1#!/usr/perl5/bin/perl -w
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"%Z%%M%	%I%	%E% SMI"
28#
29
30#
31# Check ELF information.
32#
33# This script descends a directory hierarchy inspecting ELF dynamic executables
34# and shared objects.  The general theme is to verify that common Makefile rules
35# have been used to build these objects.  Typical failures occur when Makefile
36# rules are re-invented rather than being inherited from "cmd/lib" Makefiles.
37#
38# As always, a number of components don't follow the rules, and these are
39# excluded to reduce this scripts output.  Pathnames used for this exclusion
40# assume this script is being run over a "proto" area.  The -a (all) option
41# skips any exclusions.
42#
43# By default any file that has conditions that should be reported is first
44# listed and then each condition follows.  The -o (one-line) option produces a
45# more terse output which is better for sorting/diffing with "nightly".
46#
47# NOTE: missing dependencies, symbols or versions are reported by running the
48# file through ldd(1).  As objects within a proto area are built to exist in a
49# base system, standard use of ldd(1) will bind any objects to dependencies
50# that exist in the base system.  It is frequently the case that newer objects
51# exist in the proto area that are required to satisfy other objects
52# dependencies, and without using these newer objects an ldd(1) will produce
53# misleading error messages.  To compensate for this, the -d option (or the
54# existence of the CODEMSG_WS/ROOT environment variables) cause the creation of
55# alternative dependency mappings via crle(1) configuration files that establish
56# any proto shared objects as alternatives to their base system location.  Thus
57# ldd(1) can be executed against these configuration files so that objects in a
58# proto area bind to their dependencies in the same proto area.
59
60
61# Define all global variables (required for strict)
62use vars  qw($SkipDirs $SkipFiles $SkipTextrelFiles);
63use vars  qw($SkipUndefDirs $SkipUndefFiles $SkipUnusedDirs $SkipUnusedFiles);
64use vars  qw($SkipStabFiles $SkipNoExStkFiles);
65use vars  qw($UnusedNoise $Prog $Mach $Isalist $Env $Ena64 $Tmpdir $Error);
66use vars  qw($UnusedFiles $UnusedPaths $LddNoU $Crle32 $Crle64 $Conf32 $Conf64);
67use vars  qw($SkipInterps $OldDeps %opt);
68
69use strict;
70
71
72# Define any directories we should skip completely.
73$SkipDirs = qr{
74	etc/lib |			# special - used for partial statics
75	usr/lib/devfsadm |		# 4382889
76	usr/lib/libc |			# optimized libc
77	usr/lib/rcm |			# 4426119
78	usr/perl5 |			# alan's taking care of these :-)
79	usr/src				# no need to look at shipped source
80}x;
81
82# Define any files we should skip completely.
83$SkipFiles = qr{ ^(?:
84	ld\.so\.1 |			# confusing but correct dependencies
85	lddstub |			# lddstub has no dependencies
86	libmakestate\.so\.1 |		# temporary; delivered by compiler group
87	libm\.so\.1 |			# temporary; delivered by compiler group
88	libm\.so\.2 |			# temporary; delivered by compiler group
89	geniconvtbl\.so |		# 4384329
90	libssagent\.so\.1 |		# 4328854
91	libpsvcplugin_psr\.so\.1 |	# 4385799
92	libpsvcpolicy_psr\.so\.1 |	#  "  "
93	libpsvcpolicy\.so\.1 |		#  "  "
94	picl_slm\.so |			#  "  "
95	libcrypto_extra\.so\.0\.9\.8 |	# OpenSSL SUNWcry filter lib
96	libssl_extra\.so\.0\.9\.8 |	# OpenSSL SUNWcry filter lib
97	fcpackage\.so |			# circular dependency on fcthread.so
98	mod_ipp\.so |			# Apache loadable module
99	grub
100	)$
101}x;
102
103# Define any files that are allowed text relocations.
104$SkipTextrelFiles = qr{ ^(?:
105	unix |				# kernel models are non-pic
106	mdb				# relocations against __RTC (dbx)
107	)$
108}x;
109
110# Define any files that are allowed undefined references.
111$SkipUndefDirs = qr{
112	usr/lib/inet/ppp/ |		# pppd plugins have callbacks
113	usr/lib/libp/ |			# libc.so.1 requires _mcount
114	usr/lib/vold/ |			# vold dependencies have callbacks
115	usr/lib/rmmount |		# rmmount actions have callbacks
116	/lib/mdb/ |			# mdb modules have callbacks
117	/lib/fm/fmd/plugins/ |		# fmd modules have callbacks
118	/lib/fm/fmd/schemes/ |		# fmd schemes have callbacks
119	/i86pc/lib/mtst/		# mtst modules have callbacks
120}x;
121
122$SkipUndefFiles = qr{ ^(?:
123	libthread_db\.so\.0 |		# callbacks to proc service interface
124	libthread_db\.so\.1 |		#  "	"	"	"
125	librtld_db\.so\.1 |		#  "	"	"	"
126	libc_db\.so\.1 |		#  "	"	"	"
127	libldstab\.so\.1 |		# link-edit support libraries have
128	libld\.so\.[2-4] |			# callback to the link-editors
129	liblddbg\.so\.4 |		#  "	"	"	"
130	librtld\.so\.1 |		#  "	"	"	"
131	libnisdb\.so\.2 |		# C++
132	libsvm\.so\.1 |			# libspmicommon.so.1 lacking
133	libwanboot\.so\.1 |		# libcrypto.a and libssl.a
134	libwrap\.so\.1\.0 |		# uses symbols provided by application
135	fcthread\.so |			# uses symbols provided by application
136	fn\.so\.2 |			# callback to automount
137	preen_md\.so\.1 |		# callback to driver
138	libike\.so\.1 |			# callbacks to in.iked for IKE policy
139	devfsadmd_mod\.so |		# sysevent module callback to syseventd
140	sysevent_conf_mod\.so |		# sysevent module callback to syseventd
141	sysevent_reg_mod\.so		# sysevent module callback to syseventd
142	)$
143}x;
144
145# Define any files that have unused dependencies.
146$SkipUnusedDirs = qr{
147	lib/picl/plugins/ |		# require devtree dependencies
148	/lib/libp			# profile libc makes libm an unused
149}x;					#	dependency of standard libc
150
151$SkipUnusedFiles = qr{ ^(?:
152	devfsadm |			# 4382889
153	disks |				#  "  "
154	tapes |				#  "  "
155	ports |				#  "  "
156	audlinks |			#  "  "
157	devlinks |			#  "  "
158	drvconfig |			#  "  "
159	ntptrace |			# on intel doesn't need libmd5
160	rmmount |			# 4418770, volmgt dependency is required
161					#	to compensate for SunPCi.
162	ocfserv |			# libsched unreference by libjvm,
163	poold |				#	see 4952319.
164	libc\.so\.1\.9 |		# 4lib/libc versions have private
165	libc\.so\.2\.9			#	copies of stuff from libc.
166	)$
167}x;
168
169# Define any files that should contain debugging information.
170$SkipStabFiles = qr{ ^(?:
171	abi_.* |
172	interceptors\.so\.1 |
173	unix
174	)$
175}x;
176
177# Define any files that don't require a non-executable stack definition.
178$SkipNoExStkFiles = qr{ ^(?:
179	forth |
180	unix |
181	multiboot
182	)$
183}x;
184
185# Define any files that should only have unused (ldd -u) processing.
186$UnusedPaths = qr{
187	ucb/shutdown			# libucb interposes on libc and makes
188					# dependencies on libc seem unnecessary
189}x;
190
191$UnusedFiles = qr{ ^(?:
192	rpc\.nisd			# CCNEEDED makes pthread unreferenced
193	)$
194}x;
195
196# Define unused dependencies we should ignore.
197# libCrun has a unnecessary dependency on libw, and libmapmalloc is often
198# defined to interpose on libc but isn't used by the application itself.
199# Threads dependencies look unused if libc is bound first.
200$UnusedNoise = qr{
201	libw\.so\.1;\ unused |
202	unused\ object=.*libw\.so\.1 |
203	libthread\.so\.1;\ unused |
204	libpthread\.so\.1;\ unused |
205	unused\ object=.*libpthread\.so\.1 |
206	libnsl\.so\.1;\ unused\ dependency\ of\ .*libxslt\.so\.1 |
207	libdl\.so\.1;\ unused\ dependency\ of\ .*libspmicommon\.so\.1 |
208	libdl\.so\.1;\ unused\ dependency\ of\ .*libCrun\.so\.1 |
209	libfru\.so\.1;\ unused\ object=.*libdl\.so\.1 |
210	libfrupicl\.so\.1;\ unused\ object=.*libdl\.so\.1 |
211	libmapmalloc\.so\.1;\ unused |
212	unused\ dependency\ of\ .*libstdc\+\+\.so\.6 |
213	unreferenced\ object=.*libstdc\+\+\.so\.6 |
214	unused\ dependency\ of\ .*libnetsnmphelpers\.so\.5 |
215	unused\ dependency\ of\ .*libnetsnmpmibs\.so\.5 |
216	unused\ dependency\ of\ .*libnetsnmpagent\.so\.5
217}x;
218
219# Define interpreters we should ignore.
220$SkipInterps = qr{
221	misc/krtld |
222	misc/amd64/krtld |
223	misc/sparcv9/krtld
224}x;
225
226# Catch libintl and libw, although ld(1) will bind to these and thus determine
227# they're needed, their content was moved into libc as of on297 build 7.
228# libthread and libpthread were completely moved into libc as of on10 build 53.
229# Also, catch libdl, whose content was moved into libc as of on10 build 49.
230$OldDeps = qr{ ^(?:
231	libintl\.so\.1 |
232	libw\.so\.1 |
233	libthread\.so\.1 |
234	libpthread\.so\.1 |
235	libdl\.so\.1
236	)$
237}x;
238
239use Getopt::Std;
240
241# -----------------------------------------------------------------------------
242
243# Reliably compare two OS revisions.  Arguments are <ver1> <op> <ver2>.
244# <op> is the string form of a normal numeric comparison operator.
245sub cmp_os_ver {
246	my @ver1 = split(/\./, $_[0]);
247	my $op = $_[1];
248	my @ver2 = split(/\./, $_[2]);
249
250	push @ver2, ("0") x $#ver1 - $#ver2;
251	push @ver1, ("0") x $#ver2 - $#ver1;
252
253	my $diff = 0;
254	while (@ver1 || @ver2) {
255		if (($diff = shift(@ver1) - shift(@ver2)) != 0) {
256			last;
257		}
258	}
259	return (eval "$diff $op 0" ? 1 : 0);
260}
261
262# This script relies on ldd returning output reflecting only the binary
263# contents.  But if LD_PRELOAD* environment variables are present, libraries
264# named by them will also appear in the output, disrupting our analysis.
265# So, before we get too far, scrub the environment.
266
267delete($ENV{LD_PRELOAD});
268delete($ENV{LD_PRELOAD_32});
269delete($ENV{LD_PRELOAD_64});
270
271# Establish a program name for any error diagnostics.
272chomp($Prog = `basename $0`);
273
274# Determine what machinery is available.
275$Mach = `uname -p`;
276$Isalist = `isalist`;
277$Env = "";
278if ($Mach =~ /sparc/) {
279	if ($Isalist =~ /sparcv9/) {
280		$Ena64 = "ok";
281	}
282} elsif ($Mach =~ /i386/) {
283	if ($Isalist =~ /amd64/) {
284		$Ena64 = "ok";
285	}
286}
287
288# Check that we have arguments.
289if ((getopts('ad:imos', \%opt) == 0) || ($#ARGV == -1)) {
290	print "usage: $Prog [-a] [-d depdir] [-m] [-o] [-s] file | dir, ...\n";
291	print "\t[-a]\t\tprocess all files (ignore any exception lists)\n";
292	print "\t[-d dir]\testablish dependencies from under directory\n";
293	print "\t[-i]\t\tproduce dynamic table entry information\n";
294	print "\t[-m]\t\tprocess mcs(1) comments\n";
295	print "\t[-o]\t\tproduce one-liner output (prefixed with pathname)\n";
296	print "\t[-s]\t\tprocess .stab and .symtab entries\n";
297	exit 1;
298} else {
299	my($Proto);
300
301	if ($opt{d}) {
302		# User specified dependency directory - make sure it exists.
303		if (! -d $opt{d}) {
304			print "$Prog: $opt{d} is not a directory\n";
305			exit 1;
306		}
307		$Proto = $opt{d};
308
309	} elsif ($ENV{CODEMGR_WS}) {
310		my($Root);
311
312		# Without a user specified dependency directory see if we're
313		# part of a codemanager workspace and if a proto area exists.
314		if (($Root = $ENV{ROOT}) && (-d $Root)) {
315			$Proto = $Root;
316		}
317	}
318
319	if (!($Tmpdir = $ENV{TMPDIR}) || (! -d $Tmpdir)) {
320		$Tmpdir = "/tmp";
321	}
322
323	# Look for dependencies under $Proto.
324	if ($Proto) {
325		# To support alternative dependency mapping we'll need ldd(1)'s
326		# -e option.  This is relatively new (s81_30), so make sure
327		# ldd(1)is capable before gathering any dependency information.
328		if (system('ldd -e /usr/lib/lddstub 2> /dev/null')) {
329			print "ldd: does not support -e, unable to ";
330			print "create alternative dependency mappingings.\n";
331			print "ldd: option added under 4390308 (s81_30).\n\n";
332		} else {
333			# Gather dependencies and construct a alternative
334			# dependency mapping via a crle(1) configuration file.
335			GetDeps($Proto, "/");
336			GenConf();
337		}
338	}
339
340	# To support unreferenced dependency detection we'll need ldd(1)'s -U
341	# option.  This is relatively new (4638070), and if not available we
342	# can still fall back to -u.  Even with this option, don't use -U with
343	# releases prior to 5.10 as the cleanup for -U use only got integrated
344	# into 5.10 under 4642023.  Note, that nightly doesn't typically set a
345	# RELEASE from the standard <env> files.  Users who wish to disable use
346	# of ldd(1)'s -U should set (or uncomment) RELEASE in their <env> file
347	# if using nightly, or otherwise establish it in their environment.
348	if (system('ldd -U /usr/lib/lddstub 2> /dev/null')) {
349		$LddNoU = 1;
350	} else {
351		my($Release);
352
353		if (($Release = $ENV{RELEASE}) &&
354		    (cmp_os_ver($Release, "<", "5.10"))) {
355			$LddNoU = 1;
356		} else {
357			$LddNoU = 0;
358		}
359	}
360
361	# For each argument determine if we're dealing with a file or directory.
362	foreach my $Arg (@ARGV) {
363		# Ignore symbolic links.
364		if (-l $Arg) {
365			next;
366		}
367
368		if (!stat($Arg)) {
369			next;
370		}
371
372		# Process simple files.
373		if (-f _) {
374			my($RelPath) = $Arg;
375			my($File) = $Arg;
376			my($Secure) = 0;
377
378			$RelPath =~ s!^.*/!./!;
379			$File =~ s!^.*/!!;
380
381			if (-u _ || -g _) {
382				$Secure = 1;
383			}
384
385			ProcFile($Arg, $RelPath, $File, $Secure);
386			next;
387		}
388		# Process directories.
389		if (-d _) {
390			ProcDir($Arg, ".");
391			next;
392		}
393
394		print "$Arg is not a file or directory\n";
395		$Error = 1;
396	}
397
398	# Cleanup
399	CleanUp();
400}
401
402$Error = 0;
403
404# Clean up and temporary files.
405sub CleanUp {
406	if ($Crle64) {
407		unlink $Crle64;
408	}
409	if ($Conf64) {
410		unlink $Conf64;
411	}
412	if ($Crle32) {
413		unlink $Crle32;
414	}
415	if ($Conf32) {
416		unlink $Conf32;
417	}
418}
419
420# Create an output message, either a one-liner (under -o) or preceded by the
421# files relative pathname as a title.
422sub OutMsg {
423	my($Ttl, $Path, $Msg) = @_;
424
425	if ($opt{o}) {
426		$Msg =~ s/^[ \t]*//;
427		print "$Path: $Msg\n";
428	} else {
429		if ($Ttl eq 0) {
430			print "==== $Path ====\n";
431		}
432		print "$Msg\n";
433	}
434}
435
436# Determine whether this a ELF dynamic object and if so investigate its runtime
437# attributes.
438sub ProcFile {
439	my($FullPath, $RelPath, $File, $Secure) = @_;
440	my(@Elf, @Ldd, $Dyn, $Intp, $Dll, $Ttl, $Sym, $Interp, $Stack);
441	my($Sun, $Relsz, $Pltsz, $Uns, $Tex, $Stab, $Strip, $Lddopt);
442	my($Val, $Header, $SkipLdd, $IsX86, $RWX);
443
444	# Ignore symbolic links.
445	if (-l $FullPath) {
446		return;
447	}
448
449	$Ttl = 0;
450	@Ldd = 0;
451
452	# Determine whether we have access to inspect the file.
453	if (!(-r $FullPath)) {
454		OutMsg($Ttl++, $RelPath,
455		    "\tunable to inspect file: permission denied");
456		return;
457	}
458
459	# Determine if this is a file we don't care about.
460	if (!$opt{a}) {
461		if ($File =~ $SkipFiles) {
462			return;
463		}
464	}
465
466	# Determine whether we have a executable (static or dynamic) or a
467	# shared object.
468	@Elf = split(/\n/, `elfdump -epdic $FullPath 2>&1`);
469
470	$Dyn = $Intp = $Dll = $Stack = $IsX86 = $RWX = 0;
471	$Interp = 1;
472	$Header = 'None';
473	foreach my $Line (@Elf) {
474		# If we have an invalid file type (which we can tell from the
475		# first line), or we're processing an archive, bail.
476		if ($Header eq 'None') {
477			if (($Line =~ /invalid file/) ||
478			    ($Line =~ /$FullPath(.*):/)) {
479				return;
480			}
481		}
482
483		if ($Line =~ /^ELF Header/) {
484			$Header = 'Ehdr';
485
486		} elsif ($Line =~ /^Program Header/) {
487			$Header = 'Phdr';
488			$RWX = 0;
489
490		} elsif ($Line =~ /^Interpreter/) {
491			$Header = 'Intp';
492
493		} elsif ($Line =~ /^Dynamic Section/) {
494			# A dynamic section indicates we're a dynamic object
495			# (this makes sure we don't check static executables).
496			$Dyn = 1;
497
498		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_type:/)) {
499			# The e_type field indicates whether this file is a
500			# shared object (ET_DYN) or an executable (ET_EXEC).
501			if ($Line =~ /ET_DYN/) {
502				$Dll = 1;
503			} elsif ($Line !~ /ET_EXEC/) {
504				return;
505			}
506		} elsif (($Header eq 'Ehdr') && ($Line =~ /ei_class:/)) {
507			# If we encounter a 64-bit object, but we're not running
508			# on a 64-bit system, suppress calling ldd(1).
509			if (($Line =~ /ELFCLASS64/) && !$Ena64) {
510				$SkipLdd = 1;
511			}
512		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_machine:/)) {
513			# If it's a X86 object, we need to enforce RW- data.
514			if (($Line =~ /(EM_AMD64|EM_386)/)) {
515				$IsX86 = 1;
516			}
517		} elsif (($Header eq 'Phdr') &&
518		    ($Line =~ /\[ PF_X  PF_W  PF_R \]/)) {
519			# RWX segment seen.
520			$RWX = 1;
521
522		} elsif (($Header eq 'Phdr') &&
523		    ($Line =~ /\[ PT_LOAD \]/ && $RWX && $IsX86)) {
524			# Seen an RWX PT_LOAD segment.
525			if ($File !~ $SkipNoExStkFiles) {
526				OutMsg($Ttl++, $RelPath,
527				    "\tapplication requires non-executable " .
528				    "data\t<no -Mmapfile_noexdata?>");
529			}
530
531		} elsif (($Header eq 'Phdr') &&
532		    ($Line =~ /\[ PT_SUNWSTACK \]/)) {
533			# This object defines a non-executable stack.
534			$Stack = 1;
535
536		} elsif (($Header eq 'Intp') && !$opt{a} &&
537		    ($Line =~ $SkipInterps)) {
538			# This object defines an interpretor we should skip.
539			$Interp = 0;
540		}
541	}
542
543	# Determine whether this ELF executable or shared object has a
544	# conforming mcs(1) comment section.  If the correct $(POST_PROCESS)
545	# macros are used, only a 3 or 4 line .comment section should exist
546	# containing one or two "@(#)SunOS" identifying comments (one comment
547	# for a non-debug build, and two for a debug build). The results of
548	# the following split should be three or four lines, the last empty
549	# line being discarded by the split.
550	if ($opt{m}) {
551		my(@Mcs, $Con, $Dev);
552
553		@Mcs = split(/\n/, `mcs -p $FullPath 2>&1`);
554
555		$Con = $Dev = $Val = 0;
556		foreach my $Line (@Mcs) {
557			$Val++;
558
559			if (($Val == 3) && ($Line !~ /^@\(#\)SunOS/)) {
560				$Con = 1;
561				last;
562			}
563			if (($Val == 4) && ($Line =~ /^@\(#\)SunOS/)) {
564				$Dev = 1;
565				next;
566			}
567			if (($Dev == 0) && ($Val == 4)) {
568				$Con = 1;
569				last;
570			}
571			if (($Dev == 1) && ($Val == 5)) {
572				$Con = 1;
573				last;
574			}
575		}
576		if ($opt{m} && ($Con == 1)) {
577			OutMsg($Ttl++, $RelPath,
578			    "\tnon-conforming mcs(1) comment\t<no \$(POST_PROCESS)?>");
579		}
580	}
581
582	# Applications should contain a non-executable stack definition.
583	if (($Dll == 0) && ($Stack == 0)) {
584		if (!$opt{a}) {
585			if ($File =~ $SkipNoExStkFiles) {
586				goto DYN;
587			}
588		}
589		OutMsg($Ttl++, $RelPath,
590		    "\tapplication requires non-executable stack\t<no -Mmapfile_noexstk?>");
591	}
592
593DYN:
594	# Having caught any static executables in the mcs(1) check and non-
595	# executable stack definition check, continue with dynamic objects
596	# from now on.
597	if ($Dyn eq 0) {
598		return;
599	}
600
601	# Only use ldd unless we've encountered an interpreter that should
602	# ne skipped.
603	if (!$SkipLdd && $Interp) {
604		if ($Secure) {
605			# The execution of a secure application over an nfs file
606			# system mounted nosuid will result in warning messages
607			# being sent to /var/adm/messages.  As this type of
608			# environment can occur with root builds, move the file
609			# being investigated to a safe place first.  In addition
610			# remove its secure permission so that it can be
611			# influenced by any alternative dependency mappings.
612
613			my($TmpPath) = "$Tmpdir/$File";
614
615			system('cp', $FullPath, $TmpPath);
616			chmod 0777, $TmpPath;
617			$FullPath = $TmpPath;
618		}
619
620		# Use ldd(1) to determine the objects relocatability and use.
621		# By default look for all unreferenced dependencies.  However,
622		# some objects have legitimate dependencies that they do not
623		# reference.
624		if ($LddNoU || ($File =~ $UnusedFiles) ||
625		    ($RelPath =~ $UnusedPaths)) {
626			$Lddopt = "-ru";
627		} else {
628			$Lddopt = "-rU";
629		}
630		@Ldd = split(/\n/, `ldd $Lddopt $Env $FullPath 2>&1`);
631		if ($Secure) {
632			unlink $FullPath;
633		}
634	}
635
636	$Val = 0;
637	$Sym = 5;
638	$Uns = 1;
639
640LDD:	foreach my $Line (@Ldd) {
641
642		if ($Val == 0) {
643			$Val = 1;
644			# Make sure ldd(1) worked.  One possible failure is that
645			# this is an old ldd(1) prior to -e addition (4390308).
646			if ($Line =~ /usage:/) {
647				$Line =~ s/$/\t<old ldd(1)?>/;
648				OutMsg($Ttl++, $RelPath, $Line);
649				last;
650			} elsif ($Line =~ /execution failed/) {
651				OutMsg($Ttl++, $RelPath, $Line);
652				last;
653			}
654
655			# It's possible this binary can't be executed, ie. we've
656			# found a sparc binary while running on an intel system,
657			# or a sparcv9 binary on a sparcv7/8 system.
658			if ($Line =~ /wrong class/) {
659				OutMsg($Ttl++, $RelPath,
660				    "\thas wrong class or data encoding");
661				next;
662			}
663
664			# Historically, ldd(1) likes executable objects to have
665			# their execute bit set.  Note that this test isn't
666			# applied unless the -a option is in effect, as any
667			# non-executable files are skipped by default to reduce
668			# the cost of running this script.
669			if ($Line =~ /not executable/) {
670				OutMsg($Ttl++, $RelPath,
671				    "\tis not executable");
672				next;
673			}
674		}
675
676		# Look for "file" or "versions" that aren't found.  Note that
677		# these lines will occur before we find any symbol referencing
678		# errors.
679		if (($Sym == 5) && ($Line =~ /not found\)/)) {
680			if ($Line =~ /file not found\)/) {
681				$Line =~ s/$/\t<no -zdefs?>/;
682			}
683			OutMsg($Ttl++, $RelPath, $Line);
684			next;
685		}
686		# Look for relocations whose symbols can't be found.  Note, we
687		# only print out the first 5 relocations for any file as this
688		# output can be excessive.
689		if ($Sym && ($Line =~ /symbol not found/)) {
690			# Determine if this file is allowed undefined
691			# references.
692			if ($Sym == 5) {
693				if (!$opt{a}) {
694					if ($RelPath =~ $SkipUndefDirs) {
695						$Sym = 0;
696						next LDD;
697					}
698					if ($File =~ $SkipUndefFiles) {
699						$Sym = 0;
700						next LDD;
701					}
702				}
703			}
704			if ($Sym-- == 1) {
705				if (!$opt{o}) {
706					OutMsg($Ttl++, $RelPath,
707					    "\tcontinued ...");
708				}
709				next;
710			}
711			# Just print the symbol name.
712			$Line =~ s/$/\t<no -zdefs?>/;
713			OutMsg($Ttl++, $RelPath, $Line);
714			next;
715		}
716		# Look for any unused dependencies.
717		if ($Uns && ($Line =~ /unused/)) {
718			if (!$opt{a}) {
719				if ($RelPath =~ $SkipUnusedDirs) {
720					$Uns = 0;
721					next LDD;
722				}
723				if ($File =~ $SkipUnusedFiles) {
724					$Uns = 0;
725					next LDD;
726				}
727
728				# Remove any noise.
729				if ($Line =~ $UnusedNoise) {
730					$Uns = 0;
731					next LDD;
732				}
733			}
734			if ($Secure) {
735				$Line =~ s!$Tmpdir/!!;
736			}
737			$Line =~ s/^[ \t]*(.*)/\t$1\t<remove lib or -zignore?>/;
738			OutMsg($Ttl++, $RelPath, $Line);
739			next;
740		}
741	}
742
743	# Reuse the elfdump(1) data to investigate additional dynamic linking
744	# information.
745
746	$Sun = $Relsz = $Pltsz = $Dyn = $Stab = 0;
747	$Tex = $Strip = 1;
748
749	$Header = 'None';
750ELF:	foreach my $Line (@Elf) {
751		# We're only interested in the section headers and the dynamic
752		# section.
753		if ($Line =~ /^Section Header/) {
754			$Header = 'Shdr';
755
756			if (($Sun == 0) && ($Line =~ /\.SUNW_reloc/)) {
757				# This object has a combined relocation section.
758				$Sun = 1;
759
760			} elsif (($Stab == 0) && ($Line =~ /\.stab/)) {
761				# This object contain .stabs sections
762				$Stab = 1;
763			}
764
765			if (($Strip == 1) && ($Line =~ /\.symtab/)) {
766				# This object contains a complete symbol table.
767				$Strip = 0;
768			}
769			next;
770
771		} elsif ($Line =~ /^Dynamic Section/) {
772			$Header = 'Dyn';
773			next;
774		} elsif ($Header ne 'Dyn') {
775			next;
776		}
777
778		# Does this object contain text relocations.
779		if ($Tex && ($Line =~ /TEXTREL/)) {
780			# Determine if this file is allowed text relocations.
781			if (!$opt{a}) {
782				if ($File =~ $SkipTextrelFiles) {
783					$Tex = 0;
784					next ELF;
785				}
786			}
787			OutMsg($Ttl++, $RelPath,
788			    "\tTEXTREL .dynamic tag\t\t\t<no -Kpic?>");
789			$Tex = 0;
790			next;
791		}
792
793		# Does this file have any relocation sections (there are a few
794		# psr libraries with no relocations at all, thus a .SUNW_reloc
795		# section won't exist either).
796		if (($Relsz == 0) && ($Line =~ / RELA?SZ/)) {
797			$Relsz = hex((split(' ', $Line))[2]);
798			next;
799		}
800
801		# Does this file have any plt relocations.  If the plt size is
802		# equivalent to the total relocation size then we don't have
803		# any relocations suitable for combining into a .SUNW_reloc
804		# section.
805		if (($Pltsz == 0) && ($Line =~ / PLTRELSZ/)) {
806			$Pltsz = hex((split(' ', $Line))[2]);
807			next;
808		}
809
810		# Under the -i (information) option print out any useful dynamic
811		# entries.
812		# Does this object have any dependencies.
813		if ($opt{i} && ($Line =~ /NEEDED/)) {
814			my($Need) = (split(' ', $Line))[3];
815
816			# Catch any old (unnecessary) dependencies.
817			if ($Need =~ $OldDeps) {
818				OutMsg($Ttl++, $RelPath,
819				    "\tNEEDED=$Need\t<dependency no longer necessary>");
820			} else {
821				OutMsg($Ttl++, $RelPath, "\tNEEDED=$Need");
822			}
823			next;
824		}
825
826		# Does this object specify a runpath.
827		if ($opt{i} && ($Line =~ /RPATH/)) {
828			my($Rpath) = (split(' ', $Line))[3];
829			OutMsg($Ttl++, $RelPath, "\tRPATH=$Rpath");
830			next;
831		}
832	}
833
834	# A shared object, that contains non-plt relocations, should have a
835	# combined relocation section indicating it was built with -z combreloc.
836	if ($Dll && $Relsz && ($Relsz != $Pltsz) && ($Sun == 0)) {
837		OutMsg($Ttl++, $RelPath,
838		    "\tSUNW_reloc section missing\t\t<no -zcombreloc?>");
839	}
840
841	# No objects released to a customer should have any .stabs sections
842	# remaining, they should be stripped.
843	if ($opt{s} && $Stab) {
844		if (!$opt{a}) {
845			if ($File =~ $SkipStabFiles) {
846				goto DONESTAB;
847			}
848		}
849		OutMsg($Ttl++, $RelPath,
850		    "\tdebugging sections should be deleted\t<no strip -x?>");
851	}
852
853DONESTAB:
854
855	# All objects should have a full symbol table to provide complete
856	# debugging stack traces.
857	if ($Strip) {
858		OutMsg($Ttl++, $RelPath,
859		    "\tsymbol table should not be stripped\t<remove -s?>");
860	}
861}
862
863
864sub ProcDir {
865	my($FullDir, $RelDir) = @_;
866	my($NewFull, $NewRel);
867
868	# Determine if this is a directory we don't care about.
869	if (!$opt{a}) {
870		if ($RelDir =~ $SkipDirs) {
871			return;
872		}
873	}
874
875	# Open the directory and read each entry, omit files starting with "."
876	if (opendir(DIR, $FullDir)) {
877		foreach my $Entry (readdir(DIR)) {
878			if ($Entry =~ /^\./) {
879				next;
880			}
881			$NewFull = "$FullDir/$Entry";
882
883			# Ignore symlinks.
884			if (-l $NewFull) {
885				next;
886			}
887			if (!stat($NewFull)) {
888				next;
889			}
890			$NewRel = "$RelDir/$Entry";
891
892			# Descend into and process any directories.
893			if (-d _) {
894				ProcDir($NewFull, $NewRel);
895				next;
896			}
897
898			# Typically dynamic objects are executable, so we can
899			# reduce the overall cost of this script (a lot!) by
900			# screening out non-executables here, rather than pass
901			# them to file(1) later.  However, it has been known
902			# for shared objects to be mistakenly left non-
903			# executable, so with -a let all files through so that
904			# this requirement can be verified (see ProcFile()).
905			if (!$opt{a}) {
906				if (! -x _) {
907					next;
908				}
909			}
910
911			# Process any standard files.
912			if (-f _) {
913				my($Secure) = 0;
914
915				if (-u _ || -g _) {
916					$Secure = 1;
917				}
918
919				ProcFile($NewFull, $NewRel, $Entry, $Secure);
920				next;
921			}
922
923		}
924		closedir(DIR);
925	}
926}
927
928# Create a crle(1) script for any 64-bit dependencies we locate.  A runtime
929# configuration file will be generated to establish alternative dependency
930# mappings for all these dependencies.
931
932sub Entercrle64 {
933	my($FullDir, $RelDir, $Entry) = @_;
934
935	if (!$Crle64) {
936		# Create and initialize the script if is doesn't already exit.
937
938		$Crle64 = "$Tmpdir/$Prog.crle64.$$";
939		open(CRLE64, "> $Crle64") ||
940			die "$Prog: open failed: $Crle64: $!";
941
942		print CRLE64 "#!/bin/sh\ncrle -64\\\n";
943	}
944	print CRLE64 "\t-o $FullDir -a $RelDir/$Entry \\\n";
945}
946
947# Create a crle(1) script for any 32-bit dependencies we locate.  A runtime
948# configuration file will be generated to establish alternative dependency
949# mappings for all these dependencies.
950
951sub Entercrle32 {
952	my($FullDir, $RelDir, $Entry) = @_;
953
954	if (!$Crle32) {
955		# Create and initialize the script if is doesn't already exit.
956
957		$Crle32 = "$Tmpdir/$Prog.crle32.$$";
958		open(CRLE32, "> $Crle32") ||
959			die "$Prog: open failed: $Crle32: $!";
960
961		print CRLE32 "#!/bin/sh\ncrle \\\n";
962	}
963	print CRLE32 "\t-o $FullDir -a $RelDir/$Entry \\\n";
964}
965
966# Having finished gathering dependencies, complete any crle(1) scripts and
967# execute them to generate the associated runtime configuration files.  In
968# addition establish the environment variable required to pass the configuration
969# files to ldd(1).
970
971sub GenConf {
972	if ($Crle64) {
973		$Conf64 = "$Tmpdir/$Prog.conf64.$$";
974		print CRLE64 "\t-c $Conf64\n";
975
976		chmod 0755, $Crle64;
977		close CRLE64;
978
979		if (system($Crle64)) {
980			undef $Conf64;
981		}
982	}
983	if ($Crle32) {
984		$Conf32 = "$Tmpdir/$Prog.conf32.$$";
985		print CRLE32 "\t-c $Conf32\n";
986
987		chmod 0755, $Crle32;
988		close CRLE32;
989
990		if (system($Crle32)) {
991			undef $Conf32;
992		}
993	}
994
995	if ($Crle64 && $Conf64 && $Crle32 && $Conf32) {
996		$Env = "-e LD_FLAGS=config_64=$Conf64,config_32=$Conf32";
997	} elsif ($Crle64 && $Conf64) {
998		$Env = "-e LD_FLAGS=config_64=$Conf64";
999	} elsif ($Crle32 && $Conf32) {
1000		$Env = "-e LD_FLAGS=config_32=$Conf32";
1001	}
1002}
1003
1004# Recurse through a directory hierarchy looking for appropriate dependencies.
1005
1006sub GetDeps {
1007	my($FullDir, $RelDir) = @_;
1008	my($NewFull);
1009
1010	# Open the directory and read each entry, omit files starting with "."
1011	if (opendir(DIR, $FullDir)) {
1012		 foreach my $Entry (readdir(DIR)) {
1013			if ($Entry =~ /^\./) {
1014				next;
1015			}
1016			$NewFull = "$FullDir/$Entry";
1017
1018			# We need to follow links so that any dependencies
1019			# are expressed in all their available forms.
1020			# Bail on symlinks like 32 -> .
1021			if (-l $NewFull) {
1022				if (readlink($NewFull) =~ /^\.$/) {
1023					next;
1024				}
1025			}
1026			if (!stat($NewFull)) {
1027				next;
1028			}
1029
1030			# If this is a directory descend into it.
1031			if (-d _) {
1032				my($NewRel);
1033
1034				if ($RelDir =~ /^\/$/) {
1035					$NewRel = "$RelDir$Entry";
1036				} else {
1037					$NewRel = "$RelDir/$Entry";
1038				}
1039
1040				GetDeps($NewFull, $NewRel);
1041				next;
1042			}
1043
1044			# If this is a regular file determine if its a
1045			# valid ELF dependency.
1046			if (-f _) {
1047				my($File);
1048
1049				# Typically shared object dependencies end with
1050				# ".so" or ".so.?", hence we can reduce the cost
1051				# of this script (a lot!) by screening out files
1052				# that don't follow this pattern.
1053				if (!$opt{a}) {
1054					if ($Entry !~ /\.so(?:\.\d+)*$/) {
1055						next;
1056					}
1057				}
1058
1059				$File = `file $NewFull`;
1060				if ($File !~ /dynamic lib/) {
1061					next;
1062				}
1063
1064				if ($File =~ /32-bit/) {
1065					Entercrle32($FullDir, $RelDir, $Entry);
1066				} elsif ($Ena64) {
1067					Entercrle64($FullDir, $RelDir, $Entry);
1068				}
1069				next;
1070			}
1071		}
1072		closedir(DIR);
1073	}
1074}
1075exit $Error
1076