1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Dump an elf file. 29 */ 30 #include <stddef.h> 31 #include <sys/elf_386.h> 32 #include <sys/elf_amd64.h> 33 #include <sys/elf_SPARC.h> 34 #include <_libelf.h> 35 #include <dwarf.h> 36 #include <stdio.h> 37 #include <unistd.h> 38 #include <errno.h> 39 #include <strings.h> 40 #include <debug.h> 41 #include <conv.h> 42 #include <msg.h> 43 #include <_elfdump.h> 44 45 46 /* 47 * VERSYM_STATE is used to maintain information about the VERSYM section 48 * in the object being analyzed. It is filled in by versions(), and used 49 * by init_symtbl_state() when displaying symbol information. 50 * 51 * There are three forms of symbol versioning known to us: 52 * 53 * 1) The original form, introduced with Solaris 2.5, in which 54 * the Versym contains indexes to Verdef records, and the 55 * Versym values for UNDEF symbols resolved by other objects 56 * are all set to 0. 57 * 2) The GNU form, which is backward compatible with the original 58 * Solaris form, but which adds several extensions: 59 * - The Versym also contains indexes to Verneed records, recording 60 * which object/version contributed the external symbol at 61 * link time. These indexes start with the next value following 62 * the final Verdef index. The index is written to the previously 63 * reserved vna_other field of the ELF Vernaux structure. 64 * - The top bit of the Versym value is no longer part of the index, 65 * but is used as a "hidden bit" to prevent binding to the symbol. 66 * - Multiple implementations of a given symbol, contained in varying 67 * versions are allowed, using special assembler pseudo ops, 68 * and encoded in the symbol name using '@' characters. 69 * 3) Modified Solaris form, in which we adopt the first GNU extension 70 * (Versym indexes to Verneed records), but not the others. 71 * 72 * elfdump can handle any of these cases. The presence of a DT_VERSYM 73 * dynamic element indicates a full GNU object. An object that lacks 74 * a DT_VERSYM entry, but which has non-zero vna_other fields in the Vernaux 75 * structures is a modified Solaris object. An object that has neither of 76 * these uses the original form. 77 * 78 * max_verndx contains the largest version index that can appear 79 * in a Versym entry. This can never be less than 1: In the case where 80 * there is no verdef/verneed sections, the [0] index is reserved 81 * for local symbols, and the [1] index for globals. If the original 82 * Solaris versioning rules are in effect and there is a verdef section, 83 * then max_verndex is the number of defined versions. If one of the 84 * other versioning forms is in effect, then: 85 * 1) If there is no verneed section, it is the same as for 86 * original Solaris versioning. 87 * 2) If there is a verneed section, the vna_other field of the 88 * Vernaux structs contain versions, and max_verndx is the 89 * largest such index. 90 * 91 * If gnu_full is True, the object uses the full GNU form of versioning. 92 * The value of the gnu_full field is based on the presence of 93 * a DT_VERSYM entry in the dynamic section: GNU ld produces these, and 94 * Solaris ld does not. 95 * 96 * The gnu_needed field is True if the Versym contains indexes to 97 * Verneed records, as indicated by non-zero vna_other fields in the Verneed 98 * section. If gnu_full is True, then gnu_needed will always be true. 99 * However, gnu_needed can be true without gnu_full. This is the modified 100 * Solaris form. 101 */ 102 typedef struct { 103 Cache *cache; /* Pointer to cache entry for VERSYM */ 104 Versym *data; /* Pointer to versym array */ 105 int gnu_full; /* True if object uses GNU versioning rules */ 106 int gnu_needed; /* True if object uses VERSYM indexes for */ 107 /* VERNEED (subset of gnu_full) */ 108 int max_verndx; /* largest versym index value */ 109 } VERSYM_STATE; 110 111 /* 112 * SYMTBL_STATE is used to maintain information about a single symbol 113 * table section, for use by the routines that display symbol information. 114 */ 115 typedef struct { 116 const char *file; /* Name of file */ 117 Ehdr *ehdr; /* ELF header for file */ 118 Cache *cache; /* Cache of all section headers */ 119 uchar_t osabi; /* OSABI to use */ 120 Word shnum; /* # of sections in cache */ 121 Cache *seccache; /* Cache of symbol table section hdr */ 122 Word secndx; /* Index of symbol table section hdr */ 123 const char *secname; /* Name of section */ 124 uint_t flags; /* Command line option flags */ 125 struct { /* Extended section index data */ 126 int checked; /* TRUE if already checked for shxndx */ 127 Word *data; /* NULL, or extended section index */ 128 /* used for symbol table entries */ 129 uint_t n; /* # items in shxndx.data */ 130 } shxndx; 131 VERSYM_STATE *versym; /* NULL, or associated VERSYM section */ 132 Sym *sym; /* Array of symbols */ 133 Word symn; /* # of symbols */ 134 } SYMTBL_STATE; 135 136 /* 137 * A variable of this type is used to track information related to 138 * .eh_frame and .eh_frame_hdr sections across calls to unwind_eh_frame(). 139 */ 140 typedef struct { 141 Word frame_cnt; /* # .eh_frame sections seen */ 142 Word frame_ndx; /* Section index of 1st .eh_frame */ 143 Word hdr_cnt; /* # .eh_frame_hdr sections seen */ 144 Word hdr_ndx; /* Section index of 1st .eh_frame_hdr */ 145 uint64_t frame_ptr; /* Value of FramePtr field from first */ 146 /* .eh_frame_hdr section */ 147 uint64_t frame_base; /* Data addr of 1st .eh_frame */ 148 } gnu_eh_state_t; 149 150 /* 151 * C++ .exception_ranges entries make use of the signed ptrdiff_t 152 * type to record self-relative pointer values. We need a type 153 * for this that is matched to the ELFCLASS being processed. 154 */ 155 #if defined(_ELF64) 156 typedef int64_t PTRDIFF_T; 157 #else 158 typedef int32_t PTRDIFF_T; 159 #endif 160 161 /* 162 * The Sun C++ ABI uses this struct to define each .exception_ranges 163 * entry. From the ABI: 164 * 165 * The field ret_addr is a self relative pointer to the start of the address 166 * range. The name was chosen because in the current implementation the range 167 * typically starts at the return address for a call site. 168 * 169 * The field length is the difference, in bytes, between the pc of the last 170 * instruction covered by the exception range and the first. When only a 171 * single call site is represented without optimization, this will equal zero. 172 * 173 * The field handler_addr is a relative pointer which stores the difference 174 * between the start of the exception range and the address of all code to 175 * catch exceptions and perform the cleanup for stack unwinding. 176 * 177 * The field type_block is a relative pointer which stores the difference 178 * between the start of the exception range and the address of an array used 179 * for storing a list of the types of exceptions which can be caught within 180 * the exception range. 181 */ 182 typedef struct { 183 PTRDIFF_T ret_addr; 184 Xword length; 185 PTRDIFF_T handler_addr; 186 PTRDIFF_T type_block; 187 Xword reserved; 188 } exception_range_entry; 189 190 /* 191 * Focal point for verifying symbol names. 192 */ 193 static const char * 194 string(Cache *refsec, Word ndx, Cache *strsec, const char *file, Word name) 195 { 196 /* 197 * If an error in this routine is due to a property of the string 198 * section, as opposed to a bad offset into the section (a property of 199 * the referencing section), then we will detect the same error on 200 * every call involving those sections. We use these static variables 201 * to retain the information needed to only issue each such error once. 202 */ 203 static Cache *last_refsec; /* Last referencing section seen */ 204 static int strsec_err; /* True if error issued */ 205 206 const char *strs; 207 Word strn; 208 209 if (strsec->c_data == NULL) 210 return (NULL); 211 212 strs = (char *)strsec->c_data->d_buf; 213 strn = strsec->c_data->d_size; 214 215 /* 216 * We only print a diagnostic regarding a bad string table once per 217 * input section being processed. If the refsec has changed, reset 218 * our retained error state. 219 */ 220 if (last_refsec != refsec) { 221 last_refsec = refsec; 222 strsec_err = 0; 223 } 224 225 /* Verify that strsec really is a string table */ 226 if (strsec->c_shdr->sh_type != SHT_STRTAB) { 227 if (!strsec_err) { 228 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOTSTRTAB), 229 file, strsec->c_ndx, refsec->c_ndx); 230 strsec_err = 1; 231 } 232 return (MSG_INTL(MSG_STR_UNKNOWN)); 233 } 234 235 /* 236 * Is the string table offset within range of the available strings? 237 */ 238 if (name >= strn) { 239 /* 240 * Do we have a empty string table? 241 */ 242 if (strs == NULL) { 243 if (!strsec_err) { 244 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 245 file, strsec->c_name); 246 strsec_err = 1; 247 } 248 } else { 249 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSTOFF), 250 file, refsec->c_name, EC_WORD(ndx), strsec->c_name, 251 EC_WORD(name), EC_WORD(strn - 1)); 252 } 253 254 /* 255 * Return the empty string so that the calling function can 256 * continue it's output diagnostics. 257 */ 258 return (MSG_INTL(MSG_STR_UNKNOWN)); 259 } 260 return (strs + name); 261 } 262 263 /* 264 * Relocations can reference section symbols and standard symbols. If the 265 * former, establish the section name. 266 */ 267 static const char * 268 relsymname(Cache *cache, Cache *csec, Cache *strsec, Word symndx, Word symnum, 269 Word relndx, Sym *syms, char *secstr, size_t secsz, const char *file) 270 { 271 Sym *sym; 272 const char *name; 273 274 if (symndx >= symnum) { 275 (void) fprintf(stderr, MSG_INTL(MSG_ERR_RELBADSYMNDX), 276 file, EC_WORD(symndx), EC_WORD(relndx)); 277 return (MSG_INTL(MSG_STR_UNKNOWN)); 278 } 279 280 sym = (Sym *)(syms + symndx); 281 name = string(csec, symndx, strsec, file, sym->st_name); 282 283 /* 284 * If the symbol represents a section offset construct an appropriate 285 * string. Note, although section symbol table entries typically have 286 * a NULL name pointer, entries do exist that point into the string 287 * table to their own NULL strings. 288 */ 289 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION) && 290 ((sym->st_name == 0) || (*name == '\0'))) { 291 (void) snprintf(secstr, secsz, MSG_INTL(MSG_STR_SECTION), 292 cache[sym->st_shndx].c_name); 293 return ((const char *)secstr); 294 } 295 296 return (name); 297 } 298 299 /* 300 * Focal point for establishing a string table section. Data such as the 301 * dynamic information simply points to a string table. Data such as 302 * relocations, reference a symbol table, which in turn is associated with a 303 * string table. 304 */ 305 static int 306 stringtbl(Cache *cache, int symtab, Word ndx, Word shnum, const char *file, 307 Word *symnum, Cache **symsec, Cache **strsec) 308 { 309 Shdr *shdr = cache[ndx].c_shdr; 310 311 if (symtab) { 312 /* 313 * Validate the symbol table section. 314 */ 315 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 316 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 317 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 318 return (0); 319 } 320 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 321 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 322 file, cache[ndx].c_name); 323 return (0); 324 } 325 326 /* 327 * Obtain, and verify the symbol table data. 328 */ 329 if ((cache[ndx].c_data == NULL) || 330 (cache[ndx].c_data->d_buf == NULL)) { 331 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 332 file, cache[ndx].c_name); 333 return (0); 334 } 335 336 /* 337 * Establish the string table index. 338 */ 339 ndx = shdr->sh_link; 340 shdr = cache[ndx].c_shdr; 341 342 /* 343 * Return symbol table information. 344 */ 345 if (symnum) 346 *symnum = (shdr->sh_size / shdr->sh_entsize); 347 if (symsec) 348 *symsec = &cache[ndx]; 349 } 350 351 /* 352 * Validate the associated string table section. 353 */ 354 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 355 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 356 file, cache[ndx].c_name, EC_WORD(shdr->sh_link)); 357 return (0); 358 } 359 360 if (strsec) 361 *strsec = &cache[shdr->sh_link]; 362 363 return (1); 364 } 365 366 /* 367 * Lookup a symbol and set Sym accordingly. 368 * 369 * entry: 370 * name - Name of symbol to lookup 371 * cache - Cache of all section headers 372 * shnum - # of sections in cache 373 * sym - Address of pointer to receive symbol 374 * target - NULL, or section to which the symbol must be associated. 375 * symtab - Symbol table to search for symbol 376 * file - Name of file 377 * 378 * exit: 379 * If the symbol is found, *sym is set to reference it, and True is 380 * returned. If target is non-NULL, the symbol must reference the given 381 * section --- otherwise the section is not checked. 382 * 383 * If no symbol is found, False is returned. 384 */ 385 static int 386 symlookup(const char *name, Cache *cache, Word shnum, Sym **sym, 387 Cache *target, Cache *symtab, const char *file) 388 { 389 Shdr *shdr; 390 Word symn, cnt; 391 Sym *syms; 392 393 if (symtab == 0) 394 return (0); 395 396 shdr = symtab->c_shdr; 397 398 /* 399 * Determine the symbol data and number. 400 */ 401 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 402 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 403 file, symtab->c_name); 404 return (0); 405 } 406 if (symtab->c_data == NULL) 407 return (0); 408 409 /* LINTED */ 410 symn = (Word)(shdr->sh_size / shdr->sh_entsize); 411 syms = (Sym *)symtab->c_data->d_buf; 412 413 /* 414 * Get the associated string table section. 415 */ 416 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 417 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 418 file, symtab->c_name, EC_WORD(shdr->sh_link)); 419 return (0); 420 } 421 422 /* 423 * Loop through the symbol table to find a match. 424 */ 425 *sym = NULL; 426 for (cnt = 0; cnt < symn; syms++, cnt++) { 427 const char *symname; 428 429 symname = string(symtab, cnt, &cache[shdr->sh_link], file, 430 syms->st_name); 431 432 if (symname && (strcmp(name, symname) == 0) && 433 ((target == NULL) || (target->c_ndx == syms->st_shndx))) { 434 /* 435 * It is possible, though rare, for a local and 436 * global symbol of the same name to exist, each 437 * contributed by a different input object. If the 438 * symbol just found is local, remember it, but 439 * continue looking. 440 */ 441 *sym = syms; 442 if (ELF_ST_BIND(syms->st_info) != STB_LOCAL) 443 break; 444 } 445 } 446 447 return (*sym != NULL); 448 } 449 450 /* 451 * Print section headers. 452 */ 453 static void 454 sections(const char *file, Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi) 455 { 456 size_t seccnt; 457 458 for (seccnt = 1; seccnt < shnum; seccnt++) { 459 Cache *_cache = &cache[seccnt]; 460 Shdr *shdr = _cache->c_shdr; 461 const char *secname = _cache->c_name; 462 463 /* 464 * Although numerous section header entries can be zero, it's 465 * usually a sign of trouble if the type is zero. 466 */ 467 if (shdr->sh_type == 0) { 468 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHTYPE), 469 file, secname, EC_WORD(shdr->sh_type)); 470 } 471 472 if (!match(MATCH_F_ALL, secname, seccnt, shdr->sh_type)) 473 continue; 474 475 /* 476 * Identify any sections that are suspicious. A .got section 477 * shouldn't exist in a relocatable object. 478 */ 479 if (ehdr->e_type == ET_REL) { 480 if (strncmp(secname, MSG_ORIG(MSG_ELF_GOT), 481 MSG_ELF_GOT_SIZE) == 0) { 482 (void) fprintf(stderr, 483 MSG_INTL(MSG_GOT_UNEXPECTED), file, 484 secname); 485 } 486 } 487 488 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 489 dbg_print(0, MSG_INTL(MSG_ELF_SHDR), EC_WORD(seccnt), secname); 490 Elf_shdr(0, osabi, ehdr->e_machine, shdr); 491 } 492 } 493 494 /* 495 * Obtain a specified Phdr entry. 496 */ 497 static Phdr * 498 getphdr(Word phnum, Word *type_arr, Word type_cnt, const char *file, Elf *elf) 499 { 500 Word cnt, tcnt; 501 Phdr *phdr; 502 503 if ((phdr = elf_getphdr(elf)) == NULL) { 504 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 505 return (NULL); 506 } 507 508 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 509 for (tcnt = 0; tcnt < type_cnt; tcnt++) { 510 if (phdr->p_type == type_arr[tcnt]) 511 return (phdr); 512 } 513 } 514 return (NULL); 515 } 516 517 /* 518 * Display the contents of GNU/amd64 .eh_frame and .eh_frame_hdr 519 * sections. 520 * 521 * entry: 522 * cache - Cache of all section headers 523 * shndx - Index of .eh_frame or .eh_frame_hdr section to be displayed 524 * uphdr - NULL, or unwind program header associated with 525 * the .eh_frame_hdr section. 526 * ehdr - ELF header for file 527 * eh_state - Data used across calls to this routine. The 528 * caller should zero it before the first call, and 529 * pass it on every call. 530 * osabi - OSABI to use in displaying information 531 * file - Name of file 532 * flags - Command line option flags 533 */ 534 static void 535 unwind_eh_frame(Cache *cache, Word shndx, Phdr *uphdr, Ehdr *ehdr, 536 gnu_eh_state_t *eh_state, uchar_t osabi, const char *file, uint_t flags) 537 { 538 #if defined(_ELF64) 539 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_64 540 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_64 541 #else 542 #define MSG_UNW_BINSRTAB2 MSG_UNW_BINSRTAB2_32 543 #define MSG_UNW_BINSRTABENT MSG_UNW_BINSRTABENT_32 544 #endif 545 546 Cache *_cache = &cache[shndx]; 547 Shdr *shdr = _cache->c_shdr; 548 uchar_t *data = (uchar_t *)(_cache->c_data->d_buf); 549 size_t datasize = _cache->c_data->d_size; 550 Conv_dwarf_ehe_buf_t dwarf_ehe_buf; 551 uint64_t ndx, frame_ptr, fde_cnt, tabndx; 552 uint_t vers, frame_ptr_enc, fde_cnt_enc, table_enc; 553 uint64_t initloc, initloc0; 554 555 556 /* 557 * Is this a .eh_frame_hdr? 558 */ 559 if ((uphdr && (shdr->sh_addr == uphdr->p_vaddr)) || 560 (strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRMHDR), 561 MSG_SCN_FRMHDR_SIZE) == 0)) { 562 /* 563 * There can only be a single .eh_frame_hdr. 564 * Flag duplicates. 565 */ 566 if (++eh_state->hdr_cnt > 1) 567 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTEHFRMHDR), 568 file, EC_WORD(shndx), _cache->c_name); 569 570 dbg_print(0, MSG_ORIG(MSG_UNW_FRMHDR)); 571 ndx = 0; 572 573 vers = data[ndx++]; 574 frame_ptr_enc = data[ndx++]; 575 fde_cnt_enc = data[ndx++]; 576 table_enc = data[ndx++]; 577 578 dbg_print(0, MSG_ORIG(MSG_UNW_FRMVERS), vers); 579 580 frame_ptr = dwarf_ehe_extract(data, &ndx, frame_ptr_enc, 581 ehdr->e_ident, shdr->sh_addr, ndx); 582 if (eh_state->hdr_cnt == 1) { 583 eh_state->hdr_ndx = shndx; 584 eh_state->frame_ptr = frame_ptr; 585 } 586 587 dbg_print(0, MSG_ORIG(MSG_UNW_FRPTRENC), 588 conv_dwarf_ehe(frame_ptr_enc, &dwarf_ehe_buf), 589 EC_XWORD(frame_ptr)); 590 591 fde_cnt = dwarf_ehe_extract(data, &ndx, fde_cnt_enc, 592 ehdr->e_ident, shdr->sh_addr, ndx); 593 594 dbg_print(0, MSG_ORIG(MSG_UNW_FDCNENC), 595 conv_dwarf_ehe(fde_cnt_enc, &dwarf_ehe_buf), 596 EC_XWORD(fde_cnt)); 597 dbg_print(0, MSG_ORIG(MSG_UNW_TABENC), 598 conv_dwarf_ehe(table_enc, &dwarf_ehe_buf)); 599 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB1)); 600 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTAB2)); 601 602 for (tabndx = 0; tabndx < fde_cnt; tabndx++) { 603 initloc = dwarf_ehe_extract(data, &ndx, table_enc, 604 ehdr->e_ident, shdr->sh_addr, ndx); 605 /*LINTED:E_VAR_USED_BEFORE_SET*/ 606 if ((tabndx != 0) && (initloc0 > initloc)) 607 (void) fprintf(stderr, 608 MSG_INTL(MSG_ERR_BADSORT), file, 609 _cache->c_name, EC_WORD(tabndx)); 610 dbg_print(0, MSG_ORIG(MSG_UNW_BINSRTABENT), 611 EC_XWORD(initloc), 612 EC_XWORD(dwarf_ehe_extract(data, &ndx, 613 table_enc, ehdr->e_ident, shdr->sh_addr, 614 ndx))); 615 initloc0 = initloc; 616 } 617 } else { /* Display the .eh_frame section */ 618 eh_state->frame_cnt++; 619 if (eh_state->frame_cnt == 1) { 620 eh_state->frame_ndx = shndx; 621 eh_state->frame_base = shdr->sh_addr; 622 } else if ((eh_state->frame_cnt > 1) && 623 (ehdr->e_type != ET_REL)) { 624 Conv_inv_buf_t inv_buf; 625 626 (void) fprintf(stderr, MSG_INTL(MSG_WARN_MULTEHFRM), 627 file, EC_WORD(shndx), _cache->c_name, 628 conv_ehdr_type(osabi, ehdr->e_type, 0, &inv_buf)); 629 } 630 dump_eh_frame(data, datasize, shdr->sh_addr, 631 ehdr->e_machine, ehdr->e_ident); 632 } 633 634 /* 635 * If we've seen the .eh_frame_hdr and the first .eh_frame section, 636 * compare the header frame_ptr to the address of the actual frame 637 * section to ensure the link-editor got this right. Note, this 638 * diagnostic is only produced when unwind information is explicitly 639 * asked for, as shared objects built with an older ld(1) may reveal 640 * this inconsistency. Although an inconsistency, it doesn't seem to 641 * have any adverse effect on existing tools. 642 */ 643 if (((flags & FLG_MASK_SHOW) != FLG_MASK_SHOW) && 644 (eh_state->hdr_cnt > 0) && (eh_state->frame_cnt > 0) && 645 (eh_state->frame_ptr != eh_state->frame_base)) 646 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADEHFRMPTR), 647 file, EC_WORD(eh_state->hdr_ndx), 648 cache[eh_state->hdr_ndx].c_name, 649 EC_XWORD(eh_state->frame_ptr), 650 EC_WORD(eh_state->frame_ndx), 651 cache[eh_state->frame_ndx].c_name, 652 EC_XWORD(eh_state->frame_base)); 653 #undef MSG_UNW_BINSRTAB2 654 #undef MSG_UNW_BINSRTABENT 655 } 656 657 /* 658 * Convert a self relative pointer into an address. A self relative 659 * pointer adds the address where the pointer resides to the offset 660 * contained in the pointer. The benefit is that the value of the 661 * pointer does not require relocation. 662 * 663 * entry: 664 * base_addr - Address of the pointer. 665 * delta - Offset relative to base_addr giving desired address 666 * 667 * exit: 668 * The computed address is returned. 669 * 670 * note: 671 * base_addr is an unsigned value, while ret_addr is signed. This routine 672 * used explicit testing and casting to explicitly control type 673 * conversion, and ensure that we handle the maximum possible range. 674 */ 675 static Addr 676 srelptr(Addr base_addr, PTRDIFF_T delta) 677 { 678 if (delta < 0) 679 return (base_addr - (Addr) (-delta)); 680 681 return (base_addr + (Addr) delta); 682 } 683 684 /* 685 * Byte swap a PTRDIFF_T value. 686 */ 687 static PTRDIFF_T 688 swap_ptrdiff(PTRDIFF_T value) 689 { 690 PTRDIFF_T r; 691 uchar_t *dst = (uchar_t *)&r; 692 uchar_t *src = (uchar_t *)&value; 693 694 UL_ASSIGN_BSWAP_XWORD(dst, src); 695 return (r); 696 } 697 698 /* 699 * Display exception_range_entry items from the .exception_ranges section 700 * of a Sun C++ object. 701 */ 702 static void 703 unwind_exception_ranges(Cache *_cache, const char *file, int do_swap) 704 { 705 /* 706 * Translate a PTRDIFF_T self-relative address field of 707 * an exception_range_entry struct into an address. 708 * 709 * entry: 710 * exc_addr - Address of base of exception_range_entry struct 711 * cur_ent - Pointer to data in the struct to be translated 712 * 713 * _f - Field of struct to be translated 714 */ 715 #define SRELPTR(_f) \ 716 srelptr(exc_addr + offsetof(exception_range_entry, _f), cur_ent->_f) 717 718 #if defined(_ELF64) 719 #define MSG_EXR_TITLE MSG_EXR_TITLE_64 720 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_64 721 #else 722 #define MSG_EXR_TITLE MSG_EXR_TITLE_32 723 #define MSG_EXR_ENTRY MSG_EXR_ENTRY_32 724 #endif 725 726 exception_range_entry scratch, *ent, *cur_ent = &scratch; 727 char index[MAXNDXSIZE]; 728 Word i, nelts; 729 Addr addr, addr0, offset = 0; 730 Addr exc_addr = _cache->c_shdr->sh_addr; 731 732 dbg_print(0, MSG_INTL(MSG_EXR_TITLE)); 733 ent = (exception_range_entry *)(_cache->c_data->d_buf); 734 nelts = _cache->c_data->d_size / sizeof (exception_range_entry); 735 736 for (i = 0; i < nelts; i++, ent++) { 737 if (do_swap) { 738 /* 739 * Copy byte swapped values into the scratch buffer. 740 * The reserved field is not used, so we skip it. 741 */ 742 scratch.ret_addr = swap_ptrdiff(ent->ret_addr); 743 scratch.length = BSWAP_XWORD(ent->length); 744 scratch.handler_addr = swap_ptrdiff(ent->handler_addr); 745 scratch.type_block = swap_ptrdiff(ent->type_block); 746 } else { 747 cur_ent = ent; 748 } 749 750 /* 751 * The table is required to be sorted by the address 752 * derived from ret_addr, to allow binary searching. Ensure 753 * that addresses grow monotonically. 754 */ 755 addr = SRELPTR(ret_addr); 756 /*LINTED:E_VAR_USED_BEFORE_SET*/ 757 if ((i != 0) && (addr0 > addr)) 758 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSORT), 759 file, _cache->c_name, EC_WORD(i)); 760 761 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 762 EC_XWORD(i)); 763 dbg_print(0, MSG_INTL(MSG_EXR_ENTRY), index, EC_ADDR(offset), 764 EC_ADDR(addr), EC_ADDR(cur_ent->length), 765 EC_ADDR(SRELPTR(handler_addr)), 766 EC_ADDR(SRELPTR(type_block))); 767 768 addr0 = addr; 769 exc_addr += sizeof (exception_range_entry); 770 offset += sizeof (exception_range_entry); 771 } 772 773 #undef SRELPTR 774 #undef MSG_EXR_TITLE 775 #undef MSG_EXR_ENTRY 776 } 777 778 /* 779 * Display information from unwind/exception sections: 780 * 781 * - GNU/amd64 .eh_frame and .eh_frame_hdr 782 * - Sun C++ .exception_ranges 783 * 784 */ 785 static void 786 unwind(Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, uchar_t osabi, 787 const char *file, Elf *elf, uint_t flags) 788 { 789 static Word phdr_types[] = { PT_SUNW_UNWIND, PT_SUNW_EH_FRAME }; 790 791 Word cnt; 792 Phdr *uphdr = NULL; 793 gnu_eh_state_t eh_state; 794 795 /* 796 * Historical background: .eh_frame and .eh_frame_hdr sections 797 * come from the GNU compilers (particularly C++), and are used 798 * under all architectures. Their format is based on DWARF. When 799 * the amd64 ABI was defined, these sections were adopted wholesale 800 * from the existing practice. 801 * 802 * When amd64 support was added to Solaris, support for these 803 * sections was added, using the SHT_AMD64_UNWIND section type 804 * to identify them. At first, we ignored them in objects for 805 * non-amd64 targets, but later broadened our support to include 806 * other architectures in order to better support gcc-generated 807 * objects. 808 * 809 * .exception_ranges implement the same basic concepts, but 810 * were invented at Sun for the Sun C++ compiler. 811 * 812 * We match these sections by name, rather than section type, 813 * because they can come in as either SHT_AMD64_UNWIND, or as 814 * SHT_PROGBITS, and because the type isn't enough to determine 815 * how they should be interpreted. 816 */ 817 /* Find the program header for .eh_frame_hdr if present */ 818 if (phnum) 819 uphdr = getphdr(phnum, phdr_types, 820 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 821 822 /* 823 * eh_state is used to retain data used by unwind_eh_frame() 824 * across calls. 825 */ 826 bzero(&eh_state, sizeof (eh_state)); 827 828 for (cnt = 1; cnt < shnum; cnt++) { 829 Cache *_cache = &cache[cnt]; 830 Shdr *shdr = _cache->c_shdr; 831 int is_exrange; 832 833 /* 834 * Skip sections of the wrong type. On amd64, they 835 * can be SHT_AMD64_UNWIND. On all platforms, they 836 * can be SHT_PROGBITS (including amd64, if using 837 * the GNU compilers). 838 * 839 * Skip anything other than these two types. The name 840 * test below will thin out the SHT_PROGBITS that don't apply. 841 */ 842 if ((shdr->sh_type != SHT_PROGBITS) && 843 (shdr->sh_type != SHT_AMD64_UNWIND)) 844 continue; 845 846 /* 847 * Only sections with certain well known names are of interest. 848 * These are: 849 * 850 * .eh_frame - amd64/GNU-compiler unwind sections 851 * .eh_frame_hdr - Sorted table referencing .eh_frame 852 * .exception_ranges - Sun C++ unwind sections 853 * 854 * We do a prefix comparison, allowing for naming conventions 855 * like .eh_frame.foo, hence the use of strncmp() rather than 856 * strcmp(). This means that we only really need to test for 857 * .eh_frame, as it's a prefix of .eh_frame_hdr. 858 */ 859 is_exrange = strncmp(_cache->c_name, 860 MSG_ORIG(MSG_SCN_EXRANGE), MSG_SCN_EXRANGE_SIZE) == 0; 861 if ((strncmp(_cache->c_name, MSG_ORIG(MSG_SCN_FRM), 862 MSG_SCN_FRM_SIZE) != 0) && !is_exrange) 863 continue; 864 865 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 866 continue; 867 868 if (_cache->c_data == NULL) 869 continue; 870 871 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 872 dbg_print(0, MSG_INTL(MSG_ELF_SCN_UNWIND), _cache->c_name); 873 874 if (is_exrange) 875 unwind_exception_ranges(_cache, file, 876 _elf_sys_encoding() != ehdr->e_ident[EI_DATA]); 877 else 878 unwind_eh_frame(cache, cnt, uphdr, ehdr, &eh_state, 879 osabi, file, flags); 880 } 881 } 882 883 /* 884 * Initialize a symbol table state structure 885 * 886 * entry: 887 * state - State structure to be initialized 888 * cache - Cache of all section headers 889 * shnum - # of sections in cache 890 * secndx - Index of symbol table section 891 * ehdr - ELF header for file 892 * versym - Information about versym section 893 * file - Name of file 894 * flags - Command line option flags 895 */ 896 static int 897 init_symtbl_state(SYMTBL_STATE *state, Cache *cache, Word shnum, Word secndx, 898 Ehdr *ehdr, uchar_t osabi, VERSYM_STATE *versym, const char *file, 899 uint_t flags) 900 { 901 Shdr *shdr; 902 903 state->file = file; 904 state->ehdr = ehdr; 905 state->cache = cache; 906 state->osabi = osabi; 907 state->shnum = shnum; 908 state->seccache = &cache[secndx]; 909 state->secndx = secndx; 910 state->secname = state->seccache->c_name; 911 state->flags = flags; 912 state->shxndx.checked = 0; 913 state->shxndx.data = NULL; 914 state->shxndx.n = 0; 915 916 shdr = state->seccache->c_shdr; 917 918 /* 919 * Check the symbol data and per-item size. 920 */ 921 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 922 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 923 file, state->secname); 924 return (0); 925 } 926 if (state->seccache->c_data == NULL) 927 return (0); 928 929 /* LINTED */ 930 state->symn = (Word)(shdr->sh_size / shdr->sh_entsize); 931 state->sym = (Sym *)state->seccache->c_data->d_buf; 932 933 /* 934 * Check associated string table section. 935 */ 936 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 937 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 938 file, state->secname, EC_WORD(shdr->sh_link)); 939 return (0); 940 } 941 942 /* 943 * Determine if there is a associated Versym section 944 * with this Symbol Table. 945 */ 946 if (versym && versym->cache && 947 (versym->cache->c_shdr->sh_link == state->secndx)) 948 state->versym = versym; 949 else 950 state->versym = NULL; 951 952 953 return (1); 954 } 955 956 /* 957 * Determine the extended section index used for symbol tables entries. 958 */ 959 static void 960 symbols_getxindex(SYMTBL_STATE *state) 961 { 962 uint_t symn; 963 Word symcnt; 964 965 state->shxndx.checked = 1; /* Note that we've been called */ 966 for (symcnt = 1; symcnt < state->shnum; symcnt++) { 967 Cache *_cache = &state->cache[symcnt]; 968 Shdr *shdr = _cache->c_shdr; 969 970 if ((shdr->sh_type != SHT_SYMTAB_SHNDX) || 971 (shdr->sh_link != state->secndx)) 972 continue; 973 974 if ((shdr->sh_entsize) && 975 /* LINTED */ 976 ((symn = (uint_t)(shdr->sh_size / shdr->sh_entsize)) == 0)) 977 continue; 978 979 if (_cache->c_data == NULL) 980 continue; 981 982 state->shxndx.data = _cache->c_data->d_buf; 983 state->shxndx.n = symn; 984 return; 985 } 986 } 987 988 /* 989 * Produce a line of output for the given symbol 990 * 991 * entry: 992 * state - Symbol table state 993 * symndx - Index of symbol within the table 994 * info - Value of st_info (indicates local/global range) 995 * symndx_disp - Index to display. This may not be the same 996 * as symndx if the display is relative to the logical 997 * combination of the SUNW_ldynsym/dynsym tables. 998 * sym - Symbol to display 999 */ 1000 static void 1001 output_symbol(SYMTBL_STATE *state, Word symndx, Word info, Word disp_symndx, 1002 Sym *sym) 1003 { 1004 /* 1005 * Symbol types for which we check that the specified 1006 * address/size land inside the target section. 1007 */ 1008 static const int addr_symtype[] = { 1009 0, /* STT_NOTYPE */ 1010 1, /* STT_OBJECT */ 1011 1, /* STT_FUNC */ 1012 0, /* STT_SECTION */ 1013 0, /* STT_FILE */ 1014 1, /* STT_COMMON */ 1015 0, /* STT_TLS */ 1016 0, /* 7 */ 1017 0, /* 8 */ 1018 0, /* 9 */ 1019 0, /* 10 */ 1020 0, /* 11 */ 1021 0, /* 12 */ 1022 0, /* STT_SPARC_REGISTER */ 1023 0, /* 14 */ 1024 0, /* 15 */ 1025 }; 1026 #if STT_NUM != (STT_TLS + 1) 1027 #error "STT_NUM has grown. Update addr_symtype[]" 1028 #endif 1029 1030 char index[MAXNDXSIZE]; 1031 const char *symname, *sec; 1032 Versym verndx; 1033 int gnuver; 1034 uchar_t type; 1035 Shdr *tshdr; 1036 Word shndx; 1037 Conv_inv_buf_t inv_buf; 1038 1039 /* Ensure symbol index is in range */ 1040 if (symndx >= state->symn) { 1041 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSYMNDX), 1042 state->file, state->secname, EC_WORD(symndx)); 1043 return; 1044 } 1045 1046 /* 1047 * If we are using extended symbol indexes, find the 1048 * corresponding SHN_SYMTAB_SHNDX table. 1049 */ 1050 if ((sym->st_shndx == SHN_XINDEX) && (state->shxndx.checked == 0)) 1051 symbols_getxindex(state); 1052 1053 /* LINTED */ 1054 symname = string(state->seccache, symndx, 1055 &state->cache[state->seccache->c_shdr->sh_link], state->file, 1056 sym->st_name); 1057 1058 tshdr = NULL; 1059 sec = NULL; 1060 1061 if (state->ehdr->e_type == ET_CORE) { 1062 sec = (char *)MSG_INTL(MSG_STR_UNKNOWN); 1063 } else if (state->flags & FLG_CTL_FAKESHDR) { 1064 /* 1065 * If we are using fake section headers derived from 1066 * the program headers, then the section indexes 1067 * in the symbols do not correspond to these headers. 1068 * The section names are not available, so all we can 1069 * do is to display them in numeric form. 1070 */ 1071 sec = conv_sym_shndx(state->osabi, state->ehdr->e_machine, 1072 sym->st_shndx, CONV_FMT_DECIMAL, &inv_buf); 1073 } else if ((sym->st_shndx < SHN_LORESERVE) && 1074 (sym->st_shndx < state->shnum)) { 1075 shndx = sym->st_shndx; 1076 tshdr = state->cache[shndx].c_shdr; 1077 sec = state->cache[shndx].c_name; 1078 } else if (sym->st_shndx == SHN_XINDEX) { 1079 if (state->shxndx.data) { 1080 Word _shxndx; 1081 1082 if (symndx > state->shxndx.n) { 1083 (void) fprintf(stderr, 1084 MSG_INTL(MSG_ERR_BADSYMXINDEX1), 1085 state->file, state->secname, 1086 EC_WORD(symndx)); 1087 } else if ((_shxndx = 1088 state->shxndx.data[symndx]) > state->shnum) { 1089 (void) fprintf(stderr, 1090 MSG_INTL(MSG_ERR_BADSYMXINDEX2), 1091 state->file, state->secname, 1092 EC_WORD(symndx), EC_WORD(_shxndx)); 1093 } else { 1094 shndx = _shxndx; 1095 tshdr = state->cache[shndx].c_shdr; 1096 sec = state->cache[shndx].c_name; 1097 } 1098 } else { 1099 (void) fprintf(stderr, 1100 MSG_INTL(MSG_ERR_BADSYMXINDEX3), 1101 state->file, state->secname, EC_WORD(symndx)); 1102 } 1103 } else if ((sym->st_shndx < SHN_LORESERVE) && 1104 (sym->st_shndx >= state->shnum)) { 1105 (void) fprintf(stderr, 1106 MSG_INTL(MSG_ERR_BADSYM5), state->file, 1107 state->secname, EC_WORD(symndx), 1108 demangle(symname, state->flags), sym->st_shndx); 1109 } 1110 1111 /* 1112 * If versioning is available display the 1113 * version index. If not, then use 0. 1114 */ 1115 if (state->versym) { 1116 Versym test_verndx; 1117 1118 verndx = test_verndx = state->versym->data[symndx]; 1119 gnuver = state->versym->gnu_full; 1120 1121 /* 1122 * Check to see if this is a defined symbol with a 1123 * version index that is outside the valid range for 1124 * the file. The interpretation of this depends on 1125 * the style of versioning used by the object. 1126 * 1127 * Versions >= VER_NDX_LORESERVE have special meanings, 1128 * and are exempt from this checking. 1129 * 1130 * GNU style version indexes use the top bit of the 1131 * 16-bit index value (0x8000) as the "hidden bit". 1132 * We must mask off this bit in order to compare 1133 * the version against the maximum value. 1134 */ 1135 if (gnuver) 1136 test_verndx &= ~0x8000; 1137 1138 if ((test_verndx > state->versym->max_verndx) && 1139 (verndx < VER_NDX_LORESERVE)) 1140 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADVER), 1141 state->file, state->secname, EC_WORD(symndx), 1142 EC_HALF(test_verndx), state->versym->max_verndx); 1143 } else { 1144 verndx = 0; 1145 gnuver = 0; 1146 } 1147 1148 /* 1149 * Error checking for TLS. 1150 */ 1151 type = ELF_ST_TYPE(sym->st_info); 1152 if (type == STT_TLS) { 1153 if (tshdr && 1154 (sym->st_shndx != SHN_UNDEF) && 1155 ((tshdr->sh_flags & SHF_TLS) == 0)) { 1156 (void) fprintf(stderr, 1157 MSG_INTL(MSG_ERR_BADSYM3), state->file, 1158 state->secname, EC_WORD(symndx), 1159 demangle(symname, state->flags)); 1160 } 1161 } else if ((type != STT_SECTION) && sym->st_size && 1162 tshdr && (tshdr->sh_flags & SHF_TLS)) { 1163 (void) fprintf(stderr, 1164 MSG_INTL(MSG_ERR_BADSYM4), state->file, 1165 state->secname, EC_WORD(symndx), 1166 demangle(symname, state->flags)); 1167 } 1168 1169 /* 1170 * If a symbol with non-zero size has a type that 1171 * specifies an address, then make sure the location 1172 * it references is actually contained within the 1173 * section. UNDEF symbols don't count in this case, 1174 * so we ignore them. 1175 * 1176 * The meaning of the st_value field in a symbol 1177 * depends on the type of object. For a relocatable 1178 * object, it is the offset within the section. 1179 * For sharable objects, it is the offset relative to 1180 * the base of the object, and for other types, it is 1181 * the virtual address. To get an offset within the 1182 * section for non-ET_REL files, we subtract the 1183 * base address of the section. 1184 */ 1185 if (addr_symtype[type] && (sym->st_size > 0) && 1186 (sym->st_shndx != SHN_UNDEF) && ((sym->st_shndx < SHN_LORESERVE) || 1187 (sym->st_shndx == SHN_XINDEX)) && (tshdr != NULL)) { 1188 Word v = sym->st_value; 1189 if (state->ehdr->e_type != ET_REL) 1190 v -= tshdr->sh_addr; 1191 if (((v + sym->st_size) > tshdr->sh_size)) { 1192 (void) fprintf(stderr, 1193 MSG_INTL(MSG_ERR_BADSYM6), state->file, 1194 state->secname, EC_WORD(symndx), 1195 demangle(symname, state->flags), 1196 EC_WORD(shndx), EC_XWORD(tshdr->sh_size), 1197 EC_XWORD(sym->st_value), EC_XWORD(sym->st_size)); 1198 } 1199 } 1200 1201 /* 1202 * A typical symbol table uses the sh_info field to indicate one greater 1203 * than the symbol table index of the last local symbol, STB_LOCAL. 1204 * Therefore, symbol indexes less than sh_info should have local 1205 * binding. Symbol indexes greater than, or equal to sh_info, should 1206 * have global binding. Note, we exclude UNDEF/NOTY symbols with zero 1207 * value and size, as these symbols may be the result of an mcs(1) 1208 * section deletion. 1209 */ 1210 if (info) { 1211 uchar_t bind = ELF_ST_BIND(sym->st_info); 1212 1213 if ((symndx < info) && (bind != STB_LOCAL)) { 1214 (void) fprintf(stderr, 1215 MSG_INTL(MSG_ERR_BADSYM7), state->file, 1216 state->secname, EC_WORD(symndx), 1217 demangle(symname, state->flags), EC_XWORD(info)); 1218 1219 } else if ((symndx >= info) && (bind == STB_LOCAL) && 1220 ((sym->st_shndx != SHN_UNDEF) || 1221 (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE) || 1222 (sym->st_size != 0) || (sym->st_value != 0))) { 1223 (void) fprintf(stderr, 1224 MSG_INTL(MSG_ERR_BADSYM8), state->file, 1225 state->secname, EC_WORD(symndx), 1226 demangle(symname, state->flags), EC_XWORD(info)); 1227 } 1228 } 1229 1230 (void) snprintf(index, MAXNDXSIZE, 1231 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(disp_symndx)); 1232 Elf_syms_table_entry(0, ELF_DBG_ELFDUMP, index, state->osabi, 1233 state->ehdr->e_machine, sym, verndx, gnuver, sec, symname); 1234 } 1235 1236 /* 1237 * Process a SHT_SUNW_cap capabilities section. 1238 */ 1239 static int 1240 cap_section(const char *file, Cache *cache, Word shnum, Cache *ccache, 1241 uchar_t osabi, Ehdr *ehdr, uint_t flags) 1242 { 1243 SYMTBL_STATE state; 1244 Word cnum, capnum, nulls, symcaps; 1245 int descapndx, objcap, title; 1246 Cap *cap = (Cap *)ccache->c_data->d_buf; 1247 Shdr *cishdr, *cshdr = ccache->c_shdr; 1248 Cache *cicache, *strcache; 1249 Capinfo *capinfo = NULL; 1250 Word capinfonum; 1251 const char *strs = NULL; 1252 size_t strs_size; 1253 1254 if ((cshdr->sh_entsize == 0) || (cshdr->sh_size == 0)) { 1255 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1256 file, ccache->c_name); 1257 return (0); 1258 } 1259 1260 /* 1261 * If this capabilities section is associated with symbols, then the 1262 * sh_link field points to the associated capabilities information 1263 * section. The sh_link field of the capabilities information section 1264 * points to the associated symbol table. 1265 */ 1266 if (cshdr->sh_link) { 1267 Cache *scache; 1268 Shdr *sshdr; 1269 1270 /* 1271 * Validate that the sh_link field points to a capabilities 1272 * information section. 1273 */ 1274 if (cshdr->sh_link >= shnum) { 1275 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1276 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1277 return (0); 1278 } 1279 1280 cicache = &cache[cshdr->sh_link]; 1281 cishdr = cicache->c_shdr; 1282 1283 if (cishdr->sh_type != SHT_SUNW_capinfo) { 1284 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1285 file, ccache->c_name, EC_WORD(cshdr->sh_link)); 1286 return (0); 1287 } 1288 1289 capinfo = cicache->c_data->d_buf; 1290 capinfonum = (Word)(cishdr->sh_size / cishdr->sh_entsize); 1291 1292 /* 1293 * Validate that the sh_link field of the capabilities 1294 * information section points to a valid symbol table. 1295 */ 1296 if ((cishdr->sh_link == 0) || (cishdr->sh_link >= shnum)) { 1297 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1298 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1299 return (0); 1300 } 1301 scache = &cache[cishdr->sh_link]; 1302 sshdr = scache->c_shdr; 1303 1304 if ((sshdr->sh_type != SHT_SYMTAB) && 1305 (sshdr->sh_type != SHT_DYNSYM)) { 1306 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO1), 1307 file, cicache->c_name, EC_WORD(cishdr->sh_link)); 1308 return (0); 1309 } 1310 1311 if (!init_symtbl_state(&state, cache, shnum, 1312 cishdr->sh_link, ehdr, osabi, NULL, file, flags)) 1313 return (0); 1314 } 1315 1316 /* 1317 * If this capabilities section contains capability string entries, 1318 * then determine the associated string table. Capabilities entries 1319 * that define names require that the capability section indicate 1320 * which string table to use via sh_info. 1321 */ 1322 if (cshdr->sh_info) { 1323 Shdr *strshdr; 1324 1325 /* 1326 * Validate that the sh_info field points to a string table. 1327 */ 1328 if (cshdr->sh_info >= shnum) { 1329 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1330 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1331 return (0); 1332 } 1333 1334 strcache = &cache[cshdr->sh_info]; 1335 strshdr = strcache->c_shdr; 1336 1337 if (strshdr->sh_type != SHT_STRTAB) { 1338 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAP), 1339 file, ccache->c_name, EC_WORD(cshdr->sh_info)); 1340 return (0); 1341 } 1342 strs = (const char *)strcache->c_data->d_buf; 1343 strs_size = strcache->c_data->d_size; 1344 } 1345 1346 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1347 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAP), ccache->c_name); 1348 1349 capnum = (Word)(cshdr->sh_size / cshdr->sh_entsize); 1350 1351 nulls = symcaps = 0; 1352 objcap = title = 1; 1353 descapndx = -1; 1354 1355 /* 1356 * Traverse the capabilities section printing each capability group. 1357 * The first capabilities group defines any object capabilities. Any 1358 * following groups define symbol capabilities. In the case where no 1359 * object capabilities exist, but symbol capabilities do, a single 1360 * CA_SUNW_NULL terminator for the object capabilities exists. 1361 */ 1362 for (cnum = 0; cnum < capnum; cap++, cnum++) { 1363 if (cap->c_tag == CA_SUNW_NULL) { 1364 /* 1365 * A CA_SUNW_NULL tag terminates a capabilities group. 1366 * If the first capabilities tag is CA_SUNW_NULL, then 1367 * no object capabilities exist. 1368 */ 1369 if ((nulls++ == 0) && (cnum == 0)) 1370 objcap = 0; 1371 title = 1; 1372 } else { 1373 if (title) { 1374 if (nulls == 0) { 1375 /* 1376 * If this capabilities group represents 1377 * the object capabilities (i.e., no 1378 * CA_SUNW_NULL tag has been processed 1379 * yet), then display an object 1380 * capabilities title. 1381 */ 1382 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1383 dbg_print(0, 1384 MSG_INTL(MSG_OBJ_CAP_TITLE)); 1385 } else { 1386 /* 1387 * If this is a symbols capabilities 1388 * group (i.e., a CA_SUNW_NULL tag has 1389 * already be found that terminates 1390 * the object capabilities group), then 1391 * display a symbol capabilities title, 1392 * and retain this capabilities index 1393 * for later processing. 1394 */ 1395 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1396 dbg_print(0, 1397 MSG_INTL(MSG_SYM_CAP_TITLE)); 1398 descapndx = cnum; 1399 } 1400 Elf_cap_title(0); 1401 title = 0; 1402 } 1403 1404 /* 1405 * Print the capabilities data. 1406 * 1407 * Note that CA_SUNW_PLAT, CA_SUNW_MACH and CA_SUNW_ID 1408 * entries require a string table, which should have 1409 * already been established. 1410 */ 1411 if ((strs == NULL) && ((cap->c_tag == CA_SUNW_PLAT) || 1412 (cap->c_tag == CA_SUNW_MACH) || 1413 (cap->c_tag == CA_SUNW_ID))) { 1414 (void) fprintf(stderr, 1415 MSG_INTL(MSG_WARN_INVCAP4), file, 1416 EC_WORD(elf_ndxscn(ccache->c_scn)), 1417 ccache->c_name, EC_WORD(cshdr->sh_info)); 1418 } 1419 Elf_cap_entry(0, cap, cnum, strs, strs_size, 1420 ehdr->e_machine); 1421 } 1422 1423 /* 1424 * If this CA_SUNW_NULL tag terminates a symbol capabilities 1425 * group, determine the associated symbols. 1426 */ 1427 if ((cap->c_tag == CA_SUNW_NULL) && (nulls > 1) && 1428 (descapndx != -1)) { 1429 Capinfo *cip; 1430 Word inum; 1431 1432 symcaps++; 1433 1434 /* 1435 * Make sure we've discovered a SHT_SUNW_capinfo table. 1436 */ 1437 if ((cip = capinfo) == NULL) { 1438 (void) fprintf(stderr, 1439 MSG_INTL(MSG_ERR_INVCAP), file, 1440 ccache->c_name, EC_WORD(cshdr->sh_link)); 1441 return (0); 1442 } 1443 1444 /* 1445 * Determine what symbols reference this capabilities 1446 * group. 1447 */ 1448 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1449 dbg_print(0, MSG_INTL(MSG_CAPINFO_ENTRIES)); 1450 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 1451 1452 for (inum = 1, cip++; inum < capinfonum; 1453 inum++, cip++) { 1454 Word gndx = (Word)ELF_C_GROUP(*cip); 1455 1456 if (gndx && (gndx == descapndx)) { 1457 output_symbol(&state, inum, 0, 1458 inum, state.sym + inum); 1459 } 1460 } 1461 descapndx = -1; 1462 continue; 1463 } 1464 1465 /* 1466 * An SF1_SUNW_ADDR32 software capability tag in a 32-bit 1467 * object is suspicious as it has no effect. 1468 */ 1469 if ((cap->c_tag == CA_SUNW_SF_1) && 1470 (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 1471 (cap->c_un.c_val & SF1_SUNW_ADDR32)) { 1472 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INADDR32SF1), 1473 file, ccache->c_name); 1474 } 1475 } 1476 1477 /* 1478 * If this is a dynamic object, with symbol capabilities, then a 1479 * .SUNW_capchain section should exist. This section contains a chain 1480 * of symbol indexes for each capabilities family. This is the list 1481 * that is searched by ld.so.1 to determine the best capabilities 1482 * candidate. 1483 * 1484 * Note, more than one capabilities lead symbol can point to the same 1485 * family chain. For example, a weak/global pair of symbols can both 1486 * represent the same family of capabilities symbols. Therefore, to 1487 * display all possible families we traverse the capabilities 1488 * information section looking for CAPINFO_SUNW_GLOB lead symbols. 1489 * From these we determine the associated capabilities chain to inspect. 1490 */ 1491 if (symcaps && 1492 ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1493 Capinfo *cip; 1494 Capchain *chain; 1495 Cache *chcache; 1496 Shdr *chshdr; 1497 Word chainnum, inum; 1498 1499 /* 1500 * Validate that the sh_info field of the capabilities 1501 * information section points to a capabilities chain section. 1502 */ 1503 if (cishdr->sh_info >= shnum) { 1504 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 1505 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1506 return (0); 1507 } 1508 1509 chcache = &cache[cishdr->sh_info]; 1510 chshdr = chcache->c_shdr; 1511 1512 if (chshdr->sh_type != SHT_SUNW_capchain) { 1513 (void) fprintf(stderr, MSG_INTL(MSG_ERR_INVCAPINFO2), 1514 file, cicache->c_name, EC_WORD(cishdr->sh_info)); 1515 return (0); 1516 } 1517 1518 chainnum = (Word)(chshdr->sh_size / chshdr->sh_entsize); 1519 chain = (Capchain *)chcache->c_data->d_buf; 1520 1521 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1522 dbg_print(0, MSG_INTL(MSG_ELF_SCN_CAPCHAIN), chcache->c_name); 1523 1524 /* 1525 * Traverse the capabilities information section looking for 1526 * CAPINFO_SUNW_GLOB lead capabilities symbols. 1527 */ 1528 cip = capinfo; 1529 for (inum = 1, cip++; inum < capinfonum; inum++, cip++) { 1530 const char *name; 1531 Sym *sym; 1532 Word sndx, cndx; 1533 Word gndx = (Word)ELF_C_GROUP(*cip); 1534 1535 if ((gndx == 0) || (gndx != CAPINFO_SUNW_GLOB)) 1536 continue; 1537 1538 /* 1539 * Determine the symbol that is associated with this 1540 * capability information entry, and use this to 1541 * identify this capability family. 1542 */ 1543 sym = (Sym *)(state.sym + inum); 1544 name = string(cicache, inum, strcache, file, 1545 sym->st_name); 1546 1547 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1548 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_TITLE), name); 1549 dbg_print(0, MSG_INTL(MSG_CAPCHAIN_ENTRY)); 1550 1551 cndx = (Word)ELF_C_SYM(*cip); 1552 1553 /* 1554 * Traverse this families chain and identify each 1555 * family member. 1556 */ 1557 for (;;) { 1558 char _chain[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 1559 1560 if (cndx >= chainnum) { 1561 (void) fprintf(stderr, 1562 MSG_INTL(MSG_ERR_INVCAPINFO3), file, 1563 cicache->c_name, EC_WORD(inum), 1564 EC_WORD(cndx)); 1565 break; 1566 } 1567 if ((sndx = chain[cndx]) == 0) 1568 break; 1569 1570 /* 1571 * Determine this entries symbol reference. 1572 */ 1573 if (sndx > state.symn) { 1574 (void) fprintf(stderr, 1575 MSG_INTL(MSG_ERR_CHBADSYMNDX), file, 1576 EC_WORD(sndx), chcache->c_name, 1577 EC_WORD(cndx)); 1578 name = MSG_INTL(MSG_STR_UNKNOWN); 1579 } else { 1580 sym = (Sym *)(state.sym + sndx); 1581 name = string(chcache, sndx, 1582 strcache, file, sym->st_name); 1583 } 1584 1585 /* 1586 * Display the family member. 1587 */ 1588 (void) snprintf(_chain, MAXNDXSIZE, 1589 MSG_ORIG(MSG_FMT_INTEGER), cndx); 1590 (void) snprintf(_symndx, MAXNDXSIZE, 1591 MSG_ORIG(MSG_FMT_INDEX2), EC_WORD(sndx)); 1592 dbg_print(0, MSG_ORIG(MSG_FMT_CHAIN_INFO), 1593 _chain, _symndx, demangle(name, flags)); 1594 1595 cndx++; 1596 } 1597 } 1598 } 1599 return (objcap); 1600 } 1601 1602 /* 1603 * Print the capabilities. 1604 * 1605 * A .SUNW_cap section can contain one or more, CA_SUNW_NULL terminated, 1606 * capabilities groups. The first group defines the object capabilities. 1607 * This group defines the minimum capability requirements of the entire 1608 * object file. If this is a dynamic object, this group should be associated 1609 * with a PT_SUNWCAP program header. 1610 * 1611 * Additional capabilities groups define the association of individual symbols 1612 * to specific capabilities. 1613 */ 1614 static void 1615 cap(const char *file, Cache *cache, Word shnum, Word phnum, Ehdr *ehdr, 1616 uchar_t osabi, Elf *elf, uint_t flags) 1617 { 1618 Word cnt; 1619 Shdr *cshdr = NULL; 1620 Cache *ccache; 1621 Off cphdr_off = 0; 1622 Xword cphdr_sz; 1623 1624 /* 1625 * Determine if a global capabilities header exists. 1626 */ 1627 if (phnum) { 1628 Phdr *phdr; 1629 1630 if ((phdr = elf_getphdr(elf)) == NULL) { 1631 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 1632 return; 1633 } 1634 1635 for (cnt = 0; cnt < phnum; phdr++, cnt++) { 1636 if (phdr->p_type == PT_SUNWCAP) { 1637 cphdr_off = phdr->p_offset; 1638 cphdr_sz = phdr->p_filesz; 1639 break; 1640 } 1641 } 1642 } 1643 1644 /* 1645 * Determine if a capabilities section exists. 1646 */ 1647 for (cnt = 1; cnt < shnum; cnt++) { 1648 Cache *_cache = &cache[cnt]; 1649 Shdr *shdr = _cache->c_shdr; 1650 1651 /* 1652 * Process any capabilities information. 1653 */ 1654 if (shdr->sh_type == SHT_SUNW_cap) { 1655 if (cap_section(file, cache, shnum, _cache, osabi, 1656 ehdr, flags)) { 1657 /* 1658 * If this section defined an object capability 1659 * group, retain the section information for 1660 * program header validation. 1661 */ 1662 ccache = _cache; 1663 cshdr = shdr; 1664 } 1665 continue; 1666 } 1667 } 1668 1669 if ((cshdr == NULL) && (cphdr_off == 0)) 1670 return; 1671 1672 if (cphdr_off && (cshdr == NULL)) 1673 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP1), file); 1674 1675 /* 1676 * If this object is an executable or shared object, and it provided 1677 * an object capabilities group, then the group should have an 1678 * accompanying PT_SUNWCAP program header. 1679 */ 1680 if (cshdr && ((ehdr->e_type == ET_EXEC) || (ehdr->e_type == ET_DYN))) { 1681 if (cphdr_off == 0) { 1682 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP2), 1683 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1684 ccache->c_name); 1685 } else if ((cphdr_off != cshdr->sh_offset) || 1686 (cphdr_sz != cshdr->sh_size)) { 1687 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVCAP3), 1688 file, EC_WORD(elf_ndxscn(ccache->c_scn)), 1689 ccache->c_name); 1690 } 1691 } 1692 } 1693 1694 /* 1695 * Print the interpretor. 1696 */ 1697 static void 1698 interp(const char *file, Cache *cache, Word shnum, Word phnum, Elf *elf) 1699 { 1700 static Word phdr_types[] = { PT_INTERP }; 1701 1702 1703 Word cnt; 1704 Shdr *ishdr = NULL; 1705 Cache *icache; 1706 Off iphdr_off = 0; 1707 Xword iphdr_fsz; 1708 1709 /* 1710 * Determine if an interp header exists. 1711 */ 1712 if (phnum) { 1713 Phdr *phdr; 1714 1715 phdr = getphdr(phnum, phdr_types, 1716 sizeof (phdr_types) / sizeof (*phdr_types), file, elf); 1717 if (phdr != NULL) { 1718 iphdr_off = phdr->p_offset; 1719 iphdr_fsz = phdr->p_filesz; 1720 } 1721 } 1722 1723 if (iphdr_off == 0) 1724 return; 1725 1726 /* 1727 * Determine if an interp section exists. 1728 */ 1729 for (cnt = 1; cnt < shnum; cnt++) { 1730 Cache *_cache = &cache[cnt]; 1731 Shdr *shdr = _cache->c_shdr; 1732 1733 /* 1734 * Scan sections to find a section which contains the PT_INTERP 1735 * string. The target section can't be in a NOBITS section. 1736 */ 1737 if ((shdr->sh_type == SHT_NOBITS) || 1738 (iphdr_off < shdr->sh_offset) || 1739 (iphdr_off + iphdr_fsz) > (shdr->sh_offset + shdr->sh_size)) 1740 continue; 1741 1742 icache = _cache; 1743 ishdr = shdr; 1744 break; 1745 } 1746 1747 /* 1748 * Print the interpreter string based on the offset defined in the 1749 * program header, as this is the offset used by the kernel. 1750 */ 1751 if (ishdr && icache->c_data) { 1752 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1753 dbg_print(0, MSG_INTL(MSG_ELF_SCN_INTERP), icache->c_name); 1754 dbg_print(0, MSG_ORIG(MSG_FMT_INDENT), 1755 (char *)icache->c_data->d_buf + 1756 (iphdr_off - ishdr->sh_offset)); 1757 } else 1758 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP1), file); 1759 1760 /* 1761 * If there are any inconsistences between the program header and 1762 * section information, flag them. 1763 */ 1764 if (ishdr && ((iphdr_off != ishdr->sh_offset) || 1765 (iphdr_fsz != ishdr->sh_size))) { 1766 (void) fprintf(stderr, MSG_INTL(MSG_WARN_INVINTERP2), file, 1767 icache->c_name); 1768 } 1769 } 1770 1771 /* 1772 * Print the syminfo section. 1773 */ 1774 static void 1775 syminfo(Cache *cache, Word shnum, const char *file) 1776 { 1777 Shdr *infoshdr; 1778 Syminfo *info; 1779 Sym *syms; 1780 Dyn *dyns; 1781 Word infonum, cnt, ndx, symnum; 1782 Cache *infocache = NULL, *symsec, *strsec; 1783 1784 for (cnt = 1; cnt < shnum; cnt++) { 1785 if (cache[cnt].c_shdr->sh_type == SHT_SUNW_syminfo) { 1786 infocache = &cache[cnt]; 1787 break; 1788 } 1789 } 1790 if (infocache == NULL) 1791 return; 1792 1793 infoshdr = infocache->c_shdr; 1794 if ((infoshdr->sh_entsize == 0) || (infoshdr->sh_size == 0)) { 1795 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1796 file, infocache->c_name); 1797 return; 1798 } 1799 if (infocache->c_data == NULL) 1800 return; 1801 1802 infonum = (Word)(infoshdr->sh_size / infoshdr->sh_entsize); 1803 info = (Syminfo *)infocache->c_data->d_buf; 1804 1805 /* 1806 * Get the data buffer of the associated dynamic section. 1807 */ 1808 if ((infoshdr->sh_info == 0) || (infoshdr->sh_info >= shnum)) { 1809 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 1810 file, infocache->c_name, EC_WORD(infoshdr->sh_info)); 1811 return; 1812 } 1813 if (cache[infoshdr->sh_info].c_data == NULL) 1814 return; 1815 1816 dyns = cache[infoshdr->sh_info].c_data->d_buf; 1817 if (dyns == NULL) { 1818 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 1819 file, cache[infoshdr->sh_info].c_name); 1820 return; 1821 } 1822 1823 /* 1824 * Get the data buffer for the associated symbol table and string table. 1825 */ 1826 if (stringtbl(cache, 1, cnt, shnum, file, 1827 &symnum, &symsec, &strsec) == 0) 1828 return; 1829 1830 syms = symsec->c_data->d_buf; 1831 1832 /* 1833 * Loop through the syminfo entries. 1834 */ 1835 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 1836 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMINFO), infocache->c_name); 1837 Elf_syminfo_title(0); 1838 1839 for (ndx = 1, info++; ndx < infonum; ndx++, info++) { 1840 Sym *sym; 1841 const char *needed = NULL, *name; 1842 1843 if ((info->si_flags == 0) && (info->si_boundto == 0)) 1844 continue; 1845 1846 sym = &syms[ndx]; 1847 name = string(infocache, ndx, strsec, file, sym->st_name); 1848 1849 if (info->si_boundto < SYMINFO_BT_LOWRESERVE) { 1850 Dyn *dyn = &dyns[info->si_boundto]; 1851 1852 needed = string(infocache, info->si_boundto, 1853 strsec, file, dyn->d_un.d_val); 1854 } 1855 Elf_syminfo_entry(0, ndx, info, name, needed); 1856 } 1857 } 1858 1859 /* 1860 * Print version definition section entries. 1861 */ 1862 static void 1863 version_def(Verdef *vdf, Word vdf_num, Cache *vcache, Cache *scache, 1864 const char *file) 1865 { 1866 Word cnt; 1867 char index[MAXNDXSIZE]; 1868 1869 Elf_ver_def_title(0); 1870 1871 for (cnt = 1; cnt <= vdf_num; cnt++, 1872 vdf = (Verdef *)((uintptr_t)vdf + vdf->vd_next)) { 1873 Conv_ver_flags_buf_t ver_flags_buf; 1874 const char *name, *dep; 1875 Half vcnt = vdf->vd_cnt - 1; 1876 Half ndx = vdf->vd_ndx; 1877 Verdaux *vdap = (Verdaux *)((uintptr_t)vdf + vdf->vd_aux); 1878 1879 /* 1880 * Obtain the name and first dependency (if any). 1881 */ 1882 name = string(vcache, cnt, scache, file, vdap->vda_name); 1883 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 1884 if (vcnt) 1885 dep = string(vcache, cnt, scache, file, vdap->vda_name); 1886 else 1887 dep = MSG_ORIG(MSG_STR_EMPTY); 1888 1889 (void) snprintf(index, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX), 1890 EC_XWORD(ndx)); 1891 Elf_ver_line_1(0, index, name, dep, 1892 conv_ver_flags(vdf->vd_flags, 0, &ver_flags_buf)); 1893 1894 /* 1895 * Print any additional dependencies. 1896 */ 1897 if (vcnt) { 1898 vdap = (Verdaux *)((uintptr_t)vdap + vdap->vda_next); 1899 for (vcnt--; vcnt; vcnt--, 1900 vdap = (Verdaux *)((uintptr_t)vdap + 1901 vdap->vda_next)) { 1902 dep = string(vcache, cnt, scache, file, 1903 vdap->vda_name); 1904 Elf_ver_line_2(0, MSG_ORIG(MSG_STR_EMPTY), dep); 1905 } 1906 } 1907 } 1908 } 1909 1910 /* 1911 * Print version needed section entries. 1912 * 1913 * entry: 1914 * vnd - Address of verneed data 1915 * vnd_num - # of Verneed entries 1916 * vcache - Cache of verneed section being processed 1917 * scache - Cache of associated string table section 1918 * file - Name of object being processed. 1919 * versym - Information about versym section 1920 * 1921 * exit: 1922 * The versions have been printed. If GNU style versioning 1923 * is in effect, versym->max_verndx has been updated to 1924 * contain the largest version index seen. 1925 * 1926 * note: 1927 * The versym section of an object that follows the original 1928 * Solaris versioning rules only contains indexes into the verdef 1929 * section. Symbols defined in other objects (UNDEF) are given 1930 * a version of 0, indicating that they are not defined by 1931 * this file, and the Verneed entries do not have associated version 1932 * indexes. For these reasons, we do not display a version index 1933 * for original-style Verneed sections. 1934 * 1935 * The GNU versioning extensions alter this: Symbols defined in other 1936 * objects receive a version index in the range above those defined 1937 * by the Verdef section, and the vna_other field of the Vernaux 1938 * structs inside the Verneed section contain the version index for 1939 * that item. We therefore display the index when showing the 1940 * contents of a GNU style Verneed section. You should not 1941 * necessarily expect these indexes to appear in sorted 1942 * order --- it seems that the GNU ld assigns the versions as 1943 * symbols are encountered during linking, and then the results 1944 * are assembled into the Verneed section afterwards. 1945 */ 1946 static void 1947 version_need(Verneed *vnd, Word vnd_num, Cache *vcache, Cache *scache, 1948 const char *file, VERSYM_STATE *versym) 1949 { 1950 Word cnt; 1951 char index[MAXNDXSIZE]; 1952 const char *index_str; 1953 1954 Elf_ver_need_title(0, versym->gnu_needed); 1955 1956 for (cnt = 1; cnt <= vnd_num; cnt++, 1957 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 1958 Conv_ver_flags_buf_t ver_flags_buf; 1959 const char *name, *dep; 1960 Half vcnt = vnd->vn_cnt; 1961 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 1962 1963 /* 1964 * Obtain the name of the needed file and the version name 1965 * within it that we're dependent on. Note that the count 1966 * should be at least one, otherwise this is a pretty bogus 1967 * entry. 1968 */ 1969 name = string(vcache, cnt, scache, file, vnd->vn_file); 1970 if (vcnt) 1971 dep = string(vcache, cnt, scache, file, vnap->vna_name); 1972 else 1973 dep = MSG_INTL(MSG_STR_NULL); 1974 1975 if (vnap->vna_other == 0) { /* Traditional form */ 1976 index_str = MSG_ORIG(MSG_STR_EMPTY); 1977 } else { /* GNU form */ 1978 index_str = index; 1979 /* Format the version index value */ 1980 (void) snprintf(index, MAXNDXSIZE, 1981 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(vnap->vna_other)); 1982 if (vnap->vna_other > versym->max_verndx) 1983 versym->max_verndx = vnap->vna_other; 1984 } 1985 Elf_ver_line_1(0, index_str, name, dep, 1986 conv_ver_flags(vnap->vna_flags, 0, &ver_flags_buf)); 1987 1988 /* 1989 * Print any additional version dependencies. 1990 */ 1991 if (vcnt) { 1992 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 1993 for (vcnt--; vcnt; vcnt--, 1994 vnap = (Vernaux *)((uintptr_t)vnap + 1995 vnap->vna_next)) { 1996 dep = string(vcache, cnt, scache, file, 1997 vnap->vna_name); 1998 if (vnap->vna_other > 0) { 1999 /* Format the next index value */ 2000 (void) snprintf(index, MAXNDXSIZE, 2001 MSG_ORIG(MSG_FMT_INDEX), 2002 EC_XWORD(vnap->vna_other)); 2003 Elf_ver_line_1(0, index, 2004 MSG_ORIG(MSG_STR_EMPTY), dep, 2005 conv_ver_flags(vnap->vna_flags, 2006 0, &ver_flags_buf)); 2007 if (vnap->vna_other > 2008 versym->max_verndx) 2009 versym->max_verndx = 2010 vnap->vna_other; 2011 } else { 2012 Elf_ver_line_3(0, 2013 MSG_ORIG(MSG_STR_EMPTY), dep, 2014 conv_ver_flags(vnap->vna_flags, 2015 0, &ver_flags_buf)); 2016 } 2017 } 2018 } 2019 } 2020 } 2021 2022 /* 2023 * Examine the Verneed section for information related to GNU 2024 * style Versym indexing: 2025 * - A non-zero vna_other field indicates that Versym indexes can 2026 * reference Verneed records. 2027 * - If the object uses GNU style Versym indexing, the 2028 * maximum index value is needed to detect bad Versym entries. 2029 * 2030 * entry: 2031 * vnd - Address of verneed data 2032 * vnd_num - # of Verneed entries 2033 * versym - Information about versym section 2034 * 2035 * exit: 2036 * If a non-zero vna_other field is seen, versym->gnu_needed is set. 2037 * 2038 * versym->max_verndx has been updated to contain the largest 2039 * version index seen. 2040 */ 2041 static void 2042 update_gnu_verndx(Verneed *vnd, Word vnd_num, VERSYM_STATE *versym) 2043 { 2044 Word cnt; 2045 2046 for (cnt = 1; cnt <= vnd_num; cnt++, 2047 vnd = (Verneed *)((uintptr_t)vnd + vnd->vn_next)) { 2048 Half vcnt = vnd->vn_cnt; 2049 Vernaux *vnap = (Vernaux *)((uintptr_t)vnd + vnd->vn_aux); 2050 2051 /* 2052 * A non-zero value of vna_other indicates that this 2053 * object references VERNEED items from the VERSYM 2054 * array. 2055 */ 2056 if (vnap->vna_other != 0) { 2057 versym->gnu_needed = 1; 2058 if (vnap->vna_other > versym->max_verndx) 2059 versym->max_verndx = vnap->vna_other; 2060 } 2061 2062 /* 2063 * Check any additional version dependencies. 2064 */ 2065 if (vcnt) { 2066 vnap = (Vernaux *)((uintptr_t)vnap + vnap->vna_next); 2067 for (vcnt--; vcnt; vcnt--, 2068 vnap = (Vernaux *)((uintptr_t)vnap + 2069 vnap->vna_next)) { 2070 if (vnap->vna_other == 0) 2071 continue; 2072 2073 versym->gnu_needed = 1; 2074 if (vnap->vna_other > versym->max_verndx) 2075 versym->max_verndx = vnap->vna_other; 2076 } 2077 } 2078 } 2079 } 2080 2081 /* 2082 * Display version section information if the flags require it. 2083 * Return version information needed by other output. 2084 * 2085 * entry: 2086 * cache - Cache of all section headers 2087 * shnum - # of sections in cache 2088 * file - Name of file 2089 * flags - Command line option flags 2090 * versym - VERSYM_STATE block to be filled in. 2091 */ 2092 static void 2093 versions(Cache *cache, Word shnum, const char *file, uint_t flags, 2094 VERSYM_STATE *versym) 2095 { 2096 GElf_Word cnt; 2097 Cache *verdef_cache = NULL, *verneed_cache = NULL; 2098 2099 2100 /* Gather information about the version sections */ 2101 bzero(versym, sizeof (*versym)); 2102 versym->max_verndx = 1; 2103 for (cnt = 1; cnt < shnum; cnt++) { 2104 Cache *_cache = &cache[cnt]; 2105 Shdr *shdr = _cache->c_shdr; 2106 Dyn *dyn; 2107 ulong_t numdyn; 2108 2109 switch (shdr->sh_type) { 2110 case SHT_DYNAMIC: 2111 /* 2112 * The GNU ld puts a DT_VERSYM entry in the dynamic 2113 * section so that the runtime linker can use it to 2114 * implement their versioning rules. They allow multiple 2115 * incompatible functions with the same name to exist 2116 * in different versions. The Solaris ld does not 2117 * support this mechanism, and as such, does not 2118 * produce DT_VERSYM. We use this fact to determine 2119 * which ld produced this object, and how to interpret 2120 * the version values. 2121 */ 2122 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0) || 2123 (_cache->c_data == NULL)) 2124 continue; 2125 numdyn = shdr->sh_size / shdr->sh_entsize; 2126 dyn = (Dyn *)_cache->c_data->d_buf; 2127 for (; numdyn-- > 0; dyn++) 2128 if (dyn->d_tag == DT_VERSYM) { 2129 versym->gnu_full = 2130 versym->gnu_needed = 1; 2131 break; 2132 } 2133 break; 2134 2135 case SHT_SUNW_versym: 2136 /* Record data address for later symbol processing */ 2137 if (_cache->c_data != NULL) { 2138 versym->cache = _cache; 2139 versym->data = _cache->c_data->d_buf; 2140 continue; 2141 } 2142 break; 2143 2144 case SHT_SUNW_verdef: 2145 case SHT_SUNW_verneed: 2146 /* 2147 * Ensure the data is non-NULL and the number 2148 * of items is non-zero. Otherwise, we don't 2149 * understand the section, and will not use it. 2150 */ 2151 if ((_cache->c_data == NULL) || 2152 (_cache->c_data->d_buf == NULL)) { 2153 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2154 file, _cache->c_name); 2155 continue; 2156 } 2157 if (shdr->sh_info == 0) { 2158 (void) fprintf(stderr, 2159 MSG_INTL(MSG_ERR_BADSHINFO), 2160 file, _cache->c_name, 2161 EC_WORD(shdr->sh_info)); 2162 continue; 2163 } 2164 2165 /* Make sure the string table index is in range */ 2166 if ((shdr->sh_link == 0) || (shdr->sh_link >= shnum)) { 2167 (void) fprintf(stderr, 2168 MSG_INTL(MSG_ERR_BADSHLINK), file, 2169 _cache->c_name, EC_WORD(shdr->sh_link)); 2170 continue; 2171 } 2172 2173 /* 2174 * The section is usable. Save the cache entry. 2175 */ 2176 if (shdr->sh_type == SHT_SUNW_verdef) { 2177 verdef_cache = _cache; 2178 /* 2179 * Under Solaris rules, if there is a verdef 2180 * section, the max versym index is number 2181 * of version definitions it supplies. 2182 */ 2183 versym->max_verndx = shdr->sh_info; 2184 } else { 2185 verneed_cache = _cache; 2186 } 2187 break; 2188 } 2189 } 2190 2191 /* 2192 * If there is a Verneed section, examine it for information 2193 * related to GNU style versioning. 2194 */ 2195 if (verneed_cache != NULL) 2196 update_gnu_verndx((Verneed *)verneed_cache->c_data->d_buf, 2197 verneed_cache->c_shdr->sh_info, versym); 2198 2199 /* 2200 * Now that all the information is available, display the 2201 * Verdef and Verneed section contents, if requested. 2202 */ 2203 if ((flags & FLG_SHOW_VERSIONS) == 0) 2204 return; 2205 if (verdef_cache != NULL) { 2206 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2207 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERDEF), 2208 verdef_cache->c_name); 2209 version_def((Verdef *)verdef_cache->c_data->d_buf, 2210 verdef_cache->c_shdr->sh_info, verdef_cache, 2211 &cache[verdef_cache->c_shdr->sh_link], file); 2212 } 2213 if (verneed_cache != NULL) { 2214 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2215 dbg_print(0, MSG_INTL(MSG_ELF_SCN_VERNEED), 2216 verneed_cache->c_name); 2217 /* 2218 * If GNU versioning applies to this object, version_need() 2219 * will update versym->max_verndx, and it is not 2220 * necessary to call update_gnu_verndx(). 2221 */ 2222 version_need((Verneed *)verneed_cache->c_data->d_buf, 2223 verneed_cache->c_shdr->sh_info, verneed_cache, 2224 &cache[verneed_cache->c_shdr->sh_link], file, versym); 2225 } 2226 } 2227 2228 /* 2229 * Search for and process any symbol tables. 2230 */ 2231 void 2232 symbols(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2233 VERSYM_STATE *versym, const char *file, uint_t flags) 2234 { 2235 SYMTBL_STATE state; 2236 Cache *_cache; 2237 Word secndx; 2238 2239 for (secndx = 1; secndx < shnum; secndx++) { 2240 Word symcnt; 2241 Shdr *shdr; 2242 2243 _cache = &cache[secndx]; 2244 shdr = _cache->c_shdr; 2245 2246 if ((shdr->sh_type != SHT_SYMTAB) && 2247 (shdr->sh_type != SHT_DYNSYM) && 2248 ((shdr->sh_type != SHT_SUNW_LDYNSYM) || 2249 (osabi != ELFOSABI_SOLARIS))) 2250 continue; 2251 if (!match(MATCH_F_ALL, _cache->c_name, secndx, shdr->sh_type)) 2252 continue; 2253 2254 if (!init_symtbl_state(&state, cache, shnum, secndx, ehdr, 2255 osabi, versym, file, flags)) 2256 continue; 2257 /* 2258 * Loop through the symbol tables entries. 2259 */ 2260 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2261 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMTAB), state.secname); 2262 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2263 2264 for (symcnt = 0; symcnt < state.symn; symcnt++) 2265 output_symbol(&state, symcnt, shdr->sh_info, symcnt, 2266 state.sym + symcnt); 2267 } 2268 } 2269 2270 /* 2271 * Search for and process any SHT_SUNW_symsort or SHT_SUNW_tlssort sections. 2272 * These sections are always associated with the .SUNW_ldynsym./.dynsym pair. 2273 */ 2274 static void 2275 sunw_sort(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, 2276 VERSYM_STATE *versym, const char *file, uint_t flags) 2277 { 2278 SYMTBL_STATE ldynsym_state, dynsym_state; 2279 Cache *sortcache, *symcache; 2280 Shdr *sortshdr, *symshdr; 2281 Word sortsecndx, symsecndx; 2282 Word ldynsym_cnt; 2283 Word *ndx; 2284 Word ndxn; 2285 int output_cnt = 0; 2286 Conv_inv_buf_t inv_buf; 2287 2288 for (sortsecndx = 1; sortsecndx < shnum; sortsecndx++) { 2289 2290 sortcache = &cache[sortsecndx]; 2291 sortshdr = sortcache->c_shdr; 2292 2293 if ((sortshdr->sh_type != SHT_SUNW_symsort) && 2294 (sortshdr->sh_type != SHT_SUNW_tlssort)) 2295 continue; 2296 if (!match(MATCH_F_ALL, sortcache->c_name, sortsecndx, 2297 sortshdr->sh_type)) 2298 continue; 2299 2300 /* 2301 * If the section references a SUNW_ldynsym, then we 2302 * expect to see the associated .dynsym immediately 2303 * following. If it references a .dynsym, there is no 2304 * SUNW_ldynsym. If it is any other type, then we don't 2305 * know what to do with it. 2306 */ 2307 if ((sortshdr->sh_link == 0) || (sortshdr->sh_link >= shnum)) { 2308 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 2309 file, sortcache->c_name, 2310 EC_WORD(sortshdr->sh_link)); 2311 continue; 2312 } 2313 symcache = &cache[sortshdr->sh_link]; 2314 symshdr = symcache->c_shdr; 2315 symsecndx = sortshdr->sh_link; 2316 ldynsym_cnt = 0; 2317 switch (symshdr->sh_type) { 2318 case SHT_SUNW_LDYNSYM: 2319 if (!init_symtbl_state(&ldynsym_state, cache, shnum, 2320 symsecndx, ehdr, osabi, versym, file, flags)) 2321 continue; 2322 ldynsym_cnt = ldynsym_state.symn; 2323 /* 2324 * We know that the dynsym follows immediately 2325 * after the SUNW_ldynsym, and so, should be at 2326 * (sortshdr->sh_link + 1). However, elfdump is a 2327 * diagnostic tool, so we do the full paranoid 2328 * search instead. 2329 */ 2330 for (symsecndx = 1; symsecndx < shnum; symsecndx++) { 2331 symcache = &cache[symsecndx]; 2332 symshdr = symcache->c_shdr; 2333 if (symshdr->sh_type == SHT_DYNSYM) 2334 break; 2335 } 2336 if (symsecndx >= shnum) { /* Dynsym not found! */ 2337 (void) fprintf(stderr, 2338 MSG_INTL(MSG_ERR_NODYNSYM), 2339 file, sortcache->c_name); 2340 continue; 2341 } 2342 /* Fallthrough to process associated dynsym */ 2343 /* FALLTHROUGH */ 2344 case SHT_DYNSYM: 2345 if (!init_symtbl_state(&dynsym_state, cache, shnum, 2346 symsecndx, ehdr, osabi, versym, file, flags)) 2347 continue; 2348 break; 2349 default: 2350 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADNDXSEC), 2351 file, sortcache->c_name, 2352 conv_sec_type(osabi, ehdr->e_machine, 2353 symshdr->sh_type, 0, &inv_buf)); 2354 continue; 2355 } 2356 2357 /* 2358 * Output header 2359 */ 2360 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2361 if (ldynsym_cnt > 0) { 2362 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT2), 2363 sortcache->c_name, ldynsym_state.secname, 2364 dynsym_state.secname); 2365 /* 2366 * The data for .SUNW_ldynsym and dynsym sections 2367 * is supposed to be adjacent with SUNW_ldynsym coming 2368 * first. Check, and issue a warning if it isn't so. 2369 */ 2370 if (((ldynsym_state.sym + ldynsym_state.symn) 2371 != dynsym_state.sym) && 2372 ((flags & FLG_CTL_FAKESHDR) == 0)) 2373 (void) fprintf(stderr, 2374 MSG_INTL(MSG_ERR_LDYNNOTADJ), file, 2375 ldynsym_state.secname, 2376 dynsym_state.secname); 2377 } else { 2378 dbg_print(0, MSG_INTL(MSG_ELF_SCN_SYMSORT1), 2379 sortcache->c_name, dynsym_state.secname); 2380 } 2381 Elf_syms_table_title(0, ELF_DBG_ELFDUMP); 2382 2383 /* If not first one, insert a line of white space */ 2384 if (output_cnt++ > 0) 2385 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2386 2387 /* 2388 * SUNW_dynsymsort and SUNW_dyntlssort are arrays of 2389 * symbol indices. Iterate over the array entries, 2390 * dispaying the referenced symbols. 2391 */ 2392 ndxn = sortshdr->sh_size / sortshdr->sh_entsize; 2393 ndx = (Word *)sortcache->c_data->d_buf; 2394 for (; ndxn-- > 0; ndx++) { 2395 if (*ndx >= ldynsym_cnt) { 2396 Word sec_ndx = *ndx - ldynsym_cnt; 2397 2398 output_symbol(&dynsym_state, sec_ndx, 0, 2399 *ndx, dynsym_state.sym + sec_ndx); 2400 } else { 2401 output_symbol(&ldynsym_state, *ndx, 0, 2402 *ndx, ldynsym_state.sym + *ndx); 2403 } 2404 } 2405 } 2406 } 2407 2408 /* 2409 * Search for and process any relocation sections. 2410 */ 2411 static void 2412 reloc(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 2413 { 2414 Word cnt; 2415 2416 for (cnt = 1; cnt < shnum; cnt++) { 2417 Word type, symnum; 2418 Xword relndx, relnum, relsize; 2419 void *rels; 2420 Sym *syms; 2421 Cache *symsec, *strsec; 2422 Cache *_cache = &cache[cnt]; 2423 Shdr *shdr = _cache->c_shdr; 2424 char *relname = _cache->c_name; 2425 Conv_inv_buf_t inv_buf; 2426 2427 if (((type = shdr->sh_type) != SHT_RELA) && 2428 (type != SHT_REL)) 2429 continue; 2430 if (!match(MATCH_F_ALL, relname, cnt, type)) 2431 continue; 2432 2433 /* 2434 * Decide entry size. 2435 */ 2436 if (((relsize = shdr->sh_entsize) == 0) || 2437 (relsize > shdr->sh_size)) { 2438 if (type == SHT_RELA) 2439 relsize = sizeof (Rela); 2440 else 2441 relsize = sizeof (Rel); 2442 } 2443 2444 /* 2445 * Determine the number of relocations available. 2446 */ 2447 if (shdr->sh_size == 0) { 2448 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2449 file, relname); 2450 continue; 2451 } 2452 if (_cache->c_data == NULL) 2453 continue; 2454 2455 rels = _cache->c_data->d_buf; 2456 relnum = shdr->sh_size / relsize; 2457 2458 /* 2459 * Get the data buffer for the associated symbol table and 2460 * string table. 2461 */ 2462 if (stringtbl(cache, 1, cnt, shnum, file, 2463 &symnum, &symsec, &strsec) == 0) 2464 continue; 2465 2466 syms = symsec->c_data->d_buf; 2467 2468 /* 2469 * Loop through the relocation entries. 2470 */ 2471 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2472 dbg_print(0, MSG_INTL(MSG_ELF_SCN_RELOC), _cache->c_name); 2473 Elf_reloc_title(0, ELF_DBG_ELFDUMP, type); 2474 2475 for (relndx = 0; relndx < relnum; relndx++, 2476 rels = (void *)((char *)rels + relsize)) { 2477 Half mach = ehdr->e_machine; 2478 char section[BUFSIZ]; 2479 const char *symname; 2480 Word symndx, reltype; 2481 Rela *rela; 2482 Rel *rel; 2483 2484 /* 2485 * Unravel the relocation and determine the symbol with 2486 * which this relocation is associated. 2487 */ 2488 if (type == SHT_RELA) { 2489 rela = (Rela *)rels; 2490 symndx = ELF_R_SYM(rela->r_info); 2491 reltype = ELF_R_TYPE(rela->r_info, mach); 2492 } else { 2493 rel = (Rel *)rels; 2494 symndx = ELF_R_SYM(rel->r_info); 2495 reltype = ELF_R_TYPE(rel->r_info, mach); 2496 } 2497 2498 symname = relsymname(cache, _cache, strsec, symndx, 2499 symnum, relndx, syms, section, BUFSIZ, file); 2500 2501 /* 2502 * A zero symbol index is only valid for a few 2503 * relocations. 2504 */ 2505 if (symndx == 0) { 2506 int badrel = 0; 2507 2508 if ((mach == EM_SPARC) || 2509 (mach == EM_SPARC32PLUS) || 2510 (mach == EM_SPARCV9)) { 2511 if ((reltype != R_SPARC_NONE) && 2512 (reltype != R_SPARC_REGISTER) && 2513 (reltype != R_SPARC_RELATIVE)) 2514 badrel++; 2515 } else if (mach == EM_386) { 2516 if ((reltype != R_386_NONE) && 2517 (reltype != R_386_RELATIVE)) 2518 badrel++; 2519 } else if (mach == EM_AMD64) { 2520 if ((reltype != R_AMD64_NONE) && 2521 (reltype != R_AMD64_RELATIVE)) 2522 badrel++; 2523 } 2524 2525 if (badrel) { 2526 (void) fprintf(stderr, 2527 MSG_INTL(MSG_ERR_BADREL1), file, 2528 conv_reloc_type(mach, reltype, 2529 0, &inv_buf)); 2530 } 2531 } 2532 2533 Elf_reloc_entry_1(0, ELF_DBG_ELFDUMP, 2534 MSG_ORIG(MSG_STR_EMPTY), ehdr->e_machine, type, 2535 rels, relname, symname, 0); 2536 } 2537 } 2538 } 2539 2540 2541 /* 2542 * This value controls which test dyn_test() performs. 2543 */ 2544 typedef enum { DYN_TEST_ADDR, DYN_TEST_SIZE, DYN_TEST_ENTSIZE } dyn_test_t; 2545 2546 /* 2547 * Used by dynamic() to compare the value of a dynamic element against 2548 * the starting address of the section it references. 2549 * 2550 * entry: 2551 * test_type - Specify which dyn item is being tested. 2552 * sh_type - SHT_* type value for required section. 2553 * sec_cache - Cache entry for section, or NULL if the object lacks 2554 * a section of this type. 2555 * dyn - Dyn entry to be tested 2556 * dynsec_cnt - # of dynamic section being examined. The first 2557 * dynamic section is 1, the next is 2, and so on... 2558 * ehdr - ELF header for file 2559 * file - Name of file 2560 */ 2561 static void 2562 dyn_test(dyn_test_t test_type, Word sh_type, Cache *sec_cache, Dyn *dyn, 2563 Word dynsec_cnt, Ehdr *ehdr, uchar_t osabi, const char *file) 2564 { 2565 Conv_inv_buf_t buf1, buf2; 2566 2567 /* 2568 * These tests are based around the implicit assumption that 2569 * there is only one dynamic section in an object, and also only 2570 * one of the sections it references. We have therefore gathered 2571 * all of the necessary information to test this in a single pass 2572 * over the section headers, which is very efficient. We are not 2573 * aware of any case where more than one dynamic section would 2574 * be meaningful in an ELF object, so this is a reasonable solution. 2575 * 2576 * To test multiple dynamic sections correctly would be more 2577 * expensive in code and time. We would have to build a data structure 2578 * containing all the dynamic elements. Then, we would use the address 2579 * to locate the section it references and ensure the section is of 2580 * the right type and that the address in the dynamic element is 2581 * to the start of the section. Then, we could check the size and 2582 * entsize values against those same sections. This is O(n^2), and 2583 * also complicated. 2584 * 2585 * In the highly unlikely case that there is more than one dynamic 2586 * section, we only test the first one, and simply allow the values 2587 * of the subsequent one to be displayed unchallenged. 2588 */ 2589 if (dynsec_cnt != 1) 2590 return; 2591 2592 /* 2593 * A DT_ item that references a section address should always find 2594 * the section in the file. 2595 */ 2596 if (sec_cache == NULL) { 2597 const char *name; 2598 2599 /* 2600 * Supply section names instead of section types for 2601 * things that reference progbits so that the error 2602 * message will make more sense. 2603 */ 2604 switch (dyn->d_tag) { 2605 case DT_INIT: 2606 name = MSG_ORIG(MSG_ELF_INIT); 2607 break; 2608 case DT_FINI: 2609 name = MSG_ORIG(MSG_ELF_FINI); 2610 break; 2611 default: 2612 name = conv_sec_type(osabi, ehdr->e_machine, 2613 sh_type, 0, &buf1); 2614 break; 2615 } 2616 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNNOBCKSEC), file, 2617 name, conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2618 CONV_FMT_ALT_CF, &buf2)); 2619 return; 2620 } 2621 2622 2623 switch (test_type) { 2624 case DYN_TEST_ADDR: 2625 /* The section address should match the DT_ item value */ 2626 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_addr) 2627 (void) fprintf(stderr, 2628 MSG_INTL(MSG_ERR_DYNBADADDR), file, 2629 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2630 CONV_FMT_ALT_CF, &buf1), EC_ADDR(dyn->d_un.d_val), 2631 sec_cache->c_ndx, sec_cache->c_name, 2632 EC_ADDR(sec_cache->c_shdr->sh_addr)); 2633 break; 2634 2635 case DYN_TEST_SIZE: 2636 /* The section size should match the DT_ item value */ 2637 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_size) 2638 (void) fprintf(stderr, 2639 MSG_INTL(MSG_ERR_DYNBADSIZE), file, 2640 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2641 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2642 sec_cache->c_ndx, sec_cache->c_name, 2643 EC_XWORD(sec_cache->c_shdr->sh_size)); 2644 break; 2645 2646 case DYN_TEST_ENTSIZE: 2647 /* The sh_entsize value should match the DT_ item value */ 2648 if (dyn->d_un.d_val != sec_cache->c_shdr->sh_entsize) 2649 (void) fprintf(stderr, 2650 MSG_INTL(MSG_ERR_DYNBADENTSIZE), file, 2651 conv_dyn_tag(dyn->d_tag, osabi, ehdr->e_machine, 2652 CONV_FMT_ALT_CF, &buf1), EC_XWORD(dyn->d_un.d_val), 2653 sec_cache->c_ndx, sec_cache->c_name, 2654 EC_XWORD(sec_cache->c_shdr->sh_entsize)); 2655 break; 2656 } 2657 } 2658 2659 /* 2660 * There are some DT_ entries that have corresponding symbols 2661 * (e.g. DT_INIT and _init). It is expected that these items will 2662 * both have the same value if both are present. This routine 2663 * examines the well known symbol tables for such symbols and 2664 * issues warnings for any that don't match. 2665 * 2666 * entry: 2667 * dyn - Dyn entry to be tested 2668 * symname - Name of symbol that corresponds to dyn 2669 * symtab_cache, dynsym_cache, ldynsym_cache - Symbol tables to check 2670 * target_cache - Section the symname section is expected to be 2671 * associated with. 2672 * cache - Cache of all section headers 2673 * shnum - # of sections in cache 2674 * ehdr - ELF header for file 2675 * osabi - OSABI to apply when interpreting object 2676 * file - Name of file 2677 */ 2678 static void 2679 dyn_symtest(Dyn *dyn, const char *symname, Cache *symtab_cache, 2680 Cache *dynsym_cache, Cache *ldynsym_cache, Cache *target_cache, 2681 Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2682 { 2683 Conv_inv_buf_t buf; 2684 int i; 2685 Sym *sym; 2686 Cache *_cache; 2687 2688 for (i = 0; i < 3; i++) { 2689 switch (i) { 2690 case 0: 2691 _cache = symtab_cache; 2692 break; 2693 case 1: 2694 _cache = dynsym_cache; 2695 break; 2696 case 2: 2697 _cache = ldynsym_cache; 2698 break; 2699 } 2700 2701 if ((_cache != NULL) && 2702 symlookup(symname, cache, shnum, &sym, target_cache, 2703 _cache, file) && (sym->st_value != dyn->d_un.d_val)) 2704 (void) fprintf(stderr, MSG_INTL(MSG_ERR_DYNSYMVAL), 2705 file, _cache->c_name, conv_dyn_tag(dyn->d_tag, 2706 osabi, ehdr->e_machine, CONV_FMT_ALT_CF, &buf), 2707 symname, EC_ADDR(sym->st_value)); 2708 } 2709 } 2710 2711 /* 2712 * Search for and process a .dynamic section. 2713 */ 2714 static void 2715 dynamic(Cache *cache, Word shnum, Ehdr *ehdr, uchar_t osabi, const char *file) 2716 { 2717 struct { 2718 Cache *symtab; 2719 Cache *dynstr; 2720 Cache *dynsym; 2721 Cache *hash; 2722 Cache *fini; 2723 Cache *fini_array; 2724 Cache *init; 2725 Cache *init_array; 2726 Cache *preinit_array; 2727 Cache *rel; 2728 Cache *rela; 2729 Cache *sunw_cap; 2730 Cache *sunw_capinfo; 2731 Cache *sunw_capchain; 2732 Cache *sunw_ldynsym; 2733 Cache *sunw_move; 2734 Cache *sunw_syminfo; 2735 Cache *sunw_symsort; 2736 Cache *sunw_tlssort; 2737 Cache *sunw_verdef; 2738 Cache *sunw_verneed; 2739 Cache *sunw_versym; 2740 } sec; 2741 Word dynsec_ndx; 2742 Word dynsec_num; 2743 int dynsec_cnt; 2744 Word cnt; 2745 int osabi_solaris = osabi == ELFOSABI_SOLARIS; 2746 2747 /* 2748 * Make a pass over all the sections, gathering section information 2749 * we'll need below. 2750 */ 2751 dynsec_num = 0; 2752 bzero(&sec, sizeof (sec)); 2753 for (cnt = 1; cnt < shnum; cnt++) { 2754 Cache *_cache = &cache[cnt]; 2755 2756 switch (_cache->c_shdr->sh_type) { 2757 case SHT_DYNAMIC: 2758 if (dynsec_num == 0) { 2759 dynsec_ndx = cnt; 2760 2761 /* Does it have a valid string table? */ 2762 (void) stringtbl(cache, 0, cnt, shnum, file, 2763 0, 0, &sec.dynstr); 2764 } 2765 dynsec_num++; 2766 break; 2767 2768 2769 case SHT_PROGBITS: 2770 /* 2771 * We want to detect the .init and .fini sections, 2772 * if present. These are SHT_PROGBITS, so all we 2773 * have to go on is the section name. Normally comparing 2774 * names is a bad idea, but there are some special 2775 * names (i.e. .init/.fini/.interp) that are very 2776 * difficult to use in any other context, and for 2777 * these symbols, we do the heuristic match. 2778 */ 2779 if (strcmp(_cache->c_name, 2780 MSG_ORIG(MSG_ELF_INIT)) == 0) { 2781 if (sec.init == NULL) 2782 sec.init = _cache; 2783 } else if (strcmp(_cache->c_name, 2784 MSG_ORIG(MSG_ELF_FINI)) == 0) { 2785 if (sec.fini == NULL) 2786 sec.fini = _cache; 2787 } 2788 break; 2789 2790 case SHT_REL: 2791 /* 2792 * We want the SHT_REL section with the lowest 2793 * offset. The linker gathers them together, 2794 * and puts the address of the first one 2795 * into the DT_REL dynamic element. 2796 */ 2797 if ((sec.rel == NULL) || 2798 (_cache->c_shdr->sh_offset < 2799 sec.rel->c_shdr->sh_offset)) 2800 sec.rel = _cache; 2801 break; 2802 2803 case SHT_RELA: 2804 /* RELA is handled just like RELA above */ 2805 if ((sec.rela == NULL) || 2806 (_cache->c_shdr->sh_offset < 2807 sec.rela->c_shdr->sh_offset)) 2808 sec.rela = _cache; 2809 break; 2810 2811 /* 2812 * The GRAB macro is used for the simple case in which 2813 * we simply grab the first section of the desired type. 2814 */ 2815 #define GRAB(_sec_type, _sec_field) \ 2816 case _sec_type: \ 2817 if (sec._sec_field == NULL) \ 2818 sec._sec_field = _cache; \ 2819 break 2820 GRAB(SHT_SYMTAB, symtab); 2821 GRAB(SHT_DYNSYM, dynsym); 2822 GRAB(SHT_FINI_ARRAY, fini_array); 2823 GRAB(SHT_HASH, hash); 2824 GRAB(SHT_INIT_ARRAY, init_array); 2825 GRAB(SHT_SUNW_move, sunw_move); 2826 GRAB(SHT_PREINIT_ARRAY, preinit_array); 2827 GRAB(SHT_SUNW_cap, sunw_cap); 2828 GRAB(SHT_SUNW_capinfo, sunw_capinfo); 2829 GRAB(SHT_SUNW_capchain, sunw_capchain); 2830 GRAB(SHT_SUNW_LDYNSYM, sunw_ldynsym); 2831 GRAB(SHT_SUNW_syminfo, sunw_syminfo); 2832 GRAB(SHT_SUNW_symsort, sunw_symsort); 2833 GRAB(SHT_SUNW_tlssort, sunw_tlssort); 2834 GRAB(SHT_SUNW_verdef, sunw_verdef); 2835 GRAB(SHT_SUNW_verneed, sunw_verneed); 2836 GRAB(SHT_SUNW_versym, sunw_versym); 2837 #undef GRAB 2838 } 2839 } 2840 2841 /* 2842 * If no dynamic section, return immediately. If more than one 2843 * dynamic section, then something odd is going on and an error 2844 * is in order, but then continue on and display them all. 2845 */ 2846 if (dynsec_num == 0) 2847 return; 2848 if (dynsec_num > 1) 2849 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MULTDYN), 2850 file, EC_WORD(dynsec_num)); 2851 2852 2853 dynsec_cnt = 0; 2854 for (cnt = dynsec_ndx; (cnt < shnum) && (dynsec_cnt < dynsec_num); 2855 cnt++) { 2856 Dyn *dyn; 2857 ulong_t numdyn; 2858 int ndx, end_ndx; 2859 Cache *_cache = &cache[cnt], *strsec; 2860 Shdr *shdr = _cache->c_shdr; 2861 int dumped = 0; 2862 2863 if (shdr->sh_type != SHT_DYNAMIC) 2864 continue; 2865 dynsec_cnt++; 2866 2867 /* 2868 * Verify the associated string table section. 2869 */ 2870 if (stringtbl(cache, 0, cnt, shnum, file, 0, 0, &strsec) == 0) 2871 continue; 2872 2873 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 2874 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 2875 file, _cache->c_name); 2876 continue; 2877 } 2878 if (_cache->c_data == NULL) 2879 continue; 2880 2881 numdyn = shdr->sh_size / shdr->sh_entsize; 2882 dyn = (Dyn *)_cache->c_data->d_buf; 2883 2884 /* 2885 * We expect the REL/RELA entries to reference the reloc 2886 * section with the lowest address. However, this is 2887 * not true for dumped objects. Detect if this object has 2888 * been dumped so that we can skip the reloc address test 2889 * in that case. 2890 */ 2891 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 2892 if (dyn->d_tag == DT_FLAGS_1) { 2893 dumped = (dyn->d_un.d_val & DF_1_CONFALT) != 0; 2894 break; 2895 } 2896 } 2897 dyn = (Dyn *)_cache->c_data->d_buf; 2898 2899 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 2900 dbg_print(0, MSG_INTL(MSG_ELF_SCN_DYNAMIC), _cache->c_name); 2901 2902 Elf_dyn_title(0); 2903 2904 for (ndx = 0; ndx < numdyn; dyn++, ndx++) { 2905 union { 2906 Conv_inv_buf_t inv; 2907 Conv_dyn_flag_buf_t flag; 2908 Conv_dyn_flag1_buf_t flag1; 2909 Conv_dyn_posflag1_buf_t posflag1; 2910 Conv_dyn_feature1_buf_t feature1; 2911 } c_buf; 2912 const char *name = NULL; 2913 2914 /* 2915 * Print the information numerically, and if possible 2916 * as a string. If a string is available, name is 2917 * set to reference it. 2918 * 2919 * Also, take this opportunity to sanity check 2920 * the values of DT elements. In the code above, 2921 * we gathered information on sections that are 2922 * referenced by the dynamic section. Here, we 2923 * compare the attributes of those sections to 2924 * the DT_ items that reference them and report 2925 * on inconsistencies. 2926 * 2927 * Things not currently tested that could be improved 2928 * in later revisions include: 2929 * - We don't check PLT or GOT related items 2930 * - We don't handle computing the lengths of 2931 * relocation arrays. To handle this 2932 * requires examining data that spans 2933 * across sections, in a contiguous span 2934 * within a single segment. 2935 * - DT_VERDEFNUM and DT_VERNEEDNUM can't be 2936 * verified without parsing the sections. 2937 * - We don't handle DT_SUNW_SYMSZ, which would 2938 * be the sum of the lengths of .dynsym and 2939 * .SUNW_ldynsym 2940 * - DT_SUNW_STRPAD can't be verified other than 2941 * to check that it's not larger than 2942 * the string table. 2943 * - Some items come in "all or none" clusters 2944 * that give an address, element size, 2945 * and data length in bytes. We don't 2946 * verify that there are no missing items 2947 * in such groups. 2948 */ 2949 switch (dyn->d_tag) { 2950 case DT_NULL: 2951 /* 2952 * Special case: DT_NULLs can come in groups 2953 * that we prefer to reduce to a single line. 2954 */ 2955 end_ndx = ndx; 2956 while ((end_ndx < (numdyn - 1)) && 2957 ((dyn + 1)->d_tag == DT_NULL)) { 2958 dyn++; 2959 end_ndx++; 2960 } 2961 Elf_dyn_null_entry(0, dyn, ndx, end_ndx); 2962 ndx = end_ndx; 2963 continue; 2964 2965 /* 2966 * String items all reference the dynstr. The string() 2967 * function does the necessary sanity checking. 2968 */ 2969 case DT_NEEDED: 2970 case DT_SONAME: 2971 case DT_FILTER: 2972 case DT_AUXILIARY: 2973 case DT_CONFIG: 2974 case DT_RPATH: 2975 case DT_RUNPATH: 2976 case DT_USED: 2977 case DT_DEPAUDIT: 2978 case DT_AUDIT: 2979 name = string(_cache, ndx, strsec, 2980 file, dyn->d_un.d_ptr); 2981 break; 2982 2983 case DT_SUNW_AUXILIARY: 2984 case DT_SUNW_FILTER: 2985 if (osabi_solaris) 2986 name = string(_cache, ndx, strsec, 2987 file, dyn->d_un.d_ptr); 2988 break; 2989 2990 case DT_FLAGS: 2991 name = conv_dyn_flag(dyn->d_un.d_val, 2992 0, &c_buf.flag); 2993 break; 2994 case DT_FLAGS_1: 2995 name = conv_dyn_flag1(dyn->d_un.d_val, 0, 2996 &c_buf.flag1); 2997 break; 2998 case DT_POSFLAG_1: 2999 name = conv_dyn_posflag1(dyn->d_un.d_val, 0, 3000 &c_buf.posflag1); 3001 break; 3002 case DT_FEATURE_1: 3003 name = conv_dyn_feature1(dyn->d_un.d_val, 0, 3004 &c_buf.feature1); 3005 break; 3006 case DT_DEPRECATED_SPARC_REGISTER: 3007 name = MSG_INTL(MSG_STR_DEPRECATED); 3008 break; 3009 3010 case DT_SUNW_LDMACH: 3011 if (!osabi_solaris) 3012 break; 3013 name = conv_ehdr_mach((Half)dyn->d_un.d_val, 3014 0, &c_buf.inv); 3015 break; 3016 3017 /* 3018 * Cases below this point are strictly sanity checking, 3019 * and do not generate a name string. The TEST_ macros 3020 * are used to hide the boiler plate arguments neeeded 3021 * by dyn_test(). 3022 */ 3023 #define TEST_ADDR(_sh_type, _sec_field) \ 3024 dyn_test(DYN_TEST_ADDR, _sh_type, \ 3025 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3026 osabi, file) 3027 #define TEST_SIZE(_sh_type, _sec_field) \ 3028 dyn_test(DYN_TEST_SIZE, _sh_type, \ 3029 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3030 osabi, file) 3031 #define TEST_ENTSIZE(_sh_type, _sec_field) \ 3032 dyn_test(DYN_TEST_ENTSIZE, _sh_type, \ 3033 sec._sec_field, dyn, dynsec_cnt, ehdr, \ 3034 osabi, file) 3035 3036 case DT_FINI: 3037 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_FINI), 3038 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3039 sec.fini, cache, shnum, ehdr, osabi, file); 3040 TEST_ADDR(SHT_PROGBITS, fini); 3041 break; 3042 3043 case DT_FINI_ARRAY: 3044 TEST_ADDR(SHT_FINI_ARRAY, fini_array); 3045 break; 3046 3047 case DT_FINI_ARRAYSZ: 3048 TEST_SIZE(SHT_FINI_ARRAY, fini_array); 3049 break; 3050 3051 case DT_HASH: 3052 TEST_ADDR(SHT_HASH, hash); 3053 break; 3054 3055 case DT_INIT: 3056 dyn_symtest(dyn, MSG_ORIG(MSG_SYM_INIT), 3057 sec.symtab, sec.dynsym, sec.sunw_ldynsym, 3058 sec.init, cache, shnum, ehdr, osabi, file); 3059 TEST_ADDR(SHT_PROGBITS, init); 3060 break; 3061 3062 case DT_INIT_ARRAY: 3063 TEST_ADDR(SHT_INIT_ARRAY, init_array); 3064 break; 3065 3066 case DT_INIT_ARRAYSZ: 3067 TEST_SIZE(SHT_INIT_ARRAY, init_array); 3068 break; 3069 3070 case DT_MOVEENT: 3071 TEST_ENTSIZE(SHT_SUNW_move, sunw_move); 3072 break; 3073 3074 case DT_MOVESZ: 3075 TEST_SIZE(SHT_SUNW_move, sunw_move); 3076 break; 3077 3078 case DT_MOVETAB: 3079 TEST_ADDR(SHT_SUNW_move, sunw_move); 3080 break; 3081 3082 case DT_PREINIT_ARRAY: 3083 TEST_ADDR(SHT_PREINIT_ARRAY, preinit_array); 3084 break; 3085 3086 case DT_PREINIT_ARRAYSZ: 3087 TEST_SIZE(SHT_PREINIT_ARRAY, preinit_array); 3088 break; 3089 3090 case DT_REL: 3091 if (!dumped) 3092 TEST_ADDR(SHT_REL, rel); 3093 break; 3094 3095 case DT_RELENT: 3096 TEST_ENTSIZE(SHT_REL, rel); 3097 break; 3098 3099 case DT_RELA: 3100 if (!dumped) 3101 TEST_ADDR(SHT_RELA, rela); 3102 break; 3103 3104 case DT_RELAENT: 3105 TEST_ENTSIZE(SHT_RELA, rela); 3106 break; 3107 3108 case DT_STRTAB: 3109 TEST_ADDR(SHT_STRTAB, dynstr); 3110 break; 3111 3112 case DT_STRSZ: 3113 TEST_SIZE(SHT_STRTAB, dynstr); 3114 break; 3115 3116 case DT_SUNW_CAP: 3117 if (osabi_solaris) 3118 TEST_ADDR(SHT_SUNW_cap, sunw_cap); 3119 break; 3120 3121 case DT_SUNW_CAPINFO: 3122 if (osabi_solaris) 3123 TEST_ADDR(SHT_SUNW_capinfo, 3124 sunw_capinfo); 3125 break; 3126 3127 case DT_SUNW_CAPCHAIN: 3128 if (osabi_solaris) 3129 TEST_ADDR(SHT_SUNW_capchain, 3130 sunw_capchain); 3131 break; 3132 3133 case DT_SUNW_SYMTAB: 3134 TEST_ADDR(SHT_SUNW_LDYNSYM, sunw_ldynsym); 3135 break; 3136 3137 case DT_SYMENT: 3138 TEST_ENTSIZE(SHT_DYNSYM, dynsym); 3139 break; 3140 3141 case DT_SYMINENT: 3142 TEST_ENTSIZE(SHT_SUNW_syminfo, sunw_syminfo); 3143 break; 3144 3145 case DT_SYMINFO: 3146 TEST_ADDR(SHT_SUNW_syminfo, sunw_syminfo); 3147 break; 3148 3149 case DT_SYMINSZ: 3150 TEST_SIZE(SHT_SUNW_syminfo, sunw_syminfo); 3151 break; 3152 3153 case DT_SYMTAB: 3154 TEST_ADDR(SHT_DYNSYM, dynsym); 3155 break; 3156 3157 case DT_SUNW_SORTENT: 3158 /* 3159 * This entry is related to both the symsort and 3160 * tlssort sections. 3161 */ 3162 if (osabi_solaris) { 3163 int test_tls = 3164 (sec.sunw_tlssort != NULL); 3165 int test_sym = 3166 (sec.sunw_symsort != NULL) || 3167 !test_tls; 3168 if (test_sym) 3169 TEST_ENTSIZE(SHT_SUNW_symsort, 3170 sunw_symsort); 3171 if (test_tls) 3172 TEST_ENTSIZE(SHT_SUNW_tlssort, 3173 sunw_tlssort); 3174 } 3175 break; 3176 3177 3178 case DT_SUNW_SYMSORT: 3179 if (osabi_solaris) 3180 TEST_ADDR(SHT_SUNW_symsort, 3181 sunw_symsort); 3182 break; 3183 3184 case DT_SUNW_SYMSORTSZ: 3185 if (osabi_solaris) 3186 TEST_SIZE(SHT_SUNW_symsort, 3187 sunw_symsort); 3188 break; 3189 3190 case DT_SUNW_TLSSORT: 3191 if (osabi_solaris) 3192 TEST_ADDR(SHT_SUNW_tlssort, 3193 sunw_tlssort); 3194 break; 3195 3196 case DT_SUNW_TLSSORTSZ: 3197 if (osabi_solaris) 3198 TEST_SIZE(SHT_SUNW_tlssort, 3199 sunw_tlssort); 3200 break; 3201 3202 case DT_VERDEF: 3203 TEST_ADDR(SHT_SUNW_verdef, sunw_verdef); 3204 break; 3205 3206 case DT_VERNEED: 3207 TEST_ADDR(SHT_SUNW_verneed, sunw_verneed); 3208 break; 3209 3210 case DT_VERSYM: 3211 TEST_ADDR(SHT_SUNW_versym, sunw_versym); 3212 break; 3213 #undef TEST_ADDR 3214 #undef TEST_SIZE 3215 #undef TEST_ENTSIZE 3216 } 3217 3218 if (name == NULL) 3219 name = MSG_ORIG(MSG_STR_EMPTY); 3220 Elf_dyn_entry(0, dyn, ndx, name, 3221 osabi, ehdr->e_machine); 3222 } 3223 } 3224 } 3225 3226 /* 3227 * Search for and process a MOVE section. 3228 */ 3229 static void 3230 move(Cache *cache, Word shnum, const char *file, uint_t flags) 3231 { 3232 Word cnt; 3233 const char *fmt = NULL; 3234 3235 for (cnt = 1; cnt < shnum; cnt++) { 3236 Word movenum, symnum, ndx; 3237 Sym *syms; 3238 Cache *_cache = &cache[cnt]; 3239 Shdr *shdr = _cache->c_shdr; 3240 Cache *symsec, *strsec; 3241 Move *move; 3242 3243 if (shdr->sh_type != SHT_SUNW_move) 3244 continue; 3245 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3246 continue; 3247 3248 /* 3249 * Determine the move data and number. 3250 */ 3251 if ((shdr->sh_entsize == 0) || (shdr->sh_size == 0)) { 3252 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3253 file, _cache->c_name); 3254 continue; 3255 } 3256 if (_cache->c_data == NULL) 3257 continue; 3258 3259 move = (Move *)_cache->c_data->d_buf; 3260 movenum = shdr->sh_size / shdr->sh_entsize; 3261 3262 /* 3263 * Get the data buffer for the associated symbol table and 3264 * string table. 3265 */ 3266 if (stringtbl(cache, 1, cnt, shnum, file, 3267 &symnum, &symsec, &strsec) == 0) 3268 return; 3269 3270 syms = (Sym *)symsec->c_data->d_buf; 3271 3272 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3273 dbg_print(0, MSG_INTL(MSG_ELF_SCN_MOVE), _cache->c_name); 3274 dbg_print(0, MSG_INTL(MSG_MOVE_TITLE)); 3275 3276 if (fmt == NULL) 3277 fmt = MSG_INTL(MSG_MOVE_ENTRY); 3278 3279 for (ndx = 0; ndx < movenum; move++, ndx++) { 3280 const char *symname; 3281 char index[MAXNDXSIZE], section[BUFSIZ]; 3282 Word symndx, shndx; 3283 Sym *sym; 3284 3285 /* 3286 * Check for null entries 3287 */ 3288 if ((move->m_info == 0) && (move->m_value == 0) && 3289 (move->m_poffset == 0) && (move->m_repeat == 0) && 3290 (move->m_stride == 0)) { 3291 dbg_print(0, fmt, MSG_ORIG(MSG_STR_EMPTY), 3292 EC_XWORD(move->m_poffset), 0, 0, 0, 3293 EC_LWORD(0), MSG_ORIG(MSG_STR_EMPTY)); 3294 continue; 3295 } 3296 if (((symndx = ELF_M_SYM(move->m_info)) == 0) || 3297 (symndx >= symnum)) { 3298 (void) fprintf(stderr, 3299 MSG_INTL(MSG_ERR_BADMINFO), file, 3300 _cache->c_name, EC_XWORD(move->m_info)); 3301 3302 (void) snprintf(index, MAXNDXSIZE, 3303 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3304 dbg_print(0, fmt, index, 3305 EC_XWORD(move->m_poffset), 3306 ELF_M_SIZE(move->m_info), move->m_repeat, 3307 move->m_stride, move->m_value, 3308 MSG_INTL(MSG_STR_UNKNOWN)); 3309 continue; 3310 } 3311 3312 symname = relsymname(cache, _cache, strsec, 3313 symndx, symnum, ndx, syms, section, BUFSIZ, file); 3314 sym = (Sym *)(syms + symndx); 3315 3316 /* 3317 * Additional sanity check. 3318 */ 3319 shndx = sym->st_shndx; 3320 if (!((shndx == SHN_COMMON) || 3321 (((shndx >= 1) && (shndx <= shnum)) && 3322 (cache[shndx].c_shdr)->sh_type == SHT_NOBITS))) { 3323 (void) fprintf(stderr, 3324 MSG_INTL(MSG_ERR_BADSYM2), file, 3325 _cache->c_name, EC_WORD(symndx), 3326 demangle(symname, flags)); 3327 } 3328 3329 (void) snprintf(index, MAXNDXSIZE, 3330 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(symndx)); 3331 dbg_print(0, fmt, index, EC_XWORD(move->m_poffset), 3332 ELF_M_SIZE(move->m_info), move->m_repeat, 3333 move->m_stride, move->m_value, 3334 demangle(symname, flags)); 3335 } 3336 } 3337 } 3338 3339 /* 3340 * parse_note_t is used to track the state used by parse_note_entry() 3341 * between calls, and also to return the results of each call. 3342 */ 3343 typedef struct { 3344 /* pns_ fields track progress through the data */ 3345 const char *pns_file; /* File name */ 3346 Cache *pns_cache; /* Note section cache entry */ 3347 size_t pns_size; /* # unprocessed data bytes */ 3348 Word *pns_data; /* # to next unused data byte */ 3349 3350 /* pn_ fields return the results for a single call */ 3351 Word pn_namesz; /* Value of note namesz field */ 3352 Word pn_descsz; /* Value of note descsz field */ 3353 Word pn_type; /* Value of note type field */ 3354 const char *pn_name; /* if (namesz > 0) ptr to name bytes */ 3355 const char *pn_desc; /* if (descsx > 0) ptr to data bytes */ 3356 } parse_note_t; 3357 3358 /* 3359 * Extract the various sub-parts of a note entry, and advance the 3360 * data pointer past it. 3361 * 3362 * entry: 3363 * The state pns_ fields contain current values for the Note section 3364 * 3365 * exit: 3366 * On success, True (1) is returned, the state pns_ fields have been 3367 * advanced to point at the start of the next entry, and the information 3368 * for the recovered note entry is found in the state pn_ fields. 3369 * 3370 * On failure, False (0) is returned. The values contained in state 3371 * are undefined. 3372 */ 3373 static int 3374 parse_note_entry(parse_note_t *state) 3375 { 3376 size_t pad, noteoff; 3377 3378 noteoff = (Word)state->pns_cache->c_data->d_size - state->pns_size; 3379 /* 3380 * Make sure we can at least reference the 3 initial entries 3381 * (4-byte words) of the note information block. 3382 */ 3383 if (state->pns_size >= (sizeof (Word) * 3)) { 3384 state->pns_size -= (sizeof (Word) * 3); 3385 } else { 3386 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDATASZ), 3387 state->pns_file, state->pns_cache->c_name, 3388 EC_WORD(noteoff)); 3389 return (0); 3390 } 3391 3392 /* 3393 * Make sure any specified name string can be referenced. 3394 */ 3395 if ((state->pn_namesz = *state->pns_data++) != 0) { 3396 if (state->pns_size >= state->pn_namesz) { 3397 state->pns_size -= state->pn_namesz; 3398 } else { 3399 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADNMSZ), 3400 state->pns_file, state->pns_cache->c_name, 3401 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3402 return (0); 3403 } 3404 } 3405 3406 /* 3407 * Make sure any specified descriptor can be referenced. 3408 */ 3409 if ((state->pn_descsz = *state->pns_data++) != 0) { 3410 /* 3411 * If namesz isn't a 4-byte multiple, account for any 3412 * padding that must exist before the descriptor. 3413 */ 3414 if ((pad = (state->pn_namesz & (sizeof (Word) - 1))) != 0) { 3415 pad = sizeof (Word) - pad; 3416 state->pns_size -= pad; 3417 } 3418 if (state->pns_size >= state->pn_descsz) { 3419 state->pns_size -= state->pn_descsz; 3420 } else { 3421 (void) fprintf(stderr, MSG_INTL(MSG_NOTE_BADDESZ), 3422 state->pns_file, state->pns_cache->c_name, 3423 EC_WORD(noteoff), EC_WORD(state->pn_namesz)); 3424 return (0); 3425 } 3426 } 3427 3428 state->pn_type = *state->pns_data++; 3429 3430 /* Name */ 3431 if (state->pn_namesz) { 3432 state->pn_name = (char *)state->pns_data; 3433 pad = (state->pn_namesz + 3434 (sizeof (Word) - 1)) & ~(sizeof (Word) - 1); 3435 /* LINTED */ 3436 state->pns_data = (Word *)(state->pn_name + pad); 3437 } 3438 3439 /* 3440 * If multiple information blocks exist within a .note section 3441 * account for any padding that must exist before the next 3442 * information block. 3443 */ 3444 if ((pad = (state->pn_descsz & (sizeof (Word) - 1))) != 0) { 3445 pad = sizeof (Word) - pad; 3446 if (state->pns_size > pad) 3447 state->pns_size -= pad; 3448 } 3449 3450 /* Data */ 3451 if (state->pn_descsz) { 3452 state->pn_desc = (const char *)state->pns_data; 3453 /* LINTED */ 3454 state->pns_data = (Word *)(state->pn_desc + 3455 state->pn_descsz + pad); 3456 } 3457 3458 return (1); 3459 } 3460 3461 /* 3462 * Callback function for use with conv_str_to_c_literal() below. 3463 */ 3464 /*ARGSUSED2*/ 3465 static void 3466 c_literal_cb(const void *ptr, size_t size, void *uvalue) 3467 { 3468 (void) fwrite(ptr, size, 1, stdout); 3469 } 3470 3471 /* 3472 * Traverse a note section analyzing each note information block. 3473 * The data buffers size is used to validate references before they are made, 3474 * and is decremented as each element is processed. 3475 */ 3476 void 3477 note_entry(Cache *cache, Word *data, size_t size, Ehdr *ehdr, const char *file) 3478 { 3479 int cnt = 0; 3480 int is_corenote; 3481 int do_swap; 3482 Conv_inv_buf_t inv_buf; 3483 parse_note_t pnstate; 3484 3485 pnstate.pns_file = file; 3486 pnstate.pns_cache = cache; 3487 pnstate.pns_size = size; 3488 pnstate.pns_data = data; 3489 do_swap = _elf_sys_encoding() != ehdr->e_ident[EI_DATA]; 3490 3491 /* 3492 * Print out a single `note' information block. 3493 */ 3494 while (pnstate.pns_size > 0) { 3495 3496 if (parse_note_entry(&pnstate) == 0) 3497 return; 3498 3499 /* 3500 * Is this a Solaris core note? Such notes all have 3501 * the name "CORE". 3502 */ 3503 is_corenote = (ehdr->e_type == ET_CORE) && 3504 (pnstate.pn_namesz == (MSG_STR_CORE_SIZE + 1)) && 3505 (strncmp(MSG_ORIG(MSG_STR_CORE), pnstate.pn_name, 3506 MSG_STR_CORE_SIZE + 1) == 0); 3507 3508 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3509 dbg_print(0, MSG_INTL(MSG_FMT_NOTEENTNDX), EC_WORD(cnt)); 3510 cnt++; 3511 dbg_print(0, MSG_ORIG(MSG_NOTE_NAMESZ), 3512 EC_WORD(pnstate.pn_namesz)); 3513 dbg_print(0, MSG_ORIG(MSG_NOTE_DESCSZ), 3514 EC_WORD(pnstate.pn_descsz)); 3515 3516 if (is_corenote) 3517 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE_STR), 3518 conv_cnote_type(pnstate.pn_type, 0, &inv_buf)); 3519 else 3520 dbg_print(0, MSG_ORIG(MSG_NOTE_TYPE), 3521 EC_WORD(pnstate.pn_type)); 3522 if (pnstate.pn_namesz) { 3523 dbg_print(0, MSG_ORIG(MSG_NOTE_NAME)); 3524 /* 3525 * The name string can contain embedded 'null' 3526 * bytes and/or unprintable characters. Also, 3527 * the final NULL is documented in the ELF ABI 3528 * as being included in the namesz. So, display 3529 * the name using C literal string notation, and 3530 * include the terminating NULL in the output. 3531 * We don't show surrounding double quotes, as 3532 * that implies the termination that we are showing 3533 * explicitly. 3534 */ 3535 (void) fwrite(MSG_ORIG(MSG_STR_8SP), 3536 MSG_STR_8SP_SIZE, 1, stdout); 3537 conv_str_to_c_literal(pnstate.pn_name, 3538 pnstate.pn_namesz, c_literal_cb, NULL); 3539 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3540 } 3541 3542 if (pnstate.pn_descsz) { 3543 int hexdump = 1; 3544 3545 /* 3546 * If this is a core note, let the corenote() 3547 * function handle it. 3548 */ 3549 if (is_corenote) { 3550 /* We only issue the bad arch error once */ 3551 static int badnote_done = 0; 3552 corenote_ret_t corenote_ret; 3553 3554 corenote_ret = corenote(ehdr->e_machine, 3555 do_swap, pnstate.pn_type, pnstate.pn_desc, 3556 pnstate.pn_descsz); 3557 switch (corenote_ret) { 3558 case CORENOTE_R_OK: 3559 hexdump = 0; 3560 break; 3561 case CORENOTE_R_BADDATA: 3562 (void) fprintf(stderr, 3563 MSG_INTL(MSG_NOTE_BADCOREDATA), 3564 file); 3565 break; 3566 case CORENOTE_R_BADARCH: 3567 if (badnote_done) 3568 break; 3569 (void) fprintf(stderr, 3570 MSG_INTL(MSG_NOTE_BADCOREARCH), 3571 file, 3572 conv_ehdr_mach(ehdr->e_machine, 3573 0, &inv_buf)); 3574 break; 3575 } 3576 } 3577 3578 /* 3579 * The default thing when we don't understand 3580 * the note data is to display it as hex bytes. 3581 */ 3582 if (hexdump) { 3583 dbg_print(0, MSG_ORIG(MSG_NOTE_DESC)); 3584 dump_hex_bytes(pnstate.pn_desc, 3585 pnstate.pn_descsz, 8, 4, 4); 3586 } 3587 } 3588 } 3589 } 3590 3591 /* 3592 * Search for and process .note sections. 3593 * 3594 * Returns the number of note sections seen. 3595 */ 3596 static Word 3597 note(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3598 { 3599 Word cnt, note_cnt = 0; 3600 3601 /* 3602 * Otherwise look for any .note sections. 3603 */ 3604 for (cnt = 1; cnt < shnum; cnt++) { 3605 Cache *_cache = &cache[cnt]; 3606 Shdr *shdr = _cache->c_shdr; 3607 3608 if (shdr->sh_type != SHT_NOTE) 3609 continue; 3610 note_cnt++; 3611 if (!match(MATCH_F_ALL, _cache->c_name, cnt, shdr->sh_type)) 3612 continue; 3613 3614 /* 3615 * As these sections are often hand rolled, make sure they're 3616 * properly aligned before proceeding, and issue an error 3617 * as necessary. 3618 * 3619 * Note that we will continue on to display the note even 3620 * if it has bad alignment. We can do this safely, because 3621 * libelf knows the alignment required for SHT_NOTE, and 3622 * takes steps to deliver a properly aligned buffer to us 3623 * even if the actual file is misaligned. 3624 */ 3625 if (shdr->sh_offset & (sizeof (Word) - 1)) 3626 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADALIGN), 3627 file, _cache->c_name); 3628 3629 if (_cache->c_data == NULL) 3630 continue; 3631 3632 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3633 dbg_print(0, MSG_INTL(MSG_ELF_SCN_NOTE), _cache->c_name); 3634 note_entry(_cache, (Word *)_cache->c_data->d_buf, 3635 /* LINTED */ 3636 (Word)_cache->c_data->d_size, ehdr, file); 3637 } 3638 3639 return (note_cnt); 3640 } 3641 3642 /* 3643 * The Linux Standard Base defines a special note named .note.ABI-tag 3644 * that is used to maintain Linux ABI information. Presence of this section 3645 * is a strong indication that the object should be considered to be 3646 * ELFOSABI_LINUX. 3647 * 3648 * This function returns True (1) if such a note is seen, and False (0) 3649 * otherwise. 3650 */ 3651 static int 3652 has_linux_abi_note(Cache *cache, Word shnum, const char *file) 3653 { 3654 Word cnt; 3655 3656 for (cnt = 1; cnt < shnum; cnt++) { 3657 parse_note_t pnstate; 3658 Cache *_cache = &cache[cnt]; 3659 Shdr *shdr = _cache->c_shdr; 3660 3661 /* 3662 * Section must be SHT_NOTE, must have the name 3663 * .note.ABI-tag, and must have data. 3664 */ 3665 if ((shdr->sh_type != SHT_NOTE) || 3666 (strcmp(MSG_ORIG(MSG_STR_NOTEABITAG), 3667 _cache->c_name) != 0) || (_cache->c_data == NULL)) 3668 continue; 3669 3670 pnstate.pns_file = file; 3671 pnstate.pns_cache = _cache; 3672 pnstate.pns_size = _cache->c_data->d_size; 3673 pnstate.pns_data = (Word *)_cache->c_data->d_buf; 3674 3675 while (pnstate.pns_size > 0) { 3676 Word *w; 3677 3678 if (parse_note_entry(&pnstate) == 0) 3679 break; 3680 3681 /* 3682 * The type must be 1, and the name must be "GNU". 3683 * The descsz must be at least 16 bytes. 3684 */ 3685 if ((pnstate.pn_type != 1) || 3686 (pnstate.pn_namesz != (MSG_STR_GNU_SIZE + 1)) || 3687 (strncmp(MSG_ORIG(MSG_STR_GNU), pnstate.pn_name, 3688 MSG_STR_CORE_SIZE + 1) != 0) || 3689 (pnstate.pn_descsz < 16)) 3690 continue; 3691 3692 /* 3693 * desc contains 4 32-bit fields. Field 0 must be 0, 3694 * indicating Linux. The second, third, and fourth 3695 * fields represent the earliest Linux kernel 3696 * version compatible with this object. 3697 */ 3698 /*LINTED*/ 3699 w = (Word *) pnstate.pn_desc; 3700 if (*w == 0) 3701 return (1); 3702 } 3703 } 3704 3705 return (0); 3706 } 3707 3708 /* 3709 * Determine an individual hash entry. This may be the initial hash entry, 3710 * or an associated chain entry. 3711 */ 3712 static void 3713 hash_entry(Cache *refsec, Cache *strsec, const char *hsecname, Word hashndx, 3714 Word symndx, Word symn, Sym *syms, const char *file, ulong_t bkts, 3715 uint_t flags, int chain) 3716 { 3717 Sym *sym; 3718 const char *symname, *str; 3719 char _bucket[MAXNDXSIZE], _symndx[MAXNDXSIZE]; 3720 ulong_t nbkt, nhash; 3721 3722 if (symndx > symn) { 3723 (void) fprintf(stderr, MSG_INTL(MSG_ERR_HSBADSYMNDX), file, 3724 EC_WORD(symndx), EC_WORD(hashndx)); 3725 symname = MSG_INTL(MSG_STR_UNKNOWN); 3726 } else { 3727 sym = (Sym *)(syms + symndx); 3728 symname = string(refsec, symndx, strsec, file, sym->st_name); 3729 } 3730 3731 if (chain == 0) { 3732 (void) snprintf(_bucket, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 3733 hashndx); 3734 str = (const char *)_bucket; 3735 } else 3736 str = MSG_ORIG(MSG_STR_EMPTY); 3737 3738 (void) snprintf(_symndx, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INDEX2), 3739 EC_WORD(symndx)); 3740 dbg_print(0, MSG_ORIG(MSG_FMT_HASH_INFO), str, _symndx, 3741 demangle(symname, flags)); 3742 3743 /* 3744 * Determine if this string is in the correct bucket. 3745 */ 3746 nhash = elf_hash(symname); 3747 nbkt = nhash % bkts; 3748 3749 if (nbkt != hashndx) { 3750 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADHASH), file, 3751 hsecname, symname, EC_WORD(hashndx), nbkt); 3752 } 3753 } 3754 3755 #define MAXCOUNT 500 3756 3757 static void 3758 hash(Cache *cache, Word shnum, const char *file, uint_t flags) 3759 { 3760 static int count[MAXCOUNT]; 3761 Word cnt; 3762 ulong_t ndx, bkts; 3763 char number[MAXNDXSIZE]; 3764 3765 for (cnt = 1; cnt < shnum; cnt++) { 3766 uint_t *hash, *chain; 3767 Cache *_cache = &cache[cnt]; 3768 Shdr *sshdr, *hshdr = _cache->c_shdr; 3769 char *ssecname, *hsecname = _cache->c_name; 3770 Sym *syms; 3771 Word symn; 3772 3773 if (hshdr->sh_type != SHT_HASH) 3774 continue; 3775 3776 /* 3777 * Determine the hash table data and size. 3778 */ 3779 if ((hshdr->sh_entsize == 0) || (hshdr->sh_size == 0)) { 3780 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3781 file, hsecname); 3782 continue; 3783 } 3784 if (_cache->c_data == NULL) 3785 continue; 3786 3787 hash = (uint_t *)_cache->c_data->d_buf; 3788 bkts = *hash; 3789 chain = hash + 2 + bkts; 3790 hash += 2; 3791 3792 /* 3793 * Get the data buffer for the associated symbol table. 3794 */ 3795 if ((hshdr->sh_link == 0) || (hshdr->sh_link >= shnum)) { 3796 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 3797 file, hsecname, EC_WORD(hshdr->sh_link)); 3798 continue; 3799 } 3800 3801 _cache = &cache[hshdr->sh_link]; 3802 ssecname = _cache->c_name; 3803 3804 if (_cache->c_data == NULL) 3805 continue; 3806 3807 if ((syms = (Sym *)_cache->c_data->d_buf) == NULL) { 3808 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 3809 file, ssecname); 3810 continue; 3811 } 3812 3813 sshdr = _cache->c_shdr; 3814 /* LINTED */ 3815 symn = (Word)(sshdr->sh_size / sshdr->sh_entsize); 3816 3817 /* 3818 * Get the associated string table section. 3819 */ 3820 if ((sshdr->sh_link == 0) || (sshdr->sh_link >= shnum)) { 3821 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHLINK), 3822 file, ssecname, EC_WORD(sshdr->sh_link)); 3823 continue; 3824 } 3825 3826 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3827 dbg_print(0, MSG_INTL(MSG_ELF_SCN_HASH), hsecname); 3828 dbg_print(0, MSG_INTL(MSG_ELF_HASH_INFO)); 3829 3830 /* 3831 * Loop through the hash buckets, printing the appropriate 3832 * symbols. 3833 */ 3834 for (ndx = 0; ndx < bkts; ndx++, hash++) { 3835 Word _ndx, _cnt; 3836 3837 if (*hash == 0) { 3838 count[0]++; 3839 continue; 3840 } 3841 3842 hash_entry(_cache, &cache[sshdr->sh_link], hsecname, 3843 ndx, *hash, symn, syms, file, bkts, flags, 0); 3844 3845 /* 3846 * Determine if any other symbols are chained to this 3847 * bucket. 3848 */ 3849 _ndx = chain[*hash]; 3850 _cnt = 1; 3851 while (_ndx) { 3852 hash_entry(_cache, &cache[sshdr->sh_link], 3853 hsecname, ndx, _ndx, symn, syms, file, 3854 bkts, flags, 1); 3855 _ndx = chain[_ndx]; 3856 _cnt++; 3857 } 3858 3859 if (_cnt >= MAXCOUNT) { 3860 (void) fprintf(stderr, 3861 MSG_INTL(MSG_HASH_OVERFLW), file, 3862 _cache->c_name, EC_WORD(ndx), 3863 EC_WORD(_cnt)); 3864 } else 3865 count[_cnt]++; 3866 } 3867 break; 3868 } 3869 3870 /* 3871 * Print out the count information. 3872 */ 3873 bkts = cnt = 0; 3874 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3875 3876 for (ndx = 0; ndx < MAXCOUNT; ndx++) { 3877 Word _cnt; 3878 3879 if ((_cnt = count[ndx]) == 0) 3880 continue; 3881 3882 (void) snprintf(number, MAXNDXSIZE, 3883 MSG_ORIG(MSG_FMT_INTEGER), _cnt); 3884 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS1), number, 3885 EC_WORD(ndx)); 3886 bkts += _cnt; 3887 cnt += (Word)(ndx * _cnt); 3888 } 3889 if (cnt) { 3890 (void) snprintf(number, MAXNDXSIZE, MSG_ORIG(MSG_FMT_INTEGER), 3891 bkts); 3892 dbg_print(0, MSG_INTL(MSG_ELF_HASH_BKTS2), number, 3893 EC_WORD(cnt)); 3894 } 3895 } 3896 3897 static void 3898 group(Cache *cache, Word shnum, const char *file, uint_t flags) 3899 { 3900 Word scnt; 3901 3902 for (scnt = 1; scnt < shnum; scnt++) { 3903 Cache *_cache = &cache[scnt]; 3904 Shdr *shdr = _cache->c_shdr; 3905 Word *grpdata, gcnt, grpcnt, symnum, unknown; 3906 Cache *symsec, *strsec; 3907 Sym *syms, *sym; 3908 char flgstrbuf[MSG_GRP_COMDAT_SIZE + 10]; 3909 const char *grpnam; 3910 3911 if (shdr->sh_type != SHT_GROUP) 3912 continue; 3913 if (!match(MATCH_F_ALL, _cache->c_name, scnt, shdr->sh_type)) 3914 continue; 3915 if ((_cache->c_data == NULL) || 3916 ((grpdata = (Word *)_cache->c_data->d_buf) == NULL)) 3917 continue; 3918 grpcnt = shdr->sh_size / sizeof (Word); 3919 3920 /* 3921 * Get the data buffer for the associated symbol table and 3922 * string table. 3923 */ 3924 if (stringtbl(cache, 1, scnt, shnum, file, 3925 &symnum, &symsec, &strsec) == 0) 3926 return; 3927 3928 syms = symsec->c_data->d_buf; 3929 3930 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 3931 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GRP), _cache->c_name); 3932 dbg_print(0, MSG_INTL(MSG_GRP_TITLE)); 3933 3934 /* 3935 * The first element of the group defines the group. The 3936 * associated symbol is defined by the sh_link field. 3937 */ 3938 if ((shdr->sh_info == SHN_UNDEF) || (shdr->sh_info > symnum)) { 3939 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHINFO), 3940 file, _cache->c_name, EC_WORD(shdr->sh_info)); 3941 return; 3942 } 3943 3944 (void) strcpy(flgstrbuf, MSG_ORIG(MSG_STR_OSQBRKT)); 3945 if (grpdata[0] & GRP_COMDAT) { 3946 (void) strcat(flgstrbuf, MSG_ORIG(MSG_GRP_COMDAT)); 3947 } 3948 if ((unknown = (grpdata[0] & ~GRP_COMDAT)) != 0) { 3949 size_t len = strlen(flgstrbuf); 3950 3951 (void) snprintf(&flgstrbuf[len], 3952 (MSG_GRP_COMDAT_SIZE + 10 - len), 3953 MSG_ORIG(MSG_GRP_UNKNOWN), unknown); 3954 } 3955 (void) strcat(flgstrbuf, MSG_ORIG(MSG_STR_CSQBRKT)); 3956 sym = (Sym *)(syms + shdr->sh_info); 3957 3958 /* 3959 * The GNU assembler can use section symbols as the signature 3960 * symbol as described by this comment in the gold linker 3961 * (found via google): 3962 * 3963 * It seems that some versions of gas will create a 3964 * section group associated with a section symbol, and 3965 * then fail to give a name to the section symbol. In 3966 * such a case, use the name of the section. 3967 * 3968 * In order to support such objects, we do the same. 3969 */ 3970 grpnam = string(_cache, 0, strsec, file, sym->st_name); 3971 if (((sym->st_name == 0) || (*grpnam == '\0')) && 3972 (ELF_ST_TYPE(sym->st_info) == STT_SECTION)) 3973 grpnam = cache[sym->st_shndx].c_name; 3974 3975 dbg_print(0, MSG_INTL(MSG_GRP_SIGNATURE), flgstrbuf, 3976 demangle(grpnam, flags)); 3977 3978 for (gcnt = 1; gcnt < grpcnt; gcnt++) { 3979 char index[MAXNDXSIZE]; 3980 const char *name; 3981 3982 (void) snprintf(index, MAXNDXSIZE, 3983 MSG_ORIG(MSG_FMT_INDEX), EC_XWORD(gcnt)); 3984 3985 if (grpdata[gcnt] >= shnum) 3986 name = MSG_INTL(MSG_GRP_INVALSCN); 3987 else 3988 name = cache[grpdata[gcnt]].c_name; 3989 3990 (void) printf(MSG_ORIG(MSG_GRP_ENTRY), index, name, 3991 EC_XWORD(grpdata[gcnt])); 3992 } 3993 } 3994 } 3995 3996 static void 3997 got(Cache *cache, Word shnum, Ehdr *ehdr, const char *file) 3998 { 3999 Cache *gotcache = NULL, *symtab = NULL; 4000 Addr gotbgn, gotend; 4001 Shdr *gotshdr; 4002 Word cnt, gotents, gotndx; 4003 size_t gentsize; 4004 Got_info *gottable; 4005 char *gotdata; 4006 Sym *gotsym; 4007 Xword gotsymaddr; 4008 uint_t sys_encoding; 4009 4010 /* 4011 * First, find the got. 4012 */ 4013 for (cnt = 1; cnt < shnum; cnt++) { 4014 if (strncmp(cache[cnt].c_name, MSG_ORIG(MSG_ELF_GOT), 4015 MSG_ELF_GOT_SIZE) == 0) { 4016 gotcache = &cache[cnt]; 4017 break; 4018 } 4019 } 4020 if (gotcache == NULL) 4021 return; 4022 4023 /* 4024 * A got section within a relocatable object is suspicious. 4025 */ 4026 if (ehdr->e_type == ET_REL) { 4027 (void) fprintf(stderr, MSG_INTL(MSG_GOT_UNEXPECTED), file, 4028 gotcache->c_name); 4029 } 4030 4031 gotshdr = gotcache->c_shdr; 4032 if (gotshdr->sh_size == 0) { 4033 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4034 file, gotcache->c_name); 4035 return; 4036 } 4037 4038 gotbgn = gotshdr->sh_addr; 4039 gotend = gotbgn + gotshdr->sh_size; 4040 4041 /* 4042 * Some architectures don't properly set the sh_entsize for the GOT 4043 * table. If it's not set, default to a size of a pointer. 4044 */ 4045 if ((gentsize = gotshdr->sh_entsize) == 0) 4046 gentsize = sizeof (Xword); 4047 4048 if (gotcache->c_data == NULL) 4049 return; 4050 4051 /* LINTED */ 4052 gotents = (Word)(gotshdr->sh_size / gentsize); 4053 gotdata = gotcache->c_data->d_buf; 4054 4055 if ((gottable = calloc(gotents, sizeof (Got_info))) == 0) { 4056 int err = errno; 4057 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), file, 4058 strerror(err)); 4059 return; 4060 } 4061 4062 /* 4063 * Now we scan through all the sections looking for any relocations 4064 * that may be against the GOT. Since these may not be isolated to a 4065 * .rel[a].got section we check them all. 4066 * While scanning sections save the symbol table entry (a symtab 4067 * overriding a dynsym) so that we can lookup _GLOBAL_OFFSET_TABLE_. 4068 */ 4069 for (cnt = 1; cnt < shnum; cnt++) { 4070 Word type, symnum; 4071 Xword relndx, relnum, relsize; 4072 void *rels; 4073 Sym *syms; 4074 Cache *symsec, *strsec; 4075 Cache *_cache = &cache[cnt]; 4076 Shdr *shdr; 4077 4078 shdr = _cache->c_shdr; 4079 type = shdr->sh_type; 4080 4081 if ((symtab == 0) && (type == SHT_DYNSYM)) { 4082 symtab = _cache; 4083 continue; 4084 } 4085 if (type == SHT_SYMTAB) { 4086 symtab = _cache; 4087 continue; 4088 } 4089 if ((type != SHT_RELA) && (type != SHT_REL)) 4090 continue; 4091 4092 /* 4093 * Decide entry size. 4094 */ 4095 if (((relsize = shdr->sh_entsize) == 0) || 4096 (relsize > shdr->sh_size)) { 4097 if (type == SHT_RELA) 4098 relsize = sizeof (Rela); 4099 else 4100 relsize = sizeof (Rel); 4101 } 4102 4103 /* 4104 * Determine the number of relocations available. 4105 */ 4106 if (shdr->sh_size == 0) { 4107 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSZ), 4108 file, _cache->c_name); 4109 continue; 4110 } 4111 if (_cache->c_data == NULL) 4112 continue; 4113 4114 rels = _cache->c_data->d_buf; 4115 relnum = shdr->sh_size / relsize; 4116 4117 /* 4118 * Get the data buffer for the associated symbol table and 4119 * string table. 4120 */ 4121 if (stringtbl(cache, 1, cnt, shnum, file, 4122 &symnum, &symsec, &strsec) == 0) 4123 continue; 4124 4125 syms = symsec->c_data->d_buf; 4126 4127 /* 4128 * Loop through the relocation entries. 4129 */ 4130 for (relndx = 0; relndx < relnum; relndx++, 4131 rels = (void *)((char *)rels + relsize)) { 4132 char section[BUFSIZ]; 4133 Addr offset; 4134 Got_info *gip; 4135 Word symndx, reltype; 4136 Rela *rela; 4137 Rel *rel; 4138 4139 /* 4140 * Unravel the relocation. 4141 */ 4142 if (type == SHT_RELA) { 4143 rela = (Rela *)rels; 4144 symndx = ELF_R_SYM(rela->r_info); 4145 reltype = ELF_R_TYPE(rela->r_info, 4146 ehdr->e_machine); 4147 offset = rela->r_offset; 4148 } else { 4149 rel = (Rel *)rels; 4150 symndx = ELF_R_SYM(rel->r_info); 4151 reltype = ELF_R_TYPE(rel->r_info, 4152 ehdr->e_machine); 4153 offset = rel->r_offset; 4154 } 4155 4156 /* 4157 * Only pay attention to relocations against the GOT. 4158 */ 4159 if ((offset < gotbgn) || (offset >= gotend)) 4160 continue; 4161 4162 /* LINTED */ 4163 gotndx = (Word)((offset - gotbgn) / 4164 gotshdr->sh_entsize); 4165 gip = &gottable[gotndx]; 4166 4167 if (gip->g_reltype != 0) { 4168 (void) fprintf(stderr, 4169 MSG_INTL(MSG_GOT_MULTIPLE), file, 4170 EC_WORD(gotndx), EC_ADDR(offset)); 4171 continue; 4172 } 4173 4174 if (symndx) 4175 gip->g_symname = relsymname(cache, _cache, 4176 strsec, symndx, symnum, relndx, syms, 4177 section, BUFSIZ, file); 4178 gip->g_reltype = reltype; 4179 gip->g_rel = rels; 4180 } 4181 } 4182 4183 if (symlookup(MSG_ORIG(MSG_SYM_GOT), cache, shnum, &gotsym, NULL, 4184 symtab, file)) 4185 gotsymaddr = gotsym->st_value; 4186 else 4187 gotsymaddr = gotbgn; 4188 4189 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4190 dbg_print(0, MSG_INTL(MSG_ELF_SCN_GOT), gotcache->c_name); 4191 Elf_got_title(0); 4192 4193 sys_encoding = _elf_sys_encoding(); 4194 for (gotndx = 0; gotndx < gotents; gotndx++) { 4195 Got_info *gip; 4196 Sword gindex; 4197 Addr gaddr; 4198 Xword gotentry; 4199 4200 gip = &gottable[gotndx]; 4201 4202 gaddr = gotbgn + (gotndx * gentsize); 4203 gindex = (Sword)(gaddr - gotsymaddr) / (Sword)gentsize; 4204 4205 if (gentsize == sizeof (Word)) 4206 /* LINTED */ 4207 gotentry = (Xword)(*((Word *)(gotdata) + gotndx)); 4208 else 4209 /* LINTED */ 4210 gotentry = *((Xword *)(gotdata) + gotndx); 4211 4212 Elf_got_entry(0, gindex, gaddr, gotentry, ehdr->e_machine, 4213 ehdr->e_ident[EI_DATA], sys_encoding, 4214 gip->g_reltype, gip->g_rel, gip->g_symname); 4215 } 4216 free(gottable); 4217 } 4218 4219 void 4220 checksum(Elf *elf) 4221 { 4222 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4223 dbg_print(0, MSG_INTL(MSG_STR_CHECKSUM), elf_checksum(elf)); 4224 } 4225 4226 /* 4227 * This variable is used by regular() to communicate the address of 4228 * the section header cache to sort_shdr_ndx_arr(). Unfortunately, 4229 * the qsort() interface does not include a userdata argument by which 4230 * such arbitrary data can be passed, so we are stuck using global data. 4231 */ 4232 static Cache *sort_shdr_ndx_arr_cache; 4233 4234 4235 /* 4236 * Used with qsort() to sort the section indices so that they can be 4237 * used to access the section headers in order of increasing data offset. 4238 * 4239 * entry: 4240 * sort_shdr_ndx_arr_cache - Contains address of 4241 * section header cache. 4242 * v1, v2 - Point at elements of sort_shdr_bits array to be compared. 4243 * 4244 * exit: 4245 * Returns -1 (less than), 0 (equal) or 1 (greater than). 4246 */ 4247 static int 4248 sort_shdr_ndx_arr(const void *v1, const void *v2) 4249 { 4250 Cache *cache1 = sort_shdr_ndx_arr_cache + *((size_t *)v1); 4251 Cache *cache2 = sort_shdr_ndx_arr_cache + *((size_t *)v2); 4252 4253 if (cache1->c_shdr->sh_offset < cache2->c_shdr->sh_offset) 4254 return (-1); 4255 4256 if (cache1->c_shdr->sh_offset > cache2->c_shdr->sh_offset) 4257 return (1); 4258 4259 return (0); 4260 } 4261 4262 4263 static int 4264 shdr_cache(const char *file, Elf *elf, Ehdr *ehdr, size_t shstrndx, 4265 size_t shnum, Cache **cache_ret, Word flags) 4266 { 4267 Elf_Scn *scn; 4268 Elf_Data *data; 4269 size_t ndx; 4270 Shdr *nameshdr; 4271 char *names = NULL; 4272 Cache *cache, *_cache; 4273 size_t *shdr_ndx_arr, shdr_ndx_arr_cnt; 4274 4275 4276 /* 4277 * Obtain the .shstrtab data buffer to provide the required section 4278 * name strings. 4279 */ 4280 if (shstrndx == SHN_UNDEF) { 4281 /* 4282 * It is rare, but legal, for an object to lack a 4283 * header string table section. 4284 */ 4285 names = NULL; 4286 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHSTRSEC), file); 4287 } else if ((scn = elf_getscn(elf, shstrndx)) == NULL) { 4288 failure(file, MSG_ORIG(MSG_ELF_GETSCN)); 4289 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SHDR), 4290 EC_XWORD(shstrndx)); 4291 4292 } else if ((data = elf_getdata(scn, NULL)) == NULL) { 4293 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4294 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_DATA), 4295 EC_XWORD(shstrndx)); 4296 4297 } else if ((nameshdr = elf_getshdr(scn)) == NULL) { 4298 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4299 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4300 EC_WORD(elf_ndxscn(scn))); 4301 4302 } else if ((names = data->d_buf) == NULL) 4303 (void) fprintf(stderr, MSG_INTL(MSG_ERR_SHSTRNULL), file); 4304 4305 /* 4306 * Allocate a cache to maintain a descriptor for each section. 4307 */ 4308 if ((*cache_ret = cache = malloc(shnum * sizeof (Cache))) == NULL) { 4309 int err = errno; 4310 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4311 file, strerror(err)); 4312 return (0); 4313 } 4314 4315 *cache = cache_init; 4316 _cache = cache; 4317 _cache++; 4318 4319 /* 4320 * Allocate an array that will hold the section index for 4321 * each section that has data in the ELF file: 4322 * 4323 * - Is not a NOBITS section 4324 * - Data has non-zero length 4325 * 4326 * Note that shnum is an upper bound on the size required. It 4327 * is likely that we won't use a few of these array elements. 4328 * Allocating a modest amount of extra memory in this case means 4329 * that we can avoid an extra loop to count the number of needed 4330 * items, and can fill this array immediately in the first loop 4331 * below. 4332 */ 4333 if ((shdr_ndx_arr = malloc(shnum * sizeof (*shdr_ndx_arr))) == NULL) { 4334 int err = errno; 4335 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4336 file, strerror(err)); 4337 return (0); 4338 } 4339 shdr_ndx_arr_cnt = 0; 4340 4341 /* 4342 * Traverse the sections of the file. This gathering of data is 4343 * carried out in two passes. First, the section headers are captured 4344 * and the section header names are evaluated. A verification pass is 4345 * then carried out over the section information. Files have been 4346 * known to exhibit overlapping (and hence erroneous) section header 4347 * information. 4348 * 4349 * Finally, the data for each section is obtained. This processing is 4350 * carried out after section verification because should any section 4351 * header overlap occur, and a file needs translating (ie. xlate'ing 4352 * information from a non-native architecture file), then the process 4353 * of translation can corrupt the section header information. Of 4354 * course, if there is any section overlap, the data related to the 4355 * sections is going to be compromised. However, it is the translation 4356 * of this data that has caused problems with elfdump()'s ability to 4357 * extract the data. 4358 */ 4359 for (ndx = 1, scn = NULL; scn = elf_nextscn(elf, scn); 4360 ndx++, _cache++) { 4361 char scnndxnm[100]; 4362 4363 _cache->c_ndx = ndx; 4364 _cache->c_scn = scn; 4365 4366 if ((_cache->c_shdr = elf_getshdr(scn)) == NULL) { 4367 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4368 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 4369 EC_WORD(elf_ndxscn(scn))); 4370 } 4371 4372 /* 4373 * If this section has data in the file, include it in 4374 * the array of sections to check for address overlap. 4375 */ 4376 if ((_cache->c_shdr->sh_size != 0) && 4377 (_cache->c_shdr->sh_type != SHT_NOBITS)) 4378 shdr_ndx_arr[shdr_ndx_arr_cnt++] = ndx; 4379 4380 /* 4381 * If a shstrtab exists, assign the section name. 4382 */ 4383 if (names && _cache->c_shdr) { 4384 if (_cache->c_shdr->sh_name && 4385 /* LINTED */ 4386 (nameshdr->sh_size > _cache->c_shdr->sh_name)) { 4387 const char *symname; 4388 char *secname; 4389 4390 secname = names + _cache->c_shdr->sh_name; 4391 4392 /* 4393 * A SUN naming convention employs a "%" within 4394 * a section name to indicate a section/symbol 4395 * name. This originated from the compilers 4396 * -xF option, that places functions into their 4397 * own sections. This convention (which has no 4398 * formal standard) has also been followed for 4399 * COMDAT sections. To demangle the symbol 4400 * name, the name must be separated from the 4401 * section name. 4402 */ 4403 if (((flags & FLG_CTL_DEMANGLE) == 0) || 4404 ((symname = strchr(secname, '%')) == NULL)) 4405 _cache->c_name = secname; 4406 else { 4407 size_t secsz = ++symname - secname; 4408 size_t strsz; 4409 4410 symname = demangle(symname, flags); 4411 strsz = secsz + strlen(symname) + 1; 4412 4413 if ((_cache->c_name = 4414 malloc(strsz)) == NULL) { 4415 int err = errno; 4416 (void) fprintf(stderr, 4417 MSG_INTL(MSG_ERR_MALLOC), 4418 file, strerror(err)); 4419 return (0); 4420 } 4421 (void) snprintf(_cache->c_name, strsz, 4422 MSG_ORIG(MSG_FMT_SECSYM), 4423 EC_WORD(secsz), secname, symname); 4424 } 4425 4426 continue; 4427 } 4428 4429 /* 4430 * Generate an error if the section name index is zero 4431 * or exceeds the shstrtab data. Fall through to 4432 * fabricate a section name. 4433 */ 4434 if ((_cache->c_shdr->sh_name == 0) || 4435 /* LINTED */ 4436 (nameshdr->sh_size <= _cache->c_shdr->sh_name)) { 4437 (void) fprintf(stderr, 4438 MSG_INTL(MSG_ERR_BADSHNAME), file, 4439 EC_WORD(ndx), 4440 EC_XWORD(_cache->c_shdr->sh_name)); 4441 } 4442 } 4443 4444 /* 4445 * If there exists no shstrtab data, or a section header has no 4446 * name (an invalid index of 0), then compose a name for the 4447 * section. 4448 */ 4449 (void) snprintf(scnndxnm, sizeof (scnndxnm), 4450 MSG_INTL(MSG_FMT_SCNNDX), ndx); 4451 4452 if ((_cache->c_name = malloc(strlen(scnndxnm) + 1)) == NULL) { 4453 int err = errno; 4454 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALLOC), 4455 file, strerror(err)); 4456 return (0); 4457 } 4458 (void) strcpy(_cache->c_name, scnndxnm); 4459 } 4460 4461 /* 4462 * Having collected all the sections, validate their address range. 4463 * Cases have existed where the section information has been invalid. 4464 * This can lead to all sorts of other, hard to diagnose errors, as 4465 * each section is processed individually (ie. with elf_getdata()). 4466 * Here, we carry out some address comparisons to catch a family of 4467 * overlapping memory issues we have observed (likely, there are others 4468 * that we have yet to discover). 4469 * 4470 * Note, should any memory overlap occur, obtaining any additional 4471 * data from the file is questionable. However, it might still be 4472 * possible to inspect the ELF header, Programs headers, or individual 4473 * sections, so rather than bailing on an error condition, continue 4474 * processing to see if any data can be salvaged. 4475 */ 4476 if (shdr_ndx_arr_cnt > 1) { 4477 sort_shdr_ndx_arr_cache = cache; 4478 qsort(shdr_ndx_arr, shdr_ndx_arr_cnt, 4479 sizeof (*shdr_ndx_arr), sort_shdr_ndx_arr); 4480 } 4481 for (ndx = 0; ndx < shdr_ndx_arr_cnt; ndx++) { 4482 Cache *_cache = cache + shdr_ndx_arr[ndx]; 4483 Shdr *shdr = _cache->c_shdr; 4484 Off bgn1, bgn = shdr->sh_offset; 4485 Off end1, end = shdr->sh_offset + shdr->sh_size; 4486 size_t ndx1; 4487 4488 /* 4489 * Check the section against all following ones, reporting 4490 * any overlaps. Since we've sorted the sections by offset, 4491 * we can stop after the first comparison that fails. There 4492 * are no overlaps in a properly formed ELF file, in which 4493 * case this algorithm runs in O(n) time. This will degenerate 4494 * to O(n^2) for a completely broken file. Such a file is 4495 * (1) highly unlikely, and (2) unusable, so it is reasonable 4496 * for the analysis to take longer. 4497 */ 4498 for (ndx1 = ndx + 1; ndx1 < shdr_ndx_arr_cnt; ndx1++) { 4499 Cache *_cache1 = cache + shdr_ndx_arr[ndx1]; 4500 Shdr *shdr1 = _cache1->c_shdr; 4501 4502 bgn1 = shdr1->sh_offset; 4503 end1 = shdr1->sh_offset + shdr1->sh_size; 4504 4505 if (((bgn1 <= bgn) && (end1 > bgn)) || 4506 ((bgn1 < end) && (end1 >= end))) { 4507 (void) fprintf(stderr, 4508 MSG_INTL(MSG_ERR_SECMEMOVER), file, 4509 EC_WORD(elf_ndxscn(_cache->c_scn)), 4510 _cache->c_name, EC_OFF(bgn), EC_OFF(end), 4511 EC_WORD(elf_ndxscn(_cache1->c_scn)), 4512 _cache1->c_name, EC_OFF(bgn1), 4513 EC_OFF(end1)); 4514 } else { /* No overlap, so can stop */ 4515 break; 4516 } 4517 } 4518 4519 /* 4520 * In addition to checking for sections overlapping 4521 * each other (done above), we should also make sure 4522 * the section doesn't overlap the section header array. 4523 */ 4524 bgn1 = ehdr->e_shoff; 4525 end1 = ehdr->e_shoff + (ehdr->e_shentsize * ehdr->e_shnum); 4526 4527 if (((bgn1 <= bgn) && (end1 > bgn)) || 4528 ((bgn1 < end) && (end1 >= end))) { 4529 (void) fprintf(stderr, 4530 MSG_INTL(MSG_ERR_SHDRMEMOVER), file, EC_OFF(bgn1), 4531 EC_OFF(end1), 4532 EC_WORD(elf_ndxscn(_cache->c_scn)), 4533 _cache->c_name, EC_OFF(bgn), EC_OFF(end)); 4534 } 4535 } 4536 4537 /* 4538 * Obtain the data for each section. 4539 */ 4540 for (ndx = 1; ndx < shnum; ndx++) { 4541 Cache *_cache = &cache[ndx]; 4542 Elf_Scn *scn = _cache->c_scn; 4543 4544 if ((_cache->c_data = elf_getdata(scn, NULL)) == NULL) { 4545 failure(file, MSG_ORIG(MSG_ELF_GETDATA)); 4546 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCNDATA), 4547 EC_WORD(elf_ndxscn(scn))); 4548 } 4549 4550 /* 4551 * If a string table, verify that it has NULL first and 4552 * final bytes. 4553 */ 4554 if ((_cache->c_shdr->sh_type == SHT_STRTAB) && 4555 (_cache->c_data->d_buf != NULL) && 4556 (_cache->c_data->d_size > 0)) { 4557 const char *s = _cache->c_data->d_buf; 4558 4559 if ((*s != '\0') || 4560 (*(s + _cache->c_data->d_size - 1) != '\0')) 4561 (void) fprintf(stderr, MSG_INTL(MSG_ERR_MALSTR), 4562 file, _cache->c_name); 4563 } 4564 } 4565 4566 return (1); 4567 } 4568 4569 4570 4571 /* 4572 * Generate a cache of section headers and related information 4573 * for use by the rest of elfdump. If requested (or the file 4574 * contains no section headers), we generate a fake set of 4575 * headers from the information accessible from the program headers. 4576 * Otherwise, we use the real section headers contained in the file. 4577 */ 4578 static int 4579 create_cache(const char *file, int fd, Elf *elf, Ehdr *ehdr, Cache **cache, 4580 size_t shstrndx, size_t *shnum, uint_t *flags) 4581 { 4582 /* 4583 * If there are no section headers, then resort to synthesizing 4584 * section headers from the program headers. This is normally 4585 * only done by explicit request, but in this case there's no 4586 * reason not to go ahead, since the alternative is simply to quit. 4587 */ 4588 if ((*shnum <= 1) && ((*flags & FLG_CTL_FAKESHDR) == 0)) { 4589 (void) fprintf(stderr, MSG_INTL(MSG_ERR_NOSHDR), file); 4590 *flags |= FLG_CTL_FAKESHDR; 4591 } 4592 4593 if (*flags & FLG_CTL_FAKESHDR) { 4594 if (fake_shdr_cache(file, fd, elf, ehdr, cache, shnum) == 0) 4595 return (0); 4596 } else { 4597 if (shdr_cache(file, elf, ehdr, shstrndx, *shnum, 4598 cache, *flags) == 0) 4599 return (0); 4600 } 4601 4602 return (1); 4603 } 4604 4605 int 4606 regular(const char *file, int fd, Elf *elf, uint_t flags, 4607 const char *wname, int wfd, uchar_t osabi) 4608 { 4609 enum { CACHE_NEEDED, CACHE_OK, CACHE_FAIL} cache_state = CACHE_NEEDED; 4610 Elf_Scn *scn; 4611 Ehdr *ehdr; 4612 size_t ndx, shstrndx, shnum, phnum; 4613 Shdr *shdr; 4614 Cache *cache; 4615 VERSYM_STATE versym; 4616 int ret = 0; 4617 int addr_align; 4618 4619 if ((ehdr = elf_getehdr(elf)) == NULL) { 4620 failure(file, MSG_ORIG(MSG_ELF_GETEHDR)); 4621 return (ret); 4622 } 4623 4624 if (elf_getshdrnum(elf, &shnum) == -1) { 4625 failure(file, MSG_ORIG(MSG_ELF_GETSHDRNUM)); 4626 return (ret); 4627 } 4628 4629 if (elf_getshdrstrndx(elf, &shstrndx) == -1) { 4630 failure(file, MSG_ORIG(MSG_ELF_GETSHDRSTRNDX)); 4631 return (ret); 4632 } 4633 4634 if (elf_getphdrnum(elf, &phnum) == -1) { 4635 failure(file, MSG_ORIG(MSG_ELF_GETPHDRNUM)); 4636 return (ret); 4637 } 4638 /* 4639 * If the user requested section headers derived from the 4640 * program headers (-P option) and this file doesn't have 4641 * any program headers (i.e. ET_REL), then we can't do it. 4642 */ 4643 if ((phnum == 0) && (flags & FLG_CTL_FAKESHDR)) { 4644 (void) fprintf(stderr, MSG_INTL(MSG_ERR_PNEEDSPH), file); 4645 return (ret); 4646 } 4647 4648 4649 if ((scn = elf_getscn(elf, 0)) != NULL) { 4650 if ((shdr = elf_getshdr(scn)) == NULL) { 4651 failure(file, MSG_ORIG(MSG_ELF_GETSHDR)); 4652 (void) fprintf(stderr, MSG_INTL(MSG_ELF_ERR_SCN), 0); 4653 return (ret); 4654 } 4655 } else 4656 shdr = NULL; 4657 4658 /* 4659 * Print the elf header. 4660 */ 4661 if (flags & FLG_SHOW_EHDR) 4662 Elf_ehdr(0, ehdr, shdr); 4663 4664 /* 4665 * If the section headers or program headers have inadequate 4666 * alignment for the class of object, print a warning. libelf 4667 * can handle such files, but programs that use them can crash 4668 * when they dereference unaligned items. 4669 * 4670 * Note that the AMD64 ABI, although it is a 64-bit architecture, 4671 * allows access to data types smaller than 128-bits to be on 4672 * word alignment. 4673 */ 4674 if (ehdr->e_machine == EM_AMD64) 4675 addr_align = sizeof (Word); 4676 else 4677 addr_align = sizeof (Addr); 4678 4679 if (ehdr->e_phoff & (addr_align - 1)) 4680 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADPHDRALIGN), file); 4681 if (ehdr->e_shoff & (addr_align - 1)) 4682 (void) fprintf(stderr, MSG_INTL(MSG_ERR_BADSHDRALIGN), file); 4683 4684 4685 /* 4686 * Determine the Operating System ABI (osabi) we will use to 4687 * interpret the object. 4688 */ 4689 if (flags & FLG_CTL_OSABI) { 4690 /* 4691 * If the user explicitly specifies '-O none', we need 4692 * to display a completely generic view of the file. 4693 * However, libconv is written to assume that ELFOSABI_NONE 4694 * is equivalent to ELFOSABI_SOLARIS. To get the desired 4695 * effect, we use an osabi that libconv has no knowledge of. 4696 */ 4697 if (osabi == ELFOSABI_NONE) 4698 osabi = ELFOSABI_UNKNOWN4; 4699 } else { 4700 /* Determine osabi from file */ 4701 osabi = ehdr->e_ident[EI_OSABI]; 4702 if (osabi == ELFOSABI_NONE) { 4703 /* 4704 * Chicken/Egg scenario: 4705 * 4706 * Ideally, we wait to create the section header cache 4707 * until after the program headers are printed. If we 4708 * only output program headers, we can skip building 4709 * the cache entirely. 4710 * 4711 * Proper interpretation of program headers requires 4712 * the osabi, which is supposed to be in the ELF header. 4713 * However, many systems (Solaris and Linux included) 4714 * have a history of setting the osabi to the generic 4715 * SysV ABI (ELFOSABI_NONE). We assume ELFOSABI_SOLARIS 4716 * in such cases, but would like to check the object 4717 * to see if it has a Linux .note.ABI-tag section, 4718 * which implies ELFOSABI_LINUX. This requires a 4719 * section header cache. 4720 * 4721 * To break the cycle, we create section headers now 4722 * if osabi is ELFOSABI_NONE, and later otherwise. 4723 * If it succeeds, we use them, if not, we defer 4724 * exiting until after the program headers are out. 4725 */ 4726 if (create_cache(file, fd, elf, ehdr, &cache, 4727 shstrndx, &shnum, &flags) == 0) { 4728 cache_state = CACHE_FAIL; 4729 } else { 4730 cache_state = CACHE_OK; 4731 if (has_linux_abi_note(cache, shnum, file)) { 4732 Conv_inv_buf_t ibuf1, ibuf2; 4733 4734 (void) fprintf(stderr, 4735 MSG_INTL(MSG_INFO_LINUXOSABI), file, 4736 conv_ehdr_osabi(osabi, 0, &ibuf1), 4737 conv_ehdr_osabi(ELFOSABI_LINUX, 4738 0, &ibuf2)); 4739 osabi = ELFOSABI_LINUX; 4740 } 4741 } 4742 } 4743 /* 4744 * We treat ELFOSABI_NONE identically to ELFOSABI_SOLARIS. 4745 * Mapping NONE to SOLARIS simplifies the required test. 4746 */ 4747 if (osabi == ELFOSABI_NONE) 4748 osabi = ELFOSABI_SOLARIS; 4749 } 4750 4751 /* 4752 * Print the program headers. 4753 */ 4754 if ((flags & FLG_SHOW_PHDR) && (phnum != 0)) { 4755 Phdr *phdr; 4756 4757 if ((phdr = elf_getphdr(elf)) == NULL) { 4758 failure(file, MSG_ORIG(MSG_ELF_GETPHDR)); 4759 return (ret); 4760 } 4761 4762 for (ndx = 0; ndx < phnum; phdr++, ndx++) { 4763 if (!match(MATCH_F_PHDR| MATCH_F_NDX | MATCH_F_TYPE, 4764 NULL, ndx, phdr->p_type)) 4765 continue; 4766 4767 dbg_print(0, MSG_ORIG(MSG_STR_EMPTY)); 4768 dbg_print(0, MSG_INTL(MSG_ELF_PHDR), EC_WORD(ndx)); 4769 Elf_phdr(0, osabi, ehdr->e_machine, phdr); 4770 } 4771 } 4772 4773 /* 4774 * If we have flag bits set that explicitly require a show or calc 4775 * operation, but none of them require the section headers, then 4776 * we are done and can return now. 4777 */ 4778 if (((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) != 0) && 4779 ((flags & (FLG_MASK_SHOW_SHDR | FLG_MASK_CALC_SHDR)) == 0)) 4780 return (ret); 4781 4782 /* 4783 * Everything from this point on requires section headers. 4784 * If we have no section headers, there is no reason to continue. 4785 * 4786 * If we tried above to create the section header cache and failed, 4787 * it is time to exit. Otherwise, create it if needed. 4788 */ 4789 switch (cache_state) { 4790 case CACHE_NEEDED: 4791 if (create_cache(file, fd, elf, ehdr, &cache, shstrndx, 4792 &shnum, &flags) == 0) 4793 return (ret); 4794 break; 4795 case CACHE_FAIL: 4796 return (ret); 4797 } 4798 if (shnum <= 1) 4799 goto done; 4800 4801 /* 4802 * If -w was specified, find and write out the section(s) data. 4803 */ 4804 if (wfd) { 4805 for (ndx = 1; ndx < shnum; ndx++) { 4806 Cache *_cache = &cache[ndx]; 4807 4808 if (match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 4809 ndx, _cache->c_shdr->sh_type) && 4810 _cache->c_data && _cache->c_data->d_buf) { 4811 if (write(wfd, _cache->c_data->d_buf, 4812 _cache->c_data->d_size) != 4813 _cache->c_data->d_size) { 4814 int err = errno; 4815 (void) fprintf(stderr, 4816 MSG_INTL(MSG_ERR_WRITE), wname, 4817 strerror(err)); 4818 /* 4819 * Return an exit status of 1, because 4820 * the failure is not related to the 4821 * ELF file, but by system resources. 4822 */ 4823 ret = 1; 4824 goto done; 4825 } 4826 } 4827 } 4828 } 4829 4830 /* 4831 * If we have no flag bits set that explicitly require a show or calc 4832 * operation, but match options (-I, -N, -T) were used, then run 4833 * through the section headers and see if we can't deduce show flags 4834 * from the match options given. 4835 * 4836 * We don't do this if -w was specified, because (-I, -N, -T) used 4837 * with -w in lieu of some other option is supposed to be quiet. 4838 */ 4839 if ((wfd == 0) && (flags & FLG_CTL_MATCH) && 4840 ((flags & (FLG_MASK_SHOW | FLG_MASK_CALC)) == 0)) { 4841 for (ndx = 1; ndx < shnum; ndx++) { 4842 Cache *_cache = &cache[ndx]; 4843 4844 if (!match(MATCH_F_STRICT | MATCH_F_ALL, _cache->c_name, 4845 ndx, _cache->c_shdr->sh_type)) 4846 continue; 4847 4848 switch (_cache->c_shdr->sh_type) { 4849 case SHT_PROGBITS: 4850 /* 4851 * Heuristic time: It is usually bad form 4852 * to assume the meaning/format of a PROGBITS 4853 * section based on its name. However, there 4854 * are ABI mandated exceptions. Check for 4855 * these special names. 4856 */ 4857 4858 /* The ELF ABI specifies .interp and .got */ 4859 if (strcmp(_cache->c_name, 4860 MSG_ORIG(MSG_ELF_INTERP)) == 0) { 4861 flags |= FLG_SHOW_INTERP; 4862 break; 4863 } 4864 if (strcmp(_cache->c_name, 4865 MSG_ORIG(MSG_ELF_GOT)) == 0) { 4866 flags |= FLG_SHOW_GOT; 4867 break; 4868 } 4869 /* 4870 * The GNU compilers, and amd64 ABI, define 4871 * .eh_frame and .eh_frame_hdr. The Sun 4872 * C++ ABI defines .exception_ranges. 4873 */ 4874 if ((strncmp(_cache->c_name, 4875 MSG_ORIG(MSG_SCN_FRM), 4876 MSG_SCN_FRM_SIZE) == 0) || 4877 (strncmp(_cache->c_name, 4878 MSG_ORIG(MSG_SCN_EXRANGE), 4879 MSG_SCN_EXRANGE_SIZE) == 0)) { 4880 flags |= FLG_SHOW_UNWIND; 4881 break; 4882 } 4883 break; 4884 4885 case SHT_SYMTAB: 4886 case SHT_DYNSYM: 4887 case SHT_SUNW_LDYNSYM: 4888 case SHT_SUNW_versym: 4889 case SHT_SYMTAB_SHNDX: 4890 flags |= FLG_SHOW_SYMBOLS; 4891 break; 4892 4893 case SHT_RELA: 4894 case SHT_REL: 4895 flags |= FLG_SHOW_RELOC; 4896 break; 4897 4898 case SHT_HASH: 4899 flags |= FLG_SHOW_HASH; 4900 break; 4901 4902 case SHT_DYNAMIC: 4903 flags |= FLG_SHOW_DYNAMIC; 4904 break; 4905 4906 case SHT_NOTE: 4907 flags |= FLG_SHOW_NOTE; 4908 break; 4909 4910 case SHT_GROUP: 4911 flags |= FLG_SHOW_GROUP; 4912 break; 4913 4914 case SHT_SUNW_symsort: 4915 case SHT_SUNW_tlssort: 4916 flags |= FLG_SHOW_SORT; 4917 break; 4918 4919 case SHT_SUNW_cap: 4920 flags |= FLG_SHOW_CAP; 4921 break; 4922 4923 case SHT_SUNW_move: 4924 flags |= FLG_SHOW_MOVE; 4925 break; 4926 4927 case SHT_SUNW_syminfo: 4928 flags |= FLG_SHOW_SYMINFO; 4929 break; 4930 4931 case SHT_SUNW_verdef: 4932 case SHT_SUNW_verneed: 4933 flags |= FLG_SHOW_VERSIONS; 4934 break; 4935 4936 case SHT_AMD64_UNWIND: 4937 flags |= FLG_SHOW_UNWIND; 4938 break; 4939 } 4940 } 4941 } 4942 4943 4944 if (flags & FLG_SHOW_SHDR) 4945 sections(file, cache, shnum, ehdr, osabi); 4946 4947 if (flags & FLG_SHOW_INTERP) 4948 interp(file, cache, shnum, phnum, elf); 4949 4950 if ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX)) 4951 versions(cache, shnum, file, flags, &versym); 4952 4953 if (flags & FLG_SHOW_SYMBOLS) 4954 symbols(cache, shnum, ehdr, osabi, &versym, file, flags); 4955 4956 if ((flags & FLG_SHOW_SORT) && (osabi == ELFOSABI_SOLARIS)) 4957 sunw_sort(cache, shnum, ehdr, osabi, &versym, file, flags); 4958 4959 if (flags & FLG_SHOW_HASH) 4960 hash(cache, shnum, file, flags); 4961 4962 if (flags & FLG_SHOW_GOT) 4963 got(cache, shnum, ehdr, file); 4964 4965 if (flags & FLG_SHOW_GROUP) 4966 group(cache, shnum, file, flags); 4967 4968 if (flags & FLG_SHOW_SYMINFO) 4969 syminfo(cache, shnum, file); 4970 4971 if (flags & FLG_SHOW_RELOC) 4972 reloc(cache, shnum, ehdr, file); 4973 4974 if (flags & FLG_SHOW_DYNAMIC) 4975 dynamic(cache, shnum, ehdr, osabi, file); 4976 4977 if (flags & FLG_SHOW_NOTE) { 4978 Word note_cnt; 4979 size_t note_shnum; 4980 Cache *note_cache; 4981 4982 note_cnt = note(cache, shnum, ehdr, file); 4983 4984 /* 4985 * Solaris core files have section headers, but these 4986 * headers do not include SHT_NOTE sections that reference 4987 * the core note sections. This means that note() won't 4988 * find the core notes. Fake section headers (-P option) 4989 * recover these sections, but it is inconvenient to require 4990 * users to specify -P in this situation. If the following 4991 * are all true: 4992 * 4993 * - No note sections were found 4994 * - This is a core file 4995 * - We are not already using fake section headers 4996 * 4997 * then we will automatically generate fake section headers 4998 * and then process them in a second call to note(). 4999 */ 5000 if ((note_cnt == 0) && (ehdr->e_type == ET_CORE) && 5001 !(flags & FLG_CTL_FAKESHDR) && 5002 (fake_shdr_cache(file, fd, elf, ehdr, 5003 ¬e_cache, ¬e_shnum) != 0)) { 5004 (void) note(note_cache, note_shnum, ehdr, file); 5005 fake_shdr_cache_free(note_cache, note_shnum); 5006 } 5007 } 5008 5009 if ((flags & FLG_SHOW_MOVE) && (osabi == ELFOSABI_SOLARIS)) 5010 move(cache, shnum, file, flags); 5011 5012 if (flags & FLG_CALC_CHECKSUM) 5013 checksum(elf); 5014 5015 if ((flags & FLG_SHOW_CAP) && (osabi == ELFOSABI_SOLARIS)) 5016 cap(file, cache, shnum, phnum, ehdr, osabi, elf, flags); 5017 5018 if ((flags & FLG_SHOW_UNWIND) && 5019 ((osabi == ELFOSABI_SOLARIS) || (osabi == ELFOSABI_LINUX))) 5020 unwind(cache, shnum, phnum, ehdr, osabi, file, elf, flags); 5021 5022 5023 /* Release the memory used to cache section headers */ 5024 done: 5025 if (flags & FLG_CTL_FAKESHDR) 5026 fake_shdr_cache_free(cache, shnum); 5027 else 5028 free(cache); 5029 5030 return (ret); 5031 } 5032