1 /* $OpenBSD: loader.c,v 1.187 2019/10/04 17:42:16 guenther Exp $ */ 2 3 /* 4 * Copyright (c) 1998 Per Fogelstrom, Opsycon AB 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 */ 28 29 #define _DYN_LOADER 30 31 #include <sys/types.h> 32 #include <sys/mman.h> 33 #include <sys/exec.h> 34 #include <sys/sysctl.h> 35 #include <nlist.h> 36 #include <string.h> 37 #include <link.h> 38 #include <limits.h> /* NAME_MAX */ 39 #include <dlfcn.h> 40 #include <tib.h> 41 42 #include "syscall.h" 43 #include "archdep.h" 44 #include "path.h" 45 #include "resolve.h" 46 #include "sod.h" 47 #include "stdlib.h" 48 49 /* 50 * Local decls. 51 */ 52 unsigned long _dl_boot(const char **, char **, const long, long *) __boot; 53 void _dl_debug_state(void); 54 void _dl_setup_env(const char *_argv0, char **_envp) __boot; 55 void _dl_dtors(void); 56 void _dl_dopreload(char *_paths) __boot; 57 void _dl_fixup_user_env(void) __boot; 58 void _dl_call_preinit(elf_object_t *) __boot; 59 void _dl_call_init_recurse(elf_object_t *object, int initfirst); 60 void _dl_clean_boot(void); 61 static inline void unprotect_if_textrel(elf_object_t *_object); 62 static inline void reprotect_if_textrel(elf_object_t *_object); 63 64 int _dl_pagesz __relro = 4096; 65 int _dl_bindnow __relro = 0; 66 int _dl_debug __relro = 0; 67 int _dl_trust __relro = 0; 68 char **_dl_libpath __relro = NULL; 69 const char **_dl_argv __relro = NULL; 70 int _dl_argc __relro = 0; 71 72 char *_dl_preload __boot_data = NULL; 73 char *_dl_tracefmt1 __boot_data = NULL; 74 char *_dl_tracefmt2 __boot_data = NULL; 75 char *_dl_traceprog __boot_data = NULL; 76 77 char **environ = NULL; 78 char *__progname = NULL; 79 80 int _dl_traceld; 81 struct r_debug *_dl_debug_map; 82 83 static dl_cb_cb _dl_cb_cb; 84 const struct dl_cb_0 callbacks_0 = { 85 .dl_allocate_tib = &_dl_allocate_tib, 86 .dl_free_tib = &_dl_free_tib, 87 #if DO_CLEAN_BOOT 88 .dl_clean_boot = &_dl_clean_boot, 89 #endif 90 .dlopen = &dlopen, 91 .dlclose = &dlclose, 92 .dlsym = &dlsym, 93 .dladdr = &dladdr, 94 .dlctl = &dlctl, 95 .dlerror = &dlerror, 96 .dl_iterate_phdr = &dl_iterate_phdr, 97 }; 98 99 100 /* 101 * Run dtors for a single object. 102 */ 103 void 104 _dl_run_dtors(elf_object_t *obj) 105 { 106 if (obj->dyn.fini_array) { 107 int num = obj->dyn.fini_arraysz / sizeof(Elf_Addr); 108 int i; 109 110 DL_DEB(("doing finiarray obj %p @%p: [%s]\n", 111 obj, obj->dyn.fini_array, obj->load_name)); 112 for (i = num; i > 0; i--) 113 (*obj->dyn.fini_array[i-1])(); 114 } 115 116 if (obj->dyn.fini) { 117 DL_DEB(("doing dtors obj %p @%p: [%s]\n", 118 obj, obj->dyn.fini, obj->load_name)); 119 (*obj->dyn.fini)(); 120 } 121 } 122 123 /* 124 * Run dtors for all objects that are eligible. 125 */ 126 void 127 _dl_run_all_dtors(void) 128 { 129 elf_object_t *node; 130 int fini_complete; 131 int skip_initfirst; 132 int initfirst_skipped; 133 134 fini_complete = 0; 135 skip_initfirst = 1; 136 initfirst_skipped = 0; 137 138 while (fini_complete == 0) { 139 fini_complete = 1; 140 for (node = _dl_objects; 141 node != NULL; 142 node = node->next) { 143 if ((node->dyn.fini || node->dyn.fini_array) && 144 (OBJECT_REF_CNT(node) == 0) && 145 (node->status & STAT_INIT_DONE) && 146 ((node->status & STAT_FINI_DONE) == 0)) { 147 if (skip_initfirst && 148 (node->obj_flags & DF_1_INITFIRST)) 149 initfirst_skipped = 1; 150 else 151 node->status |= STAT_FINI_READY; 152 } 153 } 154 for (node = _dl_objects; 155 node != NULL; 156 node = node->next ) { 157 if ((node->dyn.fini || node->dyn.fini_array) && 158 (OBJECT_REF_CNT(node) == 0) && 159 (node->status & STAT_INIT_DONE) && 160 ((node->status & STAT_FINI_DONE) == 0) && 161 (!skip_initfirst || 162 (node->obj_flags & DF_1_INITFIRST) == 0)) { 163 struct object_vector vec = node->child_vec; 164 int i; 165 166 for (i = 0; i < vec.len; i++) 167 vec.vec[i]->status &= ~STAT_FINI_READY; 168 } 169 } 170 171 172 for (node = _dl_objects; 173 node != NULL; 174 node = node->next ) { 175 if (node->status & STAT_FINI_READY) { 176 fini_complete = 0; 177 node->status |= STAT_FINI_DONE; 178 node->status &= ~STAT_FINI_READY; 179 _dl_run_dtors(node); 180 } 181 } 182 183 if (fini_complete && initfirst_skipped) 184 fini_complete = initfirst_skipped = skip_initfirst = 0; 185 } 186 } 187 188 /* 189 * Routine to walk through all of the objects except the first 190 * (main executable). 191 * 192 * Big question, should dlopen()ed objects be unloaded before or after 193 * the destructor for the main application runs? 194 */ 195 void 196 _dl_dtors(void) 197 { 198 _dl_thread_kern_stop(); 199 200 /* ORDER? */ 201 _dl_unload_dlopen(); 202 203 DL_DEB(("doing dtors\n")); 204 205 _dl_objects->opencount--; 206 _dl_notify_unload_shlib(_dl_objects); 207 208 _dl_run_all_dtors(); 209 } 210 211 #if DO_CLEAN_BOOT 212 void 213 _dl_clean_boot(void) 214 { 215 extern char boot_text_start[], boot_text_end[]; 216 #if 0 /* XXX breaks boehm-gc?!? */ 217 extern char boot_data_start[], boot_data_end[]; 218 #endif 219 220 _dl_munmap(boot_text_start, boot_text_end - boot_text_start); 221 #if 0 /* XXX breaks boehm-gc?!? */ 222 _dl_munmap(boot_data_start, boot_data_end - boot_data_start); 223 #endif 224 } 225 #endif /* DO_CLEAN_BOOT */ 226 227 void 228 _dl_dopreload(char *paths) 229 { 230 char *cp, *dp; 231 elf_object_t *shlib; 232 int count; 233 234 dp = paths = _dl_strdup(paths); 235 if (dp == NULL) 236 _dl_oom(); 237 238 /* preallocate child_vec for the LD_PRELOAD objects */ 239 count = 1; 240 while (*dp++ != '\0') 241 if (*dp == ':') 242 count++; 243 object_vec_grow(&_dl_objects->child_vec, count); 244 245 dp = paths; 246 while ((cp = _dl_strsep(&dp, ":")) != NULL) { 247 shlib = _dl_load_shlib(cp, _dl_objects, OBJTYPE_LIB, 248 _dl_objects->obj_flags); 249 if (shlib == NULL) 250 _dl_die("can't preload library '%s'", cp); 251 _dl_add_object(shlib); 252 _dl_link_child(shlib, _dl_objects); 253 } 254 _dl_free(paths); 255 return; 256 } 257 258 /* 259 * grab interesting environment variables, zap bad env vars if 260 * issetugid, and set the exported environ and __progname variables 261 */ 262 void 263 _dl_setup_env(const char *argv0, char **envp) 264 { 265 static char progname_storage[NAME_MAX+1] = ""; 266 267 /* 268 * Get paths to various things we are going to use. 269 */ 270 _dl_debug = _dl_getenv("LD_DEBUG", envp) != NULL; 271 _dl_libpath = _dl_split_path(_dl_getenv("LD_LIBRARY_PATH", envp)); 272 _dl_preload = _dl_getenv("LD_PRELOAD", envp); 273 _dl_bindnow = _dl_getenv("LD_BIND_NOW", envp) != NULL; 274 _dl_traceld = _dl_getenv("LD_TRACE_LOADED_OBJECTS", envp) != NULL; 275 _dl_tracefmt1 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT1", envp); 276 _dl_tracefmt2 = _dl_getenv("LD_TRACE_LOADED_OBJECTS_FMT2", envp); 277 _dl_traceprog = _dl_getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME", envp); 278 279 /* 280 * Don't allow someone to change the search paths if he runs 281 * a suid program without credentials high enough. 282 */ 283 _dl_trust = !_dl_issetugid(); 284 if (!_dl_trust) { /* Zap paths if s[ug]id... */ 285 if (_dl_libpath) { 286 _dl_free_path(_dl_libpath); 287 _dl_libpath = NULL; 288 _dl_unsetenv("LD_LIBRARY_PATH", envp); 289 } 290 if (_dl_preload) { 291 _dl_preload = NULL; 292 _dl_unsetenv("LD_PRELOAD", envp); 293 } 294 if (_dl_bindnow) { 295 _dl_bindnow = 0; 296 _dl_unsetenv("LD_BIND_NOW", envp); 297 } 298 if (_dl_debug) { 299 _dl_debug = 0; 300 _dl_unsetenv("LD_DEBUG", envp); 301 } 302 } 303 environ = envp; 304 305 _dl_trace_setup(envp); 306 307 if (argv0 != NULL) { /* NULL ptr if argc = 0 */ 308 const char *p = _dl_strrchr(argv0, '/'); 309 310 if (p == NULL) 311 p = argv0; 312 else 313 p++; 314 _dl_strlcpy(progname_storage, p, sizeof(progname_storage)); 315 } 316 __progname = progname_storage; 317 } 318 319 int 320 _dl_load_dep_libs(elf_object_t *object, int flags, int booting) 321 { 322 elf_object_t *dynobj; 323 Elf_Dyn *dynp; 324 unsigned int loop; 325 int libcount; 326 int depflags; 327 328 dynobj = object; 329 while (dynobj) { 330 DL_DEB(("examining: '%s'\n", dynobj->load_name)); 331 libcount = 0; 332 333 /* propagate DF_1_NOW to deplibs (can be set by dynamic tags) */ 334 depflags = flags | (dynobj->obj_flags & DF_1_NOW); 335 336 for (dynp = dynobj->load_dyn; dynp->d_tag; dynp++) { 337 if (dynp->d_tag == DT_NEEDED) { 338 libcount++; 339 } 340 } 341 342 if ( libcount != 0) { 343 struct listent { 344 Elf_Dyn *dynp; 345 elf_object_t *depobj; 346 } *liblist; 347 int *randomlist; 348 349 liblist = _dl_reallocarray(NULL, libcount, 350 sizeof(struct listent)); 351 randomlist = _dl_reallocarray(NULL, libcount, 352 sizeof(int)); 353 354 if (liblist == NULL || randomlist == NULL) 355 _dl_oom(); 356 357 for (dynp = dynobj->load_dyn, loop = 0; dynp->d_tag; 358 dynp++) 359 if (dynp->d_tag == DT_NEEDED) 360 liblist[loop++].dynp = dynp; 361 362 /* Randomize these */ 363 for (loop = 0; loop < libcount; loop++) 364 randomlist[loop] = loop; 365 366 for (loop = 1; loop < libcount; loop++) { 367 unsigned int rnd; 368 int cur; 369 rnd = _dl_arc4random(); 370 rnd = rnd % (loop+1); 371 cur = randomlist[rnd]; 372 randomlist[rnd] = randomlist[loop]; 373 randomlist[loop] = cur; 374 } 375 376 for (loop = 0; loop < libcount; loop++) { 377 elf_object_t *depobj; 378 const char *libname; 379 libname = dynobj->dyn.strtab; 380 libname += 381 liblist[randomlist[loop]].dynp->d_un.d_val; 382 DL_DEB(("loading: %s required by %s\n", libname, 383 dynobj->load_name)); 384 depobj = _dl_load_shlib(libname, dynobj, 385 OBJTYPE_LIB, depflags); 386 if (depobj == 0) { 387 if (booting) { 388 _dl_die( 389 "can't load library '%s'", 390 libname); 391 } 392 DL_DEB(("dlopen: failed to open %s\n", 393 libname)); 394 _dl_free(liblist); 395 _dl_free(randomlist); 396 return (1); 397 } 398 liblist[randomlist[loop]].depobj = depobj; 399 } 400 401 object_vec_grow(&dynobj->child_vec, libcount); 402 for (loop = 0; loop < libcount; loop++) { 403 _dl_add_object(liblist[loop].depobj); 404 _dl_link_child(liblist[loop].depobj, dynobj); 405 } 406 _dl_free(liblist); 407 _dl_free(randomlist); 408 } 409 dynobj = dynobj->next; 410 } 411 412 _dl_cache_grpsym_list_setup(object); 413 414 return(0); 415 } 416 417 418 /* do any RWX -> RX fixups for executable PLTs and apply GNU_RELRO */ 419 static inline void 420 _dl_self_relro(long loff) 421 { 422 Elf_Ehdr *ehdp; 423 Elf_Phdr *phdp; 424 int i; 425 426 ehdp = (Elf_Ehdr *)loff; 427 phdp = (Elf_Phdr *)(loff + ehdp->e_phoff); 428 for (i = 0; i < ehdp->e_phnum; i++, phdp++) { 429 switch (phdp->p_type) { 430 #if defined(__alpha__) || defined(__hppa__) || defined(__powerpc__) || \ 431 defined(__sparc64__) 432 case PT_LOAD: 433 if ((phdp->p_flags & (PF_X | PF_W)) != (PF_X | PF_W)) 434 break; 435 _dl_mprotect((void *)(phdp->p_vaddr + loff), 436 phdp->p_memsz, PROT_READ); 437 break; 438 #endif 439 case PT_GNU_RELRO: 440 _dl_mprotect((void *)(phdp->p_vaddr + loff), 441 phdp->p_memsz, PROT_READ); 442 break; 443 } 444 } 445 } 446 447 448 #define PFLAGS(X) ((((X) & PF_R) ? PROT_READ : 0) | \ 449 (((X) & PF_W) ? PROT_WRITE : 0) | \ 450 (((X) & PF_X) ? PROT_EXEC : 0)) 451 452 /* 453 * This is the dynamic loader entrypoint. When entering here, depending 454 * on architecture type, the stack and registers are set up according 455 * to the architectures ABI specification. The first thing required 456 * to do is to dig out all information we need to accomplish our task. 457 */ 458 unsigned long 459 _dl_boot(const char **argv, char **envp, const long dyn_loff, long *dl_data) 460 { 461 struct elf_object *exe_obj; /* Pointer to executable object */ 462 struct elf_object *dyn_obj; /* Pointer to ld.so object */ 463 struct r_debug **map_link; /* Where to put pointer for gdb */ 464 struct r_debug *debug_map; 465 struct load_list *next_load, *load_list = NULL; 466 Elf_Dyn *dynp; 467 Elf_Phdr *phdp; 468 Elf_Ehdr *ehdr; 469 char *us = NULL; 470 unsigned int loop; 471 int failed; 472 struct dep_node *n; 473 Elf_Addr minva, maxva, exe_loff; 474 Elf_Phdr *ptls = NULL; 475 int align; 476 477 if (dl_data[AUX_pagesz] != 0) 478 _dl_pagesz = dl_data[AUX_pagesz]; 479 _dl_malloc_init(); 480 481 _dl_argv = argv; 482 while (_dl_argv[_dl_argc] != NULL) 483 _dl_argc++; 484 _dl_setup_env(argv[0], envp); 485 486 /* 487 * Make read-only the GOT and PLT and variables initialized 488 * during the ld.so setup above. 489 */ 490 _dl_self_relro(dyn_loff); 491 492 align = _dl_pagesz - 1; 493 494 #define ROUND_PG(x) (((x) + align) & ~(align)) 495 #define TRUNC_PG(x) ((x) & ~(align)) 496 497 if (_dl_bindnow) { 498 /* Lazy binding disabled, so disable kbind */ 499 _dl___syscall(SYS_kbind, (void *)NULL, (size_t)0, (long long)0); 500 } 501 502 DL_DEB(("ld.so loading: '%s'\n", __progname)); 503 504 /* init this in runtime, not statically */ 505 TAILQ_INIT(&_dlopened_child_list); 506 507 exe_obj = NULL; 508 _dl_loading_object = NULL; 509 510 minva = ELF_NO_ADDR; 511 maxva = exe_loff = 0; 512 513 /* 514 * Examine the user application and set up object information. 515 */ 516 phdp = (Elf_Phdr *)dl_data[AUX_phdr]; 517 for (loop = 0; loop < dl_data[AUX_phnum]; loop++) { 518 switch (phdp->p_type) { 519 case PT_PHDR: 520 exe_loff = (Elf_Addr)dl_data[AUX_phdr] - phdp->p_vaddr; 521 us += exe_loff; 522 DL_DEB(("exe load offset: 0x%lx\n", exe_loff)); 523 break; 524 case PT_DYNAMIC: 525 minva = TRUNC_PG(minva); 526 maxva = ROUND_PG(maxva); 527 exe_obj = _dl_finalize_object(argv[0] ? argv[0] : "", 528 (Elf_Dyn *)(phdp->p_vaddr + exe_loff), 529 (Elf_Phdr *)dl_data[AUX_phdr], 530 dl_data[AUX_phnum], OBJTYPE_EXE, minva + exe_loff, 531 exe_loff); 532 _dl_add_object(exe_obj); 533 break; 534 case PT_INTERP: 535 us += phdp->p_vaddr; 536 break; 537 case PT_LOAD: 538 if (phdp->p_vaddr < minva) 539 minva = phdp->p_vaddr; 540 if (phdp->p_vaddr > maxva) 541 maxva = phdp->p_vaddr + phdp->p_memsz; 542 543 next_load = _dl_calloc(1, sizeof(struct load_list)); 544 if (next_load == NULL) 545 _dl_oom(); 546 next_load->next = load_list; 547 load_list = next_load; 548 next_load->start = (char *)TRUNC_PG(phdp->p_vaddr) + exe_loff; 549 next_load->size = (phdp->p_vaddr & align) + phdp->p_filesz; 550 next_load->prot = PFLAGS(phdp->p_flags); 551 break; 552 case PT_TLS: 553 if (phdp->p_filesz > phdp->p_memsz) 554 _dl_die("invalid tls data"); 555 ptls = phdp; 556 break; 557 case PT_GNU_RELRO: 558 exe_obj->relro_addr = phdp->p_vaddr + exe_loff; 559 exe_obj->relro_size = phdp->p_memsz; 560 break; 561 } 562 phdp++; 563 } 564 exe_obj->load_list = load_list; 565 exe_obj->obj_flags |= DF_1_GLOBAL; 566 exe_obj->load_size = maxva - minva; 567 _dl_set_sod(exe_obj->load_name, &exe_obj->sod); 568 569 /* TLS bits in the base executable */ 570 if (ptls != NULL && ptls->p_memsz) 571 _dl_set_tls(exe_obj, ptls, exe_loff, NULL); 572 573 n = _dl_malloc(sizeof *n); 574 if (n == NULL) 575 _dl_oom(); 576 n->data = exe_obj; 577 TAILQ_INSERT_TAIL(&_dlopened_child_list, n, next_sib); 578 exe_obj->opencount++; 579 580 if (_dl_preload != NULL) 581 _dl_dopreload(_dl_preload); 582 583 _dl_load_dep_libs(exe_obj, exe_obj->obj_flags, 1); 584 585 /* 586 * Now add the dynamic loader itself last in the object list 587 * so we can use the _dl_ code when serving dl.... calls. 588 * Intentionally left off the exe child_vec. 589 */ 590 dynp = (Elf_Dyn *)((void *)_DYNAMIC); 591 ehdr = (Elf_Ehdr *)dl_data[AUX_base]; 592 dyn_obj = _dl_finalize_object(us, dynp, 593 (Elf_Phdr *)((char *)dl_data[AUX_base] + ehdr->e_phoff), 594 ehdr->e_phnum, OBJTYPE_LDR, dl_data[AUX_base], dyn_loff); 595 _dl_add_object(dyn_obj); 596 597 dyn_obj->refcount++; 598 _dl_link_grpsym(dyn_obj); 599 600 dyn_obj->status |= STAT_RELOC_DONE; 601 _dl_set_sod(dyn_obj->load_name, &dyn_obj->sod); 602 603 /* calculate the offsets for static TLS allocations */ 604 _dl_allocate_tls_offsets(); 605 606 /* 607 * Make something to help gdb when poking around in the code. 608 * Do this poking at the .dynamic section now, before relocation 609 * renders it read-only 610 */ 611 map_link = NULL; 612 #ifdef __mips__ 613 if (exe_obj->Dyn.info[DT_MIPS_RLD_MAP - DT_LOPROC + DT_NUM] != 0) 614 map_link = (struct r_debug **)(exe_obj->Dyn.info[ 615 DT_MIPS_RLD_MAP - DT_LOPROC + DT_NUM] + exe_loff); 616 #endif 617 if (map_link == NULL) { 618 for (dynp = exe_obj->load_dyn; dynp->d_tag; dynp++) { 619 if (dynp->d_tag == DT_DEBUG) { 620 map_link = (struct r_debug **)&dynp->d_un.d_ptr; 621 break; 622 } 623 } 624 if (dynp->d_tag != DT_DEBUG) 625 DL_DEB(("failed to mark DTDEBUG\n")); 626 } 627 if (map_link) { 628 debug_map = _dl_malloc(sizeof(*debug_map)); 629 if (debug_map == NULL) 630 _dl_oom(); 631 debug_map->r_version = 1; 632 debug_map->r_map = (struct link_map *)_dl_objects; 633 debug_map->r_brk = (Elf_Addr)_dl_debug_state; 634 debug_map->r_state = RT_CONSISTENT; 635 debug_map->r_ldbase = dyn_loff; 636 _dl_debug_map = debug_map; 637 #ifdef __mips__ 638 Elf_Addr relro_addr = exe_obj->relro_addr; 639 if (dynp->d_tag == DT_DEBUG && 640 ((Elf_Addr)map_link + sizeof(*map_link) <= relro_addr || 641 (Elf_Addr)map_link >= relro_addr + exe_obj->relro_size)) { 642 _dl_mprotect(map_link, sizeof(*map_link), 643 PROT_READ|PROT_WRITE); 644 *map_link = _dl_debug_map; 645 _dl_mprotect(map_link, sizeof(*map_link), 646 PROT_READ|PROT_EXEC); 647 } else 648 #endif 649 *map_link = _dl_debug_map; 650 } 651 652 653 /* 654 * Everything should be in place now for doing the relocation 655 * and binding. Call _dl_rtld to do the job. Fingers crossed. 656 */ 657 658 failed = 0; 659 if (!_dl_traceld) 660 failed = _dl_rtld(_dl_objects); 661 662 if (_dl_debug || _dl_traceld) { 663 if (_dl_traceld) 664 _dl_pledge("stdio rpath", NULL); 665 _dl_show_objects(); 666 } 667 668 DL_DEB(("dynamic loading done, %s.\n", 669 (failed == 0) ? "success":"failed")); 670 671 if (failed != 0) 672 _dl_die("relocation failed"); 673 674 if (_dl_traceld) 675 _dl_exit(0); 676 677 _dl_loading_object = NULL; 678 679 /* set up the TIB for the initial thread */ 680 _dl_allocate_first_tib(); 681 682 _dl_fixup_user_env(); 683 684 _dl_debug_state(); 685 686 /* 687 * Do not run init code if run from ldd. 688 */ 689 if (_dl_objects->next != NULL) { 690 _dl_call_preinit(_dl_objects); 691 _dl_call_init(_dl_objects); 692 } 693 694 DL_DEB(("entry point: 0x%lx\n", dl_data[AUX_entry])); 695 696 /* 697 * Return the entry point. 698 */ 699 return(dl_data[AUX_entry]); 700 } 701 702 int 703 _dl_rtld(elf_object_t *object) 704 { 705 struct load_list *llist; 706 int fails = 0; 707 708 if (object->next) 709 fails += _dl_rtld(object->next); 710 711 if (object->status & STAT_RELOC_DONE) 712 return 0; 713 714 /* 715 * Do relocation information first, then GOT. 716 */ 717 unprotect_if_textrel(object); 718 fails =_dl_md_reloc(object, DT_REL, DT_RELSZ); 719 fails += _dl_md_reloc(object, DT_RELA, DT_RELASZ); 720 reprotect_if_textrel(object); 721 fails += _dl_md_reloc_got(object, !(_dl_bindnow || 722 object->obj_flags & DF_1_NOW)); 723 724 /* 725 * Look for W&X segments and make them read-only. 726 */ 727 for (llist = object->load_list; llist != NULL; llist = llist->next) { 728 if ((llist->prot & PROT_WRITE) && (llist->prot & PROT_EXEC)) { 729 _dl_mprotect(llist->start, llist->size, 730 llist->prot & ~PROT_WRITE); 731 } 732 } 733 734 if (fails == 0) 735 object->status |= STAT_RELOC_DONE; 736 737 return (fails); 738 } 739 740 void 741 _dl_call_preinit(elf_object_t *object) 742 { 743 if (object->dyn.preinit_array) { 744 int num = object->dyn.preinit_arraysz / sizeof(Elf_Addr); 745 int i; 746 747 DL_DEB(("doing preinitarray obj %p @%p: [%s]\n", 748 object, object->dyn.preinit_array, object->load_name)); 749 for (i = 0; i < num; i++) 750 (*object->dyn.preinit_array[i])(_dl_argc, _dl_argv, 751 environ, &_dl_cb_cb); 752 } 753 } 754 755 void 756 _dl_call_init(elf_object_t *object) 757 { 758 _dl_call_init_recurse(object, 1); 759 _dl_call_init_recurse(object, 0); 760 } 761 762 static void 763 _dl_relro(elf_object_t *object) 764 { 765 /* 766 * Handle GNU_RELRO 767 */ 768 if (object->relro_addr != 0 && object->relro_size != 0) { 769 Elf_Addr addr = object->relro_addr; 770 771 DL_DEB(("protect RELRO [0x%lx,0x%lx) in %s\n", 772 addr, addr + object->relro_size, object->load_name)); 773 _dl_mprotect((void *)addr, object->relro_size, PROT_READ); 774 } 775 } 776 777 void 778 _dl_call_init_recurse(elf_object_t *object, int initfirst) 779 { 780 struct object_vector vec; 781 int visited_flag = initfirst ? STAT_VISIT_INITFIRST : STAT_VISIT_INIT; 782 int i; 783 784 object->status |= visited_flag; 785 786 for (vec = object->child_vec, i = 0; i < vec.len; i++) { 787 if (vec.vec[i]->status & visited_flag) 788 continue; 789 _dl_call_init_recurse(vec.vec[i], initfirst); 790 } 791 792 if (object->status & STAT_INIT_DONE) 793 return; 794 795 if (initfirst && (object->obj_flags & DF_1_INITFIRST) == 0) 796 return; 797 798 if (!initfirst) 799 _dl_relro(object); 800 801 if (object->dyn.init) { 802 DL_DEB(("doing ctors obj %p @%p: [%s]\n", 803 object, object->dyn.init, object->load_name)); 804 (*object->dyn.init)(); 805 } 806 807 if (object->dyn.init_array) { 808 int num = object->dyn.init_arraysz / sizeof(Elf_Addr); 809 int i; 810 811 DL_DEB(("doing initarray obj %p @%p: [%s]\n", 812 object, object->dyn.init_array, object->load_name)); 813 for (i = 0; i < num; i++) 814 (*object->dyn.init_array[i])(_dl_argc, _dl_argv, 815 environ, &_dl_cb_cb); 816 } 817 818 if (initfirst) 819 _dl_relro(object); 820 821 object->status |= STAT_INIT_DONE; 822 } 823 824 char * 825 _dl_getenv(const char *var, char **env) 826 { 827 const char *ep; 828 829 while ((ep = *env++)) { 830 const char *vp = var; 831 832 while (*vp && *vp == *ep) { 833 vp++; 834 ep++; 835 } 836 if (*vp == '\0' && *ep++ == '=') 837 return((char *)ep); 838 } 839 return(NULL); 840 } 841 842 void 843 _dl_unsetenv(const char *var, char **env) 844 { 845 char *ep; 846 847 while ((ep = *env)) { 848 const char *vp = var; 849 850 while (*vp && *vp == *ep) { 851 vp++; 852 ep++; 853 } 854 if (*vp == '\0' && *ep++ == '=') { 855 char **P; 856 857 for (P = env;; ++P) 858 if (!(*P = *(P + 1))) 859 break; 860 } else 861 env++; 862 } 863 } 864 865 static inline void 866 fixup_sym(struct elf_object *dummy_obj, const char *name, void *addr) 867 { 868 struct sym_res sr; 869 870 sr = _dl_find_symbol(name, SYM_SEARCH_ALL|SYM_NOWARNNOTFOUND|SYM_PLT, 871 NULL, dummy_obj); 872 if (sr.sym != NULL) { 873 void *p = (void *)(sr.sym->st_value + sr.obj->obj_base); 874 if (p != addr) { 875 DL_DEB(("setting %s %p@%s[%p] from %p\n", name, 876 p, sr.obj->load_name, (void *)sr.obj, addr)); 877 *(void **)p = *(void **)addr; 878 } 879 } 880 } 881 882 /* 883 * _dl_fixup_user_env() 884 * 885 * Set the user environment so that programs can use the environment 886 * while running constructors. Specifically, MALLOC_OPTIONS= for malloc() 887 */ 888 void 889 _dl_fixup_user_env(void) 890 { 891 struct elf_object dummy_obj; 892 893 dummy_obj.dyn.symbolic = 0; 894 dummy_obj.load_name = "ld.so"; 895 fixup_sym(&dummy_obj, "environ", &environ); 896 fixup_sym(&dummy_obj, "__progname", &__progname); 897 } 898 899 const void * 900 _dl_cb_cb(int version) 901 { 902 DL_DEB(("version %d callbacks requested\n", version)); 903 if (version == 0) 904 return &callbacks_0; 905 return NULL; 906 } 907 908 static inline void 909 unprotect_if_textrel(elf_object_t *object) 910 { 911 struct load_list *ll; 912 913 if (__predict_false(object->dyn.textrel == 1)) { 914 for (ll = object->load_list; ll != NULL; ll = ll->next) { 915 if ((ll->prot & PROT_WRITE) == 0) 916 _dl_mprotect(ll->start, ll->size, 917 PROT_READ | PROT_WRITE); 918 } 919 } 920 } 921 922 static inline void 923 reprotect_if_textrel(elf_object_t *object) 924 { 925 struct load_list *ll; 926 927 if (__predict_false(object->dyn.textrel == 1)) { 928 for (ll = object->load_list; ll != NULL; ll = ll->next) { 929 if ((ll->prot & PROT_WRITE) == 0) 930 _dl_mprotect(ll->start, ll->size, ll->prot); 931 } 932 } 933 } 934