xref: /titanic_52/usr/src/cmd/sgs/rtld/common/external.c (revision 5b9d3151a4426af9ad6ef2c2a178f13476b884b3)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  * Implementation of all external interfaces between ld.so.1 and libc.
28  *
29  * This file started as a set of routines that provided synchronization and
30  * locking operations using calls to libthread.  libthread has merged with libc
31  * under the Unified Process Model (UPM), and things have gotten a lot simpler.
32  * This file continues to establish and redirect various events within ld.so.1
33  * to interfaces within libc.
34  *
35  * Until libc is loaded and relocated, any external interfaces are captured
36  * locally.  Each link-map list maintains its own set of external vectors, as
37  * each link-map list typically provides its own libc.  Although this per-link-
38  * map list vectoring provides a degree of flexibility, there is a protocol
39  * expected when calling various libc interfaces.
40  *
41  * i.	Any new alternative link-map list should call CI_THRINIT, and then call
42  *	CI_TLS_MODADD to register any TLS for each object of that link-map list
43  *	(this item is labeled i. as auditors can be the first objects loaded,
44  *	and they exist on their own lik-map list).
45  *
46  * ii.	For the primary link-map list, CI_TLS_STATMOD must be called first to
47  *	register any static TLS.  This routine is called regardless of there
48  *	being any TLS, as this routine also establishes the link-map list as the
49  *	primary list and fixes the association of uberdata).  CI_THRINIT should
50  *	then be called.
51  *
52  * iii.	Any objects added to an existing link-map list (primary or alternative)
53  *	should call CI_TLS_MODADD to register any additional TLS.
54  *
55  * These events are established by:
56  *
57  * i.	Typically, libc is loaded as part of the primary dependencies of any
58  *	link-map list (since the Unified Process Model (UPM), libc can't be
59  *	lazily loaded).  To minimize the possibility of loading and registering
60  *	objects, and then tearing them down (because of a relocation error),
61  *	external vectors are established as part of load_completion().  This
62  *	routine is called on completion of any operation that can cause objects
63  *	to be loaded.  This point of control insures the objects have been fully
64  *	analyzed and relocated, and moved to their controlling link-map list.
65  *	The external vectors are established prior to any .inits being fired.
66  *
67  * ii.	Calls to CI_THRINIT, and CI_TLS_MODADD also occur as part of
68  *	load_completion().  CI_THRINIT is only called once for each link-map
69  *	control list.
70  *
71  * iii.	Calls to CI_TLS_STATMOD, and CI_THRINIT occur for the primary link-map
72  *	list in the final stages of setup().
73  *
74  * The interfaces provide by libc can be divided into two families.  The first
75  * family consists of those interfaces that should be called from the link-map
76  * list.  It's possible that these interfaces convey state concerning the
77  * link-map list they are part of:
78  *
79  *	CI_ATEXIT
80  *	CI TLS_MODADD
81  *	CI_TLS_MODREM
82  *	CI_TLS_STATMOD
83  *	CI_THRINIT
84  *
85  * The second family are global in nature, that is, the link-map list from
86  * which they are called provides no state information.  In fact, for
87  * CI_BIND_GUARD, the calling link-map isn't even known.  The link-map can only
88  * be deduced after ld.so.1's global lock has been obtained.  Therefore, the
89  * following interfaces are also maintained as global:
90  *
91  *	CI_LCMESSAGES
92  *	CI_BIND_GUARD
93  *	CI_BIND_CLEAR
94  *	CI_THR_SELF
95  *
96  * Note, it is possible that these global interfaces are obtained from an
97  * alternative link-map list that gets torn down because of a processing
98  * failure (unlikely, because the link-map list components must be analyzed
99  * and relocated prior to load_completion(), but perhaps the tear down is still
100  * a possibility).  Thus the global interfaces may have to be replaced.  Once
101  * the interfaces have been obtained from the primary link-map, they can
102  * remain fixed, as the primary link-map isn't going to go anywhere.
103  *
104  * The last wrinkle in the puzzle is what happens if an alternative link-map
105  * is loaded with no libc dependency?  In this case, the alternative objects
106  * can not call CI_THRINIT, can not be allowed to use TLS, and will not receive
107  * any atexit processing.
108  *
109  * The history of these external interfaces is defined by their version:
110  *
111  * TI_VERSION == 1
112  *	Under this model libthread provided rw_rwlock/rw_unlock, through which
113  *	all rt_mutex_lock/rt_mutex_unlock calls were vectored.
114  *	Under libc/libthread these interfaces provided _sigon/_sigoff (unlike
115  *	lwp/libthread that provided signal blocking via bind_guard/bind_clear).
116  *
117  * TI_VERSION == 2
118  *	Under this model only libthreads bind_guard/bind_clear and thr_self
119  *	interfaces were used.  Both libthreads blocked signals under the
120  *	bind_guard/bind_clear interfaces.   Lower level locking is derived
121  *	from internally bound _lwp_ interfaces.  This removes recursive
122  *	problems encountered when obtaining locking interfaces from libthread.
123  *	The use of mutexes over reader/writer locks also enables the use of
124  *	condition variables for controlling thread concurrency (allows access
125  *	to objects only after their .init has completed).
126  *
127  * NOTE, the TI_VERSION indicated the ti_interface version number, where the
128  * ti_interface was a large vector of functions passed to both libc (to override
129  * the thread stub interfaces) and ld.so.1.  ld.so.1 used only a small subset of
130  * these interfaces.
131  *
132  * CI_VERSION == 1
133  *	Introduced with CI_VERSION & CI_ATEXIT
134  *
135  * CI_VERSION == 2 (Solaris 8 update 2).
136  *	Added support for CI_LCMESSAGES
137  *
138  * CI_VERSION == 3 (Solaris 9).
139  *	Added the following versions to the CI table:
140  *
141  *		CI_BIND_GUARD, CI_BIND_CLEAR, CI_THR_SELF
142  *		CI_TLS_MODADD, CI_TLS_MOD_REMOVE, CI_TLS_STATMOD
143  *
144  *	This version introduced the DT_SUNW_RTLDINFO structure as a mechanism
145  *	to handshake with ld.so.1.
146  *
147  * CI_VERSION == 4 (Solaris 10).
148  *	Added the CI_THRINIT handshake as part of the libc/libthread unified
149  *	process model.  libc now initializes the current thread pointer from
150  *	this interface (and no longer relies on the INITFIRST flag - which
151  *	others have started to camp out on).
152  *
153  * CI_VERSION == 5 (Solaris 11).
154  *	Use of "protected" references within libc, so that symbols are
155  *	pre-bound, and don't require ld.so.1 binding.  This implementation
156  *	protects libc's critical regions from being vectored to auditors.
157  *
158  * CI_VERSION == 6 (Solaris 11).
159  *	Added the CI_CRITICAL handshake, to allow "mem*" family to be reexposed
160  *	as "global", and thus be redirected to auxiliary filters.
161  *
162  * Release summary:
163  *
164  *	Solaris 8	CI_ATEXIT via _ld_libc()
165  *			TI_* via _ld_concurrency()
166  *
167  *	Solaris 9	CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
168  *			CI_* via RTLDINFO and _ld_libc()  - new libthread
169  *			TI_* via _ld_concurrency()  - old libthread
170  *
171  *	Solaris 10	CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
172  *			CI_* via RTLDINFO and _ld_libc()  - new libthread
173  */
174 
175 #include <sys/debug.h>
176 #include <synch.h>
177 #include <signal.h>
178 #include <thread.h>
179 #include <synch.h>
180 #include <strings.h>
181 #include <stdio.h>
182 #include <debug.h>
183 #include <libc_int.h>
184 #include "_elf.h"
185 #include "_rtld.h"
186 
187 /*
188  * This interface provides the unified process model communication between
189  * ld.so.1 and libc.  This interface can be called a number of times:
190  *
191  *   -	Initially, this interface is called to process RTLDINFO.  This data
192  *	structure is typically provided by libc, and contains the address of
193  *	libc interfaces that must be called to initialize threads information.
194  *
195  *   -	_ld_libc(), this interface can also be called by libc at process
196  *	initialization, after libc has been loaded and relocated, but before
197  *	control has been passed to any user code (.init's or main()).  This
198  *	call provides additional libc interface information that ld.so.1 must
199  *	call during process execution.
200  *
201  *   -	_ld_libc() can also be called by libc during process execution to
202  * 	re-establish interfaces such as the locale.
203  */
204 static void
205 get_lcinterface(Rt_map *lmp, Lc_interface *funcs)
206 {
207 	int		threaded = 0, entry = 0, tag;
208 	Lm_list		*lml;
209 	Lc_desc		*lcp;
210 
211 	if ((lmp == NULL) || (funcs == NULL))
212 		return;
213 
214 	/*
215 	 * Once the process is active, ensure we grab a lock.
216 	 */
217 	if (rtld_flags & RT_FL_APPLIC)
218 		entry = enter(0);
219 
220 	lml = LIST(lmp);
221 	lcp = &lml->lm_lcs[0];
222 
223 	DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD));
224 
225 	for (tag = funcs->ci_tag; tag; tag = (++funcs)->ci_tag) {
226 		char	*gptr;
227 		char	*lptr = funcs->ci_un.ci_ptr;
228 
229 		DBG_CALL(Dbg_util_lcinterface(lmp, tag, lptr));
230 
231 		if (tag >= CI_MAX)
232 			continue;
233 
234 		/*
235 		 * Maintain all interfaces on a per-link-map basis.  Note, for
236 		 * most interfaces, only the first interface is used for any
237 		 * link-map list.  This prevents accidents with developers who
238 		 * manage to load two different versions of libc.
239 		 */
240 		if ((lcp[tag].lc_lmp) &&
241 		    (tag != CI_LCMESSAGES) && (tag != CI_VERSION)) {
242 			DBG_CALL(Dbg_unused_lcinterface(lmp,
243 			    lcp[tag].lc_lmp, tag));
244 			continue;
245 		}
246 
247 		lcp[tag].lc_un.lc_ptr = lptr;
248 		lcp[tag].lc_lmp = lmp;
249 
250 		gptr = glcs[tag].lc_un.lc_ptr;
251 
252 		/*
253 		 * Process any interfaces that must be maintained on a global
254 		 * basis.
255 		 */
256 		switch (tag) {
257 		case CI_ATEXIT:
258 			break;
259 
260 		case CI_LCMESSAGES:
261 			/*
262 			 * At startup, ld.so.1 can establish a locale from one
263 			 * of the locale family of environment variables (see
264 			 * ld_str_env() and readenv_user()).  During process
265 			 * execution the locale can also be changed by the user.
266 			 * This interface is called from libc should the locale
267 			 * be modified.  Presently, only one global locale is
268 			 * maintained for all link-map lists, and only objects
269 			 * on the primrary link-map may change this locale.
270 			 */
271 			if ((lml->lm_flags & LML_FLG_BASELM) &&
272 			    ((gptr == NULL) || (strcmp(gptr, lptr) != 0))) {
273 				/*
274 				 * If we've obtained a message locale (typically
275 				 * supplied via libc's setlocale()), then
276 				 * register the locale for use in dgettext() so
277 				 * as to reestablish the locale for ld.so.1's
278 				 * messages.
279 				 */
280 				if (gptr) {
281 					free((void *)gptr);
282 					rtld_flags |= RT_FL_NEWLOCALE;
283 				}
284 				glcs[tag].lc_un.lc_ptr = strdup(lptr);
285 
286 				/*
287 				 * Clear any cached messages.
288 				 */
289 				bzero(err_strs, sizeof (err_strs));
290 				nosym_str = NULL;
291 			}
292 			break;
293 
294 		case CI_BIND_GUARD:
295 		case CI_BIND_CLEAR:
296 		case CI_THR_SELF:
297 		case CI_CRITICAL:
298 			/*
299 			 * If the global vector is unset, or this is the primary
300 			 * link-map, set the global vector.
301 			 */
302 			if ((gptr == NULL) || (lml->lm_flags & LML_FLG_BASELM))
303 				glcs[tag].lc_un.lc_ptr = lptr;
304 
305 			/* FALLTHROUGH */
306 
307 		case CI_TLS_MODADD:
308 		case CI_TLS_MODREM:
309 		case CI_TLS_STATMOD:
310 		case CI_THRINIT:
311 			threaded++;
312 			break;
313 
314 		case CI_VERSION:
315 			if ((rtld_flags2 & RT_FL2_RTLDSEEN) == 0) {
316 				Aliste	idx;
317 				Lm_list	*lml2;
318 				int	version;
319 
320 				rtld_flags2 |= RT_FL2_RTLDSEEN;
321 
322 				version = funcs->ci_un.ci_val;
323 #if defined(CI_V_FIVE)
324 				if (version >= CI_V_FIVE) {
325 					thr_flg_nolock = THR_FLG_NOLOCK;
326 					thr_flg_reenter = THR_FLG_REENTER;
327 				}
328 #endif
329 				if (version < CI_V_FOUR)
330 					break;
331 
332 				rtld_flags2 |= RT_FL2_UNIFPROC;
333 
334 				/*
335 				 * We might have seen an auditor which is not
336 				 * dependent on libc.  Such an auditor's link
337 				 * map list has LML_FLG_HOLDLOCK set.  This
338 				 * lock needs to be dropped.  Refer to
339 				 * audit_setup() in audit.c.
340 				 */
341 				if ((rtld_flags2 & RT_FL2_HASAUDIT) == 0)
342 					break;
343 
344 				/*
345 				 * Yes, we did.  Take care of them.
346 				 */
347 				for (APLIST_TRAVERSE(dynlm_list, idx, lml2)) {
348 					Rt_map *map = (Rt_map *)lml2->lm_head;
349 
350 					if (FLAGS(map) & FLG_RT_AUDIT) {
351 						lml2->lm_flags &=
352 						    ~LML_FLG_HOLDLOCK;
353 					}
354 				}
355 			}
356 			break;
357 
358 		default:
359 			break;
360 		}
361 	}
362 
363 	if (threaded) {
364 		/*
365 		 * If a version of libc gives us only a subset of the TLS
366 		 * interfaces, it's confused and we discard the whole lot.
367 		 */
368 		if ((lcp[CI_TLS_MODADD].lc_un.lc_func &&
369 		    lcp[CI_TLS_MODREM].lc_un.lc_func &&
370 		    lcp[CI_TLS_STATMOD].lc_un.lc_func) == NULL) {
371 			lcp[CI_TLS_MODADD].lc_un.lc_func = NULL;
372 			lcp[CI_TLS_MODREM].lc_un.lc_func = NULL;
373 			lcp[CI_TLS_STATMOD].lc_un.lc_func = NULL;
374 		}
375 
376 		/*
377 		 * Indicate that we're now thread capable.
378 		 */
379 		if ((lml->lm_flags & LML_FLG_RTLDLM) == 0)
380 			rtld_flags |= RT_FL_THREADS;
381 	}
382 
383 	if (entry)
384 		leave(lml, 0);
385 }
386 
387 /*
388  * At this point we know we have a set of objects that have been fully analyzed
389  * and relocated.  Prior to the next major step of running .init sections (ie.
390  * running user code), retrieve any RTLDINFO interfaces.
391  */
392 int
393 rt_get_extern(Lm_list *lml, Rt_map *lmp)
394 {
395 	if (lml->lm_rti) {
396 		Aliste		idx;
397 		Rti_desc	*rti;
398 
399 		for (ALIST_TRAVERSE(lml->lm_rti, idx, rti))
400 			get_lcinterface(rti->rti_lmp, rti->rti_info);
401 
402 		free(lml->lm_rti);
403 		lml->lm_rti = 0;
404 	}
405 
406 	/*
407 	 * Perform some sanity checks.  If we have TLS requirements we better
408 	 * have the associated external interfaces.
409 	 */
410 	if (lml->lm_tls &&
411 	    (lml->lm_lcs[CI_TLS_STATMOD].lc_un.lc_func == NULL)) {
412 		eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_NOSUPPORT),
413 		    NAME(lmp));
414 		return (0);
415 	}
416 	return (1);
417 }
418 
419 /*
420  * Provide an interface for libc to communicate additional interface
421  * information.
422  */
423 void
424 _ld_libc(void *ptr)
425 {
426 	get_lcinterface(_caller(caller(), CL_EXECDEF), (Lc_interface *)ptr);
427 }
428 
429 static int	bindmask = 0;
430 
431 int
432 rt_bind_guard(int flags)
433 {
434 	int	(*fptr)(int);
435 	int	bindflag;
436 
437 	if ((fptr = glcs[CI_BIND_GUARD].lc_un.lc_func) != NULL) {
438 		return ((*fptr)(flags));
439 	} else {
440 		bindflag = (flags & THR_FLG_RTLD);
441 		if ((bindflag & bindmask) == 0) {
442 			bindmask |= bindflag;
443 			return (1);
444 		}
445 		return (0);
446 	}
447 }
448 
449 int
450 rt_bind_clear(int flags)
451 {
452 	int	(*fptr)(int);
453 	int	bindflag;
454 
455 	if ((fptr = glcs[CI_BIND_CLEAR].lc_un.lc_func) != NULL) {
456 		return ((*fptr)(flags));
457 	} else {
458 		bindflag = (flags & THR_FLG_RTLD);
459 		if (bindflag == 0)
460 			return (bindmask);
461 		else {
462 			bindmask &= ~bindflag;
463 			return (0);
464 		}
465 	}
466 }
467 
468 /*
469  * Make sure threads have been initialized.  This interface is called once for
470  * each link-map list.
471  */
472 void
473 rt_thr_init(Lm_list *lml)
474 {
475 	void	(*fptr)(void);
476 
477 	if ((fptr =
478 	    (void (*)())lml->lm_lcs[CI_THRINIT].lc_un.lc_func) != NULL) {
479 		lml->lm_lcs[CI_THRINIT].lc_un.lc_func = NULL;
480 
481 		leave(lml, thr_flg_reenter);
482 		(*fptr)();
483 		(void) enter(thr_flg_reenter);
484 
485 		/*
486 		 * If this is an alternative link-map list, and this is the
487 		 * first call to initialize threads, don't let the destination
488 		 * libc be deleted.  It is possible that an auditors complete
489 		 * initialization fails, but there is presently no main link-map
490 		 * list.  As this libc has established the thread pointer, don't
491 		 * delete this libc, otherwise the initialization of libc on the
492 		 * main link-map can be compromised during its threads
493 		 * initialization.
494 		 */
495 		if (((lml->lm_flags & LML_FLG_BASELM) == 0) &&
496 		    ((rtld_flags2 & RT_FL2_PLMSETUP) == 0))
497 			MODE(lml->lm_lcs[CI_THRINIT].lc_lmp) |= RTLD_NODELETE;
498 	}
499 }
500 
501 thread_t
502 rt_thr_self()
503 {
504 	thread_t	(*fptr)(void);
505 
506 	if ((fptr = (thread_t (*)())glcs[CI_THR_SELF].lc_un.lc_func) != NULL)
507 		return ((*fptr)());
508 
509 	return (1);
510 }
511 
512 int
513 rt_mutex_lock(Rt_lock *mp)
514 {
515 	return (_lwp_mutex_lock((lwp_mutex_t *)mp));
516 }
517 
518 int
519 rt_mutex_unlock(Rt_lock *mp)
520 {
521 	return (_lwp_mutex_unlock((lwp_mutex_t *)mp));
522 }
523 
524 /*
525  * Test whether we're in a libc critical region.  Certain function references,
526  * like the "mem*" family, might require binding.  Although these functions can
527  * safely bind to auxiliary filtees, they should not be captured by auditors.
528  */
529 int
530 rt_critical()
531 {
532 	int	(*fptr)(void);
533 
534 	if ((fptr = glcs[CI_CRITICAL].lc_un.lc_func) != NULL)
535 		return ((*fptr)());
536 
537 	return (0);
538 }
539 
540 /*
541  * Mutex interfaces to resolve references from any objects extracted from
542  * libc_pic.a.  Note, as ld.so.1 is essentially single threaded these can be
543  * noops.
544  */
545 #pragma weak lmutex_lock = mutex_lock
546 /* ARGSUSED */
547 int
548 mutex_lock(mutex_t *mp)
549 {
550 	return (0);
551 }
552 
553 #pragma weak lmutex_unlock = mutex_unlock
554 /* ARGSUSED */
555 int
556 mutex_unlock(mutex_t *mp)
557 {
558 	return (0);
559 }
560 
561 /* ARGSUSED */
562 int
563 mutex_init(mutex_t *mp, int type, void *arg)
564 {
565 	return (0);
566 }
567 
568 /* ARGSUSED */
569 int
570 mutex_destroy(mutex_t *mp)
571 {
572 	return (0);
573 }
574 
575 /*
576  * This is needed to satisfy sysconf() (case _SC_THREAD_STACK_MIN)
577  */
578 size_t
579 thr_min_stack()
580 {
581 	return (sizeof (uintptr_t) * 1024);
582 }
583 
584 /*
585  * The following functions are cancellation points in libc.
586  * They are called from other functions in libc that we extract
587  * and use directly.  We don't do cancellation while we are in
588  * the dynamic linker, so we redefine these to call the primitive,
589  * non-cancellation interfaces.
590  */
591 int
592 close(int fildes)
593 {
594 	extern int __close(int);
595 
596 	return (__close(fildes));
597 }
598 
599 int
600 fcntl(int fildes, int cmd, ...)
601 {
602 	extern int __fcntl(int, int, ...);
603 	intptr_t arg;
604 	va_list ap;
605 
606 	va_start(ap, cmd);
607 	arg = va_arg(ap, intptr_t);
608 	va_end(ap);
609 	return (__fcntl(fildes, cmd, arg));
610 }
611 
612 int
613 open(const char *path, int oflag, ...)
614 {
615 	extern int __open(const char *, int, mode_t);
616 	mode_t mode;
617 	va_list ap;
618 
619 	va_start(ap, oflag);
620 	mode = va_arg(ap, mode_t);
621 	va_end(ap);
622 	return (__open(path, oflag, mode));
623 }
624 
625 int
626 openat(int fd, const char *path, int oflag, ...)
627 {
628 	extern int __openat(int, const char *, int, mode_t);
629 	mode_t mode;
630 	va_list ap;
631 
632 	va_start(ap, oflag);
633 	mode = va_arg(ap, mode_t);
634 	va_end(ap);
635 	return (__openat(fd, path, oflag, mode));
636 }
637 
638 ssize_t
639 read(int fd, void *buf, size_t size)
640 {
641 	extern ssize_t __read(int, void *, size_t);
642 	return (__read(fd, buf, size));
643 }
644 
645 ssize_t
646 write(int fd, const void *buf, size_t size)
647 {
648 	extern ssize_t __write(int, const void *, size_t);
649 	return (__write(fd, buf, size));
650 }
651