xref: /titanic_52/usr/src/cmd/sgs/rtld/common/setup.c (revision fcacecd0df112c67f46e2cb08c594bc199ec3386)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 /*
27  *	Copyright (c) 1988 AT&T
28  *	  All Rights Reserved
29  */
30 
31 /*
32  * Run time linker common setup.
33  *
34  * Called from _setup to get the process going at startup.
35  */
36 
37 #include	<stdlib.h>
38 #include	<fcntl.h>
39 #include	<stdio.h>
40 #include	<sys/types.h>
41 #include	<sys/stat.h>
42 #include	<sys/mman.h>
43 #include	<string.h>
44 #include	<unistd.h>
45 #include	<dlfcn.h>
46 #include	<sys/sysconfig.h>
47 #include	<sys/auxv.h>
48 #include	<debug.h>
49 #include	<conv.h>
50 #include	"_rtld.h"
51 #include	"_audit.h"
52 #include	"_elf.h"
53 #include	"_a.out.h"
54 #include	"msg.h"
55 
56 
57 extern int	_end, _edata, _etext;
58 extern void	_init(void);
59 extern int	_brk_unlocked(void *);
60 
61 #ifndef	SGS_PRE_UNIFIED_PROCESS
62 /* needed for _brk_unlocked() */
63 void *_nd = &_end;
64 #endif
65 
66 /*
67  * Counters that are incremented every time an object is mapped/unmapped.
68  *
69  * Note that exec() will usually map 2 objects before we receive control,
70  * but this can be 1 if ld.so.1 is executed directly. We count one of these
71  * here, and add another as necessary in setup().
72  */
73 u_longlong_t	cnt_map = 1;
74 u_longlong_t	cnt_unmap = 0;
75 
76 
77 /*
78  * Define for the executable's interpreter.
79  * Usually it is ld.so.1, but for the first release of ICL binaries
80  * it is libc.so.1.  We keep this information so that we don't end
81  * up mapping libc twice if it is the interpreter.
82  */
83 static Interp _interp;
84 
85 /*
86  * LD_PRELOAD objects.
87  */
88 static int
89 preload(const char *str, Rt_map *mlmp, Rt_map **clmp)
90 {
91 	Alist		*palp = NULL;
92 	char		*objs, *ptr, *next;
93 	Word		lmflags = lml_main.lm_flags;
94 	int		lddstub;
95 
96 	DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
97 
98 	if ((objs = strdup(str)) == NULL)
99 		return (0);
100 
101 	/*
102 	 * Determine if we've been called from lddstub.
103 	 */
104 	lddstub = (lmflags & LML_FLG_TRC_ENABLE) &&
105 	    (FLAGS1(*clmp) & FL1_RT_LDDSTUB);
106 
107 	ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next);
108 	do {
109 		Rt_map	*nlmp = NULL;
110 		uint_t	flags;
111 
112 		DBG_CALL(Dbg_file_preload(&lml_main, ptr));
113 
114 		/*
115 		 * Establish the flags for loading each object.  If we're
116 		 * called via lddstub, then the first preloaded object is the
117 		 * object being inspected by ldd(1).  This object should not be
118 		 * marked as an interposer, as this object is intended to act
119 		 * as the target object of the process.
120 		 */
121 		if (lddstub)
122 			flags = FLG_RT_PRELOAD;
123 		else
124 			flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO);
125 
126 		/*
127 		 * If this a secure application, then preload errors are
128 		 * reduced to warnings, as the errors are non-fatal.
129 		 */
130 		if (rtld_flags & RT_FL_SECURE)
131 			rtld_flags2 |= RT_FL2_FTL2WARN;
132 		if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED,
133 		    PD_FLG_EXTLOAD, 0) != 0)
134 			nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp,
135 			    MODE(mlmp), flags, 0, NULL);
136 		remove_alist(&palp, 0);
137 		if (rtld_flags & RT_FL_SECURE)
138 			rtld_flags2 &= ~RT_FL2_FTL2WARN;
139 		if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0))
140 			nlmp = NULL;
141 
142 		if (lddstub && nlmp) {
143 			lddstub = 0;
144 
145 			/*
146 			 * Fabricate a binding between the target shared object
147 			 * and lddstub so that the target object isn't called
148 			 * out from unused() processing.
149 			 */
150 			if (lmflags &
151 			    (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) {
152 				if (bind_one(*clmp, nlmp, BND_REFER) == 0)
153 					nlmp = NULL;
154 			}
155 
156 			/*
157 			 * By identifying lddstub as the caller, several
158 			 * confusing ldd() diagnostics get suppressed.  These
159 			 * diagnostics would reveal how the target shared object
160 			 * was found from lddstub.  Now that the real target is
161 			 * loaded, identify the target as the caller so that all
162 			 * ldd() diagnostics are enabled for subsequent objects.
163 			 */
164 			if (nlmp)
165 				*clmp = nlmp;
166 		}
167 
168 		/*
169 		 * If no error occurred with loading this object, indicate that
170 		 * this link-map list contains an interposer.
171 		 */
172 		if (nlmp == NULL) {
173 			if ((lmflags & LML_FLG_TRC_ENABLE) ||
174 			    (rtld_flags & RT_FL_SECURE))
175 				continue;
176 			else
177 				return (0);
178 		}
179 		if (flags & FLG_RT_OBJINTPO)
180 			lml_main.lm_flags |= LML_FLG_INTRPOSE;
181 
182 	} while ((ptr = strtok_r(NULL,
183 	    MSG_ORIG(MSG_STR_DELIMIT), &next)) != NULL);
184 
185 	free(palp);
186 	free(objs);
187 	return (1);
188 }
189 
190 Rt_map *
191 setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz,
192     char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr,
193     char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid,
194     void *aoutdyn, int auxflags, uint_t hwcap_1)
195 {
196 	Rt_map			*rlmp, *mlmp, *clmp, **tobj = NULL;
197 	Ehdr			*ehdr;
198 	rtld_stat_t		status;
199 	int			features = 0, ldsoexec = 0;
200 	size_t			eaddr, esize;
201 	char			*str, *argvname;
202 	Word			lmflags;
203 	mmapobj_result_t	*mpp;
204 	Fdesc			fdr = { 0 }, fdm = { 0 };
205 	Rej_desc		rej = { 0 };
206 	APlist			*ealp = NULL;
207 
208 	/*
209 	 * Now that ld.so has relocated itself, initialize our own 'environ' so
210 	 * as to establish an address suitable for any libc requirements.
211 	 */
212 	_environ = (char **)((ulong_t)auxv - sizeof (char *));
213 	_init();
214 	_environ = envp;
215 
216 	/*
217 	 * Establish a base time.  Total time diagnostics start from entering
218 	 * ld.so.1 here, however the base time is reset each time the ld.so.1
219 	 * is re-entered.  Note also, there will be a large time associated
220 	 * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1
221 	 * and establishing the liblddbg infrastructure takes some time.
222 	 */
223 	(void) gettimeofday(&DBG_TOTALTIME, NULL);
224 	DBG_DELTATIME = DBG_TOTALTIME;
225 
226 	/*
227 	 * Determine how ld.so.1 has been executed.
228 	 */
229 	if ((fd == -1) && (phdr == NULL)) {
230 		/*
231 		 * If we received neither the AT_EXECFD nor the AT_PHDR aux
232 		 * vector, ld.so.1 must have been invoked directly from the
233 		 * command line.
234 		 */
235 		ldsoexec = 1;
236 
237 		/*
238 		 * AT_SUN_EXECNAME provides the most precise name, if it is
239 		 * available, otherwise fall back to argv[0].  At this time,
240 		 * there is no process name.
241 		 */
242 		if (execname)
243 			rtldname = execname;
244 		else if (argv[0])
245 			rtldname = argv[0];
246 		else
247 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
248 	} else {
249 		/*
250 		 * Otherwise, we have a standard process.  AT_SUN_EXECNAME
251 		 * provides the most precise name, if it is available,
252 		 * otherwise fall back to argv[0].  Provided the application
253 		 * is already mapped, the process is the application, so
254 		 * simplify the application name for use in any diagnostics.
255 		 */
256 		if (execname)
257 			argvname = execname;
258 		else if (argv[0])
259 			argvname = execname = argv[0];
260 		else
261 			argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
262 
263 		if (fd == -1) {
264 			if ((str = strrchr(argvname, '/')) != NULL)
265 				procname = ++str;
266 			else
267 				procname = argvname;
268 		}
269 
270 		/*
271 		 * At this point, we don't know the runtime linkers full path
272 		 * name.  The _rtldname passed to us is the SONAME of the
273 		 * runtime linker, which is typically /lib/ld.so.1 no matter
274 		 * what the full path is.   Use this for now, we'll reset the
275 		 * runtime linkers name once the application is analyzed.
276 		 */
277 		if (_rtldname) {
278 			if ((str = strrchr(_rtldname, '/')) != NULL)
279 				rtldname = ++str;
280 			else
281 				rtldname = _rtldname;
282 		} else
283 			rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN);
284 
285 		/* exec() brought in two objects for us. Count the second one */
286 		cnt_map++;
287 	}
288 
289 	/*
290 	 * Initialize any global variables.
291 	 */
292 	at_flags = _flags;
293 
294 	if ((org_scapset->sc_plat = _platform) != NULL)
295 		org_scapset->sc_platsz = strlen(_platform);
296 
297 	if (org_scapset->sc_plat == NULL)
298 		platform_name(org_scapset);
299 	if (org_scapset->sc_mach == NULL)
300 		machine_name(org_scapset);
301 
302 	/*
303 	 * If pagesize is unspecified find its value.
304 	 */
305 	if ((syspagsz = _syspagsz) == 0)
306 		syspagsz = _sysconfig(_CONFIG_PAGESIZE);
307 
308 	/*
309 	 * Add the unused portion of the last data page to the free space list.
310 	 * The page size must be set before doing this.  Here, _end refers to
311 	 * the end of the runtime linkers bss.  Note that we do not use the
312 	 * unused data pages from any included .so's to supplement this free
313 	 * space as badly behaved .os's may corrupt this data space, and in so
314 	 * doing ruin our data.
315 	 */
316 	eaddr = S_DROUND((size_t)&_end);
317 	esize = eaddr % syspagsz;
318 	if (esize) {
319 		esize = syspagsz - esize;
320 		addfree((void *)eaddr, esize);
321 	}
322 
323 	/*
324 	 * Establish initial link-map list flags, and link-map list alists.
325 	 */
326 	if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl),
327 	    AL_CNT_LMLISTS) == NULL)
328 		return (0);
329 	lml_main.lm_flags |= LML_FLG_BASELM;
330 	lml_main.lm_lmid = LM_ID_BASE;
331 	lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE);
332 
333 	if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl),
334 	    AL_CNT_LMLISTS) == NULL)
335 		return (0);
336 	lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_HOLDLOCK);
337 	lml_rtld.lm_tflags |= LML_TFLG_NOAUDIT;
338 	lml_rtld.lm_lmid = LM_ID_LDSO;
339 	lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO);
340 
341 	/*
342 	 * Determine whether we have a secure executable.
343 	 */
344 	security(uid, euid, gid, egid, auxflags);
345 
346 	/*
347 	 * Make an initial pass of environment variables to pick off those
348 	 * related to locale processing.  At the same time, collect and save
349 	 * any LD_XXXX variables for later processing.  Note that this later
350 	 * processing will be skipped if ld.so.1 is invoked from the command
351 	 * line with -e LD_NOENVIRON.
352 	 */
353 	if (envp && (readenv_user((const char **)envp, &ealp) == 1))
354 		return (0);
355 
356 	/*
357 	 * If ld.so.1 has been invoked directly, process its arguments.
358 	 */
359 	if (ldsoexec) {
360 		/*
361 		 * Process any arguments that are specific to ld.so.1, and
362 		 * reorganize the process stack to effectively remove ld.so.1
363 		 * from the stack.  Reinitialize the environment pointer, as
364 		 * this pointer may have been shifted after skipping ld.so.1's
365 		 * arguments.
366 		 */
367 		if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags),
368 		    &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) {
369 			eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT));
370 			return (0);
371 		}
372 		_environ = envp;
373 
374 		/*
375 		 * Open the object that ld.so.1 is to execute.
376 		 */
377 		argvname = execname = argv[0];
378 
379 		if ((fd = open(argvname, O_RDONLY)) == -1) {
380 			int	err = errno;
381 			eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN),
382 			    argvname, strerror(err));
383 			return (0);
384 		}
385 	}
386 
387 	/*
388 	 * Having processed any ld.so.1 command line options, return to process
389 	 * any LD_XXXX environment variables.
390 	 */
391 	if (ealp) {
392 		if (((rtld_flags & RT_FL_NOENVIRON) == 0) &&
393 		    (procenv_user(ealp, &(lml_main.lm_flags),
394 		    &(lml_main.lm_tflags), (aoutdyn != 0)) == 1))
395 			return (0);
396 		free(ealp);
397 	}
398 
399 	/*
400 	 * Initialize a hardware capability descriptor for use in comparing
401 	 * each loaded object.  The aux vector must provide AF_SUN_HWCAPVERIFY,
402 	 * as prior to this setting any hardware capabilities that were found
403 	 * could not be relied upon.
404 	 */
405 	if (auxflags & AF_SUN_HWCAPVERIFY) {
406 		rtld_flags2 |= RT_FL2_HWCAP;
407 		org_scapset->sc_hw_1 = (Xword)hwcap_1;
408 	}
409 
410 	/*
411 	 * Create a mapping descriptor for ld.so.1.  We can determine our
412 	 * two segments information from known symbols.
413 	 */
414 	if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL)
415 		return (0);
416 	mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base);
417 	mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr;
418 	mpp[0].mr_fsize = mpp[0].mr_msize;
419 	mpp[0].mr_prot = (PROT_READ | PROT_EXEC);
420 
421 	mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug);
422 	mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr;
423 	mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr;
424 	mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC);
425 
426 	if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL)
427 		return (0);
428 	if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr,
429 	    (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base),
430 	    NULL, NULL, NULL)) == NULL)
431 		return (0);
432 
433 	MMAPS(rlmp) = mpp;
434 	MMAPCNT(rlmp) = 2;
435 	PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr;
436 	PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr +
437 	    (ulong_t)mpp[1].mr_msize;
438 
439 	MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
440 	FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE |
441 	    FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET);
442 
443 	/*
444 	 * Initialize the runtime linkers information.
445 	 */
446 	interp = &_interp;
447 	interp->i_name = (char *)rtldname;
448 	interp->i_faddr = (caddr_t)ADDR(rlmp);
449 	ldso_plt_init(rlmp);
450 
451 	/*
452 	 * Map in the file, if exec has not already done so, or if the file
453 	 * was passed as an argument to an explicit execution of ld.so.1 from
454 	 * the command line.
455 	 */
456 	if (fd != -1) {
457 		/*
458 		 * Map the file.  Once the object is mapped we no longer need
459 		 * the file descriptor.
460 		 */
461 		(void) rtld_fstat(fd, &status);
462 		fdm.fd_oname = argvname;
463 		fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname,
464 		    fd, &rej);
465 		(void) close(fd);
466 
467 		if (fdm.fd_ftp == NULL) {
468 			Conv_reject_desc_buf_t rej_buf;
469 
470 			eprintf(&lml_main, ERR_FATAL,
471 			    MSG_INTL(err_reject[rej.rej_type]), argvname,
472 			    conv_reject_desc(&rej, &rej_buf, M_MACH));
473 			return (0);
474 		}
475 
476 		/*
477 		 * Finish processing the loading of the file.
478 		 */
479 		if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL)
480 			return (0);
481 		fdm.fd_dev = status.st_dev;
482 		fdm.fd_ino = status.st_ino;
483 
484 		if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, NULL, &fdm,
485 		    NULL)) == NULL)
486 			return (0);
487 
488 		/*
489 		 * We now have a process name for error diagnostics.
490 		 */
491 		if ((str = strrchr(argvname, '/')) != NULL)
492 			procname = ++str;
493 		else
494 			procname = argvname;
495 
496 		if (ldsoexec) {
497 			mmapobj_result_t	*mpp = MMAPS(mlmp);
498 			uint_t			mnum, mapnum = MMAPCNT(mlmp);
499 			void			*brkbase = NULL;
500 
501 			/*
502 			 * Since ld.so.1 was the primary executed object - the
503 			 * brk() base has not yet been initialized, we need to
504 			 * initialize it.  For an executable, initialize it to
505 			 * the end of the object.  For a shared object (ET_DYN)
506 			 * initialize it to the first page in memory.
507 			 */
508 			for (mnum = 0; mnum < mapnum; mnum++, mpp++)
509 				brkbase = mpp->mr_addr + mpp->mr_msize;
510 
511 			if (brkbase == NULL)
512 				brkbase = (void *)syspagsz;
513 
514 			if (_brk_unlocked(brkbase) == -1) {
515 				int	err = errno;
516 
517 				eprintf(&lml_main, ERR_FATAL,
518 				    MSG_INTL(MSG_SYS_BRK), argvname,
519 				    strerror(err));
520 				return (0);
521 			}
522 		}
523 	} else {
524 		/*
525 		 * Set up function ptr and arguments according to the type
526 		 * of file class the executable is. (Currently only supported
527 		 * types are ELF and a.out format.)  Then create a link map
528 		 * for the executable.
529 		 */
530 		if (aoutdyn) {
531 #ifdef A_OUT
532 			mmapobj_result_t	*mpp;
533 
534 			/*
535 			 * Create a mapping structure sufficient to describe
536 			 * a single two segments.  The ADDR() of the a.out is
537 			 * established as 0, which is required but the AOUT
538 			 * relocation code.
539 			 */
540 			if ((mpp =
541 			    calloc(sizeof (mmapobj_result_t), 2)) == NULL)
542 				return (0);
543 
544 			if ((fdm.fd_nname =
545 			    stravl_insert(execname, 0, 0, 0)) == NULL)
546 				return (0);
547 			if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA,
548 			    &fdm, 0, 0, aoutdyn, NULL, NULL)) == NULL)
549 				return (0);
550 
551 			/*
552 			 * Establish the true mapping information for the a.out.
553 			 */
554 			if (aout_get_mmap(&lml_main, mpp)) {
555 				free(mpp);
556 				return (0);
557 			}
558 
559 			MSIZE(mlmp) =
560 			    (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) -
561 			    S_ALIGN((size_t)mpp[0].mr_addr, syspagsz);
562 			MMAPS(mlmp) = mpp;
563 			MMAPCNT(mlmp) = 2;
564 			PADSTART(mlmp) = (ulong_t)mpp->mr_addr;
565 			PADIMLEN(mlmp) = mpp->mr_msize;
566 
567 			/*
568 			 * Disable any object configuration cache (BCP apps
569 			 * bring in sbcp which can benefit from any object
570 			 * cache, but both the app and sbcp can't use the same
571 			 * objects).
572 			 */
573 			rtld_flags |= RT_FL_NOOBJALT;
574 
575 			/*
576 			 * Make sure no-direct bindings are in effect.
577 			 */
578 			lml_main.lm_tflags |= LML_TFLG_NODIRECT;
579 #else
580 			eprintf(&lml_main, ERR_FATAL,
581 			    MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname);
582 			return (0);
583 #endif
584 		} else if (phdr) {
585 			Phdr			*pptr;
586 			Off			i_offset = 0;
587 			Addr			base = 0;
588 			ulong_t			phsize;
589 			mmapobj_result_t	*mpp, *fmpp, *hmpp = NULL;
590 			uint_t			mapnum = 0;
591 			int			i;
592 			size_t			msize;
593 
594 			/*
595 			 * Using the executables phdr address determine the base
596 			 * address of the input file.  NOTE, this assumes the
597 			 * program headers and elf header are part of the same
598 			 * mapped segment.  Although this has held for many
599 			 * years now, it might be more flexible if the kernel
600 			 * gave use the ELF headers start address, rather than
601 			 * the Program headers.
602 			 *
603 			 * Determine from the ELF header if we're been called
604 			 * from a shared object or dynamic executable.  If the
605 			 * latter, then any addresses within the object are used
606 			 * as is.  Addresses within shared objects must be added
607 			 * to the process's base address.
608 			 */
609 			ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset);
610 			phsize = ehdr->e_phentsize;
611 			if (ehdr->e_type == ET_DYN)
612 				base = (Addr)ehdr;
613 
614 			/*
615 			 * Allocate a mapping array to retain mapped segment
616 			 * information.
617 			 */
618 			if ((fmpp = mpp = calloc(ehdr->e_phnum,
619 			    sizeof (mmapobj_result_t))) == NULL)
620 				return (0);
621 
622 			/*
623 			 * Extract the needed information from the segment
624 			 * headers.
625 			 */
626 			for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) {
627 				if (pptr->p_type == PT_INTERP) {
628 					i_offset = pptr->p_offset;
629 					interp->i_faddr =
630 					    (caddr_t)interp_base;
631 				}
632 				if ((pptr->p_type == PT_LOAD) &&
633 				    (pptr->p_filesz || pptr->p_memsz)) {
634 					int	perm = (PROT_READ | PROT_EXEC);
635 					size_t	off;
636 
637 					if (i_offset && pptr->p_filesz &&
638 					    (i_offset >= pptr->p_offset) &&
639 					    (i_offset <=
640 					    (pptr->p_memsz + pptr->p_offset))) {
641 						interp->i_name = (char *)
642 						    pptr->p_vaddr + i_offset -
643 						    pptr->p_offset + base;
644 						i_offset = 0;
645 					}
646 
647 					if (pptr->p_flags & PF_W)
648 						perm |= PROT_WRITE;
649 
650 					/*
651 					 * Retain segments mapping info.  Round
652 					 * each segment to a page boundary, as
653 					 * this insures addresses are suitable
654 					 * for mprotect() if required.
655 					 */
656 					off = pptr->p_vaddr + base;
657 					if (hmpp == NULL) {
658 						hmpp = mpp;
659 						mpp->mr_addr = (caddr_t)ehdr;
660 					} else
661 						mpp->mr_addr = (caddr_t)off;
662 
663 					off -= (size_t)(uintptr_t)mpp->mr_addr;
664 					mpp->mr_msize = pptr->p_memsz + off;
665 					mpp->mr_fsize = pptr->p_filesz + off;
666 					mpp->mr_prot = perm;
667 
668 					mpp++, mapnum++;
669 				}
670 
671 				pptr = (Phdr *)((ulong_t)pptr + phsize);
672 			}
673 
674 			mpp--;
675 			msize = (size_t)(mpp->mr_addr + mpp->mr_msize) -
676 			    S_ALIGN((size_t)fmpp->mr_addr, syspagsz);
677 
678 			if ((fdm.fd_nname =
679 			    stravl_insert(execname, 0, 0, 0)) == NULL)
680 				return (0);
681 			if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA,
682 			    &fdm, (Addr)hmpp->mr_addr, msize,
683 			    NULL, NULL, NULL)) == NULL)
684 				return (0);
685 
686 			MMAPS(mlmp) = fmpp;
687 			MMAPCNT(mlmp) = mapnum;
688 			PADSTART(mlmp) = (ulong_t)fmpp->mr_addr;
689 			PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr +
690 			    (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize;
691 		}
692 	}
693 
694 	/*
695 	 * Establish the interpretors name as that defined within the initial
696 	 * object (executable).  This provides for ORIGIN processing of ld.so.1
697 	 * dependencies.  Note, the NAME() of the object remains that which was
698 	 * passed to us as the SONAME on execution.
699 	 */
700 	if (ldsoexec == 0) {
701 		size_t	len = strlen(interp->i_name);
702 
703 		if (expand(&interp->i_name, &len, 0, 0,
704 		    (PD_TKN_ISALIST | PD_TKN_CAP), rlmp) & PD_TKN_RESOLVED)
705 			fdr.fd_flags |= FLG_FD_RESOLVED;
706 	}
707 	fdr.fd_pname = interp->i_name;
708 	(void) fullpath(rlmp, &fdr);
709 
710 	/*
711 	 * The runtime linker acts as a filtee for various dl*() functions that
712 	 * are defined in libc (and libdl).  Make sure this standard name for
713 	 * the runtime linker is also registered in the FullPathNode AVL tree.
714 	 */
715 	(void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0);
716 
717 	/*
718 	 * Having established the true runtime linkers name, simplify the name
719 	 * for error diagnostics.
720 	 */
721 	if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL)
722 		rtldname = ++str;
723 	else
724 		rtldname = PATHNAME(rlmp);
725 
726 	/*
727 	 * Expand the fullpath name of the application.  This typically occurs
728 	 * as a part of loading an object, but as the kernel probably mapped
729 	 * it in, complete this processing now.
730 	 */
731 	(void) fullpath(mlmp, 0);
732 
733 	/*
734 	 * Some troublesome programs will change the value of argv[0].  Dupping
735 	 * the process string protects us, and insures the string is left in
736 	 * any core files.
737 	 */
738 	if ((str = (char *)strdup(procname)) == NULL)
739 		return (0);
740 	procname = str;
741 
742 	FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET);
743 	FLAGS1(mlmp) |= FL1_RT_USED;
744 
745 	/*
746 	 * It's the responsibility of MAIN(crt0) to call it's _init and _fini
747 	 * section, therefore null out any INIT/FINI so that this object isn't
748 	 * collected during tsort processing.  And, if the application has no
749 	 * initarray or finiarray we can economize on establishing bindings.
750 	 */
751 	INIT(mlmp) = FINI(mlmp) = NULL;
752 	if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL))
753 		FLAGS1(mlmp) |= FL1_RT_NOINIFIN;
754 
755 	/*
756 	 * Identify lddstub if necessary.
757 	 */
758 	if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB)
759 		FLAGS1(mlmp) |= FL1_RT_LDDSTUB;
760 
761 	/*
762 	 * Retain our argument information for use in dlinfo.
763 	 */
764 	argsinfo.dla_argv = argv--;
765 	argsinfo.dla_argc = (long)*argv;
766 	argsinfo.dla_envp = envp;
767 	argsinfo.dla_auxv = auxv;
768 
769 	(void) enter(0);
770 
771 	/*
772 	 * Add our two main link-maps to the dynlm_list
773 	 */
774 	if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL)
775 		return (0);
776 
777 	if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL)
778 		return (0);
779 
780 	/*
781 	 * Reset the link-map counts for both lists.  The init count is used to
782 	 * track how many objects have pending init sections, this gets incre-
783 	 * mented each time an object is relocated.  Since ld.so.1 relocates
784 	 * itself, it's init count will remain zero.
785 	 * The object count is used to track how many objects have pending fini
786 	 * sections, as ld.so.1 handles its own fini we can zero its count.
787 	 */
788 	lml_main.lm_obj = 1;
789 	lml_rtld.lm_obj = 0;
790 
791 	/*
792 	 * Initialize debugger information structure.  Some parts of this
793 	 * structure were initialized statically.
794 	 */
795 	r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head;
796 	r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head;
797 	r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr;
798 	r_debug.rtd_dynlmlst = &dynlm_list;
799 
800 	/*
801 	 * Determine the dev/inode information for the executable to complete
802 	 * load_so() checking for those who might dlopen(a.out).
803 	 */
804 	if (rtld_stat(PATHNAME(mlmp), &status) == 0) {
805 		STDEV(mlmp) = status.st_dev;
806 		STINO(mlmp) = status.st_ino;
807 	}
808 
809 	/*
810 	 * Initialize any configuration information.
811 	 */
812 	if (!(rtld_flags & RT_FL_NOCFG)) {
813 		if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1)
814 			return (0);
815 	}
816 
817 #if	defined(_ELF64)
818 	/*
819 	 * If this is a 64-bit process, determine whether this process has
820 	 * restricted the process address space to 32-bits.  Any dependencies
821 	 * that are restricted to a 32-bit address space can only be loaded if
822 	 * the executable has established this requirement.
823 	 */
824 	if (CAPSET(mlmp).sc_sf_1 & SF1_SUNW_ADDR32)
825 		rtld_flags2 |= RT_FL2_ADDR32;
826 #endif
827 	/*
828 	 * Establish any alternative capabilities, and validate this object
829 	 * if it defines it's own capabilities information.
830 	 */
831 	if (cap_alternative() == 0)
832 		return (0);
833 
834 	if (cap_check_lmp(mlmp, &rej) == 0) {
835 		if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) {
836 			/* LINTED */
837 			(void) printf(MSG_INTL(ldd_warn[rej.rej_type]),
838 			    NAME(mlmp), rej.rej_str);
839 		} else {
840 			/* LINTED */
841 			eprintf(&lml_main, ERR_FATAL,
842 			    MSG_INTL(err_reject[rej.rej_type]),
843 			    NAME(mlmp), rej.rej_str);
844 			return (0);
845 		}
846 	}
847 
848 	/*
849 	 * Establish the modes of the initial object.  These modes are
850 	 * propagated to any preloaded objects and explicit shared library
851 	 * dependencies.
852 	 *
853 	 * If we're generating a configuration file using crle(1), remove
854 	 * any RTLD_NOW use, as we don't want to trigger any relocation proc-
855 	 * essing during crle(1)'s first past (this would just be unnecessary
856 	 * overhead).  Any filters are explicitly loaded, and thus RTLD_NOW is
857 	 * not required to trigger filter loading.
858 	 *
859 	 * Note, RTLD_NOW may have been established during analysis of the
860 	 * application had the application been built -z now.
861 	 */
862 	MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD);
863 
864 	if (rtld_flags & RT_FL_CONFGEN) {
865 		MODE(mlmp) |= RTLD_CONFGEN;
866 		MODE(mlmp) &= ~RTLD_NOW;
867 		rtld_flags2 &= ~RT_FL2_BINDNOW;
868 	}
869 
870 	if ((MODE(mlmp) & RTLD_NOW) == 0) {
871 		if (rtld_flags2 & RT_FL2_BINDNOW)
872 			MODE(mlmp) |= RTLD_NOW;
873 		else
874 			MODE(mlmp) |= RTLD_LAZY;
875 	}
876 
877 	/*
878 	 * If debugging was requested initialize things now that any cache has
879 	 * been established.  A user can specify LD_DEBUG=help to discover the
880 	 * list of debugging tokens available without running the application.
881 	 * However, don't allow this setting from a configuration file.
882 	 *
883 	 * Note, to prevent recursion issues caused by loading and binding the
884 	 * debugging libraries themselves, a local debugging descriptor is
885 	 * initialized.  Once the debugging setup has completed, this local
886 	 * descriptor is copied to the global descriptor which effectively
887 	 * enables diagnostic output.
888 	 *
889 	 * Ignore any debugging request if we're being monitored by a process
890 	 * that expects the old getpid() initialization handshake.
891 	 */
892 	if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) {
893 		Dbg_desc	_dbg_desc = {0};
894 		struct timeval	total = DBG_TOTALTIME;
895 		struct timeval	delta = DBG_DELTATIME;
896 
897 		if (rpl_debug) {
898 			if (dbg_setup(rpl_debug, &_dbg_desc) == 0)
899 				return (0);
900 			if (_dbg_desc.d_extra & DBG_E_HELP_EXIT)
901 				rtldexit(&lml_main, 0);
902 		}
903 		if (prm_debug)
904 			(void) dbg_setup(prm_debug, &_dbg_desc);
905 
906 		*dbg_desc = _dbg_desc;
907 		DBG_TOTALTIME = total;
908 		DBG_DELTATIME = delta;
909 	}
910 
911 	/*
912 	 * Now that debugging is enabled generate any diagnostics from any
913 	 * previous events.
914 	 */
915 	if (DBG_ENABLED) {
916 		DBG_CALL(Dbg_cap_val(&lml_main, org_scapset, alt_scapset,
917 		    M_MACH));
918 		DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name,
919 		    features));
920 
921 		DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv,
922 		    LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA));
923 
924 		if (THIS_IS_ELF(mlmp)) {
925 			DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp),
926 			    ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr,
927 			    ALIST_OFF_DATA));
928 		} else {
929 			DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp),
930 			    ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr,
931 			    ALIST_OFF_DATA));
932 		}
933 	}
934 
935 	/*
936 	 * Enable auditing.
937 	 */
938 	if (rpl_audit || prm_audit || profile_lib) {
939 		int		ndx;
940 		const char	*aud[3];
941 
942 		aud[0] = rpl_audit;
943 		aud[1] = prm_audit;
944 		aud[2] = profile_lib;
945 
946 		/*
947 		 * Any global auditing (set using LD_AUDIT or LD_PROFILE) that
948 		 * can't be established is non-fatal.
949 		 */
950 		if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL)
951 			return (0);
952 
953 		for (ndx = 0; ndx < 3; ndx++) {
954 			if (aud[ndx]) {
955 				if ((auditors->ad_name =
956 				    strdup(aud[ndx])) == NULL)
957 					return (0);
958 				rtld_flags2 |= RT_FL2_FTL2WARN;
959 				(void) audit_setup(mlmp, auditors,
960 				    PD_FLG_EXTLOAD, NULL);
961 				rtld_flags2 &= ~RT_FL2_FTL2WARN;
962 			}
963 		}
964 		lml_main.lm_tflags |= auditors->ad_flags;
965 	}
966 	if (AUDITORS(mlmp)) {
967 		/*
968 		 * Any object required auditing (set with a DT_DEPAUDIT dynamic
969 		 * entry) that can't be established is fatal.
970 		 */
971 		if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) {
972 			/*
973 			 * If this object requires global auditing, use the
974 			 * local auditing information to set the global
975 			 * auditing descriptor.  The effect is that a
976 			 * DT_DEPAUDIT act as an LD_AUDIT.
977 			 */
978 			if ((auditors == NULL) && ((auditors = calloc(1,
979 			    sizeof (Audit_desc))) == NULL))
980 				return (0);
981 
982 			auditors->ad_name = AUDITORS(mlmp)->ad_name;
983 			if (audit_setup(mlmp, auditors, 0, NULL) == 0)
984 				return (0);
985 			lml_main.lm_tflags |= auditors->ad_flags;
986 
987 			/*
988 			 * Clear the local auditor information.
989 			 */
990 			free((void *) AUDITORS(mlmp));
991 			AUDITORS(mlmp) = NULL;
992 
993 		} else {
994 			/*
995 			 * Establish any local auditing.
996 			 */
997 			if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0)
998 				return (0);
999 
1000 			AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags;
1001 			lml_main.lm_flags |= LML_FLG_LOCAUDIT;
1002 		}
1003 	}
1004 
1005 	/*
1006 	 * Explicitly add the initial object and ld.so.1 to those objects being
1007 	 * audited.  Note, although the ld.so.1 link-map isn't auditable,
1008 	 * establish a cookie for ld.so.1 as this may be bound to via the
1009 	 * dl*() family.
1010 	 */
1011 	if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) {
1012 		if (((audit_objopen(mlmp, mlmp) == 0) ||
1013 		    (audit_objopen(mlmp, rlmp) == 0)) &&
1014 		    (AFLAGS(mlmp) & LML_TFLG_AUD_MASK))
1015 			return (0);
1016 	}
1017 
1018 	/*
1019 	 * Map in any preloadable shared objects.  Establish the caller as the
1020 	 * head of the main link-map list.  In the case of being exercised from
1021 	 * lddstub, the caller gets reassigned to the first target shared object
1022 	 * so as to provide intuitive diagnostics from ldd().
1023 	 *
1024 	 * Note, it is valid to preload a 4.x shared object with a 5.0
1025 	 * executable (or visa-versa), as this functionality is required by
1026 	 * ldd(1).
1027 	 */
1028 	clmp = mlmp;
1029 	if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0))
1030 		return (0);
1031 	if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0))
1032 		return (0);
1033 
1034 	/*
1035 	 * Load all dependent (needed) objects.
1036 	 */
1037 	if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == NULL)
1038 		return (0);
1039 
1040 	/*
1041 	 * Relocate all the dependencies we've just added.
1042 	 *
1043 	 * If this process has been established via crle(1), the environment
1044 	 * variable LD_CONFGEN will have been set.  crle(1) may create this
1045 	 * process twice.  The first time crle only needs to gather dependency
1046 	 * information.  The second time, is to dldump() the images.
1047 	 *
1048 	 * If we're only gathering dependencies, relocation is unnecessary.
1049 	 * As crle(1) may be building an arbitrary family of objects, they may
1050 	 * not fully relocate either.  Hence the relocation phase is not carried
1051 	 * out now, but will be called by crle(1) once all objects have been
1052 	 * loaded.
1053 	 */
1054 	if ((rtld_flags & RT_FL_CONFGEN) == 0) {
1055 
1056 		DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD));
1057 
1058 		if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp,
1059 		    mlmp, NULL) == 0)
1060 			return (0);
1061 
1062 		/*
1063 		 * Inform the debuggers that basic process initialization is
1064 		 * complete, and that the state of ld.so.1 (link-map lists,
1065 		 * etc.) is stable.  This handshake enables the debugger to
1066 		 * initialize themselves, and consequently allows the user to
1067 		 * set break points in .init code.
1068 		 *
1069 		 * Most new debuggers use librtld_db to monitor activity events.
1070 		 * Older debuggers indicated their presence by setting the
1071 		 * DT_DEBUG entry in the dynamic executable (see elf_new_lm()).
1072 		 * In this case, getpid() is called so that the debugger can
1073 		 * catch the system call.  This old mechanism has some
1074 		 * restrictions, as getpid() should not be called prior to
1075 		 * basic process initialization being completed.  This
1076 		 * restriction has become increasingly difficult to maintain,
1077 		 * as the use of auditors, LD_DEBUG, and the initialization
1078 		 * handshake with libc can result in "premature" getpid()
1079 		 * calls.  The use of this getpid() handshake is expected to
1080 		 * disappear at some point in the future, and there is intent
1081 		 * to work towards that goal.
1082 		 */
1083 		rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT);
1084 		rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT);
1085 
1086 		if (rtld_flags & RT_FL_DEBUGGER) {
1087 			r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG;
1088 			(void) getpid();
1089 		}
1090 	}
1091 
1092 	/*
1093 	 * Indicate preinit activity, and call any auditing routines.  These
1094 	 * routines are called before initializing any threads via libc, or
1095 	 * before collecting the complete set of .inits on the primary link-map.
1096 	 * Although most libc interfaces are encapsulated in local routines
1097 	 * within libc, they have been known to escape (ie. call a .plt).  As
1098 	 * the appcert auditor uses preinit as a trigger to establish some
1099 	 * external interfaces to the main link-maps libc, we need to activate
1100 	 * this trigger before exercising any code within libc.  Additionally,
1101 	 * I wouldn't put it past an auditor to add additional objects to the
1102 	 * primary link-map.  Hence, we collect .inits after the audit call.
1103 	 */
1104 	rd_event(&lml_main, RD_PREINIT, 0);
1105 
1106 	if (aud_activity ||
1107 	    ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY))
1108 		audit_activity(mlmp, LA_ACT_CONSISTENT);
1109 	if (aud_preinit ||
1110 	    ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT))
1111 		audit_preinit(mlmp);
1112 
1113 	/*
1114 	 * If we're creating initial configuration information, we're done
1115 	 * now that the auditing step has been called.
1116 	 */
1117 	if (rtld_flags & RT_FL_CONFGEN) {
1118 		leave(LIST(mlmp), 0);
1119 		return (mlmp);
1120 	}
1121 
1122 	/*
1123 	 * Sort the .init sections of all objects we've added.  If we're
1124 	 * tracing we only need to execute this under ldd(1) with the -i or -u
1125 	 * options.
1126 	 */
1127 	lmflags = lml_main.lm_flags;
1128 	if (((lmflags & LML_FLG_TRC_ENABLE) == 0) ||
1129 	    (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) {
1130 		if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init,
1131 		    RT_SORT_REV)) == (Rt_map **)S_ERROR)
1132 			return (0);
1133 	}
1134 
1135 	/*
1136 	 * If we are tracing we're done.  This is the one legitimate use of a
1137 	 * direct call to rtldexit() rather than return, as we don't want to
1138 	 * return and jump to the application.
1139 	 */
1140 	if (lmflags & LML_FLG_TRC_ENABLE) {
1141 		unused(&lml_main);
1142 		rtldexit(&lml_main, 0);
1143 	}
1144 
1145 	/*
1146 	 * Check if this instance of the linker should have a primary link
1147 	 * map.  This flag allows multiple copies of the -same- -version-
1148 	 * of the linker (and libc) to run in the same address space.
1149 	 *
1150 	 * Without this flag we only support one copy of the linker in a
1151 	 * process because by default the linker will always try to
1152 	 * initialize at one primary link map  The copy of libc which is
1153 	 * initialized on a primary link map will initialize global TLS
1154 	 * data which can be shared with other copies of libc in the
1155 	 * process.  The problem is that if there is more than one copy
1156 	 * of the linker, only one copy should link libc onto a primary
1157 	 * link map, otherwise libc will attempt to re-initialize global
1158 	 * TLS data.  So when a copy of the linker is loaded with this
1159 	 * flag set, it will not initialize any primary link maps since
1160 	 * presumably another copy of the linker will do this.
1161 	 *
1162 	 * Note that this flag only allows multiple copies of the -same-
1163 	 * -version- of the linker (and libc) to coexist.  This approach
1164 	 * will not work if we are trying to load different versions of
1165 	 * the linker and libc into the same process.  The reason for
1166 	 * this is that the format of the global TLS data may not be
1167 	 * the same for different versions of libc.  In this case each
1168 	 * different version of libc must have it's own primary link map
1169 	 * and be able to maintain it's own TLS data.  The only way this
1170 	 * can be done is by carefully managing TLS pointers on transitions
1171 	 * between code associated with each of the different linkers.
1172 	 * Note that this is actually what is done for processes in lx
1173 	 * branded zones.  Although in the lx branded zone case, the
1174 	 * other linker and libc are actually gld and glibc.  But the
1175 	 * same general TLS management mechanism used by the lx brand
1176 	 * would apply to any attempts to run multiple versions of the
1177 	 * solaris linker and libc in a single process.
1178 	 */
1179 	if (auxflags & AF_SUN_NOPLM)
1180 		rtld_flags2 |= RT_FL2_NOPLM;
1181 
1182 	/*
1183 	 * Establish any static TLS for this primary link-map.  Note, regardless
1184 	 * of whether TLS is available, an initial handshake occurs with libc to
1185 	 * indicate we're processing the primary link-map.  Having identified
1186 	 * the primary link-map, initialize threads.
1187 	 */
1188 	if (rt_get_extern(&lml_main, mlmp) == 0)
1189 		return (0);
1190 
1191 	if ((rtld_flags2 & RT_FL2_NOPLM) == 0) {
1192 		if (tls_statmod(&lml_main, mlmp) == 0)
1193 			return (0);
1194 		rt_thr_init(&lml_main);
1195 		rtld_flags2 |= RT_FL2_PLMSETUP;
1196 	} else {
1197 		rt_thr_init(&lml_main);
1198 	}
1199 
1200 	/*
1201 	 * Fire all dependencies .init sections.  Identify any unused
1202 	 * dependencies, and leave the runtime linker - effectively calling
1203 	 * the dynamic executables entry point.
1204 	 */
1205 	call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp,
1206 	    SHT_PREINIT_ARRAY);
1207 
1208 	if (tobj)
1209 		call_init(tobj, DBG_INIT_SORT);
1210 
1211 	rd_event(&lml_main, RD_POSTINIT, 0);
1212 
1213 	unused(&lml_main);
1214 
1215 	DBG_CALL(Dbg_util_call_main(mlmp));
1216 
1217 	rtld_flags |= (RT_FL_OPERATION | RT_FL_APPLIC);
1218 
1219 	leave(LIST(mlmp), 0);
1220 
1221 	return (mlmp);
1222 }
1223