xref: /titanic_51/usr/src/cmd/sgs/rtld/common/elf.c (revision d15360a7f1d6c844288e4ec4c82be4ed51792be2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  *	Copyright (c) 1988 AT&T
24  *	  All Rights Reserved
25  *
26  *
27  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
28  * Use is subject to license terms.
29  */
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 
33 /*
34  * Object file dependent support for ELF objects.
35  */
36 #include	"_synonyms.h"
37 
38 #include	<stdio.h>
39 #include	<sys/procfs.h>
40 #include	<sys/mman.h>
41 #include	<sys/debug.h>
42 #include	<string.h>
43 #include	<limits.h>
44 #include	<dlfcn.h>
45 #include	"conv.h"
46 #include	"_rtld.h"
47 #include	"_audit.h"
48 #include	"_elf.h"
49 #include	"msg.h"
50 #include	"debug.h"
51 
52 /*
53  * Default and secure dependency search paths.
54  */
55 static Pnode		elf_dflt_dirs[] = {
56 #if	defined(_ELF64)
57 #ifndef	SGS_PRE_UNIFIED_PROCESS
58 	{ MSG_ORIG(MSG_PTH_LIB_64),		0,	MSG_PTH_LIB_64_SIZE,
59 		LA_SER_DEFAULT,			0,	&elf_dflt_dirs[1] },
60 #endif
61 	{ MSG_ORIG(MSG_PTH_USRLIB_64),		0,	MSG_PTH_USRLIB_64_SIZE,
62 		LA_SER_DEFAULT,			0, 0 }
63 #else
64 #ifndef	SGS_PRE_UNIFIED_PROCESS
65 	{ MSG_ORIG(MSG_PTH_LIB),		0,	MSG_PTH_LIB_SIZE,
66 		LA_SER_DEFAULT,			0,	&elf_dflt_dirs[1] },
67 #endif
68 	{ MSG_ORIG(MSG_PTH_USRLIB),		0,	MSG_PTH_USRLIB_SIZE,
69 		LA_SER_DEFAULT,			0, 0 }
70 #endif
71 };
72 
73 static Pnode		elf_secure_dirs[] = {
74 #if	defined(_ELF64)
75 #ifndef	SGS_PRE_UNIFIED_PROCESS
76 	{ MSG_ORIG(MSG_PTH_LIBSE_64),		0,	MSG_PTH_LIBSE_64_SIZE,
77 		LA_SER_SECURE,			0,	&elf_secure_dirs[1] },
78 #endif
79 	{ MSG_ORIG(MSG_PTH_USRLIBSE_64),	0,
80 		MSG_PTH_USRLIBSE_64_SIZE,
81 		LA_SER_SECURE,			0, 0 }
82 #else
83 #ifndef	SGS_PRE_UNIFIED_PROCESS
84 	{ MSG_ORIG(MSG_PTH_LIBSE),		0,	MSG_PTH_LIBSE_SIZE,
85 		LA_SER_SECURE,			0,	&elf_secure_dirs[1] },
86 #endif
87 	{ MSG_ORIG(MSG_PTH_USRLIBSE),		0,	MSG_PTH_USRLIBSE_SIZE,
88 		LA_SER_SECURE,			0, 0 }
89 #endif
90 };
91 
92 /*
93  * Defines for local functions.
94  */
95 static Pnode	*elf_fix_name(const char *, Rt_map *, uint_t);
96 static int	elf_are_u(Rej_desc *);
97 static void	elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
98 static ulong_t	elf_entry_pt(void);
99 static char	*elf_get_so(const char *, const char *);
100 static Rt_map	*elf_map_so(Lm_list *, Aliste, const char *, const char *, int);
101 static int	elf_needed(Lm_list *, Aliste, Rt_map *);
102 static void	elf_unmap_so(Rt_map *);
103 static int	elf_verify_vers(const char *, Rt_map *, Rt_map *);
104 
105 /*
106  * Functions and data accessed through indirect pointers.
107  */
108 Fct elf_fct = {
109 	elf_are_u,
110 	elf_entry_pt,
111 	elf_map_so,
112 	elf_unmap_so,
113 	elf_needed,
114 	lookup_sym,
115 	elf_reloc,
116 	elf_dflt_dirs,
117 	elf_secure_dirs,
118 	elf_fix_name,
119 	elf_get_so,
120 	elf_dladdr,
121 	dlsym_handle,
122 	elf_verify_vers,
123 	elf_set_prot
124 };
125 
126 
127 /*
128  * Redefine NEEDED name if necessary.
129  */
130 static Pnode *
131 elf_fix_name(const char *name, Rt_map *clmp, uint_t orig)
132 {
133 	/*
134 	 * For ABI compliance, if we are asked for ld.so.1, then really give
135 	 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1).
136 	 */
137 	if (((*name == '/') &&
138 #if	defined(_ELF64)
139 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) ||
140 #else
141 	    (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) ||
142 #endif
143 	    (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) {
144 		Pnode	*pnp;
145 
146 		DBG_CALL(Dbg_file_fixname(name, MSG_ORIG(MSG_PTH_LIBSYS)));
147 		if (((pnp = calloc(sizeof (Pnode), 1)) == 0) ||
148 		    ((pnp->p_name = strdup(MSG_ORIG(MSG_PTH_LIBSYS))) == 0)) {
149 			if (pnp)
150 				free(pnp);
151 			return (0);
152 		}
153 		pnp->p_len = MSG_PTH_LIBSYS_SIZE;
154 		pnp->p_orig = (orig & PN_SER_MASK);
155 		return (pnp);
156 	}
157 
158 	return (expand_paths(clmp, name, orig, 0));
159 }
160 
161 /*
162  * Determine if we have been given an ELF file and if so determine if the file
163  * is compatible.  Returns 1 if true, else 0 and sets the reject descriptor
164  * with associated error information.
165  */
166 static int
167 elf_are_u(Rej_desc *rej)
168 {
169 	Ehdr	*ehdr;
170 
171 	/*
172 	 * Determine if we're an elf file.  If not simply return, we don't set
173 	 * any rejection information as this test allows use to scroll through
174 	 * the objects we support (ELF, AOUT).
175 	 */
176 	if (fmap->fm_fsize < sizeof (Ehdr) ||
177 	    fmap->fm_maddr[EI_MAG0] != ELFMAG0 ||
178 	    fmap->fm_maddr[EI_MAG1] != ELFMAG1 ||
179 	    fmap->fm_maddr[EI_MAG2] != ELFMAG2 ||
180 	    fmap->fm_maddr[EI_MAG3] != ELFMAG3) {
181 		return (0);
182 	}
183 
184 	/*
185 	 * Check class and encoding.
186 	 */
187 	/* LINTED */
188 	ehdr = (Ehdr *)fmap->fm_maddr;
189 	if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
190 		rej->rej_type = SGS_REJ_CLASS;
191 		rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
192 		return (0);
193 	}
194 	if (ehdr->e_ident[EI_DATA] != M_DATA) {
195 		rej->rej_type = SGS_REJ_DATA;
196 		rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
197 		return (0);
198 	}
199 	if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
200 	    (ehdr->e_type != ET_DYN)) {
201 		rej->rej_type = SGS_REJ_TYPE;
202 		rej->rej_info = (uint_t)ehdr->e_type;
203 		return (0);
204 	}
205 
206 	/*
207 	 * Verify machine specific flags, and hardware capability requirements.
208 	 */
209 	if ((elf_mach_flags_check(rej, ehdr) == 0) ||
210 	    ((rtld_flags2 & RT_FL2_HWCAP) && (hwcap_check(rej, ehdr) == 0)))
211 		return (0);
212 
213 	/*
214 	 * Verify ELF version.  ??? is this too restrictive ???
215 	 */
216 	if (ehdr->e_version > EV_CURRENT) {
217 		rej->rej_type = SGS_REJ_VERSION;
218 		rej->rej_info = (uint_t)ehdr->e_version;
219 		return (0);
220 	}
221 	return (1);
222 }
223 
224 /*
225  * The runtime linker employs lazy loading to provide the libraries needed for
226  * debugging, preloading .o's and dldump().  As these are seldom used, the
227  * standard startup of ld.so.1 doesn't initialize all the information necessary
228  * to perform plt relocation on ld.so.1's link-map.  The first time lazy loading
229  * is called we get here to perform these initializations:
230  *
231  *  o	elf_needed() is called to set up the DYNINFO() indexes for each lazy
232  *	dependency.  Typically, for all other objects, this is called during
233  *	analyze_so(), but as ld.so.1 is set-contained we skip this processing.
234  *
235  *  o	For intel, ld.so.1's JMPSLOT relocations need relative updates. These
236  *	are by default skipped thus delaying all relative relocation processing
237  * 	on every invocation of ld.so.1.
238  */
239 int
240 elf_rtld_load()
241 {
242 	Lm_list	*lml = &lml_rtld;
243 	Rt_map	*lmp = lml->lm_head;
244 
245 	if (lml->lm_flags & LML_FLG_PLTREL)
246 		return (1);
247 
248 	/*
249 	 * As we need to refer to the DYNINFO() information, insure that it has
250 	 * been initialized.
251 	 */
252 	if (elf_needed(lml, ALO_DATA, lmp) == 0)
253 		return (0);
254 
255 #if	defined(i386)
256 	/*
257 	 * This is a kludge to give ld.so.1 a performance benefit on i386.
258 	 * It's based around two factors.
259 	 *
260 	 *  o	JMPSLOT relocations (PLT's) actually need a relative relocation
261 	 *	applied to the GOT entry so that they can find PLT0.
262 	 *
263 	 *  o	ld.so.1 does not exercise *any* PLT's before it has made a call
264 	 *	to elf_lazy_load().  This is because all dynamic dependencies
265 	 * 	are recorded as lazy dependencies.
266 	 */
267 	(void) elf_reloc_relacount((ulong_t)JMPREL(lmp),
268 	    (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
269 	    (ulong_t)ADDR(lmp));
270 #endif
271 
272 	lml->lm_flags |= LML_FLG_PLTREL;
273 	return (1);
274 }
275 
276 /*
277  * Lazy load an object.
278  */
279 Rt_map *
280 elf_lazy_load(Rt_map *clmp, uint_t ndx, const char *sym)
281 {
282 	Rt_map		*nlmp, *hlmp;
283 	Dyninfo		*dip = &DYNINFO(clmp)[ndx];
284 	uint_t		flags = 0;
285 	Pnode		*pnp;
286 	const char	*name;
287 	Lm_list		*lml = LIST(clmp);
288 	Lm_cntl		*lmc;
289 	Aliste		lmco;
290 
291 	/*
292 	 * If this dependency has already been processed, we're done.
293 	 */
294 	if (((nlmp = (Rt_map *)dip->di_info) != 0) ||
295 	    (dip->di_flags & FLG_DI_PROCESSD))
296 		return (nlmp);
297 
298 	/*
299 	 * Determine the initial dependency name, and indicate that this
300 	 * dependencies processing has initiated.
301 	 */
302 	name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val;
303 	DBG_CALL(Dbg_file_lazyload(name, NAME(clmp), sym));
304 	if (lml->lm_flags & LML_FLG_TRC_ENABLE)
305 		dip->di_flags |= FLG_DI_PROCESSD;
306 
307 	if (dip->di_flags & FLG_DI_GROUP)
308 		flags |= (FLG_RT_SETGROUP | FLG_RT_HANDLE);
309 
310 	/*
311 	 * Expand the requested name if necessary.
312 	 */
313 	if ((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0)
314 		return (0);
315 
316 	/*
317 	 * Provided the object on the head of the link-map has completed its
318 	 * relocation, create a new link-map control list for this request.
319 	 */
320 	hlmp = lml->lm_head;
321 	if (FLAGS(hlmp) & FLG_RT_RELOCED) {
322 		if ((lmc = alist_append(&(lml->lm_lists), 0, sizeof (Lm_cntl),
323 		    AL_CNT_LMLISTS)) == 0) {
324 			remove_pnode(pnp);
325 			return (0);
326 		}
327 		lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists);
328 	} else {
329 		lmc = 0;
330 		lmco = ALO_DATA;
331 	}
332 
333 	/*
334 	 * Load the associated object.
335 	 */
336 	dip->di_info = nlmp =
337 	    load_one(lml, lmco, pnp, clmp, MODE(clmp), flags, 0);
338 
339 	/*
340 	 * Remove any expanded pathname infrastructure.  Reduce the pending lazy
341 	 * dependency count of the caller, together with the link-map lists
342 	 * count of objects that still have lazy dependencies pending.
343 	 */
344 	remove_pnode(pnp);
345 	if (--LAZY(clmp) == 0)
346 		LIST(clmp)->lm_lazy--;
347 
348 	/*
349 	 * Finish processing the objects associated with this request.
350 	 */
351 	if (nlmp && ((analyze_lmc(lml, lmco, nlmp) == 0) ||
352 	    (relocate_lmc(lml, lmco, nlmp) == 0)))
353 		dip->di_info = nlmp = 0;
354 
355 	/*
356 	 * If the dependency has been successfully processed, and it is part of
357 	 * a link-map control list that is equivalent, or less, that the callers
358 	 * control list, create an association between the caller and this
359 	 * dependency.  If this dependency isn't yet apart of the callers
360 	 * link-map control list, then it is still apart of a list that is being
361 	 * relocated.  As the relocation of an object on this list might still
362 	 * fail, we can't yet bind the caller to this object.  To do so, would
363 	 * be locking the object so that it couldn't be deleted.  Mark this
364 	 * object as free, and it will be reprocessed when this dependency is
365 	 * next referenced.
366 	 */
367 	if (nlmp) {
368 		if (CNTL(nlmp) <= CNTL(clmp)) {
369 			if (bind_one(clmp, nlmp, BND_NEEDED) == 0)
370 				dip->di_info = nlmp = 0;
371 		} else {
372 			dip->di_info = 0;
373 			dip->di_flags &= ~FLG_DI_PROCESSD;
374 			if (LAZY(clmp)++ == 0)
375 				LIST(clmp)->lm_lazy++;
376 		}
377 	}
378 
379 	/*
380 	 * After a successful load, any objects collected on the new link-map
381 	 * control list will have been moved to the callers link-map control
382 	 * list.  This control list can now be deleted.
383 	 */
384 	if (lmc) {
385 		if (nlmp == 0)
386 			remove_incomplete(lml, lmco);
387 		remove_cntl(lml, lmco);
388 	}
389 
390 	return (nlmp);
391 }
392 
393 
394 /*
395  * Return the entry point of the ELF executable.
396  */
397 static ulong_t
398 elf_entry_pt(void)
399 {
400 	return (ENTRY(lml_main.lm_head));
401 }
402 
403 /*
404  * Unmap a given ELF shared object from the address space.
405  */
406 static void
407 elf_unmap_so(Rt_map *lmp)
408 {
409 	caddr_t	addr;
410 	size_t	size;
411 	Mmap	*mmaps;
412 
413 	/*
414 	 * If this link map represents a relocatable object concatenation, then
415 	 * the image was simply generated in allocated memory.  Free the memory.
416 	 *
417 	 * Note: the memory was originally allocated in the libelf:_elf_outmap
418 	 * routine and would normally have been free'd in elf_outsync(), but
419 	 * because we 'interpose' on that routine the memory  wasn't free'd at
420 	 * that time.
421 	 */
422 	if (FLAGS(lmp) & FLG_RT_IMGALLOC) {
423 		free((void *)ADDR(lmp));
424 		return;
425 	}
426 
427 	/*
428 	 * If padding was enabled via rtld_db, then we have at least one page
429 	 * in front of the image - and possibly a trailing page.
430 	 * Unmap the front page first:
431 	 */
432 	if (PADSTART(lmp) != ADDR(lmp)) {
433 		addr = (caddr_t)M_PTRUNC(PADSTART(lmp));
434 		size = ADDR(lmp) - (ulong_t)addr;
435 		(void) munmap(addr, size);
436 	}
437 
438 	/*
439 	 * Unmap any trailing padding.
440 	 */
441 	if (M_PROUND((PADSTART(lmp) + PADIMLEN(lmp))) >
442 	    M_PROUND(ADDR(lmp) + MSIZE(lmp))) {
443 		addr = (caddr_t)M_PROUND(ADDR(lmp) + MSIZE(lmp));
444 		size = M_PROUND(PADSTART(lmp) + PADIMLEN(lmp)) - (ulong_t)addr;
445 		(void) munmap(addr, size);
446 	}
447 
448 	/*
449 	 * Unmmap all mapped segments.
450 	 */
451 	for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++)
452 		(void) munmap(mmaps->m_vaddr, mmaps->m_msize);
453 }
454 
455 /*
456  * Determine if a dependency requires a particular version and if so verify
457  * that the version exists in the dependency.
458  */
459 static int
460 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
461 {
462 	Verneed		*vnd = VERNEED(clmp);
463 	int		_num, num = VERNEEDNUM(clmp);
464 	char		*cstrs = (char *)STRTAB(clmp);
465 	Lm_list		*lml = LIST(clmp);
466 
467 	/*
468 	 * Traverse the callers version needed information and determine if any
469 	 * specific versions are required from the dependency.
470 	 */
471 	for (_num = 1; _num <= num; _num++,
472 	    vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
473 		Half		cnt = vnd->vn_cnt;
474 		Vernaux		*vnap;
475 		char		*nstrs, *need;
476 
477 		/*
478 		 * Determine if a needed entry matches this dependency.
479 		 */
480 		need = (char *)(cstrs + vnd->vn_file);
481 		if (strcmp(name, need) != 0)
482 			continue;
483 
484 		DBG_CALL(Dbg_ver_need_title(NAME(clmp)));
485 		if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
486 		    ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
487 			(void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
488 
489 		/*
490 		 * Validate that each version required actually exists in the
491 		 * dependency.
492 		 */
493 		nstrs = (char *)STRTAB(nlmp);
494 
495 		for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
496 		    cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
497 			char		*version, *define;
498 			Verdef		*vdf = VERDEF(nlmp);
499 			ulong_t		_num, num = VERDEFNUM(nlmp);
500 			int		found = 0;
501 
502 			version = (char *)(cstrs + vnap->vna_name);
503 			DBG_CALL(Dbg_ver_need_entry(0, need, version));
504 
505 			for (_num = 1; _num <= num; _num++,
506 			    vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
507 				Verdaux		*vdap;
508 
509 				if (vnap->vna_hash != vdf->vd_hash)
510 					continue;
511 
512 				vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
513 				define = (char *)(nstrs + vdap->vda_name);
514 				if (strcmp(version, define) != 0)
515 					continue;
516 
517 				found++;
518 				break;
519 			}
520 
521 			/*
522 			 * If we're being traced print out any matched version
523 			 * when the verbose (-v) option is in effect.  Always
524 			 * print any unmatched versions.
525 			 */
526 			if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
527 				if (found) {
528 				    if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
529 					continue;
530 
531 				    (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
532 					need, version, NAME(nlmp));
533 				} else {
534 				    if (rtld_flags & RT_FL_SILENCERR)
535 					continue;
536 
537 				    (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
538 					need, version);
539 				}
540 				continue;
541 			}
542 
543 			/*
544 			 * If the version hasn't been found then this is a
545 			 * candidate for a fatal error condition.  Weak
546 			 * version definition requirements are silently
547 			 * ignored.  Also, if the image inspected for a version
548 			 * definition has no versioning recorded at all then
549 			 * silently ignore this (this provides better backward
550 			 * compatibility to old images created prior to
551 			 * versioning being available).  Both of these skipped
552 			 * diagnostics are available under tracing (see above).
553 			 */
554 			if ((found == 0) && (num != 0) &&
555 			    (!(vnap->vna_flags & VER_FLG_WEAK))) {
556 				eprintf(ERR_FATAL, MSG_INTL(MSG_VER_NFOUND),
557 				    need, version, NAME(clmp));
558 				return (0);
559 			}
560 		}
561 		return (1);
562 	}
563 	return (1);
564 }
565 
566 /*
567  * Search through the dynamic section for DT_NEEDED entries and perform one
568  * of two functions.  If only the first argument is specified then load the
569  * defined shared object, otherwise add the link map representing the defined
570  * link map the the dlopen list.
571  */
572 static int
573 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp)
574 {
575 	Dyn		*dyn;
576 	ulong_t		ndx = 0;
577 	uint_t		lazy = 0, flags = 0;
578 	Word		lmflags = lml->lm_flags;
579 	Word		lmtflags = lml->lm_tflags;
580 
581 	/*
582 	 * Process each shared object on needed list.
583 	 */
584 	if (DYN(clmp) == 0)
585 		return (1);
586 
587 	for (dyn = (Dyn *)DYN(clmp); dyn->d_tag != DT_NULL; dyn++, ndx++) {
588 		Dyninfo	*dip = &DYNINFO(clmp)[ndx];
589 		Rt_map	*nlmp = 0;
590 		char	*name;
591 		int	silent = 0;
592 		Pnode	*pnp;
593 
594 		switch (dyn->d_tag) {
595 		case DT_POSFLAG_1:
596 			if ((dyn->d_un.d_val & DF_P1_LAZYLOAD) &&
597 			    !(lmtflags & LML_TFLG_NOLAZYLD))
598 				lazy = 1;
599 			if (dyn->d_un.d_val & DF_P1_GROUPPERM)
600 				flags = (FLG_RT_SETGROUP | FLG_RT_HANDLE);
601 			continue;
602 		case DT_NEEDED:
603 		case DT_USED:
604 			dip->di_flags |= FLG_DI_NEEDED;
605 			if (flags)
606 				dip->di_flags |= FLG_DI_GROUP;
607 
608 			name = (char *)STRTAB(clmp) + dyn->d_un.d_val;
609 
610 			/*
611 			 * NOTE, libc.so.1 can't be lazy loaded.  Although a
612 			 * lazy position flag won't be produced when a RTLDINFO
613 			 * .dynamic entry is found (introduced with the UPM in
614 			 * Solaris 10), it was possible to mark libc for lazy
615 			 * loading on previous releases.  To reduce the overhead
616 			 * of testing for this occurrence, only carry out this
617 			 * check for the first object on the link-map list
618 			 * (there aren't many applications built without libc).
619 			 */
620 			if (lazy && (lml->lm_head == clmp) &&
621 			    (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
622 				lazy = 0;
623 
624 			/*
625 			 * Don't bring in lazy loaded objects yet unless we've
626 			 * been asked to attempt to load all available objects
627 			 * (crle(1) sets LD_FLAGS=loadavail).  Even under
628 			 * RTLD_NOW we don't process this - RTLD_NOW will cause
629 			 * relocation processing which in turn might trigger
630 			 * lazy loading, but its possible that the object has a
631 			 * lazy loaded file with no bindings (i.e., it should
632 			 * never have been a dependency in the first place).
633 			 */
634 			if (lazy) {
635 				if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
636 					LAZY(clmp)++;
637 					lazy = flags = 0;
638 					continue;
639 				}
640 
641 				/*
642 				 * Silence any error messages - see description
643 				 * under elf_lookup_filtee().
644 				 */
645 				if ((rtld_flags & RT_FL_SILENCERR) == 0) {
646 					rtld_flags |= RT_FL_SILENCERR;
647 					silent = 1;
648 				}
649 			}
650 			break;
651 		case DT_AUXILIARY:
652 			dip->di_flags |= FLG_DI_AUXFLTR;
653 			lazy = flags = 0;
654 			continue;
655 		case DT_SUNW_AUXILIARY:
656 			dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
657 			lazy = flags = 0;
658 			continue;
659 		case DT_FILTER:
660 			dip->di_flags |= FLG_DI_STDFLTR;
661 			lazy = flags = 0;
662 			continue;
663 		case DT_SUNW_FILTER:
664 			dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
665 			lazy = flags = 0;
666 			continue;
667 		default:
668 			lazy = flags = 0;
669 			continue;
670 		}
671 
672 		DBG_CALL(Dbg_file_needed(name, NAME(clmp)));
673 		if (lml->lm_flags & LML_FLG_TRC_ENABLE)
674 			dip->di_flags |= FLG_DI_PROCESSD;
675 
676 		/*
677 		 * Establish the objects name, load it and establish a binding
678 		 * with the caller.
679 		 */
680 		if (((pnp = elf_fix_name(name, clmp, PN_SER_NEEDED)) == 0) ||
681 		    ((nlmp = load_one(lml, lmco, pnp, clmp, MODE(clmp),
682 		    flags, 0)) == 0) || (bind_one(clmp, nlmp, BND_NEEDED) == 0))
683 			nlmp = 0;
684 
685 		/*
686 		 * Clean up any infrastructure, including the removal of the
687 		 * error suppression state, if it had been previously set in
688 		 * this routine.
689 		 */
690 		if (pnp)
691 			remove_pnode(pnp);
692 		if (silent)
693 			rtld_flags &= ~RT_FL_SILENCERR;
694 		lazy = flags = 0;
695 		if ((dip->di_info = (void *)nlmp) == 0) {
696 			/*
697 			 * If the object could not be mapped, continue if error
698 			 * suppression is established or we're here with ldd(1).
699 			 */
700 			if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
701 			    (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
702 				continue;
703 			else
704 				return (0);
705 		}
706 	}
707 
708 	if (LAZY(clmp))
709 		lml->lm_lazy++;
710 
711 	return (1);
712 }
713 
714 static int
715 elf_map_check(const char *name, caddr_t vaddr, Off size)
716 {
717 	prmap_t		*maps, *_maps;
718 	int		pfd, num, _num;
719 	caddr_t		eaddr = vaddr + size;
720 	int		err;
721 
722 	/*
723 	 * If memory reservations have been established for alternative objects
724 	 * determine if this object falls within the reservation, if it does no
725 	 * further checking is required.
726 	 */
727 	if (rtld_flags & RT_FL_MEMRESV) {
728 		Rtc_head	*head = (Rtc_head *)config->c_bgn;
729 
730 		if ((vaddr >= (caddr_t)(uintptr_t)head->ch_resbgn) &&
731 		    (eaddr <= (caddr_t)(uintptr_t)head->ch_resend))
732 			return (0);
733 	}
734 
735 	/*
736 	 * Determine the mappings presently in use by this process.
737 	 */
738 	if ((pfd = pr_open()) == FD_UNAVAIL)
739 		return (1);
740 
741 	if (ioctl(pfd, PIOCNMAP, (void *)&num) == -1) {
742 		err = errno;
743 		eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_PROC), name, strerror(err));
744 		return (1);
745 	}
746 
747 	if ((maps = malloc((num + 1) * sizeof (prmap_t))) == 0)
748 		return (1);
749 
750 	if (ioctl(pfd, PIOCMAP, (void *)maps) == -1) {
751 		err = errno;
752 		eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_PROC), name, strerror(err));
753 		free(maps);
754 		return (1);
755 	}
756 
757 	/*
758 	 * Determine if the supplied address clashes with any of the present
759 	 * process mappings.
760 	 */
761 	for (_num = 0, _maps = maps; _num < num; _num++, _maps++) {
762 		caddr_t		_eaddr = _maps->pr_vaddr + _maps->pr_size;
763 		Rt_map		*lmp;
764 		const char	*str;
765 
766 		if ((eaddr < _maps->pr_vaddr) || (vaddr >= _eaddr))
767 			continue;
768 
769 		/*
770 		 * We have a memory clash.  See if one of the known dynamic
771 		 * dependency mappings represents this space so as to provide
772 		 * the user a more meaningful message.
773 		 */
774 		if ((lmp = _caller(vaddr, 0)) != 0)
775 			str = NAME(lmp);
776 		else
777 			str = MSG_INTL(MSG_STR_UNKNOWN);
778 
779 		eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_MAPINUSE), name,
780 		    EC_ADDR(vaddr), EC_OFF(size), str);
781 		return (1);
782 	}
783 	free(maps);
784 	return (0);
785 }
786 
787 /*
788  * Obtain a memory reservation.  On newer systems, both MAP_ANON and MAP_ALIGN
789  * are used to obtained an aligned reservation from anonymous memory.  If
790  * MAP_ANON isn't available, then MAP_ALIGN isn't either, so obtain a standard
791  * reservation using the file as backing.
792  */
793 static Am_ret
794 elf_map_reserve(const char *name, caddr_t *maddr, Off msize, int mperm,
795     int fd, Xword align)
796 {
797 	Am_ret	amret;
798 	int	mflag = MAP_PRIVATE | MAP_NORESERVE;
799 
800 #if defined(MAP_ALIGN)
801 	if ((rtld_flags2 & RT_FL2_NOMALIGN) == 0) {
802 		mflag |= MAP_ALIGN;
803 		*maddr = (caddr_t)align;
804 	}
805 #endif
806 	if ((amret = anon_map(maddr, msize, PROT_NONE, mflag)) == AM_ERROR)
807 		return (amret);
808 
809 	if (amret == AM_OK)
810 		return (AM_OK);
811 
812 	/*
813 	 * If an anonymous memory request failed (which should only be the
814 	 * case if it is unsupported on the system we're running on), establish
815 	 * the initial mapping directly from the file.
816 	 */
817 	*maddr = 0;
818 	if ((*maddr = mmap(*maddr, msize, mperm, MAP_PRIVATE,
819 	    fd, 0)) == MAP_FAILED) {
820 		int	err = errno;
821 		eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), name, strerror(err));
822 		return (AM_ERROR);
823 	}
824 	return (AM_NOSUP);
825 }
826 
827 static void *
828 elf_map_textdata(caddr_t addr, Off flen, int mperm, int phdr_mperm, int mflag,
829     int fd, Off foff)
830 {
831 #if	defined(MAP_TEXT) && defined(MAP_INITDATA)
832 	static int	notd = 0;
833 
834 	/*
835 	 * If MAP_TEXT and MAP_INITDATA are available, select the appropriate
836 	 * flag.
837 	 */
838 	if (notd == 0) {
839 		if ((phdr_mperm & (PROT_WRITE | PROT_EXEC)) == PROT_EXEC)
840 			mflag |= MAP_TEXT;
841 		else
842 			mflag |= MAP_INITDATA;
843 	}
844 #endif
845 	if (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff) != MAP_FAILED)
846 		return (0);
847 
848 #if	defined(MAP_TEXT) && defined(MAP_INITDATA)
849 	if ((notd == 0) && (errno == EINVAL)) {
850 		/*
851 		 * MAP_TEXT and MAP_INITDATA may not be supported on this
852 		 * platform, try again without.
853 		 */
854 		notd = 1;
855 		mflag &= ~(MAP_TEXT | MAP_INITDATA);
856 
857 		return (mmap((caddr_t)addr, flen, mperm, mflag, fd, foff));
858 	}
859 #endif
860 	return (MAP_FAILED);
861 }
862 
863 /*
864  * Map in a file.
865  */
866 static caddr_t
867 elf_map_it(
868 	const char	*name,		/* actual name stored for pathname */
869 	Off		fsize,		/* total mapping claim of the file */
870 	Ehdr		*ehdr,		/* ELF header of file */
871 	Phdr		*fphdr,		/* first loadable Phdr */
872 	Phdr		*lphdr,		/* last loadable Phdr */
873 	Phdr		**rrphdr,	/* return first Phdr in reservation */
874 	caddr_t		*rraddr,	/* return start of reservation */
875 	Off		*rrsize,	/* return total size of reservation */
876 	int		fixed,		/* image is resolved to a fixed addr */
877 	int		fd,		/* images file descriptor */
878 	Xword		align,		/* image segments maximum alignment */
879 	Mmap		*mmaps,		/* mmap information array and */
880 	uint_t		*mmapcnt)	/* 	mapping count */
881 {
882 	caddr_t		raddr;		/* reservation address */
883 	Off		rsize;		/* reservation size */
884 	Phdr		*phdr;		/* working program header poiner */
885 	caddr_t		maddr;		/* working mmap address */
886 	caddr_t		faddr;		/* working file address */
887 	size_t		padsize;	/* object padding requirement */
888 	size_t		padpsize = 0;	/* padding size rounded to next page */
889 	size_t		padmsize = 0;	/* padding size rounded for alignment */
890 	int		skipfseg;	/* skip mapping first segment */
891 	int		mperm;		/* segment permissions */
892 	Am_ret		amret = AM_NOSUP;
893 
894 	/*
895 	 * If padding is required extend both the front and rear of the image.
896 	 * To insure the image itself is mapped at the correct alignment the
897 	 * initial padding is rounded up to the nearest page.  Once the image is
898 	 * mapped the excess can be pruned to the nearest page required for the
899 	 * actual padding itself.
900 	 */
901 	if ((padsize = r_debug.rtd_objpad) != 0) {
902 		padpsize = M_PROUND(padsize);
903 		if (fixed)
904 			padmsize = padpsize;
905 		else
906 			padmsize = S_ROUND(padsize, align);
907 	}
908 
909 	/*
910 	 * Determine the initial permissions used to map in the first segment.
911 	 * If this segments memsz is greater that its filesz then the difference
912 	 * must be zeroed.  Make sure this segment is writable.
913 	 */
914 	mperm = 0;
915 	if (fphdr->p_flags & PF_R)
916 		mperm |= PROT_READ;
917 	if (fphdr->p_flags & PF_X)
918 		mperm |= PROT_EXEC;
919 	if ((fphdr->p_flags & PF_W) || (fphdr->p_memsz > fphdr->p_filesz))
920 		mperm |= PROT_WRITE;
921 
922 	/*
923 	 * Determine whether or not to let system reserve address space based on
924 	 * whether this is a dynamic executable (addresses in object are fixed)
925 	 * or a shared object (addresses in object are relative to the objects'
926 	 * base).
927 	 */
928 	if (fixed) {
929 		/*
930 		 * Determine the reservation address and size, and insure that
931 		 * this reservation isn't already in use.
932 		 */
933 		faddr = maddr = (caddr_t)M_PTRUNC((ulong_t)fphdr->p_vaddr);
934 		raddr = maddr - padpsize;
935 		rsize = fsize + padpsize + padsize;
936 
937 		if (lml_main.lm_head) {
938 			if (elf_map_check(name, raddr, rsize) != 0)
939 				return (0);
940 		}
941 
942 		/*
943 		 * As this is a fixed image, all segments must be individually
944 		 * mapped.
945 		 */
946 		skipfseg = 0;
947 
948 	} else {
949 		size_t	esize;
950 
951 		/*
952 		 * If this isn't a fixed image, reserve enough address space for
953 		 * the entire image to be mapped.  The amount of reservation is
954 		 * the range between the beginning of the first, and end of the
955 		 * last loadable segment, together with any padding, plus the
956 		 * alignment of the first segment.
957 		 *
958 		 * The optimal reservation is made as a no-reserve mapping from
959 		 * anonymous memory.  Each segment is then mapped into this
960 		 * reservation.  If the anonymous mapping capability isn't
961 		 * available, the reservation is obtained from the file itself.
962 		 * In this case the first segment of the image is mapped as part
963 		 * of the reservation, thus only the following segments need to
964 		 * be remapped.
965 		 */
966 		rsize = fsize + padmsize + padsize;
967 		if ((amret = elf_map_reserve(name, &raddr, rsize, mperm,
968 		    fd, align)) == AM_ERROR)
969 			return (0);
970 		maddr = raddr + padmsize;
971 		faddr = (caddr_t)S_ROUND((Off)maddr, align);
972 
973 		/*
974 		 * If this reservation has been obtained from anonymous memory,
975 		 * then all segments must be individually mapped.  Otherwise,
976 		 * the first segment heads the reservation.
977 		 */
978 		if (amret == AM_OK)
979 			skipfseg = 0;
980 		else
981 			skipfseg = 1;
982 
983 		/*
984 		 * For backward compatibility (where MAP_ALIGN isn't available),
985 		 * insure the alignment of the reservation is adequate for this
986 		 * object, and if not remap the object to obtain the correct
987 		 * alignment.
988 		 */
989 		if (faddr != maddr) {
990 			(void) munmap(raddr, rsize);
991 
992 			rsize += align;
993 			if ((amret = elf_map_reserve(name, &raddr, rsize, mperm,
994 			    fd, align)) == AM_ERROR)
995 				return (0);
996 
997 			maddr = faddr = (caddr_t)S_ROUND((Off)(raddr +
998 			    padpsize), align);
999 
1000 			esize = maddr - raddr + padpsize;
1001 
1002 			/*
1003 			 * As ths image has been realigned, the first segment
1004 			 * of the file needs to be remapped to its correct
1005 			 * location.
1006 			 */
1007 			skipfseg = 0;
1008 		} else
1009 			esize = padmsize - padpsize;
1010 
1011 		/*
1012 		 * If this reservation included padding, remove any excess for
1013 		 * the start of the image (the padding was adjusted to insure
1014 		 * the image was aligned appropriately).
1015 		 */
1016 		if (esize) {
1017 			(void) munmap(raddr, esize);
1018 			raddr += esize;
1019 			rsize -= esize;
1020 		}
1021 	}
1022 
1023 	/*
1024 	 * At this point we know the initial location of the image, and its
1025 	 * size.  Pass these back to the caller for inclusion in the link-map
1026 	 * that will eventually be created.
1027 	 */
1028 	*rraddr = raddr;
1029 	*rrsize = rsize;
1030 
1031 	/*
1032 	 * The first loadable segment is now pointed to by maddr.  This segment
1033 	 * will eventually contain the elf header and program headers, so reset
1034 	 * the program header.  Pass this  back to the caller for inclusion in
1035 	 * the link-map so it can be used for later unmapping operations.
1036 	 */
1037 	/* LINTED */
1038 	*rrphdr = (Phdr *)((char *)maddr + ehdr->e_phoff);
1039 
1040 	/*
1041 	 * If padding is required at the front of the image, obtain that now.
1042 	 * Note, if we've already obtained a reservation from anonymous memory
1043 	 * then this reservation will already include suitable padding.
1044 	 * Otherwise this reservation is backed by the file, or in the case of
1045 	 * a fixed image, doesn't yet exist.  Map the padding so that it is
1046 	 * suitably protected (PROT_NONE), and insure the first segment of the
1047 	 * file is mapped to its correct location.
1048 	 */
1049 	if (padsize) {
1050 		if (amret == AM_NOSUP) {
1051 			if (dz_map(raddr, padpsize, PROT_NONE, (MAP_PRIVATE |
1052 			    MAP_FIXED | MAP_NORESERVE)) == MAP_FAILED)
1053 				return (0);
1054 
1055 			skipfseg = 0;
1056 		}
1057 		rsize -= padpsize;
1058 	}
1059 
1060 	/*
1061 	 * Map individual segments.  For a fixed image, these will each be
1062 	 * unique mappings.  For a reservation these will fill in the
1063 	 * reservation.
1064 	 */
1065 	for (phdr = fphdr; phdr <= lphdr;
1066 	    phdr = (Phdr *)((Off)phdr + ehdr->e_phentsize)) {
1067 		caddr_t	addr;
1068 		Off	mlen, flen;
1069 		size_t	size;
1070 
1071 		/*
1072 		 * Skip non-loadable segments or segments that don't occupy
1073 		 * any memory.
1074 		 */
1075 		if (((phdr->p_type != PT_LOAD) &&
1076 		    (phdr->p_type != PT_SUNWBSS)) || (phdr->p_memsz == 0))
1077 			continue;
1078 
1079 		/*
1080 		 * Establish this segments address relative to our base.
1081 		 */
1082 		addr = (caddr_t)M_PTRUNC((ulong_t)(phdr->p_vaddr +
1083 		    (fixed ? 0 : faddr)));
1084 
1085 		/*
1086 		 * Determine the mapping protection from the segment attributes.
1087 		 * Also determine the etext address from the last loadable
1088 		 * segment which has permissions but no write access.
1089 		 */
1090 		mperm = 0;
1091 		if (phdr->p_flags) {
1092 			if (phdr->p_flags & PF_R)
1093 				mperm |= PROT_READ;
1094 			if (phdr->p_flags & PF_X)
1095 				mperm |= PROT_EXEC;
1096 			if (phdr->p_flags & PF_W)
1097 				mperm |= PROT_WRITE;
1098 			else
1099 				fmap->fm_etext = phdr->p_vaddr + phdr->p_memsz +
1100 				    (ulong_t)(fixed ? 0 : faddr);
1101 		}
1102 
1103 		/*
1104 		 * Determine the type of mapping required.
1105 		 */
1106 		if (phdr->p_type == PT_SUNWBSS) {
1107 			/*
1108 			 * Potentially, we can defer the loading of any SUNWBSS
1109 			 * segment, depending on whether the symbols it provides
1110 			 * have been bound to.  In this manner, large segments
1111 			 * that are interposed upon between shared libraries
1112 			 * may not require mapping.  Note, that the mapping
1113 			 * information is recorded in our mapping descriptor at
1114 			 * this time.
1115 			 */
1116 			mlen = phdr->p_memsz;
1117 			flen = 0;
1118 
1119 		} else if ((phdr->p_filesz == 0) && (phdr->p_flags == 0)) {
1120 			/*
1121 			 * If this segment has no backing file and no flags
1122 			 * specified, then it defines a reservation.  At this
1123 			 * point all standard loadable segments will have been
1124 			 * processed.  The segment reservation is mapped
1125 			 * directly from /dev/null.
1126 			 */
1127 			if (nu_map((caddr_t)addr, phdr->p_memsz, PROT_NONE,
1128 			    MAP_FIXED | MAP_PRIVATE) == MAP_FAILED)
1129 				return (0);
1130 
1131 			mlen = phdr->p_memsz;
1132 			flen = 0;
1133 
1134 		} else if (phdr->p_filesz == 0) {
1135 			/*
1136 			 * If this segment has no backing file then it defines a
1137 			 * nobits segment and is mapped directly from /dev/zero.
1138 			 */
1139 			if (dz_map((caddr_t)addr, phdr->p_memsz, mperm,
1140 			    MAP_FIXED | MAP_PRIVATE) == MAP_FAILED)
1141 				return (0);
1142 
1143 			mlen = phdr->p_memsz;
1144 			flen = 0;
1145 
1146 		} else {
1147 			Off	foff;
1148 
1149 			/*
1150 			 * This mapping originates from the file.  Determine the
1151 			 * file offset to which the mapping will be directed
1152 			 * (must be aligned) and how much to map (might be more
1153 			 * than the file in the case of .bss).
1154 			 */
1155 			foff = M_PTRUNC((ulong_t)phdr->p_offset);
1156 			mlen = phdr->p_memsz + (phdr->p_offset - foff);
1157 			flen = phdr->p_filesz + (phdr->p_offset - foff);
1158 
1159 			/*
1160 			 * If this is a non-fixed, non-anonymous mapping, and no
1161 			 * padding is involved, then the first loadable segment
1162 			 * is already part of the initial reservation.  In this
1163 			 * case there is no need to remap this segment.
1164 			 */
1165 			if ((skipfseg == 0) || (phdr != fphdr)) {
1166 				int phdr_mperm = mperm;
1167 				/*
1168 				 * If this segments memsz is greater that its
1169 				 * filesz then the difference must be zeroed.
1170 				 * Make sure this segment is writable.
1171 				 */
1172 				if (phdr->p_memsz > phdr->p_filesz)
1173 					mperm |= PROT_WRITE;
1174 
1175 				if (elf_map_textdata((caddr_t)addr, flen,
1176 				    mperm, phdr_mperm,
1177 				    (MAP_FIXED | MAP_PRIVATE), fd, foff) ==
1178 				    MAP_FAILED) {
1179 					int	err = errno;
1180 					eprintf(ERR_FATAL,
1181 					    MSG_INTL(MSG_SYS_MMAP), name,
1182 					    strerror(err));
1183 					return (0);
1184 				}
1185 			}
1186 
1187 			/*
1188 			 * If the memory occupancy of the segment overflows the
1189 			 * definition in the file, we need to "zero out" the end
1190 			 * of the mapping we've established, and if necessary,
1191 			 * map some more space from /dev/zero.  Note, zero'ed
1192 			 * memory must end on a double word boundary to satisfy
1193 			 * zero().
1194 			 */
1195 			if (phdr->p_memsz > phdr->p_filesz) {
1196 				caddr_t	zaddr;
1197 				size_t	zlen, zplen;
1198 				Off	fend;
1199 
1200 				foff = (Off)(phdr->p_vaddr + phdr->p_filesz +
1201 				    (fixed ? 0 : faddr));
1202 				zaddr = (caddr_t)M_PROUND(foff);
1203 				zplen = (size_t)(zaddr - foff);
1204 
1205 				fend = (Off)S_DROUND((size_t)(phdr->p_vaddr +
1206 				    phdr->p_memsz + (fixed ? 0 : faddr)));
1207 				zlen = (size_t)(fend - foff);
1208 
1209 				/*
1210 				 * Determine whether the number of bytes that
1211 				 * must be zero'ed overflow to the next page.
1212 				 * If not, simply clear the exact bytes
1213 				 * (filesz to memsz) from this page.  Otherwise,
1214 				 * clear the remaining bytes of this page, and
1215 				 * map an following pages from /dev/zero.
1216 				 */
1217 				if (zlen < zplen)
1218 					zero((caddr_t)foff, (long)zlen);
1219 				else {
1220 					zero((caddr_t)foff, (long)zplen);
1221 
1222 					if ((zlen = (fend - (Off)zaddr)) > 0) {
1223 						if (dz_map(zaddr, zlen, mperm,
1224 						    MAP_FIXED | MAP_PRIVATE) ==
1225 						    MAP_FAILED)
1226 							return (0);
1227 					}
1228 				}
1229 			}
1230 		}
1231 
1232 		/*
1233 		 * Unmap anything from the last mapping address to this one and
1234 		 * update the mapping claim pointer.
1235 		 */
1236 		if ((fixed == 0) && ((size = addr - maddr) != 0)) {
1237 			(void) munmap(maddr, size);
1238 			rsize -= size;
1239 		}
1240 
1241 		/*
1242 		 * Retain this segments mapping information.
1243 		 */
1244 		mmaps[*mmapcnt].m_vaddr = addr;
1245 		mmaps[*mmapcnt].m_msize = mlen;
1246 		mmaps[*mmapcnt].m_fsize = flen;
1247 		mmaps[*mmapcnt].m_perm = mperm;
1248 		(*mmapcnt)++;
1249 
1250 		maddr = addr + M_PROUND(mlen);
1251 		rsize -= M_PROUND(mlen);
1252 	}
1253 
1254 	/*
1255 	 * If padding is required at the end of the image, obtain that now.
1256 	 * Note, if we've already obtained a reservation from anonymous memory
1257 	 * then this reservation will already include suitable padding.
1258 	 */
1259 	if (padsize) {
1260 		if (amret == AM_NOSUP) {
1261 			/*
1262 			 * maddr is currently page aligned from the last segment
1263 			 * mapping.
1264 			 */
1265 			if (dz_map(maddr, padsize, PROT_NONE, (MAP_PRIVATE |
1266 			    MAP_FIXED | MAP_NORESERVE)) == MAP_FAILED)
1267 				return (0);
1268 		}
1269 		maddr += padsize;
1270 		rsize -= padsize;
1271 	}
1272 
1273 	/*
1274 	 * Unmap any final reservation.
1275 	 */
1276 	if ((fixed == 0) && (rsize != 0))
1277 		(void) munmap(maddr, rsize);
1278 
1279 	return (faddr);
1280 }
1281 
1282 /*
1283  * A null symbol interpretor.  Used if a filter has no associated filtees.
1284  */
1285 /* ARGSUSED0 */
1286 static Sym *
1287 elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo)
1288 {
1289 	return ((Sym *)0);
1290 }
1291 
1292 /*
1293  * Disable filtee use.
1294  */
1295 static void
1296 elf_disable_filtee(Rt_map * lmp, Dyninfo * dip)
1297 {
1298 	dip->di_info = 0;
1299 
1300 	if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
1301 		/*
1302 		 * If this is an object filter, free the filtee's duplication.
1303 		 */
1304 		if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
1305 			free(REFNAME(lmp));
1306 			REFNAME(lmp) = (char *)0;
1307 			OBJFLTRNDX(lmp) = FLTR_DISABLED;
1308 
1309 			/*
1310 			 * Indicate that this filtee is no longer available.
1311 			 */
1312 			if (dip->di_flags & FLG_DI_STDFLTR)
1313 				SYMINTP(lmp) = elf_null_find_sym;
1314 
1315 		}
1316 	} else if (dip->di_flags & FLG_DI_STDFLTR) {
1317 		/*
1318 		 * Indicate that this standard filtee is no longer available.
1319 		 */
1320 		if (SYMSFLTRCNT(lmp))
1321 			SYMSFLTRCNT(lmp)--;
1322 	} else {
1323 		/*
1324 		 * Indicate that this auxiliary filtee is no longer available.
1325 		 */
1326 		if (SYMAFLTRCNT(lmp))
1327 			SYMAFLTRCNT(lmp)--;
1328 	}
1329 	dip->di_flags &= ~MSK_DI_FILTER;
1330 }
1331 
1332 /*
1333  * Find symbol interpreter - filters.
1334  * This function is called when the symbols from a shared object should
1335  * be resolved from the shared objects filtees instead of from within itself.
1336  *
1337  * A symbol name of 0 is used to trigger filtee loading.
1338  */
1339 static Sym *
1340 _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx)
1341 {
1342 	const char	*name = slp->sl_name, *filtees;
1343 	Rt_map		*clmp = slp->sl_cmap;
1344 	Rt_map		*ilmp = slp->sl_imap;
1345 	Pnode		*pnp, **pnpp;
1346 	int		any;
1347 	Dyninfo		*dip = &DYNINFO(ilmp)[ndx];
1348 	Lm_list		*lml = LIST(ilmp);
1349 	Lm_cntl		*lmc = 0;
1350 	Aliste		lmco;
1351 
1352 	/*
1353 	 * Indicate that the filter has been used.  If a binding already exists
1354 	 * to the caller, indicate that this object is referenced.  This insures
1355 	 * we don't generate false unreferenced diagnostics from ldd -u/U or
1356 	 * debugging.  Don't create a binding regardless, as this filter may
1357 	 * have been dlopen()'ed.
1358 	 */
1359 	if (name && (ilmp != clmp)) {
1360 		Word	tracing = (LIST(clmp)->lm_flags &
1361 		    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
1362 
1363 		if (tracing || dbg_mask) {
1364 			Bnd_desc **	bdpp;
1365 			Aliste		off;
1366 
1367 			FLAGS1(ilmp) |= FL1_RT_USED;
1368 
1369 			if ((tracing & LML_FLG_TRC_UNREF) || dbg_mask) {
1370 				for (ALIST_TRAVERSE(CALLERS(ilmp), off, bdpp)) {
1371 					Bnd_desc *	bdp = *bdpp;
1372 
1373 					if (bdp->b_caller == clmp) {
1374 						bdp->b_flags |= BND_REFER;
1375 						break;
1376 					}
1377 				}
1378 			}
1379 		}
1380 	}
1381 
1382 	/*
1383 	 * If this is the first call to process this filter, establish the
1384 	 * filtee list.  If a configuration file exists, determine if any
1385 	 * filtee associations for this filter, and its filtee reference, are
1386 	 * defined.  Otherwise, process the filtee reference.  Any token
1387 	 * expansion is also completed at this point (i.e., $PLATFORM).
1388 	 */
1389 	filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val;
1390 	if (dip->di_info == 0) {
1391 		if (rtld_flags2 & RT_FL2_FLTCFG)
1392 			dip->di_info = elf_config_flt(PATHNAME(ilmp), filtees);
1393 
1394 		if (dip->di_info == 0) {
1395 			DBG_CALL(Dbg_file_filter(NAME(ilmp), filtees, 0));
1396 			if ((lml->lm_flags &
1397 			    (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
1398 			    ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
1399 				(void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
1400 				    NAME(ilmp), filtees);
1401 
1402 			if ((dip->di_info = (void *)expand_paths(ilmp,
1403 			    filtees, PN_SER_FILTEE, 0)) == 0) {
1404 				elf_disable_filtee(ilmp, dip);
1405 				return ((Sym *)0);
1406 			}
1407 		}
1408 	}
1409 
1410 	/*
1411 	 * Traverse the filtee list, dlopen()'ing any objects specified and
1412 	 * using their group handle to lookup the symbol.
1413 	 */
1414 	for (any = 0, pnpp = (Pnode **)&(dip->di_info), pnp = *pnpp; pnp;
1415 	    pnpp = &pnp->p_next, pnp = * pnpp) {
1416 		int	mode;
1417 		Grp_hdl	*ghp;
1418 		Rt_map	*nlmp = 0;
1419 
1420 		if (pnp->p_len == 0)
1421 			continue;
1422 
1423 		/*
1424 		 * Establish the mode of the filtee from the filter.  As filtees
1425 		 * are loaded via a dlopen(), make sure that RTLD_GROUP is set
1426 		 * and the filtees aren't global.  It would be nice to have
1427 		 * RTLD_FIRST used here also, but as filters got out long before
1428 		 * RTLD_FIRST was introduced it's a little too late now.
1429 		 */
1430 		mode = MODE(ilmp) | RTLD_GROUP;
1431 		mode &= ~RTLD_GLOBAL;
1432 
1433 		/*
1434 		 * Insure that any auxiliary filter can locate symbols from its
1435 		 * caller.
1436 		 */
1437 		if (dip->di_flags & FLG_DI_AUXFLTR)
1438 			mode |= RTLD_PARENT;
1439 
1440 		/*
1441 		 * Process any hardware capability directory.  Establish a new
1442 		 * link-map control list from which to analyze any newly added
1443 		 * objects.
1444 		 */
1445 		if ((pnp->p_info == 0) && (pnp->p_orig & PN_TKN_HWCAP)) {
1446 			if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) {
1447 				if ((lmc = alist_append(&(lml->lm_lists), 0,
1448 				    sizeof (Lm_cntl), AL_CNT_LMLISTS)) == 0)
1449 					return ((Sym *)0);
1450 				lmco = (Aliste)((char *)lmc -
1451 				    (char *)lml->lm_lists);
1452 			} else {
1453 				lmc = 0;
1454 				lmco = ALO_DATA;
1455 			}
1456 
1457 			pnp = hwcap_filtees(pnpp, lmco, dip, ilmp, filtees,
1458 			    mode, (FLG_RT_HANDLE | FLG_RT_HWCAP));
1459 		}
1460 
1461 		if (pnp->p_len == 0)
1462 			continue;
1463 
1464 		/*
1465 		 * Process an individual filtee.
1466 		 */
1467 		if (pnp->p_info == 0) {
1468 			const char	*filtee = pnp->p_name;
1469 			int		audit = 0;
1470 
1471 			DBG_CALL(Dbg_file_filtee(NAME(ilmp), filtee, 0));
1472 
1473 			ghp = 0;
1474 
1475 			/*
1476 			 * Determine if the reference link map is already
1477 			 * loaded.  As an optimization compare the filtee with
1478 			 * our interpretor.  The most common filter is
1479 			 * libdl.so.1, which is a filter on ld.so.1.
1480 			 */
1481 #if	defined(_ELF64)
1482 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
1483 #else
1484 			if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
1485 #endif
1486 				/*
1487 				 * Create an association between ld.so.1 and
1488 				 * the filter.
1489 				 */
1490 				nlmp = lml_rtld.lm_head;
1491 				if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1492 				    (GPH_LDSO | GPH_FIRST | GPH_FILTEE))) == 0)
1493 					nlmp = 0;
1494 
1495 				/*
1496 				 * Establish the filter handle to prevent any
1497 				 * recursion.
1498 				 */
1499 				if (nlmp && ghp)
1500 					pnp->p_info = (void *)ghp;
1501 
1502 				/*
1503 				 * Audit the filter/filtee established.  Ignore
1504 				 * any return from the auditor, as we can't
1505 				 * allow ignore filtering to ld.so.1, otherwise
1506 				 * nothing is going to work.
1507 				 */
1508 				if ((lml->lm_tflags | FLAGS1(ilmp)) &
1509 				    LML_TFLG_AUD_OBJFILTER)
1510 					(void) audit_objfilter(ilmp, filtees,
1511 					    nlmp, 0);
1512 
1513 			} else {
1514 				Rej_desc	rej = { 0 };
1515 
1516 				/*
1517 				 * Establish a new link-map control list from
1518 				 * which to analyze any newly added objects.
1519 				 */
1520 				if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) {
1521 					if ((lmc =
1522 					    alist_append(&(lml->lm_lists), 0,
1523 					    sizeof (Lm_cntl),
1524 					    AL_CNT_LMLISTS)) == 0)
1525 						return ((Sym *)0);
1526 					lmco = (Aliste)((char *)lmc -
1527 					    (char *)lml->lm_lists);
1528 				} else {
1529 					lmc = 0;
1530 					lmco = ALO_DATA;
1531 				}
1532 
1533 				/*
1534 				 * Load the filtee.
1535 				 */
1536 				if ((nlmp = load_path(lml, lmco, filtee, ilmp,
1537 				    mode, FLG_RT_HANDLE, &ghp, 0, &rej)) == 0) {
1538 					file_notfound(LIST(ilmp), filtee, ilmp,
1539 					    FLG_RT_HANDLE, &rej);
1540 					remove_rej(&rej);
1541 				}
1542 
1543 				/*
1544 				 * Establish the filter handle to prevent any
1545 				 * recursion.
1546 				 */
1547 				if (nlmp && ghp) {
1548 					ghp->gh_flags |= GPH_FILTEE;
1549 					pnp->p_info = (void *)ghp;
1550 				}
1551 
1552 				/*
1553 				 * Audit the filter/filtee established.  A
1554 				 * return of 0 indicates the auditor wishes to
1555 				 * ignore this filtee.
1556 				 */
1557 				if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1558 				    LML_TFLG_AUD_OBJFILTER)) {
1559 					if (audit_objfilter(ilmp, filtees,
1560 					    nlmp, 0) == 0) {
1561 						audit = 1;
1562 						nlmp = 0;
1563 					}
1564 				}
1565 
1566 				/*
1567 				 * Finish processing the objects associated with
1568 				 * this request.  Create an association between
1569 				 * this object and the originating filter to
1570 				 * provide sufficient information to tear down
1571 				 * this filtee if necessary.
1572 				 */
1573 				if (nlmp && ghp &&
1574 				    ((analyze_lmc(lml, lmco, nlmp) == 0) ||
1575 				    (relocate_lmc(lml, lmco, nlmp) == 0)))
1576 					nlmp = 0;
1577 
1578 				/*
1579 				 * If the filtee has been successfully
1580 				 * processed, and it is part of a link-map
1581 				 * control list that is equivalent, or less,
1582 				 * than the filter control list, create an
1583 				 * association between the filter and filtee.
1584 				 * This association provides sufficient
1585 				 * information to tear down the filter and
1586 				 * filtee if necessary.
1587 				 */
1588 				if (nlmp && ghp && (CNTL(nlmp) <= CNTL(ilmp)) &&
1589 				    (hdl_add(ghp, ilmp, GPD_FILTER) == 0))
1590 					nlmp = 0;
1591 			}
1592 
1593 			/*
1594 			 * Generate a diagnostic if the filtee couldn't be
1595 			 * loaded, null out the pnode entry, and continue
1596 			 * the search.  Otherwise, retain this group handle
1597 			 * for future symbol searches.
1598 			 */
1599 			if (nlmp == 0) {
1600 				pnp->p_info = 0;
1601 				DBG_CALL(Dbg_file_filtee(0, filtee, audit));
1602 
1603 				if (ghp)
1604 					(void) dlclose_core(ghp, ilmp);
1605 
1606 				if (lmc) {
1607 					(void) lm_salvage(lml, 0, lmco);
1608 					remove_cntl(lml, lmco);
1609 					lmc = 0;
1610 				}
1611 				pnp->p_len = 0;
1612 				continue;
1613 			}
1614 		}
1615 
1616 		ghp = (Grp_hdl *)pnp->p_info;
1617 
1618 		/*
1619 		 * If we're just here to trigger filtee loading skip the symbol
1620 		 * lookup so we'll continue looking for additional filtees.
1621 		 */
1622 		if (name) {
1623 			Grp_desc	*gdp;
1624 			Sym		*sym = 0;
1625 			Aliste		off;
1626 			Slookup		sl = *slp;
1627 
1628 			sl.sl_flags |= LKUP_FIRST;
1629 			any++;
1630 
1631 			/*
1632 			 * Look for the symbol in the handles dependencies.
1633 			 */
1634 			for (ALIST_TRAVERSE(ghp->gh_depends, off, gdp)) {
1635 				if ((gdp->gd_flags & GPD_AVAIL) == 0)
1636 					continue;
1637 
1638 				/*
1639 				 * If our parent is a dependency don't look at
1640 				 * it (otherwise we are in a recursive loop).
1641 				 * This situation can occur with auxiliary
1642 				 * filters if the filtee has a dependency on the
1643 				 * filter.  This dependency isn't necessary as
1644 				 * auxiliary filters are opened RTLD_PARENT, but
1645 				 * users may still unknowingly add an explicit
1646 				 * dependency to the parent.
1647 				 */
1648 				if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1649 					continue;
1650 
1651 				if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp,
1652 				    binfo)) != 0) ||
1653 				    (ghp->gh_flags & GPH_FIRST))
1654 					break;
1655 			}
1656 
1657 			/*
1658 			 * If this filtee has just been loaded (nlmp != 0),
1659 			 * determine whether the filtee was triggered by a
1660 			 * relocation from an object that is still being
1661 			 * relocated on a leaf link-map control list.  As the
1662 			 * relocation of an object on this list might still
1663 			 * fail, we can't yet bind the filter to the filtee.
1664 			 * To do so, would be locking the filtee so that it
1665 			 * couldn't be deleted, and the filtee itself could have
1666 			 * bound to an object that must be torn down.  Insure
1667 			 * the caller isn't bound to the handle at this time.
1668 			 * Any association will be reestablished when the filter
1669 			 * is later referenced and the filtee has propagated to
1670 			 * the same link-map control list.
1671 			 */
1672 			if (nlmp && (CNTL(nlmp) > CNTL(ilmp))) {
1673 				remove_caller(ghp, ilmp);
1674 				pnp->p_info = 0;
1675 			}
1676 			if (sym) {
1677 				if (lmc)
1678 					remove_cntl(lml, lmco);
1679 
1680 				*binfo |= DBG_BINFO_FILTEE;
1681 				return (sym);
1682 			}
1683 		}
1684 
1685 		/*
1686 		 * If this object is tagged to terminate filtee processing we're
1687 		 * done.
1688 		 */
1689 		if (FLAGS1(ghp->gh_owner) & FL1_RT_ENDFILTE)
1690 			break;
1691 	}
1692 
1693 	if (lmc)
1694 		remove_cntl(lml, lmco);
1695 
1696 	/*
1697 	 * If we're just here to trigger filtee loading then we're done.
1698 	 */
1699 	if (name == 0)
1700 		return ((Sym *)0);
1701 
1702 	/*
1703 	 * If no filtees have been found for a filter, clean up any Pnode
1704 	 * structures and disable their search completely.  For auxiliary
1705 	 * filters we can reselect the symbol search function so that we never
1706 	 * enter this routine again for this object.  For standard filters we
1707 	 * use the null symbol routine.
1708 	 */
1709 	if (any == 0) {
1710 		remove_pnode((Pnode *)dip->di_info);
1711 		elf_disable_filtee(ilmp, dip);
1712 		return ((Sym *)0);
1713 	}
1714 
1715 	return ((Sym *)0);
1716 }
1717 
1718 /*
1719  * Focal point for disabling error messages for auxiliary filters.  As an
1720  * auxiliary filter allows for filtee use, but provides a fallback should a
1721  * filtee not exist (or fail to load), any errors generated as a consequence of
1722  * trying to load the filtees are typically suppressed.  Setting RT_FL_SILENCERR
1723  * suppresses errors generated by eprint(), but insures a debug diagnostic is
1724  * produced.  ldd(1) employs printf(), and here, the selection of whether to
1725  * print a diagnostic in regards to auxiliary filters is a little more complex.
1726  *
1727  *   .	The determination of whether to produce an ldd message, or a fatal
1728  *	error message is driven by LML_FLG_TRC_ENABLE.
1729  *   .	More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1730  *	(ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1731  *	and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1732  *
1733  *   .	If the calling object is lddstub, then several classes of message are
1734  *	suppressed.  The user isn't trying to diagnose lddstub, this is simply
1735  *	a stub executable employed to preload a user specified library against.
1736  *
1737  *   .	If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1738  *	be suppressed.  All detailed ldd messages should still be produced.
1739  */
1740 Sym *
1741 elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx)
1742 {
1743 	Sym	*sym;
1744 	Dyninfo	*dip = &DYNINFO(slp->sl_imap)[ndx];
1745 	int	silent = 0;
1746 
1747 	/*
1748 	 * Make sure this entry is still acting as a filter.  We may have tried
1749 	 * to process this previously, and disabled it if the filtee couldn't
1750 	 * be processed.  However, other entries may provide different filtees
1751 	 * that are yet to be completed.
1752 	 */
1753 	if (dip->di_flags == 0)
1754 		return ((Sym *)0);
1755 
1756 	/*
1757 	 * Indicate whether an error message is required should this filtee not
1758 	 * be found, based on the type of filter.
1759 	 */
1760 	if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1761 	    ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1762 		rtld_flags |= RT_FL_SILENCERR;
1763 		silent = 1;
1764 	}
1765 
1766 	sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx);
1767 
1768 	if (silent)
1769 		rtld_flags &= ~RT_FL_SILENCERR;
1770 
1771 	return (sym);
1772 }
1773 
1774 /*
1775  * Compute the elf hash value (as defined in the ELF access library).
1776  * The form of the hash table is:
1777  *
1778  *	|--------------|
1779  *	| # of buckets |
1780  *	|--------------|
1781  *	| # of chains  |
1782  *	|--------------|
1783  *	|   bucket[]   |
1784  *	|--------------|
1785  *	|   chain[]    |
1786  *	|--------------|
1787  */
1788 ulong_t
1789 elf_hash(const char *name)
1790 {
1791 	uint_t	hval = 0;
1792 
1793 	while (*name) {
1794 		uint_t	g;
1795 		hval = (hval << 4) + *name++;
1796 		if ((g = (hval & 0xf0000000)) != 0)
1797 			hval ^= g >> 24;
1798 		hval &= ~g;
1799 	}
1800 	return ((ulong_t)hval);
1801 }
1802 
1803 /*
1804  * If flag argument has LKUP_SPEC set, we treat undefined symbols of type
1805  * function specially in the executable - if they have a value, even though
1806  * undefined, we use that value.  This allows us to associate all references
1807  * to a function's address to a single place in the process: the plt entry
1808  * for that function in the executable.  Calls to lookup from plt binding
1809  * routines do NOT set LKUP_SPEC in the flag.
1810  */
1811 Sym *
1812 elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo)
1813 {
1814 	const char	*name = slp->sl_name;
1815 	Rt_map		*ilmp = slp->sl_imap;
1816 	ulong_t		hash = slp->sl_hash;
1817 	uint_t		ndx, htmp, buckets, *chainptr;
1818 	Sym		*sym, *symtabptr;
1819 	char		*strtabptr, *strtabname;
1820 	uint_t		flags1;
1821 	Syminfo		*sip;
1822 
1823 	DBG_CALL(Dbg_syms_lookup(name, NAME(ilmp), MSG_ORIG(MSG_STR_ELF)));
1824 
1825 	if (HASH(ilmp) == 0)
1826 		return ((Sym *)0);
1827 
1828 	buckets = HASH(ilmp)[0];
1829 	/* LINTED */
1830 	htmp = (uint_t)hash % buckets;
1831 
1832 	/*
1833 	 * Get the first symbol on hash chain and initialize the string
1834 	 * and symbol table pointers.
1835 	 */
1836 	if ((ndx = HASH(ilmp)[htmp + 2]) == 0)
1837 		return ((Sym *)0);
1838 
1839 	chainptr = HASH(ilmp) + 2 + buckets;
1840 	strtabptr = STRTAB(ilmp);
1841 	symtabptr = SYMTAB(ilmp);
1842 
1843 	while (ndx) {
1844 		sym = symtabptr + ndx;
1845 		strtabname = strtabptr + sym->st_name;
1846 
1847 		/*
1848 		 * Compare the symbol found with the name required.  If the
1849 		 * names don't match continue with the next hash entry.
1850 		 */
1851 		if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1852 			if ((ndx = chainptr[ndx]) != 0)
1853 				continue;
1854 			return ((Sym *)0);
1855 		}
1856 
1857 		/*
1858 		 * If we find a match and the symbol is defined, return the
1859 		 * symbol pointer and the link map in which it was found.
1860 		 */
1861 		if (sym->st_shndx != SHN_UNDEF) {
1862 			*dlmp = ilmp;
1863 			*binfo |= DBG_BINFO_FOUND;
1864 			if (FLAGS(ilmp) & FLG_RT_INTRPOSE)
1865 				*binfo |= DBG_BINFO_INTERPOSE;
1866 			if (slp->sl_flags & LKUP_SELF)
1867 				return (sym);
1868 			break;
1869 
1870 		/*
1871 		 * If we find a match and the symbol is undefined, the
1872 		 * symbol type is a function, and the value of the symbol
1873 		 * is non zero, then this is a special case.  This allows
1874 		 * the resolution of a function address to the plt[] entry.
1875 		 * See SPARC ABI, Dynamic Linking, Function Addresses for
1876 		 * more details.
1877 		 */
1878 		} else if ((slp->sl_flags & (LKUP_SPEC | LKUP_SELF)) &&
1879 		    (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1880 		    (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1881 			*dlmp = ilmp;
1882 			*binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1883 			if (FLAGS(ilmp) & FLG_RT_INTRPOSE)
1884 				*binfo |= DBG_BINFO_INTERPOSE;
1885 			return (sym);
1886 		}
1887 
1888 		/*
1889 		 * Undefined symbol.
1890 		 */
1891 		if (slp->sl_flags & LKUP_SELF)
1892 			return (sym);
1893 
1894 		return ((Sym *)0);
1895 	}
1896 
1897 	/*
1898 	 * We've found a match.  Determine if the defining object contains
1899 	 * symbol binding information.
1900 	 */
1901 	if ((sip = SYMINFO(ilmp)) != 0)
1902 		/* LINTED */
1903 		sip = (Syminfo *)((char *)sip + (ndx * SYMINENT(ilmp)));
1904 
1905 	/*
1906 	 * If this is a direct binding request, but the symbol definition has
1907 	 * disabled directly binding to it (presumably because the symbol
1908 	 * definition has been changed since the referring object was built),
1909 	 * indicate this failure so that the caller can fall back to a standard
1910 	 * symbol search.  Clear any debug binding information for cleanliness.
1911 	 */
1912 	if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1913 	    (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1914 		*binfo |= BINFO_DIRECTDIS;
1915 		*binfo &= ~DBG_BINFO_MSK;
1916 		return ((Sym *)0);
1917 	}
1918 
1919 	/*
1920 	 * Determine whether this object is acting as a filter.
1921 	 */
1922 	if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1923 		return (sym);
1924 
1925 	/*
1926 	 * Determine if this object offers per-symbol filtering, and if so,
1927 	 * whether this symbol references a filtee.
1928 	 */
1929 	if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1930 		/*
1931 		 * If this is a standard filter reference, and no standard
1932 		 * filtees remain to be inspected, we're done.  If this is an
1933 		 * auxiliary filter reference, and no auxiliary filtees remain,
1934 		 * we'll fall through in case any object filtering is available.
1935 		 */
1936 		if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1937 		    (SYMSFLTRCNT(ilmp) == 0))
1938 			return ((Sym *)0);
1939 
1940 		if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1941 		    ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1942 		    SYMAFLTRCNT(ilmp))) {
1943 			Sym *	fsym;
1944 
1945 			/*
1946 			 * This symbol has an associated filtee.  Lookup the
1947 			 * symbol in the filtee, and if it is found return it.
1948 			 * If the symbol doesn't exist, and this is a standard
1949 			 * filter, return an error, otherwise fall through to
1950 			 * catch any object filtering that may be available.
1951 			 */
1952 			if ((fsym = elf_lookup_filtee(slp, dlmp, binfo,
1953 			    sip->si_boundto)) != 0)
1954 				return (fsym);
1955 			if (sip->si_flags & SYMINFO_FLG_FILTER)
1956 				return ((Sym *)0);
1957 		}
1958 	}
1959 
1960 	/*
1961 	 * Determine if this object provides global filtering.
1962 	 */
1963 	if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1964 		Sym *	fsym;
1965 
1966 		if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1967 			/*
1968 			 * This object has an associated filtee.  Lookup the
1969 			 * symbol in the filtee, and if it is found return it.
1970 			 * If the symbol doesn't exist, and this is a standard
1971 			 * filter, return and error, otherwise return the symbol
1972 			 * within the filter itself.
1973 			 */
1974 			if ((fsym = elf_lookup_filtee(slp, dlmp, binfo,
1975 			    OBJFLTRNDX(ilmp))) != 0)
1976 				return (fsym);
1977 		}
1978 
1979 		if (flags1 & FL1_RT_OBJSFLTR)
1980 			return ((Sym *)0);
1981 	}
1982 	return (sym);
1983 }
1984 
1985 /*
1986  * Create a new Rt_map structure for an ELF object and initialize
1987  * all values.
1988  */
1989 Rt_map *
1990 elf_new_lm(Lm_list *lml, const char *pname, const char *oname, Dyn *ld,
1991     ulong_t addr, ulong_t etext, Aliste lmco, ulong_t msize, ulong_t entry,
1992     ulong_t paddr, ulong_t padimsize, Mmap *mmaps, uint_t mmapcnt)
1993 {
1994 	Rt_map		*lmp;
1995 	ulong_t		base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1996 	Xword		rpath = 0;
1997 	Ehdr		*ehdr = (Ehdr *)addr;
1998 
1999 	DBG_CALL(Dbg_file_elf(pname, (ulong_t)ld, addr, msize, entry,
2000 	    get_linkmap_id(lml), lmco));
2001 
2002 	/*
2003 	 * Allocate space for the link-map and private elf information.  Once
2004 	 * these are allocated and initialized, we can use remove_so(0, lmp) to
2005 	 * tear down the link-map should any failures occur.
2006 	 */
2007 	if ((lmp = calloc(sizeof (Rt_map), 1)) == 0)
2008 		return (0);
2009 	if ((ELFPRV(lmp) = calloc(sizeof (Rt_elfp), 1)) == 0) {
2010 		free(lmp);
2011 		return (0);
2012 	}
2013 
2014 	/*
2015 	 * All fields not filled in were set to 0 by calloc.
2016 	 */
2017 	ORIGNAME(lmp) = PATHNAME(lmp) = NAME(lmp) = (char *)pname;
2018 	DYN(lmp) = ld;
2019 	ADDR(lmp) = addr;
2020 	MSIZE(lmp) = msize;
2021 	ENTRY(lmp) = (Addr)entry;
2022 	SYMINTP(lmp) = elf_find_sym;
2023 	ETEXT(lmp) = etext;
2024 	FCT(lmp) = &elf_fct;
2025 	LIST(lmp) = lml;
2026 	PADSTART(lmp) = paddr;
2027 	PADIMLEN(lmp) = padimsize;
2028 	THREADID(lmp) = rt_thr_self();
2029 	OBJFLTRNDX(lmp) = FLTR_DISABLED;
2030 	SORTVAL(lmp) = -1;
2031 
2032 	MMAPS(lmp) = mmaps;
2033 	MMAPCNT(lmp) = mmapcnt;
2034 	ASSERT(mmapcnt != 0);
2035 
2036 	/*
2037 	 * If this is a shared object, add the base address to each address.
2038 	 * if this is an executable, use address as is.
2039 	 */
2040 	if (ehdr->e_type == ET_EXEC) {
2041 		base = 0;
2042 		FLAGS(lmp) |= FLG_RT_FIXED;
2043 	} else
2044 		base = addr;
2045 
2046 	/*
2047 	 * Fill in rest of the link map entries with information from the file's
2048 	 * dynamic structure.
2049 	 */
2050 	if (ld) {
2051 		uint_t	dyncnt = 0;
2052 		Xword	pltpadsz = 0;
2053 		void	*rtldinfo;
2054 
2055 		/* CSTYLED */
2056 		for ( ; ld->d_tag != DT_NULL; ++ld, dyncnt++) {
2057 			switch ((Xword)ld->d_tag) {
2058 			case DT_SYMTAB:
2059 				SYMTAB(lmp) = (void *)(ld->d_un.d_ptr + base);
2060 				break;
2061 			case DT_STRTAB:
2062 				STRTAB(lmp) = (void *)(ld->d_un.d_ptr + base);
2063 				break;
2064 			case DT_SYMENT:
2065 				SYMENT(lmp) = ld->d_un.d_val;
2066 				break;
2067 			case DT_FEATURE_1:
2068 				ld->d_un.d_val |= DTF_1_PARINIT;
2069 				if (ld->d_un.d_val & DTF_1_CONFEXP)
2070 					crle = 1;
2071 				break;
2072 			case DT_MOVESZ:
2073 				MOVESZ(lmp) = ld->d_un.d_val;
2074 				FLAGS(lmp) |= FLG_RT_MOVE;
2075 				break;
2076 			case DT_MOVEENT:
2077 				MOVEENT(lmp) = ld->d_un.d_val;
2078 				break;
2079 			case DT_MOVETAB:
2080 				MOVETAB(lmp) = (void *)(ld->d_un.d_ptr + base);
2081 				break;
2082 			case DT_REL:
2083 			case DT_RELA:
2084 				/*
2085 				 * At this time we can only handle 1 type of
2086 				 * relocation per object.
2087 				 */
2088 				REL(lmp) = (void *)(ld->d_un.d_ptr + base);
2089 				break;
2090 			case DT_RELSZ:
2091 			case DT_RELASZ:
2092 				RELSZ(lmp) = ld->d_un.d_val;
2093 				break;
2094 			case DT_RELENT:
2095 			case DT_RELAENT:
2096 				RELENT(lmp) = ld->d_un.d_val;
2097 				break;
2098 			case DT_RELCOUNT:
2099 			case DT_RELACOUNT:
2100 				RELACOUNT(lmp) = (uint_t)ld->d_un.d_val;
2101 				break;
2102 			case DT_TEXTREL:
2103 				FLAGS1(lmp) |= FL1_RT_TEXTREL;
2104 				break;
2105 			case DT_HASH:
2106 				HASH(lmp) = (uint_t *)(ld->d_un.d_ptr + base);
2107 				break;
2108 			case DT_PLTGOT:
2109 				PLTGOT(lmp) = (uint_t *)(ld->d_un.d_ptr + base);
2110 				break;
2111 			case DT_PLTRELSZ:
2112 				PLTRELSZ(lmp) = ld->d_un.d_val;
2113 				break;
2114 			case DT_JMPREL:
2115 				JMPREL(lmp) = (void *)(ld->d_un.d_ptr + base);
2116 				break;
2117 			case DT_INIT:
2118 				INIT(lmp) = (void (*)())(ld->d_un.d_ptr + base);
2119 				break;
2120 			case DT_FINI:
2121 				FINI(lmp) = (void (*)())(ld->d_un.d_ptr + base);
2122 				break;
2123 			case DT_INIT_ARRAY:
2124 				INITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr +
2125 				    base);
2126 				break;
2127 			case DT_INIT_ARRAYSZ:
2128 				INITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val;
2129 				break;
2130 			case DT_FINI_ARRAY:
2131 				FINIARRAY(lmp) = (Addr *)(ld->d_un.d_ptr +
2132 				    base);
2133 				break;
2134 			case DT_FINI_ARRAYSZ:
2135 				FINIARRAYSZ(lmp) = (uint_t)ld->d_un.d_val;
2136 				break;
2137 			case DT_PREINIT_ARRAY:
2138 				PREINITARRAY(lmp) = (Addr *)(ld->d_un.d_ptr +
2139 				    base);
2140 				break;
2141 			case DT_PREINIT_ARRAYSZ:
2142 				PREINITARRAYSZ(lmp) = (uint_t)ld->d_un.d_val;
2143 				break;
2144 			case DT_RPATH:
2145 			case DT_RUNPATH:
2146 				rpath = ld->d_un.d_val;
2147 				break;
2148 			case DT_FILTER:
2149 				fltr = ld->d_un.d_val;
2150 				OBJFLTRNDX(lmp) = dyncnt;
2151 				FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
2152 				break;
2153 			case DT_AUXILIARY:
2154 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
2155 					fltr = ld->d_un.d_val;
2156 					OBJFLTRNDX(lmp) = dyncnt;
2157 				}
2158 				FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
2159 				break;
2160 			case DT_SUNW_FILTER:
2161 				SYMSFLTRCNT(lmp)++;
2162 				FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
2163 				break;
2164 			case DT_SUNW_AUXILIARY:
2165 				if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
2166 					SYMAFLTRCNT(lmp)++;
2167 				}
2168 				FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
2169 				break;
2170 			case DT_DEPAUDIT:
2171 				if (!(rtld_flags & RT_FL_NOAUDIT))
2172 					audit = ld->d_un.d_val;
2173 				break;
2174 			case DT_CONFIG:
2175 				cfile = ld->d_un.d_val;
2176 				break;
2177 			case DT_DEBUG:
2178 				/*
2179 				 * DT_DEBUG entries are only created in
2180 				 * dynamic objects that require an interpretor
2181 				 * (ie. all dynamic executables and some shared
2182 				 * objects), and provide for a hand-shake with
2183 				 * debuggers.  This entry is initialized to
2184 				 * zero by the link-editor.  If a debugger has
2185 				 * us and updated this entry set the debugger
2186 				 * flag, and finish initializing the debugging
2187 				 * structure (see setup() also).  Switch off any
2188 				 * configuration object use as most debuggers
2189 				 * can't handle fixed dynamic executables as
2190 				 * dependencies, and we can't handle requests
2191 				 * like object padding for alternative objects.
2192 				 */
2193 				if (ld->d_un.d_ptr)
2194 					rtld_flags |=
2195 					    (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
2196 				ld->d_un.d_ptr = (Addr)&r_debug;
2197 				break;
2198 			case DT_VERNEED:
2199 				VERNEED(lmp) = (Verneed *)(ld->d_un.d_ptr +
2200 				    base);
2201 				break;
2202 			case DT_VERNEEDNUM:
2203 				/* LINTED */
2204 				VERNEEDNUM(lmp) = (int)ld->d_un.d_val;
2205 				break;
2206 			case DT_VERDEF:
2207 				VERDEF(lmp) = (Verdef *)(ld->d_un.d_ptr + base);
2208 				break;
2209 			case DT_VERDEFNUM:
2210 				/* LINTED */
2211 				VERDEFNUM(lmp) = (int)ld->d_un.d_val;
2212 				break;
2213 			case DT_BIND_NOW:
2214 				if ((ld->d_un.d_val & DF_BIND_NOW) &&
2215 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2216 					MODE(lmp) |= RTLD_NOW;
2217 					MODE(lmp) &= ~RTLD_LAZY;
2218 				}
2219 				break;
2220 			case DT_FLAGS:
2221 				if (ld->d_un.d_val & DF_SYMBOLIC)
2222 					FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
2223 				if (ld->d_un.d_val & DF_TEXTREL)
2224 					FLAGS1(lmp) |= FL1_RT_TEXTREL;
2225 				if ((ld->d_un.d_val & DF_BIND_NOW) &&
2226 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2227 					MODE(lmp) |= RTLD_NOW;
2228 					MODE(lmp) &= ~RTLD_LAZY;
2229 				}
2230 				break;
2231 			case DT_FLAGS_1:
2232 				if (ld->d_un.d_val & DF_1_DISPRELPND)
2233 					FLAGS1(lmp) |= FL1_RT_DISPREL;
2234 				if (ld->d_un.d_val & DF_1_GROUP)
2235 					FLAGS(lmp) |=
2236 					    (FLG_RT_SETGROUP | FLG_RT_HANDLE);
2237 				if ((ld->d_un.d_val & DF_1_NOW) &&
2238 				    ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2239 					MODE(lmp) |= RTLD_NOW;
2240 					MODE(lmp) &= ~RTLD_LAZY;
2241 				}
2242 				if (ld->d_un.d_val & DF_1_NODELETE)
2243 					MODE(lmp) |= RTLD_NODELETE;
2244 				if (ld->d_un.d_val & DF_1_INITFIRST)
2245 					FLAGS(lmp) |= FLG_RT_INITFRST;
2246 				if (ld->d_un.d_val & DF_1_NOOPEN)
2247 					FLAGS(lmp) |= FLG_RT_NOOPEN;
2248 				if (ld->d_un.d_val & DF_1_LOADFLTR)
2249 					FLAGS(lmp) |= FLG_RT_LOADFLTR;
2250 				if (ld->d_un.d_val & DF_1_NODUMP)
2251 					FLAGS(lmp) |= FLG_RT_NODUMP;
2252 				if (ld->d_un.d_val & DF_1_CONFALT)
2253 					crle = 1;
2254 				if (ld->d_un.d_val & DF_1_DIRECT)
2255 					FLAGS(lmp) |= FLG_RT_DIRECT;
2256 				if (ld->d_un.d_val & DF_1_NODEFLIB)
2257 					FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2258 				if (ld->d_un.d_val & DF_1_ENDFILTEE)
2259 					FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2260 				if (ld->d_un.d_val & DF_1_TRANS)
2261 					FLAGS(lmp) |= FLG_RT_TRANS;
2262 #ifndef	EXPAND_RELATIVE
2263 				if (ld->d_un.d_val & DF_1_ORIGIN)
2264 					FLAGS1(lmp) |= FL1_RT_RELATIVE;
2265 #endif
2266 				/*
2267 				 * If this object identifies itself as an
2268 				 * interposer, but relocation processing has
2269 				 * already started, then demote it.  It's too
2270 				 * late to guarantee complete interposition.
2271 				 */
2272 				if (ld->d_un.d_val & DF_1_INTERPOSE) {
2273 				    if ((lml->lm_flags & LML_FLG_STARTREL) == 0)
2274 					FLAGS(lmp) |= FLG_RT_INTRPOSE;
2275 				    else {
2276 					DBG_CALL(Dbg_util_intoolate(NAME(lmp)));
2277 					if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2278 					    (void) printf(
2279 						MSG_INTL(MSG_LDD_REL_ERR2),
2280 						NAME(lmp));
2281 				    }
2282 				}
2283 				break;
2284 			case DT_SYMINFO:
2285 				SYMINFO(lmp) = (Syminfo *)(ld->d_un.d_ptr +
2286 				    base);
2287 				break;
2288 			case DT_SYMINENT:
2289 				SYMINENT(lmp) = ld->d_un.d_val;
2290 				break;
2291 			case DT_PLTPAD:
2292 				PLTPAD(lmp) = (void *)(ld->d_un.d_ptr + base);
2293 				break;
2294 			case DT_PLTPADSZ:
2295 				pltpadsz = ld->d_un.d_val;
2296 				break;
2297 			case DT_SUNW_RTLDINF:
2298 				if ((lml->lm_info_lmp != 0) &&
2299 				    (lml->lm_info_lmp != lmp)) {
2300 					DBG_CALL(Dbg_unused_rtldinfo(
2301 						NAME(lmp),
2302 						NAME(lml->lm_info_lmp)));
2303 					break;
2304 				}
2305 				lml->lm_info_lmp = lmp;
2306 				rtldinfo = (void *)(ld->d_un.d_ptr + base);
2307 
2308 				/*
2309 				 * We maintain a list of DT_SUNW_RTLDINFO
2310 				 * structures for a given object.  This permits
2311 				 * the RTLDINFO structures to be grouped
2312 				 * functionly inside of a shared object.
2313 				 *
2314 				 * For example, we could have one for
2315 				 * thread_init, and another for atexit
2316 				 * reservations.
2317 				 */
2318 				if (alist_append(&lml->lm_rtldinfo, &rtldinfo,
2319 				    sizeof (void *), AL_CNT_RTLDINFO) == 0) {
2320 					remove_so(0, lmp);
2321 					return (0);
2322 				}
2323 				break;
2324 			case DT_DEPRECATED_SPARC_REGISTER:
2325 			case M_DT_REGISTER:
2326 				FLAGS(lmp) |= FLG_RT_REGSYMS;
2327 				break;
2328 			case M_DT_PLTRESERVE:
2329 				PLTRESERVE(lmp) = (void *)(ld->d_un.d_ptr +
2330 				    base);
2331 				break;
2332 			}
2333 		}
2334 
2335 
2336 		if (PLTPAD(lmp)) {
2337 			if (pltpadsz == (Xword)0)
2338 				PLTPAD(lmp) = 0;
2339 			else
2340 				PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2341 				    pltpadsz);
2342 		}
2343 
2344 		/*
2345 		 * Allocate Dynamic Info structure
2346 		 */
2347 		if ((DYNINFO(lmp) = calloc((size_t)dyncnt,
2348 		    sizeof (Dyninfo))) == 0) {
2349 			remove_so(0, lmp);
2350 			return (0);
2351 		}
2352 		DYNINFOCNT(lmp) = dyncnt;
2353 	}
2354 
2355 	/*
2356 	 * If configuration file use hasn't been disabled, and a configuration
2357 	 * file hasn't already been set via an environment variable, see if any
2358 	 * application specific configuration file is specified.  An LD_CONFIG
2359 	 * setting is used first, but if this image was generated via crle(1)
2360 	 * then a default configuration file is a fall-back.
2361 	 */
2362 	if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == 0)) {
2363 		if (cfile)
2364 			config->c_name = (const char *)(cfile +
2365 			    (char *)STRTAB(lmp));
2366 		else if (crle) {
2367 			rtld_flags |= RT_FL_CONFAPP;
2368 #ifndef	EXPAND_RELATIVE
2369 			FLAGS1(lmp) |= FL1_RT_RELATIVE;
2370 #endif
2371 		}
2372 	}
2373 
2374 	if (rpath)
2375 		RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2376 	if (fltr) {
2377 		/*
2378 		 * If this object is a global filter, duplicate the filtee
2379 		 * string name(s) so that REFNAME() is available in core files.
2380 		 * This cludge was useful for debuggers at one point, but only
2381 		 * when the filtee name was an individual full path.
2382 		 */
2383 		if ((REFNAME(lmp) = strdup(fltr + (char *)STRTAB(lmp))) == 0) {
2384 			remove_so(0, lmp);
2385 			return (0);
2386 		}
2387 	}
2388 
2389 	if (rtld_flags & RT_FL_RELATIVE)
2390 		FLAGS1(lmp) |= FL1_RT_RELATIVE;
2391 
2392 	/*
2393 	 * For Intel ABI compatibility.  It's possible that a JMPREL can be
2394 	 * specified without any other relocations (e.g. a dynamic executable
2395 	 * normally only contains .plt relocations).  If this is the case then
2396 	 * no REL, RELSZ or RELENT will have been created.  For us to be able
2397 	 * to traverse the .plt relocations under LD_BIND_NOW we need to know
2398 	 * the RELENT for these relocations.  Refer to elf_reloc() for more
2399 	 * details.
2400 	 */
2401 	if (!RELENT(lmp) && JMPREL(lmp))
2402 		RELENT(lmp) = sizeof (Rel);
2403 
2404 	/*
2405 	 * Establish any per-object auditing.  If we're establishing `main's
2406 	 * link-map its too early to go searching for audit objects so just
2407 	 * hold the object name for later (see setup()).
2408 	 */
2409 	if (audit) {
2410 		char	*cp = audit + (char *)STRTAB(lmp);
2411 
2412 		if (*cp) {
2413 			if (((AUDITORS(lmp) =
2414 			    calloc(1, sizeof (Audit_desc))) == 0) ||
2415 			    ((AUDITORS(lmp)->ad_name = strdup(cp)) == 0)) {
2416 				remove_so(0, lmp);
2417 				return (0);
2418 			}
2419 			if (lml_main.lm_head) {
2420 				if (audit_setup(lmp, AUDITORS(lmp), 0) == 0) {
2421 					remove_so(0, lmp);
2422 					return (0);
2423 				}
2424 				FLAGS1(lmp) |= AUDITORS(lmp)->ad_flags;
2425 				lml->lm_flags |= LML_FLG_LOCAUDIT;
2426 			}
2427 		}
2428 	}
2429 
2430 	if ((CONDVAR(lmp) = rt_cond_create()) == 0) {
2431 		remove_so(0, lmp);
2432 		return (0);
2433 	}
2434 	if (oname && ((append_alias(lmp, oname, 0)) == 0)) {
2435 		remove_so(0, lmp);
2436 		return (0);
2437 	}
2438 
2439 	/*
2440 	 * Add the mapped object to the end of the link map list.
2441 	 */
2442 	lm_append(lml, lmco, lmp);
2443 	return (lmp);
2444 }
2445 
2446 /*
2447  * Assign hardware/software capabilities.
2448  */
2449 void
2450 cap_assign(Cap *cap, Rt_map *lmp)
2451 {
2452 	while (cap->c_tag != CA_SUNW_NULL) {
2453 		switch (cap->c_tag) {
2454 		case CA_SUNW_HW_1:
2455 			HWCAP(lmp) = cap->c_un.c_val;
2456 			break;
2457 		case CA_SUNW_SF_1:
2458 			SFCAP(lmp) = cap->c_un.c_val;
2459 		}
2460 		cap++;
2461 	}
2462 }
2463 
2464 /*
2465  * Map in an ELF object.
2466  * Takes an open file descriptor for the object to map and its pathname; returns
2467  * a pointer to a Rt_map structure for this object, or 0 on error.
2468  */
2469 static Rt_map *
2470 elf_map_so(Lm_list *lml, Aliste lmco, const char *pname, const char *oname,
2471     int fd)
2472 {
2473 	int		i; 		/* general temporary */
2474 	Off		memsize = 0;	/* total memory size of pathname */
2475 	Off		mentry;		/* entry point */
2476 	Ehdr		*ehdr;		/* ELF header of ld.so */
2477 	Phdr		*phdr;		/* first Phdr in file */
2478 	Phdr		*phdr0;		/* Saved first Phdr in file */
2479 	Phdr		*pptr;		/* working Phdr */
2480 	Phdr		*fph = 0;	/* first loadable Phdr */
2481 	Phdr		*lph;		/* last loadable Phdr */
2482 	Phdr		*lfph = 0;	/* last loadable (filesz != 0) Phdr */
2483 	Phdr		*lmph = 0;	/* last loadable (memsz != 0) Phdr */
2484 	Phdr		*swph = 0;	/* program header for SUNWBSS */
2485 	Phdr		*tlph = 0;	/* program header for PT_TLS */
2486 	Phdr		*unwindph = 0;	/* program header for PT_SUNW_UNWIND */
2487 	Cap		*cap = 0;	/* program header for SUNWCAP */
2488 	Dyn		*mld = 0;	/* DYNAMIC structure for pathname */
2489 	size_t		size;		/* size of elf and program headers */
2490 	caddr_t		faddr = 0;	/* mapping address of pathname */
2491 	Rt_map		*lmp;		/* link map created */
2492 	caddr_t		paddr;		/* start of padded image */
2493 	Off		plen;		/* size of image including padding */
2494 	Half		etype;
2495 	int		fixed;
2496 	Mmap		*mmaps;
2497 	uint_t		mmapcnt = 0;
2498 	Xword		align = 0;
2499 
2500 	/* LINTED */
2501 	ehdr = (Ehdr *)fmap->fm_maddr;
2502 
2503 	/*
2504 	 * If this a relocatable object then special processing is required.
2505 	 */
2506 	if ((etype = ehdr->e_type) == ET_REL)
2507 		return (elf_obj_file(lml, lmco, pname, fd));
2508 
2509 	/*
2510 	 * If this isn't a dynamic executable or shared object we can't process
2511 	 * it.  If this is a dynamic executable then all addresses are fixed.
2512 	 */
2513 	if (etype == ET_EXEC)
2514 		fixed = 1;
2515 	else if (etype == ET_DYN)
2516 		fixed = 0;
2517 	else {
2518 		eprintf(ERR_ELF, MSG_INTL(MSG_GEN_BADTYPE), pname,
2519 		    conv_etype_str(etype));
2520 		return (0);
2521 	}
2522 
2523 	/*
2524 	 * If our original mapped page was not large enough to hold all the
2525 	 * program headers remap them.
2526 	 */
2527 	size = (size_t)((char *)ehdr->e_phoff +
2528 		(ehdr->e_phnum * ehdr->e_phentsize));
2529 	if (size > fmap->fm_fsize) {
2530 		eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), pname);
2531 		return (0);
2532 	}
2533 	if (size > fmap->fm_msize) {
2534 		fmap_setup();
2535 		if ((fmap->fm_maddr = mmap(fmap->fm_maddr, size, PROT_READ,
2536 		    fmap->fm_mflags, fd, 0)) == MAP_FAILED) {
2537 			int	err = errno;
2538 			eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MMAP), pname,
2539 			    strerror(err));
2540 			return (0);
2541 		}
2542 		fmap->fm_msize = size;
2543 		/* LINTED */
2544 		ehdr = (Ehdr *)fmap->fm_maddr;
2545 	}
2546 	/* LINTED */
2547 	phdr0 = phdr = (Phdr *)((char *)ehdr + ehdr->e_ehsize);
2548 
2549 	/*
2550 	 * Get entry point.
2551 	 */
2552 	mentry = ehdr->e_entry;
2553 
2554 	/*
2555 	 * Point at program headers and perform some basic validation.
2556 	 */
2557 	for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++,
2558 	    pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) {
2559 		if ((pptr->p_type == PT_LOAD) ||
2560 		    (pptr->p_type == PT_SUNWBSS)) {
2561 
2562 			if (fph == 0) {
2563 				fph = pptr;
2564 			/* LINTED argument lph is initialized in first pass */
2565 			} else if (pptr->p_vaddr <= lph->p_vaddr) {
2566 				eprintf(ERR_ELF, MSG_INTL(MSG_GEN_INVPRGHDR),
2567 				    pname);
2568 				return (0);
2569 			}
2570 
2571 			lph = pptr;
2572 
2573 			if (pptr->p_memsz)
2574 				lmph = pptr;
2575 			if (pptr->p_filesz)
2576 				lfph = pptr;
2577 			if (pptr->p_type == PT_SUNWBSS)
2578 				swph = pptr;
2579 			if (pptr->p_align > align)
2580 				align = pptr->p_align;
2581 
2582 		} else if (pptr->p_type == PT_DYNAMIC)
2583 			mld = (Dyn *)(pptr->p_vaddr);
2584 		else if (pptr->p_type == PT_TLS)
2585 			tlph = pptr;
2586 		else if (pptr->p_type == PT_SUNWCAP)
2587 			cap = (Cap *)(pptr->p_vaddr);
2588 		else if (pptr->p_type == PT_SUNW_UNWIND)
2589 			unwindph = pptr;
2590 	}
2591 
2592 #if defined(MAP_ALIGN)
2593 	/*
2594 	 * Make sure the maximum page alignment is a power of 2 >= the system
2595 	 * page size, for use with MAP_ALIGN.
2596 	 */
2597 	align = M_PROUND(align);
2598 #endif
2599 
2600 	/*
2601 	 * We'd better have at least one loadable segment, together with some
2602 	 * specified file and memory size.
2603 	 */
2604 	if ((fph == 0) || (lmph == 0) || (lfph == 0)) {
2605 		eprintf(ERR_ELF, MSG_INTL(MSG_GEN_NOLOADSEG), pname);
2606 		return (0);
2607 	}
2608 
2609 	/*
2610 	 * Check that the files size accounts for the loadable sections
2611 	 * we're going to map in (failure to do this may cause spurious
2612 	 * bus errors if we're given a truncated file).
2613 	 */
2614 	if (fmap->fm_fsize < ((size_t)lfph->p_offset + lfph->p_filesz)) {
2615 		eprintf(ERR_FATAL, MSG_INTL(MSG_GEN_CORTRUNC), pname);
2616 		return (0);
2617 	}
2618 
2619 	/*
2620 	 * Memsize must be page rounded so that if we add object padding
2621 	 * at the end it will start at the beginning of a page.
2622 	 */
2623 	plen = memsize = M_PROUND((lmph->p_vaddr + lmph->p_memsz) -
2624 	    M_PTRUNC((ulong_t)fph->p_vaddr));
2625 
2626 	/*
2627 	 * Determine if an existing mapping is acceptable.
2628 	 */
2629 	if (interp && (lml->lm_flags & LML_FLG_BASELM) &&
2630 	    (strcmp(pname, interp->i_name) == 0)) {
2631 		/*
2632 		 * If this is the interpreter then it has already been mapped
2633 		 * and we have the address so don't map it again.  Note that
2634 		 * the common occurrence of a reference to the interpretor
2635 		 * (libdl -> ld.so.1) will have been caught during filter
2636 		 * initialization (see elf_lookup_filtee()).  However, some
2637 		 * ELF implementations are known to record libc.so.1 as the
2638 		 * interpretor, and thus this test catches this behavior.
2639 		 */
2640 		paddr = faddr = interp->i_faddr;
2641 
2642 	} else if ((fixed == 0) && (r_debug.rtd_objpad == 0) &&
2643 	    (memsize <= fmap->fm_msize) && ((fph->p_flags & PF_W) == 0) &&
2644 	    (fph->p_filesz == fph->p_memsz) &&
2645 	    (((Xword)fmap->fm_maddr % align) == 0)) {
2646 		/*
2647 		 * If the mapping required has already been established from
2648 		 * the initial page we don't need to do anything more.  Reset
2649 		 * the fmap address so then any later files start a new fmap.
2650 		 * This is really an optimization for filters, such as libdl.so,
2651 		 * which should only require one page.
2652 		 */
2653 		paddr = faddr = fmap->fm_maddr;
2654 		fmap->fm_maddr = 0;
2655 		fmap_setup();
2656 	}
2657 
2658 	/*
2659 	 * Allocate a mapping array to retain mapped segment information.
2660 	 */
2661 	if ((mmaps = calloc(ehdr->e_phnum, sizeof (Mmap))) == 0)
2662 		return (0);
2663 
2664 	/*
2665 	 * If we're reusing an existing mapping determine the objects etext
2666 	 * address.  Otherwise map the file (which will calculate the etext
2667 	 * address as part of the mapping process).
2668 	 */
2669 	if (faddr) {
2670 		caddr_t	base;
2671 
2672 		if (fixed)
2673 			base = 0;
2674 		else
2675 			base = faddr;
2676 
2677 		/* LINTED */
2678 		phdr0 = phdr = (Phdr *)((char *)faddr + ehdr->e_ehsize);
2679 
2680 		for (i = 0, pptr = phdr; i < (int)ehdr->e_phnum; i++,
2681 		    pptr = (Phdr *)((Off)pptr + ehdr->e_phentsize)) {
2682 			if (pptr->p_type != PT_LOAD)
2683 				continue;
2684 
2685 			mmaps[mmapcnt].m_vaddr = (pptr->p_vaddr + base);
2686 			mmaps[mmapcnt].m_msize = pptr->p_memsz;
2687 			mmaps[mmapcnt].m_fsize = pptr->p_filesz;
2688 			mmaps[mmapcnt].m_perm = (PROT_READ | PROT_EXEC);
2689 			mmapcnt++;
2690 
2691 			if (!(pptr->p_flags & PF_W)) {
2692 				fmap->fm_etext = (ulong_t)pptr->p_vaddr +
2693 				    (ulong_t)pptr->p_memsz +
2694 				    (ulong_t)(fixed ? 0 : faddr);
2695 			}
2696 		}
2697 	} else {
2698 		/*
2699 		 * Map the file.
2700 		 */
2701 		if (!(faddr = elf_map_it(pname, memsize, ehdr, fph, lph,
2702 		    &phdr, &paddr, &plen, fixed, fd, align, mmaps, &mmapcnt)))
2703 			return (0);
2704 	}
2705 
2706 	/*
2707 	 * Calculate absolute base addresses and entry points.
2708 	 */
2709 	if (!fixed) {
2710 		if (mld)
2711 			/* LINTED */
2712 			mld = (Dyn *)((Off)mld + faddr);
2713 		if (cap)
2714 			/* LINTED */
2715 			cap = (Cap *)((Off)cap + faddr);
2716 		mentry += (Off)faddr;
2717 	}
2718 
2719 	/*
2720 	 * Create new link map structure for newly mapped shared object.
2721 	 */
2722 	if (!(lmp = elf_new_lm(lml, pname, oname, mld, (ulong_t)faddr,
2723 	    fmap->fm_etext, lmco, memsize, mentry, (ulong_t)paddr, plen, mmaps,
2724 	    mmapcnt))) {
2725 		(void) munmap((caddr_t)faddr, memsize);
2726 		return (0);
2727 	}
2728 
2729 	/*
2730 	 * Start the system loading in the ELF information we'll be processing.
2731 	 */
2732 	if (REL(lmp)) {
2733 		(void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2734 		    (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2735 		    MADV_WILLNEED);
2736 	}
2737 
2738 	/*
2739 	 * If this shared object contains a any special segments, record them.
2740 	 */
2741 	if (swph) {
2742 		FLAGS(lmp) |= FLG_RT_SUNWBSS;
2743 		SUNWBSS(lmp) = phdr + (swph - phdr0);
2744 	}
2745 	if (tlph) {
2746 		PTTLS(lmp) = phdr + (tlph - phdr0);
2747 		tls_assign_soffset(lmp);
2748 	}
2749 
2750 	if (unwindph)
2751 		PTUNWIND(lmp) = phdr + (unwindph - phdr0);
2752 
2753 	if (cap)
2754 		cap_assign(cap, lmp);
2755 
2756 	return (lmp);
2757 }
2758 
2759 
2760 /*
2761  * Function to correct protection settings.  Segments are all mapped initially
2762  * with permissions as given in the segment header.  We need to turn on write
2763  * permissions on a text segment if there are any relocations against that
2764  * segment, and them turn write permission back off again before returning
2765  * control to the user.  This function turns the permission on or off depending
2766  * on the value of the argument.
2767  */
2768 int
2769 elf_set_prot(Rt_map * lmp, int permission)
2770 {
2771 	Mmap	*mmaps;
2772 
2773 	/*
2774 	 * If this is an allocated image (ie. a relocatable object) we can't
2775 	 * mprotect() anything.
2776 	 */
2777 	if (FLAGS(lmp) & FLG_RT_IMGALLOC)
2778 		return (1);
2779 
2780 	DBG_CALL(Dbg_file_prot(NAME(lmp), permission));
2781 
2782 	for (mmaps = MMAPS(lmp); mmaps->m_vaddr; mmaps++) {
2783 		if (mmaps->m_perm & PROT_WRITE)
2784 			continue;
2785 
2786 		if (mprotect(mmaps->m_vaddr, mmaps->m_msize,
2787 		    (mmaps->m_perm | permission)) == -1) {
2788 			int	err = errno;
2789 			eprintf(ERR_FATAL, MSG_INTL(MSG_SYS_MPROT),
2790 			    NAME(lmp), strerror(err));
2791 			return (0);
2792 		}
2793 	}
2794 	return (1);
2795 }
2796 
2797 /*
2798  * Build full pathname of shared object from given directory name and filename.
2799  */
2800 static char *
2801 elf_get_so(const char *dir, const char *file)
2802 {
2803 	static char	pname[PATH_MAX];
2804 
2805 	(void) snprintf(pname, PATH_MAX, MSG_ORIG(MSG_FMT_PATH), dir, file);
2806 	return (pname);
2807 }
2808 
2809 /*
2810  * The copy relocation is recorded in a copy structure which will be applied
2811  * after all other relocations are carried out.  This provides for copying data
2812  * that must be relocated itself (ie. pointers in shared objects).  This
2813  * structure also provides a means of binding RTLD_GROUP dependencies to any
2814  * copy relocations that have been taken from any group members.
2815  *
2816  * If the size of the .bss area available for the copy information is not the
2817  * same as the source of the data inform the user if we're under ldd(1) control
2818  * (this checking was only established in 5.3, so by only issuing an error via
2819  * ldd(1) we maintain the standard set by previous releases).
2820  */
2821 int
2822 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2823     Rt_map *dlmp, const void *dadd)
2824 {
2825 	Rel_copy	rc;
2826 	Lm_list		*lml = LIST(rlmp);
2827 
2828 	rc.r_name = name;
2829 	rc.r_rsym = rsym;		/* the new reference symbol and its */
2830 	rc.r_rlmp = rlmp;		/*	associated link-map */
2831 	rc.r_dlmp = dlmp;		/* the defining link-map */
2832 	rc.r_dsym = dsym;		/* the original definition */
2833 	rc.r_radd = radd;
2834 	rc.r_dadd = dadd;
2835 
2836 	if (rsym->st_size > dsym->st_size)
2837 		rc.r_size = (size_t)dsym->st_size;
2838 	else
2839 		rc.r_size = (size_t)rsym->st_size;
2840 
2841 	if (alist_append(&COPY(dlmp), &rc, sizeof (Rel_copy),
2842 	    AL_CNT_COPYREL) == 0) {
2843 		if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2844 			return (0);
2845 		else
2846 			return (1);
2847 	}
2848 	if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2849 		if (alist_append(&COPY(rlmp), &dlmp,
2850 		    sizeof (Rt_map *), AL_CNT_COPYREL) == 0) {
2851 			if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2852 				return (0);
2853 			else
2854 				return (1);
2855 		}
2856 		FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2857 	}
2858 
2859 	/*
2860 	 * If we are tracing (ldd), warn the user if
2861 	 *	1) the size from the reference symbol differs from the
2862 	 *	   copy definition. We can only copy as much data as the
2863 	 *	   reference (dynamic executables) entry allows.
2864 	 *	2) the copy definition has STV_PROTECTED visibility.
2865 	 */
2866 	if (lml->lm_flags & LML_FLG_TRC_WARN) {
2867 		if (rsym->st_size != dsym->st_size) {
2868 			(void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2869 			    _conv_reloc_type_str(M_R_COPY), demangle(name),
2870 			    NAME(rlmp), EC_XWORD(rsym->st_size),
2871 			    NAME(dlmp), EC_XWORD(dsym->st_size));
2872 			if (rsym->st_size > dsym->st_size)
2873 				(void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2874 				    NAME(dlmp));
2875 			else
2876 				(void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2877 				    NAME(rlmp));
2878 		}
2879 
2880 		if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2881 			(void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2882 			    _conv_reloc_type_str(M_R_COPY), demangle(name),
2883 				NAME(dlmp));
2884 		}
2885 	}
2886 
2887 	DBG_CALL(Dbg_reloc_apply((Xword)radd, (Xword)rc.r_size));
2888 	return (1);
2889 }
2890 
2891 /*
2892  * Determine the symbol location of an address within a link-map.  Look for
2893  * the nearest symbol (whose value is less than or equal to the required
2894  * address).  This is the object specific part of dladdr().
2895  */
2896 static void
2897 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2898 {
2899 	ulong_t		ndx, cnt, base, _value;
2900 	Sym		*sym, *_sym;
2901 	const char	*str;
2902 
2903 	/*
2904 	 * If we don't have a .hash table there are no symbols to look at.
2905 	 */
2906 	if (HASH(lmp) == 0)
2907 		return;
2908 
2909 	cnt = HASH(lmp)[1];
2910 	str = STRTAB(lmp);
2911 	sym = SYMTAB(lmp);
2912 
2913 	if (FLAGS(lmp) & FLG_RT_FIXED)
2914 		base = 0;
2915 	else
2916 		base = ADDR(lmp);
2917 
2918 	for (_sym = 0, _value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2919 		ulong_t	value;
2920 
2921 		if (sym->st_shndx == SHN_UNDEF)
2922 			continue;
2923 
2924 		value = sym->st_value + base;
2925 		if (value > addr)
2926 			continue;
2927 		if (value < _value)
2928 			continue;
2929 
2930 		_sym = sym;
2931 		_value = value;
2932 
2933 		/*
2934 		 * Note, because we accept local and global symbols we could
2935 		 * find a section symbol that matches the associated address,
2936 		 * which means that the symbol name will be null.  In this
2937 		 * case continue the search in case we can find a global
2938 		 * symbol of the same value.
2939 		 */
2940 		if ((value == addr) &&
2941 		    (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2942 			break;
2943 	}
2944 
2945 	if (_sym) {
2946 		int	_flags = flags & RTLD_DL_MASK;
2947 
2948 		if (_flags == RTLD_DL_SYMENT)
2949 			*info = (void *)_sym;
2950 		else if (_flags == RTLD_DL_LINKMAP)
2951 			*info = (void *)lmp;
2952 
2953 		dlip->dli_sname = str + _sym->st_name;
2954 		dlip->dli_saddr = (void *)_value;
2955 	}
2956 }
2957 
2958 static void
2959 elf_lazy_cleanup(Alist * alp)
2960 {
2961 	Rt_map **	lmpp;
2962 	Aliste		off;
2963 
2964 	/*
2965 	 * Cleanup any link-maps added to this dynamic list and free it.
2966 	 */
2967 	for (ALIST_TRAVERSE(alp, off, lmpp))
2968 		FLAGS(*lmpp) &= ~FLG_RT_DLSYM;
2969 	free(alp);
2970 }
2971 
2972 /*
2973  * This routine is called upon to search for a symbol from the dependencies of
2974  * the initial link-map.  To maintain lazy loadings goal of reducing the number
2975  * of objects mapped, any symbol search is first carried out using the objects
2976  * that already exist in the process (either on a link-map list or handle).
2977  * If a symbol can't be found, and lazy dependencies are still pending, this
2978  * routine loads the dependencies in an attempt to locate the symbol.
2979  *
2980  * Only new objects are inspected as we will have already inspected presently
2981  * loaded objects before calling this routine.  However, a new object may not
2982  * be new - although the di_lmp might be zero, the object may have been mapped
2983  * as someone elses dependency.  Thus there's a possibility of some symbol
2984  * search duplication.
2985  */
2986 
2987 Sym *
2988 elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo)
2989 {
2990 	Sym		*sym = 0;
2991 	Alist *		alist = 0;
2992 	Aliste		off;
2993 	Rt_map **	lmpp, *	lmp = slp->sl_imap;
2994 	const char	*name = slp->sl_name;
2995 
2996 	if (alist_append(&alist, &lmp, sizeof (Rt_map *), AL_CNT_LAZYFIND) == 0)
2997 		return (0);
2998 	FLAGS(lmp) |= FLG_RT_DLSYM;
2999 
3000 	for (ALIST_TRAVERSE(alist, off, lmpp)) {
3001 		uint_t	cnt = 0;
3002 		Slookup	sl = *slp;
3003 		Dyninfo	*dip;
3004 
3005 		/*
3006 		 * Loop through the DT_NEEDED entries examining each object for
3007 		 * the symbol.  If the symbol is not found the object is in turn
3008 		 * added to the alist, so that its DT_NEEDED entires may be
3009 		 * examined.
3010 		 */
3011 		lmp = *lmpp;
3012 		for (dip = DYNINFO(lmp); cnt < DYNINFOCNT(lmp); cnt++, dip++) {
3013 			Rt_map *nlmp;
3014 
3015 			if (((dip->di_flags & FLG_DI_NEEDED) == 0) ||
3016 			    dip->di_info)
3017 				continue;
3018 
3019 			/*
3020 			 * If this entry defines a lazy dependency try loading
3021 			 * it.  If the file can't be loaded, consider this
3022 			 * non-fatal and continue the search (lazy loaded
3023 			 * dependencies need not exist and their loading should
3024 			 * only be fatal if called from a relocation).
3025 			 *
3026 			 * If the file is already loaded and relocated we must
3027 			 * still inspect it for symbols, even though it might
3028 			 * have already been searched.  This lazy load operation
3029 			 * might have promoted the permissions of the object,
3030 			 * and thus made the object applicable for this symbol
3031 			 * search, whereas before the object might have been
3032 			 * skipped.
3033 			 */
3034 			if ((nlmp = elf_lazy_load(lmp, cnt, name)) == 0)
3035 				continue;
3036 
3037 			/*
3038 			 * If this object isn't yet a part of the dynamic list
3039 			 * then inspect it for the symbol.  If the symbol isn't
3040 			 * found add the object to the dynamic list so that we
3041 			 * can inspect its dependencies.
3042 			 */
3043 			if (FLAGS(nlmp) & FLG_RT_DLSYM)
3044 				continue;
3045 
3046 			sl.sl_imap = nlmp;
3047 			if (sym = LM_LOOKUP_SYM(sl.sl_cmap)(&sl, _lmp, binfo))
3048 				break;
3049 
3050 			/*
3051 			 * Some dlsym() operations are already traversing a
3052 			 * link-map (dlopen(0)), and thus there's no need to
3053 			 * build our own dynamic dependency list.
3054 			 */
3055 			if ((sl.sl_flags & LKUP_NODESCENT) == 0) {
3056 				if (alist_append(&alist, &nlmp,
3057 				    sizeof (Rt_map *), AL_CNT_LAZYFIND) == 0) {
3058 					elf_lazy_cleanup(alist);
3059 					return (0);
3060 				}
3061 				FLAGS(nlmp) |= FLG_RT_DLSYM;
3062 			}
3063 		}
3064 		if (sym)
3065 			break;
3066 	}
3067 
3068 	elf_lazy_cleanup(alist);
3069 	return (sym);
3070 }
3071 
3072 /*
3073  * Warning message for bad r_offset.
3074  */
3075 void
3076 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
3077     ulong_t rsymndx)
3078 {
3079 	const char	*name = (char *)0;
3080 	int		trace;
3081 
3082 	if ((LIST(lmp)->lm_flags & LML_FLG_TRC_ENABLE) &&
3083 	    (((rtld_flags & RT_FL_SILENCERR) == 0) ||
3084 	    (LIST(lmp)->lm_flags & LML_FLG_TRC_VERBOSE)))
3085 		trace = 1;
3086 	else
3087 		trace = 0;
3088 
3089 	if ((trace == 0) && (dbg_mask == 0))
3090 		return;
3091 
3092 	if (rsymndx) {
3093 		Sym	*symref = (Sym *)((ulong_t)SYMTAB(lmp) +
3094 				(rsymndx * SYMENT(lmp)));
3095 
3096 		if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
3097 			name = (char *)(STRTAB(lmp) + symref->st_name);
3098 	}
3099 
3100 	if (name == 0)
3101 		name = MSG_ORIG(MSG_STR_EMPTY);
3102 
3103 	if (trace) {
3104 		const char *rstr;
3105 
3106 		rstr = _conv_reloc_type_str((uint_t)rtype);
3107 		(void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
3108 		    EC_ADDR(roffset));
3109 		return;
3110 	}
3111 
3112 	Dbg_reloc_error(M_MACH, M_REL_SHT_TYPE, rel, name,
3113 		MSG_ORIG(MSG_REL_BADROFFSET));
3114 }
3115