1 /* $OpenBSD: resolve.c,v 1.65 2013/11/27 21:25:25 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1998 Per Fogelstrom, Opsycon AB 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 */ 28 29 #define _DYN_LOADER 30 31 #include <sys/types.h> 32 33 #include <limits.h> 34 #include <nlist.h> 35 #include <link.h> 36 #include "syscall.h" 37 #include "archdep.h" 38 #include "path.h" 39 #include "resolve.h" 40 #include "dl_prebind.h" 41 42 /* substitution types */ 43 typedef enum { 44 SUBST_UNKNOWN, SUBST_ORIGIN, SUBST_OSNAME, SUBST_OSREL, SUBST_PLATFORM 45 } SUBST_TYPES; 46 47 elf_object_t *_dl_objects; 48 elf_object_t *_dl_last_object; 49 elf_object_t *_dl_loading_object; 50 51 /* 52 * Add a new dynamic object to the object list. 53 */ 54 void 55 _dl_add_object(elf_object_t *object) 56 { 57 /* if a .so is marked nodelete, then add a reference */ 58 if (object->obj_flags & DF_1_NODELETE && 59 (object->status & STAT_NODELETE) == 0) { 60 DL_DEB(("objname %s is nodelete\n", object->load_name)); 61 object->refcount++; 62 object->status |= STAT_NODELETE; 63 } 64 65 /* 66 * if this is a new object, prev will be NULL 67 * != NULL if an object already in the list 68 * prev == NULL for the first item in the list, but that will 69 * be the executable. 70 */ 71 if (object->prev != NULL) 72 return; 73 74 if (_dl_objects == NULL) { /* First object ? */ 75 _dl_last_object = _dl_objects = object; 76 } else { 77 _dl_last_object->next = object; 78 object->prev = _dl_last_object; 79 _dl_last_object = object; 80 } 81 } 82 83 /* 84 * Identify substitution sequence name. 85 */ 86 static int 87 _dl_subst_name(const char *name, size_t siz) { 88 switch (siz) { 89 case 5: 90 if (_dl_strncmp(name, "OSREL", 5) == 0) 91 return SUBST_OSREL; 92 break; 93 case 6: 94 if (_dl_strncmp(name, "ORIGIN", 6) == 0) 95 return SUBST_ORIGIN; 96 if (_dl_strncmp(name, "OSNAME", 6) == 0) 97 return SUBST_OSNAME; 98 break; 99 case 8: 100 if (_dl_strncmp(name, "PLATFORM", 8) == 0) 101 return SUBST_PLATFORM; 102 break; 103 } 104 105 return (SUBST_UNKNOWN); 106 } 107 108 /* 109 * Perform $ORIGIN substitutions on path 110 */ 111 static void 112 _dl_origin_subst_path(elf_object_t *object, const char *origin_path, 113 char **path) 114 { 115 char tmp_path[PATH_MAX]; 116 char *new_path, *tp; 117 const char *pp, *name, *value; 118 static struct utsname uts; 119 size_t value_len; 120 int skip_brace; 121 122 if (uts.sysname[0] == '\0') { 123 if (_dl_uname(&uts) != 0) 124 return; 125 } 126 127 tp = tmp_path; 128 pp = *path; 129 130 while (*pp != '\0' && (tp - tmp_path) < sizeof(tmp_path)) { 131 132 /* copy over chars up to but not including $ */ 133 while (*pp != '\0' && *pp != '$' && 134 (tp - tmp_path) < sizeof(tmp_path)) 135 *tp++ = *pp++; 136 137 /* substitution sequence detected */ 138 if (*pp == '$' && (tp - tmp_path) < sizeof(tmp_path)) { 139 pp++; 140 141 if ((skip_brace = (*pp == '{'))) 142 pp++; 143 144 /* skip over name */ 145 name = pp; 146 while (_dl_isalnum((unsigned char)*pp) || *pp == '_') 147 pp++; 148 149 switch (_dl_subst_name(name, pp - name)) { 150 case SUBST_ORIGIN: 151 value = origin_path; 152 break; 153 case SUBST_OSNAME: 154 value = uts.sysname; 155 break; 156 case SUBST_OSREL: 157 value = uts.release; 158 break; 159 case SUBST_PLATFORM: 160 value = uts.machine; 161 break; 162 default: 163 value = ""; 164 } 165 166 value_len = _dl_strlen(value); 167 if (value_len >= sizeof(tmp_path) - (tp - tmp_path)) 168 return; 169 170 _dl_bcopy(value, tp, value_len); 171 tp += value_len; 172 173 if (skip_brace && *pp == '}') 174 pp++; 175 } 176 } 177 178 /* no substitution made if result exceeds sizeof(tmp_path) */ 179 if (tp - tmp_path >= sizeof(tmp_path)) 180 return; 181 182 /* NULL terminate tmp_path */ 183 *tp = '\0'; 184 185 if (_dl_strcmp(tmp_path, *path) == 0) 186 return; 187 188 new_path = _dl_strdup(tmp_path); 189 if (new_path == NULL) 190 return; 191 192 DL_DEB(("orig_path %s\n", *path)); 193 DL_DEB(("new_path %s\n", new_path)); 194 195 _dl_free(*path); 196 *path = new_path; 197 } 198 199 /* 200 * Determine origin_path from object load_name. The origin_path argument 201 * must refer to a buffer capable of storing at least PATH_MAX characters. 202 * Returns 0 on success. 203 */ 204 static int 205 _dl_origin_path(elf_object_t *object, char *origin_path) 206 { 207 const char *dirname_path = _dl_dirname(object->load_name); 208 209 if (dirname_path == NULL) 210 return -1; 211 212 if (_dl_realpath(dirname_path, origin_path) == NULL) 213 return -1; 214 215 return 0; 216 } 217 218 /* 219 * Perform $ORIGIN substitutions on rpath 220 */ 221 static void 222 _dl_origin_subst(elf_object_t *object) 223 { 224 char origin_path[PATH_MAX]; 225 char **pp; 226 227 if (_dl_origin_path(object, origin_path) != 0) 228 return; 229 230 /* perform path substitutions on each segment of rpath */ 231 for (pp = object->rpath; *pp != NULL; pp++) { 232 _dl_origin_subst_path(object, origin_path, pp); 233 } 234 } 235 236 /* 237 * Initialize a new dynamic object. 238 */ 239 elf_object_t * 240 _dl_finalize_object(const char *objname, Elf_Dyn *dynp, Elf_Phdr *phdrp, 241 int phdrc, const int objtype, const long lbase, const long obase) 242 { 243 elf_object_t *object; 244 #if 0 245 _dl_printf("objname [%s], dynp %p, objtype %x lbase %lx, obase %lx\n", 246 objname, dynp, objtype, lbase, obase); 247 #endif 248 object = _dl_malloc(sizeof(elf_object_t)); 249 object->prev = object->next = NULL; 250 251 object->load_dyn = dynp; 252 while (dynp->d_tag != DT_NULL) { 253 if (dynp->d_tag < DT_NUM) 254 object->Dyn.info[dynp->d_tag] = dynp->d_un.d_val; 255 else if (dynp->d_tag >= DT_LOPROC && 256 dynp->d_tag < DT_LOPROC + DT_PROCNUM) 257 object->Dyn.info[dynp->d_tag + DT_NUM - DT_LOPROC] = 258 dynp->d_un.d_val; 259 if (dynp->d_tag == DT_TEXTREL) 260 object->dyn.textrel = 1; 261 if (dynp->d_tag == DT_SYMBOLIC) 262 object->dyn.symbolic = 1; 263 if (dynp->d_tag == DT_BIND_NOW) 264 object->obj_flags |= DF_1_NOW; 265 if (dynp->d_tag == DT_FLAGS_1) 266 object->obj_flags |= dynp->d_un.d_val; 267 if (dynp->d_tag == DT_RELACOUNT) 268 object->relacount = dynp->d_un.d_val; 269 if (dynp->d_tag == DT_RELCOUNT) 270 object->relcount = dynp->d_un.d_val; 271 dynp++; 272 } 273 DL_DEB((" flags %s = 0x%x\n", objname, object->obj_flags )); 274 object->obj_type = objtype; 275 276 if (_dl_loading_object == NULL) { 277 /* 278 * no loading object, object is the loading object, 279 * as it is either executable, or dlopened() 280 */ 281 _dl_loading_object = object; 282 } 283 284 if ((object->obj_flags & DF_1_NOOPEN) != 0 && 285 _dl_loading_object->obj_type == OBJTYPE_DLO && 286 _dl_traceld == NULL) { 287 _dl_free(object); 288 _dl_errno = DL_CANT_LOAD_OBJ; 289 return(NULL); 290 } 291 292 /* 293 * Now relocate all pointer to dynamic info, but only 294 * the ones which have pointer values. 295 */ 296 if (object->Dyn.info[DT_PLTGOT]) 297 object->Dyn.info[DT_PLTGOT] += obase; 298 if (object->Dyn.info[DT_HASH]) 299 object->Dyn.info[DT_HASH] += obase; 300 if (object->Dyn.info[DT_STRTAB]) 301 object->Dyn.info[DT_STRTAB] += obase; 302 if (object->Dyn.info[DT_SYMTAB]) 303 object->Dyn.info[DT_SYMTAB] += obase; 304 if (object->Dyn.info[DT_RELA]) 305 object->Dyn.info[DT_RELA] += obase; 306 if (object->Dyn.info[DT_SONAME]) 307 object->Dyn.info[DT_SONAME] += object->Dyn.info[DT_STRTAB]; 308 if (object->Dyn.info[DT_RPATH]) 309 object->Dyn.info[DT_RPATH] += object->Dyn.info[DT_STRTAB]; 310 if (object->Dyn.info[DT_REL]) 311 object->Dyn.info[DT_REL] += obase; 312 if (object->Dyn.info[DT_INIT]) 313 object->Dyn.info[DT_INIT] += obase; 314 if (object->Dyn.info[DT_FINI]) 315 object->Dyn.info[DT_FINI] += obase; 316 if (object->Dyn.info[DT_JMPREL]) 317 object->Dyn.info[DT_JMPREL] += obase; 318 319 if (object->Dyn.info[DT_HASH] != 0) { 320 Elf_Word *hashtab = (Elf_Word *)object->Dyn.info[DT_HASH]; 321 322 object->nbuckets = hashtab[0]; 323 object->nchains = hashtab[1]; 324 object->buckets = hashtab + 2; 325 object->chains = object->buckets + object->nbuckets; 326 } 327 328 object->phdrp = phdrp; 329 object->phdrc = phdrc; 330 object->load_base = lbase; 331 object->obj_base = obase; 332 object->load_name = _dl_strdup(objname); 333 object->load_object = _dl_loading_object; 334 if (object->load_object == object) 335 DL_DEB(("head %s\n", object->load_name)); 336 DL_DEB(("obj %s has %s as head\n", object->load_name, 337 _dl_loading_object->load_name )); 338 object->refcount = 0; 339 TAILQ_INIT(&object->child_list); 340 object->opencount = 0; /* # dlopen() & exe */ 341 object->grprefcount = 0; 342 /* default dev, inode for dlopen-able objects. */ 343 object->dev = 0; 344 object->inode = 0; 345 object->lastlookup = 0; 346 TAILQ_INIT(&object->grpsym_list); 347 TAILQ_INIT(&object->grpref_list); 348 349 if (object->dyn.rpath) { 350 object->rpath = _dl_split_path(object->dyn.rpath); 351 if ((object->obj_flags & DF_1_ORIGIN) && _dl_trust) 352 _dl_origin_subst(object); 353 } 354 355 _dl_trace_object_setup(object); 356 357 return (object); 358 } 359 360 static void 361 _dl_tailq_free(struct dep_node *n) 362 { 363 struct dep_node *next; 364 365 while (n != NULL) { 366 next = TAILQ_NEXT(n, next_sib); 367 _dl_free(n); 368 n = next; 369 } 370 } 371 372 elf_object_t *free_objects; 373 374 void 375 _dl_cleanup_objects() 376 { 377 elf_object_t *nobj, *head; 378 struct dep_node *n, *next; 379 380 n = TAILQ_FIRST(&_dlopened_child_list); 381 while (n != NULL) { 382 next = TAILQ_NEXT(n, next_sib); 383 if (OBJECT_DLREF_CNT(n->data) == 0) { 384 TAILQ_REMOVE(&_dlopened_child_list, n, next_sib); 385 _dl_free(n); 386 } 387 n = next; 388 } 389 390 head = free_objects; 391 free_objects = NULL; 392 while (head != NULL) { 393 if (head->load_name) 394 _dl_free(head->load_name); 395 if (head->sod.sod_name) 396 _dl_free((char *)head->sod.sod_name); 397 if (head->rpath) 398 _dl_free_path(head->rpath); 399 _dl_tailq_free(TAILQ_FIRST(&head->grpsym_list)); 400 _dl_tailq_free(TAILQ_FIRST(&head->child_list)); 401 _dl_tailq_free(TAILQ_FIRST(&head->grpref_list)); 402 nobj = head->next; 403 _dl_free(head); 404 head = nobj; 405 } 406 } 407 408 void 409 _dl_remove_object(elf_object_t *object) 410 { 411 object->prev->next = object->next; 412 if (object->next) 413 object->next->prev = object->prev; 414 415 if (_dl_last_object == object) 416 _dl_last_object = object->prev; 417 418 object->next = free_objects; 419 free_objects = object; 420 } 421 422 423 sym_cache *_dl_symcache; 424 int _dl_symcachestat_hits; 425 int _dl_symcachestat_lookups; 426 427 428 Elf_Addr 429 _dl_find_symbol_bysym(elf_object_t *req_obj, unsigned int symidx, 430 const Elf_Sym **this, int flags, const Elf_Sym *ref_sym, const elf_object_t **pobj) 431 { 432 Elf_Addr ret; 433 const Elf_Sym *sym; 434 const char *symn; 435 const elf_object_t *sobj; 436 437 _dl_symcachestat_lookups ++; 438 if (_dl_symcache != NULL && 439 symidx < req_obj->nchains && 440 _dl_symcache[symidx].obj != NULL && 441 _dl_symcache[symidx].sym != NULL && 442 _dl_symcache[symidx].flags == flags) { 443 444 _dl_symcachestat_hits++; 445 sobj = _dl_symcache[symidx].obj; 446 *this = _dl_symcache[symidx].sym; 447 if (pobj) 448 *pobj = sobj; 449 if (_dl_prebind_validate) /* XXX */ 450 prebind_validate(req_obj, symidx, flags, ref_sym); 451 return sobj->obj_base; 452 } 453 454 sym = req_obj->dyn.symtab; 455 sym += symidx; 456 symn = req_obj->dyn.strtab + sym->st_name; 457 458 ret = _dl_find_symbol(symn, this, flags, ref_sym, req_obj, &sobj); 459 460 if (pobj) 461 *pobj = sobj; 462 463 if (_dl_symcache != NULL && symidx < req_obj->nchains) { 464 #if 0 465 DL_DEB(("cache miss %d %p %p, %p %p %s %s %d %d %s\n", 466 symidx, 467 _dl_symcache[symidx].sym, *this, 468 _dl_symcache[symidx].obj, sobj, sobj->load_name, 469 sobj->dyn.strtab + (*this)->st_name, 470 _dl_symcache[symidx].flags, flags, req_obj->load_name)); 471 #endif 472 473 _dl_symcache[symidx].sym = *this; 474 _dl_symcache[symidx].obj = sobj; 475 _dl_symcache[symidx].flags = flags; 476 } 477 478 return ret; 479 } 480 481 int _dl_searchnum = 0; 482 void 483 _dl_newsymsearch(void) 484 { 485 _dl_searchnum += 1; 486 487 if (_dl_searchnum < 0) { 488 /* 489 * If the signed number rolls over, reset all counters so 490 * we dont get accidental collision. 491 */ 492 elf_object_t *walkobj; 493 for (walkobj = _dl_objects; 494 walkobj != NULL; 495 walkobj = walkobj->next) { 496 walkobj->lastlookup = 0; 497 } 498 _dl_searchnum = 1; 499 } 500 } 501 502 static int 503 _dl_find_symbol_obj(elf_object_t *object, const char *name, unsigned long hash, 504 int flags, const Elf_Sym **this, const Elf_Sym **weak_sym, 505 elf_object_t **weak_object) 506 { 507 const Elf_Sym *symt = object->dyn.symtab; 508 const char *strt = object->dyn.strtab; 509 long si; 510 const char *symn; 511 512 for (si = object->buckets[hash % object->nbuckets]; 513 si != STN_UNDEF; si = object->chains[si]) { 514 const Elf_Sym *sym = symt + si; 515 516 if (sym->st_value == 0) 517 continue; 518 519 if (ELF_ST_TYPE(sym->st_info) != STT_NOTYPE && 520 ELF_ST_TYPE(sym->st_info) != STT_OBJECT && 521 ELF_ST_TYPE(sym->st_info) != STT_FUNC) 522 continue; 523 524 symn = strt + sym->st_name; 525 if (sym != *this && _dl_strcmp(symn, name)) 526 continue; 527 528 /* allow this symbol if we are referring to a function 529 * which has a value, even if section is UNDEF. 530 * this allows &func to refer to PLT as per the 531 * ELF spec. st_value is checked above. 532 * if flags has SYM_PLT set, we must have actual 533 * symbol, so this symbol is skipped. 534 */ 535 if (sym->st_shndx == SHN_UNDEF) { 536 if ((flags & SYM_PLT) || sym->st_value == 0 || 537 ELF_ST_TYPE(sym->st_info) != STT_FUNC) 538 continue; 539 } 540 541 if (ELF_ST_BIND(sym->st_info) == STB_GLOBAL) { 542 *this = sym; 543 return 1; 544 } else if (ELF_ST_BIND(sym->st_info) == STB_WEAK) { 545 if (!*weak_sym) { 546 *weak_sym = sym; 547 *weak_object = object; 548 } 549 } 550 } 551 return 0; 552 } 553 554 Elf_Addr 555 _dl_find_symbol(const char *name, const Elf_Sym **this, 556 int flags, const Elf_Sym *ref_sym, elf_object_t *req_obj, 557 const elf_object_t **pobj) 558 { 559 const Elf_Sym *weak_sym = NULL; 560 unsigned long h = 0; 561 const char *p = name; 562 elf_object_t *object = NULL, *weak_object = NULL; 563 int found = 0; 564 struct dep_node *n, *m; 565 566 567 while (*p) { 568 unsigned long g; 569 h = (h << 4) + *p++; 570 if ((g = h & 0xf0000000)) 571 h ^= g >> 24; 572 h &= ~g; 573 } 574 575 if (req_obj->dyn.symbolic) 576 if (_dl_find_symbol_obj(req_obj, name, h, flags, this, &weak_sym, 577 &weak_object)) { 578 object = req_obj; 579 found = 1; 580 goto found; 581 } 582 583 if (flags & SYM_SEARCH_OBJ) { 584 if (_dl_find_symbol_obj(req_obj, name, h, flags, this, 585 &weak_sym, &weak_object)) { 586 object = req_obj; 587 found = 1; 588 } 589 } else if (flags & SYM_DLSYM) { 590 if (_dl_find_symbol_obj(req_obj, name, h, flags, this, 591 &weak_sym, &weak_object)) { 592 object = req_obj; 593 found = 1; 594 } 595 if (weak_object != NULL && found == 0) { 596 object=weak_object; 597 *this = weak_sym; 598 found = 1; 599 } 600 /* search dlopened obj and all children */ 601 602 if (found == 0) { 603 TAILQ_FOREACH(n, &req_obj->load_object->grpsym_list, 604 next_sib) { 605 if (_dl_find_symbol_obj(n->data, name, h, 606 flags, this, 607 &weak_sym, &weak_object)) { 608 object = n->data; 609 found = 1; 610 break; 611 } 612 } 613 } 614 } else { 615 int skip = 0; 616 617 if ((flags & SYM_SEARCH_SELF) || (flags & SYM_SEARCH_NEXT)) 618 skip = 1; 619 620 _dl_newsymsearch(); 621 622 /* 623 * search dlopened objects: global or req_obj == dlopened_obj 624 * and and it's children 625 */ 626 TAILQ_FOREACH(n, &_dlopened_child_list, next_sib) { 627 if (((n->data->obj_flags & DF_1_GLOBAL) == 0) && 628 (n->data != req_obj->load_object)) 629 continue; 630 631 n->data->lastlookup_head = _dl_searchnum; 632 TAILQ_FOREACH(m, &n->data->grpsym_list, next_sib) { 633 if (skip == 1) { 634 if (m->data == req_obj) { 635 skip = 0; 636 if (flags & SYM_SEARCH_NEXT) 637 continue; 638 } else 639 continue; 640 } 641 if ((flags & SYM_SEARCH_OTHER) && 642 (m->data == req_obj)) 643 continue; 644 m->data->lastlookup = _dl_searchnum; 645 if (_dl_find_symbol_obj(m->data, name, h, flags, 646 this, &weak_sym, &weak_object)) { 647 object = m->data; 648 found = 1; 649 goto found; 650 } 651 } 652 } 653 } 654 655 found: 656 if (weak_object != NULL && found == 0) { 657 object=weak_object; 658 *this = weak_sym; 659 found = 1; 660 } 661 662 663 if (found == 0) { 664 if ((ref_sym == NULL || 665 (ELF_ST_BIND(ref_sym->st_info) != STB_WEAK)) && 666 (flags & SYM_WARNNOTFOUND)) 667 _dl_printf("%s:%s: undefined symbol '%s'\n", 668 _dl_progname, req_obj->load_name, name); 669 return (0); 670 } 671 672 if (ref_sym != NULL && ref_sym->st_size != 0 && 673 (ref_sym->st_size != (*this)->st_size) && 674 (ELF_ST_TYPE((*this)->st_info) != STT_FUNC) ) { 675 _dl_printf("%s:%s: %s : WARNING: " 676 "symbol(%s) size mismatch, relink your program\n", 677 _dl_progname, req_obj->load_name, 678 object->load_name, name); 679 } 680 681 if (pobj) 682 *pobj = object; 683 684 return (object->obj_base); 685 } 686 687 void 688 _dl_debug_state(void) 689 { 690 /* Debugger stub */ 691 } 692