seccnt]; 460 Shdr *shdr = _cache->c_shdr; 461 const char *secname = _cache->c_name; 462 463 /* 464 * Although numerous section header entries can be zero, it's 465 * usually a sign of trouble if the type is zero. 466 */ 467 if (shdr->sh_type == 0) { 468 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHTYPE), 469 file, secname, EC_WORD(shdr->sh_type)); 470 } 471 472 if (!match(MATCH_F_ALL, secname, seccnt, shdr->sh_type)) 473 continue; 474 475 /* 476 * Identify any sections that are suspicious. A .got section 477 * shouldn't exist in a relocatable object. 478 */ 479 if (ehdr->e_type == ET_REL) { 480 if (strncmp(secname, MSG_ORIG(MSG_ELF_GOT), 481 MSG_ELF_GOT_SIZE) == 0) { 482 (void) fprintf(stderr, 483 MSG_INTL(MSG_GOT_UNEXPECTED), file, 484 secname); 485 } 486 } 487 488 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 489 dbg_print(0, MSG_INTL(MSG_ELF_SHDR), EC_WORD(seccnt), secname); 490 Elf_shdr(0, osabi, ehdr->e_machine, shdr); 491 } 492 } 493 494 /* 495 * Obtain a specified Phdr entry. 496 */ 497 static Phdr * 498 getphdr(Word phnum, Word *type_arr, Word type_cnt, const char *file, Elf *elf) 499 { 500 Word cnt, tcnt; 501 Phdr *phdr; 502 503 if ((phdr = elf_getphdr(elf)) == NULL) { 504 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 505 return (NULL); 506 } 507 508 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 509 for (tcnt = 0; tcnt < type_cnt; tcnt++) { 510 if (phdr->p_type == type_arr[tcnt]) 511 return (phdr); 512 } 513 } 514 return (NULL); 515 } 516 517 /* 518 * Display the contents of GNU/amd64 .eh_frame and .eh_frame_hdr 519 * sections. 520 * 521 * entry: 522 * cache - Cache of all section headers 523 * shndx - Index of .eh_frame or .eh_frame_hdr section to be displayed 524 * uphdr - NULL, or unwind program header associated with 525 * the .eh_frame_hdr section. 526 * ehdr - ELF header for file 527 * eh_state - Data used across calls to this routine. The 528 * caller should zero it before the first call, and 529 * pass it on every call. 530 * osabi - OSABI to use in displaying information 531 * file - Name of file 532 * flags - Command line option flags 533 */ 534 static void 535 unwind_eh_frame(Cache *cache, Word shndx, Phdr *uphdr, Ehdr *ehdr, 536 gnu_eh_state_t *eh_state, uchar_t osabi, const char *file, uint_t flags) 537 { 538 #if defined(_ELF64) 539 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_64 540 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_64 541 #else 542 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_32 543 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_32 544 #endif 545 546 Cache *_cache = &cache[shndx]; 547 Shdr *shdr = _cache->c_shdr; 548 uchar_t *data = (uchar_t *)(_cache->c_data->d_buf); 549 size_t datasize = _cache->c_data->d_size; 550 Conv_dwarf_ehe_buf_t dwarf_ehe_buf; 551 uint64_t ndx, frame_ptr, fde_cnt, tabndx; 552 uint_t vers, frame_ptr_enc, fde_cnt_enc, table_enc; 553 uint64_t initloc, initloc0; 554 555 556 /* 557 * Is this a .eh_frame_hdr? 558 */ 559 if ((uphdr && (shdr->sh_addr == uphdr->p_vaddr)) || 560 (strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRMHDR), 561 MSG_SCN_FRMHDR_SIZE) == 0)) { 562 /* 563 * There can only be a single .eh_frame_hdr. 564 * Flag duplicates. 565 */ 566 if (++eh_state->hdr_cnt > 1) 567 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTEHFRMHDR), 568 file, EC_WORD(shndx), _cache->c_name); 569 570 dbg_print(0, MSG_ORIG(MSG_UNW_FRMHDR)); 571 ndx = 0; 572 573 vers = data[ndx++]; 574 frame_ptr_enc = data[ndx++]; 575 fde_cnt_enc = data[ndx++]; 576 table_enc = data[ndx++]; 577 578 dbg_print(0, MSG_ORIG(MSG_UNW_FRMVERS), vers); 579 580 frame_ptr = dwarf_ehe_extract(data, &ndx, frame_ptr_enc, 581 ehdr->e_ident, shdr->sh_addr, ndx); 582 if (eh_state->hdr_cnt == 1) { 583 eh_state->hdr_ndx = shndx; 584 eh_state->frame_ptr = frame_ptr; 585 } 586 587 dbg_print(0, MSG_ORIG(MSG_UNW_FRPTRENC), 588 conv_dwarf_ehe(frame_ptr_enc, &dwarf_ehe_buf), 589 EC_XWORD(frame_ptr)); 590 591 fde_cnt = dwarf_ehe_extract(data, &ndx, fde_cnt_enc, 592 ehdr->e_ident, shdr->sh_addr, ndx); 593 594 dbg_print(0, MSG_ORIG(MSG_UNW_FDCNENC), 595 conv_dwarf_ehe(fde_cnt_enc, &dwarf_ehe_buf), 596 EC_XWORD(fde_cnt)); 597 dbg_print(0, MSG_ORIG(MSG_UNW_TABENC), 598 conv_dwarf_ehe(table_enc, &dwarf_ehe_buf)); 599 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB1)); 600 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB2)); 601 602 for (tabndx = 0; tabndx < fde_cnt; tabndx++) { 603 initloc = dwarf_ehe_extract(data, &ndx, table_enc, 604 ehdr->e_ident, shdr->sh_addr, ndx); 605 /*LINTED:E_VAR_USED_BEFORE_SET*/ 606 if ((tabndx != 0) && (initloc0 > initloc)) 607 (void) fprintf(stderr, 608 MSG_INTL(MSG_ERR_BADSORT), file, 609 _cache->c_name, EC_WORD(tabndx)); 610 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTABENT), 611 EC_XWORD(initloc), 612 EC_XWORD(dwarf_ehe_extract(data, &ndx, 613 table_enc, ehdr->e_ident, shdr->sh_addr, 614 ndx))); 615 initloc0 = initloc; 616 } 617 } else { /* Display the .eh_frame section */ 618 eh_state->frame_cnt++; 619 if (eh_state->frame_cnt == 1) { 620 eh_state->frame_ndx = shndx; 621 eh_state->frame_base = shdr->sh_addr; 622 } else if ((eh_state->frame_cnt > 1) && 623 (ehdr->e_type != ET_REL)) { 624 Conv_inv_buf_t inv_buf; 625 626 (void) fprintf(stderr, MSG_INTL(MSG_WARN_MULTEHFRM), 627 file, EC_WORD(shndx), _cache->c_name, 628 conv_ehdr_type(osabi, ehdr->e_type, 0, &inv_buf)); 629 } 630 dump_eh_frame(data, datasize, shdr->sh_addr, 631 ehdr->e_machine, ehdr->e_ident); 632 } 633 634 /* 635 * If we've seen the .eh_frame_hdr and the first .eh_frame section, 636 * compare the header frame_ptr to the address of the actual frame 637 * section to ensure the link-editor got this right. Note, this 638 * diagnostic is only produced when unwind information is explicitly 639 * asked for, as shared objects built with an older ld(1) may reveal 640 * this inconsistency. Although an inconsistency, it doesn't seem to 641 * have any adverse effect on existing tools. 642 */ 643 if (((flags & FLG_MASK_SHOW) != FLG_MASK_SHOW) && 644 (eh_state->hdr_cnt > 0) && (eh_state->frame_cnt > 0) && 645 (eh_state->frame_ptr != eh_state->frame_base)) 646 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADEHFRMPTR), 647 file, EC_WORD(eh_state->hdr_ndx), 648 cache[eh_state->hdr_ndx].c_name, 649 EC_XWORD(eh_state->frame_ptr), 650 EC_WORD(eh_state->frame_ndx), 651 cache[eh_state->frame_ndx].c_name, 652 EC_XWORD(eh_state->frame_base)); 653 #undef MSG_UNW_BINSRTAB2 654 #undef MSG_UNW_BINSRTABENT 655 } 656 657 /* 658 * Convert a self relative pointer into an address. A self relative 659 * pointer adds the address where the pointer resides to the offset 660 * contained in the pointer. The benefit is that the value of the 661 * pointer does not require relocation. 662 * 663 * entry: 664 * base_addr - Address of the pointer. 665 * delta - Offset relative to base_addr giving desired address 666 * 667 * exit: 668 * The computed address is returned. 669 * 670 * note: 671 * base_addr is an unsigned value, while ret_addr is signed. This routine 672 * used explicit testing and casting to explicitly control type 673 * conversion, and ensure that we handle the maximum possible range. 674 */ 675 static Addr 676 srelptr(Addr base_addr, PTRDIFF_T delta) 677 { 678 if (delta < 0) 679 return (base_addr - (Addr) (-delta)); 680 681 return (base_addr + (Addr) delta); 682 } 683 684 /* 685 * Byte swap a PTRDIFF_T value. 686 */ 687 static PTRDIFF_T 688 swap_ptrdiff(PTRDIFF_T value) 689 { 690 PTRDIFF_T r; 691 uchar_t *dst = (uchar_t *)&r; 692 uchar_t *src = (uchar_t *)&value; 693 694 UL_ASSIGN_BSWAP_XWORD(dst, src); 695 return (r); 696 } 697 698 /* 699 * Display exception_range_entry items from the .exception_ranges section 700 * of a Sun C++ object. 701 */ 702 static void 703 unwind_exception_ranges(Cache *_cache, const char *file, int do_swap) 704 { 705 /* 706 * Translate a PTRDIFF_T self-relative address field of 707 * an exception_range_entry struct into an address. 708 * 709 * entry: 710 * exc_addr - Address of base of exception_range_entry struct 711 * cur_ent - Pointer to data in the struct to be translated 712 * 713 * _f - Field of struct to be translated 714 */ 715 #define SRELPTR(_f) \ 716 srelptr(exc_addr + offsetof(exception_range_entry, _f), cur_ent->_f) 717 718 #if defined(_ELF64) 719 #define MSG_EXR_TITLE MSG_EXR_TITLE_64 720 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_64 721 #else 722 #define MSG_EXR_TITLE MSG_EXR_TITLE_32 723 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_32 724 #endif 725 726 exception_range_entry scratch, *ent, *cur_ent = &scratch; 727 char index[MAXNDXSIZE]; 728 Word i, nelts; 729 Addr addr, addr0, offset = 0; 730 Addr exc_addr = _cache->c_shdr->sh_addr; 731 732 dbg_print(0, MSG_INTL(MSG_EXR_TITLE)); 733 ent = (exception_range_entry *)(_cache->c_data->d_buf); 734 nelts = _cache->c_data->d_size / sizeof (exception_range_entry); 735 736 for (i = 0; i < nelts; i++, ent++) { 737 if (do_swap) { 738 /* 739 * Copy byte swapped values into the scratch buffer. 740 * The reserved field is not used, so we skip it. 741 */ 742 scratch.ret_addr = swap_ptrdiff(ent->ret_addr); 743 scratch.length = BSWAP_XWORD(ent->length); 744 scratch.handler_addr = swap_ptrdiff(ent->handler_addr); 745 scratch.type_block = swap_ptrdiff(ent->type_block); 746 } else { 747 cur_ent = ent; 748 } 749 750 /* 751 * The table is required to be sorted by the address 752 * derived from ret_addr, to allow binary searching. Ensure 753 * that addresses grow monotonically. 754 */ 755 addr = SRELPTR(ret_addr); 756 /*LINTED:E_VAR_USED_BEFORE_SET*/ 757 if ((i != 0) && (addr0 > addr)) 758 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSORT), 759 file, _cache->c_name, EC_WORD(i)); 760 761 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 762 EC_XWORD(i)); 763 dbg_print(0, MSG_INTL(MSG_EXR_ENTRY), index, EC_ADDR(offset), 764 EC_ADDR(addr), EC_ADDR(cur_ent->length), 765 EC_ADDR(SRELPTR(handler_addr)), 766 EC_ADDR(SRELPTR(type_block))); 767 768 addr0 = addr; 769 exc_addr += sizeof (exception_range_entry); 770 offset += sizeof (exception_range_entry); 771 } 772 773 #undef SRELPTR 774 #undef MSG_EXR_TITLE 775 #undef MSG_EXR_ENTRY 776 } 777 778 /* 779 * Display information from unwind/exception sections: 780 * 781 * - GNU/amd64 .eh_frame and .eh_frame_hdr 782 * - Sun C++ .exception_ranges 783 * 784 */ 785 static void 786 unwind(Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, uchar_t osabi, 787 const char *file, Elf *elf, uint_t flags) 788 { 789 static Word phdr_types[] = { PT_SUNW_UNWIND, PT_SUNW_EH_FRAME }; 790 791 Word cnt; 792 Phdr *uphdr = NULL; 793 gnu_eh_state_t eh_state; 794 795 /* 796 * Historical background: .eh_frame and .eh_frame_hdr sections 797 * come from the GNU compilers (particularly C++), and are used 798 * under all architectures. Their format is based on DWARF. When 799 * the amd64 ABI was defined, these sections were adopted wholesale 800 * from the existing practice. 801 * 802 * When amd64 support was added to Solaris, support for these 803 * sections was added, using the SHT_AMD64_UNWIND section type 804 * to identify them. At first, we ignored them in objects for 805 * non-amd64 targets, but later broadened our support to include 806 * other architectures in order to better support gcc-generated 807 * objects. 808 * 809 * .exception_ranges implement the same basic concepts, but 810 * were invented at Sun for the Sun C++ compiler. 811 * 812 * We match these sections by name, rather than section type, 813 * because they can come in as either SHT_AMD64_UNWIND, or as 814 * SHT_PROGBITS, and because the type isn't enough to determine 815 * how they should be interpreted. 816 */ 817 /* Find the program header for .eh_frame_hdr if present */ 818 if (phnum) 819 uphdr = getphdr(phnum, phdr_types, 820 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 821 822 /* 823 * eh_state is used to retain data used by unwind_eh_frame() 824 * across calls. 825 */ 826 bzero(&eh_state, sizeof (eh_state)); 827 828 for (cnt = 1; cnt < shnum; cnt++) { 829 Cache *_cache = &cache[cnt]; 830 Shdr *shdr = _cache->c_shdr; 831 int is_exrange; 832 833 /* 834 * Skip sections of the wrong type. On amd64, they 835 * can be SHT_AMD64_UNWIND. On all platforms, they 836 * can be SHT_PROGBITS (including amd64, if using 837 * the GNU compilers). 838 * 839 * Skip anything other than these two types. The name 840 * test below will thin out the SHT_PROGBITS that don't apply. 841 */ 842 if ((shdr->sh_type != SHT_PROGBITS) && 843 (shdr->sh_type != SHT_AMD64_UNWIND)) 844 continue; 845 846 /* 847 * Only sections with certain well known names are of interest. 848 * These are: 849 * 850 * .eh_frame - amd64/GNU-compiler unwind sections 851 * .eh_frame_hdr - Sorted table referencing .eh_frame 852 * .exception_ranges - Sun C++ unwind sections 853 * 854 * We do a prefix comparison, allowing for naming conventions 855 * like .eh_frame.foo, hence the use of strncmp() rather than 856 * strcmp(). This means that we only really need to test for 857 * .eh_frame, as it's a prefix of .eh_frame_hdr. 858 */ 859 is_exrange = strncmp(_cache->c_name, 860 MSG_ORIG(MSG_SCN_EXRANGE), MSG_SCN_EXRANGE_SIZE) == 0; 861 if ((strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRM), 862 MSG_SCN_FRM_SIZE) != 0) && !is_exrange) 863 continue; 864 865 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 866 continue; 867 868 if (_cache->c_data == NULL) 869 continue; 870 871 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 872 dbg_print(0, MSG_INTL(MSG_ELF_SCN_UNWIND), _cache->c_name); 873 874 if (is_exrange) 875 unwind_exception_ranges(_cache, file, 876 _elf_sys_encoding() != ehdr->e_ident[EI_DATA]); 877 else 878 unwind_eh_frame(cache, cnt, uphdr, ehdr, &eh_state, 879 osabi, file, flags); 880 } 881 } 882 883 /* 884 * Initialize a symbol table state structure 885 * 886 * entry: 887 * state - State structure to be initialized 888 * cache - Cache of all section headers 889 * shnum - # of sections in cache 890 * secndx - Index of symbol table section 891 * ehdr - ELF header for file 892 * versym - Information about versym section 893 * file - Name of file 894 * flags - Command line option flags 895 */ 896 static int 897 init_symtbl_state(SYMTBL_STATE *state, Cache *cache, Word shnum, Word secndx, 898 Ehdr *ehdr, uchar_t osabi, VERSYM_STATE *versym, const char *file, 899 uint_t flags) 900 { 901 Shdr *shdr; 902 903 state->file = file; 904 state->ehdr = ehdr; 905 state->cache = cache; 906 state->osabi = osabi; 907 state->shnum = shnum; 908 state->seccache = &cache[secndx]; 909 state->secndx = secndx; 910 state->secname = state->seccache->c_name; 911 state->flags = flags; 912 state->shxndx.checked = 0; 913 state->shxndx.data = NULL; 914 state->shxndx.n = 0; 915 916 shdr = state->seccache->c_shdr; 917 918 /* 919 * Check the symbol data and per-item size. 920 */ 921 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 922 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 923 file, state->secname); 924 return (0); 925 } 926 if (state->seccache->c_data == NULL) 927 return (0); 928 929 /* LINTED */ 930 state->symn = (Word)(shdr->sh_size / shdr->sh_entsize); 931 state->sym = (Sym *)state->seccache->c_data->d_buf; 932 933 /* 934 * Check associated string table section. 935 */ 936 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 937 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 938 file, state->secname, EC_WORD(shdr->sh_link)); 939 return (0); 940 } 941 942 /* 943 * Determine if there is a associated Versym section 944 * with this Symbol Table. 945 */ 946 if (versym && versym->cache && 947 (versym->cache->c_shdr->sh_link == state->secndx)) 948 state->versym = versym; 949 else 950 state->versym = NULL; 951 952 953 return (1); 954 } 955 956 /* 957 * Determine the extended section index used for symbol tables entries. 958 */ 959 static void 960 symbols_getxindex(SYMTBL_STATE *state) 961 { 962 uint_t symn; 963 Word symcnt; 964 965 state->shxndx.checked = 1; /* Note that we've been called */ 966 for (symcnt = 1; symcnt < state->shnum; symcnt++) { 967 Cache *_cache = &state->cache[symcnt]; 968 Shdr *shdr = _cache->c_shdr; 969 970 if ((shdr->sh_type != SHT_SYMTAB_SHNDX) || 971 (shdr->sh_link != state->secndx)) 972 continue; 973 974 if ((shdr->sh_entsize) && 975 /* LINTED */ 976 ((symn = (uint_t)(shdr->sh_size / shdr->sh_entsize)) == 0)) 977 continue; 978 979 if (_cache->c_data == NULL) 980 continue; 981 982 state->shxndx.data = _cache->c_data->d_buf; 983 state->shxndx.n = symn; 984 return; 985 } 986 } 987 988 /* 989 * Produce a line of output for the given symbol 990 * 991 * entry: 992 * state - Symbol table state 993 * symndx - Index of symbol within the table 994 * info - Value of st_info (indicates local/global range) 995 * symndx_disp - Index to display. This may not be the same 996 * as symndx if the display is relative to the logical 997 * combination of the SUNW_ldynsym/dynsym tables. 998 * sym - Symbol to display 999 */ 1000 static void 1001 output_symbol(SYMTBL_STATE *state, Word symndx, Word info, Word disp_symndx, 1002 Sym *sym) 1003 { 1004 /* 1005 * Symbol types for which we check that the specified 1006 * address/size land inside the target section. 1007 */ 1008 static const int addr_symtype[] = { 1009 0, /* STT_NOTYPE */ 1010 1, /* STT_OBJECT */ 1011 1, /* STT_FUNC */ 1012 0, /* STT_SECTION */ 1013 0, /* STT_FILE */ 1014 1, /* STT_COMMON */ 1015 0, /* STT_TLS */ 1016 0, /* 7 */ 1017 0, /* 8 */ 1018 0, /* 9 */ 1019 0, /* 10 */ 1020 0, /* 11 */ 1021 0, /* 12 */ 1022 0, /* STT_SPARC_REGISTER */ 1023 0, /* 14 */ 1024 0, /* 15 */ 1025 }; 1026 #if STT_NUM != (STT_TLS + 1) 1027 #error "STT_NUM has grown. Update addr_symtype[]" 1028 #endif 1029 1030 char index[MAXNDXSIZE]; 1031 const char *symname, *sec; 1032 Versym verndx; 1033 int gnuver; 1034 uchar_t type; 1035 Shdr *tshdr; 1036 Word shndx; 1037 Conv_inv_buf_t inv_buf; 1038 1039 /* Ensure symbol index is in range */ 1040 if (symndx >= state->symn) { 1041 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSYMNDX), 1042 state->file, state->secname, EC_WORD(symndx)); 1043 return; 1044 } 1045 1046 /* 1047 * If we are using extended symbol indexes, find the 1048 * corresponding SHN_SYMTAB_SHNDX table. 1049 */ 1050 if ((sym->st_shndx == SHN_XINDEX) && (state->shxndx.checked == 0)) 1051 symbols_getxindex(state); 1052 1053 /* LINTED */ 1054 symname = string(state->seccache, symndx, 1055 &state->cache[state->seccache->c_shdr->sh_link], state->file, 1056 sym->st_name); 1057 1058 tshdr = NULL; 1059 sec = NULL; 1060 1061 if (state->ehdr->e_type == ET_CORE) { 1062 sec = (char *)MSG_INTL(MSG_STR_UNKNOWN); 1063 } else if (state->flags & FLG_CTL_FAKESHDR) { 1064 /* 1065 * If we are using fake section headers derived from 1066 * the program headers, then the section indexes 1067 * in the symbols do not correspond to these headers. 1068 * The section names are not available, so all we can 1069 * do is to display them in numeric form. 1070 */ 1071 sec = conv_sym_shndx(state->osabi, state->ehdr->e_machine, 1072 sym->st_shndx, CONV_FMT_DECIMAL, &inv_buf); 1073 } else if ((sym->st_shndx < SHN_LORESERVE) && 1074 (sym->st_shndx < state->shnum)) { 1075 shndx = sym->st_shndx; 1076 tshdr = state->cache[shndx].c_shdr; 1077 sec = state->cache[shndx].c_name; 1078 } else if (sym->st_shndx == SHN_XINDEX) { 1079 if (state->shxndx.data) { 1080 Word _shxndx; 1081 1082 if (symndx > state->shxndx.n) { 1083 (void) fprintf(stderr, 1084 MSG_INTL(MSG_ERR_BADSYMXINDEX1), 1085 state->file, state->secname, 1086 EC_WORD(symndx)); 1087 } else if ((_shxndx = 1088 state->shxndx.data[symndx]) > state->shnum) { 1089 (void) fprintf(stderr, 1090 MSG_INTL(MSG_ERR_BADSYMXINDEX2), 1091 state->file, state->secname, 1092 EC_WORD(symndx), EC_WORD(_shxndx)); 1093 } else { 1094 shndx = _shxndx; 1095 tshdr = state->cache[shndx].c_shdr; 1096 sec = state->cache[shndx].c_name; 1097 } 1098 } else { 1099 (void) fprintf(stderr, 1100 MSG_INTL(MSG_ERR_BADSYMXINDEX3), 1101 state->file, state->secname, EC_WORD(symndx)); 1102 } 1103 } else if ((sym->st_shndx < SHN_LORESERVE) && 1104 (sym->st_shndx >= state->shnum)) { 1105 (void) fprintf(stderr, 1106 MSG_INTL(MSG_ERR_BADSYM5), state->file, 1107 state->secname, EC_WORD(symndx), 1108 demangle(symname, state->flags), sym->st_shndx); 1109 } 1110 1111 /* 1112 * If versioning is available display the 1113 * version index. If not, then use 0. 1114 */ 1115 if (state->versym) { 1116 Versym test_verndx; 1117 1118 verndx = test_verndx = state->versym->data[symndx]; 1119 gnuver = state->versym->gnu_full; 1120 1121 /* 1122 * Check to see if this is a defined symbol with a 1123 * version index that is outside the valid range for 1124 * the file. The interpretation of this depends on 1125 * the style of versioning used by the object. 1126 * 1127 * Versions >= VER_NDX_LORESERVE have special meanings, 1128 * and are exempt from this checking. 1129 * 1130 * GNU style version indexes use the top bit of the 1131 * 16-bit index value (0x8000) as the "hidden bit". 1132 * We must mask off this bit in order to compare 1133 * the version against the maximum value. 1134 */ 1135 if (gnuver) 1136 test_verndx &= ~0x8000; 1137 1138 if ((test_verndx > state->versym->max_verndx) && 1139 (verndx < VER_NDX_LORESERVE)) 1140 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADVER), 1141 state->file, state->secname, EC_WORD(symndx), 1142 EC_HALF(test_verndx), state->versym->max_verndx); 1143 } else { 1144 verndx = 0; 1145 gnuver = 0; 1146 } 1147 1148 /* 1149 * Error checking for TLS. 1150 */ 1151 type = ELF_ST_TYPE(sym->st_info); 1152 if (type == STT_TLS) { 1153 if (tshdr && 1154 (sym->st_shndx != SHN_UNDEF) && 1155 ((tshdr->sh_flags & SHF_TLS) == 0)) { 1156 (void) fprintf(stderr, 1157 MSG_INTL(MSG_ERR_BADSYM3), state->file, 1158 state->secname, EC_WORD(symndx), 1159 demangle(symname, state->flags)); 1160 } 1161 } else if ((type != STT_SECTION) && sym->st_size && 1162 tshdr && (tshdr->sh_flags & SHF_TLS)) { 1163 (void) fprintf(stderr, 1164 MSG_INTL(MSG_ERR_BADSYM4), state->file, 1165 state->secname, EC_WORD(symndx), 1166 demangle(symname, state->flags)); 1167 } 1168 1169 /* 1170 * If a symbol with non-zero size has a type that 1171 * specifies an address, then make sure the location 1172 * it references is actually contained within the 1173 * section. UNDEF symbols don't count in this case, 1174 * so we ignore them. 1175 * 1176 * The meaning of the st_value field in a symbol 1177 * depends on the type of object. For a relocatable 1178 * object, it is the offset within the section. 1179 * For sharable objects, it is the offset relative to 1180 * the base of the object, and for other types, it is 1181 * the virtual address. To get an offset within the 1182 * section for non-ET_REL files, we subtract the 1183 * base address of the section. 1184 */ 1185 if (addr_symtype[type] && (sym->st_size > 0) && 1186 (sym->st_shndx != SHN_UNDEF) && ((sym->st_shndx < SHN_LORESERVE) || 1187 (sym->st_shndx == SHN_XINDEX)) && (tshdr != NULL)) { 1188 Word v = sym->st_value; 1189 if (state->ehdr->e_type != ET_REL) 1190 v -= tshdr->sh_addr; 1191 if (((v + sym->st_size) > tshdr->sh_size)) { 1192 (void) fprintf(stderr, 1193 MSG_INTL(MSG_ERR_BADSYM6), state->file, 1194 state->secname, EC_WORD(symndx), 1195 demangle(symname, state->flags), 1196 EC_WORD(shndx), EC_XWORD(tshdr->sh_size), 1197 EC_XWORD(sym->st_value), EC_XWORD(sym->st_size)); 1198 } 1199 } 1200 1201 /* 1202 * A typical symbol table uses the sh_info field to indicate one greater 1203 * than the symbol table index of the last local symbol, STB_LOCAL. 1204 * Therefore, symbol indexes less than sh_info should have local 1205 * binding. Symbol indexes greater than, or equal to sh_info, should 1206 * have global binding. Note, we exclude UNDEF/NOTY symbols with zero 1207 * value and size, as these symbols may be the result of an mcs(1) 1208 * section deletion. 1209 */ 1210 if (info) { 1211 uchar_t bind = ELF_ST_BIND(sym->st_info); 1212 1213 if ((symndx < info) && (bind != STB_LOCAL)) { 1214 (void) fprintf(stderr, 1215 MSG_INTL(MSG_ERR_BADSYM7), state->file, 1216 state->secname, EC_WORD(symndx), 1217 demangle(symname, state->flags), EC_XWORD(info)); 1218 1219 } else if ((symndx >= info) && (bind == STB_LOCAL) && 1220 ((sym->st_shndx != SHN_UNDEF) || 1221 (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE) || 1222 (sym->st_size != 0) || (sym->st_value != 0))) { 1223 (void) fprintf(stderr, 1224 MSG_INTL(MSG_ERR_BADSYM8), state->file, 1225 state->secname, EC_WORD(symndx), 1226 demangle(symname, state->flags), EC_XWORD(info)); 1227 } 1228 } 1229 1230 (void) snprintf(index, MAXNDXSIZE, 1231 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(disp_symndx)); 1232 Elf_syms_table_entry(0, ELF_DBG_ELFDUMP, index, state->osabi, 1233 state->ehdr->e_machine, sym, verndx, gnuver, sec, symname); 1234 } 1235 1236 /* 1237 * Process a SHT_SUNW_cap capabilities section. 1238 */ 1239 static int 1240 cap_section(const char *file, Cache *cache, Word shnum, Cache *ccache, 1241 uchar_t osabi, Ehdr *ehdr, uint_t flags) 1242 { 1243 SYMTBL_STATE state; 1244 Word cnum, capnum, nulls, symcaps; 1245 int descapndx, objcap, title; 1246 Cap *cap = (Cap *)ccache->c_data->d_buf; 1247 Shdr *cishdr, *cshdr = ccache->c_shdr; 1248 Cache *cicache, *strcache; 1249 Capinfo *capinfo = NULL; 1250 Word capinfonum; 1251 const char *strs = NULL; 1252 size_t strs_size; 1253 1254 if ((cshdr->sh_entsize == 0) || (cshdr->sh_size == 0)) { 1255 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1256 file, ccache->c_name); 1257 return (0); 1258 } 1259 1260 /* 1261 * If this capabilities section is associated with symbols, then the 1262 * sh_link field points to the associated capabilities information 1263 * section. The sh_link field of the capabilities information section 1264 * points to the associated symbol table. 1265 */ 1266 if (cshdr->sh_link) { 1267 Cache *scache; 1268 Shdr *sshdr; 1269 1270 /* 1271 * Validate that the sh_link field points to a capabilities 1272 * information section. 1273 */ 1274 if (cshdr->sh_link >= shnum) { 1275 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1276 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1277 return (0); 1278 } 1279 1280 cicache = &cache[cshdr->sh_link]; 1281 cishdr = cicache->c_shdr; 1282 1283 if (cishdr->sh_type != SHT_SUNW_capinfo) { 1284 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1285 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1286 return (0); 1287 } 1288 1289 capinfo = cicache->c_data->d_buf; 1290 capinfonum = (Word)(cishdr->sh_size / cishdr->sh_entsize); 1291 1292 /* 1293 * Validate that the sh_link field of the capabilities 1294 * information section points to a valid symbol table. 1295 */ 1296 if ((cishdr->sh_link == 0) || (cishdr->sh_link >= shnum)) { 1297 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1298 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1299 return (0); 1300 } 1301 scache = &cache[cishdr->sh_link]; 1302 sshdr = scache->c_shdr; 1303 1304 if ((sshdr->sh_type != SHT_SYMTAB) && 1305 (sshdr->sh_type != SHT_DYNSYM)) { 1306 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO1), 1307 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1308 return (0); 1309 } 1310 1311 if (!init_symtbl_state(&state, cache, shnum, 1312 cishdr->sh_link, ehdr, osabi, NULL, file, flags)) 1313 return (0); 1314 } 1315 1316 /* 1317 * If this capabilities section contains capability string entries, 1318 * then determine the associated string table. Capabilities entries 1319 * that define names require that the capability section indicate 1320 * which string table to use via sh_info. 1321 */ 1322 if (cshdr->sh_info) { 1323 Shdr *strshdr; 1324 1325 /* 1326 * Validate that the sh_info field points to a string table. 1327 */ 1328 if (cshdr->sh_info >= shnum) { 1329 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1330 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1331 return (0); 1332 } 1333 1334 strcache = &cache[cshdr->sh_info]; 1335 strshdr = strcache->c_shdr; 1336 1337 if (strshdr->sh_type != SHT_STRTAB) { 1338 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1339 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1340 return (0); 1341 } 1342 strs = (const char *)strcache->c_data->d_buf; 1343 strs_size = strcache->c_data->d_size; 1344 } 1345 1346 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1347 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAP), ccache->c_name); 1348 1349 capnum = (Word)(cshdr->sh_size / cshdr->sh_entsize); 1350 1351 nulls = symcaps = 0; 1352 objcap = title = 1; 1353 descapndx = -1; 1354 1355 /* 1356 * Traverse the capabilities section printing each capability group. 1357 * The first capabilities group defines any object capabilities. Any 1358 * following groups define symbol capabilities. In the case where no 1359 * object capabilities exist, but symbol capabilities do, a single 1360 * CA_SUNW_NULL terminator for the object capabilities exists. 1361 */ 1362 for (cnum = 0; cnum < capnum; cap++, cnum++) { 1363 if (cap->c_tag == CA_SUNW_NULL) { 1364 /* 1365 * A CA_SUNW_NULL tag terminates a capabilities group. 1366 * If the first capabilities tag is CA_SUNW_NULL, then 1367 * no object capabilities exist. 1368 */ 1369 if ((nulls++ == 0) && (cnum == 0)) 1370 objcap = 0; 1371 title = 1; 1372 } else { 1373 if (title) { 1374 if (nulls == 0) { 1375 /* 1376 * If this capabilities group represents 1377 * the object capabilities (i.e., no 1378 * CA_SUNW_NULL tag has been processed 1379 * yet), then display an object 1380 * capabilities title. 1381 */ 1382 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1383 dbg_print(0, 1384 MSG_INTL(MSG_OBJ_CAP_TITLE)); 1385 } else { 1386 /* 1387 * If this is a symbols capabilities 1388 * group (i.e., a CA_SUNW_NULL tag has 1389 * already be found that terminates 1390 * the object capabilities group), then 1391 * display a symbol capabilities title, 1392 * and retain this capabilities index 1393 * for later processing. 1394 */ 1395 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1396 dbg_print(0, 1397 MSG_INTL(MSG_SYM_CAP_TITLE)); 1398 descapndx = cnum; 1399 } 1400 Elf_cap_title(0); 1401 title = 0; 1402 } 1403 1404 /* 1405 * Print the capabilities data. 1406 * 1407 * Note that CA_SUNW_PLAT, CA_SUNW_MACH and CA_SUNW_ID 1408 * entries require a string table, which should have 1409 * already been established. 1410 */ 1411 if ((strs == NULL) && ((cap->c_tag == CA_SUNW_PLAT) || 1412 (cap->c_tag == CA_SUNW_MACH) || 1413 (cap->c_tag == CA_SUNW_ID))) { 1414 (void) fprintf(stderr, 1415 MSG_INTL(MSG_WARN_INVCAP4), file, 1416 EC_WORD(elf_ndxscn(ccache->c_scn)), 1417 ccache->c_name, EC_WORD(cshdr->sh_info)); 1418 } 1419 Elf_cap_entry(0, cap, cnum, strs, strs_size, 1420 ehdr->e_machine); 1421 } 1422 1423 /* 1424 * If this CA_SUNW_NULL tag terminates a symbol capabilities 1425 * group, determine the associated symbols. 1426 */ 1427 if ((cap->c_tag == CA_SUNW_NULL) && (nulls > 1) && 1428 (descapndx != -1)) { 1429 Capinfo *cip; 1430 Word inum; 1431 1432 symcaps++; 1433 1434 /* 1435 * Make sure we've discovered a SHT_SUNW_capinfo table. 1436 */ 1437 if ((cip = capinfo) == NULL) { 1438 (void) fprintf(stderr, 1439 MSG_INTL(MSG_ERR_INVCAP), file, 1440 ccache->c_name, EC_WORD(cshdr->sh_link)); 1441 return (0); 1442 } 1443 1444 /* 1445 * Determine what symbols reference this capabilities 1446 * group. 1447 */ 1448 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1449 dbg_print(0, MSG_INTL(MSG_CAPINFO_ENTRIES)); 1450 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 1451 1452 for (inum = 1, cip++; inum < capinfonum; 1453 inum++, cip++) { 1454 Word gndx = (Word)ELF_C_GROUP(*cip); 1455 1456 if (gndx && (gndx == descapndx)) { 1457 output_symbol(&state, inum, 0, 1458 inum, state.sym + inum); 1459 } 1460 } 1461 descapndx = -1; 1462 continue; 1463 } 1464 1465 /* 1466 * An SF1_SUNW_ADDR32 software capability tag in a 32-bit 1467 * object is suspicious as it has no effect. 1468 */ 1469 if ((cap->c_tag == CA_SUNW_SF_1) && 1470 (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 1471 (cap->c_un.c_val & SF1_SUNW_ADDR32)) { 1472 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INADDR32SF1), 1473 file, ccache->c_name); 1474 } 1475 } 1476 1477 /* 1478 * If this is a dynamic object, with symbol capabilities, then a 1479 * .SUNW_capchain section should exist. This section contains a chain 1480 * of symbol indexes for each capabilities family. This is the list 1481 * that is searched by ld.so.1 to determine the best capabilities 1482 * candidate. 1483 * 1484 * Note, more than one capabilities lead symbol can point to the same 1485 * family chain. For example, a weak/global pair of symbols can both 1486 * represent the same family of capabilities symbols. Therefore, to 1487 * display all possible families we traverse the capabilities 1488 * information section looking for CAPINFO_SUNW_GLOB lead symbols. 1489 * From these we determine the associated capabilities chain to inspect. 1490 */ 1491 if (symcaps && 1492 ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1493 Capinfo *cip; 1494 Capchain *chain; 1495 Cache *chcache; 1496 Shdr *chshdr; 1497 Word chainnum, inum; 1498 1499 /* 1500 * Validate that the sh_info field of the capabilities 1501 * information section points to a capabilities chain section. 1502 */ 1503 if (cishdr->sh_info >= shnum) { 1504 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1505 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1506 return (0); 1507 } 1508 1509 chcache = &cache[cishdr->sh_info]; 1510 chshdr = chcache->c_shdr; 1511 1512 if (chshdr->sh_type != SHT_SUNW_capchain) { 1513 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO2), 1514 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1515 return (0); 1516 } 1517 1518 chainnum = (Word)(chshdr->sh_size / chshdr->sh_entsize); 1519 chain = (Capchain *)chcache->c_data->d_buf; 1520 1521 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1522 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAPCHAIN), chcache->c_name); 1523 1524 /* 1525 * Traverse the capabilities information section looking for 1526 * CAPINFO_SUNW_GLOB lead capabilities symbols. 1527 */ 1528 cip = capinfo; 1529 for (inum = 1, cip++; inum < capinfonum; inum++, cip++) { 1530 const char *name; 1531 Sym *sym; 1532 Word sndx, cndx; 1533 Word gndx = (Word)ELF_C_GROUP(*cip); 1534 1535 if ((gndx == 0) || (gndx != CAPINFO_SUNW_GLOB)) 1536 continue; 1537 1538 /* 1539 * Determine the symbol that is associated with this 1540 * capability information entry, and use this to 1541 * identify this capability family. 1542 */ 1543 sym = (Sym *)(state.sym + inum); 1544 name = string(cicache, inum, strcache, file, 1545 sym->st_name); 1546 1547 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1548 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_TITLE), name); 1549 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_ENTRY)); 1550 1551 cndx = (Word)ELF_C_SYM(*cip); 1552 1553 /* 1554 * Traverse this families chain and identify each 1555 * family member. 1556 */ 1557 for (;;) { 1558 char _chain[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 1559 1560 if (cndx >= chainnum) { 1561 (void) fprintf(stderr, 1562 MSG_INTL(MSG_ERR_INVCAPINFO3), file, 1563 cicache->c_name, EC_WORD(inum), 1564 EC_WORD(cndx)); 1565 break; 1566 } 1567 if ((sndx = chain[cndx]) == 0) 1568 break; 1569 1570 /* 1571 * Determine this entries symbol reference. 1572 */ 1573 if (sndx > state.symn) { 1574 (void) fprintf(stderr, 1575 MSG_INTL(MSG_ERR_CHBADSYMNDX), file, 1576 EC_WORD(sndx), chcache->c_name, 1577 EC_WORD(cndx)); 1578 name = MSG_INTL(MSG_STR_UNKNOWN); 1579 } else { 1580 sym = (Sym *)(state.sym + sndx); 1581 name = string(chcache, sndx, 1582 strcache, file, sym->st_name); 1583 } 1584 1585 /* 1586 * Display the family member. 1587 */ 1588 (void) snprintf(_chain, MAXNDXSIZE, 1589 MSG_ORIG(MSG_FMT_INTEGER), cndx); 1590 (void) snprintf(_symndx, MAXNDXSIZE, 1591 MSG_ORIG(MSG_FMT_INDEX2), EC_WORD(sndx)); 1592 dbg_print(0, MSG_ORIG(MSG_FMT_CHAIN_INFO), 1593 _chain, _symndx, demangle(name, flags)); 1594 1595 cndx++; 1596 } 1597 } 1598 } 1599 return (objcap); 1600 } 1601 1602 /* 1603 * Print the capabilities. 1604 * 1605 * A .SUNW_cap section can contain one or more, CA_SUNW_NULL terminated, 1606 * capabilities groups. The first group defines the object capabilities. 1607 * This group defines the minimum capability requirements of the entire 1608 * object file. If this is a dynamic object, this group should be associated 1609 * with a PT_SUNWCAP program header. 1610 * 1611 * Additional capabilities groups define the association of individual symbols 1612 * to specific capabilities. 1613 */ 1614 static void 1615 cap(const char *file, Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, 1616 uchar_t osabi, Elf *elf, uint_t flags) 1617 { 1618 Word cnt; 1619 Shdr *cshdr = NULL; 1620 Cache *ccache; 1621 Off cphdr_off = 0; 1622 Xword cphdr_sz; 1623 1624 /* 1625 * Determine if a global capabilities header exists. 1626 */ 1627 if (phnum) { 1628 Phdr *phdr; 1629 1630 if ((phdr = elf_getphdr(elf)) == NULL) { 1631 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 1632 return; 1633 } 1634 1635 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 1636 if (phdr->p_type == PT_SUNWCAP) { 1637 cphdr_off = phdr->p_offset; 1638 cphdr_sz = phdr->p_filesz; 1639 break; 1640 } 1641 } 1642 } 1643 1644 /* 1645 * Determine if a capabilities section exists. 1646 */ 1647 for (cnt = 1; cnt < shnum; cnt++) { 1648 Cache *_cache = &cache[cnt]; 1649 Shdr *shdr = _cache->c_shdr; 1650 1651 /* 1652 * Process any capabilities information. 1653 */ 1654 if (shdr->sh_type == SHT_SUNW_cap) { 1655 if (cap_section(file, cache, shnum, _cache, osabi, 1656 ehdr, flags)) { 1657 /* 1658 * If this section defined an object capability 1659 * group, retain the section information for 1660 * program header validation. 1661 */ 1662 ccache = _cache; 1663 cshdr = shdr; 1664 } 1665 continue; 1666 } 1667 } 1668 1669 if ((cshdr == NULL) && (cphdr_off == 0)) 1670 return; 1671 1672 if (cphdr_off && (cshdr == NULL)) 1673 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP1), file); 1674 1675 /* 1676 * If this object is an executable or shared object, and it provided 1677 * an object capabilities group, then the group should have an 1678 * accompanying PT_SUNWCAP program header. 1679 */ 1680 if (cshdr && ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1681 if (cphdr_off == 0) { 1682 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP2), 1683 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1684 ccache->c_name); 1685 } else if ((cphdr_off != cshdr->sh_offset) || 1686 (cphdr_sz != cshdr->sh_size)) { 1687 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP3), 1688 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1689 ccache->c_name); 1690 } 1691 } 1692 } 1693 1694 /* 1695 * Print the interpretor. 1696 */ 1697 static void 1698 interp(const char *file, Cache *cache, Word shnum, Word phnum, Elf *elf) 1699 { 1700 static Word phdr_types[] = { PT_INTERP }; 1701 1702 1703 Word cnt; 1704 Shdr *ishdr = NULL; 1705 Cache *icache; 1706 Off iphdr_off = 0; 1707 Xword iphdr_fsz; 1708 1709 /* 1710 * Determine if an interp header exists. 1711 */ 1712 if (phnum) { 1713 Phdr *phdr; 1714 1715 phdr = getphdr(phnum, phdr_types, 1716 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 1717 if (phdr != NULL) { 1718 iphdr_off = phdr->p_offset; 1719 iphdr_fsz = phdr->p_filesz; 1720 } 1721 } 1722 1723 if (iphdr_off == 0) 1724 return; 1725 1726 /* 1727 * Determine if an interp section exists. 1728 */ 1729 for (cnt = 1; cnt < shnum; cnt++) { 1730 Cache *_cache = &cache[cnt]; 1731 Shdr *shdr = _cache->c_shdr; 1732 1733 /* 1734 * Scan sections to find a section which contains the PT_INTERP 1735 * string. The target section can't be in a NOBITS section. 1736 */ 1737 if ((shdr->sh_type == SHT_NOBITS) || 1738 (iphdr_off < shdr->sh_offset) || 1739 (iphdr_off + iphdr_fsz) > (shdr->sh_offset + shdr->sh_size)) 1740 continue; 1741 1742 icache = _cache; 1743 ishdr = shdr; 1744 break; 1745 } 1746 1747 /* 1748 * Print the interpreter string based on the offset defined in the 1749 * program header, as this is the offset used by the kernel. 1750 */ 1751 if (ishdr && icache->c_data) { 1752 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1753 dbg_print(0, MSG_INTL(MSG_ELF_SCN_INTERP), icache->c_name); 1754 dbg_print(0, MSG_ORIG(MSG_FMT_INDENT), 1755 (char *)icache->c_data->d_buf + 1756 (iphdr_off - ishdr->sh_offset)); 1757 } else 1758 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP1), file); 1759 1760 /* 1761 * If there are any inconsistences between the program header and 1762 * section information, flag them. 1763 */ 1764 if (ishdr && ((iphdr_off != ishdr->sh_offset) || 1765 (iphdr_fsz != ishdr->sh_size))) { 1766 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP2), file, 1767 icache->c_name); 1768 } 1769 } 1770 1771 /* 1772 * Print the syminfo section. 1773 */ 1774 static void 1775 syminfo(Cache *cache, Word shnum, const char *file) 1776 { 1777 Shdr *infoshdr; 1778 Syminfo *info; 1779 Sym *syms; 1780 Dyn *dyns; 1781 Word infonum, cnt, ndx, symnum; 1782 Cache *infocache = NULL, *symsec, *strsec; 1783 1784 for (cnt = 1; cnt < shnum; cnt++) { 1785 if (cache[cnt].c_shdr->sh_type == SHT_SUNW_syminfo) { 1786 infocache = &cache[cnt]; 1787 break; 1788 } 1789 } 1790 if (infocache == NULL) 1791 return; 1792 1793 infoshdr = infocache->c_shdr; 1794 if ((infoshdr->sh_entsize == 0) || (infoshdr->sh_size == 0)) { 1795 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1796 file, infocache->c_name); 1797 return; 1798 } 1799 if (infocache->c_data == NULL) 1800 return; 1801 1802 infonum = (Word)(infoshdr->sh_size / infoshdr->sh_entsize); 1803 info = (Syminfo *)infocache->c_data->d_buf; 1804 1805 /* 1806 * Get the data buffer of the associated dynamic section. 1807 */ 1808 if ((infoshdr->sh_info == 0) || (infoshdr->sh_info >= shnum)) { 1809 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 1810 file, infocache->c_name, EC_WORD(infoshdr->sh_info)); 1811 return; 1812 } 1813 if (cache[infoshdr->sh_info].c_data == NULL) 1814 return; 1815 1816 dyns = cache[infoshdr->sh_info].c_data->d_buf; 1817 if (dyns == NULL) { 1818 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1819 file, cache[infoshdr->sh_info].c_name); 1820 return; 1821 } 1822 1823 /* 1824 * Get the data buffer for the associated symbol table and string table. 1825 */ 1826 if (stringtbl(cache, 1, cnt, shnum, file, 1827 &symnum, &symsec, &strsec) == 0) 1828 return; 1829 1830 syms = symsec->c_data->d_buf; 1831 1832 /* 1833 * Loop through the syminfo entries. 1834 */ 1835 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1836 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMINFO), infocache->c_name); 1837 Elf_syminfo_title(0); 1838 1839 for (ndx = 1, info++; ndx < infonum; ndx++, info++) { 1840 Sym *sym; 1841 const char *needed = NULL, *name; 1842 1843 if ((info->si_flags == 0) && (info->si_boundto == 0)) 1844 continue; 1845 1846 sym = &syms[ndx]; 1847 name = string(infocache, ndx, strsec, file, sym->st_name); 1848 1849 if (info->si_boundto < SYMINFO_BT_LOWRESERVE) { 1850 Dyn *dyn = &dyns[info->si_boundto]; 1851 1852 needed = string(infocache, info->si_boundto, 1853 strsec, file, dyn->d_un.d_val); 1854 } 1855 Elf_syminfo_entry(0, ndx, info, name, needed); 1856 } 1857 } 1858 1859 /* 1860 * Print version definition section entries. 1861 */ 1862 static void 1863 version_def(Verdef *vdf, Word vdf_num, Cache *vcache, Cache *scache, 1864 const char *file) 1865 { 1866 Word cnt; 1867 char index[MAXNDXSIZE]; 1868 1869 Elf_ver_def_title(0); 1870 1871 for (cnt = 1; cnt <= vdf_num; cnt++, 1872 vdf = (Verdef *)((uintptr_t)vdf + vdf->vd_next)) { 1873 Conv_ver_flags_buf_t ver_flags_buf; 1874 const char *name, *dep; 1875 Half vcnt = vdf->vd_cnt - 1; 1876 Half ndx = vdf->vd_ndx; 1877 Verdaux *vdap = (Verdaux *)((uintptr_t)vdf + vdf->vd_aux); 1878 1879 /* 1880 * Obtain the name and first dependency (if any). 1881 */ 1882 name = string(vcache, cnt, scache, file, vdap->vda_name); 1883 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 1884 if (vcnt) 1885 dep = string(vcache, cnt, scache, file, vdap->vda_name); 1886 else 1887 dep = MSG_ORIG(MSG_STR_EMPTY); 1888 1889 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 1890 EC_XWORD(ndx)); 1891 Elf_ver_line_1(0, index, name, dep, 1892 conv_ver_flags(vdf->vd_flags, 0, &ver_flags_buf)); 1893 1894 /* 1895 * Print any additional dependencies. 1896 */ 1897 if (vcnt) { 1898 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 1899 for (vcnt--; vcnt; vcnt--, 1900 vdap = (Verdaux *)((uintptr_t)vdap + 1901 vdap->vda_next)) { 1902 dep = string(vcache, cnt, scache, file, 1903 vdap->vda_name); 1904 Elf_ver_line_2(0, MSG_ORIG(MSG_STR_EMPTY), dep); 1905 } 1906 } 1907 } 1908 } 1909 1910 /* 1911 * Print version needed section entries. 1912 * 1913 * entry: 1914 * vnd - Address of verneed data 1915 * vnd_num - # of Verneed entries 1916 * vcache - Cache of verneed section being processed 1917 * scache - Cache of associated string table section 1918 * file - Name of object being processed. 1919 * versym - Information about versym section 1920 * 1921 * exit: 1922 * The versions have been printed. If GNU style versioning 1923 * is in effect, versym->max_verndx has been updated to 1924 * contain the largest version index seen. 1925 * 1926 * note: 1927 * The versym section of an object that follows the original 1928 * Solaris versioning rules only contains indexes into the verdef 1929 * section. Symbols defined in other objects (UNDEF) are given 1930 * a version of 0, indicating that they are not defined by 1931 * this file, and the Verneed entries do not have associated version 1932 * indexes. For these reasons, we do not display a version index 1933 * for original-style Verneed sections. 1934 * 1935 * The GNU versioning extensions alter this: Symbols defined in other 1936 * objects receive a version index in the range above those defined 1937 * by the Verdef section, and the vna_other field of the Vernaux 1938 * structs inside the Verneed section contain the version index for 1939 * that item. We therefore display the index when showing the 1940 * contents of a GNU style Verneed section. You should not 1941 * necessarily expect these indexes to appear in sorted 1942 * order --- it seems that the GNU ld assigns the versions as 1943 * symbols are encountered during linking, and then the results 1944 * are assembled into the Verneed section afterwards. 1945 */ 1946 static void 1947 version_need(Verneed *vnd, Word vnd_num, Cache *vcache, Cache *scache, 1948 const char *file, VERSYM_STATE *versym) 1949 { 1950 Word cnt; 1951 char index[MAXNDXSIZE]; 1952 const char *index_str; 1953 1954 Elf_ver_need_title(0, versym->gnu_needed); 1955 1956 for (cnt = 1; cnt <= vnd_num; cnt++, 1957 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 1958 Conv_ver_flags_buf_t ver_flags_buf; 1959 const char *name, *dep; 1960 Half vcnt = vnd->vn_cnt; 1961 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 1962 1963 /* 1964 * Obtain the name of the needed file and the version name 1965 * within it that we're dependent on. Note that the count 1966 * should be at least one, otherwise this is a pretty bogus 1967 * entry. 1968 */ 1969 name = string(vcache, cnt, scache, file, vnd->vn_file); 1970 if (vcnt) 1971 dep = string(vcache, cnt, scache, file, vnap->vna_name); 1972 else 1973 dep = MSG_INTL(MSG_STR_NULL); 1974 1975 if (vnap->vna_other == 0) { /* Traditional form */ 1976 index_str = MSG_ORIG(MSG_STR_EMPTY); 1977 } else { /* GNU form */ 1978 index_str = index; 1979 /* Format the version index value */ 1980 (void) snprintf(index, MAXNDXSIZE, 1981 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(vnap->vna_other)); 1982 if (vnap->vna_other > versym->max_verndx) 1983 versym->max_verndx = vnap->vna_other; 1984 } 1985 Elf_ver_line_1(0, index_str, name, dep, 1986 conv_ver_flags(vnap->vna_flags, 0, &ver_flags_buf)); 1987 1988 /* 1989 * Print any additional version dependencies. 1990 */ 1991 if (vcnt) { 1992 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 1993 for (vcnt--; vcnt; vcnt--, 1994 vnap = (Vernaux *)((uintptr_t)vnap + 1995 vnap->vna_next)) { 1996 dep = string(vcache, cnt, scache, file, 1997 vnap->vna_name); 1998 if (vnap->vna_other > 0) { 1999 /* Format the next index value */ 2000 (void) snprintf(index, MAXNDXSIZE, 2001 MSG_ORIG(MSG_FMT_INDEX), 2002 EC_XWORD(vnap->vna_other)); 2003 Elf_ver_line_1(0, index, 2004 MSG_ORIG(MSG_STR_EMPTY), dep, 2005 conv_ver_flags(vnap->vna_flags, 2006 0, &ver_flags_buf)); 2007 if (vnap->vna_other > 2008 versym->max_verndx) 2009 versym->max_verndx = 2010 vnap->vna_other; 2011 } else { 2012 Elf_ver_line_3(0, 2013 MSG_ORIG(MSG_STR_EMPTY), dep, 2014 conv_ver_flags(vnap->vna_flags, 2015 0, &ver_flags_buf)); 2016 } 2017 } 2018 } 2019 } 2020 } 2021 2022 /* 2023 * Examine the Verneed section for information related to GNU 2024 * style Versym indexing: 2025 * - A non-zero vna_other field indicates that Versym indexes can 2026 * reference Verneed records. 2027 * - If the object uses GNU style Versym indexing, the 2028 * maximum index value is needed to detect bad Versym entries. 2029 * 2030 * entry: 2031 * vnd - Address of verneed data 2032 * vnd_num - # of Verneed entries 2033 * versym - Information about versym section 2034 * 2035 * exit: 2036 * If a non-zero vna_other field is seen, versym->gnu_needed is set. 2037 * 2038 * versym->max_verndx has been updated to contain the largest 2039 * version index seen. 2040 */ 2041 static void 2042 update_gnu_verndx(Verneed *vnd, Word vnd_num, VERSYM_STATE *versym) 2043 { 2044 Word cnt; 2045 2046 for (cnt = 1; cnt <= vnd_num; cnt++, 2047 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2048 Half vcnt = vnd->vn_cnt; 2049 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2050 2051 /* 2052 * A non-zero value of vna_other indicates that this 2053 * object references VERNEED items from the VERSYM 2054 * array. 2055 */ 2056 if (vnap->vna_other != 0) { 2057 versym->gnu_needed = 1; 2058 if (vnap->vna_other > versym->max_verndx) 2059 versym->max_verndx = vnap->vna_other; 2060 } 2061 2062 /* 2063 * Check any additional version dependencies. 2064 */ 2065 if (vcnt) { 2066 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2067 for (vcnt--; vcnt; vcnt--, 2068 vnap = (Vernaux *)((uintptr_t)vnap + 2069 vnap->vna_next)) { 2070 if (vnap->vna_other == 0) 2071 continue; 2072 2073 versym->gnu_needed = 1; 2074 if (vnap->vna_other > versym->max_verndx) 2075 versym->max_verndx = vnap->vna_other; 2076 } 2077 } 2078 } 2079 } 2080 2081 /* 2082 * Display version section information if the flags require it. 2083 * Return version information needed by other output. 2084 * 2085 * entry: 2086 * cache - Cache of all section headers 2087 * shnum - # of sections in cache 2088 * file - Name of file 2089 * flags - Command line option flags 2090 * versym - VERSYM_STATE block to be filled in. 2091 */ 2092 static void 2093 versions(Cache *cache, Word shnum, const char *file, uint_t flags, 2094 VERSYM_STATE *versym) 2095 { 2096 GElf_Word cnt; 2097 Cache *verdef_cache = NULL, *verneed_cache = NULL; 2098 2099 2100 /* Gather information about the version sections */ 2101 bzero(versym, sizeof (*versym)); 2102 versym->max_verndx = 1; 2103 for (cnt = 1; cnt < shnum; cnt++) { 2104 Cache *_cache = &cache[cnt]; 2105 Shdr *shdr = _cache->c_shdr; 2106 Dyn *dyn; 2107 ulong_t numdyn; 2108 2109 switch (shdr->sh_type) { 2110 case SHT_DYNAMIC: 2111 /* 2112 * The GNU ld puts a DT_VERSYM entry in the dynamic 2113 * section so that the runtime linker can use it to 2114 * implement their versioning rules. They allow multiple 2115 * incompatible functions with the same name to exist 2116 * in different versions. The Solaris ld does not 2117 * support this mechanism, and as such, does not 2118 * produce DT_VERSYM. We use this fact to determine 2119 * which ld produced this object, and how to interpret 2120 * the version values. 2121 */ 2122 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0) || 2123 (_cache->c_data == NULL)) 2124 continue; 2125 numdyn = shdr->sh_size / shdr->sh_entsize; 2126 dyn = (Dyn *)_cache->c_data->d_buf; 2127 for (; numdyn-- > 0; dyn++) 2128 if (dyn->d_tag == DT_VERSYM) { 2129 versym->gnu_full = 2130 versym->gnu_needed = 1; 2131 break; 2132 } 2133 break; 2134 2135 case SHT_SUNW_versym: 2136 /* Record data address for later symbol processing */ 2137 if (_cache->c_data != NULL) { 2138 versym->cache = _cache; 2139 versym->data = _cache->c_data->d_buf; 2140 continue; 2141 } 2142 break; 2143 2144 case SHT_SUNW_verdef: 2145 case SHT_SUNW_verneed: 2146 /* 2147 * Ensure the data is non-NULL and the number 2148 * of items is non-zero. Otherwise, we don't 2149 * understand the section, and will not use it. 2150 */ 2151 if ((_cache->c_data == NULL) || 2152 (_cache->c_data->d_buf == NULL)) { 2153 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2154 file, _cache->c_name); 2155 continue; 2156 } 2157 if (shdr->sh_info == 0) { 2158 (void) fprintf(stderr, 2159 MSG_INTL(MSG_ERR_BADSHINFO), 2160 file, _cache->c_name, 2161 EC_WORD(shdr->sh_info)); 2162 continue; 2163 } 2164 2165 /* Make sure the string table index is in range */ 2166 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 2167 (void) fprintf(stderr, 2168 MSG_INTL(MSG_ERR_BADSHLINK), file, 2169 _cache->c_name, EC_WORD(shdr->sh_link)); 2170 continue; 2171 } 2172 2173 /* 2174 * The section is usable. Save the cache entry. 2175 */ 2176 if (shdr->sh_type == SHT_SUNW_verdef) { 2177 verdef_cache = _cache; 2178 /* 2179 * Under Solaris rules, if there is a verdef 2180 * section, the max versym index is number 2181 * of version definitions it supplies. 2182 */ 2183 versym->max_verndx = shdr->sh_info; 2184 } else { 2185 verneed_cache = _cache; 2186 } 2187 break; 2188 } 2189 } 2190 2191 /* 2192 * If there is a Verneed section, examine it for information 2193 * related to GNU style versioning. 2194 */ 2195 if (verneed_cache != NULL) 2196 update_gnu_verndx((Verneed *)verneed_cache->c_data->d_buf, 2197 verneed_cache->c_shdr->sh_info, versym); 2198 2199 /* 2200 * Now that all the information is available, display the 2201 * Verdef and Verneed section contents, if requested. 2202 */ 2203 if ((flags & FLG_SHOW_VERSIONS) == 0) 2204 return; 2205 if (verdef_cache != NULL) { 2206 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2207 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERDEF), 2208 verdef_cache->c_name); 2209 version_def((Verdef *)verdef_cache->c_data->d_buf, 2210 verdef_cache->c_shdr->sh_info, verdef_cache, 2211 &cache[verdef_cache->c_shdr->sh_link], file); 2212 } 2213 if (verneed_cache != NULL) { 2214 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2215 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERNEED), 2216 verneed_cache->c_name); 2217 /* 2218 * If GNU versioning applies to this object, version_need() 2219 * will update versym->max_verndx, and it is not 2220 * necessary to call update_gnu_verndx(). 2221 */ 2222 version_need((Verneed *)verneed_cache->c_data->d_buf, 2223 verneed_cache->c_shdr->sh_info, verneed_cache, 2224 &cache[verneed_cache->c_shdr->sh_link], file, versym); 2225 } 2226 } 2227 2228 /* 2229 * Search for and process any symbol tables. 2230 */ 2231 void 2232 symbols(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2233 VERSYM_STATE *versym, const char *file, uint_t flags) 2234 { 2235 SYMTBL_STATE state; 2236 Cache *_cache; 2237 Word secndx; 2238 2239 for (secndx = 1; secndx < shnum; secndx++) { 2240 Word symcnt; 2241 Shdr *shdr; 2242 2243 _cache = &cache[secndx]; 2244 shdr = _cache->c_shdr; 2245 2246 if ((shdr->sh_type != SHT_SYMTAB) && 2247 (shdr->sh_type != SHT_DYNSYM) && 2248 ((shdr->sh_type != SHT_SUNW_LDYNSYM) || 2249 (osabi != ELFOSABI_SOLARIS))) 2250 continue; 2251 if (!match(MATCH_F_ALL, _cache->c_name, secndx, shdr->sh_type)) 2252 continue; 2253 2254 if (!init_symtbl_state(&state, cache, shnum, secndx, ehdr, 2255 osabi, versym, file, flags)) 2256 continue; 2257 /* 2258 * Loop through the symbol tables entries. 2259 */ 2260 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2261 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMTAB), state.secname); 2262 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2263 2264 for (symcnt = 0; symcnt < state.symn; symcnt++) 2265 output_symbol(&state, symcnt, shdr->sh_info, symcnt, 2266 state.sym + symcnt); 2267 } 2268 } 2269 2270 /* 2271 * Search for and process any SHT_SUNW_symsort or SHT_SUNW_tlssort sections. 2272 * These sections are always associated with the .SUNW_ldynsym./.dynsym pair. 2273 */ 2274 static void 2275 sunw_sort(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2276 VERSYM_STATE *versym, const char *file, uint_t flags) 2277 { 2278 SYMTBL_STATE ldynsym_state, dynsym_state; 2279 Cache *sortcache, *symcache; 2280 Shdr *sortshdr, *symshdr; 2281 Word sortsecndx, symsecndx; 2282 Word ldynsym_cnt; 2283 Word *ndx; 2284 Word ndxn; 2285 int output_cnt = 0; 2286 Conv_inv_buf_t inv_buf; 2287 2288 for (sortsecndx = 1; sortsecndx < shnum; sortsecndx++) { 2289 2290 sortcache = &cache[sortsecndx]; 2291 sortshdr = sortcache->c_shdr; 2292 2293 if ((sortshdr->sh_type != SHT_SUNW_symsort) && 2294 (sortshdr->sh_type != SHT_SUNW_tlssort)) 2295 continue; 2296 if (!match(MATCH_F_ALL, sortcache->c_name, sortsecndx, 2297 sortshdr->sh_type)) 2298 continue; 2299 2300 /* 2301 * If the section references a SUNW_ldynsym, then we 2302 * expect to see the associated .dynsym immediately 2303 * following. If it references a .dynsym, there is no 2304 * SUNW_ldynsym. If it is any other type, then we don't 2305 * know what to do with it. 2306 */ 2307 if ((sortshdr->sh_link == 0) || (sortshdr->sh_link >= shnum)) { 2308 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 2309 file, sortcache->c_name, 2310 EC_WORD(sortshdr->sh_link)); 2311 continue; 2312 } 2313 symcache = &cache[sortshdr->sh_link]; 2314 symshdr = symcache->c_shdr; 2315 symsecndx = sortshdr->sh_link; 2316 ldynsym_cnt = 0; 2317 switch (symshdr->sh_type) { 2318 case SHT_SUNW_LDYNSYM: 2319 if (!init_symtbl_state(&ldynsym_state, cache, shnum, 2320 symsecndx, ehdr, osabi, versym, file, flags)) 2321 continue; 2322 ldynsym_cnt = ldynsym_state.symn; 2323 /* 2324 * We know that the dynsym follows immediately 2325 * after the SUNW_ldynsym, and so, should be at 2326 * (sortshdr->sh_link + 1). However, elfdump is a 2327 * diagnostic tool, so we do the full paranoid 2328 * search instead. 2329 */ 2330 for (symsecndx = 1; symsecndx < shnum; symsecndx++) { 2331 symcache = &cache[symsecndx]; 2332 symshdr = symcache->c_shdr; 2333 if (symshdr->sh_type == SHT_DYNSYM) 2334 break; 2335 } 2336 if (symsecndx >= shnum) { /* Dynsym not found! */ 2337 (void) fprintf(stderr, 2338 MSG_INTL(MSG_ERR_NODYNSYM), 2339 file, sortcache->c_name); 2340 continue; 2341 } 2342 /* Fallthrough to process associated dynsym */ 2343 /* FALLTHROUGH */ 2344 case SHT_DYNSYM: 2345 if (!init_symtbl_state(&dynsym_state, cache, shnum, 2346 symsecndx, ehdr, osabi, versym, file, flags)) 2347 continue; 2348 break; 2349 default: 2350 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADNDXSEC), 2351 file, sortcache->c_name, 2352 conv_sec_type(osabi, ehdr->e_machine, 2353 symshdr->sh_type, 0, &inv_buf)); 2354 continue; 2355 } 2356 2357 /* 2358 * Output header 2359 */ 2360 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2361 if (ldynsym_cnt > 0) { 2362 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT2), 2363 sortcache->c_name, ldynsym_state.secname, 2364 dynsym_state.secname); 2365 /* 2366 * The data for .SUNW_ldynsym and dynsym sections 2367 * is supposed to be adjacent with SUNW_ldynsym coming 2368 * first. Check, and issue a warning if it isn't so. 2369 */ 2370 if (((ldynsym_state.sym + ldynsym_state.symn) 2371 != dynsym_state.sym) && 2372 ((flags & FLG_CTL_FAKESHDR) == 0)) 2373 (void) fprintf(stderr, 2374 MSG_INTL(MSG_ERR_LDYNNOTADJ), file, 2375 ldynsym_state.secname, 2376 dynsym_state.secname); 2377 } else { 2378 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT1), 2379 sortcache->c_name, dynsym_state.secname); 2380 } 2381 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2382 2383 /* If not first one, insert a line of white space */ 2384 if (output_cnt++ > 0) 2385 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2386 2387 /* 2388 * SUNW_dynsymsort and SUNW_dyntlssort are arrays of 2389 * symbol indices. Iterate over the array entries, 2390 * dispaying the referenced symbols. 2391 */ 2392 ndxn = sortshdr->sh_size / sortshdr->sh_entsize; 2393 ndx = (Word *)sortcache->c_data->d_buf; 2394 for (; ndxn-- > 0; ndx++) { 2395 if (*ndx >= ldynsym_cnt) { 2396 Word sec_ndx = *ndx - ldynsym_cnt; 2397 2398 output_symbol(&dynsym_state, sec_ndx, 0, 2399 *ndx, dynsym_state.sym + sec_ndx); 2400 } else { 2401 output_symbol(&ldynsym_state, *ndx, 0, 2402 *ndx, ldynsym_state.sym + *ndx); 2403 } 2404 } 2405 } 2406 } 2407 2408 /* 2409 * Search for and process any relocation sections. 2410 */ 2411 static void 2412 reloc(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 2413 { 2414 Word cnt; 2415 2416 for (cnt = 1; cnt < shnum; cnt++) { 2417 Word type, symnum; 2418 Xword relndx, relnum, relsize; 2419 void *rels; 2420 Sym *syms; 2421 Cache *symsec, *strsec; 2422 Cache *_cache = &cache[cnt]; 2423 Shdr *shdr = _cache->c_shdr; 2424 char *relname = _cache->c_name; 2425 Conv_inv_buf_t inv_buf; 2426 2427 if (((type = shdr->sh_type) != SHT_RELA) && 2428 (type != SHT_REL)) 2429 continue; 2430 if (!match(MATCH_F_ALL, relname, cnt, type)) 2431 continue; 2432 2433 /* 2434 * Decide entry size. 2435 */ 2436 if (((relsize = shdr->sh_entsize) == 0) || 2437 (relsize > shdr->sh_size)) { 2438 if (type == SHT_RELA) 2439 relsize = sizeof (Rela); 2440 else 2441 relsize = sizeof (Rel); 2442 } 2443 2444 /* 2445 * Determine the number of relocations available. 2446 */ 2447 if (shdr->sh_size == 0) { 2448 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2449 file, relname); 2450 continue; 2451 } 2452 if (_cache->c_data == NULL) 2453 continue; 2454 2455 rels = _cache->c_data->d_buf; 2456 relnum = shdr->sh_size / relsize; 2457 2458 /* 2459 * Get the data buffer for the associated symbol table and 2460 * string table. 2461 */ 2462 if (stringtbl(cache, 1, cnt, shnum, file, 2463 &symnum, &symsec, &strsec) == 0) 2464 continue; 2465 2466 syms = symsec->c_data->d_buf; 2467 2468 /* 2469 * Loop through the relocation entries. 2470 */ 2471 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2472 dbg_print(0, MSG_INTL(MSG_ELF_SCN_RELOC), _cache->c_name); 2473 Elf_reloc_title(0, ELF_DBG_ELFDUMP, type); 2474 2475 for (relndx = 0; relndx < relnum; relndx++, 2476 rels = (void *)((char *)rels + relsize)) { 2477 Half mach = ehdr->e_machine; 2478 char section[BUFSIZ]; 2479 const char *symname; 2480 Word symndx, reltype; 2481 Rela *rela; 2482 Rel *rel; 2483 2484 /* 2485 * Unravel the relocation and determine the symbol with 2486 * which this relocation is associated. 2487 */ 2488 if (type == SHT_RELA) { 2489 rela = (Rela *)rels; 2490 symndx = ELF_R_SYM(rela->r_info); 2491 reltype = ELF_R_TYPE(rela->r_info, mach); 2492 } else { 2493 rel = (Rel *)rels; 2494 symndx = ELF_R_SYM(rel->r_info); 2495 reltype = ELF_R_TYPE(rel->r_info, mach); 2496 } 2497 2498 symname = relsymname(cache, _cache, strsec, symndx, 2499 symnum, relndx, syms, section, BUFSIZ, file); 2500 2501 /* 2502 * A zero symbol index is only valid for a few 2503 * relocations. 2504 */ 2505 if (symndx == 0) { 2506 int badrel = 0; 2507 2508 if ((mach == EM_SPARC) || 2509 (mach == EM_SPARC32PLUS) || 2510 (mach == EM_SPARCV9)) { 2511 if ((reltype != R_SPARC_NONE) && 2512 (reltype != R_SPARC_REGISTER) && 2513 (reltype != R_SPARC_RELATIVE)) 2514 badrel++; 2515 } else if (mach == EM_386) { 2516 if ((reltype != R_386_NONE) && 2517 (reltype != R_386_RELATIVE)) 2518 badrel++; 2519 } else if (mach == EM_AMD64) { 2520 if ((reltype != R_AMD64_NONE) && 2521 (reltype != R_AMD64_RELATIVE)) 2522 badrel++; 2523 } 2524 2525 if (badrel) { 2526 (void) fprintf(stderr, 2527 MSG_INTL(MSG_ERR_BADREL1), file, 2528 conv_reloc_type(mach, reltype, 2529 0, &inv_buf)); 2530 } 2531 } 2532 2533 Elf_reloc_entry_1(0, ELF_DBG_ELFDUMP, 2534 MSG_ORIG(MSG_STR_EMPTY), ehdr->e_machine, type, 2535 rels, relname, symname, 0); 2536 } 2537 } 2538 } 2539 2540 2541 /* 2542 * This value controls which test dyn_test() performs. 2543 */ 2544 typedef enum { DYN_TEST_ADDR, DYN_TEST_SIZE, DYN_TEST_ENTSIZE } dyn_test_t; 2545 2546 /* 2547 * Used by dynamic() to compare the value of a dynamic element against 2548 * the starting address of the section it references. 2549 * 2550 * entry: 2551 * test_type - Specify which dyn item is being tested. 2552 * sh_type - SHT_* type value for required section. 2553 * sec_cache - Cache entry for section, or NULL if the object lacks 2554 * a section of this type. 2555 * dyn - Dyn entry to be tested 2556 * dynsec_cnt - # of dynamic section being examined. The first 2557 * dynamic section is 1, the next is 2, and so on... 2558 * ehdr - ELF header for file 2559 * file - Name of file 2560 */ 2561 static void 2562 dyn_test(dyn_test_t test_type, Word sh_type, Cache *sec_cache, Dyn *dyn, 2563 Word dynsec_cnt, Ehdr *ehdr, uchar_t osabi, const char *file) 2564 { 2565 Conv_inv_buf_t buf1, buf2; 2566 2567 /* 2568 * These tests are based around the implicit assumption that 2569 * there is only one dynamic section in an object, and also only 2570 * one of the sections it references. We have therefore gathered 2571 * all of the necessary information to test this in a single pass 2572 * over the section headers, which is very efficient. We are not 2573 * aware of any case where more than one dynamic section would 2574 * be meaningful in an ELF object, so this is a reasonable solution. 2575 * 2576 * To test multiple dynamic sections correctly would be more 2577 * expensive in code and time. We would have to build a data structure 2578 * containing all the dynamic elements. Then, we would use the address 2579 * to locate the section it references and ensure the section is of 2580 * the right type and that the address in the dynamic element is 2581 * to the start of the section. Then, we could check the size and 2582 * entsize values against those same sections. This is O(n^2), and 2583 * also complicated. 2584 * 2585 * In the highly unlikely case that there is more than one dynamic 2586 * section, we only test the first one, and simply allow the values 2587 * of the subsequent one to be displayed unchallenged. 2588 */ 2589 if (dynsec_cnt != 1) 2590 return; 2591 2592 /* 2593 * A DT_ item that references a section address should always find 2594 * the section in the file. 2595 */ 2596 if (sec_cache == NULL) { 2597 const char *name; 2598 2599 /* 2600 * Supply section names instead of section types for 2601 * things that reference progbits so that the error 2602 * message will make more sense. 2603 */ 2604 switch (dyn->d_tag) { 2605 case DT_INIT: 2606 name = MSG_ORIG(MSG_ELF_INIT); 2607 break; 2608 case DT_FINI: 2609 name = MSG_ORIG(MSG_ELF_FINI); 2610 break; 2611 default: 2612 name = conv_sec_type(osabi, ehdr->e_machine, 2613 sh_type, 0, &buf1); 2614 break; 2615 } 2616 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNNOBCKSEC), file, 2617 name, conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2618 0, &buf2)); 2619 return; 2620 } 2621 2622 2623 switch (test_type) { 2624 case DYN_TEST_ADDR: 2625 /* The section address should match the DT_ item value */ 2626 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_addr) 2627 (void) fprintf(stderr, 2628 MSG_INTL(MSG_ERR_DYNBADADDR), file, 2629 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2630 0, &buf1), EC_ADDR(dyn->d_un.d_val), 2631 sec_cache->c_ndx, sec_cache->c_name, 2632 EC_ADDR(sec_cache->c_shdr->sh_addr)); 2633 break; 2634 2635 case DYN_TEST_SIZE: 2636 /* The section size should match the DT_ item value */ 2637 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_size) 2638 (void) fprintf(stderr, 2639 MSG_INTL(MSG_ERR_DYNBADSIZE), file, 2640 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2641 0, &buf1), EC_XWORD(dyn->d_un.d_val), 2642 sec_cache->c_ndx, sec_cache->c_name, 2643 EC_XWORD(sec_cache->c_shdr->sh_size)); 2644 break; 2645 2646 case DYN_TEST_ENTSIZE: 2647 /* The sh_entsize value should match the DT_ item value */ 2648 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_entsize) 2649 (void) fprintf(stderr, 2650 MSG_INTL(MSG_ERR_DYNBADENTSIZE), file, 2651 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2652 0, &buf1), EC_XWORD(dyn->d_un.d_val), 2653 sec_cache->c_ndx, sec_cache->c_name, 2654 EC_XWORD(sec_cache->c_shdr->sh_entsize)); 2655 break; 2656 } 2657 } 2658 2659 /* 2660 * There are some DT_ entries that have corresponding symbols 2661 * (e.g. DT_INIT and _init). It is expected that these items will 2662 * both have the same value if both are present. This routine 2663 * examines the well known symbol tables for such symbols and 2664 * issues warnings for any that don't match. 2665 * 2666 * entry: 2667 * dyn - Dyn entry to be tested 2668 * symname - Name of symbol that corresponds to dyn 2669 * symtab_cache, dynsym_cache, ldynsym_cache - Symbol tables to check 2670 * target_cache - Section the symname section is expected to be 2671 * associated with. 2672 * cache - Cache of all section headers 2673 * shnum - # of sections in cache 2674 * ehdr - ELF header for file 2675 * osabi - OSABI to apply when interpreting object 2676 * file - Name of file 2677 */ 2678 static void 2679 dyn_symtest(Dyn *dyn, const char *symname, Cache *symtab_cache, 2680 Cache *dynsym_cache, Cache *ldynsym_cache, Cache *target_cache, 2681 Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2682 { 2683 Conv_inv_buf_t buf; 2684 int i; 2685 Sym *sym; 2686 Cache *_cache; 2687 2688 for (i = 0; i < 3; i++) { 2689 switch (i) { 2690 case 0: 2691 _cache = symtab_cache; 2692 break; 2693 case 1: 2694 _cache = dynsym_cache; 2695 break; 2696 case 2: 2697 _cache = ldynsym_cache; 2698 break; 2699 } 2700 2701 if ((_cache != NULL) && 2702 symlookup(symname, cache, shnum, &sym, target_cache, 2703 _cache, file) && (sym->st_value != dyn->d_un.d_val)) 2704 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNSYMVAL), 2705 file, _cache->c_name, conv_dyn_tag(dyn->d_tag, 2706 osabi, ehdr->e_machine, 0, &buf), 2707 symname, EC_ADDR(sym->st_value)); 2708 } 2709 } 2710 2711 /* 2712 * Search for and process a .dynamic section. 2713 */ 2714 static void 2715 dynamic(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2716 { 2717 struct { 2718 Cache *symtab; 2719 Cache *dynstr; 2720 Cache *dynsym; 2721 Cache *hash; 2722 Cache *fini; 2723 Cache *fini_array; 2724 Cache *init; 2725 Cache *init_array; 2726 Cache *preinit_array; 2727 Cache *rel; 2728 Cache *rela; 2729 Cache *sunw_cap; 2730 Cache *sunw_capinfo; 2731 Cache *sunw_capchain; 2732 Cache *sunw_ldynsym; 2733 Cache *sunw_move; 2734 Cache *sunw_syminfo; 2735 Cache *sunw_symsort; 2736 Cache *sunw_tlssort; 2737 Cache *sunw_verdef; 2738 Cache *sunw_verneed; 2739 Cache *sunw_versym; 2740 } sec; 2741 Word dynsec_ndx; 2742 Word dynsec_num; 2743 int dynsec_cnt; 2744 Word cnt; 2745 int osabi_solaris = osabi == ELFOSABI_SOLARIS; 2746 2747 /* 2748 * Make a pass over all the sections, gathering section information 2749 * we'll need below. 2750 */ 2751 dynsec_num = 0; 2752 bzero(&sec, sizeof (sec)); 2753 for (cnt = 1; cnt < shnum; cnt++) { 2754 Cache *_cache = &cache[cnt]; 2755 2756 switch (_cache->c_shdr->sh_type) { 2757 case SHT_DYNAMIC: 2758 if (dynsec_num == 0) { 2759 dynsec_ndx = cnt; 2760 2761 /* Does it have a valid string table? */ 2762 (void) stringtbl(cache, 0, cnt, shnum, file, 2763 0, 0, &sec.dynstr); 2764 } 2765 dynsec_num++; 2766 break; 2767 2768 2769 case SHT_PROGBITS: 2770 /* 2771 * We want to detect the .init and .fini sections, 2772 * if present. These are SHT_PROGBITS, so all we 2773 * have to go on is the section name. Normally comparing 2774 * names is a bad idea, but there are some special 2775 * names (i.e. .init/.fini/.interp) that are very 2776 * difficult to use in any other context, and for 2777 * these symbols, we do the heuristic match. 2778 */ 2779 if (strcmp(_cache->c_name, 2780 MSG_ORIG(MSG_ELF_INIT)) == 0) { 2781 if (sec.init == NULL) 2782 sec.init = _cache; 2783 } else if (strcmp(_cache->c_name, 2784 MSG_ORIG(MSG_ELF_FINI)) == 0) { 2785 if (sec.fini == NULL) 2786 sec.fini = _cache; 2787 } 2788 break; 2789 2790 case SHT_REL: 2791 /* 2792 * We want the SHT_REL section with the lowest 2793 * offset. The linker gathers them together, 2794 * and puts the address of the first one 2795 * into the DT_REL dynamic element. 2796 */ 2797 if ((sec.rel == NULL) || 2798 (_cache->c_shdr->sh_offset < 2799 sec.rel->c_shdr->sh_offset)) 2800 sec.rel = _cache; 2801 break; 2802 2803 case SHT_RELA: 2804 /* RELA is handled just like RELA above */ 2805 if ((sec.rela == NULL) || 2806 (_cache->c_shdr->sh_offset < 2807 sec.rela->c_shdr->sh_offset)) 2808 sec.rela = _cache; 2809 break; 2810 2811 /* 2812 * The GRAB macro is used for the simple case in which 2813 * we simply grab the first section of the desired type. 2814 */ 2815 #define GRAB(_sec_type, _sec_field) \ 2816 case _sec_type: \ 2817 if (sec._sec_field == NULL) \ 2818 sec._sec_field = _cache; \ 2819 break 2820 GRAB(SHT_SYMTAB, symtab); 2821 GRAB(SHT_DYNSYM, dynsym); 2822 GRAB(SHT_FINI_ARRAY, fini_array); 2823 GRAB(SHT_HASH, hash); 2824 GRAB(SHT_INIT_ARRAY, init_array); 2825 GRAB(SHT_SUNW_move, sunw_move); 2826 GRAB(SHT_PREINIT_ARRAY, preinit_array); 2827 GRAB(SHT_SUNW_cap, sunw_cap); 2828 GRAB(SHT_SUNW_capinfo, sunw_capinfo); 2829 GRAB(SHT_SUNW_capchain, sunw_capchain); 2830 GRAB(SHT_SUNW_LDYNSYM, sunw_ldynsym); 2831 GRAB(SHT_SUNW_syminfo, sunw_syminfo); 2832 GRAB(SHT_SUNW_symsort, sunw_symsort); 2833 GRAB(SHT_SUNW_tlssort, sunw_tlssort); 2834 GRAB(SHT_SUNW_verdef, sunw_verdef); 2835 GRAB(SHT_SUNW_verneed, sunw_verneed); 2836 GRAB(SHT_SUNW_versym, sunw_versym); 2837 #undef GRAB 2838 } 2839 } 2840 2841 /* 2842 * If no dynamic section, return immediately. If more than one 2843 * dynamic section, then something odd is going on and an error 2844 * is in order, but then continue on and display them all. 2845 */ 2846 if (dynsec_num == 0) 2847 return; 2848 if (dynsec_num > 1) 2849 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTDYN), 2850 file, EC_WORD(dynsec_num)); 2851 2852 2853 dynsec_cnt = 0; 2854 for (cnt = dynsec_ndx; (cnt < shnum) && (dynsec_cnt < dynsec_num); 2855 cnt++) { 2856 Dyn *dyn; 2857 ulong_t numdyn; 2858 int ndx, end_ndx; 2859 Cache *_cache = &cache[cnt], *strsec; 2860 Shdr *shdr = _cache->c_shdr; 2861 int dumped = 0; 2862 2863 if (shdr->sh_type != SHT_DYNAMIC) 2864 continue; 2865 dynsec_cnt++; 2866 2867 /* 2868 * Verify the associated string table section. 2869 */ 2870 if (stringtbl(cache, 0, cnt, shnum, file, 0, 0, &strsec) == 0) 2871 continue; 2872 2873 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 2874 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2875 file, _cache->c_name); 2876 continue; 2877 } 2878 if (_cache->c_data == NULL) 2879 continue; 2880 2881 numdyn = shdr->sh_size / shdr->sh_entsize; 2882 dyn = (Dyn *)_cache->c_data->d_buf; 2883 2884 /* 2885 * We expect the REL/RELA entries to reference the reloc 2886 * section with the lowest address. However, this is 2887 * not true for dumped objects. Detect if this object has 2888 * been dumped so that we can skip the reloc address test 2889 * in that case. 2890 */ 2891 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 2892 if (dyn->d_tag == DT_FLAGS_1) { 2893 dumped = (dyn->d_un.d_val & DF_1_CONFALT) != 0; 2894 break; 2895 } 2896 } 2897 dyn = (Dyn *)_cache->c_data->d_buf; 2898 2899 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2900 dbg_print(0, MSG_INTL(MSG_ELF_SCN_DYNAMIC), _cache->c_name); 2901 2902 Elf_dyn_title(0); 2903 2904 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 2905 union { 2906 Conv_inv_buf_t inv; 2907 Conv_dyn_flag_buf_t flag; 2908 Conv_dyn_flag1_buf_t flag1; 2909 Conv_dyn_posflag1_buf_t posflag1; 2910 Conv_dyn_feature1_buf_t feature1; 2911 } c_buf; 2912 const char *name = NULL; 2913 2914 /* 2915 * Print the information numerically, and if possible 2916 * as a string. If a string is available, name is 2917 * set to reference it. 2918 * 2919 * Also, take this opportunity to sanity check 2920 * the values of DT elements. In the code above, 2921 * we gathered information on sections that are 2922 * referenced by the dynamic section. Here, we 2923 * compare the attributes of those sections to 2924 * the DT_ items that reference them and report 2925 * on inconsistencies. 2926 * 2927 * Things not currently tested that could be improved 2928 * in later revisions include: 2929 * - We don't check PLT or GOT related items 2930 * - We don't handle computing the lengths of 2931 * relocation arrays. To handle this 2932 * requires examining data that spans 2933 * across sections, in a contiguous span 2934 * within a single segment. 2935 * - DT_VERDEFNUM and DT_VERNEEDNUM can't be 2936 * verified without parsing the sections. 2937 * - We don't handle DT_SUNW_SYMSZ, which would 2938 * be the sum of the lengths of .dynsym and 2939 * .SUNW_ldynsym 2940 * - DT_SUNW_STRPAD can't be verified other than 2941 * to check that it's not larger than 2942 * the string table. 2943 * - Some items come in "all or none" clusters 2944 * that give an address, element size, 2945 * and data length in bytes. We don't 2946 * verify that there are no missing items 2947 * in such groups. 2948 */ 2949 switch (dyn->d_tag) { 2950 case DT_NULL: 2951 /* 2952 * Special case: DT_NULLs can come in groups 2953 * that we prefer to reduce to a single line. 2954 */ 2955 end_ndx = ndx; 2956 while ((end_ndx < (numdyn - 1)) && 2957 ((dyn + 1)->d_tag == DT_NULL)) { 2958 dyn++; 2959 end_ndx++; 2960 } 2961 Elf_dyn_null_entry(0, dyn, ndx, end_ndx); 2962 ndx = end_ndx; 2963 continue; 2964 2965 /* 2966 * String items all reference the dynstr. The string() 2967 * function does the necessary sanity checking. 2968 */ 2969 case DT_NEEDED: 2970 case DT_SONAME: 2971 case DT_FILTER: 2972 case DT_AUXILIARY: 2973 case DT_CONFIG: 2974 case DT_RPATH: 2975 case DT_RUNPATH: 2976 case DT_USED: 2977 case DT_DEPAUDIT: 2978 case DT_AUDIT: 2979 name = string(_cache, ndx, strsec, 2980 file, dyn->d_un.d_ptr); 2981 break; 2982 2983 case DT_SUNW_AUXILIARY: 2984 case DT_SUNW_FILTER: 2985 if (osabi_solaris) 2986 name = string(_cache, ndx, strsec, 2987 file, dyn->d_un.d_ptr); 2988 break; 2989 2990 case DT_FLAGS: 2991 name = conv_dyn_flag(dyn->d_un.d_val, 2992 0, &c_buf.flag); 2993 break; 2994 case DT_FLAGS_1: 2995 name = conv_dyn_flag1(dyn->d_un.d_val, 0, 2996 &c_buf.flag1); 2997 break; 2998 case DT_POSFLAG_1: 2999 name = conv_dyn_posflag1(dyn->d_un.d_val, 0, 3000 &c_buf.posflag1); 3001 break; 3002 case DT_FEATURE_1: 3003 name = conv_dyn_feature1(dyn->d_un.d_val, 0, 3004 &c_buf.feature1); 3005 break; 3006 case DT_DEPRECATED_SPARC_REGISTER: 3007 name = MSG_INTL(MSG_STR_DEPRECATED); 3008 break; 3009 3010 case DT_SUNW_LDMACH: 3011 if (!osabi_solaris) 3012 break; 3013 name = conv_ehdr_mach((Half)dyn->d_un.d_val, 3014 0, &c_buf.inv); 3015 break; 3016 3017 /* 3018 * Cases below this point are strictly sanity checking, 3019 * and do not generate a name string. The TEST_ macros 3020 * are used to hide the boiler plate arguments neeeded 3021 * by dyn_test(). 3022 */ 3023 #define TEST_ADDR(_sh_type, _sec_field) \ 3024 dyn_test(DYN_TEST_ADDR, _sh_type, \ 3025 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3026 osabi, file) 3027 #define TEST_SIZE(_sh_type, _sec_field) \ 3028 dyn_test(DYN_TEST_SIZE, _sh_type, \ 3029 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3030 osabi, file) 3031 #define TEST_ENTSIZE(_sh_type, _sec_field) \ 3032 dyn_test(DYN_TEST_ENTSIZE, _sh_type, \ 3033 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3034 osabi, file) 3035 3036 case DT_FINI: 3037 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_FINI), 3038 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3039 sec.fini, cache, shnum, ehdr, osabi, file); 3040 TEST_ADDR(SHT_PROGBITS, fini); 3041 break; 3042 3043 case DT_FINI_ARRAY: 3044 TEST_ADDR(SHT_FINI_ARRAY, fini_array); 3045 break; 3046 3047 case DT_FINI_ARRAYSZ: 3048 TEST_SIZE(SHT_FINI_ARRAY, fini_array); 3049 break; 3050 3051 case DT_HASH: 3052 TEST_ADDR(SHT_HASH, hash); 3053 break; 3054 3055 case DT_INIT: 3056 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_INIT), 3057 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3058 sec.init, cache, shnum, ehdr, osabi, file); 3059 TEST_ADDR(SHT_PROGBITS, init); 3060 break; 3061 3062 case DT_INIT_ARRAY: 3063 TEST_ADDR(SHT_INIT_ARRAY, init_array); 3064 break; 3065 3066 case DT_INIT_ARRAYSZ: 3067 TEST_SIZE(SHT_INIT_ARRAY, init_array); 3068 break; 3069 3070 case DT_MOVEENT: 3071 TEST_ENTSIZE(SHT_SUNW_move, sunw_move); 3072 break; 3073 3074 case DT_MOVESZ: 3075 TEST_SIZE(SHT_SUNW_move, sunw_move); 3076 break; 3077 3078 case DT_MOVETAB: 3079 TEST_ADDR(SHT_SUNW_move, sunw_move); 3080 break; 3081 3082 case DT_PREINIT_ARRAY: 3083 TEST_ADDR(SHT_PREINIT_ARRAY, preinit_array); 3084 break; 3085 3086 case DT_PREINIT_ARRAYSZ: 3087 TEST_SIZE(SHT_PREINIT_ARRAY, preinit_array); 3088 break; 3089 3090 case DT_REL: 3091 if (!dumped) 3092 TEST_ADDR(SHT_REL, rel); 3093 break; 3094 3095 case DT_RELENT: 3096 TEST_ENTSIZE(SHT_REL, rel); 3097 break; 3098 3099 case DT_RELA: 3100 if (!dumped) 3101 TEST_ADDR(SHT_RELA, rela); 3102 break; 3103 3104 case DT_RELAENT: 3105 TEST_ENTSIZE(SHT_RELA, rela); 3106 break; 3107 3108 case DT_STRTAB: 3109 TEST_ADDR(SHT_STRTAB, dynstr); 3110 break; 3111 3112 case DT_STRSZ: 3113 TEST_SIZE(SHT_STRTAB, dynstr); 3114 break; 3115 3116 case DT_SUNW_CAP: 3117 TEST_ADDR(SHT_SUNW_cap, sunw_cap); 3118 break; 3119 3120 case DT_SUNW_CAPINFO: 3121 TEST_ADDR(SHT_SUNW_capinfo, sunw_capinfo); 3122 break; 3123 3124 case DT_SUNW_CAPCHAIN: 3125 TEST_ADDR(SHT_SUNW_capchain, sunw_capchain); 3126 break; 3127 3128 case DT_SUNW_SYMTAB: 3129 TEST_ADDR(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3130 break; 3131 3132 case DT_SYMENT: 3133 TEST_ENTSIZE(SHT_DYNSYM, dynsym); 3134 break; 3135 3136 case DT_SYMINENT: 3137 TEST_ENTSIZE(SHT_SUNW_syminfo, sunw_syminfo); 3138 break; 3139 3140 case DT_SYMINFO: 3141 TEST_ADDR(SHT_SUNW_syminfo, sunw_syminfo); 3142 break; 3143 3144 case DT_SYMINSZ: 3145 TEST_SIZE(SHT_SUNW_syminfo, sunw_syminfo); 3146 break; 3147 3148 case DT_SYMTAB: 3149 TEST_ADDR(SHT_DYNSYM, dynsym); 3150 break; 3151 3152 case DT_SUNW_SORTENT: 3153 /* 3154 * This entry is related to both the symsort and 3155 * tlssort sections. 3156 */ 3157 if (osabi_solaris) { 3158 int test_tls = 3159 (sec.sunw_tlssort != NULL); 3160 int test_sym = 3161 (sec.sunw_symsort != NULL) || 3162 !test_tls; 3163 if (test_sym) 3164 TEST_ENTSIZE(SHT_SUNW_symsort, 3165 sunw_symsort); 3166 if (test_tls) 3167 TEST_ENTSIZE(SHT_SUNW_tlssort, 3168 sunw_tlssort); 3169 } 3170 break; 3171 3172 3173 case DT_SUNW_SYMSORT: 3174 if (osabi_solaris) 3175 TEST_ADDR(SHT_SUNW_symsort, 3176 sunw_symsort); 3177 break; 3178 3179 case DT_SUNW_SYMSORTSZ: 3180 if (osabi_solaris) 3181 TEST_SIZE(SHT_SUNW_symsort, 3182 sunw_symsort); 3183 break; 3184 3185 case DT_SUNW_TLSSORT: 3186 if (osabi_solaris) 3187 TEST_ADDR(SHT_SUNW_tlssort, 3188 sunw_tlssort); 3189 break; 3190 3191 case DT_SUNW_TLSSORTSZ: 3192 if (osabi_solaris) 3193 TEST_SIZE(SHT_SUNW_tlssort, 3194 sunw_tlssort); 3195 break; 3196 3197 case DT_VERDEF: 3198 TEST_ADDR(SHT_SUNW_verdef, sunw_verdef); 3199 break; 3200 3201 case DT_VERNEED: 3202 TEST_ADDR(SHT_SUNW_verneed, sunw_verneed); 3203 break; 3204 3205 case DT_VERSYM: 3206 TEST_ADDR(SHT_SUNW_versym, sunw_versym); 3207 break; 3208 #undef TEST_ADDR 3209 #undef TEST_SIZE 3210 #undef TEST_ENTSIZE 3211 } 3212 3213 if (name == NULL) 3214 name = MSG_ORIG(MSG_STR_EMPTY); 3215 Elf_dyn_entry(0, dyn, ndx, name, 3216 osabi, ehdr->e_machine); 3217 } 3218 } 3219 } 3220 3221 /* 3222 * Search for and process a MOVE section. 3223 */ 3224 static void 3225 move(Cache *cache, Word shnum, const char *file, uint_t flags) 3226 { 3227 Word cnt; 3228 const char *fmt = NULL; 3229 3230 for (cnt = 1; cnt < shnum; cnt++) { 3231 Word movenum, symnum, ndx; 3232 Sym *syms; 3233 Cache *_cache = &cache[cnt]; 3234 Shdr *shdr = _cache->c_shdr; 3235 Cache *symsec, *strsec; 3236 Move *move; 3237 3238 if (shdr->sh_type != SHT_SUNW_move) 3239 continue; 3240 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3241 continue; 3242 3243 /* 3244 * Determine the move data and number. 3245 */ 3246 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3247 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3248 file, _cache->c_name); 3249 continue; 3250 } 3251 if (_cache->c_data == NULL) 3252 continue; 3253 3254 move = (Move *)_cache->c_data->d_buf; 3255 movenum = shdr->sh_size / shdr->sh_entsize; 3256 3257 /* 3258 * Get the data buffer for the associated symbol table and 3259 * string table. 3260 */ 3261 if (stringtbl(cache, 1, cnt, shnum, file, 3262 &symnum, &symsec, &strsec) == 0) 3263 return; 3264 3265 syms = (Sym *)symsec->c_data->d_buf; 3266 3267 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3268 dbg_print(0, MSG_INTL(MSG_ELF_SCN_MOVE), _cache->c_name); 3269 dbg_print(0, MSG_INTL(MSG_MOVE_TITLE)); 3270 3271 if (fmt == NULL) 3272 fmt = MSG_INTL(MSG_MOVE_ENTRY); 3273 3274 for (ndx = 0; ndx < movenum; move++, ndx++) { 3275 const char *symname; 3276 char index[MAXNDXSIZE], section[BUFSIZ]; 3277 Word symndx, shndx; 3278 Sym *sym; 3279 3280 /* 3281 * Check for null entries 3282 */ 3283 if ((move->m_info == 0) && (move->m_value == 0) && 3284 (move->m_poffset == 0) && (move->m_repeat == 0) && 3285 (move->m_stride == 0)) { 3286 dbg_print(0, fmt, MSG_ORIG(MSG_STR_EMPTY), 3287 EC_XWORD(move->m_poffset), 0, 0, 0, 3288 EC_LWORD(0), MSG_ORIG(MSG_STR_EMPTY)); 3289 continue; 3290 } 3291 if (((symndx = ELF_M_SYM(move->m_info)) == 0) || 3292 (symndx >= symnum)) { 3293 (void) fprintf(stderr, 3294 MSG_INTL(MSG_ERR_BADMINFO), file, 3295 _cache->c_name, EC_XWORD(move->m_info)); 3296 3297 (void) snprintf(index, MAXNDXSIZE, 3298 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3299 dbg_print(0, fmt, index, 3300 EC_XWORD(move->m_poffset), 3301 ELF_M_SIZE(move->m_info), move->m_repeat, 3302 move->m_stride, move->m_value, 3303 MSG_INTL(MSG_STR_UNKNOWN)); 3304 continue; 3305 } 3306 3307 symname = relsymname(cache, _cache, strsec, 3308 symndx, symnum, ndx, syms, section, BUFSIZ, file); 3309 sym = (Sym *)(syms + symndx); 3310 3311 /* 3312 * Additional sanity check. 3313 */ 3314 shndx = sym->st_shndx; 3315 if (!((shndx == SHN_COMMON) || 3316 (((shndx >= 1) && (shndx <= shnum)) && 3317 (cache[shndx].c_shdr)->sh_type == SHT_NOBITS))) { 3318 (void) fprintf(stderr, 3319 MSG_INTL(MSG_ERR_BADSYM2), file, 3320 _cache->c_name, EC_WORD(symndx), 3321 demangle(symname, flags)); 3322 } 3323 3324 (void) snprintf(index, MAXNDXSIZE, 3325 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3326 dbg_print(0, fmt, index, EC_XWORD(move->m_poffset), 3327 ELF_M_SIZE(move->m_info), move->m_repeat, 3328 move->m_stride, move->m_value, 3329 demangle(symname, flags)); 3330 } 3331 } 3332 } 3333 3334 /* 3335 * parse_note_t is used to track the state used by parse_note_entry() 3336 * between calls, and also to return the results of each call. 3337 */ 3338 typedef struct { 3339 /* pns_ fields track progress through the data */ 3340 const char *pns_file; /* File name */ 3341 Cache *pns_cache; /* Note section cache entry */ 3342 size_t pns_size; /* # unprocessed data bytes */ 3343 Word *pns_data; /* # to next unused data byte */ 3344 3345 /* pn_ fields return the results for a single call */ 3346 Word pn_namesz; /* Value of note namesz field */ 3347 Word pn_descsz; /* Value of note descsz field */ 3348 Word pn_type; /* Value of note type field */ 3349 const char *pn_name; /* if (namesz > 0) ptr to name bytes */ 3350 const char *pn_desc; /* if (descsx > 0) ptr to data bytes */ 3351 } parse_note_t; 3352 3353 /* 3354 * Extract the various sub-parts of a note entry, and advance the 3355 * data pointer past it. 3356 * 3357 * entry: 3358 * The state pns_ fields contain current values for the Note section 3359 * 3360 * exit: 3361 * On success, True (1) is returned, the state pns_ fields have been 3362 * advanced to point at the start of the next entry, and the information 3363 * for the recovered note entry is found in the state pn_ fields. 3364 * 3365 * On failure, False (0) is returned. The values contained in state 3366 * are undefined. 3367 */ 3368 static int 3369 parse_note_entry(parse_note_t *state) 3370 { 3371 size_t pad, noteoff; 3372 3373 noteoff = (Word)state->pns_cache->c_data->d_size - state->pns_size; 3374 /* 3375 * Make sure we can at least reference the 3 initial entries 3376 * (4-byte words) of the note information block. 3377 */ 3378 if (state->pns_size >= (sizeof (Word) * 3)) { 3379 state->pns_size -= (sizeof (Word) * 3); 3380 } else { 3381 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDATASZ), 3382 state->pns_file, state->pns_cache->c_name, 3383 EC_WORD(noteoff)); 3384 return (0); 3385 } 3386 3387 /* 3388 * Make sure any specified name string can be referenced. 3389 */ 3390 if ((state->pn_namesz = *state->pns_data++) != 0) { 3391 if (state->pns_size >= state->pn_namesz) { 3392 state->pns_size -= state->pn_namesz; 3393 } else { 3394 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADNMSZ), 3395 state->pns_file, state->pns_cache->c_name, 3396 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3397 return (0); 3398 } 3399 } 3400 3401 /* 3402 * Make sure any specified descriptor can be referenced. 3403 */ 3404 if ((state->pn_descsz = *state->pns_data++) != 0) { 3405 /* 3406 * If namesz isn't a 4-byte multiple, account for any 3407 * padding that must exist before the descriptor. 3408 */ 3409 if ((pad = (state->pn_namesz & (sizeof (Word) - 1))) != 0) { 3410 pad = sizeof (Word) - pad; 3411 state->pns_size -= pad; 3412 } 3413 if (state->pns_size >= state->pn_descsz) { 3414 state->pns_size -= state->pn_descsz; 3415 } else { 3416 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDESZ), 3417 state->pns_file, state->pns_cache->c_name, 3418 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3419 return (0); 3420 } 3421 } 3422 3423 state->pn_type = *state->pns_data++; 3424 3425 /* Name */ 3426 if (state->pn_namesz) { 3427 state->pn_name = (char *)state->pns_data; 3428 pad = (state->pn_namesz + 3429 (sizeof (Word) - 1)) & ~(sizeof (Word) - 1); 3430 /* LINTED */ 3431 state->pns_data = (Word *)(state->pn_name + pad); 3432 } 3433 3434 /* 3435 * If multiple information blocks exist within a .note section 3436 * account for any padding that must exist before the next 3437 * information block. 3438 */ 3439 if ((pad = (state->pn_descsz & (sizeof (Word) - 1))) != 0) { 3440 pad = sizeof (Word) - pad; 3441 if (state->pns_size > pad) 3442 state->pns_size -= pad; 3443 } 3444 3445 /* Data */ 3446 if (state->pn_descsz) { 3447 state->pn_desc = (const char *)state->pns_data; 3448 /* LINTED */ 3449 state->pns_data = (Word *)(state->pn_desc + 3450 state->pn_descsz + pad); 3451 } 3452 3453 return (1); 3454 } 3455 3456 /* 3457 * Callback function for use with conv_str_to_c_literal() below. 3458 */ 3459 /*ARGSUSED2*/ 3460 static void 3461 c_literal_cb(const void *ptr, size_t size, void *uvalue) 3462 { 3463 (void) fwrite(ptr, size, 1, stdout); 3464 } 3465 3466 /* 3467 * Traverse a note section analyzing each note information block. 3468 * The data buffers size is used to validate references before they are made, 3469 * and is decremented as each element is processed. 3470 */ 3471 void 3472 note_entry(Cache *cache, Word *data, size_t size, Ehdr *ehdr, const char *file) 3473 { 3474 int cnt = 0; 3475 int is_corenote; 3476 int do_swap; 3477 Conv_inv_buf_t inv_buf; 3478 parse_note_t pnstate; 3479 3480 pnstate.pns_file = file; 3481 pnstate.pns_cache = cache; 3482 pnstate.pns_size = size; 3483 pnstate.pns_data = data; 3484 do_swap = _elf_sys_encoding() != ehdr->e_ident[EI_DATA]; 3485 3486 /* 3487 * Print out a single `note' information block. 3488 */ 3489 while (pnstate.pns_size > 0) { 3490 3491 if (parse_note_entry(&pnstate) == 0) 3492 return; 3493 3494 /* 3495 * Is this a Solaris core note? Such notes all have 3496 * the name "CORE". 3497 */ 3498 is_corenote = (ehdr->e_type == ET_CORE) && 3499 (pnstate.pn_namesz == (MSG_STR_CORE_SIZE + 1)) && 3500 (strncmp(MSG_ORIG(MSG_STR_CORE), pnstate.pn_name, 3501 MSG_STR_CORE_SIZE + 1) == 0); 3502 3503 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3504 dbg_print(0, MSG_INTL(MSG_FMT_NOTEENTNDX), EC_WORD(cnt)); 3505 cnt++; 3506 dbg_print(0, MSG_ORIG(MSG_NOTE_NAMESZ), 3507 EC_WORD(pnstate.pn_namesz)); 3508 dbg_print(0, MSG_ORIG(MSG_NOTE_DESCSZ), 3509 EC_WORD(pnstate.pn_descsz)); 3510 3511 if (is_corenote) 3512 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE_STR), 3513 conv_cnote_type(pnstate.pn_type, 0, &inv_buf)); 3514 else 3515 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE), 3516 EC_WORD(pnstate.pn_type)); 3517 if (pnstate.pn_namesz) { 3518 dbg_print(0, MSG_ORIG(MSG_NOTE_NAME)); 3519 /* 3520 * The name string can contain embedded 'null' 3521 * bytes and/or unprintable characters. Also, 3522 * the final NULL is documented in the ELF ABI 3523 * as being included in the namesz. So, display 3524 * the name using C literal string notation, and 3525 * include the terminating NULL in the output. 3526 * We don't show surrounding double quotes, as 3527 * that implies the termination that we are showing 3528 * explicitly. 3529 */ 3530 (void) fwrite(MSG_ORIG(MSG_STR_8SP), 3531 MSG_STR_8SP_SIZE, 1, stdout); 3532 conv_str_to_c_literal(pnstate.pn_name, 3533 pnstate.pn_namesz, c_literal_cb, NULL); 3534 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3535 } 3536 3537 if (pnstate.pn_descsz) { 3538 int hexdump = 1; 3539 3540 /* 3541 * If this is a core note, let the corenote() 3542 * function handle it. 3543 */ 3544 if (is_corenote) { 3545 /* We only issue the bad arch error once */ 3546 static int badnote_done = 0; 3547 corenote_ret_t corenote_ret; 3548 3549 corenote_ret = corenote(ehdr->e_machine, 3550 do_swap, pnstate.pn_type, pnstate.pn_desc, 3551 pnstate.pn_descsz); 3552 switch (corenote_ret) { 3553 case CORENOTE_R_OK: 3554 hexdump = 0; 3555 break; 3556 case CORENOTE_R_BADDATA: 3557 (void) fprintf(stderr, 3558 MSG_INTL(MSG_NOTE_BADCOREDATA), 3559 file); 3560 break; 3561 case CORENOTE_R_BADARCH: 3562 if (badnote_done) 3563 break; 3564 (void) fprintf(stderr, 3565 MSG_INTL(MSG_NOTE_BADCOREARCH), 3566 file, 3567 conv_ehdr_mach(ehdr->e_machine, 3568 0, &inv_buf)); 3569 break; 3570 } 3571 } 3572 3573 /* 3574 * The default thing when we don't understand 3575 * the note data is to display it as hex bytes. 3576 */ 3577 if (hexdump) { 3578 dbg_print(0, MSG_ORIG(MSG_NOTE_DESC)); 3579 dump_hex_bytes(pnstate.pn_desc, 3580 pnstate.pn_descsz, 8, 4, 4); 3581 } 3582 } 3583 } 3584 } 3585 3586 /* 3587 * Search for and process .note sections. 3588 * 3589 * Returns the number of note sections seen. 3590 */ 3591 static Word 3592 note(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3593 { 3594 Word cnt, note_cnt = 0; 3595 3596 /* 3597 * Otherwise look for any .note sections. 3598 */ 3599 for (cnt = 1; cnt < shnum; cnt++) { 3600 Cache *_cache = &cache[cnt]; 3601 Shdr *shdr = _cache->c_shdr; 3602 3603 if (shdr->sh_type != SHT_NOTE) 3604 continue; 3605 note_cnt++; 3606 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3607 continue; 3608 3609 /* 3610 * As these sections are often hand rolled, make sure they're 3611 * properly aligned before proceeding, and issue an error 3612 * as necessary. 3613 * 3614 * Note that we will continue on to display the note even 3615 * if it has bad alignment. We can do this safely, because 3616 * libelf knows the alignment required for SHT_NOTE, and 3617 * takes steps to deliver a properly aligned buffer to us 3618 * even if the actual file is misaligned. 3619 */ 3620 if (shdr->sh_offset & (sizeof (Word) - 1)) 3621 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADALIGN), 3622 file, _cache->c_name); 3623 3624 if (_cache->c_data == NULL) 3625 continue; 3626 3627 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3628 dbg_print(0, MSG_INTL(MSG_ELF_SCN_NOTE), _cache->c_name); 3629 note_entry(_cache, (Word *)_cache->c_data->d_buf, 3630 /* LINTED */ 3631 (Word)_cache->c_data->d_size, ehdr, file); 3632 } 3633 3634 return (note_cnt); 3635 } 3636 3637 /* 3638 * The Linux Standard Base defines a special note named .note.ABI-tag 3639 * that is used to maintain Linux ABI information. Presence of this section 3640 * is a strong indication that the object should be considered to be 3641 * ELFOSABI_LINUX. 3642 * 3643 * This function returns True (1) if such a note is seen, and False (0) 3644 * otherwise. 3645 */ 3646 static int 3647 has_linux_abi_note(Cache *cache, Word shnum, const char *file) 3648 { 3649 Word cnt; 3650 3651 for (cnt = 1; cnt < shnum; cnt++) { 3652 parse_note_t pnstate; 3653 Cache *_cache = &cache[cnt]; 3654 Shdr *shdr = _cache->c_shdr; 3655 3656 /* 3657 * Section must be SHT_NOTE, must have the name 3658 * .note.ABI-tag, and must have data. 3659 */ 3660 if ((shdr->sh_type != SHT_NOTE) || 3661 (strcmp(MSG_ORIG(MSG_STR_NOTEABITAG), 3662 _cache->c_name) != 0) || (_cache->c_data == NULL)) 3663 continue; 3664 3665 pnstate.pns_file = file; 3666 pnstate.pns_cache = _cache; 3667 pnstate.pns_size = _cache->c_data->d_size; 3668 pnstate.pns_data = (Word *)_cache->c_data->d_buf; 3669 3670 while (pnstate.pns_size > 0) { 3671 Word *w; 3672 3673 if (parse_note_entry(&pnstate) == 0) 3674 break; 3675 3676 /* 3677 * The type must be 1, and the name must be "GNU". 3678 * The descsz must be at least 16 bytes. 3679 */ 3680 if ((pnstate.pn_type != 1) || 3681 (pnstate.pn_namesz != (MSG_STR_GNU_SIZE + 1)) || 3682 (strncmp(MSG_ORIG(MSG_STR_GNU), pnstate.pn_name, 3683 MSG_STR_CORE_SIZE + 1) != 0) || 3684 (pnstate.pn_descsz < 16)) 3685 continue; 3686 3687 /* 3688 * desc contains 4 32-bit fields. Field 0 must be 0, 3689 * indicating Linux. The second, third, and fourth 3690 * fields represent the earliest Linux kernel 3691 * version compatible with this object. 3692 */ 3693 /*LINTED*/ 3694 w = (Word *) pnstate.pn_desc; 3695 if (*w == 0) 3696 return (1); 3697 } 3698 } 3699 3700 return (0); 3701 } 3702 3703 /* 3704 * Determine an individual hash entry. This may be the initial hash entry, 3705 * or an associated chain entry. 3706 */ 3707 static void 3708 hash_entry(Cache *refsec, Cache *strsec, const char *hsecname, Word hashndx, 3709 Word symndx, Word symn, Sym *syms, const char *file, ulong_t bkts, 3710 uint_t flags, int chain) 3711 { 3712 Sym *sym; 3713 const char *symname, *str; 3714 char _bucket[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 3715 ulong_t nbkt, nhash; 3716 3717 if (symndx > symn) { 3718 (void) fprintf(stderr, MSG_INTL(MSG_ERR_HSBADSYMNDX), file, 3719 EC_WORD(symndx), EC_WORD(hashndx)); 3720 symname = MSG_INTL(MSG_STR_UNKNOWN); 3721 } else { 3722 sym = (Sym *)(syms + symndx); 3723 symname = string(refsec, symndx, strsec, file, sym->st_name); 3724 } 3725 3726 if (chain == 0) { 3727 (void) snprintf(_bucket, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 3728 hashndx); 3729 str = (const char *)_bucket; 3730 } else 3731 str = MSG_ORIG(MSG_STR_EMPTY); 3732 3733 (void) snprintf(_symndx, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX2), 3734 EC_WORD(symndx)); 3735 dbg_print(0, MSG_ORIG(MSG_FMT_HASH_INFO), str, _symndx, 3736 demangle(symname, flags)); 3737 3738 /* 3739 * Determine if this string is in the correct bucket. 3740 */ 3741 nhash = elf_hash(symname); 3742 nbkt = nhash % bkts; 3743 3744 if (nbkt != hashndx) { 3745 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADHASH), file, 3746 hsecname, symname, EC_WORD(hashndx), nbkt); 3747 } 3748 } 3749 3750 #define MAXCOUNT 500 3751 3752 static void 3753 hash(Cache *cache, Word shnum, const char *file, uint_t flags) 3754 { 3755 static int count[MAXCOUNT]; 3756 Word cnt; 3757 ulong_t ndx, bkts; 3758 char number[MAXNDXSIZE]; 3759 3760 for (cnt = 1; cnt < shnum; cnt++) { 3761 uint_t *hash, *chain; 3762 Cache *_cache = &cache[cnt]; 3763 Shdr *sshdr, *hshdr = _cache->c_shdr; 3764 char *ssecname, *hsecname = _cache->c_name; 3765 Sym *syms; 3766 Word symn; 3767 3768 if (hshdr->sh_type != SHT_HASH) 3769 continue; 3770 3771 /* 3772 * Determine the hash table data and size. 3773 */ 3774 if ((hshdr->sh_entsize == 0) || (hshdr->sh_size == 0)) { 3775 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3776 file, hsecname); 3777 continue; 3778 } 3779 if (_cache->c_data == NULL) 3780 continue; 3781 3782 hash = (uint_t *)_cache->c_data->d_buf; 3783 bkts = *hash; 3784 chain = hash + 2 + bkts; 3785 hash += 2; 3786 3787 /* 3788 * Get the data buffer for the associated symbol table. 3789 */ 3790 if ((hshdr->sh_link == 0) || (hshdr->sh_link >= shnum)) { 3791 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 3792 file, hsecname, EC_WORD(hshdr->sh_link)); 3793 continue; 3794 } 3795 3796 _cache = &cache[hshdr->sh_link]; 3797 ssecname = _cache->c_name; 3798 3799 if (_cache->c_data == NULL) 3800 continue; 3801 3802 if ((syms = (Sym *)_cache->c_data->d_buf) == NULL) { 3803 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3804 file, ssecname); 3805 continue; 3806 } 3807 3808 sshdr = _cache->c_shdr; 3809 /* LINTED */ 3810 symn = (Word)(sshdr->sh_size / sshdr->sh_entsize); 3811 3812 /* 3813 * Get the associated string table section. 3814 */ 3815 if ((sshdr->sh_link == 0) || (sshdr->sh_link >= shnum)) { 3816 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 3817 file, ssecname, EC_WORD(sshdr->sh_link)); 3818 continue; 3819 } 3820 3821 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3822 dbg_print(0, MSG_INTL(MSG_ELF_SCN_HASH), hsecname); 3823 dbg_print(0, MSG_INTL(MSG_ELF_HASH_INFO)); 3824 3825 /* 3826 * Loop through the hash buckets, printing the appropriate 3827 * symbols. 3828 */ 3829 for (ndx = 0; ndx < bkts; ndx++, hash++) { 3830 Word _ndx, _cnt; 3831 3832 if (*hash == 0) { 3833 count[0]++; 3834 continue; 3835 } 3836 3837 hash_entry(_cache, &cache[sshdr->sh_link], hsecname, 3838 ndx, *hash, symn, syms, file, bkts, flags, 0); 3839 3840 /* 3841 * Determine if any other symbols are chained to this 3842 * bucket. 3843 */ 3844 _ndx = chain[*hash]; 3845 _cnt = 1; 3846 while (_ndx) { 3847 hash_entry(_cache, &cache[sshdr->sh_link], 3848 hsecname, ndx, _ndx, symn, syms, file, 3849 bkts, flags, 1); 3850 _ndx = chain[_ndx]; 3851 _cnt++; 3852 } 3853 3854 if (_cnt >= MAXCOUNT) { 3855 (void) fprintf(stderr, 3856 MSG_INTL(MSG_HASH_OVERFLW), file, 3857 _cache->c_name, EC_WORD(ndx), 3858 EC_WORD(_cnt)); 3859 } else 3860 count[_cnt]++; 3861 } 3862 break; 3863 } 3864 3865 /* 3866 * Print out the count information. 3867 */ 3868 bkts = cnt = 0; 3869 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3870 3871 for (ndx = 0; ndx < MAXCOUNT; ndx++) { 3872 Word _cnt; 3873 3874 if ((_cnt = count[ndx]) == 0) 3875 continue; 3876 3877 (void) snprintf(number, MAXNDXSIZE, 3878 MSG_ORIG(MSG_FMT_INTEGER), _cnt); 3879 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS1), number, 3880 EC_WORD(ndx)); 3881 bkts += _cnt; 3882 cnt += (Word)(ndx * _cnt); 3883 } 3884 if (cnt) { 3885 (void) snprintf(number, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 3886 bkts); 3887 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS2), number, 3888 EC_WORD(cnt)); 3889 } 3890 } 3891 3892 static void 3893 group(Cache *cache, Word shnum, const char *file, uint_t flags) 3894 { 3895 Word scnt; 3896 3897 for (scnt = 1; scnt < shnum; scnt++) { 3898 Cache *_cache = &cache[scnt]; 3899 Shdr *shdr = _cache->c_shdr; 3900 Word *grpdata, gcnt, grpcnt, symnum, unknown; 3901 Cache *symsec, *strsec; 3902 Sym *syms, *sym; 3903 char flgstrbuf[MSG_GRP_COMDAT_SIZE + 10]; 3904 const char *grpnam; 3905 3906 if (shdr->sh_type != SHT_GROUP) 3907 continue; 3908 if (!match(MATCH_F_ALL, _cache->c_name, scnt, shdr->sh_type)) 3909 continue; 3910 if ((_cache->c_data == NULL) || 3911 ((grpdata = (Word *)_cache->c_data->d_buf) == NULL)) 3912 continue; 3913 grpcnt = shdr->sh_size / sizeof (Word); 3914 3915 /* 3916 * Get the data buffer for the associated symbol table and 3917 * string table. 3918 */ 3919 if (stringtbl(cache, 1, scnt, shnum, file, 3920 &symnum, &symsec, &strsec) == 0) 3921 return; 3922 3923 syms = symsec->c_data->d_buf; 3924 3925 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3926 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GRP), _cache->c_name); 3927 dbg_print(0, MSG_INTL(MSG_GRP_TITLE)); 3928 3929 /* 3930 * The first element of the group defines the group. The 3931 * associated symbol is defined by the sh_link field. 3932 */ 3933 if ((shdr->sh_info == SHN_UNDEF) || (shdr->sh_info > symnum)) { 3934 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 3935 file, _cache->c_name, EC_WORD(shdr->sh_info)); 3936 return; 3937 } 3938 3939 (void) strcpy(flgstrbuf, MSG_ORIG(MSG_STR_OSQBRKT)); 3940 if (grpdata[0] & GRP_COMDAT) { 3941 (void) strcat(flgstrbuf, MSG_ORIG(MSG_GRP_COMDAT)); 3942 } 3943 if ((unknown = (grpdata[0] & ~GRP_COMDAT)) != 0) { 3944 size_t len = strlen(flgstrbuf); 3945 3946 (void) snprintf(&flgstrbuf[len], 3947 (MSG_GRP_COMDAT_SIZE + 10 - len), 3948 MSG_ORIG(MSG_GRP_UNKNOWN), unknown); 3949 } 3950 (void) strcat(flgstrbuf, MSG_ORIG(MSG_STR_CSQBRKT)); 3951 sym = (Sym *)(syms + shdr->sh_info); 3952 3953 /* 3954 * The GNU assembler can use section symbols as the signature 3955 * symbol as described by this comment in the gold linker 3956 * (found via google): 3957 * 3958 * It seems that some versions of gas will create a 3959 * section group associated with a section symbol, and 3960 * then fail to give a name to the section symbol. In 3961 * such a case, use the name of the section. 3962 * 3963 * In order to support such objects, we do the same. 3964 */ 3965 grpnam = string(_cache, 0, strsec, file, sym->st_name); 3966 if (((sym->st_name == 0) || (*grpnam == '\0')) && 3967 (ELF_ST_TYPE(sym->st_info) == STT_SECTION)) 3968 grpnam = cache[sym->st_shndx].c_name; 3969 3970 dbg_print(0, MSG_INTL(MSG_GRP_SIGNATURE), flgstrbuf, 3971 demangle(grpnam, flags)); 3972 3973 for (gcnt = 1; gcnt < grpcnt; gcnt++) { 3974 char index[MAXNDXSIZE]; 3975 const char *name; 3976 3977 (void) snprintf(index, MAXNDXSIZE, 3978 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(gcnt)); 3979 3980 if (grpdata[gcnt] >= shnum) 3981 name = MSG_INTL(MSG_GRP_INVALSCN); 3982 else 3983 name = cache[grpdata[gcnt]].c_name; 3984 3985 (void) printf(MSG_ORIG(MSG_GRP_ENTRY), index, name, 3986 EC_XWORD(grpdata[gcnt])); 3987 } 3988 } 3989 } 3990 3991 static void 3992 got(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3993 { 3994 Cache *gotcache = NULL, *symtab = NULL; 3995 Addr gotbgn, gotend; 3996 Shdr *gotshdr; 3997 Word cnt, gotents, gotndx; 3998 size_t gentsize; 3999 Got_info *gottable; 4000 char *gotdata; 4001 Sym *gotsym; 4002 Xword gotsymaddr; 4003 uint_t sys_encoding; 4004 4005 /* 4006 * First, find the got. 4007 */ 4008 for (cnt = 1; cnt < shnum; cnt++) { 4009 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 4010 MSG_ELF_GOT_SIZE) == 0) { 4011 gotcache = &cache[cnt]; 4012 break; 4013 } 4014 } 4015 if (gotcache == NULL) 4016 return; 4017 4018 /* 4019 * A got section within a relocatable object is suspicious. 4020 */ 4021 if (ehdr->e_type == ET_REL) { 4022 (void) fprintf(stderr, MSG_INTL(MSG_GOT_UNEXPECTED), file, 4023 gotcache->c_name); 4024 } 4025 4026 gotshdr = gotcache->c_shdr; 4027 if (gotshdr->sh_size == 0) { 4028 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4029 file, gotcache->c_name); 4030 return; 4031 } 4032 4033 gotbgn = gotshdr->sh_addr; 4034 gotend = gotbgn + gotshdr->sh_size; 4035 4036 /* 4037 * Some architectures don't properly set the sh_entsize for the GOT 4038 * table. If it's not set, default to a size of a pointer. 4039 */ 4040 if ((gentsize = gotshdr->sh_entsize) == 0) 4041 gentsize = sizeof (Xword); 4042 4043 if (gotcache->c_data == NULL) 4044 return; 4045 4046 /* LINTED */ 4047 gotents = (Word)(gotshdr->sh_size / gentsize); 4048 gotdata = gotcache->c_data->d_buf; 4049 4050 if ((gottable = calloc(gotents, sizeof (Got_info))) == 0) { 4051 int err = errno; 4052 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), file, 4053 strerror(err)); 4054 return; 4055 } 4056 4057 /* 4058 * Now we scan through all the sections looking for any relocations 4059 * that may be against the GOT. Since these may not be isolated to a 4060 * .rel[a].got section we check them all. 4061 * While scanning sections save the symbol table entry (a symtab 4062 * overriding a dynsym) so that we can lookup _GLOBAL_OFFSET_TABLE_. 4063 */ 4064 for (cnt = 1; cnt < shnum; cnt++) { 4065 Word type, symnum; 4066 Xword relndx, relnum, relsize; 4067 void *rels; 4068 Sym *syms; 4069 Cache *symsec, *strsec; 4070 Cache *_cache = &cache[cnt]; 4071 Shdr *shdr; 4072 4073 shdr = _cache->c_shdr; 4074 type = shdr->sh_type; 4075 4076 if ((symtab == 0) && (type == SHT_DYNSYM)) { 4077 symtab = _cache; 4078 continue; 4079 } 4080 if (type == SHT_SYMTAB) { 4081 symtab = _cache; 4082 continue; 4083 } 4084 if ((type != SHT_RELA) && (type != SHT_REL)) 4085 continue; 4086 4087 /* 4088 * Decide entry size. 4089 */ 4090 if (((relsize = shdr->sh_entsize) == 0) || 4091 (relsize > shdr->sh_size)) { 4092 if (type == SHT_RELA) 4093 relsize = sizeof (Rela); 4094 else 4095 relsize = sizeof (Rel); 4096 } 4097 4098 /* 4099 * Determine the number of relocations available. 4100 */ 4101 if (shdr->sh_size == 0) { 4102 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4103 file, _cache->c_name); 4104 continue; 4105 } 4106 if (_cache->c_data == NULL) 4107 continue; 4108 4109 rels = _cache->c_data->d_buf; 4110 relnum = shdr->sh_size / relsize; 4111 4112 /* 4113 * Get the data buffer for the associated symbol table and 4114 * string table. 4115 */ 4116 if (stringtbl(cache, 1, cnt, shnum, file, 4117 &symnum, &symsec, &strsec) == 0) 4118 continue; 4119 4120 syms = symsec->c_data->d_buf; 4121 4122 /* 4123 * Loop through the relocation entries. 4124 */ 4125 for (relndx = 0; relndx < relnum; relndx++, 4126 rels = (void *)((char *)rels + relsize)) { 4127 char section[BUFSIZ]; 4128 Addr offset; 4129 Got_info *gip; 4130 Word symndx, reltype; 4131 Rela *rela; 4132 Rel *rel; 4133 4134 /* 4135 * Unravel the relocation. 4136 */ 4137 if (type == SHT_RELA) { 4138 rela = (Rela *)rels; 4139 symndx = ELF_R_SYM(rela->r_info); 4140 reltype = ELF_R_TYPE(rela->r_info, 4141 ehdr->e_machine); 4142 offset = rela->r_offset; 4143 } else { 4144 rel = (Rel *)rels; 4145 symndx = ELF_R_SYM(rel->r_info); 4146 reltype = ELF_R_TYPE(rel->r_info, 4147 ehdr->e_machine); 4148 offset = rel->r_offset; 4149 } 4150 4151 /* 4152 * Only pay attention to relocations against the GOT. 4153 */ 4154 if ((offset < gotbgn) || (offset >= gotend)) 4155 continue; 4156 4157 /* LINTED */ 4158 gotndx = (Word)((offset - gotbgn) / 4159 gotshdr->sh_entsize); 4160 gip = &gottable[gotndx]; 4161 4162 if (gip->g_reltype != 0) { 4163 (void) fprintf(stderr, 4164 MSG_INTL(MSG_GOT_MULTIPLE), file, 4165 EC_WORD(gotndx), EC_ADDR(offset)); 4166 continue; 4167 } 4168 4169 if (symndx) 4170 gip->g_symname = relsymname(cache, _cache, 4171 strsec, symndx, symnum, relndx, syms, 4172 section, BUFSIZ, file); 4173 gip->g_reltype = reltype; 4174 gip->g_rel = rels; 4175 } 4176 } 4177 4178 if (symlookup(MSG_ORIG(MSG_SYM_GOT), cache, shnum, &gotsym, NULL, 4179 symtab, file)) 4180 gotsymaddr = gotsym->st_value; 4181 else 4182 gotsymaddr = gotbgn; 4183 4184 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4185 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GOT), gotcache->c_name); 4186 Elf_got_title(0); 4187 4188 sys_encoding = _elf_sys_encoding(); 4189 for (gotndx = 0; gotndx < gotents; gotndx++) { 4190 Got_info *gip; 4191 Sword gindex; 4192 Addr gaddr; 4193 Xword gotentry; 4194 4195 gip = &gottable[gotndx]; 4196 4197 gaddr = gotbgn + (gotndx * gentsize); 4198 gindex = (Sword)(gaddr - gotsymaddr) / (Sword)gentsize; 4199 4200 if (gentsize == sizeof (Word)) 4201 /* LINTED */ 4202 gotentry = (Xword)(*((Word *)(gotdata) + gotndx)); 4203 else 4204 /* LINTED */ 4205 gotentry = *((Xword *)(gotdata) + gotndx); 4206 4207 Elf_got_entry(0, gindex, gaddr, gotentry, ehdr->e_machine, 4208 ehdr->e_ident[EI_DATA], sys_encoding, 4209 gip->g_reltype, gip->g_rel, gip->g_symname); 4210 } 4211 free(gottable); 4212 } 4213 4214 void 4215 checksum(Elf *elf) 4216 { 4217 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4218 dbg_print(0, MSG_INTL(MSG_STR_CHECKSUM), elf_checksum(elf)); 4219 } 4220 4221 /* 4222 * This variable is used by regular() to communicate the address of 4223 * the section header cache to sort_shdr_ndx_arr(). Unfortunately, 4224 * the qsort() interface does not include a userdata argument by which 4225 * such arbitrary data can be passed, so we are stuck using global data. 4226 */ 4227 static Cache *sort_shdr_ndx_arr_cache; 4228 4229 4230 /* 4231 * Used with qsort() to sort the section indices so that they can be 4232 * used to access the section headers in order of increasing data offset. 4233 * 4234 * entry: 4235 * sort_shdr_ndx_arr_cache - Contains address of 4236 * section header cache. 4237 * v1, v2 - Point at elements of sort_shdr_bits array to be compared. 4238 * 4239 * exit: 4240 * Returns -1 (less than), 0 (equal) or 1 (greater than). 4241 */ 4242 static int 4243 sort_shdr_ndx_arr(const void *v1, const void *v2) 4244 { 4245 Cache *cache1 = sort_shdr_ndx_arr_cache + *((size_t *)v1); 4246 Cache *cache2 = sort_shdr_ndx_arr_cache + *((size_t *)v2); 4247 4248 if (cache1->c_shdr->sh_offset < cache2->c_shdr->sh_offset) 4249 return (-1); 4250 4251 if (cache1->c_shdr->sh_offset > cache2->c_shdr->sh_offset) 4252 return (1); 4253 4254 return (0); 4255 } 4256 4257 4258 static int 4259 shdr_cache(const char *file, Elf *elf, Ehdr *ehdr, size_t shstrndx, 4260 size_t shnum, Cache **cache_ret, Word flags) 4261 { 4262 Elf_Scn *scn; 4263 Elf_Data *data; 4264 size_t ndx; 4265 Shdr *nameshdr; 4266 char *names = NULL; 4267 Cache *cache, *_cache; 4268 size_t *shdr_ndx_arr, shdr_ndx_arr_cnt; 4269 4270 4271 /* 4272 * Obtain the .shstrtab data buffer to provide the required section 4273 * name strings. 4274 */ 4275 if (shstrndx == SHN_UNDEF) { 4276 /* 4277 * It is rare, but legal, for an object to lack a 4278 * header string table section. 4279 */ 4280 names = NULL; 4281 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHSTRSEC), file); 4282 } else if ((scn = elf_getscn(elf, shstrndx)) == NULL) { 4283 failure(file, MSG_ORIG(MSG_ELF_GETSCN)); 4284 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SHDR), 4285 EC_XWORD(shstrndx)); 4286 4287 } else if ((data = elf_getdata(scn, NULL)) == NULL) { 4288 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4289 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_DATA), 4290 EC_XWORD(shstrndx)); 4291 4292 } else if ((nameshdr = elf_getshdr(scn)) == NULL) { 4293 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4294 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4295 EC_WORD(elf_ndxscn(scn))); 4296 4297 } else if ((names = data->d_buf) == NULL) 4298 (void) fprintf(stderr, MSG_INTL(MSG_ERR_SHSTRNULL), file); 4299 4300 /* 4301 * Allocate a cache to maintain a descriptor for each section. 4302 */ 4303 if ((*cache_ret = cache = malloc(shnum * sizeof (Cache))) == NULL) { 4304 int err = errno; 4305 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4306 file, strerror(err)); 4307 return (0); 4308 } 4309 4310 *cache = cache_init; 4311 _cache = cache; 4312 _cache++; 4313 4314 /* 4315 * Allocate an array that will hold the section index for 4316 * each section that has data in the ELF file: 4317 * 4318 * - Is not a NOBITS section 4319 * - Data has non-zero length 4320 * 4321 * Note that shnum is an upper bound on the size required. It 4322 * is likely that we won't use a few of these array elements. 4323 * Allocating a modest amount of extra memory in this case means 4324 * that we can avoid an extra loop to count the number of needed 4325 * items, and can fill this array immediately in the first loop 4326 * below. 4327 */ 4328 if ((shdr_ndx_arr = malloc(shnum * sizeof (*shdr_ndx_arr))) == NULL) { 4329 int err = errno; 4330 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4331 file, strerror(err)); 4332 return (0); 4333 } 4334 shdr_ndx_arr_cnt = 0; 4335 4336 /* 4337 * Traverse the sections of the file. This gathering of data is 4338 * carried out in two passes. First, the section headers are captured 4339 * and the section header names are evaluated. A verification pass is 4340 * then carried out over the section information. Files have been 4341 * known to exhibit overlapping (and hence erroneous) section header 4342 * information. 4343 * 4344 * Finally, the data for each section is obtained. This processing is 4345 * carried out after section verification because should any section 4346 * header overlap occur, and a file needs translating (ie. xlate'ing 4347 * information from a non-native architecture file), then the process 4348 * of translation can corrupt the section header information. Of 4349 * course, if there is any section overlap, the data related to the 4350 * sections is going to be compromised. However, it is the translation 4351 * of this data that has caused problems with elfdump()'s ability to 4352 * extract the data. 4353 */ 4354 for (ndx = 1, scn = NULL; scn = elf_nextscn(elf, scn); 4355 ndx++, _cache++) { 4356 char scnndxnm[100]; 4357 4358 _cache->c_ndx = ndx; 4359 _cache->c_scn = scn; 4360 4361 if ((_cache->c_shdr = elf_getshdr(scn)) == NULL) { 4362 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4363 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4364 EC_WORD(elf_ndxscn(scn))); 4365 } 4366 4367 /* 4368 * If this section has data in the file, include it in 4369 * the array of sections to check for address overlap. 4370 */ 4371 if ((_cache->c_shdr->sh_size != 0) && 4372 (_cache->c_shdr->sh_type != SHT_NOBITS)) 4373 shdr_ndx_arr[shdr_ndx_arr_cnt++] = ndx; 4374 4375 /* 4376 * If a shstrtab exists, assign the section name. 4377 */ 4378 if (names && _cache->c_shdr) { 4379 if (_cache->c_shdr->sh_name && 4380 /* LINTED */ 4381 (nameshdr->sh_size > _cache->c_shdr->sh_name)) { 4382 const char *symname; 4383 char *secname; 4384 4385 secname = names + _cache->c_shdr->sh_name; 4386 4387 /* 4388 * A SUN naming convention employs a "%" within 4389 * a section name to indicate a section/symbol 4390 * name. This originated from the compilers 4391 * -xF option, that places functions into their 4392 * own sections. This convention (which has no 4393 * formal standard) has also been followed for 4394 * COMDAT sections. To demangle the symbol 4395 * name, the name must be separated from the 4396 * section name. 4397 */ 4398 if (((flags & FLG_CTL_DEMANGLE) == 0) || 4399 ((symname = strchr(secname, '%')) == NULL)) 4400 _cache->c_name = secname; 4401 else { 4402 size_t secsz = ++symname - secname; 4403 size_t strsz; 4404 4405 symname = demangle(symname, flags); 4406 strsz = secsz + strlen(symname) + 1; 4407 4408 if ((_cache->c_name = 4409 malloc(strsz)) == NULL) { 4410 int err = errno; 4411 (void) fprintf(stderr, 4412 MSG_INTL(MSG_ERR_MALLOC), 4413 file, strerror(err)); 4414 return (0); 4415 } 4416 (void) snprintf(_cache->c_name, strsz, 4417 MSG_ORIG(MSG_FMT_SECSYM), 4418 EC_WORD(secsz), secname, symname); 4419 } 4420 4421 continue; 4422 } 4423 4424 /* 4425 * Generate an error if the section name index is zero 4426 * or exceeds the shstrtab data. Fall through to 4427 * fabricate a section name. 4428 */ 4429 if ((_cache->c_shdr->sh_name == 0) || 4430 /* LINTED */ 4431 (nameshdr->sh_size <= _cache->c_shdr->sh_name)) { 4432 (void) fprintf(stderr, 4433 MSG_INTL(MSG_ERR_BADSHNAME), file, 4434 EC_WORD(ndx), 4435 EC_XWORD(_cache->c_shdr->sh_name)); 4436 } 4437 } 4438 4439 /* 4440 * If there exists no shstrtab data, or a section header has no 4441 * name (an invalid index of 0), then compose a name for the 4442 * section. 4443 */ 4444 (void) snprintf(scnndxnm, sizeof (scnndxnm), 4445 MSG_INTL(MSG_FMT_SCNNDX), ndx); 4446 4447 if ((_cache->c_name = malloc(strlen(scnndxnm) + 1)) == NULL) { 4448 int err = errno; 4449 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4450 file, strerror(err)); 4451 return (0); 4452 } 4453 (void) strcpy(_cache->c_name, scnndxnm); 4454 } 4455 4456 /* 4457 * Having collected all the sections, validate their address range. 4458 * Cases have existed where the section information has been invalid. 4459 * This can lead to all sorts of other, hard to diagnose errors, as 4460 * each section is processed individually (ie. with elf_getdata()). 4461 * Here, we carry out some address comparisons to catch a family of 4462 * overlapping memory issues we have observed (likely, there are others 4463 * that we have yet to discover). 4464 * 4465 * Note, should any memory overlap occur, obtaining any additional 4466 * data from the file is questionable. However, it might still be 4467 * possible to inspect the ELF header, Programs headers, or individual 4468 * sections, so rather than bailing on an error condition, continue 4469 * processing to see if any data can be salvaged. 4470 */ 4471 if (shdr_ndx_arr_cnt > 1) { 4472 sort_shdr_ndx_arr_cache = cache; 4473 qsort(shdr_ndx_arr, shdr_ndx_arr_cnt, 4474 sizeof (*shdr_ndx_arr), sort_shdr_ndx_arr); 4475 } 4476 for (ndx = 0; ndx < shdr_ndx_arr_cnt; ndx++) { 4477 Cache *_cache = cache + shdr_ndx_arr[ndx]; 4478 Shdr *shdr = _cache->c_shdr; 4479 Off bgn1, bgn = shdr->sh_offset; 4480 Off end1, end = shdr->sh_offset + shdr->sh_size; 4481 size_t ndx1; 4482 4483 /* 4484 * Check the section against all following ones, reporting 4485 * any overlaps. Since we've sorted the sections by offset, 4486 * we can stop after the first comparison that fails. There 4487 * are no overlaps in a properly formed ELF file, in which 4488 * case this algorithm runs in O(n) time. This will degenerate 4489 * to O(n^2) for a completely broken file. Such a file is 4490 * (1) highly unlikely, and (2) unusable, so it is reasonable 4491 * for the analysis to take longer. 4492 */ 4493 for (ndx1 = ndx + 1; ndx1 < shdr_ndx_arr_cnt; ndx1++) { 4494 Cache *_cache1 = cache + shdr_ndx_arr[ndx1]; 4495 Shdr *shdr1 = _cache1->c_shdr; 4496 4497 bgn1 = shdr1->sh_offset; 4498 end1 = shdr1->sh_offset + shdr1->sh_size; 4499 4500 if (((bgn1 <= bgn) && (end1 > bgn)) || 4501 ((bgn1 < end) && (end1 >= end))) { 4502 (void) fprintf(stderr, 4503 MSG_INTL(MSG_ERR_SECMEMOVER), file, 4504 EC_WORD(elf_ndxscn(_cache->c_scn)), 4505 _cache->c_name, EC_OFF(bgn), EC_OFF(end), 4506 EC_WORD(elf_ndxscn(_cache1->c_scn)), 4507 _cache1->c_name, EC_OFF(bgn1), 4508 EC_OFF(end1)); 4509 } else { /* No overlap, so can stop */ 4510 break; 4511 } 4512 } 4513 4514 /* 4515 * In addition to checking for sections overlapping 4516 * each other (done above), we should also make sure 4517 * the section doesn't overlap the section header array. 4518 */ 4519 bgn1 = ehdr->e_shoff; 4520 end1 = ehdr->e_shoff + (ehdr->e_shentsize * ehdr->e_shnum); 4521 4522 if (((bgn1 <= bgn) && (end1 > bgn)) || 4523 ((bgn1 < end) && (end1 >= end))) { 4524 (void) fprintf(stderr, 4525 MSG_INTL(MSG_ERR_SHDRMEMOVER), file, EC_OFF(bgn1), 4526 EC_OFF(end1), 4527 EC_WORD(elf_ndxscn(_cache->c_scn)), 4528 _cache->c_name, EC_OFF(bgn), EC_OFF(end)); 4529 } 4530 } 4531 4532 /* 4533 * Obtain the data for each section. 4534 */ 4535 for (ndx = 1; ndx < shnum; ndx++) { 4536 Cache *_cache = &cache[ndx]; 4537 Elf_Scn *scn = _cache->c_scn; 4538 4539 if ((_cache->c_data = elf_getdata(scn, NULL)) == NULL) { 4540 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4541 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCNDATA), 4542 EC_WORD(elf_ndxscn(scn))); 4543 } 4544 4545 /* 4546 * If a string table, verify that it has NULL first and 4547 * final bytes. 4548 */ 4549 if ((_cache->c_shdr->sh_type == SHT_STRTAB) && 4550 (_cache->c_data->d_buf != NULL) && 4551 (_cache->c_data->d_size > 0)) { 4552 const char *s = _cache->c_data->d_buf; 4553 4554 if ((*s != '\0') || 4555 (*(s + _cache->c_data->d_size - 1) != '\0')) 4556 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALSTR), 4557 file, _cache->c_name); 4558 } 4559 } 4560 4561 return (1); 4562 } 4563 4564 4565 4566 /* 4567 * Generate a cache of section headers and related information 4568 * for use by the rest of elfdump. If requested (or the file 4569 * contains no section headers), we generate a fake set of 4570 * headers from the information accessible from the program headers. 4571 * Otherwise, we use the real section headers contained in the file. 4572 */ 4573 static int 4574 create_cache(const char *file, int fd, Elf *elf, Ehdr *ehdr, Cache **cache, 4575 size_t shstrndx, size_t *shnum, uint_t *flags) 4576 { 4577 /* 4578 * If there are no section headers, then resort to synthesizing 4579 * section headers from the program headers. This is normally 4580 * only done by explicit request, but in this case there's no 4581 * reason not to go ahead, since the alternative is simply to quit. 4582 */ 4583 if ((*shnum <= 1) && ((*flags & FLG_CTL_FAKESHDR) == 0)) { 4584 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHDR), file); 4585 *flags |= FLG_CTL_FAKESHDR; 4586 } 4587 4588 if (*flags & FLG_CTL_FAKESHDR) { 4589 if (fake_shdr_cache(file, fd, elf, ehdr, cache, shnum) == 0) 4590 return (0); 4591 } else { 4592 if (shdr_cache(file, elf, ehdr, shstrndx, *shnum, 4593 cache, *flags) == 0) 4594 return (0); 4595 } 4596 4597 return (1); 4598 } 4599 4600 int 4601 regular(const char *file, int fd, Elf *elf, uint_t flags, 4602 const char *wname, int wfd, uchar_t osabi) 4603 { 4604 enum { CACHE_NEEDED, CACHE_OK, CACHE_FAIL} cache_state = CACHE_NEEDED; 4605 Elf_Scn *scn; 4606 Ehdr *ehdr; 4607 size_t ndx, shstrndx, shnum, phnum; 4608 Shdr *shdr; 4609 Cache *cache; 4610 VERSYM_STATE versym; 4611 int ret = 0; 4612 int addr_align; 4613 4614 if ((ehdr = elf_getehdr(elf)) == NULL) { 4615 failure(file, MSG_ORIG(MSG_ELF_GETEHDR)); 4616 return (ret); 4617 } 4618 4619 if (elf_getshdrnum(elf, &shnum) == -1) { 4620 failure(file, MSG_ORIG(MSG_ELF_GETSHDRNUM)); 4621 return (ret); 4622 } 4623 4624 if (elf_getshdrstrndx(elf, &shstrndx) == -1) { 4625 failure(file, MSG_ORIG(MSG_ELF_GETSHDRSTRNDX)); 4626 return (ret); 4627 } 4628 4629 if (elf_getphdrnum(elf, &phnum) == -1) { 4630 failure(file, MSG_ORIG(MSG_ELF_GETPHDRNUM)); 4631 return (ret); 4632 } 4633 /* 4634 * If the user requested section headers derived from the 4635 * program headers (-P option) and this file doesn't have 4636 * any program headers (i.e. ET_REL), then we can't do it. 4637 */ 4638 if ((phnum == 0) && (flags & FLG_CTL_FAKESHDR)) { 4639 (void) fprintf(stderr, MSG_INTL(MSG_ERR_PNEEDSPH), file); 4640 return (ret); 4641 } 4642 4643 4644 if ((scn = elf_getscn(elf, 0)) != NULL) { 4645 if ((shdr = elf_getshdr(scn)) == NULL) { 4646 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4647 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 0); 4648 return (ret); 4649 } 4650 } else 4651 shdr = NULL; 4652 4653 /* 4654 * Print the elf header. 4655 */ 4656 if (flags & FLG_SHOW_EHDR) 4657 Elf_ehdr(0, ehdr, shdr); 4658 4659 /* 4660 * If the section headers or program headers have inadequate 4661 * alignment for the class of object, print a warning. libelf 4662 * can handle such files, but programs that use them can crash 4663 * when they dereference unaligned items. 4664 * 4665 * Note that the AMD64 ABI, although it is a 64-bit architecture, 4666 * allows access to data types smaller than 128-bits to be on 4667 * word alignment. 4668 */ 4669 if (ehdr->e_machine == EM_AMD64) 4670 addr_align = sizeof (Word); 4671 else 4672 addr_align = sizeof (Addr); 4673 4674 if (ehdr->e_phoff & (addr_align - 1)) 4675 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADPHDRALIGN), file); 4676 if (ehdr->e_shoff & (addr_align - 1)) 4677 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHDRALIGN), file); 4678 4679 4680 /* 4681 * Determine the Operating System ABI (osabi) we will use to 4682 * interpret the object. 4683 */ 4684 if (flags & FLG_CTL_OSABI) { 4685 /* 4686 * If the user explicitly specifies '-O none', we need 4687 * to display a completely generic view of the file. 4688 * However, libconv is written to assume that ELFOSABI_NONE 4689 * is equivalent to ELFOSABI_SOLARIS. To get the desired 4690 * effect, we use an osabi that libconv has no knowledge of. 4691 */ 4692 if (osabi == ELFOSABI_NONE) 4693 osabi = ELFOSABI_UNKNOWN4; 4694 } else { 4695 /* Determine osabi from file */ 4696 osabi = ehdr->e_ident[EI_OSABI]; 4697 if (osabi == ELFOSABI_NONE) { 4698 /* 4699 * Chicken/Egg scenario: 4700 * 4701 * Ideally, we wait to create the section header cache 4702 * until after the program headers are printed. If we 4703 * only output program headers, we can skip building 4704 * the cache entirely. 4705 * 4706 * Proper interpretation of program headers requires 4707 * the osabi, which is supposed to be in the ELF header. 4708 * However, many systems (Solaris and Linux included) 4709 * have a history of setting the osabi to the generic 4710 * SysV ABI (ELFOSABI_NONE). We assume ELFOSABI_SOLARIS 4711 * in such cases, but would like to check the object 4712 * to see if it has a Linux .note.ABI-tag section, 4713 * which implies ELFOSABI_LINUX. This requires a 4714 * section header cache. 4715 * 4716 * To break the cycle, we create section headers now 4717 * if osabi is ELFOSABI_NONE, and later otherwise. 4718 * If it succeeds, we use them, if not, we defer 4719 * exiting until after the program headers are out. 4720 */ 4721 if (create_cache(file, fd, elf, ehdr, &cache, 4722 shstrndx, &shnum, &flags) == 0) { 4723 cache_state = CACHE_FAIL; 4724 } else { 4725 cache_state = CACHE_OK; 4726 if (has_linux_abi_note(cache, shnum, file)) { 4727 Conv_inv_buf_t ibuf1, ibuf2; 4728 4729 (void) fprintf(stderr, 4730 MSG_INTL(MSG_INFO_LINUXOSABI), file, 4731 conv_ehdr_osabi(osabi, 0, &ibuf1), 4732 conv_ehdr_osabi(ELFOSABI_LINUX, 4733 0, &ibuf2)); 4734 osabi = ELFOSABI_LINUX; 4735 } 4736 } 4737 } 4738 /* 4739 * We treat ELFOSABI_NONE identically to ELFOSABI_SOLARIS. 4740 * Mapping NONE to SOLARIS simplifies the required test. 4741 */ 4742 if (osabi == ELFOSABI_NONE) 4743 osabi = ELFOSABI_SOLARIS; 4744 } 4745 4746 /* 4747 * Print the program headers. 4748 */ 4749 if ((flags & FLG_SHOW_PHDR) && (phnum != 0)) { 4750 Phdr *phdr; 4751 4752 if ((phdr = elf_getphdr(elf)) == NULL) { 4753 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 4754 return (ret); 4755 } 4756 4757 for (ndx = 0; ndx < phnum; phdr++, ndx++) { 4758 if (!match(MATCH_F_PHDR| MATCH_F_NDX | MATCH_F_TYPE, 4759 NULL, ndx, phdr->p_type)) 4760 continue; 4761 4762 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4763 dbg_print(0, MSG_INTL(MSG_ELF_PHDR), EC_WORD(ndx)); 4764 Elf_phdr(0, osabi, ehdr->e_machine, phdr); 4765 } 4766 } 4767 4768 /* 4769 * If we have flag bits set that explicitly require a show or calc 4770 * operation, but none of them require the section headers, then 4771 * we are done and can return now. 4772 */ 4773 if (((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) != 0) && 4774 ((flags & (FLG_MASK_SHOW_SHDR | FLG_MASK_CALC_SHDR)) == 0)) 4775 return (ret); 4776 4777 /* 4778 * Everything from this point on requires section headers. 4779 * If we have no section headers, there is no reason to continue. 4780 * 4781 * If we tried above to create the section header cache and failed, 4782 * it is time to exit. Otherwise, create it if needed. 4783 */ 4784 switch (cache_state) { 4785 case CACHE_NEEDED: 4786 if (create_cache(file, fd, elf, ehdr, &cache, shstrndx, 4787 &shnum, &flags) == 0) 4788 return (ret); 4789 break; 4790 case CACHE_FAIL: 4791 return (ret); 4792 } 4793 if (shnum <= 1) 4794 goto done; 4795 4796 /* 4797 * If -w was specified, find and write out the section(s) data. 4798 */ 4799 if (wfd) { 4800 for (ndx = 1; ndx < shnum; ndx++) { 4801 Cache *_cache = &cache[ndx]; 4802 4803 if (match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 4804 ndx, _cache->c_shdr->sh_type) && 4805 _cache->c_data && _cache->c_data->d_buf) { 4806 if (write(wfd, _cache->c_data->d_buf, 4807 _cache->c_data->d_size) != 4808 _cache->c_data->d_size) { 4809 int err = errno; 4810 (void) fprintf(stderr, 4811 MSG_INTL(MSG_ERR_WRITE), wname, 4812 strerror(err)); 4813 /* 4814 * Return an exit status of 1, because 4815 * the failure is not related to the 4816 * ELF file, but by system resources. 4817 */ 4818 ret = 1; 4819 goto done; 4820 } 4821 } 4822 } 4823 } 4824 4825 /* 4826 * If we have no flag bits set that explicitly require a show or calc 4827 * operation, but match options (-I, -N, -T) were used, then run 4828 * through the section headers and see if we can't deduce show flags 4829 * from the match options given. 4830 * 4831 * We don't do this if -w was specified, because (-I, -N, -T) used 4832 * with -w in lieu of some other option is supposed to be quiet. 4833 */ 4834 if ((wfd == 0) && (flags & FLG_CTL_MATCH) && 4835 ((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) == 0)) { 4836 for (ndx = 1; ndx < shnum; ndx++) { 4837 Cache *_cache = &cache[ndx]; 4838 4839 if (!match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 4840 ndx, _cache->c_shdr->sh_type)) 4841 continue; 4842 4843 switch (_cache->c_shdr->sh_type) { 4844 case SHT_PROGBITS: 4845 /* 4846 * Heuristic time: It is usually bad form 4847 * to assume the meaning/format of a PROGBITS 4848 * section based on its name. However, there 4849 * are ABI mandated exceptions. Check for 4850 * these special names. 4851 */ 4852 4853 /* The ELF ABI specifies .interp and .got */ 4854 if (strcmp(_cache->c_name, 4855 MSG_ORIG(MSG_ELF_INTERP)) == 0) { 4856 flags |= FLG_SHOW_INTERP; 4857 break; 4858 } 4859 if (strcmp(_cache->c_name, 4860 MSG_ORIG(MSG_ELF_GOT)) == 0) { 4861 flags |= FLG_SHOW_GOT; 4862 break; 4863 } 4864 /* 4865 * The GNU compilers, and amd64 ABI, define 4866 * .eh_frame and .eh_frame_hdr. The Sun 4867 * C++ ABI defines .exception_ranges. 4868 */ 4869 if ((strncmp(_cache->c_name, 4870 MSG_ORIG(MSG_SCN_FRM), 4871 MSG_SCN_FRM_SIZE) == 0) || 4872 (strncmp(_cache->c_name, 4873 MSG_ORIG(MSG_SCN_EXRANGE), 4874 MSG_SCN_EXRANGE_SIZE) == 0)) { 4875 flags |= FLG_SHOW_UNWIND; 4876 break; 4877 } 4878 break; 4879 4880 case SHT_SYMTAB: 4881 case SHT_DYNSYM: 4882 case SHT_SUNW_LDYNSYM: 4883 case SHT_SUNW_versym: 4884 case SHT_SYMTAB_SHNDX: 4885 flags |= FLG_SHOW_SYMBOLS; 4886 break; 4887 4888 case SHT_RELA: 4889 case SHT_REL: 4890 flags |= FLG_SHOW_RELOC; 4891 break; 4892 4893 case SHT_HASH: 4894 flags |= FLG_SHOW_HASH; 4895 break; 4896 4897 case SHT_DYNAMIC: 4898 flags |= FLG_SHOW_DYNAMIC; 4899 break; 4900 4901 case SHT_NOTE: 4902 flags |= FLG_SHOW_NOTE; 4903 break; 4904 4905 case SHT_GROUP: 4906 flags |= FLG_SHOW_GROUP; 4907 break; 4908 4909 case SHT_SUNW_symsort: 4910 case SHT_SUNW_tlssort: 4911 flags |= FLG_SHOW_SORT; 4912 break; 4913 4914 case SHT_SUNW_cap: 4915 flags |= FLG_SHOW_CAP; 4916 break; 4917 4918 case SHT_SUNW_move: 4919 flags |= FLG_SHOW_MOVE; 4920 break; 4921 4922 case SHT_SUNW_syminfo: 4923 flags |= FLG_SHOW_SYMINFO; 4924 break; 4925 4926 case SHT_SUNW_verdef: 4927 case SHT_SUNW_verneed: 4928 flags |= FLG_SHOW_VERSIONS; 4929 break; 4930 4931 case SHT_AMD64_UNWIND: 4932 flags |= FLG_SHOW_UNWIND; 4933 break; 4934 } 4935 } 4936 } 4937 4938 4939 if (flags & FLG_SHOW_SHDR) 4940 sections(file, cache, shnum, ehdr, osabi); 4941 4942 if (flags & FLG_SHOW_INTERP) 4943 interp(file, cache, shnum, phnum, elf); 4944 4945 if ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX)) 4946 versions(cache, shnum, file, flags, &versym); 4947 4948 if (flags & FLG_SHOW_SYMBOLS) 4949 symbols(cache, shnum, ehdr, osabi, &versym, file, flags); 4950 4951 if ((flags & FLG_SHOW_SORT) && (osabi == ELFOSABI_SOLARIS)) 4952 sunw_sort(cache, shnum, ehdr, osabi, &versym, file, flags); 4953 4954 if (flags & FLG_SHOW_HASH) 4955 hash(cache, shnum, file, flags); 4956 4957 if (flags & FLG_SHOW_GOT) 4958 got(cache, shnum, ehdr, file); 4959 4960 if (flags & FLG_SHOW_GROUP) 4961 group(cache, shnum, file, flags); 4962 4963 if (flags & FLG_SHOW_SYMINFO) 4964 syminfo(cache, shnum, file); 4965 4966 if (flags & FLG_SHOW_RELOC) 4967 reloc(cache, shnum, ehdr, file); 4968 4969 if (flags & FLG_SHOW_DYNAMIC) 4970 dynamic(cache, shnum, ehdr, osabi, file); 4971 4972 if (flags & FLG_SHOW_NOTE) { 4973 Word note_cnt; 4974 size_t note_shnum; 4975 Cache *note_cache; 4976 4977 note_cnt = note(cache, shnum, ehdr, file); 4978 4979 /* 4980 * Solaris core files have section headers, but these 4981 * headers do not include SHT_NOTE sections that reference 4982 * the core note sections. This means that note() won't 4983 * find the core notes. Fake section headers (-P option) 4984 * recover these sections, but it is inconvenient to require 4985 * users to specify -P in this situation. If the following 4986 * are all true: 4987 * 4988 * - No note sections were found 4989 * - This is a core file 4990 * - We are not already using fake section headers 4991 * 4992 * then we will automatically generate fake section headers 4993 * and then process them in a second call to note(). 4994 */ 4995 if ((note_cnt == 0) && (ehdr->e_type == ET_CORE) && 4996 !(flags & FLG_CTL_FAKESHDR) && 4997 (fake_shdr_cache(file, fd, elf, ehdr, 4998 ¬e_cache, ¬e_shnum) != 0)) { 4999 (void) note(note_cache, note_shnum, ehdr, file); 5000 fake_shdr_cache_free(note_cache, note_shnum); 5001 } 5002 } 5003 5004 if ((flags & FLG_SHOW_MOVE) && (osabi == ELFOSABI_SOLARIS)) 5005 move(cache, shnum, file, flags); 5006 5007 if (flags & FLG_CALC_CHECKSUM) 5008 checksum(elf); 5009 5010 if ((flags & FLG_SHOW_CAP) && (osabi == ELFOSABI_SOLARIS)) 5011 cap(file, cache, shnum, phnum, ehdr, osabi, elf, flags); 5012 5013 if ((flags & FLG_SHOW_UNWIND) && 5014 ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX))) 5015 unwind(cache, shnum, phnum, ehdr, osabi, file, elf, flags); 5016 5017 5018 /* Release the memory used to cache section headers */ 5019 done: 5020 if (flags & FLG_CTL_FAKESHDR) 5021 fake_shdr_cache_free(cache, shnum); 5022 else 5023 free(cache); 5024 5025 return (ret); 5026 } 5027