1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /* 27 * Copyright (c) 1988 AT&T 28 * All Rights Reserved 29 */ 30 31 /* 32 * Run time linker common setup. 33 * 34 * Called from _setup to get the process going at startup. 35 */ 36 37 #include <stdlib.h> 38 #include <fcntl.h> 39 #include <stdio.h> 40 #include <sys/types.h> 41 #include <sys/stat.h> 42 #include <sys/mman.h> 43 #include <string.h> 44 #include <unistd.h> 45 #include <dlfcn.h> 46 #include <sys/sysconfig.h> 47 #include <sys/auxv.h> 48 #include <debug.h> 49 #include <conv.h> 50 #include "_rtld.h" 51 #include "_audit.h" 52 #include "_elf.h" 53 #include "_a.out.h" 54 #include "msg.h" 55 56 57 extern int _end, _edata, _etext; 58 extern void _init(void); 59 extern int _brk_unlocked(void *); 60 61 #ifndef SGS_PRE_UNIFIED_PROCESS 62 /* needed for _brk_unlocked() */ 63 void *_nd = &_end; 64 #endif 65 66 /* 67 * Counters that are incremented every time an object is mapped/unmapped. 68 * 69 * Note that exec() will usually map 2 objects before we receive control, 70 * but this can be 1 if ld.so.1 is executed directly. We count one of these 71 * here, and add another as necessary in setup(). 72 */ 73 u_longlong_t cnt_map = 1; 74 u_longlong_t cnt_unmap = 0; 75 76 77 /* 78 * Define for the executable's interpreter. 79 * Usually it is ld.so.1, but for the first release of ICL binaries 80 * it is libc.so.1. We keep this information so that we don't end 81 * up mapping libc twice if it is the interpreter. 82 */ 83 static Interp _interp; 84 85 /* 86 * LD_PRELOAD objects. 87 */ 88 static int 89 preload(const char *str, Rt_map *mlmp, Rt_map **clmp) 90 { 91 Alist *palp = NULL; 92 char *objs, *ptr, *next; 93 Word lmflags = lml_main.lm_flags; 94 int lddstub; 95 96 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 97 98 if ((objs = strdup(str)) == NULL) 99 return (0); 100 101 /* 102 * Determine if we've been called from lddstub. 103 */ 104 lddstub = (lmflags & LML_FLG_TRC_ENABLE) && 105 (FLAGS1(*clmp) & FL1_RT_LDDSTUB); 106 107 108 for (ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); 109 ptr != NULL; 110 ptr = strtok_r(NULL, MSG_ORIG(MSG_STR_DELIMIT), &next)) { 111 Rt_map *nlmp = NULL; 112 uint_t flags; 113 114 DBG_CALL(Dbg_file_preload(&lml_main, ptr)); 115 116 /* 117 * Establish the flags for loading each object. If we're 118 * called via lddstub, then the first preloaded object is the 119 * object being inspected by ldd(1). This object should not be 120 * marked as an interposer, as this object is intended to act 121 * as the target object of the process. 122 */ 123 if (lddstub) 124 flags = FLG_RT_PRELOAD; 125 else 126 flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); 127 128 /* 129 * If this a secure application, then preload errors are 130 * reduced to warnings, as the errors are non-fatal. 131 */ 132 if (rtld_flags & RT_FL_SECURE) 133 rtld_flags2 |= RT_FL2_FTL2WARN; 134 if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED, 135 PD_FLG_EXTLOAD, 0) != 0) 136 nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp, 137 MODE(mlmp), flags, 0, NULL); 138 remove_alist(&palp, 0); 139 if (rtld_flags & RT_FL_SECURE) 140 rtld_flags2 &= ~RT_FL2_FTL2WARN; 141 if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0)) 142 nlmp = NULL; 143 144 if (lddstub && nlmp) { 145 lddstub = 0; 146 147 /* 148 * Fabricate a binding between the target shared object 149 * and lddstub so that the target object isn't called 150 * out from unused() processing. 151 */ 152 if (lmflags & 153 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) { 154 if (bind_one(*clmp, nlmp, BND_REFER) == 0) 155 nlmp = NULL; 156 } 157 158 /* 159 * By identifying lddstub as the caller, several 160 * confusing ldd() diagnostics get suppressed. These 161 * diagnostics would reveal how the target shared object 162 * was found from lddstub. Now that the real target is 163 * loaded, identify the target as the caller so that all 164 * ldd() diagnostics are enabled for subsequent objects. 165 */ 166 if (nlmp) 167 *clmp = nlmp; 168 } 169 170 /* 171 * If no error occurred with loading this object, indicate that 172 * this link-map list contains an interposer. 173 */ 174 if (nlmp == NULL) { 175 if ((lmflags & LML_FLG_TRC_ENABLE) || 176 (rtld_flags & RT_FL_SECURE)) 177 continue; 178 else 179 return (0); 180 } 181 if (flags & FLG_RT_OBJINTPO) 182 lml_main.lm_flags |= LML_FLG_INTRPOSE; 183 184 } 185 186 free(palp); 187 free(objs); 188 return (1); 189 } 190 191 Rt_map * 192 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, 193 char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr, 194 char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid, 195 void *aoutdyn, int auxflags, uint_t hwcap_1) 196 { 197 Rt_map *rlmp, *mlmp, *clmp, **tobj = NULL; 198 Ehdr *ehdr; 199 rtld_stat_t status; 200 int features = 0, ldsoexec = 0; 201 size_t eaddr, esize; 202 char *str, *argvname; 203 Word lmflags; 204 mmapobj_result_t *mpp; 205 Fdesc fdr = { 0 }, fdm = { 0 }; 206 Rej_desc rej = { 0 }; 207 APlist *ealp = NULL; 208 209 /* 210 * Now that ld.so has relocated itself, initialize our own 'environ' so 211 * as to establish an address suitable for any libc requirements. 212 */ 213 _environ = (char **)((ulong_t)auxv - sizeof (char *)); 214 _init(); 215 _environ = envp; 216 217 /* 218 * Establish a base time. Total time diagnostics start from entering 219 * ld.so.1 here, however the base time is reset each time the ld.so.1 220 * is re-entered. Note also, there will be a large time associated 221 * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1 222 * and establishing the liblddbg infrastructure takes some time. 223 */ 224 (void) gettimeofday(&DBG_TOTALTIME, NULL); 225 DBG_DELTATIME = DBG_TOTALTIME; 226 227 /* 228 * Determine how ld.so.1 has been executed. 229 */ 230 if ((fd == -1) && (phdr == NULL)) { 231 /* 232 * If we received neither the AT_EXECFD nor the AT_PHDR aux 233 * vector, ld.so.1 must have been invoked directly from the 234 * command line. 235 */ 236 ldsoexec = 1; 237 238 /* 239 * AT_SUN_EXECNAME provides the most precise name, if it is 240 * available, otherwise fall back to argv[0]. At this time, 241 * there is no process name. 242 */ 243 if (execname) 244 rtldname = execname; 245 else if (argv[0]) 246 rtldname = argv[0]; 247 else 248 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 249 } else { 250 /* 251 * Otherwise, we have a standard process. AT_SUN_EXECNAME 252 * provides the most precise name, if it is available, 253 * otherwise fall back to argv[0]. Provided the application 254 * is already mapped, the process is the application, so 255 * simplify the application name for use in any diagnostics. 256 */ 257 if (execname) 258 argvname = execname; 259 else if (argv[0]) 260 argvname = execname = argv[0]; 261 else 262 argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 263 264 if (fd == -1) { 265 if ((str = strrchr(argvname, '/')) != NULL) 266 procname = ++str; 267 else 268 procname = argvname; 269 } 270 271 /* 272 * At this point, we don't know the runtime linkers full path 273 * name. The _rtldname passed to us is the SONAME of the 274 * runtime linker, which is typically /lib/ld.so.1 no matter 275 * what the full path is. Use this for now, we'll reset the 276 * runtime linkers name once the application is analyzed. 277 */ 278 if (_rtldname) { 279 if ((str = strrchr(_rtldname, '/')) != NULL) 280 rtldname = ++str; 281 else 282 rtldname = _rtldname; 283 } else 284 rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); 285 286 /* exec() brought in two objects for us. Count the second one */ 287 cnt_map++; 288 } 289 290 /* 291 * Initialize any global variables. 292 */ 293 at_flags = _flags; 294 295 if ((org_scapset->sc_plat = _platform) != NULL) 296 org_scapset->sc_platsz = strlen(_platform); 297 298 if (org_scapset->sc_plat == NULL) 299 platform_name(org_scapset); 300 if (org_scapset->sc_mach == NULL) 301 machine_name(org_scapset); 302 303 /* 304 * If pagesize is unspecified find its value. 305 */ 306 if ((syspagsz = _syspagsz) == 0) 307 syspagsz = _sysconfig(_CONFIG_PAGESIZE); 308 309 /* 310 * Add the unused portion of the last data page to the free space list. 311 * The page size must be set before doing this. Here, _end refers to 312 * the end of the runtime linkers bss. Note that we do not use the 313 * unused data pages from any included .so's to supplement this free 314 * space as badly behaved .os's may corrupt this data space, and in so 315 * doing ruin our data. 316 */ 317 eaddr = S_DROUND((size_t)&_end); 318 esize = eaddr % syspagsz; 319 if (esize) { 320 esize = syspagsz - esize; 321 addfree((void *)eaddr, esize); 322 } 323 324 /* 325 * Establish initial link-map list flags, and link-map list alists. 326 */ 327 if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl), 328 AL_CNT_LMLISTS) == NULL) 329 return (0); 330 lml_main.lm_flags |= LML_FLG_BASELM; 331 lml_main.lm_lmid = LM_ID_BASE; 332 lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); 333 334 if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl), 335 AL_CNT_LMLISTS) == NULL) 336 return (0); 337 lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_HOLDLOCK); 338 lml_rtld.lm_tflags |= LML_TFLG_NOAUDIT; 339 lml_rtld.lm_lmid = LM_ID_LDSO; 340 lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); 341 342 /* 343 * Determine whether we have a secure executable. 344 */ 345 security(uid, euid, gid, egid, auxflags); 346 347 /* 348 * Make an initial pass of environment variables to pick off those 349 * related to locale processing. At the same time, collect and save 350 * any LD_XXXX variables for later processing. Note that this later 351 * processing will be skipped if ld.so.1 is invoked from the command 352 * line with -e LD_NOENVIRON. 353 */ 354 if (envp && (readenv_user((const char **)envp, &ealp) == 1)) 355 return (0); 356 357 /* 358 * If ld.so.1 has been invoked directly, process its arguments. 359 */ 360 if (ldsoexec) { 361 /* 362 * Process any arguments that are specific to ld.so.1, and 363 * reorganize the process stack to effectively remove ld.so.1 364 * from the stack. Reinitialize the environment pointer, as 365 * this pointer may have been shifted after skipping ld.so.1's 366 * arguments. 367 */ 368 if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), 369 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { 370 eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); 371 return (0); 372 } 373 _environ = envp; 374 375 /* 376 * Open the object that ld.so.1 is to execute. 377 */ 378 argvname = execname = argv[0]; 379 380 if ((fd = open(argvname, O_RDONLY)) == -1) { 381 int err = errno; 382 eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), 383 argvname, strerror(err)); 384 return (0); 385 } 386 } 387 388 /* 389 * Having processed any ld.so.1 command line options, return to process 390 * any LD_XXXX environment variables. 391 */ 392 if (ealp) { 393 if (((rtld_flags & RT_FL_NOENVIRON) == 0) && 394 (procenv_user(ealp, &(lml_main.lm_flags), 395 &(lml_main.lm_tflags), (aoutdyn != 0)) == 1)) 396 return (0); 397 free(ealp); 398 } 399 400 /* 401 * Initialize a hardware capability descriptor for use in comparing 402 * each loaded object. The aux vector must provide AF_SUN_HWCAPVERIFY, 403 * as prior to this setting any hardware capabilities that were found 404 * could not be relied upon. 405 */ 406 if (auxflags & AF_SUN_HWCAPVERIFY) { 407 rtld_flags2 |= RT_FL2_HWCAP; 408 org_scapset->sc_hw_1 = (Xword)hwcap_1; 409 } 410 411 /* 412 * Create a mapping descriptor for ld.so.1. We can determine our 413 * two segments information from known symbols. 414 */ 415 if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL) 416 return (0); 417 mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base); 418 mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr; 419 mpp[0].mr_fsize = mpp[0].mr_msize; 420 mpp[0].mr_prot = (PROT_READ | PROT_EXEC); 421 422 mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug); 423 mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr; 424 mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr; 425 mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC); 426 427 if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL) 428 return (0); 429 if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr, 430 (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base), 431 NULL, NULL, NULL)) == NULL) 432 return (0); 433 434 MMAPS(rlmp) = mpp; 435 MMAPCNT(rlmp) = 2; 436 PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr; 437 PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr + 438 (ulong_t)mpp[1].mr_msize; 439 440 MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 441 FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | 442 FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); 443 444 /* 445 * Initialize the runtime linkers information. 446 */ 447 interp = &_interp; 448 interp->i_name = (char *)rtldname; 449 interp->i_faddr = (caddr_t)ADDR(rlmp); 450 ldso_plt_init(rlmp); 451 452 /* 453 * Map in the file, if exec has not already done so, or if the file 454 * was passed as an argument to an explicit execution of ld.so.1 from 455 * the command line. 456 */ 457 if (fd != -1) { 458 /* 459 * Map the file. Once the object is mapped we no longer need 460 * the file descriptor. 461 */ 462 (void) rtld_fstat(fd, &status); 463 fdm.fd_oname = argvname; 464 fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname, 465 fd, &rej); 466 (void) close(fd); 467 468 if (fdm.fd_ftp == NULL) { 469 Conv_reject_desc_buf_t rej_buf; 470 471 eprintf(&lml_main, ERR_FATAL, 472 MSG_INTL(err_reject[rej.rej_type]), argvname, 473 conv_reject_desc(&rej, &rej_buf, M_MACH)); 474 return (0); 475 } 476 477 /* 478 * Finish processing the loading of the file. 479 */ 480 if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL) 481 return (0); 482 fdm.fd_dev = status.st_dev; 483 fdm.fd_ino = status.st_ino; 484 485 if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, NULL, &fdm, 486 NULL)) == NULL) 487 return (0); 488 489 /* 490 * We now have a process name for error diagnostics. 491 */ 492 if ((str = strrchr(argvname, '/')) != NULL) 493 procname = ++str; 494 else 495 procname = argvname; 496 497 if (ldsoexec) { 498 mmapobj_result_t *mpp = MMAPS(mlmp); 499 uint_t mnum, mapnum = MMAPCNT(mlmp); 500 void *brkbase = NULL; 501 502 /* 503 * Since ld.so.1 was the primary executed object - the 504 * brk() base has not yet been initialized, we need to 505 * initialize it. For an executable, initialize it to 506 * the end of the object. For a shared object (ET_DYN) 507 * initialize it to the first page in memory. 508 */ 509 for (mnum = 0; mnum < mapnum; mnum++, mpp++) 510 brkbase = mpp->mr_addr + mpp->mr_msize; 511 512 if (brkbase == NULL) 513 brkbase = (void *)syspagsz; 514 515 if (_brk_unlocked(brkbase) == -1) { 516 int err = errno; 517 518 eprintf(&lml_main, ERR_FATAL, 519 MSG_INTL(MSG_SYS_BRK), argvname, 520 strerror(err)); 521 return (0); 522 } 523 } 524 } else { 525 /* 526 * Set up function ptr and arguments according to the type 527 * of file class the executable is. (Currently only supported 528 * types are ELF and a.out format.) Then create a link map 529 * for the executable. 530 */ 531 if (aoutdyn) { 532 #ifdef A_OUT 533 mmapobj_result_t *mpp; 534 535 /* 536 * Create a mapping structure sufficient to describe 537 * a single two segments. The ADDR() of the a.out is 538 * established as 0, which is required but the AOUT 539 * relocation code. 540 */ 541 if ((mpp = 542 calloc(sizeof (mmapobj_result_t), 2)) == NULL) 543 return (0); 544 545 if ((fdm.fd_nname = 546 stravl_insert(execname, 0, 0, 0)) == NULL) 547 return (0); 548 if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA, 549 &fdm, 0, 0, aoutdyn, NULL, NULL)) == NULL) 550 return (0); 551 552 /* 553 * Establish the true mapping information for the a.out. 554 */ 555 if (aout_get_mmap(&lml_main, mpp)) { 556 free(mpp); 557 return (0); 558 } 559 560 MSIZE(mlmp) = 561 (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) - 562 S_ALIGN((size_t)mpp[0].mr_addr, syspagsz); 563 MMAPS(mlmp) = mpp; 564 MMAPCNT(mlmp) = 2; 565 PADSTART(mlmp) = (ulong_t)mpp->mr_addr; 566 PADIMLEN(mlmp) = mpp->mr_msize; 567 568 /* 569 * Disable any object configuration cache (BCP apps 570 * bring in sbcp which can benefit from any object 571 * cache, but both the app and sbcp can't use the same 572 * objects). 573 */ 574 rtld_flags |= RT_FL_NOOBJALT; 575 576 /* 577 * Make sure no-direct bindings are in effect. 578 */ 579 lml_main.lm_tflags |= LML_TFLG_NODIRECT; 580 #else 581 eprintf(&lml_main, ERR_FATAL, 582 MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); 583 return (0); 584 #endif 585 } else if (phdr) { 586 Phdr *pptr; 587 Off i_offset = 0; 588 Addr base = 0; 589 ulong_t phsize; 590 mmapobj_result_t *mpp, *fmpp, *hmpp = NULL; 591 uint_t mapnum = 0; 592 int i; 593 size_t msize; 594 595 /* 596 * Using the executables phdr address determine the base 597 * address of the input file. NOTE, this assumes the 598 * program headers and elf header are part of the same 599 * mapped segment. Although this has held for many 600 * years now, it might be more flexible if the kernel 601 * gave use the ELF headers start address, rather than 602 * the Program headers. 603 * 604 * Determine from the ELF header if we're been called 605 * from a shared object or dynamic executable. If the 606 * latter, then any addresses within the object are used 607 * as is. Addresses within shared objects must be added 608 * to the process's base address. 609 */ 610 ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); 611 phsize = ehdr->e_phentsize; 612 if (ehdr->e_type == ET_DYN) 613 base = (Addr)ehdr; 614 615 /* 616 * Allocate a mapping array to retain mapped segment 617 * information. 618 */ 619 if ((fmpp = mpp = calloc(ehdr->e_phnum, 620 sizeof (mmapobj_result_t))) == NULL) 621 return (0); 622 623 /* 624 * Extract the needed information from the segment 625 * headers. 626 */ 627 for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { 628 if (pptr->p_type == PT_INTERP) { 629 i_offset = pptr->p_offset; 630 interp->i_faddr = 631 (caddr_t)interp_base; 632 } 633 if ((pptr->p_type == PT_LOAD) && 634 (pptr->p_filesz || pptr->p_memsz)) { 635 int perm = (PROT_READ | PROT_EXEC); 636 size_t off; 637 638 if (i_offset && pptr->p_filesz && 639 (i_offset >= pptr->p_offset) && 640 (i_offset <= 641 (pptr->p_memsz + pptr->p_offset))) { 642 interp->i_name = (char *) 643 pptr->p_vaddr + i_offset - 644 pptr->p_offset + base; 645 i_offset = 0; 646 } 647 648 if (pptr->p_flags & PF_W) 649 perm |= PROT_WRITE; 650 651 /* 652 * Retain segments mapping info. Round 653 * each segment to a page boundary, as 654 * this insures addresses are suitable 655 * for mprotect() if required. 656 */ 657 off = pptr->p_vaddr + base; 658 if (hmpp == NULL) { 659 hmpp = mpp; 660 mpp->mr_addr = (caddr_t)ehdr; 661 } else 662 mpp->mr_addr = (caddr_t)off; 663 664 off -= (size_t)(uintptr_t)mpp->mr_addr; 665 mpp->mr_msize = pptr->p_memsz + off; 666 mpp->mr_fsize = pptr->p_filesz + off; 667 mpp->mr_prot = perm; 668 669 mpp++, mapnum++; 670 } 671 672 pptr = (Phdr *)((ulong_t)pptr + phsize); 673 } 674 675 mpp--; 676 msize = (size_t)(mpp->mr_addr + mpp->mr_msize) - 677 S_ALIGN((size_t)fmpp->mr_addr, syspagsz); 678 679 if ((fdm.fd_nname = 680 stravl_insert(execname, 0, 0, 0)) == NULL) 681 return (0); 682 if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA, 683 &fdm, (Addr)hmpp->mr_addr, msize, 684 NULL, NULL, NULL)) == NULL) 685 return (0); 686 687 MMAPS(mlmp) = fmpp; 688 MMAPCNT(mlmp) = mapnum; 689 PADSTART(mlmp) = (ulong_t)fmpp->mr_addr; 690 PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr + 691 (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize; 692 } 693 } 694 695 /* 696 * Establish the interpretors name as that defined within the initial 697 * object (executable). This provides for ORIGIN processing of ld.so.1 698 * dependencies. Note, the NAME() of the object remains that which was 699 * passed to us as the SONAME on execution. 700 */ 701 if (ldsoexec == 0) { 702 size_t len = strlen(interp->i_name); 703 704 if (expand(&interp->i_name, &len, 0, 0, 705 (PD_TKN_ISALIST | PD_TKN_CAP), rlmp) & PD_TKN_RESOLVED) 706 fdr.fd_flags |= FLG_FD_RESOLVED; 707 } 708 fdr.fd_pname = interp->i_name; 709 (void) fullpath(rlmp, &fdr); 710 711 /* 712 * The runtime linker acts as a filtee for various dl*() functions that 713 * are defined in libc (and libdl). Make sure this standard name for 714 * the runtime linker is also registered in the FullPathNode AVL tree. 715 */ 716 (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0); 717 718 /* 719 * Having established the true runtime linkers name, simplify the name 720 * for error diagnostics. 721 */ 722 if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL) 723 rtldname = ++str; 724 else 725 rtldname = PATHNAME(rlmp); 726 727 /* 728 * Expand the fullpath name of the application. This typically occurs 729 * as a part of loading an object, but as the kernel probably mapped 730 * it in, complete this processing now. 731 */ 732 (void) fullpath(mlmp, 0); 733 734 /* 735 * Some troublesome programs will change the value of argv[0]. Dupping 736 * the process string protects us, and insures the string is left in 737 * any core files. 738 */ 739 if ((str = (char *)strdup(procname)) == NULL) 740 return (0); 741 procname = str; 742 743 FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); 744 FLAGS1(mlmp) |= FL1_RT_USED; 745 746 /* 747 * It's the responsibility of MAIN(crt0) to call it's _init and _fini 748 * section, therefore null out any INIT/FINI so that this object isn't 749 * collected during tsort processing. And, if the application has no 750 * initarray or finiarray we can economize on establishing bindings. 751 */ 752 INIT(mlmp) = FINI(mlmp) = NULL; 753 if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL)) 754 FLAGS1(mlmp) |= FL1_RT_NOINIFIN; 755 756 /* 757 * Identify lddstub if necessary. 758 */ 759 if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) 760 FLAGS1(mlmp) |= FL1_RT_LDDSTUB; 761 762 /* 763 * Retain our argument information for use in dlinfo. 764 */ 765 argsinfo.dla_argv = argv--; 766 argsinfo.dla_argc = (long)*argv; 767 argsinfo.dla_envp = envp; 768 argsinfo.dla_auxv = auxv; 769 770 (void) enter(0); 771 772 /* 773 * Add our two main link-maps to the dynlm_list 774 */ 775 if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL) 776 return (0); 777 778 if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL) 779 return (0); 780 781 /* 782 * Reset the link-map counts for both lists. The init count is used to 783 * track how many objects have pending init sections, this gets incre- 784 * mented each time an object is relocated. Since ld.so.1 relocates 785 * itself, it's init count will remain zero. 786 * The object count is used to track how many objects have pending fini 787 * sections, as ld.so.1 handles its own fini we can zero its count. 788 */ 789 lml_main.lm_obj = 1; 790 lml_rtld.lm_obj = 0; 791 792 /* 793 * Initialize debugger information structure. Some parts of this 794 * structure were initialized statically. 795 */ 796 r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; 797 r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; 798 r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; 799 r_debug.rtd_dynlmlst = &dynlm_list; 800 801 /* 802 * Determine the dev/inode information for the executable to complete 803 * load_so() checking for those who might dlopen(a.out). 804 */ 805 if (rtld_stat(PATHNAME(mlmp), &status) == 0) { 806 STDEV(mlmp) = status.st_dev; 807 STINO(mlmp) = status.st_ino; 808 } 809 810 /* 811 * Initialize any configuration information. 812 */ 813 if (!(rtld_flags & RT_FL_NOCFG)) { 814 if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) 815 return (0); 816 } 817 818 #if defined(_ELF64) 819 /* 820 * If this is a 64-bit process, determine whether this process has 821 * restricted the process address space to 32-bits. Any dependencies 822 * that are restricted to a 32-bit address space can only be loaded if 823 * the executable has established this requirement. 824 */ 825 if (CAPSET(mlmp).sc_sf_1 & SF1_SUNW_ADDR32) 826 rtld_flags2 |= RT_FL2_ADDR32; 827 #endif 828 /* 829 * Establish any alternative capabilities, and validate this object 830 * if it defines it's own capabilities information. 831 */ 832 if (cap_alternative() == 0) 833 return (0); 834 835 if (cap_check_lmp(mlmp, &rej) == 0) { 836 if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { 837 /* LINTED */ 838 (void) printf(MSG_INTL(ldd_warn[rej.rej_type]), 839 NAME(mlmp), rej.rej_str); 840 } else { 841 /* LINTED */ 842 eprintf(&lml_main, ERR_FATAL, 843 MSG_INTL(err_reject[rej.rej_type]), 844 NAME(mlmp), rej.rej_str); 845 return (0); 846 } 847 } 848 849 /* 850 * Establish the modes of the initial object. These modes are 851 * propagated to any preloaded objects and explicit shared library 852 * dependencies. 853 * 854 * If we're generating a configuration file using crle(1), remove 855 * any RTLD_NOW use, as we don't want to trigger any relocation proc- 856 * essing during crle(1)'s first past (this would just be unnecessary 857 * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is 858 * not required to trigger filter loading. 859 * 860 * Note, RTLD_NOW may have been established during analysis of the 861 * application had the application been built -z now. 862 */ 863 MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); 864 865 if (rtld_flags & RT_FL_CONFGEN) { 866 MODE(mlmp) |= RTLD_CONFGEN; 867 MODE(mlmp) &= ~RTLD_NOW; 868 rtld_flags2 &= ~RT_FL2_BINDNOW; 869 } 870 871 if ((MODE(mlmp) & RTLD_NOW) == 0) { 872 if (rtld_flags2 & RT_FL2_BINDNOW) 873 MODE(mlmp) |= RTLD_NOW; 874 else 875 MODE(mlmp) |= RTLD_LAZY; 876 } 877 878 /* 879 * If debugging was requested initialize things now that any cache has 880 * been established. A user can specify LD_DEBUG=help to discover the 881 * list of debugging tokens available without running the application. 882 * However, don't allow this setting from a configuration file. 883 * 884 * Note, to prevent recursion issues caused by loading and binding the 885 * debugging libraries themselves, a local debugging descriptor is 886 * initialized. Once the debugging setup has completed, this local 887 * descriptor is copied to the global descriptor which effectively 888 * enables diagnostic output. 889 * 890 * Ignore any debugging request if we're being monitored by a process 891 * that expects the old getpid() initialization handshake. 892 */ 893 if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) { 894 Dbg_desc _dbg_desc = {0}; 895 struct timeval total = DBG_TOTALTIME; 896 struct timeval delta = DBG_DELTATIME; 897 898 if (rpl_debug) { 899 if (dbg_setup(rpl_debug, &_dbg_desc) == 0) 900 return (0); 901 if (_dbg_desc.d_extra & DBG_E_HELP_EXIT) 902 rtldexit(&lml_main, 0); 903 } 904 if (prm_debug) 905 (void) dbg_setup(prm_debug, &_dbg_desc); 906 907 *dbg_desc = _dbg_desc; 908 DBG_TOTALTIME = total; 909 DBG_DELTATIME = delta; 910 } 911 912 /* 913 * Now that debugging is enabled generate any diagnostics from any 914 * previous events. 915 */ 916 if (DBG_ENABLED) { 917 DBG_CALL(Dbg_cap_val(&lml_main, org_scapset, alt_scapset, 918 M_MACH)); 919 DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, 920 features)); 921 922 DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, 923 LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); 924 925 if (THIS_IS_ELF(mlmp)) { 926 DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), 927 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 928 ALIST_OFF_DATA)); 929 } else { 930 DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), 931 ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, 932 ALIST_OFF_DATA)); 933 } 934 } 935 936 /* 937 * Enable auditing. 938 */ 939 if (rpl_audit || prm_audit || profile_lib) { 940 int ndx; 941 const char *aud[3]; 942 943 aud[0] = rpl_audit; 944 aud[1] = prm_audit; 945 aud[2] = profile_lib; 946 947 /* 948 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that 949 * can't be established is non-fatal. 950 */ 951 if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL) 952 return (0); 953 954 for (ndx = 0; ndx < 3; ndx++) { 955 if (aud[ndx]) { 956 if ((auditors->ad_name = 957 strdup(aud[ndx])) == NULL) 958 return (0); 959 rtld_flags2 |= RT_FL2_FTL2WARN; 960 (void) audit_setup(mlmp, auditors, 961 PD_FLG_EXTLOAD, NULL); 962 rtld_flags2 &= ~RT_FL2_FTL2WARN; 963 } 964 } 965 lml_main.lm_tflags |= auditors->ad_flags; 966 } 967 if (AUDITORS(mlmp)) { 968 /* 969 * Any object required auditing (set with a DT_DEPAUDIT dynamic 970 * entry) that can't be established is fatal. 971 */ 972 if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { 973 /* 974 * If this object requires global auditing, use the 975 * local auditing information to set the global 976 * auditing descriptor. The effect is that a 977 * DT_DEPAUDIT act as an LD_AUDIT. 978 */ 979 if ((auditors == NULL) && ((auditors = calloc(1, 980 sizeof (Audit_desc))) == NULL)) 981 return (0); 982 983 auditors->ad_name = AUDITORS(mlmp)->ad_name; 984 if (audit_setup(mlmp, auditors, 0, NULL) == 0) 985 return (0); 986 lml_main.lm_tflags |= auditors->ad_flags; 987 988 /* 989 * Clear the local auditor information. 990 */ 991 free((void *) AUDITORS(mlmp)); 992 AUDITORS(mlmp) = NULL; 993 994 } else { 995 /* 996 * Establish any local auditing. 997 */ 998 if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) 999 return (0); 1000 1001 AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags; 1002 lml_main.lm_flags |= LML_FLG_LOCAUDIT; 1003 } 1004 } 1005 1006 /* 1007 * Explicitly add the initial object and ld.so.1 to those objects being 1008 * audited. Note, although the ld.so.1 link-map isn't auditable, 1009 * establish a cookie for ld.so.1 as this may be bound to via the 1010 * dl*() family. 1011 */ 1012 if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) { 1013 if (((audit_objopen(mlmp, mlmp) == 0) || 1014 (audit_objopen(mlmp, rlmp) == 0)) && 1015 (AFLAGS(mlmp) & LML_TFLG_AUD_MASK)) 1016 return (0); 1017 } 1018 1019 /* 1020 * Map in any preloadable shared objects. Establish the caller as the 1021 * head of the main link-map list. In the case of being exercised from 1022 * lddstub, the caller gets reassigned to the first target shared object 1023 * so as to provide intuitive diagnostics from ldd(). 1024 * 1025 * Note, it is valid to preload a 4.x shared object with a 5.0 1026 * executable (or visa-versa), as this functionality is required by 1027 * ldd(1). 1028 */ 1029 clmp = mlmp; 1030 if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0)) 1031 return (0); 1032 if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0)) 1033 return (0); 1034 1035 /* 1036 * Load all dependent (needed) objects. 1037 */ 1038 if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == NULL) 1039 return (0); 1040 1041 /* 1042 * Relocate all the dependencies we've just added. 1043 * 1044 * If this process has been established via crle(1), the environment 1045 * variable LD_CONFGEN will have been set. crle(1) may create this 1046 * process twice. The first time crle only needs to gather dependency 1047 * information. The second time, is to dldump() the images. 1048 * 1049 * If we're only gathering dependencies, relocation is unnecessary. 1050 * As crle(1) may be building an arbitrary family of objects, they may 1051 * not fully relocate either. Hence the relocation phase is not carried 1052 * out now, but will be called by crle(1) once all objects have been 1053 * loaded. 1054 */ 1055 if ((rtld_flags & RT_FL_CONFGEN) == 0) { 1056 1057 DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); 1058 1059 if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, 1060 mlmp, NULL) == 0) 1061 return (0); 1062 1063 /* 1064 * Inform the debuggers that basic process initialization is 1065 * complete, and that the state of ld.so.1 (link-map lists, 1066 * etc.) is stable. This handshake enables the debugger to 1067 * initialize themselves, and consequently allows the user to 1068 * set break points in .init code. 1069 * 1070 * Most new debuggers use librtld_db to monitor activity events. 1071 * Older debuggers indicated their presence by setting the 1072 * DT_DEBUG entry in the dynamic executable (see elf_new_lm()). 1073 * In this case, getpid() is called so that the debugger can 1074 * catch the system call. This old mechanism has some 1075 * restrictions, as getpid() should not be called prior to 1076 * basic process initialization being completed. This 1077 * restriction has become increasingly difficult to maintain, 1078 * as the use of auditors, LD_DEBUG, and the initialization 1079 * handshake with libc can result in "premature" getpid() 1080 * calls. The use of this getpid() handshake is expected to 1081 * disappear at some point in the future, and there is intent 1082 * to work towards that goal. 1083 */ 1084 rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); 1085 rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); 1086 1087 if (rtld_flags & RT_FL_DEBUGGER) { 1088 r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; 1089 (void) getpid(); 1090 } 1091 } 1092 1093 /* 1094 * Indicate preinit activity, and call any auditing routines. These 1095 * routines are called before initializing any threads via libc, or 1096 * before collecting the complete set of .inits on the primary link-map. 1097 * Although most libc interfaces are encapsulated in local routines 1098 * within libc, they have been known to escape (ie. call a .plt). As 1099 * the appcert auditor uses preinit as a trigger to establish some 1100 * external interfaces to the main link-maps libc, we need to activate 1101 * this trigger before exercising any code within libc. Additionally, 1102 * I wouldn't put it past an auditor to add additional objects to the 1103 * primary link-map. Hence, we collect .inits after the audit call. 1104 */ 1105 rd_event(&lml_main, RD_PREINIT, 0); 1106 1107 if (aud_activity || 1108 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY)) 1109 audit_activity(mlmp, LA_ACT_CONSISTENT); 1110 if (aud_preinit || 1111 ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT)) 1112 audit_preinit(mlmp); 1113 1114 /* 1115 * If we're creating initial configuration information, we're done 1116 * now that the auditing step has been called. 1117 */ 1118 if (rtld_flags & RT_FL_CONFGEN) { 1119 leave(LIST(mlmp), 0); 1120 return (mlmp); 1121 } 1122 1123 /* 1124 * Sort the .init sections of all objects we've added. If we're 1125 * tracing we only need to execute this under ldd(1) with the -i or -u 1126 * options. 1127 */ 1128 lmflags = lml_main.lm_flags; 1129 if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || 1130 (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { 1131 if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, 1132 RT_SORT_REV)) == (Rt_map **)S_ERROR) 1133 return (0); 1134 } 1135 1136 /* 1137 * If we are tracing we're done. This is the one legitimate use of a 1138 * direct call to rtldexit() rather than return, as we don't want to 1139 * return and jump to the application. 1140 */ 1141 if (lmflags & LML_FLG_TRC_ENABLE) { 1142 unused(&lml_main); 1143 rtldexit(&lml_main, 0); 1144 } 1145 1146 /* 1147 * Check if this instance of the linker should have a primary link 1148 * map. This flag allows multiple copies of the -same- -version- 1149 * of the linker (and libc) to run in the same address space. 1150 * 1151 * Without this flag we only support one copy of the linker in a 1152 * process because by default the linker will always try to 1153 * initialize at one primary link map The copy of libc which is 1154 * initialized on a primary link map will initialize global TLS 1155 * data which can be shared with other copies of libc in the 1156 * process. The problem is that if there is more than one copy 1157 * of the linker, only one copy should link libc onto a primary 1158 * link map, otherwise libc will attempt to re-initialize global 1159 * TLS data. So when a copy of the linker is loaded with this 1160 * flag set, it will not initialize any primary link maps since 1161 * presumably another copy of the linker will do this. 1162 * 1163 * Note that this flag only allows multiple copies of the -same- 1164 * -version- of the linker (and libc) to coexist. This approach 1165 * will not work if we are trying to load different versions of 1166 * the linker and libc into the same process. The reason for 1167 * this is that the format of the global TLS data may not be 1168 * the same for different versions of libc. In this case each 1169 * different version of libc must have it's own primary link map 1170 * and be able to maintain it's own TLS data. The only way this 1171 * can be done is by carefully managing TLS pointers on transitions 1172 * between code associated with each of the different linkers. 1173 * Note that this is actually what is done for processes in lx 1174 * branded zones. Although in the lx branded zone case, the 1175 * other linker and libc are actually gld and glibc. But the 1176 * same general TLS management mechanism used by the lx brand 1177 * would apply to any attempts to run multiple versions of the 1178 * solaris linker and libc in a single process. 1179 */ 1180 if (auxflags & AF_SUN_NOPLM) 1181 rtld_flags2 |= RT_FL2_NOPLM; 1182 1183 /* 1184 * Establish any static TLS for this primary link-map. Note, regardless 1185 * of whether TLS is available, an initial handshake occurs with libc to 1186 * indicate we're processing the primary link-map. Having identified 1187 * the primary link-map, initialize threads. 1188 */ 1189 if (rt_get_extern(&lml_main, mlmp) == 0) 1190 return (0); 1191 1192 if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { 1193 if (tls_statmod(&lml_main, mlmp) == 0) 1194 return (0); 1195 rt_thr_init(&lml_main); 1196 rtld_flags2 |= RT_FL2_PLMSETUP; 1197 } else { 1198 rt_thr_init(&lml_main); 1199 } 1200 1201 /* 1202 * Fire all dependencies .init sections. Identify any unused 1203 * dependencies, and leave the runtime linker - effectively calling 1204 * the dynamic executables entry point. 1205 */ 1206 call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, 1207 SHT_PREINIT_ARRAY); 1208 1209 if (tobj) 1210 call_init(tobj, DBG_INIT_SORT); 1211 1212 rd_event(&lml_main, RD_POSTINIT, 0); 1213 1214 unused(&lml_main); 1215 1216 DBG_CALL(Dbg_util_call_main(mlmp)); 1217 1218 rtld_flags |= (RT_FL_OPERATION | RT_FL_APPLIC); 1219 1220 leave(LIST(mlmp), 0); 1221 1222 return (mlmp); 1223 } 1224