1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 1988 AT&T 29 * All Rights Reserved 30 */ 31 32 /* 33 * Object file dependent support for ELF objects. 34 */ 35 36 #include <stdio.h> 37 #include <sys/procfs.h> 38 #include <sys/mman.h> 39 #include <sys/debug.h> 40 #include <string.h> 41 #include <limits.h> 42 #include <dlfcn.h> 43 #include <debug.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline.h" 49 #include "msg.h" 50 51 /* 52 * Default and secure dependency search paths. 53 */ 54 static Spath_defn _elf_def_dirs[] = { 55 #if defined(_ELF64) 56 { MSG_ORIG(MSG_PTH_LIB_64), MSG_PTH_LIB_64_SIZE }, 57 { MSG_ORIG(MSG_PTH_USRLIB_64), MSG_PTH_USRLIB_64_SIZE }, 58 #else 59 { MSG_ORIG(MSG_PTH_LIB), MSG_PTH_LIB_SIZE }, 60 { MSG_ORIG(MSG_PTH_USRLIB), MSG_PTH_USRLIB_SIZE }, 61 #endif 62 { 0, 0 } 63 }; 64 65 static Spath_defn _elf_sec_dirs[] = { 66 #if defined(_ELF64) 67 { MSG_ORIG(MSG_PTH_LIBSE_64), MSG_PTH_LIBSE_64_SIZE }, 68 { MSG_ORIG(MSG_PTH_USRLIBSE_64), MSG_PTH_USRLIBSE_64_SIZE }, 69 #else 70 { MSG_ORIG(MSG_PTH_LIBSE), MSG_PTH_LIBSE_SIZE }, 71 { MSG_ORIG(MSG_PTH_USRLIBSE), MSG_PTH_USRLIBSE_SIZE }, 72 #endif 73 { 0, 0 } 74 }; 75 76 Alist *elf_def_dirs = NULL; 77 Alist *elf_sec_dirs = NULL; 78 79 /* 80 * Defines for local functions. 81 */ 82 static void elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int); 83 static Addr elf_entry_point(void); 84 static int elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t); 85 static Alist **elf_get_def_dirs(void); 86 static Alist **elf_get_sec_dirs(void); 87 static char *elf_get_so(const char *, const char *, size_t, size_t); 88 static int elf_needed(Lm_list *, Aliste, Rt_map *, int *); 89 90 /* 91 * Functions and data accessed through indirect pointers. 92 */ 93 Fct elf_fct = { 94 elf_verify, 95 elf_new_lmp, 96 elf_entry_point, 97 elf_needed, 98 lookup_sym, 99 elf_reloc, 100 elf_get_def_dirs, 101 elf_get_sec_dirs, 102 elf_fix_name, 103 elf_get_so, 104 elf_dladdr, 105 dlsym_handle 106 }; 107 108 /* 109 * Default and secure dependency search paths. 110 */ 111 static Alist ** 112 elf_get_def_dirs() 113 { 114 if (elf_def_dirs == NULL) 115 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT); 116 return (&elf_def_dirs); 117 } 118 119 static Alist ** 120 elf_get_sec_dirs() 121 { 122 if (elf_sec_dirs == NULL) 123 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE); 124 return (&elf_sec_dirs); 125 } 126 127 /* 128 * Redefine NEEDED name if necessary. 129 */ 130 static int 131 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni, 132 uint_t orig) 133 { 134 /* 135 * For ABI compliance, if we are asked for ld.so.1, then really give 136 * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1). 137 */ 138 if (((*name == '/') && 139 /* BEGIN CSTYLED */ 140 #if defined(_ELF64) 141 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) || 142 #else 143 (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) || 144 #endif 145 (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) { 146 /* END CSTYLED */ 147 Pdesc *pdp; 148 149 DBG_CALL(Dbg_file_fixname(LIST(clmp), name, 150 MSG_ORIG(MSG_PTH_LIBSYS))); 151 if ((pdp = alist_append(alpp, 0, sizeof (Pdesc), alni)) == NULL) 152 return (0); 153 154 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS); 155 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE; 156 pdp->pd_flags = PD_FLG_PNSLASH; 157 158 return (1); 159 } 160 161 return (expand_paths(clmp, name, alpp, alni, orig, 0)); 162 } 163 164 /* 165 * Determine whether this object requires any hardware or software capabilities. 166 */ 167 static int 168 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej) 169 { 170 Phdr *phdr; 171 int cnt; 172 173 /* LINTED */ 174 phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff); 175 for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) { 176 Cap *cptr; 177 178 if (phdr->p_type != PT_SUNWCAP) 179 continue; 180 181 /* LINTED */ 182 cptr = (Cap *)((char *)ehdr + phdr->p_offset); 183 while (cptr->c_tag != CA_SUNW_NULL) { 184 if (cptr->c_tag == CA_SUNW_HW_1) { 185 /* 186 * Verify the hardware capabilities. 187 */ 188 if (hwcap_check(cptr->c_un.c_val, rej) == 0) 189 return (0); 190 191 /* 192 * Retain this hardware capabilities value for 193 * possible later inspection should this object 194 * be processed as a filtee. 195 */ 196 fdp->fd_hwcap = cptr->c_un.c_val; 197 } 198 if (cptr->c_tag == CA_SUNW_SF_1) { 199 /* 200 * Verify the software capabilities. 201 */ 202 if (sfcap_check(cptr->c_un.c_val, rej) == 0) 203 return (0); 204 } 205 cptr++; 206 } 207 } 208 return (1); 209 } 210 211 /* 212 * Determine if we have been given an ELF file and if so determine if the file 213 * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 214 * with associated error information. 215 */ 216 Fct * 217 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name, 218 Rej_desc *rej) 219 { 220 Ehdr *ehdr; 221 char *caddr = (char *)addr; 222 223 /* 224 * Determine if we're an elf file. If not simply return, we don't set 225 * any rejection information as this test allows use to scroll through 226 * the objects we support (ELF, AOUT). 227 */ 228 if (size < sizeof (Ehdr) || 229 caddr[EI_MAG0] != ELFMAG0 || 230 caddr[EI_MAG1] != ELFMAG1 || 231 caddr[EI_MAG2] != ELFMAG2 || 232 caddr[EI_MAG3] != ELFMAG3) { 233 return (NULL); 234 } 235 236 /* 237 * Check class and encoding. 238 */ 239 /* LINTED */ 240 ehdr = (Ehdr *)addr; 241 if (ehdr->e_ident[EI_CLASS] != M_CLASS) { 242 rej->rej_type = SGS_REJ_CLASS; 243 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS]; 244 return (NULL); 245 } 246 if (ehdr->e_ident[EI_DATA] != M_DATA) { 247 rej->rej_type = SGS_REJ_DATA; 248 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA]; 249 return (NULL); 250 } 251 if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) && 252 (ehdr->e_type != ET_DYN)) { 253 rej->rej_type = SGS_REJ_TYPE; 254 rej->rej_info = (uint_t)ehdr->e_type; 255 return (NULL); 256 } 257 258 /* 259 * Verify ELF version. 260 */ 261 if (ehdr->e_version > EV_CURRENT) { 262 rej->rej_type = SGS_REJ_VERSION; 263 rej->rej_info = (uint_t)ehdr->e_version; 264 return (NULL); 265 } 266 267 /* 268 * Verify machine specific flags. 269 */ 270 if (elf_mach_flags_check(rej, ehdr) == 0) 271 return (NULL); 272 273 /* 274 * Verify any hardware/software capability requirements. Note, if this 275 * object is an explicitly defined shared object under inspection by 276 * ldd(1), and contains an incompatible hardware capabilities 277 * requirement, then inform the user, but continue processing. 278 */ 279 if (elf_cap_check(fdp, ehdr, rej) == 0) { 280 Rt_map *lmp = lml_main.lm_head; 281 282 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && 283 (lmp != NULL) && (FLAGS1(lmp) & FL1_RT_LDDSTUB) && 284 (NEXT(lmp) == NULL)) { 285 const char *fmt; 286 287 if (rej->rej_type == SGS_REJ_HWCAP_1) 288 fmt = MSG_INTL(MSG_LDD_GEN_HWCAP_1); 289 else 290 fmt = MSG_INTL(MSG_LDD_GEN_SFCAP_1); 291 (void) printf(fmt, name, rej->rej_str); 292 return (&elf_fct); 293 } 294 return (NULL); 295 } 296 return (&elf_fct); 297 } 298 299 /* 300 * The runtime linker employs lazy loading to provide the libraries needed for 301 * debugging, preloading .o's and dldump(). As these are seldom used, the 302 * standard startup of ld.so.1 doesn't initialize all the information necessary 303 * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 304 * is called we get here to perform these initializations: 305 * 306 * o elf_needed() is called to set up the DYNINFO() indexes for each lazy 307 * dependency. Typically, for all other objects, this is called during 308 * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 309 * 310 * o For intel, ld.so.1's JMPSLOT relocations need relative updates. These 311 * are by default skipped thus delaying all relative relocation processing 312 * on every invocation of ld.so.1. 313 */ 314 int 315 elf_rtld_load() 316 { 317 Lm_list *lml = &lml_rtld; 318 Rt_map *lmp = lml->lm_head; 319 320 if (lml->lm_flags & LML_FLG_PLTREL) 321 return (1); 322 323 /* 324 * As we need to refer to the DYNINFO() information, insure that it has 325 * been initialized. 326 */ 327 if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0) 328 return (0); 329 330 #if defined(__i386) 331 /* 332 * This is a kludge to give ld.so.1 a performance benefit on i386. 333 * It's based around two factors. 334 * 335 * o JMPSLOT relocations (PLT's) actually need a relative relocation 336 * applied to the GOT entry so that they can find PLT0. 337 * 338 * o ld.so.1 does not exercise *any* PLT's before it has made a call 339 * to elf_lazy_load(). This is because all dynamic dependencies 340 * are recorded as lazy dependencies. 341 */ 342 (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp), 343 (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp), 344 (ulong_t)ADDR(lmp), lmp, NULL); 345 #endif 346 347 lml->lm_flags |= LML_FLG_PLTREL; 348 return (1); 349 } 350 351 /* 352 * Lazy load an object. 353 */ 354 Rt_map * 355 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym, 356 int *in_nfavl) 357 { 358 Alist *palp = NULL; 359 Rt_map *nlmp, *hlmp; 360 Dyninfo *dip = &DYNINFO(clmp)[ndx], *pdip; 361 uint_t flags = 0; 362 const char *name; 363 Lm_list *lml = LIST(clmp); 364 Lm_cntl *lmc; 365 Aliste lmco; 366 367 /* 368 * If this dependency has already been processed, we're done. 369 */ 370 if (((nlmp = (Rt_map *)dip->di_info) != NULL) || 371 (dip->di_flags & FLG_DI_LDD_DONE)) 372 return (nlmp); 373 374 /* 375 * If we're running under ldd(1), indicate that this dependency has been 376 * processed (see test above). It doesn't matter whether the object is 377 * successfully loaded or not, this flag simply ensures that we don't 378 * repeatedly attempt to load an object that has already failed to load. 379 * To do so would create multiple failure diagnostics for the same 380 * object under ldd(1). 381 */ 382 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 383 dip->di_flags |= FLG_DI_LDD_DONE; 384 385 /* 386 * Determine the initial dependency name. 387 */ 388 name = STRTAB(clmp) + DYN(clmp)[ndx].d_un.d_val; 389 DBG_CALL(Dbg_file_lazyload(clmp, name, sym)); 390 391 /* 392 * If this object needs to establish its own group, make sure a handle 393 * is created. 394 */ 395 if (dip->di_flags & FLG_DI_GROUP) 396 flags |= (FLG_RT_SETGROUP | FLG_RT_HANDLE); 397 398 /* 399 * Lazy dependencies are identified as DT_NEEDED entries with a 400 * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 401 * dynamic information element that corresponds to the DT_POSFLAG_1 402 * entry is free, and thus used to store the present entrance 403 * identifier. This identifier is used to prevent multiple attempts to 404 * load a failed lazy loadable dependency within the same runtime linker 405 * operation. However, future attempts to reload this dependency are 406 * still possible. 407 */ 408 if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1)) 409 pdip->di_info = (void *)slp->sl_id; 410 411 /* 412 * Expand the requested name if necessary. 413 */ 414 if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) 415 return (NULL); 416 417 /* 418 * Provided the object on the head of the link-map has completed its 419 * relocation, create a new link-map control list for this request. 420 */ 421 hlmp = lml->lm_head; 422 if (FLAGS(hlmp) & FLG_RT_RELOCED) { 423 if ((lmc = alist_append(&lml->lm_lists, 0, sizeof (Lm_cntl), 424 AL_CNT_LMLISTS)) == NULL) { 425 remove_plist(&palp, 1); 426 return (NULL); 427 } 428 lmco = (Aliste)((char *)lmc - (char *)lml->lm_lists); 429 } else { 430 lmc = 0; 431 lmco = ALIST_OFF_DATA; 432 } 433 434 /* 435 * Load the associated object. 436 */ 437 dip->di_info = nlmp = 438 load_one(lml, lmco, palp, clmp, MODE(clmp), flags, 0, in_nfavl); 439 440 /* 441 * Remove any expanded pathname infrastructure. Reduce the pending lazy 442 * dependency count of the caller, together with the link-map lists 443 * count of objects that still have lazy dependencies pending. 444 */ 445 remove_plist(&palp, 1); 446 if (--LAZY(clmp) == 0) 447 LIST(clmp)->lm_lazy--; 448 449 /* 450 * Finish processing the objects associated with this request, and 451 * create an association between the caller and this dependency. 452 */ 453 if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) || 454 ((nlmp = analyze_lmc(lml, lmco, nlmp, in_nfavl)) == NULL) || 455 (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0))) 456 dip->di_info = nlmp = NULL; 457 458 /* 459 * If this lazyload has failed, and we've created a new link-map 460 * control list to which this request has added objects, then remove 461 * all the objects that have been associated to this request. 462 */ 463 if ((nlmp == NULL) && lmc && lmc->lc_head) 464 remove_lmc(lml, clmp, lmc, lmco, name); 465 466 /* 467 * Finally, remove any link-map control list that was created. 468 */ 469 if (lmc) 470 remove_cntl(lml, lmco); 471 472 /* 473 * If this lazy loading failed, record the fact, and bump the lazy 474 * counts. 475 */ 476 if (nlmp == NULL) { 477 dip->di_flags |= FLG_DI_LAZYFAIL; 478 if (LAZY(clmp)++ == 0) 479 LIST(clmp)->lm_lazy++; 480 } 481 482 return (nlmp); 483 } 484 485 /* 486 * Return the entry point of the ELF executable. 487 */ 488 static Addr 489 elf_entry_point(void) 490 { 491 Rt_map *lmp = lml_main.lm_head; 492 Ehdr *ehdr = (Ehdr *)ADDR(lmp); 493 Addr addr = (Addr)(ehdr->e_entry); 494 495 if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) 496 addr += ADDR(lmp); 497 498 return (addr); 499 } 500 501 /* 502 * Determine if a dependency requires a particular version and if so verify 503 * that the version exists in the dependency. 504 */ 505 int 506 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp) 507 { 508 Verneed *vnd = VERNEED(clmp); 509 int _num, num = VERNEEDNUM(clmp); 510 char *cstrs = (char *)STRTAB(clmp); 511 Lm_list *lml = LIST(clmp); 512 513 /* 514 * Traverse the callers version needed information and determine if any 515 * specific versions are required from the dependency. 516 */ 517 DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp))); 518 for (_num = 1; _num <= num; _num++, 519 vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) { 520 Half cnt = vnd->vn_cnt; 521 Vernaux *vnap; 522 char *nstrs, *need; 523 524 /* 525 * Determine if a needed entry matches this dependency. 526 */ 527 need = (char *)(cstrs + vnd->vn_file); 528 if (strcmp(name, need) != 0) 529 continue; 530 531 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) && 532 ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0)) 533 (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name); 534 535 /* 536 * Validate that each version required actually exists in the 537 * dependency. 538 */ 539 nstrs = (char *)STRTAB(nlmp); 540 541 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt; 542 cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) { 543 char *version, *define; 544 Verdef *vdf = VERDEF(nlmp); 545 ulong_t _num, num = VERDEFNUM(nlmp); 546 int found = 0; 547 548 /* 549 * Skip validation of versions that are marked 550 * INFO. This optimization is used for versions 551 * that are inherited by another version. Verification 552 * of the inheriting version is sufficient. 553 * 554 * Such versions are recorded in the object for the 555 * benefit of VERSYM entries that refer to them. This 556 * provides a purely diagnositic benefit. 557 */ 558 if (vnap->vna_flags & VER_FLG_INFO) 559 continue; 560 561 version = (char *)(cstrs + vnap->vna_name); 562 DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version)); 563 564 for (_num = 1; _num <= num; _num++, 565 vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) { 566 Verdaux *vdap; 567 568 if (vnap->vna_hash != vdf->vd_hash) 569 continue; 570 571 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux); 572 define = (char *)(nstrs + vdap->vda_name); 573 if (strcmp(version, define) != 0) 574 continue; 575 576 found++; 577 break; 578 } 579 580 /* 581 * If we're being traced print out any matched version 582 * when the verbose (-v) option is in effect. Always 583 * print any unmatched versions. 584 */ 585 if (lml->lm_flags & LML_FLG_TRC_ENABLE) { 586 /* BEGIN CSTYLED */ 587 if (found) { 588 if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE)) 589 continue; 590 591 (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND), 592 need, version, NAME(nlmp)); 593 } else { 594 if (rtld_flags & RT_FL_SILENCERR) 595 continue; 596 597 (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND), 598 need, version); 599 } 600 /* END CSTYLED */ 601 continue; 602 } 603 604 /* 605 * If the version hasn't been found then this is a 606 * candidate for a fatal error condition. Weak 607 * version definition requirements are silently 608 * ignored. Also, if the image inspected for a version 609 * definition has no versioning recorded at all then 610 * silently ignore this (this provides better backward 611 * compatibility to old images created prior to 612 * versioning being available). Both of these skipped 613 * diagnostics are available under tracing (see above). 614 */ 615 if ((found == 0) && (num != 0) && 616 (!(vnap->vna_flags & VER_FLG_WEAK))) { 617 eprintf(lml, ERR_FATAL, 618 MSG_INTL(MSG_VER_NFOUND), need, version, 619 NAME(clmp)); 620 return (0); 621 } 622 } 623 } 624 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD)); 625 return (1); 626 } 627 628 /* 629 * Search through the dynamic section for DT_NEEDED entries and perform one 630 * of two functions. If only the first argument is specified then load the 631 * defined shared object, otherwise add the link map representing the defined 632 * link map the the dlopen list. 633 */ 634 static int 635 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl) 636 { 637 Alist *palp = NULL; 638 Dyn *dyn, *pdyn; 639 ulong_t ndx = 0; 640 uint_t lazy, flags; 641 Word lmflags = lml->lm_flags; 642 Word lmtflags = lml->lm_tflags; 643 644 /* 645 * Process each shared object on needed list. 646 */ 647 if (DYN(clmp) == 0) 648 return (1); 649 650 for (dyn = (Dyn *)DYN(clmp), pdyn = NULL; dyn->d_tag != DT_NULL; 651 pdyn = dyn++, ndx++) { 652 Dyninfo *dip = &DYNINFO(clmp)[ndx]; 653 Rt_map *nlmp = 0; 654 char *name; 655 int silent = 0; 656 657 switch (dyn->d_tag) { 658 case DT_POSFLAG_1: 659 dip->di_flags |= FLG_DI_POSFLAG1; 660 continue; 661 case DT_NEEDED: 662 case DT_USED: 663 lazy = flags = 0; 664 dip->di_flags |= FLG_DI_NEEDED; 665 666 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) { 667 if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) && 668 ((lmtflags & LML_TFLG_NOLAZYLD) == 0)) { 669 dip->di_flags |= FLG_DI_LAZY; 670 lazy = 1; 671 } 672 if (pdyn->d_un.d_val & DF_P1_GROUPPERM) { 673 dip->di_flags |= FLG_DI_GROUP; 674 flags = 675 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 676 } 677 } 678 679 name = (char *)STRTAB(clmp) + dyn->d_un.d_val; 680 681 /* 682 * NOTE, libc.so.1 can't be lazy loaded. Although a 683 * lazy position flag won't be produced when a RTLDINFO 684 * .dynamic entry is found (introduced with the UPM in 685 * Solaris 10), it was possible to mark libc for lazy 686 * loading on previous releases. To reduce the overhead 687 * of testing for this occurrence, only carry out this 688 * check for the first object on the link-map list 689 * (there aren't many applications built without libc). 690 */ 691 if (lazy && (lml->lm_head == clmp) && 692 (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0)) 693 lazy = 0; 694 695 /* 696 * Don't bring in lazy loaded objects yet unless we've 697 * been asked to attempt to load all available objects 698 * (crle(1) sets LD_FLAGS=loadavail). Even under 699 * RTLD_NOW we don't process this - RTLD_NOW will cause 700 * relocation processing which in turn might trigger 701 * lazy loading, but its possible that the object has a 702 * lazy loaded file with no bindings (i.e., it should 703 * never have been a dependency in the first place). 704 */ 705 if (lazy) { 706 if ((lmflags & LML_FLG_LOADAVAIL) == 0) { 707 LAZY(clmp)++; 708 lazy = flags = 0; 709 continue; 710 } 711 712 /* 713 * Silence any error messages - see description 714 * under elf_lookup_filtee(). 715 */ 716 if ((rtld_flags & RT_FL_SILENCERR) == 0) { 717 rtld_flags |= RT_FL_SILENCERR; 718 silent = 1; 719 } 720 } 721 break; 722 case DT_AUXILIARY: 723 dip->di_flags |= FLG_DI_AUXFLTR; 724 continue; 725 case DT_SUNW_AUXILIARY: 726 dip->di_flags |= (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR); 727 continue; 728 case DT_FILTER: 729 dip->di_flags |= FLG_DI_STDFLTR; 730 continue; 731 case DT_SUNW_FILTER: 732 dip->di_flags |= (FLG_DI_STDFLTR | FLG_DI_SYMFLTR); 733 continue; 734 default: 735 continue; 736 } 737 738 DBG_CALL(Dbg_file_needed(clmp, name)); 739 740 /* 741 * If we're running under ldd(1), indicate that this dependency 742 * has been processed. It doesn't matter whether the object is 743 * successfully loaded or not, this flag simply ensures that we 744 * don't repeatedly attempt to load an object that has already 745 * failed to load. To do so would create multiple failure 746 * diagnostics for the same object under ldd(1). 747 */ 748 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 749 dip->di_flags |= FLG_DI_LDD_DONE; 750 751 /* 752 * Establish the objects name, load it and establish a binding 753 * with the caller. 754 */ 755 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) || 756 ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp), 757 flags, 0, in_nfavl)) == NULL) || 758 (bind_one(clmp, nlmp, BND_NEEDED) == 0)) 759 nlmp = 0; 760 761 /* 762 * Clean up any infrastructure, including the removal of the 763 * error suppression state, if it had been previously set in 764 * this routine. 765 */ 766 remove_plist(&palp, 0); 767 768 if (silent) 769 rtld_flags &= ~RT_FL_SILENCERR; 770 771 if ((dip->di_info = (void *)nlmp) == 0) { 772 /* 773 * If the object could not be mapped, continue if error 774 * suppression is established or we're here with ldd(1). 775 */ 776 if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags & 777 (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE))) 778 continue; 779 else { 780 remove_plist(&palp, 1); 781 return (0); 782 } 783 } 784 } 785 786 if (LAZY(clmp)) 787 lml->lm_lazy++; 788 789 remove_plist(&palp, 1); 790 return (1); 791 } 792 793 /* 794 * A null symbol interpretor. Used if a filter has no associated filtees. 795 */ 796 /* ARGSUSED0 */ 797 static Sym * 798 elf_null_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 799 { 800 return (NULL); 801 } 802 803 /* 804 * Disable filtee use. 805 */ 806 static void 807 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip) 808 { 809 if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) { 810 /* 811 * If this is an object filter, null out the reference name. 812 */ 813 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) { 814 REFNAME(lmp) = NULL; 815 OBJFLTRNDX(lmp) = FLTR_DISABLED; 816 817 /* 818 * Indicate that this filtee is no longer available. 819 */ 820 if (dip->di_flags & FLG_DI_STDFLTR) 821 SYMINTP(lmp) = elf_null_find_sym; 822 823 } 824 } else if (dip->di_flags & FLG_DI_STDFLTR) { 825 /* 826 * Indicate that this standard filtee is no longer available. 827 */ 828 if (SYMSFLTRCNT(lmp)) 829 SYMSFLTRCNT(lmp)--; 830 } else { 831 /* 832 * Indicate that this auxiliary filtee is no longer available. 833 */ 834 if (SYMAFLTRCNT(lmp)) 835 SYMAFLTRCNT(lmp)--; 836 } 837 dip->di_flags &= ~MSK_DI_FILTER; 838 } 839 840 /* 841 * Find symbol interpreter - filters. 842 * This function is called when the symbols from a shared object should 843 * be resolved from the shared objects filtees instead of from within itself. 844 * 845 * A symbol name of 0 is used to trigger filtee loading. 846 */ 847 static Sym * 848 _elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 849 int *in_nfavl) 850 { 851 const char *name = slp->sl_name, *filtees; 852 Rt_map *clmp = slp->sl_cmap; 853 Rt_map *ilmp = slp->sl_imap; 854 Pdesc *pdp; 855 int any; 856 Dyninfo *dip = &DYNINFO(ilmp)[ndx]; 857 Lm_list *lml = LIST(ilmp); 858 Aliste idx; 859 860 /* 861 * Indicate that the filter has been used. If a binding already exists 862 * to the caller, indicate that this object is referenced. This insures 863 * we don't generate false unreferenced diagnostics from ldd -u/U or 864 * debugging. Don't create a binding regardless, as this filter may 865 * have been dlopen()'ed. 866 */ 867 if (name && (ilmp != clmp)) { 868 Word tracing = (LIST(clmp)->lm_flags & 869 (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)); 870 871 if (tracing || DBG_ENABLED) { 872 Bnd_desc *bdp; 873 Aliste idx; 874 875 FLAGS1(ilmp) |= FL1_RT_USED; 876 877 if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) { 878 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) { 879 if (bdp->b_caller == clmp) { 880 bdp->b_flags |= BND_REFER; 881 break; 882 } 883 } 884 } 885 } 886 } 887 888 /* 889 * If this is the first call to process this filter, establish the 890 * filtee list. If a configuration file exists, determine if any 891 * filtee associations for this filter, and its filtee reference, are 892 * defined. Otherwise, process the filtee reference. Any token 893 * expansion is also completed at this point (i.e., $PLATFORM). 894 */ 895 filtees = (char *)STRTAB(ilmp) + DYN(ilmp)[ndx].d_un.d_val; 896 if (dip->di_info == 0) { 897 if (rtld_flags2 & RT_FL2_FLTCFG) 898 elf_config_flt(lml, PATHNAME(ilmp), filtees, 899 (Alist **)&dip->di_info, AL_CNT_FILTEES); 900 901 if (dip->di_info == 0) { 902 DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0)); 903 if ((lml->lm_flags & 904 (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) && 905 ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0)) 906 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER), 907 NAME(ilmp), filtees); 908 909 if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info, 910 AL_CNT_FILTEES, 0, 0) == 0) { 911 elf_disable_filtee(ilmp, dip); 912 return (NULL); 913 } 914 } 915 } 916 917 /* 918 * Traverse the filtee list, dlopen()'ing any objects specified and 919 * using their group handle to lookup the symbol. 920 */ 921 any = 0; 922 for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) { 923 int mode; 924 Grp_hdl *ghp; 925 Rt_map *nlmp = 0; 926 927 if (pdp->pd_plen == 0) 928 continue; 929 930 /* 931 * Establish the mode of the filtee from the filter. As filtees 932 * are loaded via a dlopen(), make sure that RTLD_GROUP is set 933 * and the filtees aren't global. It would be nice to have 934 * RTLD_FIRST used here also, but as filters got out long before 935 * RTLD_FIRST was introduced it's a little too late now. 936 */ 937 mode = MODE(ilmp) | RTLD_GROUP; 938 mode &= ~RTLD_GLOBAL; 939 940 /* 941 * Insure that any auxiliary filter can locate symbols from its 942 * caller. 943 */ 944 if (dip->di_flags & FLG_DI_AUXFLTR) 945 mode |= RTLD_PARENT; 946 947 /* 948 * Process any hardware capability directory. Establish a new 949 * link-map control list from which to analyze any newly added 950 * objects. 951 */ 952 if ((pdp->pd_info == 0) && (pdp->pd_flags & PD_TKN_HWCAP)) { 953 const char *dir = pdp->pd_pname; 954 Lm_cntl *lmc; 955 Aliste lmco; 956 957 if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) { 958 if ((lmc = alist_append(&lml->lm_lists, 0, 959 sizeof (Lm_cntl), AL_CNT_LMLISTS)) == NULL) 960 return (NULL); 961 lmco = (Aliste)((char *)lmc - 962 (char *)lml->lm_lists); 963 } else { 964 lmc = 0; 965 lmco = ALIST_OFF_DATA; 966 } 967 968 /* 969 * Determine the hardware capability filtees. If none 970 * can be found, provide suitable diagnostics. 971 */ 972 DBG_CALL(Dbg_cap_hw_filter(lml, dir, ilmp)); 973 if (hwcap_filtees((Alist **)&dip->di_info, idx, dir, 974 lmco, lmc, ilmp, filtees, mode, 975 (FLG_RT_HANDLE | FLG_RT_HWCAP), in_nfavl) == 0) { 976 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 977 (dip->di_flags & FLG_DI_AUXFLTR) && 978 (rtld_flags & RT_FL_WARNFLTR)) { 979 (void) printf( 980 MSG_INTL(MSG_LDD_HWCAP_NFOUND), 981 dir); 982 } 983 DBG_CALL(Dbg_cap_hw_filter(lml, dir, 0)); 984 } 985 986 /* 987 * Re-establish the originating path name descriptor, as 988 * the expansion of hardware capabilities filtees may 989 * have re-allocated the controlling Alist. Mark this 990 * original pathname descriptor as unused so that the 991 * descriptor isn't revisited for processing. Any real 992 * hardware capabilities filtees have been added as new 993 * pathname descriptors following this descriptor. 994 */ 995 pdp = alist_item((Alist *)dip->di_info, idx); 996 pdp->pd_flags &= ~PD_TKN_HWCAP; 997 pdp->pd_plen = 0; 998 999 /* 1000 * Now that any hardware capability objects have been 1001 * processed, remove any link-map control list. 1002 */ 1003 if (lmc) 1004 remove_cntl(lml, lmco); 1005 } 1006 1007 if (pdp->pd_plen == 0) 1008 continue; 1009 1010 /* 1011 * Process an individual filtee. 1012 */ 1013 if (pdp->pd_info == 0) { 1014 const char *filtee = pdp->pd_pname; 1015 int audit = 0; 1016 1017 DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0)); 1018 1019 ghp = 0; 1020 1021 /* 1022 * Determine if the reference link map is already 1023 * loaded. As an optimization compare the filtee with 1024 * our interpretor. The most common filter is 1025 * libdl.so.1, which is a filter on ld.so.1. 1026 */ 1027 #if defined(_ELF64) 1028 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) { 1029 #else 1030 if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) { 1031 #endif 1032 /* 1033 * Create an association between ld.so.1 and the 1034 * filter. As an optimization, a handle for 1035 * ld.so.1 itself (required for the dlopen() 1036 * family filtering mechanism) shouldn't search 1037 * any dependencies of ld.so.1. Omitting 1038 * GPD_ADDEPS prevents the addition of any 1039 * ld.so.1 dependencies to this handle. 1040 */ 1041 nlmp = lml_rtld.lm_head; 1042 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp, 1043 (GPH_LDSO | GPH_FIRST | GPH_FILTEE), 1044 (GPD_DLSYM | GPD_RELOC), GPD_PARENT)) == 0) 1045 nlmp = 0; 1046 1047 /* 1048 * Establish the filter handle to prevent any 1049 * recursion. 1050 */ 1051 if (nlmp && ghp) 1052 pdp->pd_info = (void *)ghp; 1053 1054 /* 1055 * Audit the filter/filtee established. Ignore 1056 * any return from the auditor, as we can't 1057 * allow ignore filtering to ld.so.1, otherwise 1058 * nothing is going to work. 1059 */ 1060 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) & 1061 LML_TFLG_AUD_OBJFILTER)) 1062 (void) audit_objfilter(ilmp, filtees, 1063 nlmp, 0); 1064 1065 } else { 1066 Rej_desc rej = { 0 }; 1067 Fdesc fd = { 0 }; 1068 Lm_cntl *lmc; 1069 Aliste lmco; 1070 1071 /* 1072 * Trace the inspection of this file, determine 1073 * any auditor substitution, and seed the file 1074 * descriptor with the originating name. 1075 */ 1076 if (load_trace(lml, pdp, clmp, &fd) == NULL) 1077 continue; 1078 1079 /* 1080 * Establish a new link-map control list from 1081 * which to analyze any newly added objects. 1082 */ 1083 if (FLAGS(lml->lm_head) & FLG_RT_RELOCED) { 1084 if ((lmc = 1085 alist_append(&lml->lm_lists, 0, 1086 sizeof (Lm_cntl), 1087 AL_CNT_LMLISTS)) == NULL) 1088 return (NULL); 1089 lmco = (Aliste)((char *)lmc - 1090 (char *)lml->lm_lists); 1091 } else { 1092 lmc = 0; 1093 lmco = ALIST_OFF_DATA; 1094 } 1095 1096 /* 1097 * Locate and load the filtee. 1098 */ 1099 if ((nlmp = load_path(lml, lmco, ilmp, mode, 1100 FLG_RT_HANDLE, &ghp, &fd, &rej, 1101 in_nfavl)) == NULL) 1102 file_notfound(LIST(ilmp), filtee, ilmp, 1103 FLG_RT_HANDLE, &rej); 1104 1105 filtee = pdp->pd_pname; 1106 1107 /* 1108 * Establish the filter handle to prevent any 1109 * recursion. 1110 */ 1111 if (nlmp && ghp) { 1112 ghp->gh_flags |= GPH_FILTEE; 1113 pdp->pd_info = (void *)ghp; 1114 1115 FLAGS1(nlmp) |= FL1_RT_USED; 1116 } 1117 1118 /* 1119 * Audit the filter/filtee established. A 1120 * return of 0 indicates the auditor wishes to 1121 * ignore this filtee. 1122 */ 1123 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) & 1124 LML_TFLG_AUD_OBJFILTER)) { 1125 if (audit_objfilter(ilmp, filtees, 1126 nlmp, 0) == 0) { 1127 audit = 1; 1128 nlmp = 0; 1129 } 1130 } 1131 1132 /* 1133 * Finish processing the objects associated with 1134 * this request. Create an association between 1135 * this object and the originating filter to 1136 * provide sufficient information to tear down 1137 * this filtee if necessary. 1138 */ 1139 if (nlmp && ghp && (((nlmp = analyze_lmc(lml, 1140 lmco, nlmp, in_nfavl)) == NULL) || 1141 (relocate_lmc(lml, lmco, ilmp, nlmp, 1142 in_nfavl) == 0))) 1143 nlmp = 0; 1144 1145 /* 1146 * If the filtee has been successfully 1147 * processed, then create an association 1148 * between the filter and filtee. This 1149 * association provides sufficient information 1150 * to tear down the filter and filtee if 1151 * necessary. 1152 */ 1153 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD)); 1154 if (nlmp && ghp && 1155 (hdl_add(ghp, ilmp, GPD_FILTER) == 0)) 1156 nlmp = 0; 1157 1158 /* 1159 * Generate a diagnostic if the filtee couldn't 1160 * be loaded. 1161 */ 1162 if (nlmp == 0) 1163 DBG_CALL(Dbg_file_filtee(lml, 0, filtee, 1164 audit)); 1165 1166 /* 1167 * If this filtee loading has failed, and we've 1168 * created a new link-map control list to which 1169 * this request has added objects, then remove 1170 * all the objects that have been associated to 1171 * this request. 1172 */ 1173 if ((nlmp == 0) && lmc && lmc->lc_head) 1174 remove_lmc(lml, clmp, lmc, lmco, name); 1175 1176 /* 1177 * Remove any link-map control list that was 1178 * created. 1179 */ 1180 if (lmc) 1181 remove_cntl(lml, lmco); 1182 } 1183 1184 /* 1185 * If the filtee couldn't be loaded, null out the 1186 * path name descriptor entry, and continue the search. 1187 * Otherwise, the group handle is retained for future 1188 * symbol searches. 1189 */ 1190 if (nlmp == 0) { 1191 pdp->pd_info = NULL; 1192 pdp->pd_plen = 0; 1193 continue; 1194 } 1195 } 1196 1197 ghp = (Grp_hdl *)pdp->pd_info; 1198 1199 /* 1200 * If we're just here to trigger filtee loading skip the symbol 1201 * lookup so we'll continue looking for additional filtees. 1202 */ 1203 if (name) { 1204 Grp_desc *gdp; 1205 Sym *sym = NULL; 1206 Aliste idx; 1207 Slookup sl = *slp; 1208 1209 sl.sl_flags |= LKUP_FIRST; 1210 any++; 1211 1212 /* 1213 * Look for the symbol in the handles dependencies. 1214 */ 1215 for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) { 1216 if ((gdp->gd_flags & GPD_DLSYM) == 0) 1217 continue; 1218 1219 /* 1220 * If our parent is a dependency don't look at 1221 * it (otherwise we are in a recursive loop). 1222 * This situation can occur with auxiliary 1223 * filters if the filtee has a dependency on the 1224 * filter. This dependency isn't necessary as 1225 * auxiliary filters are opened RTLD_PARENT, but 1226 * users may still unknowingly add an explicit 1227 * dependency to the parent. 1228 */ 1229 if ((sl.sl_imap = gdp->gd_depend) == ilmp) 1230 continue; 1231 1232 if (((sym = SYMINTP(sl.sl_imap)(&sl, dlmp, 1233 binfo, in_nfavl)) != 0) || 1234 (ghp->gh_flags & GPH_FIRST)) 1235 break; 1236 } 1237 1238 /* 1239 * If a symbol has been found, indicate the binding 1240 * and return the symbol. 1241 */ 1242 if (sym) { 1243 *binfo |= DBG_BINFO_FILTEE; 1244 return (sym); 1245 } 1246 } 1247 1248 /* 1249 * If this object is tagged to terminate filtee processing we're 1250 * done. 1251 */ 1252 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE) 1253 break; 1254 } 1255 1256 /* 1257 * If we're just here to trigger filtee loading then we're done. 1258 */ 1259 if (name == 0) 1260 return (NULL); 1261 1262 /* 1263 * If no filtees have been found for a filter, clean up any path name 1264 * descriptors and disable their search completely. For auxiliary 1265 * filters we can reselect the symbol search function so that we never 1266 * enter this routine again for this object. For standard filters we 1267 * use the null symbol routine. 1268 */ 1269 if (any == 0) { 1270 remove_plist((Alist **)&(dip->di_info), 1); 1271 elf_disable_filtee(ilmp, dip); 1272 return (NULL); 1273 } 1274 1275 return (NULL); 1276 } 1277 1278 /* 1279 * Focal point for disabling error messages for auxiliary filters. As an 1280 * auxiliary filter allows for filtee use, but provides a fallback should a 1281 * filtee not exist (or fail to load), any errors generated as a consequence of 1282 * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 1283 * suppresses errors generated by eprint(), but insures a debug diagnostic is 1284 * produced. ldd(1) employs printf(), and here, the selection of whether to 1285 * print a diagnostic in regards to auxiliary filters is a little more complex. 1286 * 1287 * . The determination of whether to produce an ldd message, or a fatal 1288 * error message is driven by LML_FLG_TRC_ENABLE. 1289 * . More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 1290 * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 1291 * and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u). 1292 * 1293 * . If the calling object is lddstub, then several classes of message are 1294 * suppressed. The user isn't trying to diagnose lddstub, this is simply 1295 * a stub executable employed to preload a user specified library against. 1296 * 1297 * . If RT_FL_SILENCERR is in effect then any generic ldd() messages should 1298 * be suppressed. All detailed ldd messages should still be produced. 1299 */ 1300 Sym * 1301 elf_lookup_filtee(Slookup *slp, Rt_map **dlmp, uint_t *binfo, uint_t ndx, 1302 int *in_nfavl) 1303 { 1304 Sym *sym; 1305 Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx]; 1306 int silent = 0; 1307 1308 /* 1309 * Make sure this entry is still acting as a filter. We may have tried 1310 * to process this previously, and disabled it if the filtee couldn't 1311 * be processed. However, other entries may provide different filtees 1312 * that are yet to be completed. 1313 */ 1314 if (dip->di_flags == 0) 1315 return (NULL); 1316 1317 /* 1318 * Indicate whether an error message is required should this filtee not 1319 * be found, based on the type of filter. 1320 */ 1321 if ((dip->di_flags & FLG_DI_AUXFLTR) && 1322 ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) { 1323 rtld_flags |= RT_FL_SILENCERR; 1324 silent = 1; 1325 } 1326 1327 sym = _elf_lookup_filtee(slp, dlmp, binfo, ndx, in_nfavl); 1328 1329 if (silent) 1330 rtld_flags &= ~RT_FL_SILENCERR; 1331 1332 return (sym); 1333 } 1334 1335 /* 1336 * Compute the elf hash value (as defined in the ELF access library). 1337 * The form of the hash table is: 1338 * 1339 * |--------------| 1340 * | # of buckets | 1341 * |--------------| 1342 * | # of chains | 1343 * |--------------| 1344 * | bucket[] | 1345 * |--------------| 1346 * | chain[] | 1347 * |--------------| 1348 */ 1349 ulong_t 1350 elf_hash(const char *name) 1351 { 1352 uint_t hval = 0; 1353 1354 while (*name) { 1355 uint_t g; 1356 hval = (hval << 4) + *name++; 1357 if ((g = (hval & 0xf0000000)) != 0) 1358 hval ^= g >> 24; 1359 hval &= ~g; 1360 } 1361 return ((ulong_t)hval); 1362 } 1363 1364 /* 1365 * If flag argument has LKUP_SPEC set, we treat undefined symbols of type 1366 * function specially in the executable - if they have a value, even though 1367 * undefined, we use that value. This allows us to associate all references 1368 * to a function's address to a single place in the process: the plt entry 1369 * for that function in the executable. Calls to lookup from plt binding 1370 * routines do NOT set LKUP_SPEC in the flag. 1371 */ 1372 Sym * 1373 elf_find_sym(Slookup *slp, Rt_map **dlmp, uint_t *binfo, int *in_nfavl) 1374 { 1375 const char *name = slp->sl_name; 1376 Rt_map *ilmp = slp->sl_imap; 1377 ulong_t hash = slp->sl_hash; 1378 uint_t ndx, htmp, buckets, *chainptr; 1379 Sym *sym, *symtabptr; 1380 char *strtabptr, *strtabname; 1381 uint_t flags1; 1382 Syminfo *sip; 1383 1384 /* 1385 * If we're only here to establish a symbols index, skip the diagnostic 1386 * used to trace a symbol search. 1387 */ 1388 if ((slp->sl_flags & LKUP_SYMNDX) == 0) 1389 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF))); 1390 1391 if (HASH(ilmp) == 0) 1392 return (NULL); 1393 1394 buckets = HASH(ilmp)[0]; 1395 /* LINTED */ 1396 htmp = (uint_t)hash % buckets; 1397 1398 /* 1399 * Get the first symbol on hash chain and initialize the string 1400 * and symbol table pointers. 1401 */ 1402 if ((ndx = HASH(ilmp)[htmp + 2]) == 0) 1403 return (NULL); 1404 1405 chainptr = HASH(ilmp) + 2 + buckets; 1406 strtabptr = STRTAB(ilmp); 1407 symtabptr = SYMTAB(ilmp); 1408 1409 while (ndx) { 1410 sym = symtabptr + ndx; 1411 strtabname = strtabptr + sym->st_name; 1412 1413 /* 1414 * Compare the symbol found with the name required. If the 1415 * names don't match continue with the next hash entry. 1416 */ 1417 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) { 1418 if ((ndx = chainptr[ndx]) != 0) 1419 continue; 1420 return (NULL); 1421 } 1422 1423 /* 1424 * The Solaris ld does not put DT_VERSYM in the dynamic 1425 * section, but the GNU ld does. The GNU runtime linker 1426 * interprets the top bit of the 16-bit Versym value 1427 * (0x8000) as the "hidden" bit. If this bit is set, 1428 * the linker is supposed to act as if that symbol does 1429 * not exist. The hidden bit supports their versioning 1430 * scheme, which allows multiple incompatible functions 1431 * with the same name to exist at different versions 1432 * within an object. The Solaris linker does not support this 1433 * mechanism, or the model of interface evolution that 1434 * it allows, but we honor the hidden bit in GNU ld 1435 * produced objects in order to interoperate with them. 1436 */ 1437 if ((VERSYM(ilmp) != NULL) && 1438 ((VERSYM(ilmp)[ndx] & 0x8000) != 0)) { 1439 DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name, 1440 ndx, VERSYM(ilmp)[ndx])); 1441 if ((ndx = chainptr[ndx]) != 0) 1442 continue; 1443 return (NULL); 1444 } 1445 1446 /* 1447 * If we're only here to establish a symbols index, we're done. 1448 */ 1449 if (slp->sl_flags & LKUP_SYMNDX) 1450 return (sym); 1451 1452 /* 1453 * If we find a match and the symbol is defined, return the 1454 * symbol pointer and the link map in which it was found. 1455 */ 1456 if (sym->st_shndx != SHN_UNDEF) { 1457 *dlmp = ilmp; 1458 *binfo |= DBG_BINFO_FOUND; 1459 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1460 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1461 is_sym_interposer(ilmp, sym))) 1462 *binfo |= DBG_BINFO_INTERPOSE; 1463 break; 1464 1465 /* 1466 * If we find a match and the symbol is undefined, the 1467 * symbol type is a function, and the value of the symbol 1468 * is non zero, then this is a special case. This allows 1469 * the resolution of a function address to the plt[] entry. 1470 * See SPARC ABI, Dynamic Linking, Function Addresses for 1471 * more details. 1472 */ 1473 } else if ((slp->sl_flags & LKUP_SPEC) && 1474 (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) && 1475 (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) { 1476 *dlmp = ilmp; 1477 *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR); 1478 if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) || 1479 ((FLAGS(ilmp) & FLG_RT_SYMINTPO) && 1480 is_sym_interposer(ilmp, sym))) 1481 *binfo |= DBG_BINFO_INTERPOSE; 1482 return (sym); 1483 } 1484 1485 /* 1486 * Undefined symbol. 1487 */ 1488 return (NULL); 1489 } 1490 1491 /* 1492 * We've found a match. Determine if the defining object contains 1493 * symbol binding information. 1494 */ 1495 if ((sip = SYMINFO(ilmp)) != 0) 1496 sip += ndx; 1497 1498 /* 1499 * If this definition is a singleton, and we haven't followed a default 1500 * symbol search knowing that we're looking for a singleton (presumably 1501 * because the symbol definition has been changed since the referring 1502 * object was built), then reject this binding so that the caller can 1503 * fall back to a standard symbol search. 1504 */ 1505 if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) && 1506 (((slp->sl_flags & LKUP_STANDARD) == 0) || 1507 (((slp->sl_flags & LKUP_SINGLETON) == 0) && 1508 (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) { 1509 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1510 DBG_BNDREJ_SINGLE)); 1511 *binfo |= BINFO_REJSINGLE; 1512 *binfo &= ~DBG_BINFO_MSK; 1513 return (NULL); 1514 } 1515 1516 /* 1517 * If this is a direct binding request, but the symbol definition has 1518 * disabled directly binding to it (presumably because the symbol 1519 * definition has been changed since the referring object was built), 1520 * reject this binding so that the caller can fall back to a standard 1521 * symbol search. 1522 */ 1523 if (sip && (slp->sl_flags & LKUP_DIRECT) && 1524 (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) { 1525 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1526 DBG_BNDREJ_DIRECT)); 1527 *binfo |= BINFO_REJDIRECT; 1528 *binfo &= ~DBG_BINFO_MSK; 1529 return (NULL); 1530 } 1531 1532 /* 1533 * If this is a binding request within an RTLD_GROUP family, and the 1534 * symbol has disabled directly binding to it, reject this binding so 1535 * that the caller can fall back to a standard symbol search. 1536 * 1537 * Effectively, an RTLD_GROUP family achieves what can now be 1538 * established with direct bindings. However, various symbols have 1539 * been tagged as inappropriate for direct binding to (ie. libc:malloc). 1540 * 1541 * A symbol marked as no-direct cannot be used within a group without 1542 * first ensuring that the symbol has not been interposed upon outside 1543 * of the group. A common example occurs when users implement their own 1544 * version of malloc() in the executable. Such a malloc() interposes on 1545 * the libc:malloc, and this interposition must be honored within the 1546 * group as well. 1547 * 1548 * Following any rejection, LKUP_WORLD is established as a means of 1549 * overriding this test as we return to a standard search. 1550 */ 1551 if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) && 1552 ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) && 1553 ((slp->sl_flags & LKUP_WORLD) == 0)) { 1554 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name, 1555 DBG_BNDREJ_GROUP)); 1556 *binfo |= BINFO_REJGROUP; 1557 *binfo &= ~DBG_BINFO_MSK; 1558 return (NULL); 1559 } 1560 1561 /* 1562 * Determine whether this object is acting as a filter. 1563 */ 1564 if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0) 1565 return (sym); 1566 1567 /* 1568 * Determine if this object offers per-symbol filtering, and if so, 1569 * whether this symbol references a filtee. 1570 */ 1571 if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) { 1572 /* 1573 * If this is a standard filter reference, and no standard 1574 * filtees remain to be inspected, we're done. If this is an 1575 * auxiliary filter reference, and no auxiliary filtees remain, 1576 * we'll fall through in case any object filtering is available. 1577 */ 1578 if ((sip->si_flags & SYMINFO_FLG_FILTER) && 1579 (SYMSFLTRCNT(ilmp) == 0)) 1580 return (NULL); 1581 1582 if ((sip->si_flags & SYMINFO_FLG_FILTER) || 1583 ((sip->si_flags & SYMINFO_FLG_AUXILIARY) && 1584 SYMAFLTRCNT(ilmp))) { 1585 Sym *fsym; 1586 1587 /* 1588 * This symbol has an associated filtee. Lookup the 1589 * symbol in the filtee, and if it is found return it. 1590 * If the symbol doesn't exist, and this is a standard 1591 * filter, return an error, otherwise fall through to 1592 * catch any object filtering that may be available. 1593 */ 1594 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1595 sip->si_boundto, in_nfavl)) != 0) 1596 return (fsym); 1597 if (sip->si_flags & SYMINFO_FLG_FILTER) 1598 return (NULL); 1599 } 1600 } 1601 1602 /* 1603 * Determine if this object provides global filtering. 1604 */ 1605 if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) { 1606 Sym *fsym; 1607 1608 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) { 1609 /* 1610 * This object has an associated filtee. Lookup the 1611 * symbol in the filtee, and if it is found return it. 1612 * If the symbol doesn't exist, and this is a standard 1613 * filter, return and error, otherwise return the symbol 1614 * within the filter itself. 1615 */ 1616 if ((fsym = elf_lookup_filtee(slp, dlmp, binfo, 1617 OBJFLTRNDX(ilmp), in_nfavl)) != 0) 1618 return (fsym); 1619 } 1620 1621 if (flags1 & FL1_RT_OBJSFLTR) 1622 return (NULL); 1623 } 1624 return (sym); 1625 } 1626 1627 /* 1628 * Create a new Rt_map structure for an ELF object and initialize 1629 * all values. 1630 */ 1631 Rt_map * 1632 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize, 1633 void *odyn, int *in_nfavl) 1634 { 1635 const char *name = fdp->fd_nname; 1636 Rt_map *lmp; 1637 Ehdr *ehdr = (Ehdr *)addr; 1638 Phdr *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL; 1639 Dyn *dyn = (Dyn *)odyn; 1640 Cap *cap = NULL; 1641 int ndx; 1642 Addr base, fltr = 0, audit = 0, cfile = 0, crle = 0; 1643 Xword rpath = 0; 1644 size_t lmsz, rtsz, epsz, dynsz = 0; 1645 uint_t dyncnt = 0; 1646 1647 DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco)); 1648 1649 /* 1650 * If this is a shared object, the base address of the shared object is 1651 * added to all address values defined within the object. Otherwise, if 1652 * this is an executable, all object addresses are used as is. 1653 */ 1654 if (ehdr->e_type == ET_EXEC) 1655 base = 0; 1656 else 1657 base = addr; 1658 1659 /* 1660 * Traverse the program header table, picking off required items. This 1661 * traversal also provides for the sizing of the PT_DYNAMIC section. 1662 */ 1663 phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff); 1664 for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++, 1665 phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) { 1666 switch (phdr->p_type) { 1667 case PT_DYNAMIC: 1668 dphdr = phdr; 1669 dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base); 1670 break; 1671 case PT_TLS: 1672 tphdr = phdr; 1673 break; 1674 case PT_SUNWCAP: 1675 cap = (Cap *)((uintptr_t)phdr->p_vaddr + base); 1676 break; 1677 case PT_SUNW_UNWIND: 1678 uphdr = phdr; 1679 break; 1680 default: 1681 break; 1682 } 1683 } 1684 1685 /* 1686 * Determine the number of PT_DYNAMIC entries for the DYNINFO() 1687 * allocation. Sadly, this is a little larger than we really need, 1688 * as there are typically padding DT_NULL entries. However, adding 1689 * this data to the initial link-map allocation is a win. 1690 */ 1691 if (dyn) { 1692 dyncnt = dphdr->p_filesz / sizeof (Dyn); 1693 dynsz = dyncnt * sizeof (Dyninfo); 1694 } 1695 1696 /* 1697 * Allocate space for the link-map, private elf information, and 1698 * DYNINFO() data. Once these are allocated and initialized, 1699 * remove_so(0, lmp) can be used to tear down the link-map allocation 1700 * should any failures occur. 1701 */ 1702 rtsz = S_DROUND(sizeof (Rt_map)); 1703 epsz = S_DROUND(sizeof (Rt_elfp)); 1704 lmsz = rtsz + epsz + dynsz; 1705 if ((lmp = calloc(lmsz, 1)) == NULL) 1706 return (NULL); 1707 ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz); 1708 DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz); 1709 LMSIZE(lmp) = lmsz; 1710 1711 /* 1712 * All fields not filled in were set to 0 by calloc. 1713 */ 1714 NAME(lmp) = (char *)name; 1715 ADDR(lmp) = addr; 1716 MSIZE(lmp) = msize; 1717 SYMINTP(lmp) = elf_find_sym; 1718 FCT(lmp) = &elf_fct; 1719 LIST(lmp) = lml; 1720 OBJFLTRNDX(lmp) = FLTR_DISABLED; 1721 SORTVAL(lmp) = -1; 1722 DYN(lmp) = dyn; 1723 DYNINFOCNT(lmp) = dyncnt; 1724 PTUNWIND(lmp) = uphdr; 1725 1726 if (ehdr->e_type == ET_EXEC) 1727 FLAGS(lmp) |= FLG_RT_FIXED; 1728 1729 /* 1730 * Fill in rest of the link map entries with information from the file's 1731 * dynamic structure. 1732 */ 1733 if (dyn) { 1734 uint_t dynndx = 0; 1735 Xword pltpadsz = 0; 1736 Rti_desc *rti; 1737 1738 /* CSTYLED */ 1739 for ( ; dyn->d_tag != DT_NULL; ++dyn, dynndx++) { 1740 switch ((Xword)dyn->d_tag) { 1741 case DT_SYMTAB: 1742 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1743 break; 1744 case DT_SUNW_SYMTAB: 1745 SUNWSYMTAB(lmp) = 1746 (void *)(dyn->d_un.d_ptr + base); 1747 break; 1748 case DT_SUNW_SYMSZ: 1749 SUNWSYMSZ(lmp) = dyn->d_un.d_val; 1750 break; 1751 case DT_STRTAB: 1752 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1753 break; 1754 case DT_SYMENT: 1755 SYMENT(lmp) = dyn->d_un.d_val; 1756 break; 1757 case DT_FEATURE_1: 1758 dyn->d_un.d_val |= DTF_1_PARINIT; 1759 if (dyn->d_un.d_val & DTF_1_CONFEXP) 1760 crle = 1; 1761 break; 1762 case DT_MOVESZ: 1763 MOVESZ(lmp) = dyn->d_un.d_val; 1764 FLAGS(lmp) |= FLG_RT_MOVE; 1765 break; 1766 case DT_MOVEENT: 1767 MOVEENT(lmp) = dyn->d_un.d_val; 1768 break; 1769 case DT_MOVETAB: 1770 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base); 1771 break; 1772 case DT_REL: 1773 case DT_RELA: 1774 /* 1775 * At this time, ld.so. can only handle one 1776 * type of relocation per object. 1777 */ 1778 REL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1779 break; 1780 case DT_RELSZ: 1781 case DT_RELASZ: 1782 RELSZ(lmp) = dyn->d_un.d_val; 1783 break; 1784 case DT_RELENT: 1785 case DT_RELAENT: 1786 RELENT(lmp) = dyn->d_un.d_val; 1787 break; 1788 case DT_RELCOUNT: 1789 case DT_RELACOUNT: 1790 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val; 1791 break; 1792 case DT_HASH: 1793 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base); 1794 break; 1795 case DT_PLTGOT: 1796 PLTGOT(lmp) = 1797 (uint_t *)(dyn->d_un.d_ptr + base); 1798 break; 1799 case DT_PLTRELSZ: 1800 PLTRELSZ(lmp) = dyn->d_un.d_val; 1801 break; 1802 case DT_JMPREL: 1803 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base); 1804 break; 1805 case DT_INIT: 1806 if (dyn->d_un.d_ptr != NULL) 1807 INIT(lmp) = 1808 (void (*)())(dyn->d_un.d_ptr + 1809 base); 1810 break; 1811 case DT_FINI: 1812 if (dyn->d_un.d_ptr != NULL) 1813 FINI(lmp) = 1814 (void (*)())(dyn->d_un.d_ptr + 1815 base); 1816 break; 1817 case DT_INIT_ARRAY: 1818 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1819 base); 1820 break; 1821 case DT_INIT_ARRAYSZ: 1822 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1823 break; 1824 case DT_FINI_ARRAY: 1825 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1826 base); 1827 break; 1828 case DT_FINI_ARRAYSZ: 1829 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1830 break; 1831 case DT_PREINIT_ARRAY: 1832 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr + 1833 base); 1834 break; 1835 case DT_PREINIT_ARRAYSZ: 1836 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val; 1837 break; 1838 case DT_RPATH: 1839 case DT_RUNPATH: 1840 rpath = dyn->d_un.d_val; 1841 break; 1842 case DT_FILTER: 1843 fltr = dyn->d_un.d_val; 1844 OBJFLTRNDX(lmp) = dynndx; 1845 FLAGS1(lmp) |= FL1_RT_OBJSFLTR; 1846 break; 1847 case DT_AUXILIARY: 1848 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1849 fltr = dyn->d_un.d_val; 1850 OBJFLTRNDX(lmp) = dynndx; 1851 } 1852 FLAGS1(lmp) |= FL1_RT_OBJAFLTR; 1853 break; 1854 case DT_SUNW_FILTER: 1855 SYMSFLTRCNT(lmp)++; 1856 FLAGS1(lmp) |= FL1_RT_SYMSFLTR; 1857 break; 1858 case DT_SUNW_AUXILIARY: 1859 if (!(rtld_flags & RT_FL_NOAUXFLTR)) { 1860 SYMAFLTRCNT(lmp)++; 1861 } 1862 FLAGS1(lmp) |= FL1_RT_SYMAFLTR; 1863 break; 1864 case DT_DEPAUDIT: 1865 if (!(rtld_flags & RT_FL_NOAUDIT)) 1866 audit = dyn->d_un.d_val; 1867 break; 1868 case DT_CONFIG: 1869 cfile = dyn->d_un.d_val; 1870 break; 1871 case DT_DEBUG: 1872 /* 1873 * DT_DEBUG entries are only created in 1874 * dynamic objects that require an interpretor 1875 * (ie. all dynamic executables and some shared 1876 * objects), and provide for a hand-shake with 1877 * debuggers. This entry is initialized to 1878 * zero by the link-editor. If a debugger has 1879 * us and updated this entry set the debugger 1880 * flag, and finish initializing the debugging 1881 * structure (see setup() also). Switch off any 1882 * configuration object use as most debuggers 1883 * can't handle fixed dynamic executables as 1884 * dependencies, and we can't handle requests 1885 * like object padding for alternative objects. 1886 */ 1887 if (dyn->d_un.d_ptr) 1888 rtld_flags |= 1889 (RT_FL_DEBUGGER | RT_FL_NOOBJALT); 1890 dyn->d_un.d_ptr = (Addr)&r_debug; 1891 break; 1892 case DT_VERNEED: 1893 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr + 1894 base); 1895 break; 1896 case DT_VERNEEDNUM: 1897 /* LINTED */ 1898 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val; 1899 break; 1900 case DT_VERDEF: 1901 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr + 1902 base); 1903 break; 1904 case DT_VERDEFNUM: 1905 /* LINTED */ 1906 VERDEFNUM(lmp) = (int)dyn->d_un.d_val; 1907 break; 1908 case DT_VERSYM: 1909 /* 1910 * The Solaris ld does not produce DT_VERSYM, 1911 * but the GNU ld does, in order to support 1912 * their style of versioning, which differs 1913 * from ours in some ways, while using the 1914 * same data structures. The presence of 1915 * DT_VERSYM therefore means that GNU 1916 * versioning rules apply to the given file. 1917 * If DT_VERSYM is not present, then Solaris 1918 * versioning rules apply. 1919 */ 1920 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr + 1921 base); 1922 break; 1923 case DT_BIND_NOW: 1924 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1925 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1926 MODE(lmp) |= RTLD_NOW; 1927 MODE(lmp) &= ~RTLD_LAZY; 1928 } 1929 break; 1930 case DT_FLAGS: 1931 FLAGS1(lmp) |= FL1_RT_DTFLAGS; 1932 if (dyn->d_un.d_val & DF_SYMBOLIC) 1933 FLAGS1(lmp) |= FL1_RT_SYMBOLIC; 1934 if ((dyn->d_un.d_val & DF_BIND_NOW) && 1935 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1936 MODE(lmp) |= RTLD_NOW; 1937 MODE(lmp) &= ~RTLD_LAZY; 1938 } 1939 /* 1940 * Capture any static TLS use, and enforce that 1941 * this object be non-deletable. 1942 */ 1943 if (dyn->d_un.d_val & DF_STATIC_TLS) { 1944 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 1945 MODE(lmp) |= RTLD_NODELETE; 1946 } 1947 break; 1948 case DT_FLAGS_1: 1949 if (dyn->d_un.d_val & DF_1_DISPRELPND) 1950 FLAGS1(lmp) |= FL1_RT_DISPREL; 1951 if (dyn->d_un.d_val & DF_1_GROUP) 1952 FLAGS(lmp) |= 1953 (FLG_RT_SETGROUP | FLG_RT_HANDLE); 1954 if ((dyn->d_un.d_val & DF_1_NOW) && 1955 ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) { 1956 MODE(lmp) |= RTLD_NOW; 1957 MODE(lmp) &= ~RTLD_LAZY; 1958 } 1959 if (dyn->d_un.d_val & DF_1_NODELETE) 1960 MODE(lmp) |= RTLD_NODELETE; 1961 if (dyn->d_un.d_val & DF_1_INITFIRST) 1962 FLAGS(lmp) |= FLG_RT_INITFRST; 1963 if (dyn->d_un.d_val & DF_1_NOOPEN) 1964 FLAGS(lmp) |= FLG_RT_NOOPEN; 1965 if (dyn->d_un.d_val & DF_1_LOADFLTR) 1966 FLAGS(lmp) |= FLG_RT_LOADFLTR; 1967 if (dyn->d_un.d_val & DF_1_NODUMP) 1968 FLAGS(lmp) |= FLG_RT_NODUMP; 1969 if (dyn->d_un.d_val & DF_1_CONFALT) 1970 crle = 1; 1971 if (dyn->d_un.d_val & DF_1_DIRECT) 1972 FLAGS1(lmp) |= FL1_RT_DIRECT; 1973 if (dyn->d_un.d_val & DF_1_NODEFLIB) 1974 FLAGS1(lmp) |= FL1_RT_NODEFLIB; 1975 if (dyn->d_un.d_val & DF_1_ENDFILTEE) 1976 FLAGS1(lmp) |= FL1_RT_ENDFILTE; 1977 if (dyn->d_un.d_val & DF_1_TRANS) 1978 FLAGS(lmp) |= FLG_RT_TRANS; 1979 1980 /* 1981 * Global auditing is only meaningful when 1982 * specified by the initiating object of the 1983 * process - typically the dynamic executable. 1984 * If this is the initiaiting object, its link- 1985 * map will not yet have been added to the 1986 * link-map list, and consequently the link-map 1987 * list is empty. (see setup()). 1988 */ 1989 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) { 1990 if (lml_main.lm_head == 0) 1991 FLAGS1(lmp) |= FL1_RT_GLOBAUD; 1992 else 1993 DBG_CALL(Dbg_audit_ignore(lmp)); 1994 } 1995 1996 /* 1997 * If this object identifies itself as an 1998 * interposer, but relocation processing has 1999 * already started, then demote it. It's too 2000 * late to guarantee complete interposition. 2001 */ 2002 /* BEGIN CSTYLED */ 2003 if (dyn->d_un.d_val & 2004 (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) { 2005 if (lml->lm_flags & LML_FLG_STARTREL) { 2006 DBG_CALL(Dbg_util_intoolate(lmp)); 2007 if (lml->lm_flags & LML_FLG_TRC_ENABLE) 2008 (void) printf( 2009 MSG_INTL(MSG_LDD_REL_ERR2), 2010 NAME(lmp)); 2011 } else if (dyn->d_un.d_val & DF_1_INTERPOSE) 2012 FLAGS(lmp) |= FLG_RT_OBJINTPO; 2013 else 2014 FLAGS(lmp) |= FLG_RT_SYMINTPO; 2015 } 2016 /* END CSTYLED */ 2017 break; 2018 case DT_SYMINFO: 2019 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr + 2020 base); 2021 break; 2022 case DT_SYMINENT: 2023 SYMINENT(lmp) = dyn->d_un.d_val; 2024 break; 2025 case DT_PLTPAD: 2026 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base); 2027 break; 2028 case DT_PLTPADSZ: 2029 pltpadsz = dyn->d_un.d_val; 2030 break; 2031 case DT_SUNW_RTLDINF: 2032 /* 2033 * Maintain a list of RTLDINFO structures. 2034 * Typically, libc is the only supplier, and 2035 * only one structure is provided. However, 2036 * multiple suppliers and multiple structures 2037 * are supported. For example, one structure 2038 * may provide thread_init, and another 2039 * structure may provide atexit reservations. 2040 */ 2041 if ((rti = alist_append(&lml->lm_rti, 0, 2042 sizeof (Rti_desc), 2043 AL_CNT_RTLDINFO)) == NULL) { 2044 remove_so(0, lmp); 2045 return (NULL); 2046 } 2047 rti->rti_lmp = lmp; 2048 rti->rti_info = (void *)(dyn->d_un.d_ptr + 2049 base); 2050 break; 2051 case DT_SUNW_SORTENT: 2052 SUNWSORTENT(lmp) = dyn->d_un.d_val; 2053 break; 2054 case DT_SUNW_SYMSORT: 2055 SUNWSYMSORT(lmp) = 2056 (void *)(dyn->d_un.d_ptr + base); 2057 break; 2058 case DT_SUNW_SYMSORTSZ: 2059 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val; 2060 break; 2061 case DT_DEPRECATED_SPARC_REGISTER: 2062 case M_DT_REGISTER: 2063 FLAGS(lmp) |= FLG_RT_REGSYMS; 2064 break; 2065 } 2066 } 2067 2068 if (PLTPAD(lmp)) { 2069 if (pltpadsz == (Xword)0) 2070 PLTPAD(lmp) = 0; 2071 else 2072 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) + 2073 pltpadsz); 2074 } 2075 } 2076 2077 /* 2078 * A dynsym contains only global functions. We want to have 2079 * a version of it that also includes local functions, so that 2080 * dladdr() will be able to report names for local functions 2081 * when used to generate a stack trace for a stripped file. 2082 * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2083 * 2084 * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2085 * in order to avoid having to have two copies of the global 2086 * symbols held in DT_SYMTAB: The local symbols are placed in 2087 * a separate section than the globals in the dynsym, but the 2088 * linker conspires to put the data for these two sections adjacent 2089 * to each other. DT_SUNW_SYMTAB points at the top of the local 2090 * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2091 * 2092 * If the two sections are not adjacent, then something went wrong 2093 * at link time. We use ASSERT to kill the process if this is 2094 * a debug build. In a production build, we will silently ignore 2095 * the presence of the .ldynsym and proceed. We can detect this 2096 * situation by checking to see that DT_SYMTAB lies in 2097 * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ. 2098 */ 2099 if ((SUNWSYMTAB(lmp) != NULL) && 2100 (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) || 2101 (((char *)SYMTAB(lmp) >= 2102 (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) { 2103 ASSERT(0); 2104 SUNWSYMTAB(lmp) = NULL; 2105 SUNWSYMSZ(lmp) = 0; 2106 } 2107 2108 /* 2109 * If configuration file use hasn't been disabled, and a configuration 2110 * file hasn't already been set via an environment variable, see if any 2111 * application specific configuration file is specified. An LD_CONFIG 2112 * setting is used first, but if this image was generated via crle(1) 2113 * then a default configuration file is a fall-back. 2114 */ 2115 if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == 0)) { 2116 if (cfile) 2117 config->c_name = (const char *)(cfile + 2118 (char *)STRTAB(lmp)); 2119 else if (crle) 2120 rtld_flags |= RT_FL_CONFAPP; 2121 } 2122 2123 if (rpath) 2124 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp)); 2125 if (fltr) 2126 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp)); 2127 2128 /* 2129 * For Intel ABI compatibility. It's possible that a JMPREL can be 2130 * specified without any other relocations (e.g. a dynamic executable 2131 * normally only contains .plt relocations). If this is the case then 2132 * no REL, RELSZ or RELENT will have been created. For us to be able 2133 * to traverse the .plt relocations under LD_BIND_NOW we need to know 2134 * the RELENT for these relocations. Refer to elf_reloc() for more 2135 * details. 2136 */ 2137 if (!RELENT(lmp) && JMPREL(lmp)) 2138 RELENT(lmp) = sizeof (M_RELOC); 2139 2140 /* 2141 * Establish any per-object auditing. If we're establishing `main's 2142 * link-map its too early to go searching for audit objects so just 2143 * hold the object name for later (see setup()). 2144 */ 2145 if (audit) { 2146 char *cp = audit + (char *)STRTAB(lmp); 2147 2148 if (*cp) { 2149 if (((AUDITORS(lmp) = 2150 calloc(1, sizeof (Audit_desc))) == NULL) || 2151 ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) { 2152 remove_so(0, lmp); 2153 return (NULL); 2154 } 2155 if (lml_main.lm_head) { 2156 if (audit_setup(lmp, AUDITORS(lmp), 0, 2157 in_nfavl) == 0) { 2158 remove_so(0, lmp); 2159 return (NULL); 2160 } 2161 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags; 2162 lml->lm_flags |= LML_FLG_LOCAUDIT; 2163 } 2164 } 2165 } 2166 2167 if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) { 2168 remove_so(0, lmp); 2169 return (NULL); 2170 } 2171 2172 if (cap) 2173 cap_assign(cap, lmp); 2174 2175 /* 2176 * Add the mapped object to the end of the link map list. 2177 */ 2178 lm_append(lml, lmco, lmp); 2179 2180 /* 2181 * Start the system loading in the ELF information we'll be processing. 2182 */ 2183 if (REL(lmp)) { 2184 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) + 2185 (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp), 2186 MADV_WILLNEED); 2187 } 2188 return (lmp); 2189 } 2190 2191 /* 2192 * Assign hardware/software capabilities. 2193 */ 2194 void 2195 cap_assign(Cap *cap, Rt_map *lmp) 2196 { 2197 while (cap->c_tag != CA_SUNW_NULL) { 2198 switch (cap->c_tag) { 2199 case CA_SUNW_HW_1: 2200 HWCAP(lmp) = cap->c_un.c_val; 2201 break; 2202 case CA_SUNW_SF_1: 2203 SFCAP(lmp) = cap->c_un.c_val; 2204 } 2205 cap++; 2206 } 2207 } 2208 2209 /* 2210 * Build full pathname of shared object from given directory name and filename. 2211 */ 2212 static char * 2213 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen) 2214 { 2215 static char pname[PATH_MAX]; 2216 2217 (void) strncpy(pname, dir, dlen); 2218 pname[dlen++] = '/'; 2219 (void) strncpy(&pname[dlen], file, flen + 1); 2220 return (pname); 2221 } 2222 2223 /* 2224 * The copy relocation is recorded in a copy structure which will be applied 2225 * after all other relocations are carried out. This provides for copying data 2226 * that must be relocated itself (ie. pointers in shared objects). This 2227 * structure also provides a means of binding RTLD_GROUP dependencies to any 2228 * copy relocations that have been taken from any group members. 2229 * 2230 * If the size of the .bss area available for the copy information is not the 2231 * same as the source of the data inform the user if we're under ldd(1) control 2232 * (this checking was only established in 5.3, so by only issuing an error via 2233 * ldd(1) we maintain the standard set by previous releases). 2234 */ 2235 int 2236 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym, 2237 Rt_map *dlmp, const void *dadd) 2238 { 2239 Rel_copy rc; 2240 Lm_list *lml = LIST(rlmp); 2241 2242 rc.r_name = name; 2243 rc.r_rsym = rsym; /* the new reference symbol and its */ 2244 rc.r_rlmp = rlmp; /* associated link-map */ 2245 rc.r_dlmp = dlmp; /* the defining link-map */ 2246 rc.r_dsym = dsym; /* the original definition */ 2247 rc.r_radd = radd; 2248 rc.r_dadd = dadd; 2249 2250 if (rsym->st_size > dsym->st_size) 2251 rc.r_size = (size_t)dsym->st_size; 2252 else 2253 rc.r_size = (size_t)rsym->st_size; 2254 2255 if (alist_append(©_R(dlmp), &rc, sizeof (Rel_copy), 2256 AL_CNT_COPYREL) == NULL) { 2257 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2258 return (0); 2259 else 2260 return (1); 2261 } 2262 if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) { 2263 if (aplist_append(©_S(rlmp), dlmp, 2264 AL_CNT_COPYREL) == NULL) { 2265 if (!(lml->lm_flags & LML_FLG_TRC_WARN)) 2266 return (0); 2267 else 2268 return (1); 2269 } 2270 FLAGS1(dlmp) |= FL1_RT_COPYTOOK; 2271 } 2272 2273 /* 2274 * If we are tracing (ldd), warn the user if 2275 * 1) the size from the reference symbol differs from the 2276 * copy definition. We can only copy as much data as the 2277 * reference (dynamic executables) entry allows. 2278 * 2) the copy definition has STV_PROTECTED visibility. 2279 */ 2280 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2281 if (rsym->st_size != dsym->st_size) { 2282 (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF), 2283 _conv_reloc_type(M_R_COPY), demangle(name), 2284 NAME(rlmp), EC_XWORD(rsym->st_size), 2285 NAME(dlmp), EC_XWORD(dsym->st_size)); 2286 if (rsym->st_size > dsym->st_size) 2287 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA), 2288 NAME(dlmp)); 2289 else 2290 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC), 2291 NAME(rlmp)); 2292 } 2293 2294 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) { 2295 (void) printf(MSG_INTL(MSG_LDD_CPY_PROT), 2296 _conv_reloc_type(M_R_COPY), demangle(name), 2297 NAME(dlmp)); 2298 } 2299 } 2300 2301 DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd, 2302 (Xword)rc.r_size)); 2303 return (1); 2304 } 2305 2306 /* 2307 * Determine the symbol location of an address within a link-map. Look for 2308 * the nearest symbol (whose value is less than or equal to the required 2309 * address). This is the object specific part of dladdr(). 2310 */ 2311 static void 2312 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags) 2313 { 2314 ulong_t ndx, cnt, base, _value; 2315 Sym *sym, *_sym = NULL; 2316 const char *str; 2317 int _flags; 2318 uint_t *dynaddr_ndx; 2319 uint_t dynaddr_n = 0; 2320 ulong_t value; 2321 2322 /* 2323 * If SUNWSYMTAB() is non-NULL, then it sees a special version of 2324 * the dynsym that starts with any local function symbols that exist in 2325 * the library and then moves to the data held in SYMTAB(). In this 2326 * case, SUNWSYMSZ tells us how long the symbol table is. The 2327 * availability of local function symbols will enhance the results 2328 * we can provide. 2329 * 2330 * If SUNWSYMTAB() is non-NULL, then there might also be a 2331 * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains 2332 * an array of indices into SUNWSYMTAB, sorted by increasing 2333 * address. We can use this to do an O(log N) search instead of a 2334 * brute force search. 2335 * 2336 * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that 2337 * contains only global symbols. In that case, the length of 2338 * the symbol table comes from the nchain field of the related 2339 * symbol lookup hash table. 2340 */ 2341 str = STRTAB(lmp); 2342 if (SUNWSYMSZ(lmp) == NULL) { 2343 sym = SYMTAB(lmp); 2344 /* 2345 * If we don't have a .hash table there are no symbols 2346 * to look at. 2347 */ 2348 if (HASH(lmp) == 0) 2349 return; 2350 cnt = HASH(lmp)[1]; 2351 } else { 2352 sym = SUNWSYMTAB(lmp); 2353 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp); 2354 dynaddr_ndx = SUNWSYMSORT(lmp); 2355 if (dynaddr_ndx != NULL) 2356 dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp); 2357 } 2358 2359 if (FLAGS(lmp) & FLG_RT_FIXED) 2360 base = 0; 2361 else 2362 base = ADDR(lmp); 2363 2364 if (dynaddr_n > 0) { /* Binary search */ 2365 long low = 0, low_bnd; 2366 long high = dynaddr_n - 1, high_bnd; 2367 long mid; 2368 Sym *mid_sym; 2369 2370 /* 2371 * Note that SUNWSYMSORT only contains symbols types that 2372 * supply memory addresses, so there's no need to check and 2373 * filter out any other types. 2374 */ 2375 low_bnd = low; 2376 high_bnd = high; 2377 while (low <= high) { 2378 mid = (low + high) / 2; 2379 mid_sym = &sym[dynaddr_ndx[mid]]; 2380 value = mid_sym->st_value + base; 2381 if (addr < value) { 2382 if ((sym[dynaddr_ndx[high]].st_value + base) >= 2383 addr) 2384 high_bnd = high; 2385 high = mid - 1; 2386 } else if (addr > value) { 2387 if ((sym[dynaddr_ndx[low]].st_value + base) <= 2388 addr) 2389 low_bnd = low; 2390 low = mid + 1; 2391 } else { 2392 _sym = mid_sym; 2393 _value = value; 2394 break; 2395 } 2396 } 2397 /* 2398 * If the above didn't find it exactly, then we must 2399 * return the closest symbol with a value that doesn't 2400 * exceed the one we are looking for. If that symbol exists, 2401 * it will lie in the range bounded by low_bnd and 2402 * high_bnd. This is a linear search, but a short one. 2403 */ 2404 if (_sym == NULL) { 2405 for (mid = low_bnd; mid <= high_bnd; mid++) { 2406 mid_sym = &sym[dynaddr_ndx[mid]]; 2407 value = mid_sym->st_value + base; 2408 if (addr >= value) { 2409 _sym = mid_sym; 2410 _value = value; 2411 } else { 2412 break; 2413 } 2414 } 2415 } 2416 } else { /* Linear search */ 2417 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) { 2418 /* 2419 * Skip expected symbol types that are not functions 2420 * or data: 2421 * - A symbol table starts with an undefined symbol 2422 * in slot 0. If we are using SUNWSYMTAB(), 2423 * there will be a second undefined symbol 2424 * right before the globals. 2425 * - The local part of SUNWSYMTAB() contains a 2426 * series of function symbols. Each section 2427 * starts with an initial STT_FILE symbol. 2428 */ 2429 if ((sym->st_shndx == SHN_UNDEF) || 2430 (ELF_ST_TYPE(sym->st_info) == STT_FILE)) 2431 continue; 2432 2433 value = sym->st_value + base; 2434 if (value > addr) 2435 continue; 2436 if (value < _value) 2437 continue; 2438 2439 _sym = sym; 2440 _value = value; 2441 2442 /* 2443 * Note, because we accept local and global symbols 2444 * we could find a section symbol that matches the 2445 * associated address, which means that the symbol 2446 * name will be null. In this case continue the 2447 * search in case we can find a global symbol of 2448 * the same value. 2449 */ 2450 if ((value == addr) && 2451 (ELF_ST_TYPE(sym->st_info) != STT_SECTION)) 2452 break; 2453 } 2454 } 2455 2456 _flags = flags & RTLD_DL_MASK; 2457 if (_sym) { 2458 if (_flags == RTLD_DL_SYMENT) 2459 *info = (void *)_sym; 2460 else if (_flags == RTLD_DL_LINKMAP) 2461 *info = (void *)lmp; 2462 2463 dlip->dli_sname = str + _sym->st_name; 2464 dlip->dli_saddr = (void *)_value; 2465 } else { 2466 /* 2467 * addr lies between the beginning of the mapped segment and 2468 * the first global symbol. We have no symbol to return 2469 * and the caller requires one. We use _START_, the base 2470 * address of the mapping. 2471 */ 2472 2473 if (_flags == RTLD_DL_SYMENT) { 2474 /* 2475 * An actual symbol struct is needed, so we 2476 * construct one for _START_. To do this in a 2477 * fully accurate way requires a different symbol 2478 * for each mapped segment. This requires the 2479 * use of dynamic memory and a mutex. That's too much 2480 * plumbing for a fringe case of limited importance. 2481 * 2482 * Fortunately, we can simplify: 2483 * - Only the st_size and st_info fields are useful 2484 * outside of the linker internals. The others 2485 * reference things that outside code cannot see, 2486 * and can be set to 0. 2487 * - It's just a label and there is no size 2488 * to report. So, the size should be 0. 2489 * This means that only st_info needs a non-zero 2490 * (constant) value. A static struct will suffice. 2491 * It must be const (readonly) so the caller can't 2492 * change its meaning for subsequent callers. 2493 */ 2494 static const Sym fsym = { 0, 0, 0, 2495 ELF_ST_INFO(STB_LOCAL, STT_OBJECT) }; 2496 *info = (void *) &fsym; 2497 } 2498 2499 dlip->dli_sname = MSG_ORIG(MSG_SYM_START); 2500 dlip->dli_saddr = (void *) ADDR(lmp); 2501 } 2502 } 2503 2504 static void 2505 elf_lazy_cleanup(APlist *alp) 2506 { 2507 Rt_map *lmp; 2508 Aliste idx; 2509 2510 /* 2511 * Cleanup any link-maps added to this dynamic list and free it. 2512 */ 2513 for (APLIST_TRAVERSE(alp, idx, lmp)) 2514 FLAGS(lmp) &= ~FLG_RT_TMPLIST; 2515 free(alp); 2516 } 2517 2518 /* 2519 * This routine is called as a last fall-back to search for a symbol from a 2520 * standard relocation. To maintain lazy loadings goal of reducing the number 2521 * of objects mapped, any symbol search is first carried out using the objects 2522 * that already exist in the process (either on a link-map list or handle). 2523 * If a symbol can't be found, and lazy dependencies are still pending, this 2524 * routine loads the dependencies in an attempt to locate the symbol. 2525 * 2526 * Only new objects are inspected as we will have already inspected presently 2527 * loaded objects before calling this routine. However, a new object may not 2528 * be new - although the di_lmp might be zero, the object may have been mapped 2529 * as someone elses dependency. Thus there's a possibility of some symbol 2530 * search duplication. 2531 */ 2532 Sym * 2533 elf_lazy_find_sym(Slookup *slp, Rt_map **_lmp, uint_t *binfo, int *in_nfavl) 2534 { 2535 Sym *sym = NULL; 2536 APlist *alist = NULL; 2537 Aliste idx; 2538 Rt_map *lmp1, *lmp = slp->sl_imap; 2539 const char *name = slp->sl_name; 2540 2541 /* 2542 * Generate a local list of new objects to process. This list can grow 2543 * as each object supplies its own lazy dependencies. 2544 */ 2545 if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL) 2546 return (NULL); 2547 FLAGS(lmp) |= FLG_RT_TMPLIST; 2548 2549 for (APLIST_TRAVERSE(alist, idx, lmp1)) { 2550 uint_t cnt = 0; 2551 Slookup sl = *slp; 2552 Dyninfo *dip, *pdip; 2553 2554 /* 2555 * Discard any relocation index from further symbol searches. 2556 * This index will have already been used to trigger any 2557 * necessary lazy-loads, and it might be because one of these 2558 * lazy loads have failed that we're here performing this 2559 * fallback. By removing the relocation index we don't try 2560 * and perform the same failed lazy loading activity again. 2561 */ 2562 sl.sl_rsymndx = 0; 2563 2564 /* 2565 * Loop through the lazy DT_NEEDED entries examining each object 2566 * for the required symbol. If the symbol is not found, the 2567 * object is in turn added to the local alist, so that the 2568 * objects lazy DT_NEEDED entries can be examined. 2569 */ 2570 lmp = lmp1; 2571 for (dip = DYNINFO(lmp), pdip = NULL; cnt < DYNINFOCNT(lmp); 2572 cnt++, pdip = dip++) { 2573 Rt_map *nlmp; 2574 2575 if (((dip->di_flags & FLG_DI_LAZY) == 0) || 2576 dip->di_info) 2577 continue; 2578 2579 /* 2580 * If this object has already failed to lazy load, and 2581 * we're still processing the same runtime linker 2582 * operation that produced the failure, don't bother 2583 * to try and load the object again. 2584 */ 2585 if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip && 2586 (pdip->di_flags & FLG_DI_POSFLAG1)) { 2587 if (pdip->di_info == (void *)ld_entry_cnt) 2588 continue; 2589 2590 dip->di_flags &= ~FLG_DI_LAZYFAIL; 2591 pdip->di_info = NULL; 2592 } 2593 2594 /* 2595 * Try loading this lazy dependency. If the object 2596 * can't be loaded, consider this non-fatal and continue 2597 * the search. Lazy loaded dependencies need not exist 2598 * and their loading should only turn out to be fatal 2599 * if they are required to satisfy a relocation. 2600 * 2601 * If the file is already loaded and relocated we must 2602 * still inspect it for symbols, even though it might 2603 * have already been searched. This lazy load operation 2604 * might have promoted the permissions of the object, 2605 * and thus made the object applicable for this symbol 2606 * search, whereas before the object might have been 2607 * skipped. 2608 */ 2609 if ((nlmp = elf_lazy_load(lmp, &sl, cnt, 2610 name, in_nfavl)) == 0) 2611 continue; 2612 2613 /* 2614 * If this object isn't yet a part of the dynamic list 2615 * then inspect it for the symbol. If the symbol isn't 2616 * found add the object to the dynamic list so that we 2617 * can inspect its dependencies. 2618 */ 2619 if (FLAGS(nlmp) & FLG_RT_TMPLIST) 2620 continue; 2621 2622 sl.sl_imap = nlmp; 2623 if (sym = LM_LOOKUP_SYM(sl.sl_cmap)(&sl, _lmp, 2624 binfo, in_nfavl)) 2625 break; 2626 2627 /* 2628 * Some dlsym() operations are already traversing a 2629 * link-map (dlopen(0)), and thus there's no need to 2630 * build our own dynamic dependency list. 2631 */ 2632 if ((sl.sl_flags & LKUP_NODESCENT) == 0) { 2633 if (aplist_append(&alist, nlmp, 2634 AL_CNT_LAZYFIND) == NULL) { 2635 elf_lazy_cleanup(alist); 2636 return (NULL); 2637 } 2638 FLAGS(nlmp) |= FLG_RT_TMPLIST; 2639 } 2640 } 2641 if (sym) 2642 break; 2643 } 2644 2645 elf_lazy_cleanup(alist); 2646 return (sym); 2647 } 2648 2649 /* 2650 * Warning message for bad r_offset. 2651 */ 2652 void 2653 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset, 2654 ulong_t rsymndx) 2655 { 2656 const char *name = NULL; 2657 Lm_list *lml = LIST(lmp); 2658 int trace; 2659 2660 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) && 2661 (((rtld_flags & RT_FL_SILENCERR) == 0) || 2662 (lml->lm_flags & LML_FLG_TRC_VERBOSE))) 2663 trace = 1; 2664 else 2665 trace = 0; 2666 2667 if ((trace == 0) && (DBG_ENABLED == 0)) 2668 return; 2669 2670 if (rsymndx) { 2671 Sym *symref = (Sym *)((ulong_t)SYMTAB(lmp) + 2672 (rsymndx * SYMENT(lmp))); 2673 2674 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL) 2675 name = (char *)(STRTAB(lmp) + symref->st_name); 2676 } 2677 2678 if (name == 0) 2679 name = MSG_INTL(MSG_STR_UNKNOWN); 2680 2681 if (trace) { 2682 const char *rstr; 2683 2684 rstr = _conv_reloc_type((uint_t)rtype); 2685 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name, 2686 EC_ADDR(roffset)); 2687 return; 2688 } 2689 2690 Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name); 2691 } 2692 2693 /* 2694 * Resolve a static TLS relocation. 2695 */ 2696 long 2697 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name, 2698 ulong_t roffset, long value) 2699 { 2700 Lm_list *lml = LIST(lmp); 2701 2702 /* 2703 * Relocations against a static TLS block have limited support once 2704 * process initialization has completed. Any error condition should be 2705 * discovered by testing for DF_STATIC_TLS as part of loading an object, 2706 * however individual relocations are tested in case the dynamic flag 2707 * had not been set when this object was built. 2708 */ 2709 if (PTTLS(lmp) == 0) { 2710 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2711 M_REL_SHT_TYPE, rel, NULL, name)); 2712 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2713 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2714 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2715 return (0); 2716 } 2717 2718 /* 2719 * If no static TLS has been set aside for this object, determine if 2720 * any can be obtained. Enforce that any object using static TLS is 2721 * non-deletable. 2722 */ 2723 if (TLSSTATOFF(lmp) == 0) { 2724 FLAGS1(lmp) |= FL1_RT_TLSSTAT; 2725 MODE(lmp) |= RTLD_NODELETE; 2726 2727 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) { 2728 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, 2729 M_REL_SHT_TYPE, rel, NULL, name)); 2730 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS), 2731 _conv_reloc_type((uint_t)rtype), NAME(lmp), 2732 name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN)); 2733 return (0); 2734 } 2735 } 2736 2737 /* 2738 * Typically, a static TLS offset is maintained as a symbols value. 2739 * For local symbols that are not apart of the dynamic symbol table, 2740 * the TLS relocation points to a section symbol, and the static TLS 2741 * offset was deposited in the associated GOT table. Make sure the GOT 2742 * is cleared, so that the value isn't reused in do_reloc(). 2743 */ 2744 if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) { 2745 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) { 2746 value = *(long *)roffset; 2747 *(long *)roffset = 0; 2748 } else { 2749 value = sym->st_value; 2750 } 2751 } 2752 return (-(TLSSTATOFF(lmp) - value)); 2753 } 2754 2755 /* 2756 * If the symbol is not found and the reference was not to a weak symbol, report 2757 * an error. Weak references may be unresolved. 2758 */ 2759 int 2760 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo) 2761 { 2762 Lm_list *lml = LIST(lmp); 2763 2764 /* 2765 * Under crle(1), relocation failures are ignored. 2766 */ 2767 if (lml->lm_flags & LML_FLG_IGNRELERR) 2768 return (1); 2769 2770 /* 2771 * Under ldd(1), unresolved references are reported. However, if the 2772 * original reference is EXTERN or PARENT these references are ignored 2773 * unless ldd's -p option is in effect. 2774 */ 2775 if (lml->lm_flags & LML_FLG_TRC_WARN) { 2776 if (((binfo & DBG_BINFO_REF_MSK) == 0) || 2777 ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) { 2778 (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND), 2779 demangle(name), NAME(lmp)); 2780 } 2781 return (1); 2782 } 2783 2784 /* 2785 * Otherwise, the unresolved references is fatal. 2786 */ 2787 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, 2788 NULL, name)); 2789 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 2790 demangle(name)); 2791 2792 return (0); 2793 } 2794 2795 /* 2796 * Generic relative relocation function. 2797 */ 2798 inline static ulong_t 2799 _elf_reloc_relative(ulong_t rbgn, ulong_t base, Rt_map *lmp, APlist **textrel) 2800 { 2801 mmapobj_result_t *mpp; 2802 ulong_t roffset; 2803 2804 roffset = ((M_RELOC *)rbgn)->r_offset; 2805 roffset += base; 2806 2807 /* 2808 * If this relocation is against an address that is not associated with 2809 * a mapped segment, fall back to the generic relocation loop to 2810 * collect the associated error. 2811 */ 2812 if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) 2813 return (0); 2814 2815 /* 2816 * If this relocation is against a segment that does not provide write 2817 * access, set the write permission for all non-writable mappings. 2818 */ 2819 if (((mpp->mr_prot & PROT_WRITE) == 0) && textrel && 2820 ((set_prot(lmp, mpp, 1) == 0) || 2821 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) 2822 return (0); 2823 2824 /* 2825 * Perform the actual relocation. Note, for backward compatibility, 2826 * SPARC relocations are added to the offset contents (there was a time 2827 * when the offset was used to contain the addend, rather than using 2828 * the addend itself). 2829 */ 2830 #if defined(__sparc) 2831 *((ulong_t *)roffset) += base + ((M_RELOC *)rbgn)->r_addend; 2832 #elif defined(__amd64) 2833 *((ulong_t *)roffset) = base + ((M_RELOC *)rbgn)->r_addend; 2834 #else 2835 *((ulong_t *)roffset) += base; 2836 #endif 2837 return (1); 2838 } 2839 2840 /* 2841 * When a generic relocation loop realizes that it's dealing with relative 2842 * relocations, but no DT_RELCOUNT .dynamic tag is present, this tighter loop 2843 * is entered as an optimization. 2844 */ 2845 ulong_t 2846 elf_reloc_relative(ulong_t rbgn, ulong_t rend, ulong_t rsize, ulong_t base, 2847 Rt_map *lmp, APlist **textrel) 2848 { 2849 char rtype; 2850 2851 do { 2852 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2853 break; 2854 2855 rbgn += rsize; 2856 if (rbgn >= rend) 2857 break; 2858 2859 /* 2860 * Make sure the next type is a relative relocation. 2861 */ 2862 rtype = ELF_R_TYPE(((M_RELOC *)rbgn)->r_info, M_MACH); 2863 2864 } while (rtype == M_R_RELATIVE); 2865 2866 return (rbgn); 2867 } 2868 2869 /* 2870 * This is the tightest loop for RELATIVE relocations for those objects built 2871 * with the DT_RELACOUNT .dynamic entry. 2872 */ 2873 ulong_t 2874 elf_reloc_relative_count(ulong_t rbgn, ulong_t rcount, ulong_t rsize, 2875 ulong_t base, Rt_map *lmp, APlist **textrel) 2876 { 2877 for (; rcount; rcount--) { 2878 if (_elf_reloc_relative(rbgn, base, lmp, textrel) == 0) 2879 break; 2880 2881 rbgn += rsize; 2882 } 2883 return (rbgn); 2884 } 2885