/* * la_activity() caller. Traverse through all audit libraries and call any * la_activity() entry points found. */ static void _audit_activity(APlist *list, Rt_map *clmp, uint_t flags, Boolean client) { Audit_list *alp; Aliste idx; Lm_list *clml = LIST(clmp); for (APLIST_TRAVERSE(list, idx, alp)) { Audit_client *acp; Rt_map *almp = alp->al_lmp; Lm_list *alml = LIST(almp); uintptr_t *cookie; if (alp->al_activity == 0) continue; /* * Determine what cookie is required. Any auditing that * originates from the object that heads the link-map list has * its own cookie. Local auditors must obtain the cookie that * represents the object that heads the link-map list. */ if (client) acp = _audit_client(AUDINFO(clmp), almp); else acp = _audit_get_head_client(clml->lm_head, almp); if (acp == NULL) continue; cookie = &(acp->ac_cookie); /* * Make sure the audit library only sees one addition/deletion * at a time. This ensures the library doesn't see numerous * events from lazy loading a series of libraries. Keep track * of this caller having called an auditor, so that the * appropriate "consistent" event can be supplied on leaving * ld.so.1. */ if ((flags == LA_ACT_ADD) || (flags == LA_ACT_DELETE)) { if (alml->lm_flags & LML_FLG_AUDITNOTIFY) continue; alml->lm_flags |= LML_FLG_AUDITNOTIFY; clml->lm_flags |= LML_FLG_ACTAUDIT; } else { if ((alml->lm_flags & LML_FLG_AUDITNOTIFY) == 0) continue; alml->lm_flags &= ~LML_FLG_AUDITNOTIFY; } DBG_CALL(Dbg_audit_activity(clml, alp->al_libname, NAME(clml->lm_head), flags)); leave(alml, thr_flg_reenter); (*alp->al_activity)(cookie, flags); (void) enter(thr_flg_reenter); } }
audit_symget(Audit_list * alp, int info) { Rt_map *_lmp, *lmp = alp->al_lmp; const char *sname = MSG_ORIG(aud_info[info].sname); uint_t alflag = aud_info[info].alflag; uint_t auflag = aud_info[info].auflag; uint_t binfo; Sym *sym; Slookup sl; sl.sl_name = sname; sl.sl_cmap = lml_rtld.lm_head; sl.sl_imap = lmp; sl.sl_hash = 0; sl.sl_rsymndx = 0; sl.sl_flags = LKUP_FIRST; if (sym = LM_LOOKUP_SYM(lmp)(&sl, &_lmp, &binfo)) { Addr addr = sym->st_value; if (!(FLAGS(lmp) & FLG_RT_FIXED)) addr += ADDR(lmp); if (alflag) alp->al_flags |= alflag; if (auflag) audit_flags |= auflag; DBG_CALL(Dbg_audit_interface(LIST(alp->al_lmp), alp->al_libname, sname)); return (addr); } else return (0); }
/* * la_objopen() caller. Create an audit information structure for the indicated * link-map, regardless of an la_objopen() entry point. This structure is used * to supply information to various audit interfaces (see LML_MSK_AUDINFO). * Traverses through all audit library and calls any la_objopen() entry points * found. */ static int _audit_objopen(List *list, Rt_map *nlmp, Lmid_t lmid, Audit_info *aip, int *ndx) { Audit_list *alp; Listnode *lnp; for (LIST_TRAVERSE(list, lnp, alp)) { uint_t flags; Audit_client *acp; /* * Associate a cookie with the audit library, and assign the * initial cookie as the present link-map. */ acp = &aip->ai_clients[(*ndx)++]; acp->ac_lmp = alp->al_lmp; acp->ac_cookie = (uintptr_t)nlmp; if (alp->al_objopen == 0) continue; DBG_CALL(Dbg_audit_object(LIST(alp->al_lmp), alp->al_libname, NAME(nlmp))); leave(LIST(alp->al_lmp)); flags = (*alp->al_objopen)((Link_map *)nlmp, lmid, &(acp->ac_cookie)); (void) enter(); if (flags & LA_FLG_BINDTO) acp->ac_flags |= FLG_AC_BINDTO; if (flags & LA_FLG_BINDFROM) { ulong_t pltcnt; acp->ac_flags |= FLG_AC_BINDFROM; /* * We only need dynamic plt's if a pltenter and/or a * pltexit() entry point exist in one of our auditing * libraries. */ if (aip->ai_dynplts || (JMPREL(nlmp) == 0) || ((audit_flags & (AF_PLTENTER | AF_PLTEXIT)) == 0)) continue; /* * Create one dynplt for every 'PLT' that exists in the * object. */ pltcnt = PLTRELSZ(nlmp) / RELENT(nlmp); if ((aip->ai_dynplts = calloc(pltcnt, dyn_plt_ent_size)) == 0) return (0); } } return (1); }
/* * la_objsearch() caller. Traverse through all audit libraries and call any * la_objsearch() entry points found. * * Effectively any audit library can change the name we're working with, so we * continue to propagate the new name to each audit library. Any 0 return * terminates the search. */ static char * _audit_objsearch(APlist *list, char *oname, Rt_map *clmp, uint_t flags) { Audit_list *alp; Aliste idx; Lm_list *clml = LIST(clmp); for (APLIST_TRAVERSE(list, idx, alp)) { Audit_client *acp; Rt_map *almp = alp->al_lmp; Lm_list *alml = LIST(almp); char *nname = oname; if (alp->al_objsearch == NULL) continue; if ((acp = _audit_client(AUDINFO(clmp), almp)) == NULL) continue; DBG_CALL(Dbg_audit_objsearch(clml, DBG_AUD_CALL, alp->al_libname, nname, flags, NULL)); leave(alml, thr_flg_reenter); nname = (*alp->al_objsearch)(nname, &(acp->ac_cookie), flags); (void) enter(thr_flg_reenter); /* * Diagnose any return name that differs from the original name * passed to the auditor. */ if (nname && (nname[0] == '\0')) nname = NULL; if ((nname != oname) || strcmp(nname, oname)) DBG_CALL(Dbg_audit_objsearch(clml, DBG_AUD_RET, alp->al_libname, oname, flags, nname)); if ((oname = nname) == NULL) break; } return (oname); }
/* * Plt writing interface to allow debugging initialization to be generic. */ Pltbindtype /* ARGSUSED1 */ elf_plt_write(uintptr_t addr, uintptr_t vaddr, void *rptr, uintptr_t symval, Xword pltndx) { Rel *rel = (Rel*)rptr; uintptr_t pltaddr; pltaddr = addr + rel->r_offset; *(ulong_t *)pltaddr = (ulong_t)symval; DBG_CALL(pltcntfull++); return (PLT_T_FULL); }
/* * la_filter() caller. Traverse through all audit libraries and call any * la_filter() entry points found. A zero return from an auditor indicates * that the filtee should be ignored. */ static int _audit_objfilter(APlist *list, Rt_map *frlmp, const char *ref, Rt_map *felmp, uint_t flags) { Audit_list *alp; Aliste idx; Lm_list *frlml = LIST(frlmp); for (APLIST_TRAVERSE(list, idx, alp)) { Audit_client *fracp, *feacp; Rt_map *almp = alp->al_lmp; Lm_list *alml = LIST(almp); int ret; if (alp->al_objfilter == NULL) continue; if ((fracp = _audit_client(AUDINFO(frlmp), almp)) == NULL) continue; if ((feacp = _audit_client(AUDINFO(felmp), almp)) == NULL) continue; DBG_CALL(Dbg_audit_objfilter(frlml, DBG_AUD_CALL, alp->al_libname, NAME(frlmp), NAME(felmp), ref)); leave(alml, thr_flg_reenter); ret = (*alp->al_objfilter)(&(fracp->ac_cookie), ref, &(feacp->ac_cookie), flags); (void) enter(thr_flg_reenter); if (ret == 0) { DBG_CALL(Dbg_audit_objfilter(frlml, DBG_AUD_RET, alp->al_libname, NAME(frlmp), NULL, NULL)); return (0); } } return (1); }
void tls_modaddrem(Rt_map *lmp, uint_t flag) { Lm_list *lml = LIST(lmp); TLS_modinfo tmi; Phdr *tlsphdr; void (*fptr)(TLS_modinfo *); if (flag & TM_FLG_MODADD) { fptr = (void (*)())lml->lm_lcs[CI_TLS_MODADD].lc_un.lc_func; } else if (FLAGS1(lmp) & FL1_RT_TLSADD) { fptr = (void (*)())lml->lm_lcs[CI_TLS_MODREM].lc_un.lc_func; } else { return; } tlsphdr = PTTLS(lmp); bzero(&tmi, sizeof (tmi)); tmi.tm_modname = PATHNAME(lmp); tmi.tm_modid = TLSMODID(lmp); tmi.tm_tlsblock = (void *)(tlsphdr->p_vaddr); if (!(FLAGS(lmp) & FLG_RT_FIXED)) tmi.tm_tlsblock = (void *)((uintptr_t)tmi.tm_tlsblock + ADDR(lmp)); tmi.tm_filesz = tlsphdr->p_filesz; tmi.tm_memsz = tlsphdr->p_memsz; tmi.tm_flags = 0; tmi.tm_stattlsoffset = 0; DBG_CALL(Dbg_tls_modactivity(LIST(lmp), &tmi, flag)); (*fptr)(&tmi); /* * Tag that this link-map has registered its TLS, and, if this object * is being removed, free up the module id. */ FLAGS1(lmp) |= FL1_RT_TLSADD; if (flag & TM_FLG_MODREM) tls_freemodid(TLSMODID(lmp)); }
int elf_copy_gen(Rt_map *lmp) { if (interp && ((ulong_t)interp->i_faddr != r_debug.rtd_rdebug.r_ldbase) && !(strcmp(interp->i_name, MSG_ORIG(MSG_PTH_LIBC)))) { DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, 0, DBG_REL_START)); if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_CTYPE), lmp, (Rt_map *)NEXT(lmp)) == 0) return (0); if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_IOB), lmp, (Rt_map *)NEXT(lmp)) == 0) return (0); } return (1); }
/* * la_pltenter() caller. Traverses through all audit library and calls any * la_pltenter() entry points found. NOTE: this routine is called via the * glue code established in elf_plt_trace_write(), the symbol descriptor is * created as part of the glue and for 32bit environments the st_name is a * pointer to the real symbol name (ie. it's already been adjusted with the * objects base offset). For 64bit environments the st_name remains the * original symbol offset and in this case it is used to compute the real name * pointer and pass as a separate argument to the auditor. */ static void _audit_pltenter(List *list, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, uint_t ndx, void *regs, uint_t *flags) { Audit_list *alp; Listnode *lnp; #if defined(_ELF64) const char *name = (const char *)(sym->st_name + STRTAB(dlmp)); #else const char *name = (const char *)(sym->st_name); #endif for (LIST_TRAVERSE(list, lnp, alp)) { Audit_client *racp, *dacp; Addr prev = sym->st_value; if (alp->al_pltenter == 0) continue; if ((racp = _audit_client(AUDINFO(rlmp), alp->al_lmp)) == 0) continue; if ((dacp = _audit_client(AUDINFO(dlmp), alp->al_lmp)) == 0) continue; if (((racp->ac_flags & FLG_AC_BINDFROM) == 0) || ((dacp->ac_flags & FLG_AC_BINDTO) == 0)) continue; leave(LIST(alp->al_lmp)); sym->st_value = (Addr)(*alp->al_pltenter)(sym, ndx, &(racp->ac_cookie), &(dacp->ac_cookie), regs, #if defined(_ELF64) flags, name); #else flags); #endif (void) enter(); DBG_CALL(Dbg_audit_symval(LIST(alp->al_lmp), alp->al_libname, MSG_ORIG(MSG_AUD_PLTENTER), name, prev, sym->st_name)); } }
char * audit_objsearch(Rt_map *clmp, const char *name, uint_t flags) { char *nname = (char *)name; int appl = 0; if ((rtld_flags & RT_FL_APPLIC) == 0) appl = rtld_flags |= RT_FL_APPLIC; if (auditors && (auditors->ad_flags & LML_TFLG_AUD_OBJSEARCH)) nname = _audit_objsearch(&(auditors->ad_list), nname, clmp, flags); if (nname && AUDITORS(clmp) && (AUDITORS(clmp)->ad_flags & LML_TFLG_AUD_OBJSEARCH)) nname = _audit_objsearch(&(AUDITORS(clmp)->ad_list), nname, clmp, flags); if (appl) rtld_flags &= ~RT_FL_APPLIC; DBG_CALL(Dbg_libs_audit(LIST(clmp), name, nname)); return (nname); }
/* * Warning message for bad move target. */ void elf_move_bad(Lm_list *lml, Rt_map *lmp, Sym *sym, ulong_t num, Addr addr) { const char *name; int trace; trace = (lml->lm_flags & LML_FLG_TRC_ENABLE) && (((rtld_flags & RT_FL_SILENCERR) == 0) || (lml->lm_flags & (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_WARN))); if ((trace == 0) && (DBG_ENABLED == 0)) return; if (ELF_ST_BIND(sym->st_info) != STB_LOCAL) name = (const char *)(STRTAB(lmp) + sym->st_name); else name = MSG_INTL(MSG_STR_UNKNOWN); if (trace) (void) printf(MSG_INTL(MSG_LDD_MOVE_ERR), EC_XWORD(num), name, EC_ADDR(addr)); else DBG_CALL(Dbg_move_bad(lml, num, name, addr)); }
char * audit_objsearch(Rt_map *clmp, const char *name, uint_t flags) { char *nname = (char *)name; uint_t rtldflags; if (rt_critical()) return (nname); APPLICATION_ENTER(rtldflags); if (auditors && (auditors->ad_flags & LML_TFLG_AUD_OBJSEARCH)) nname = _audit_objsearch(auditors->ad_list, nname, clmp, flags); if (nname && AUDITORS(clmp) && (AUDITORS(clmp)->ad_flags & LML_TFLG_AUD_OBJSEARCH)) nname = _audit_objsearch(AUDITORS(clmp)->ad_list, nname, clmp, flags); APPLICATION_RETURN(rtldflags); DBG_CALL(Dbg_libs_audit(LIST(clmp), name, nname)); return (nname); }
/* * la_objclose() caller. Traverse through all audit libraries and call any * la_objclose() entry points found. */ void _audit_objclose(APlist *list, Rt_map *lmp) { Audit_list *alp; Aliste idx; Lm_list *lml = LIST(lmp); for (APLIST_TRAVERSE(list, idx, alp)) { Audit_client *acp; Rt_map *almp = alp->al_lmp; Lm_list *alml = LIST(almp); if (alp->al_objclose == NULL) continue; if ((acp = _audit_client(AUDINFO(lmp), almp)) == NULL) continue; DBG_CALL(Dbg_audit_objclose(lml, alp->al_libname, NAME(lmp))); leave(alml, thr_flg_reenter); (*alp->al_objclose)(&(acp->ac_cookie)); (void) enter(thr_flg_reenter); } }
/* * Read and process the relocations for one link object, we assume all * relocation sections for loadable segments are stored contiguously in * the file. */ int elf_reloc(Rt_map *lmp, uint_t plt, int *in_nfavl, APlist **textrel) { ulong_t relbgn, relend, relsiz, basebgn, pltbgn, pltend; ulong_t _pltbgn, _pltend; ulong_t dsymndx, roffset, rsymndx, psymndx = 0; uchar_t rtype; long value, pvalue; Sym *symref, *psymref, *symdef, *psymdef; Syminfo *sip; char *name, *pname; Rt_map *_lmp, *plmp; int ret = 1, noplt = 0; int relacount = RELACOUNT(lmp), plthint = 0; Rel *rel; uint_t binfo, pbinfo; APlist *bound = NULL; /* * Although only necessary for lazy binding, initialize the first * global offset entry to go to elf_rtbndr(). dbx(1) seems * to find this useful. */ if ((plt == 0) && PLTGOT(lmp)) { mmapobj_result_t *mpp; /* * Make sure the segment is writable. */ if ((((mpp = find_segment((caddr_t)PLTGOT(lmp), lmp)) != NULL) && ((mpp->mr_prot & PROT_WRITE) == 0)) && ((set_prot(lmp, mpp, 1) == 0) || (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) return (0); elf_plt_init(PLTGOT(lmp), (caddr_t)lmp); } /* * Initialize the plt start and end addresses. */ if ((pltbgn = (ulong_t)JMPREL(lmp)) != 0) pltend = pltbgn + (ulong_t)(PLTRELSZ(lmp)); relsiz = (ulong_t)(RELENT(lmp)); basebgn = ADDR(lmp); if (PLTRELSZ(lmp)) plthint = PLTRELSZ(lmp) / relsiz; /* * If we've been called upon to promote an RTLD_LAZY object to an * RTLD_NOW then we're only interested in scaning the .plt table. * An uninitialized .plt is the case where the associated got entry * points back to the plt itself. Determine the range of the real .plt * entries using the _PROCEDURE_LINKAGE_TABLE_ symbol. */ if (plt) { Slookup sl; Sresult sr; relbgn = pltbgn; relend = pltend; if (!relbgn || (relbgn == relend)) return (1); /* * Initialize the symbol lookup, and symbol result, data * structures. */ SLOOKUP_INIT(sl, MSG_ORIG(MSG_SYM_PLT), lmp, lmp, ld_entry_cnt, elf_hash(MSG_ORIG(MSG_SYM_PLT)), 0, 0, 0, LKUP_DEFT); SRESULT_INIT(sr, MSG_ORIG(MSG_SYM_PLT)); if (elf_find_sym(&sl, &sr, &binfo, NULL) == 0) return (1); symdef = sr.sr_sym; _pltbgn = symdef->st_value; if (!(FLAGS(lmp) & FLG_RT_FIXED) && (symdef->st_shndx != SHN_ABS)) _pltbgn += basebgn; _pltend = _pltbgn + (((PLTRELSZ(lmp) / relsiz)) * M_PLT_ENTSIZE) + M_PLT_RESERVSZ; } else { /* * The relocation sections appear to the run-time linker as a * single table. Determine the address of the beginning and end * of this table. There are two different interpretations of * the ABI at this point: * * o The REL table and its associated RELSZ indicate the * concatenation of *all* relocation sections (this is the * model our link-editor constructs). * * o The REL table and its associated RELSZ indicate the * concatenation of all *but* the .plt relocations. These * relocations are specified individually by the JMPREL and * PLTRELSZ entries. * * Determine from our knowledege of the relocation range and * .plt range, the range of the total relocation table. Note * that one other ABI assumption seems to be that the .plt * relocations always follow any other relocations, the * following range checking drops that assumption. */ relbgn = (ulong_t)(REL(lmp)); relend = relbgn + (ulong_t)(RELSZ(lmp)); if (pltbgn) { if (!relbgn || (relbgn > pltbgn)) relbgn = pltbgn; if (!relbgn || (relend < pltend)) relend = pltend; } } if (!relbgn || (relbgn == relend)) { DBG_CALL(Dbg_reloc_run(lmp, 0, plt, DBG_REL_NONE)); return (1); } DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, plt, DBG_REL_START)); /* * If we're processing a dynamic executable in lazy mode there is no * need to scan the .rel.plt table, however if we're processing a shared * object in lazy mode the .got addresses associated to each .plt must * be relocated to reflect the location of the shared object. */ if (pltbgn && ((MODE(lmp) & RTLD_NOW) == 0) && (FLAGS(lmp) & FLG_RT_FIXED)) noplt = 1; sip = SYMINFO(lmp); /* * Loop through relocations. */ while (relbgn < relend) { mmapobj_result_t *mpp; uint_t sb_flags = 0; rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); /* * If this is a RELATIVE relocation in a shared object (the * common case), and if we are not debugging, then jump into a * tighter relocation loop (elf_reloc_relative). */ if ((rtype == R_386_RELATIVE) && ((FLAGS(lmp) & FLG_RT_FIXED) == 0) && (DBG_ENABLED == 0)) { if (relacount) { relbgn = elf_reloc_relative_count(relbgn, relacount, relsiz, basebgn, lmp, textrel, 0); relacount = 0; } else { relbgn = elf_reloc_relative(relbgn, relend, relsiz, basebgn, lmp, textrel, 0); } if (relbgn >= relend) break; rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); } roffset = ((Rel *)relbgn)->r_offset; /* * If this is a shared object, add the base address to offset. */ if (!(FLAGS(lmp) & FLG_RT_FIXED)) { /* * If we're processing lazy bindings, we have to step * through the plt entries and add the base address * to the corresponding got entry. */ if (plthint && (plt == 0) && (rtype == R_386_JMP_SLOT) && ((MODE(lmp) & RTLD_NOW) == 0)) { relbgn = elf_reloc_relative_count(relbgn, plthint, relsiz, basebgn, lmp, textrel, 0); plthint = 0; continue; } roffset += basebgn; } rsymndx = ELF_R_SYM(((Rel *)relbgn)->r_info); rel = (Rel *)relbgn; relbgn += relsiz; /* * Optimizations. */ if (rtype == R_386_NONE) continue; if (noplt && ((ulong_t)rel >= pltbgn) && ((ulong_t)rel < pltend)) { relbgn = pltend; continue; } /* * If we're promoting plts, determine if this one has already * been written. */ if (plt && ((*(ulong_t *)roffset < _pltbgn) || (*(ulong_t *)roffset > _pltend))) continue; /* * If this relocation is not against part of the image * mapped into memory we skip it. */ if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) { elf_reloc_bad(lmp, (void *)rel, rtype, roffset, rsymndx); continue; } binfo = 0; /* * If a symbol index is specified then get the symbol table * entry, locate the symbol definition, and determine its * address. */ if (rsymndx) { /* * If a Syminfo section is provided, determine if this * symbol is deferred, and if so, skip this relocation. */ if (sip && is_sym_deferred((ulong_t)rel, basebgn, lmp, textrel, sip, rsymndx)) continue; /* * Get the local symbol table entry. */ symref = (Sym *)((ulong_t)SYMTAB(lmp) + (rsymndx * SYMENT(lmp))); /* * If this is a local symbol, just use the base address. * (we should have no local relocations in the * executable). */ if (ELF_ST_BIND(symref->st_info) == STB_LOCAL) { value = basebgn; name = NULL; /* * Special case TLS relocations. */ if (rtype == R_386_TLS_DTPMOD32) { /* * Use the TLS modid. */ value = TLSMODID(lmp); } else if (rtype == R_386_TLS_TPOFF) { if ((value = elf_static_tls(lmp, symref, rel, rtype, 0, roffset, 0)) == 0) { ret = 0; break; } } } else { /* * If the symbol index is equal to the previous * symbol index relocation we processed then * reuse the previous values. (Note that there * have been cases where a relocation exists * against a copy relocation symbol, our ld(1) * should optimize this away, but make sure we * don't use the same symbol information should * this case exist). */ if ((rsymndx == psymndx) && (rtype != R_386_COPY)) { /* LINTED */ if (psymdef == 0) { DBG_CALL(Dbg_bind_weak(lmp, (Addr)roffset, (Addr) (roffset - basebgn), name)); continue; } /* LINTED */ value = pvalue; /* LINTED */ name = pname; /* LINTED */ symdef = psymdef; /* LINTED */ symref = psymref; /* LINTED */ _lmp = plmp; /* LINTED */ binfo = pbinfo; if ((LIST(_lmp)->lm_tflags | AFLAGS(_lmp)) & LML_TFLG_AUD_SYMBIND) { value = audit_symbind(lmp, _lmp, /* LINTED */ symdef, dsymndx, value, &sb_flags); } } else { Slookup sl; Sresult sr; /* * Lookup the symbol definition. * Initialize the symbol lookup, and * symbol result, data structures. */ name = (char *)(STRTAB(lmp) + symref->st_name); SLOOKUP_INIT(sl, name, lmp, 0, ld_entry_cnt, 0, rsymndx, symref, rtype, LKUP_STDRELOC); SRESULT_INIT(sr, name); symdef = NULL; if (lookup_sym(&sl, &sr, &binfo, in_nfavl)) { name = (char *)sr.sr_name; _lmp = sr.sr_dmap; symdef = sr.sr_sym; } /* * If the symbol is not found and the * reference was not to a weak symbol, * report an error. Weak references * may be unresolved. */ /* BEGIN CSTYLED */ if (symdef == 0) { if (sl.sl_bind != STB_WEAK) { if (elf_reloc_error(lmp, name, rel, binfo)) continue; ret = 0; break; } else { psymndx = rsymndx; psymdef = 0; DBG_CALL(Dbg_bind_weak(lmp, (Addr)roffset, (Addr) (roffset - basebgn), name)); continue; } } /* END CSTYLED */ /* * If symbol was found in an object * other than the referencing object * then record the binding. */ if ((lmp != _lmp) && ((FLAGS1(_lmp) & FL1_RT_NOINIFIN) == 0)) { if (aplist_test(&bound, _lmp, AL_CNT_RELBIND) == 0) { ret = 0; break; } } /* * Calculate the location of definition; * symbol value plus base address of * containing shared object. */ if (IS_SIZE(rtype)) value = symdef->st_size; else value = symdef->st_value; if (!(FLAGS(_lmp) & FLG_RT_FIXED) && !(IS_SIZE(rtype)) && (symdef->st_shndx != SHN_ABS) && (ELF_ST_TYPE(symdef->st_info) != STT_TLS)) value += ADDR(_lmp); /* * Retain this symbol index and the * value in case it can be used for the * subsequent relocations. */ if (rtype != R_386_COPY) { psymndx = rsymndx; pvalue = value; pname = name; psymdef = symdef; psymref = symref; plmp = _lmp; pbinfo = binfo; } if ((LIST(_lmp)->lm_tflags | AFLAGS(_lmp)) & LML_TFLG_AUD_SYMBIND) { dsymndx = (((uintptr_t)symdef - (uintptr_t)SYMTAB(_lmp)) / SYMENT(_lmp)); value = audit_symbind(lmp, _lmp, symdef, dsymndx, value, &sb_flags); } } /* * If relocation is PC-relative, subtract * offset address. */ if (IS_PC_RELATIVE(rtype)) value -= roffset; /* * Special case TLS relocations. */ if (rtype == R_386_TLS_DTPMOD32) { /* * Relocation value is the TLS modid. */ value = TLSMODID(_lmp); } else if (rtype == R_386_TLS_TPOFF) { if ((value = elf_static_tls(_lmp, symdef, rel, rtype, name, roffset, value)) == 0) { ret = 0; break; } } } } else { /* * Special cases. */ if (rtype == R_386_TLS_DTPMOD32) { /* * TLS relocation value is the TLS modid. */ value = TLSMODID(lmp); } else value = basebgn; name = NULL; } DBG_CALL(Dbg_reloc_in(LIST(lmp), ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, NULL, 0, name)); /* * Make sure the segment is writable. */ if (((mpp->mr_prot & PROT_WRITE) == 0) && ((set_prot(lmp, mpp, 1) == 0) || (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) { ret = 0; break; } /* * Call relocation routine to perform required relocation. */ switch (rtype) { case R_386_COPY: if (elf_copy_reloc(name, symref, lmp, (void *)roffset, symdef, _lmp, (const void *)value) == 0) ret = 0; break; case R_386_JMP_SLOT: if (((LIST(lmp)->lm_tflags | AFLAGS(lmp)) & (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && AUDINFO(lmp)->ai_dynplts) { int fail = 0; int pltndx = (((ulong_t)rel - (uintptr_t)JMPREL(lmp)) / relsiz); int symndx = (((uintptr_t)symdef - (uintptr_t)SYMTAB(_lmp)) / SYMENT(_lmp)); (void) elf_plt_trace_write(roffset, lmp, _lmp, symdef, symndx, pltndx, (caddr_t)value, sb_flags, &fail); if (fail) ret = 0; } else { /* * Write standard PLT entry to jump directly * to newly bound function. */ DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), ELF_DBG_RTLD, (Xword)roffset, (Xword)value)); *(ulong_t *)roffset = value; } break; default: /* * Write the relocation out. */ if (do_reloc_rtld(rtype, (uchar_t *)roffset, (Word *)&value, name, NAME(lmp), LIST(lmp)) == 0) ret = 0; DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), ELF_DBG_RTLD, (Xword)roffset, (Xword)value)); } if ((ret == 0) && ((LIST(lmp)->lm_flags & LML_FLG_TRC_WARN) == 0)) break; if (binfo) { DBG_CALL(Dbg_bind_global(lmp, (Addr)roffset, (Off)(roffset - basebgn), (Xword)(-1), PLT_T_FULL, _lmp, (Addr)value, symdef->st_value, name, binfo)); } } return (relocate_finish(lmp, bound, ret)); }
/* * Function binding routine - invoked on the first call to a function through * the procedure linkage table; * passes first through an assembly language interface. * * Takes the offset into the relocation table of the associated * relocation entry and the address of the link map (rt_private_map struct) * for the entry. * * Returns the address of the function referenced after re-writing the PLT * entry to invoke the function directly. * * On error, causes process to terminate with a signal. */ ulong_t elf_bndr(Rt_map *lmp, ulong_t reloff, caddr_t from) { Rt_map *nlmp, *llmp; ulong_t addr, symval, rsymndx; char *name; Rel *rptr; Sym *rsym, *nsym; uint_t binfo, sb_flags = 0, dbg_class; Slookup sl; Sresult sr; int entry, lmflags; Lm_list *lml; /* * For compatibility with libthread (TI_VERSION 1) we track the entry * value. A zero value indicates we have recursed into ld.so.1 to * further process a locking request. Under this recursion we disable * tsort and cleanup activities. */ entry = enter(0); lml = LIST(lmp); if ((lmflags = lml->lm_flags) & LML_FLG_RTLDLM) { dbg_class = dbg_desc->d_class; dbg_desc->d_class = 0; } /* * Perform some basic sanity checks. If we didn't get a load map or * the relocation offset is invalid then its possible someone has walked * over the .got entries or jumped to plt0 out of the blue. */ if (!lmp || ((reloff % sizeof (Rel)) != 0)) { Conv_inv_buf_t inv_buf; eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_PLTREF), conv_reloc_386_type(R_386_JMP_SLOT, 0, &inv_buf), EC_NATPTR(lmp), EC_XWORD(reloff), EC_NATPTR(from)); rtldexit(lml, 1); } /* * Use relocation entry to get symbol table entry and symbol name. */ addr = (ulong_t)JMPREL(lmp); rptr = (Rel *)(addr + reloff); rsymndx = ELF_R_SYM(rptr->r_info); rsym = (Sym *)((ulong_t)SYMTAB(lmp) + (rsymndx * SYMENT(lmp))); name = (char *)(STRTAB(lmp) + rsym->st_name); /* * Determine the last link-map of this list, this'll be the starting * point for any tsort() processing. */ llmp = lml->lm_tail; /* * Find definition for symbol. Initialize the symbol lookup, and * symbol result, data structures. */ SLOOKUP_INIT(sl, name, lmp, lml->lm_head, ld_entry_cnt, 0, rsymndx, rsym, 0, LKUP_DEFT); SRESULT_INIT(sr, name); if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) { eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), demangle(name)); rtldexit(lml, 1); } name = (char *)sr.sr_name; nlmp = sr.sr_dmap; nsym = sr.sr_sym; symval = nsym->st_value; if (!(FLAGS(nlmp) & FLG_RT_FIXED) && (nsym->st_shndx != SHN_ABS)) symval += ADDR(nlmp); if ((lmp != nlmp) && ((FLAGS1(nlmp) & FL1_RT_NOINIFIN) == 0)) { /* * Record that this new link map is now bound to the caller. */ if (bind_one(lmp, nlmp, BND_REFER) == 0) rtldexit(lml, 1); } if ((lml->lm_tflags | AFLAGS(lmp)) & LML_TFLG_AUD_SYMBIND) { uint_t symndx = (((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); symval = audit_symbind(lmp, nlmp, nsym, symndx, symval, &sb_flags); } if (!(rtld_flags & RT_FL_NOBIND)) { addr = rptr->r_offset; if (!(FLAGS(lmp) & FLG_RT_FIXED)) addr += ADDR(lmp); if (((lml->lm_tflags | AFLAGS(lmp)) & (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && AUDINFO(lmp)->ai_dynplts) { int fail = 0; uint_t pltndx = reloff / sizeof (Rel); uint_t symndx = (((uintptr_t)nsym - (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); symval = (ulong_t)elf_plt_trace_write(addr, lmp, nlmp, nsym, symndx, pltndx, (caddr_t)symval, sb_flags, &fail); if (fail) rtldexit(lml, 1); } else { /* * Write standard PLT entry to jump directly * to newly bound function. */ *(ulong_t *)addr = symval; } } /* * Print binding information and rebuild PLT entry. */ DBG_CALL(Dbg_bind_global(lmp, (Addr)from, (Off)(from - ADDR(lmp)), (Xword)(reloff / sizeof (Rel)), PLT_T_FULL, nlmp, (Addr)symval, nsym->st_value, name, binfo)); /* * Complete any processing for newly loaded objects. Note we don't * know exactly where any new objects are loaded (we know the object * that supplied the symbol, but others may have been loaded lazily as * we searched for the symbol), so sorting starts from the last * link-map know on entry to this routine. */ if (entry) load_completion(llmp); /* * Some operations like dldump() or dlopen()'ing a relocatable object * result in objects being loaded on rtld's link-map, make sure these * objects are initialized also. */ if ((LIST(nlmp)->lm_flags & LML_FLG_RTLDLM) && LIST(nlmp)->lm_init) load_completion(nlmp); /* * Make sure the object to which we've bound has had it's .init fired. * Cleanup before return to user code. */ if (entry) { is_dep_init(nlmp, lmp); leave(lml, 0); } if (lmflags & LML_FLG_RTLDLM) dbg_desc->d_class = dbg_class; return (symval); }
static Word get_shfordered_dest(Ofl_desc *ofl, Ifl_desc *ifl, Word ndx, Word limit) { Word t1_link = ndx, t2_link, ret_link; Is_desc *isp, *isp1, *isp2; int error = 0; /* * Check the sh_info of myself. */ isp = ifl->ifl_isdesc[ndx]; isp1 = isp; ret_link = t2_link = isp1->is_shdr->sh_link; t1_link = ndx; do { /* * Check the validitiy of the link */ if (t2_link == 0 || t2_link >= limit) { error = DBG_ORDER_LINK_OUTRANGE; break; } isp2 = ifl->ifl_isdesc[t2_link]; /* * Pointing to a bad ordered section ? */ if ((isp2->is_flags & FLG_IS_ORDERED) == 0) { error = DBG_ORDER_LINK_ERROR; break; } /* * Check sh_flag */ if (isp1->is_shdr->sh_flags != isp2->is_shdr->sh_flags) { error = DBG_ORDER_FLAGS; break; } /* * Check the validity of sh_info field. */ if ((error = is_keylink_ok(ifl, isp->is_shdr->sh_info, limit)) != 0) { break; } /* * Can I break ? */ if (t1_link == t2_link) break; /* * Get the next link */ t1_link = t2_link; isp1 = ifl->ifl_isdesc[t1_link]; ret_link = t2_link = isp1->is_shdr->sh_link; /* * Cyclic ? */ if (t2_link == ndx) { error = DBG_ORDER_CYCLIC; break; } /* CONSTANTCONDITION */ } while (1); if (error != 0) { ret_link = 0; DBG_CALL(Dbg_sec_order_error(ofl->ofl_lml, ifl, ndx, error)); } return (ret_link); }
uintptr_t ld_sort_ordered(Ofl_desc *ofl) { Listnode *lnp1; Os_desc *osp; DBG_CALL(Dbg_sec_order_list(ofl, 0)); /* * Sort Sections */ for (LIST_TRAVERSE(&ofl->ofl_ordered, lnp1, osp)) { int i; List islist; Listnode * lnp2; Is_desc * isp; Sort_desc * st = osp->os_sort; if (setup_sortbuf(osp) == 0) return (S_ERROR); islist = osp->os_isdescs; osp->os_isdescs.head = 0; osp->os_isdescs.tail = 0; /* * Sorting. * First Sort the ordered sections. */ if (st->st_ordercnt != 0) qsort((char *)st->st_order, st->st_ordercnt, sizeof (Is_desc *), comp); /* * Place SHN_BEFORE at head of list */ for (i = 0; i < st->st_beforecnt; i++) { if (list_appendc(&(osp->os_isdescs), st->st_before[i]) == 0) return (S_ERROR); } /* * Next come 'linked' ordered sections */ for (i = 0; i < st->st_ordercnt; i++) { if (list_appendc(&(osp->os_isdescs), st->st_order[i]) == 0) return (S_ERROR); } /* * Now we list any sections which have no sorting * specifications - in the order they were input. */ for (LIST_TRAVERSE(&islist, lnp2, isp)) { if (isp->is_flags & FLG_IS_ORDERED) continue; if (list_appendc(&(osp->os_isdescs), isp) == 0) return (S_ERROR); } /* * And the end of the list are the SHN_AFTER sections. */ for (i = 0; i < st->st_aftercnt; i++) { if (list_appendc(&(osp->os_isdescs), st->st_after[i]) == 0) return (S_ERROR); } } DBG_CALL(Dbg_sec_order_list(ofl, 1)); return (0); }
/* * Called from process_elf(). * This routine does the input processing of the ordered sections. */ uintptr_t ld_process_ordered(Ifl_desc *ifl, Ofl_desc *ofl, Word ndx, Word limit) { Is_desc * isp2, * isp = ifl->ifl_isdesc[ndx]; Xword shflags = isp->is_shdr->sh_flags; uint_t keylink; Os_desc * osp2, * osp; Word dest_ndx; Sort_desc * st; Listnode * lnp; int error = 0; /* * I might have been checked and marked error already. */ if ((isp->is_flags & FLG_IS_ORDERED) == 0) return (0); if (shflags & SHF_ORDERED) keylink = isp->is_shdr->sh_info; else if (shflags & SHF_LINK_ORDER) keylink = isp->is_shdr->sh_link; else keylink = 0; if ((error = is_keylink_ok(ifl, keylink, limit)) != 0) { DBG_CALL(Dbg_sec_order_error(ofl->ofl_lml, ifl, ndx, error)); isp->is_flags &= ~FLG_IS_ORDERED; if (isp->is_osdesc == NULL) return ((uintptr_t)ld_place_section(ofl, isp, isp->is_key, 0)); return ((uintptr_t)isp->is_osdesc); } /* * If SHF_ORDERED is in effect, search for our destination section based * off of sh_link, otherwise follow the default rules for the * destination section. */ if (shflags & SHF_ORDERED) { if ((dest_ndx = get_shfordered_dest(ofl, ifl, ndx, limit)) == 0) { isp->is_flags &= ~FLG_IS_ORDERED; if (isp->is_osdesc == NULL) return ((uintptr_t)ld_place_section(ofl, isp, isp->is_key, 0)); return ((uintptr_t)isp->is_osdesc); } } else { /* * SHF_LINK_ORDER coalesces into default sections, set dest_ndx * to NULL to trigger this. */ dest_ndx = 0; } /* * Place the section into it's output section. */ if ((osp = isp->is_osdesc) == NULL) { if ((osp = ld_place_section(ofl, isp, isp->is_ident, dest_ndx)) == (Os_desc *)S_ERROR) return ((uintptr_t)S_ERROR); if (!osp) return (0); } /* * If the output section is not yet on the ordered * list - place it on the list. */ osp2 = NULL; for (LIST_TRAVERSE(&ofl->ofl_ordered, lnp, osp2)) { if (osp2 == osp) break; } if (osp != osp2) { if (list_appendc(&(ofl->ofl_ordered), osp) == 0) return ((uintptr_t)S_ERROR); } /* * Output section has been found - set up it's * sorting information. */ if (osp->os_sort == 0) { if ((osp->os_sort = libld_calloc(1, sizeof (Sort_desc))) == 0) return (S_ERROR); } st = osp->os_sort; if (keylink == SHN_BEFORE) { st->st_beforecnt++; } else if (keylink == SHN_AFTER) { st->st_aftercnt++; } else { st->st_ordercnt++; isp2 = ifl->ifl_isdesc[keylink]; if (isp2->is_flags & FLG_IS_DISCARD) { eprintf(ofl->ofl_lml, ERR_FATAL, MSG_INTL(MSG_FIL_BADORDREF), ifl->ifl_name, isp->is_name, isp->is_scnndx, isp2->is_name, isp2->is_scnndx); return (S_ERROR); } osp2 = isp2->is_osdesc; osp2->os_flags |= FLG_OS_ORDER_KEY; osp2->os_sgdesc->sg_flags |= FLG_SG_KEY; isp2->is_flags |= FLG_IS_KEY; } return ((uintptr_t)osp); }
/* * Extract every object in the given archive directly without going through * the symbol table. * * entry: * name - Name of archive * fd - Open file descriptor for archive * adp - Archive descriptor * ofl - output descriptor * found - Address of variable to set to TRUE if any objects are extracted * rej - Rejection descriptor to pass to ld_process_ifl(). * * exit: * Returns FALSE on fatal error. On success, *found will be TRUE * if any object was extracted, rej will be set if any object * was rejected, and TRUE is returned. */ static Boolean ar_extract_all(const char *name, int fd, Ar_desc *adp, Ofl_desc *ofl, Boolean *found, Rej_desc *rej) { Elf_Cmd cmd = ELF_C_READ; Elf *arelf; const char *arname, *arpath; size_t off, next_off; DBG_CALL(Dbg_file_ar(ofl->ofl_lml, name, FALSE)); while ((arelf = elf_begin(fd, cmd, adp->ad_elf)) != NULL) { /* * Call elf_next() so that the next call to elf_begin() will * fetch the archive member following this one. We do this now * because it simplifies the logic below, and because the * support libraries called below can set our handle to NULL. */ cmd = elf_next(arelf); /* Get member filename */ if ((arname = ar_member_name(name, arelf, ofl)) == NULL) return (FALSE); /* * Skip the symbol table, string table, or any other special * archive member. These all start with a '/' character. */ if (*arname == '/') { (void) elf_end(arelf); continue; } /* Obtain archive member offset within the file */ off = _elf_getarhdrbase(arelf); /* * ld_sup_open() will reset the current iteration point for * the archive to point at this member rather than the next * one for the benefit of the support libraries. Since * this loop relies on the current position not changing * underneath it, we save and restore the current * position around the support library call. */ next_off = _elf_getnextoff(adp->ad_elf); /* Construct the member's full pathname */ if ((arpath = ar_member_path(name, arname)) == NULL) return (S_ERROR); /* * Determine whether the support libraries wish to process * this open. See comments in ld_process_open(). */ ld_sup_open(ofl, &arpath, &arname, &fd, (FLG_IF_EXTRACT | FLG_IF_NEEDED), &arelf, adp->ad_elf, off, elf_kind(arelf)); (void) elf_rand(adp->ad_elf, next_off); if (arelf == NULL) continue; DBG_CALL(Dbg_syms_ar_force(ofl->ofl_lml, name, arname)); switch (ar_input(fd, adp, ofl, arelf, arpath, rej)) { case S_ERROR: return (FALSE); case 0: continue; } *found = TRUE; } /* * As this archive was extracted by -z allextract, the ar_aux table * and elf descriptor can be freed. Set ad_elf to NULL to mark the * archive is completely processed. */ (void) elf_end(adp->ad_elf); adp->ad_elf = NULL; return (TRUE); }
Rt_map * setup(char **envp, auxv_t *auxv, Word _flags, char *_platform, int _syspagsz, char *_rtldname, ulong_t ld_base, ulong_t interp_base, int fd, Phdr *phdr, char *execname, char **argv, uid_t uid, uid_t euid, gid_t gid, gid_t egid, void *aoutdyn, int auxflags, uint_t *hwcap) { Rt_map *rlmp, *mlmp, *clmp, **tobj = NULL; Ehdr *ehdr; rtld_stat_t status; int features = 0, ldsoexec = 0; size_t eaddr, esize; char *str, *argvname; Word lmflags; mmapobj_result_t *mpp; Fdesc fdr = { 0 }, fdm = { 0 }; Rej_desc rej = { 0 }; APlist *ealp = NULL; /* * Now that ld.so has relocated itself, initialize our own 'environ' so * as to establish an address suitable for any libc requirements. */ _environ = (char **)((ulong_t)auxv - sizeof (char *)); _init(); _environ = envp; /* * Establish a base time. Total time diagnostics start from entering * ld.so.1 here, however the base time is reset each time the ld.so.1 * is re-entered. Note also, there will be a large time associated * with the first diagnostic from ld.so.1, as bootstrapping ld.so.1 * and establishing the liblddbg infrastructure takes some time. */ (void) gettimeofday(&DBG_TOTALTIME, NULL); DBG_DELTATIME = DBG_TOTALTIME; /* * Determine how ld.so.1 has been executed. */ if ((fd == -1) && (phdr == NULL)) { /* * If we received neither the AT_EXECFD nor the AT_PHDR aux * vector, ld.so.1 must have been invoked directly from the * command line. */ ldsoexec = 1; /* * AT_SUN_EXECNAME provides the most precise name, if it is * available, otherwise fall back to argv[0]. At this time, * there is no process name. */ if (execname) rtldname = execname; else if (argv[0]) rtldname = argv[0]; else rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); } else { /* * Otherwise, we have a standard process. AT_SUN_EXECNAME * provides the most precise name, if it is available, * otherwise fall back to argv[0]. Provided the application * is already mapped, the process is the application, so * simplify the application name for use in any diagnostics. */ if (execname) argvname = execname; else if (argv[0]) argvname = execname = argv[0]; else argvname = execname = (char *)MSG_INTL(MSG_STR_UNKNOWN); if (fd == -1) { if ((str = strrchr(argvname, '/')) != NULL) procname = ++str; else procname = argvname; } /* * At this point, we don't know the runtime linkers full path * name. The _rtldname passed to us is the SONAME of the * runtime linker, which is typically /lib/ld.so.1 no matter * what the full path is. Use this for now, we'll reset the * runtime linkers name once the application is analyzed. */ if (_rtldname) { if ((str = strrchr(_rtldname, '/')) != NULL) rtldname = ++str; else rtldname = _rtldname; } else rtldname = (char *)MSG_INTL(MSG_STR_UNKNOWN); /* exec() brought in two objects for us. Count the second one */ cnt_map++; } /* * Initialize any global variables. */ at_flags = _flags; if ((org_scapset->sc_plat = _platform) != NULL) org_scapset->sc_platsz = strlen(_platform); if (org_scapset->sc_plat == NULL) platform_name(org_scapset); if (org_scapset->sc_mach == NULL) machine_name(org_scapset); /* * If pagesize is unspecified find its value. */ if ((syspagsz = _syspagsz) == 0) syspagsz = _sysconfig(_CONFIG_PAGESIZE); /* * Add the unused portion of the last data page to the free space list. * The page size must be set before doing this. Here, _end refers to * the end of the runtime linkers bss. Note that we do not use the * unused data pages from any included .so's to supplement this free * space as badly behaved .os's may corrupt this data space, and in so * doing ruin our data. */ eaddr = S_DROUND((size_t)&_end); esize = eaddr % syspagsz; if (esize) { esize = syspagsz - esize; addfree((void *)eaddr, esize); } /* * Establish initial link-map list flags, and link-map list alists. */ if (alist_append(&lml_main.lm_lists, NULL, sizeof (Lm_cntl), AL_CNT_LMLISTS) == NULL) return (0); lml_main.lm_flags |= LML_FLG_BASELM; lml_main.lm_lmid = LM_ID_BASE; lml_main.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_BASE); if (alist_append(&lml_rtld.lm_lists, NULL, sizeof (Lm_cntl), AL_CNT_LMLISTS) == NULL) return (0); lml_rtld.lm_flags |= (LML_FLG_RTLDLM | LML_FLG_HOLDLOCK); lml_rtld.lm_tflags |= LML_TFLG_NOAUDIT; lml_rtld.lm_lmid = LM_ID_LDSO; lml_rtld.lm_lmidstr = (char *)MSG_ORIG(MSG_LMID_LDSO); /* * Determine whether we have a secure executable. */ security(uid, euid, gid, egid, auxflags); /* * Make an initial pass of environment variables to pick off those * related to locale processing. At the same time, collect and save * any LD_XXXX variables for later processing. Note that this later * processing will be skipped if ld.so.1 is invoked from the command * line with -e LD_NOENVIRON. */ if (envp && (readenv_user((const char **)envp, &ealp) == 1)) return (0); /* * If ld.so.1 has been invoked directly, process its arguments. */ if (ldsoexec) { /* * Process any arguments that are specific to ld.so.1, and * reorganize the process stack to effectively remove ld.so.1 * from the stack. Reinitialize the environment pointer, as * this pointer may have been shifted after skipping ld.so.1's * arguments. */ if (rtld_getopt(argv, &envp, &auxv, &(lml_main.lm_flags), &(lml_main.lm_tflags), (aoutdyn != 0)) == 1) { eprintf(&lml_main, ERR_NONE, MSG_INTL(MSG_USG_BADOPT)); return (0); } _environ = envp; /* * Open the object that ld.so.1 is to execute. */ argvname = execname = argv[0]; if ((fd = open(argvname, O_RDONLY)) == -1) { int err = errno; eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_OPEN), argvname, strerror(err)); return (0); } } /* * Having processed any ld.so.1 command line options, return to process * any LD_XXXX environment variables. */ if (ealp) { if (((rtld_flags & RT_FL_NOENVIRON) == 0) && (procenv_user(ealp, &(lml_main.lm_flags), &(lml_main.lm_tflags), (aoutdyn != 0)) == 1)) return (0); free(ealp); } /* * Initialize a hardware capability descriptor for use in comparing * each loaded object. The aux vector must provide AF_SUN_HWCAPVERIFY, * as prior to this setting any hardware capabilities that were found * could not be relied upon. */ if (auxflags & AF_SUN_HWCAPVERIFY) { rtld_flags2 |= RT_FL2_HWCAP; org_scapset->sc_hw_1 = (Xword)hwcap[0]; org_scapset->sc_hw_2 = (Xword)hwcap[1]; } /* * Create a mapping descriptor for ld.so.1. We can determine our * two segments information from known symbols. */ if ((mpp = calloc(2, sizeof (mmapobj_result_t))) == NULL) return (0); mpp[0].mr_addr = (caddr_t)M_PTRUNC(ld_base); mpp[0].mr_msize = (caddr_t)&_etext - mpp[0].mr_addr; mpp[0].mr_fsize = mpp[0].mr_msize; mpp[0].mr_prot = (PROT_READ | PROT_EXEC); mpp[1].mr_addr = (caddr_t)M_PTRUNC((uintptr_t)&r_debug); mpp[1].mr_msize = (caddr_t)&_end - mpp[1].mr_addr; mpp[1].mr_fsize = (caddr_t)&_edata - mpp[1].mr_addr; mpp[1].mr_prot = (PROT_READ | PROT_WRITE | PROT_EXEC); if ((fdr.fd_nname = stravl_insert(_rtldname, 0, 0, 0)) == NULL) return (0); if ((rlmp = elf_new_lmp(&lml_rtld, ALIST_OFF_DATA, &fdr, (Addr)mpp->mr_addr, (size_t)((uintptr_t)eaddr - (uintptr_t)ld_base), NULL, NULL, NULL)) == NULL) return (0); MMAPS(rlmp) = mpp; MMAPCNT(rlmp) = 2; PADSTART(rlmp) = (ulong_t)mpp[0].mr_addr; PADIMLEN(rlmp) = (ulong_t)mpp[0].mr_addr + (ulong_t)mpp[1].mr_addr + (ulong_t)mpp[1].mr_msize; MODE(rlmp) |= (RTLD_LAZY | RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); FLAGS(rlmp) |= (FLG_RT_ANALYZED | FLG_RT_RELOCED | FLG_RT_INITDONE | FLG_RT_INITCLCT | FLG_RT_FINICLCT | FLG_RT_MODESET); /* * Initialize the runtime linkers information. */ interp = &_interp; interp->i_name = (char *)rtldname; interp->i_faddr = (caddr_t)ADDR(rlmp); ldso_plt_init(rlmp); /* * Map in the file, if exec has not already done so, or if the file * was passed as an argument to an explicit execution of ld.so.1 from * the command line. */ if (fd != -1) { /* * Map the file. Once the object is mapped we no longer need * the file descriptor. */ (void) rtld_fstat(fd, &status); fdm.fd_oname = argvname; fdm.fd_ftp = map_obj(&lml_main, &fdm, status.st_size, argvname, fd, &rej); (void) close(fd); if (fdm.fd_ftp == NULL) { Conv_reject_desc_buf_t rej_buf; eprintf(&lml_main, ERR_FATAL, MSG_INTL(err_reject[rej.rej_type]), argvname, conv_reject_desc(&rej, &rej_buf, M_MACH)); return (0); } /* * Finish processing the loading of the file. */ if ((fdm.fd_nname = stravl_insert(argvname, 0, 0, 0)) == NULL) return (0); fdm.fd_dev = status.st_dev; fdm.fd_ino = status.st_ino; if ((mlmp = load_file(&lml_main, ALIST_OFF_DATA, NULL, &fdm, NULL)) == NULL) return (0); /* * We now have a process name for error diagnostics. */ if ((str = strrchr(argvname, '/')) != NULL) procname = ++str; else procname = argvname; if (ldsoexec) { mmapobj_result_t *mpp = MMAPS(mlmp); uint_t mnum, mapnum = MMAPCNT(mlmp); void *brkbase = NULL; /* * Since ld.so.1 was the primary executed object - the * brk() base has not yet been initialized, we need to * initialize it. For an executable, initialize it to * the end of the object. For a shared object (ET_DYN) * initialize it to the first page in memory. */ for (mnum = 0; mnum < mapnum; mnum++, mpp++) brkbase = mpp->mr_addr + mpp->mr_msize; if (brkbase == NULL) brkbase = (void *)syspagsz; if (_brk_unlocked(brkbase) == -1) { int err = errno; eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_SYS_BRK), argvname, strerror(err)); return (0); } } } else { /* * Set up function ptr and arguments according to the type * of file class the executable is. (Currently only supported * types are ELF and a.out format.) Then create a link map * for the executable. */ if (aoutdyn) { #ifdef A_OUT mmapobj_result_t *mpp; /* * Create a mapping structure sufficient to describe * a single two segments. The ADDR() of the a.out is * established as 0, which is required but the AOUT * relocation code. */ if ((mpp = calloc(sizeof (mmapobj_result_t), 2)) == NULL) return (0); if ((fdm.fd_nname = stravl_insert(execname, 0, 0, 0)) == NULL) return (0); if ((mlmp = aout_new_lmp(&lml_main, ALIST_OFF_DATA, &fdm, 0, 0, aoutdyn, NULL, NULL)) == NULL) return (0); /* * Establish the true mapping information for the a.out. */ if (aout_get_mmap(&lml_main, mpp)) { free(mpp); return (0); } MSIZE(mlmp) = (size_t)(mpp[1].mr_addr + mpp[1].mr_msize) - S_ALIGN((size_t)mpp[0].mr_addr, syspagsz); MMAPS(mlmp) = mpp; MMAPCNT(mlmp) = 2; PADSTART(mlmp) = (ulong_t)mpp->mr_addr; PADIMLEN(mlmp) = mpp->mr_msize; /* * Disable any object configuration cache (BCP apps * bring in sbcp which can benefit from any object * cache, but both the app and sbcp can't use the same * objects). */ rtld_flags |= RT_FL_NOOBJALT; /* * Make sure no-direct bindings are in effect. */ lml_main.lm_tflags |= LML_TFLG_NODIRECT; #else eprintf(&lml_main, ERR_FATAL, MSG_INTL(MSG_ERR_REJ_UNKFILE), argvname); return (0); #endif } else if (phdr) { Phdr *pptr; Off i_offset = 0; Addr base = 0; ulong_t phsize; mmapobj_result_t *mpp, *fmpp, *hmpp = NULL; uint_t mapnum = 0; int i; size_t msize; /* * Using the executables phdr address determine the base * address of the input file. NOTE, this assumes the * program headers and elf header are part of the same * mapped segment. Although this has held for many * years now, it might be more flexible if the kernel * gave use the ELF headers start address, rather than * the Program headers. * * Determine from the ELF header if we're been called * from a shared object or dynamic executable. If the * latter, then any addresses within the object are used * as is. Addresses within shared objects must be added * to the process's base address. */ ehdr = (Ehdr *)((Addr)phdr - phdr->p_offset); phsize = ehdr->e_phentsize; if (ehdr->e_type == ET_DYN) base = (Addr)ehdr; /* * Allocate a mapping array to retain mapped segment * information. */ if ((fmpp = mpp = calloc(ehdr->e_phnum, sizeof (mmapobj_result_t))) == NULL) return (0); /* * Extract the needed information from the segment * headers. */ for (i = 0, pptr = phdr; i < ehdr->e_phnum; i++) { if (pptr->p_type == PT_INTERP) { i_offset = pptr->p_offset; interp->i_faddr = (caddr_t)interp_base; } if ((pptr->p_type == PT_LOAD) && (pptr->p_filesz || pptr->p_memsz)) { int perm = (PROT_READ | PROT_EXEC); size_t off; if (i_offset && pptr->p_filesz && (i_offset >= pptr->p_offset) && (i_offset <= (pptr->p_memsz + pptr->p_offset))) { interp->i_name = (char *) pptr->p_vaddr + i_offset - pptr->p_offset + base; i_offset = 0; } if (pptr->p_flags & PF_W) perm |= PROT_WRITE; /* * Retain segments mapping info. Round * each segment to a page boundary, as * this insures addresses are suitable * for mprotect() if required. */ off = pptr->p_vaddr + base; if (hmpp == NULL) { hmpp = mpp; mpp->mr_addr = (caddr_t)ehdr; } else mpp->mr_addr = (caddr_t)off; off -= (size_t)(uintptr_t)mpp->mr_addr; mpp->mr_msize = pptr->p_memsz + off; mpp->mr_fsize = pptr->p_filesz + off; mpp->mr_prot = perm; mpp++, mapnum++; } pptr = (Phdr *)((ulong_t)pptr + phsize); } mpp--; msize = (size_t)(mpp->mr_addr + mpp->mr_msize) - S_ALIGN((size_t)fmpp->mr_addr, syspagsz); if ((fdm.fd_nname = stravl_insert(execname, 0, 0, 0)) == NULL) return (0); if ((mlmp = elf_new_lmp(&lml_main, ALIST_OFF_DATA, &fdm, (Addr)hmpp->mr_addr, msize, NULL, NULL, NULL)) == NULL) return (0); MMAPS(mlmp) = fmpp; MMAPCNT(mlmp) = mapnum; PADSTART(mlmp) = (ulong_t)fmpp->mr_addr; PADIMLEN(mlmp) = (ulong_t)fmpp->mr_addr + (ulong_t)mpp->mr_addr + (ulong_t)mpp->mr_msize; } } /* * Establish the interpretors name as that defined within the initial * object (executable). This provides for ORIGIN processing of ld.so.1 * dependencies. Note, the NAME() of the object remains that which was * passed to us as the SONAME on execution. */ if (ldsoexec == 0) { size_t len = strlen(interp->i_name); if (expand(&interp->i_name, &len, 0, 0, (PD_TKN_ISALIST | PD_TKN_CAP), rlmp) & PD_TKN_RESOLVED) fdr.fd_flags |= FLG_FD_RESOLVED; } fdr.fd_pname = interp->i_name; (void) fullpath(rlmp, &fdr); /* * The runtime linker acts as a filtee for various dl*() functions that * are defined in libc (and libdl). Make sure this standard name for * the runtime linker is also registered in the FullPathNode AVL tree. */ (void) fpavl_insert(&lml_rtld, rlmp, _rtldname, 0); /* * Having established the true runtime linkers name, simplify the name * for error diagnostics. */ if ((str = strrchr(PATHNAME(rlmp), '/')) != NULL) rtldname = ++str; else rtldname = PATHNAME(rlmp); /* * Expand the fullpath name of the application. This typically occurs * as a part of loading an object, but as the kernel probably mapped * it in, complete this processing now. */ (void) fullpath(mlmp, 0); /* * Some troublesome programs will change the value of argv[0]. Dupping * the process string protects us, and insures the string is left in * any core files. */ if ((str = (char *)strdup(procname)) == NULL) return (0); procname = str; FLAGS(mlmp) |= (FLG_RT_ISMAIN | FLG_RT_MODESET); FLAGS1(mlmp) |= FL1_RT_USED; /* * It's the responsibility of MAIN(crt0) to call it's _init and _fini * section, therefore null out any INIT/FINI so that this object isn't * collected during tsort processing. And, if the application has no * initarray or finiarray we can economize on establishing bindings. */ INIT(mlmp) = FINI(mlmp) = NULL; if ((INITARRAY(mlmp) == NULL) && (FINIARRAY(mlmp) == NULL)) FLAGS1(mlmp) |= FL1_RT_NOINIFIN; /* * Identify lddstub if necessary. */ if (lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) FLAGS1(mlmp) |= FL1_RT_LDDSTUB; /* * Retain our argument information for use in dlinfo. */ argsinfo.dla_argv = argv--; argsinfo.dla_argc = (long)*argv; argsinfo.dla_envp = envp; argsinfo.dla_auxv = auxv; (void) enter(0); /* * Add our two main link-maps to the dynlm_list */ if (aplist_append(&dynlm_list, &lml_main, AL_CNT_DYNLIST) == NULL) return (0); if (aplist_append(&dynlm_list, &lml_rtld, AL_CNT_DYNLIST) == NULL) return (0); /* * Reset the link-map counts for both lists. The init count is used to * track how many objects have pending init sections, this gets incre- * mented each time an object is relocated. Since ld.so.1 relocates * itself, it's init count will remain zero. * The object count is used to track how many objects have pending fini * sections, as ld.so.1 handles its own fini we can zero its count. */ lml_main.lm_obj = 1; lml_rtld.lm_obj = 0; /* * Initialize debugger information structure. Some parts of this * structure were initialized statically. */ r_debug.rtd_rdebug.r_map = (Link_map *)lml_main.lm_head; r_debug.rtd_rdebug.r_ldsomap = (Link_map *)lml_rtld.lm_head; r_debug.rtd_rdebug.r_ldbase = r_debug.rtd_rdebug.r_ldsomap->l_addr; r_debug.rtd_dynlmlst = &dynlm_list; /* * Determine the dev/inode information for the executable to complete * load_so() checking for those who might dlopen(a.out). */ if (rtld_stat(PATHNAME(mlmp), &status) == 0) { STDEV(mlmp) = status.st_dev; STINO(mlmp) = status.st_ino; } /* * Initialize any configuration information. */ if (!(rtld_flags & RT_FL_NOCFG)) { if ((features = elf_config(mlmp, (aoutdyn != 0))) == -1) return (0); } #if defined(_ELF64) /* * If this is a 64-bit process, determine whether this process has * restricted the process address space to 32-bits. Any dependencies * that are restricted to a 32-bit address space can only be loaded if * the executable has established this requirement. */ if (CAPSET(mlmp).sc_sf_1 & SF1_SUNW_ADDR32) rtld_flags2 |= RT_FL2_ADDR32; #endif /* * Establish any alternative capabilities, and validate this object * if it defines it's own capabilities information. */ if (cap_alternative() == 0) return (0); if (cap_check_lmp(mlmp, &rej) == 0) { if (lml_main.lm_flags & LML_FLG_TRC_ENABLE) { /* LINTED */ (void) printf(MSG_INTL(ldd_warn[rej.rej_type]), NAME(mlmp), rej.rej_str); } else { /* LINTED */ eprintf(&lml_main, ERR_FATAL, MSG_INTL(err_reject[rej.rej_type]), NAME(mlmp), rej.rej_str); return (0); } } /* * Establish the modes of the initial object. These modes are * propagated to any preloaded objects and explicit shared library * dependencies. * * If we're generating a configuration file using crle(1), remove * any RTLD_NOW use, as we don't want to trigger any relocation proc- * essing during crle(1)'s first past (this would just be unnecessary * overhead). Any filters are explicitly loaded, and thus RTLD_NOW is * not required to trigger filter loading. * * Note, RTLD_NOW may have been established during analysis of the * application had the application been built -z now. */ MODE(mlmp) |= (RTLD_NODELETE | RTLD_GLOBAL | RTLD_WORLD); if (rtld_flags & RT_FL_CONFGEN) { MODE(mlmp) |= RTLD_CONFGEN; MODE(mlmp) &= ~RTLD_NOW; rtld_flags2 &= ~RT_FL2_BINDNOW; } if ((MODE(mlmp) & RTLD_NOW) == 0) { if (rtld_flags2 & RT_FL2_BINDNOW) MODE(mlmp) |= RTLD_NOW; else MODE(mlmp) |= RTLD_LAZY; } /* * If debugging was requested initialize things now that any cache has * been established. A user can specify LD_DEBUG=help to discover the * list of debugging tokens available without running the application. * However, don't allow this setting from a configuration file. * * Note, to prevent recursion issues caused by loading and binding the * debugging libraries themselves, a local debugging descriptor is * initialized. Once the debugging setup has completed, this local * descriptor is copied to the global descriptor which effectively * enables diagnostic output. * * Ignore any debugging request if we're being monitored by a process * that expects the old getpid() initialization handshake. */ if ((rpl_debug || prm_debug) && ((rtld_flags & RT_FL_DEBUGGER) == 0)) { Dbg_desc _dbg_desc = {0}; struct timeval total = DBG_TOTALTIME; struct timeval delta = DBG_DELTATIME; if (rpl_debug) { if (dbg_setup(rpl_debug, &_dbg_desc) == 0) return (0); if (_dbg_desc.d_extra & DBG_E_HELP_EXIT) rtldexit(&lml_main, 0); } if (prm_debug) (void) dbg_setup(prm_debug, &_dbg_desc); *dbg_desc = _dbg_desc; DBG_TOTALTIME = total; DBG_DELTATIME = delta; } /* * Now that debugging is enabled generate any diagnostics from any * previous events. */ if (DBG_ENABLED) { DBG_CALL(Dbg_cap_val(&lml_main, org_scapset, alt_scapset, M_MACH)); DBG_CALL(Dbg_file_config_dis(&lml_main, config->c_name, features)); DBG_CALL(Dbg_file_ldso(rlmp, envp, auxv, LIST(rlmp)->lm_lmidstr, ALIST_OFF_DATA)); if (THIS_IS_ELF(mlmp)) { DBG_CALL(Dbg_file_elf(&lml_main, PATHNAME(mlmp), ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, ALIST_OFF_DATA)); } else { DBG_CALL(Dbg_file_aout(&lml_main, PATHNAME(mlmp), ADDR(mlmp), MSIZE(mlmp), LIST(mlmp)->lm_lmidstr, ALIST_OFF_DATA)); } } /* * Enable auditing. */ if (rpl_audit || prm_audit || profile_lib) { int ndx; const char *aud[3]; aud[0] = rpl_audit; aud[1] = prm_audit; aud[2] = profile_lib; /* * Any global auditing (set using LD_AUDIT or LD_PROFILE) that * can't be established is non-fatal. */ if ((auditors = calloc(1, sizeof (Audit_desc))) == NULL) return (0); for (ndx = 0; ndx < 3; ndx++) { if (aud[ndx]) { if ((auditors->ad_name = strdup(aud[ndx])) == NULL) return (0); rtld_flags2 |= RT_FL2_FTL2WARN; (void) audit_setup(mlmp, auditors, PD_FLG_EXTLOAD, NULL); rtld_flags2 &= ~RT_FL2_FTL2WARN; } } lml_main.lm_tflags |= auditors->ad_flags; } if (AUDITORS(mlmp)) { /* * Any object required auditing (set with a DT_DEPAUDIT dynamic * entry) that can't be established is fatal. */ if (FLAGS1(mlmp) & FL1_RT_GLOBAUD) { /* * If this object requires global auditing, use the * local auditing information to set the global * auditing descriptor. The effect is that a * DT_DEPAUDIT act as an LD_AUDIT. */ if ((auditors == NULL) && ((auditors = calloc(1, sizeof (Audit_desc))) == NULL)) return (0); auditors->ad_name = AUDITORS(mlmp)->ad_name; if (audit_setup(mlmp, auditors, 0, NULL) == 0) return (0); lml_main.lm_tflags |= auditors->ad_flags; /* * Clear the local auditor information. */ free((void *) AUDITORS(mlmp)); AUDITORS(mlmp) = NULL; } else { /* * Establish any local auditing. */ if (audit_setup(mlmp, AUDITORS(mlmp), 0, NULL) == 0) return (0); AFLAGS(mlmp) |= AUDITORS(mlmp)->ad_flags; lml_main.lm_flags |= LML_FLG_LOCAUDIT; } } /* * Explicitly add the initial object and ld.so.1 to those objects being * audited. Note, although the ld.so.1 link-map isn't auditable, * establish a cookie for ld.so.1 as this may be bound to via the * dl*() family. */ if ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_MASK) { if (((audit_objopen(mlmp, mlmp) == 0) || (audit_objopen(mlmp, rlmp) == 0)) && (AFLAGS(mlmp) & LML_TFLG_AUD_MASK)) return (0); } /* * Map in any preloadable shared objects. Establish the caller as the * head of the main link-map list. In the case of being exercised from * lddstub, the caller gets reassigned to the first target shared object * so as to provide intuitive diagnostics from ldd(). * * Note, it is valid to preload a 4.x shared object with a 5.0 * executable (or visa-versa), as this functionality is required by * ldd(1). */ clmp = mlmp; if (rpl_preload && (preload(rpl_preload, mlmp, &clmp) == 0)) return (0); if (prm_preload && (preload(prm_preload, mlmp, &clmp) == 0)) return (0); /* * Load all dependent (needed) objects. */ if (analyze_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == NULL) return (0); /* * Relocate all the dependencies we've just added. * * If this process has been established via crle(1), the environment * variable LD_CONFGEN will have been set. crle(1) may create this * process twice. The first time crle only needs to gather dependency * information. The second time, is to dldump() the images. * * If we're only gathering dependencies, relocation is unnecessary. * As crle(1) may be building an arbitrary family of objects, they may * not fully relocate either. Hence the relocation phase is not carried * out now, but will be called by crle(1) once all objects have been * loaded. */ if ((rtld_flags & RT_FL_CONFGEN) == 0) { DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); if (relocate_lmc(&lml_main, ALIST_OFF_DATA, mlmp, mlmp, NULL) == 0) return (0); /* * Inform the debuggers that basic process initialization is * complete, and that the state of ld.so.1 (link-map lists, * etc.) is stable. This handshake enables the debugger to * initialize themselves, and consequently allows the user to * set break points in .init code. * * Most new debuggers use librtld_db to monitor activity events. * Older debuggers indicated their presence by setting the * DT_DEBUG entry in the dynamic executable (see elf_new_lm()). * In this case, getpid() is called so that the debugger can * catch the system call. This old mechanism has some * restrictions, as getpid() should not be called prior to * basic process initialization being completed. This * restriction has become increasingly difficult to maintain, * as the use of auditors, LD_DEBUG, and the initialization * handshake with libc can result in "premature" getpid() * calls. The use of this getpid() handshake is expected to * disappear at some point in the future, and there is intent * to work towards that goal. */ rd_event(&lml_main, RD_DLACTIVITY, RT_CONSISTENT); rd_event(&lml_rtld, RD_DLACTIVITY, RT_CONSISTENT); if (rtld_flags & RT_FL_DEBUGGER) { r_debug.rtd_rdebug.r_flags |= RD_FL_ODBG; (void) getpid(); } } /* * Indicate preinit activity, and call any auditing routines. These * routines are called before initializing any threads via libc, or * before collecting the complete set of .inits on the primary link-map. * Although most libc interfaces are encapsulated in local routines * within libc, they have been known to escape (ie. call a .plt). As * the appcert auditor uses preinit as a trigger to establish some * external interfaces to the main link-maps libc, we need to activate * this trigger before exercising any code within libc. Additionally, * I wouldn't put it past an auditor to add additional objects to the * primary link-map. Hence, we collect .inits after the audit call. */ rd_event(&lml_main, RD_PREINIT, 0); if (aud_activity || ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_ACTIVITY)) audit_activity(mlmp, LA_ACT_CONSISTENT); if (aud_preinit || ((lml_main.lm_tflags | AFLAGS(mlmp)) & LML_TFLG_AUD_PREINIT)) audit_preinit(mlmp); /* * If we're creating initial configuration information, we're done * now that the auditing step has been called. */ if (rtld_flags & RT_FL_CONFGEN) { leave(LIST(mlmp), 0); return (mlmp); } /* * Sort the .init sections of all objects we've added. If we're * tracing we only need to execute this under ldd(1) with the -i or -u * options. */ lmflags = lml_main.lm_flags; if (((lmflags & LML_FLG_TRC_ENABLE) == 0) || (lmflags & (LML_FLG_TRC_INIT | LML_FLG_TRC_UNREF))) { if ((tobj = tsort(mlmp, LIST(mlmp)->lm_init, RT_SORT_REV)) == (Rt_map **)S_ERROR) return (0); } /* * If we are tracing we're done. This is the one legitimate use of a * direct call to rtldexit() rather than return, as we don't want to * return and jump to the application. */ if (lmflags & LML_FLG_TRC_ENABLE) { unused(&lml_main); rtldexit(&lml_main, 0); } /* * Check if this instance of the linker should have a primary link * map. This flag allows multiple copies of the -same- -version- * of the linker (and libc) to run in the same address space. * * Without this flag we only support one copy of the linker in a * process because by default the linker will always try to * initialize at one primary link map The copy of libc which is * initialized on a primary link map will initialize global TLS * data which can be shared with other copies of libc in the * process. The problem is that if there is more than one copy * of the linker, only one copy should link libc onto a primary * link map, otherwise libc will attempt to re-initialize global * TLS data. So when a copy of the linker is loaded with this * flag set, it will not initialize any primary link maps since * presumably another copy of the linker will do this. * * Note that this flag only allows multiple copies of the -same- * -version- of the linker (and libc) to coexist. This approach * will not work if we are trying to load different versions of * the linker and libc into the same process. The reason for * this is that the format of the global TLS data may not be * the same for different versions of libc. In this case each * different version of libc must have it's own primary link map * and be able to maintain it's own TLS data. The only way this * can be done is by carefully managing TLS pointers on transitions * between code associated with each of the different linkers. * Note that this is actually what is done for processes in lx * branded zones. Although in the lx branded zone case, the * other linker and libc are actually gld and glibc. But the * same general TLS management mechanism used by the lx brand * would apply to any attempts to run multiple versions of the * solaris linker and libc in a single process. */ if (auxflags & AF_SUN_NOPLM) rtld_flags2 |= RT_FL2_NOPLM; /* * Establish any static TLS for this primary link-map. Note, regardless * of whether TLS is available, an initial handshake occurs with libc to * indicate we're processing the primary link-map. Having identified * the primary link-map, initialize threads. */ if (rt_get_extern(&lml_main, mlmp) == 0) return (0); if ((rtld_flags2 & RT_FL2_NOPLM) == 0) { if (tls_statmod(&lml_main, mlmp) == 0) return (0); rt_thr_init(&lml_main); rtld_flags2 |= RT_FL2_PLMSETUP; } else { rt_thr_init(&lml_main); } /* * Fire all dependencies .init sections. Identify any unused * dependencies, and leave the runtime linker - effectively calling * the dynamic executables entry point. */ call_array(PREINITARRAY(mlmp), (uint_t)PREINITARRAYSZ(mlmp), mlmp, SHT_PREINIT_ARRAY); if (tobj) call_init(tobj, DBG_INIT_SORT); rd_event(&lml_main, RD_POSTINIT, 0); unused(&lml_main); DBG_CALL(Dbg_util_call_main(mlmp)); rtld_flags |= (RT_FL_OPERATION | RT_FL_APPLIC); leave(LIST(mlmp), 0); return (mlmp); }
/* * LD_PRELOAD objects. */ static int preload(const char *str, Rt_map *mlmp, Rt_map **clmp) { Alist *palp = NULL; char *objs, *ptr, *next; Word lmflags = lml_main.lm_flags; int lddstub; DBG_CALL(Dbg_util_nl(&lml_main, DBG_NL_STD)); if ((objs = strdup(str)) == NULL) return (0); /* * Determine if we've been called from lddstub. */ lddstub = (lmflags & LML_FLG_TRC_ENABLE) && (FLAGS1(*clmp) & FL1_RT_LDDSTUB); for (ptr = strtok_r(objs, MSG_ORIG(MSG_STR_DELIMIT), &next); ptr != NULL; ptr = strtok_r(NULL, MSG_ORIG(MSG_STR_DELIMIT), &next)) { Rt_map *nlmp = NULL; uint_t flags; DBG_CALL(Dbg_file_preload(&lml_main, ptr)); /* * Establish the flags for loading each object. If we're * called via lddstub, then the first preloaded object is the * object being inspected by ldd(1). This object should not be * marked as an interposer, as this object is intended to act * as the target object of the process. */ if (lddstub) flags = FLG_RT_PRELOAD; else flags = (FLG_RT_PRELOAD | FLG_RT_OBJINTPO); /* * If this a secure application, then preload errors are * reduced to warnings, as the errors are non-fatal. */ if (rtld_flags & RT_FL_SECURE) rtld_flags2 |= RT_FL2_FTL2WARN; if (expand_paths(*clmp, ptr, &palp, AL_CNT_NEEDED, PD_FLG_EXTLOAD, 0) != 0) nlmp = load_one(&lml_main, ALIST_OFF_DATA, palp, *clmp, MODE(mlmp), flags, 0, NULL); remove_alist(&palp, 0); if (rtld_flags & RT_FL_SECURE) rtld_flags2 &= ~RT_FL2_FTL2WARN; if (nlmp && (bind_one(*clmp, nlmp, BND_NEEDED) == 0)) nlmp = NULL; if (lddstub && nlmp) { lddstub = 0; /* * Fabricate a binding between the target shared object * and lddstub so that the target object isn't called * out from unused() processing. */ if (lmflags & (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED)) { if (bind_one(*clmp, nlmp, BND_REFER) == 0) nlmp = NULL; } /* * By identifying lddstub as the caller, several * confusing ldd() diagnostics get suppressed. These * diagnostics would reveal how the target shared object * was found from lddstub. Now that the real target is * loaded, identify the target as the caller so that all * ldd() diagnostics are enabled for subsequent objects. */ if (nlmp) *clmp = nlmp; } /* * If no error occurred with loading this object, indicate that * this link-map list contains an interposer. */ if (nlmp == NULL) { if ((lmflags & LML_FLG_TRC_ENABLE) || (rtld_flags & RT_FL_SECURE)) continue; else return (0); } if (flags & FLG_RT_OBJINTPO) lml_main.lm_flags |= LML_FLG_INTRPOSE; } free(palp); free(objs); return (1); }
/* * Track any static TLS use, retain the TLS header, and assign a TLS module * identifier. */ int tls_assign(Lm_list *lml, Rt_map *lmp, Phdr *phdr) { ulong_t memsz = S_ROUND(phdr->p_memsz, M_TLSSTATALIGN); ulong_t filesz = phdr->p_filesz; ulong_t resv = tls_static_resv; /* * If this object explicitly references static TLS, then there are some * limitations. */ if (FLAGS1(lmp) & FL1_RT_TLSSTAT) { /* * Static TLS is only available to objects on the primary * link-map list. */ if (((lml->lm_flags & LML_FLG_BASELM) == 0) || ((rtld_flags2 & RT_FL2_NOPLM) != 0)) { eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_STATBASE), NAME(lmp)); return (0); } /* * All TLS blocks that are processed before thread * initialization, are registered with libc. This * initialization is carried out through a handshake with libc * prior to executing any user code (ie. before the first .init * sections are called). As part of this initialization, a * small backup TLS reservation is added (tls_static_resv). * Only explicit static TLS references that can be satisfied by * this TLS backup reservation can be satisfied. */ if (rtld_flags2 & RT_FL2_PLMSETUP) { /* * Initialized static TLS can not be satisfied from the * TLS backup reservation. */ if (filesz) { eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_STATINIT), NAME(lmp)); return (0); } /* * Make sure the backup reservation is sufficient. */ if (memsz > tls_static_resv) { eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_STATSIZE), NAME(lmp), EC_XWORD(memsz), EC_XWORD(tls_static_resv)); return (0); } tls_static_resv -= memsz; } } /* * If we haven't yet initialized threads, or this static reservation can * be satisfied from the TLS backup reservation, determine the total * static TLS size, and assign this object a static TLS offset. */ if (((rtld_flags2 & RT_FL2_PLMSETUP) == 0) || (FLAGS1(lmp) & FL1_RT_TLSSTAT)) { tls_static_size += memsz; TLSSTATOFF(lmp) = tls_static_size; } /* * Retain the PT_TLS header, obtain a new module identifier, and * indicate that this link-map list contains a new TLS object. */ PTTLS(lmp) = phdr; TLSMODID(lmp) = tls_getmodid(); /* * Now that we have a TLS module id, generate any static TLS reservation * diagnostic. */ if (resv != tls_static_resv) DBG_CALL(Dbg_tls_static_resv(lmp, memsz, tls_static_resv)); return (++lml->lm_tls); }
/* * la_objopen() caller for the head link-map. Global auditors, or an auditor * started from the object that heads a link-map list (typically the dynamic * executable), are passed to la_objopen(). However, local auditors can * provide activity and preinit events, and for these events, a cookie * representing the head link-map list object is expected. This routine obtains * these cookies from the link-map list lm_cookies element. This element * ensures all clients of the same auditor use the same cookie. * * Although a local auditor will get an la_objopen() call for the object that * heads the link-map list of the object being audited, the auditor is not * permitted to request binding information for this head object. The head * object has already been in existence, and bindings may have been resolved * with it. This local auditor is coming into existence too late, and thus we * don't allow any bindings to be caught at all. */ static int _audit_add_head(Rt_map *clmp, Rt_map *hlmp, int preinit, int activity) { Lm_list *clml = LIST(clmp); Lmid_t lmid = get_linkmap_id(clml); Audit_list *alp; Aliste idx; int save = 0; for (APLIST_TRAVERSE(AUDITORS(clmp)->ad_list, idx, alp)) { Audit_client *acp; Rt_map *almp = alp->al_lmp; Lm_list *alml = LIST(almp); uintptr_t *cookie; uint_t rtldflags; /* * Ensure this local auditor isn't already in existence as an * auditor for the head of the link-map list. If it is, then * this auditor will have already receive preinit and activity * events. */ if (AUDITORS(hlmp) && _audit_used_by_head(hlmp, almp)) continue; /* * Create a cookie that represents the object that heads the * link-map list. If the cookie already exists, then this * auditor has already been established for another objects * local auditing. In this case, do not issue a la_objopen() * or la_activity() event, as these will have already occurred. */ if ((acp = _audit_get_head_client(clml->lm_head, almp)) != NULL) continue; if ((acp = _audit_create_head_client(clml->lm_head, almp)) == NULL) return (0); cookie = &(acp->ac_cookie); save++; /* * Call the la_objopen() if available. */ if (alp->al_objopen) { uint_t flags; DBG_CALL(Dbg_audit_objopen(clml, DBG_AUD_CALL, alp->al_libname, NAME(hlmp), 0, FALSE)); APPLICATION_ENTER(rtldflags); leave(alml, thr_flg_reenter); flags = (*alp->al_objopen)((Link_map *)hlmp, lmid, cookie); (void) enter(thr_flg_reenter); APPLICATION_RETURN(rtldflags); if (flags) { DBG_CALL(Dbg_audit_objopen(clml, DBG_AUD_RET, alp->al_libname, NAME(hlmp), flags, TRUE)); } } /* * Call the la_activity() if available. */ if (alp->al_activity) { alml->lm_flags |= LML_FLG_AUDITNOTIFY; clml->lm_flags |= LML_FLG_ACTAUDIT; DBG_CALL(Dbg_audit_activity(clml, alp->al_libname, NAME(clml->lm_head), LA_ACT_ADD)); APPLICATION_ENTER(rtldflags); leave(alml, thr_flg_reenter); (*alp->al_activity)(cookie, LA_ACT_ADD); (void) enter(thr_flg_reenter); APPLICATION_RETURN(rtldflags); } } /* * If new head link-map cookies have been generated, then maintain * any preinit and/or activity requirements. */ if (save) { if (preinit && (aplist_append(&aud_preinit, clmp, AL_CNT_AUDITORS) == NULL)) return (0); if (activity && (aplist_append(&aud_activity, clmp, AL_CNT_AUDITORS) == NULL)) return (0); } return (1); }
/* * Given a list of one or more audit libraries, open each one and establish a * a descriptor representing the entry points it provides. */ int audit_setup(Rt_map *clmp, Audit_desc *adp, uint_t orig) { char *ptr, *next; Lm_list *clml = LIST(clmp); int error = 1; DBG_CALL(Dbg_audit_lib(clml, adp->ad_name)); /* * Mark that we have at least one auditing link map */ rtld_flags2 |= RT_FL2_HASAUDIT; /* * The audit definitions may be a list (which will already have been * dupped) so split it into individual tokens. */ for (ptr = strtok_r(adp->ad_name, MSG_ORIG(MSG_STR_DELIMIT), &next); ptr; ptr = strtok_r(NULL, MSG_ORIG(MSG_STR_DELIMIT), &next)) { Grp_hdl *ghp; Rt_map *lmp; Rt_map **tobj; Audit_list *alp; /* * Open the audit library on its own link-map. */ if ((ghp = dlmopen_intn((Lm_list *)LM_ID_NEWLM, ptr, (RTLD_FIRST | RTLD_GLOBAL | RTLD_WORLD), clmp, FLG_RT_AUDIT, orig, 0)) == 0) { error = audit_disable(ptr, clmp, 0, 0); continue; } lmp = ghp->gh_ownlmp; /* * If this auditor has already been loaded, reuse it. */ if ((alp = LIST(lmp)->lm_alp) != 0) { if (list_append(&(adp->ad_list), alp) == 0) return (audit_disable(ptr, clmp, ghp, alp)); adp->ad_cnt++; DBG_CALL(Dbg_audit_version(clml, alp->al_libname, alp->al_vernum)); adp->ad_flags |= alp->al_flags; continue; } /* * If we are not running in the environment where * libc/libthread are merged, we hold on to rtld lock * upon leave() function. * * There is a possibility that libc is not mapped in yet. * We may later find out that we will be running in * libc/libthread merged enviornment. Refer to: * get_lcinterface() in mutex.c. */ if ((rtld_flags2 & RT_FL2_UNIFPROC) == 0) LIST(lmp)->lm_flags |= LML_FLG_HOLDLOCK; /* * Allocate an audit list descriptor for this object and * search for all known entry points. */ if ((alp = calloc(1, sizeof (Audit_list))) == 0) return (audit_disable(ptr, clmp, ghp, 0)); alp->al_libname = NAME(lmp); alp->al_lmp = lmp; alp->al_ghp = ghp; /* * All audit libraries must handshake through la_version(). * Determine that the symbol exists, finish initializing the * object, and then call the function. */ if ((alp->al_version = (uint_t(*)())audit_symget(alp, AI_LAVERSION)) == 0) { eprintf(LIST(lmp), ERR_FATAL, MSG_INTL(MSG_GEN_NOSYM), MSG_ORIG(MSG_SYM_LAVERSION)); error = audit_disable(ptr, clmp, ghp, alp); continue; } if ((tobj = tsort(lmp, LIST(lmp)->lm_init, RT_SORT_REV)) == (Rt_map **)S_ERROR) return (audit_disable(ptr, clmp, ghp, alp)); rtld_flags |= RT_FL_APPLIC; if (tobj != (Rt_map **)NULL) call_init(tobj, DBG_INIT_SORT); alp->al_vernum = alp->al_version(LAV_CURRENT); rtld_flags &= ~RT_FL_APPLIC; if ((alp->al_vernum < LAV_VERSION1) || (alp->al_vernum > LAV_CURRENT)) { eprintf(LIST(lmp), ERR_FATAL, MSG_INTL(MSG_AUD_BADVERS), LAV_CURRENT, alp->al_vernum); error = audit_disable(ptr, clmp, ghp, alp); continue; } if (list_append(&(adp->ad_list), alp) == 0) return (audit_disable(ptr, clmp, ghp, alp)); adp->ad_cnt++; DBG_CALL(Dbg_audit_version(clml, alp->al_libname, alp->al_vernum)); /* * Collect any remaining entry points. */ alp->al_preinit = (void(*)())audit_symget(alp, AI_LAPREINIT); alp->al_objsearch = (char *(*)())audit_symget(alp, AI_LAOBJSEARCH); alp->al_objopen = (uint_t(*)())audit_symget(alp, AI_LAOBJOPEN); alp->al_objfilter = (int(*)())audit_symget(alp, AI_LAOBJFILTER); alp->al_objclose = (uint_t(*)())audit_symget(alp, AI_LAOBJCLOSE); alp->al_activity = (void (*)())audit_symget(alp, AI_LAACTIVITY); alp->al_symbind = (uintptr_t(*)())audit_symget(alp, AI_LASYMBIND); alp->al_pltenter = (uintptr_t(*)())audit_symget(alp, AI_LAPLTENTER); alp->al_pltexit = (uintptr_t(*)())audit_symget(alp, AI_LAPLTEXIT); /* * Collect the individual object flags, and assign this audit * list descriptor to its associated link-map list. */ adp->ad_flags |= alp->al_flags; LIST(lmp)->lm_alp = alp; } /* * Free the original audit string, as this descriptor may be used again * to add additional auditing. */ free(adp->ad_name); adp->ad_name = 0; return (error); }
/* * For SVR4 Intel compatability. USL uses /usr/lib/libc.so.1 as the run-time * linker, so the interpreter's address will differ from /usr/lib/ld.so.1. * Further, USL has special _iob[] and _ctype[] processing that makes up for the * fact that these arrays do not have associated copy relocations. So we try * and make up for that here. Any relocations found will be added to the global * copy relocation list and will be processed in setup(). */ static int _elf_copy_reloc(const char *name, Rt_map *rlmp, Rt_map *dlmp) { Sym *symref, *symdef; caddr_t ref, def; Rt_map *_lmp; Rel rel; Slookup sl; Sresult sr; uint_t binfo; /* * Determine if the special symbol exists as a reference in the dynamic * executable, and that an associated definition exists in libc.so.1. * * Initialize the symbol lookup, and symbol result, data structures. */ SLOOKUP_INIT(sl, name, rlmp, rlmp, ld_entry_cnt, 0, 0, 0, 0, LKUP_FIRST); SRESULT_INIT(sr, name); if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) return (1); symref = sr.sr_sym; SLOOKUP_INIT(sl, name, rlmp, dlmp, ld_entry_cnt, 0, 0, 0, 0, LKUP_DEFT); SRESULT_INIT(sr, name); if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) return (1); _lmp = sr.sr_dmap; symdef = sr.sr_sym; if (strcmp(NAME(sr.sr_dmap), MSG_ORIG(MSG_PTH_LIBC))) return (1); /* * Determine the reference and definition addresses. */ ref = (void *)(symref->st_value); if (!(FLAGS(rlmp) & FLG_RT_FIXED)) ref += ADDR(rlmp); def = (void *)(symdef->st_value); if (!(FLAGS(sr.sr_dmap) & FLG_RT_FIXED)) def += ADDR(_lmp); /* * Set up a relocation entry for debugging and call the generic copy * relocation function to provide symbol size error checking and to * record the copy relocation that must be performed. */ rel.r_offset = (Addr)ref; rel.r_info = (Word)R_386_COPY; DBG_CALL(Dbg_reloc_in(LIST(rlmp), ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, &rel, NULL, 0, name)); return (elf_copy_reloc((char *)name, symref, rlmp, (void *)ref, symdef, _lmp, (void *)def)); }
/* * Read the archive symbol table. For each symbol in the table, determine * whether that symbol satisfies an unresolved reference, tentative reference, * or a reference that expects hidden or protected visibility. If so, the * corresponding object from the archive is processed. The archive symbol * table is searched until we go through a complete pass without satisfying any * unresolved symbols * * entry: * name - Name of archive * fd - Open file descriptor for archive * adp - Archive descriptor * ofl - output descriptor * found - Address of variable to set to TRUE if any objects are extracted * rej - Rejection descriptor to pass to ld_process_ifl(). * * exit: * Returns FALSE on fatal error. On success, *found will be TRUE * if any object was extracted, rej will be set if any object * was rejected, and TRUE is returned. */ static Boolean ar_extract_bysym(const char *name, int fd, Ar_desc *adp, Ofl_desc *ofl, Boolean *found, Rej_desc *rej) { Elf_Arsym * arsym; Elf * arelf; Ar_aux * aup; Sym_desc * sdp; const char *arname, *arpath; Boolean again = FALSE; uintptr_t err; /* * An archive without a symbol table should not reach this function, * because it can only get past ld_ar_setup() in the case where * the archive is first seen under the influence of '-z allextract'. * That will cause the entire archive to be extracted, and any * subsequent reference to the archive will be ignored by * ld_process_archive(). */ if (adp->ad_start == NULL) { assert(adp->ad_start != NULL); return (TRUE); } /* * Loop through archive symbol table until we make a complete pass * without satisfying an unresolved reference. For each archive * symbol, see if there is a symbol with the same name in ld's * symbol table. If so, and if that symbol is still unresolved or * tentative, process the corresponding archive member. */ do { DBG_CALL(Dbg_file_ar(ofl->ofl_lml, name, again)); DBG_CALL(Dbg_syms_ar_title(ofl->ofl_lml, name, again)); again = FALSE; for (arsym = adp->ad_start, aup = adp->ad_aux; arsym->as_name; ++arsym, ++aup) { Ar_mem *amp; Sym *sym; Boolean visible = TRUE; Boolean vers; Ifl_desc *ifl; /* * If the auxiliary members value indicates that this * member has been processed then this symbol will have * been added to the output file image already or the * object was rejected in which case we don't want to * process it again. */ if (aup->au_mem == FLG_ARMEM_PROC) continue; /* * If the auxiliary symbol element is non-zero lookup * the symbol from the internal symbol table. */ if ((sdp = aup->au_syms) == NULL) { if ((sdp = ld_sym_find(arsym->as_name, /* LINTED */ (Word)arsym->as_hash, NULL, ofl)) == NULL) { DBG_CALL(Dbg_syms_ar_skip(ofl->ofl_lml, name, arsym)); continue; } aup->au_syms = sdp; } /* * With '-z allextract', all members will be extracted. * * This archive member is a candidate for extraction if * the internal symbol originates from an explicit file, * and represents an undefined or tentative symbol. * * By default, weak references do not cause archive * extraction, however the -zweakextract flag overrides * this default. * * If this symbol has already been bound to a versioned * shared object, but the shared objects version is not * available, then a definition of this symbol from * within the archive is a better candidate. Similarly, * if this symbol has been bound to a shared object, but * the original reference expected hidden or protected * visibility, then a definition of this symbol from * within the archive is a better candidate. */ vers = TRUE; ifl = sdp->sd_file; sym = sdp->sd_sym; if (sdp->sd_ref == REF_DYN_NEED) { uchar_t vis; if (ifl->ifl_vercnt) { Word vndx; Ver_index *vip; vndx = sdp->sd_aux->sa_dverndx; vip = &ifl->ifl_verndx[vndx]; if (!(vip->vi_flags & FLG_VER_AVAIL)) vers = FALSE; } vis = ELF_ST_VISIBILITY(sym->st_other); visible = sym_vis[vis]; } if (((ifl->ifl_flags & FLG_IF_NEEDED) == 0) || (visible && vers && (sym->st_shndx != SHN_UNDEF) && (sym->st_shndx != SHN_COMMON)) || ((ELF_ST_BIND(sym->st_info) == STB_WEAK) && (!(ofl->ofl_flags1 & FLG_OF1_WEAKEXT)))) { DBG_CALL(Dbg_syms_ar_skip(ofl->ofl_lml, name, arsym)); continue; } /* * Determine if we have already extracted this member, * and if so reuse the Ar_mem information. */ if ((amp = aup->au_mem) != 0) { arelf = amp->am_elf; arname = amp->am_name; arpath = amp->am_path; } else { /* * Set up a new elf descriptor for this member. */ if (elf_rand(adp->ad_elf, arsym->as_off) != arsym->as_off) { ld_eprintf(ofl, ERR_ELF, MSG_INTL(MSG_ELF_ARMEM), name, EC_WORD(arsym->as_off), demangle(arsym->as_name)); return (FALSE); } if ((arelf = elf_begin(fd, ELF_C_READ, adp->ad_elf)) == NULL) { ld_eprintf(ofl, ERR_ELF, MSG_INTL(MSG_ELF_BEGIN), name); return (FALSE); } /* Get member filename */ if ((arname = ar_member_name(name, arelf, ofl)) == NULL) return (FALSE); /* Construct the member's full pathname */ if ((arpath = ar_member_path(name, arname)) == NULL) return (S_ERROR); /* * Determine whether the support libraries wish * to process this open. See comments in * ld_process_open(). */ ld_sup_open(ofl, &arpath, &arname, &fd, (FLG_IF_EXTRACT | FLG_IF_NEEDED), &arelf, adp->ad_elf, arsym->as_off, elf_kind(arelf)); if (arelf == NULL) { /* Ignore this archive member */ aup->au_mem = FLG_ARMEM_PROC; continue; } } /* * The symbol for which this archive member is being * processed may provide a better alternative to the * symbol that is presently known. Two cases are * covered: * * i. The present symbol represents tentative data. * The archive member may provide a data * definition symbol. * ii. The present symbol represents a reference that * has seen a definition within a shared object * dependency, but the reference expects to be * reduced to hidden or protected visibility. */ if ((sym->st_shndx == SHN_COMMON) || (visible == FALSE)) { /* * If we don't already have a member structure * allocate one. */ if (!amp) { if ((amp = libld_calloc(sizeof (Ar_mem), 1)) == NULL) return (FALSE); amp->am_elf = arelf; amp->am_name = arname; amp->am_path = arpath; } DBG_CALL(Dbg_syms_ar_checking(ofl->ofl_lml, name, arname, arsym)); if ((err = process_member(amp, arsym->as_name, sdp, ofl)) == S_ERROR) return (FALSE); /* * If it turns out that we don't need this * member simply initialize all other auxiliary * entries that match this offset with this * members address. In this way we can resuse * this information if we recurse back to this * symbol. */ if (err == 0) { if (aup->au_mem == NULL) ld_ar_member(adp, arsym, aup, amp); continue; } } /* * Process the archive member. Retain any error for * return to the caller. */ DBG_CALL(Dbg_syms_ar_resolve(ofl->ofl_lml, name, arname, arsym)); switch (ar_input(fd, adp, ofl, arelf, arpath, rej)) { case S_ERROR: return (FALSE); case 0: /* * Mark the member as extracted so that we * don't try and process it again on a rescan. */ ld_ar_member(adp, arsym, aup, FLG_ARMEM_PROC); continue; } /* * Note that this archive has contributed something * during this specific operation, and also signal * the need to rescan the archive. */ *found = again = TRUE; ld_ar_member(adp, arsym, aup, FLG_ARMEM_PROC); } } while (again); return (TRUE); }
int tls_statmod(Lm_list *lml, Rt_map *lmp) { uint_t tlsmodndx, tlsmodcnt = lml->lm_tls; TLS_modinfo **tlsmodlist, *tlsbuflist; Phdr *tlsphdr; void (*fptr)(TLS_modinfo **, ulong_t); fptr = (void (*)())lml->lm_lcs[CI_TLS_STATMOD].lc_un.lc_func; /* * Allocate a buffer to report the TLS modules, the buffer consists of: * * TLS_modinfo * ptrs[tlsmodcnt + 1] * TLS_modinfo bufs[tlsmodcnt] * * The ptrs are initialized to the bufs - except the last one which * null terminates the array. * * Note, even if no TLS has yet been observed, we still supply a * TLS buffer with a single null entry. This allows us to initialize * the backup TLS reservation. */ if ((tlsmodlist = calloc((sizeof (TLS_modinfo *) * (tlsmodcnt + 1)) + (sizeof (TLS_modinfo) * tlsmodcnt), 1)) == NULL) return (0); lml->lm_tls = 0; /* * If we don't have any TLS modules - report that and return. */ if (tlsmodcnt == 0) { if (fptr) (*fptr)(tlsmodlist, tls_static_resv); DBG_CALL(Dbg_tls_static_block(&lml_main, 0, 0, tls_static_resv)); return (1); } /* * Initialize the TLS buffer. */ tlsbuflist = (TLS_modinfo *)((uintptr_t)tlsmodlist + ((tlsmodcnt + 1) * sizeof (TLS_modinfo *))); for (tlsmodndx = 0; tlsmodndx < tlsmodcnt; tlsmodndx++) tlsmodlist[tlsmodndx] = &tlsbuflist[tlsmodndx]; /* * Account for the initial dtv ptr in the TLSSIZE calculation. */ tlsmodndx = 0; for (lmp = lml->lm_head; lmp; lmp = NEXT_RT_MAP(lmp)) { if (THIS_IS_NOT_ELF(lmp) || (PTTLS(lmp) == 0) || (PTTLS(lmp)->p_memsz == 0)) continue; tlsphdr = PTTLS(lmp); tlsmodlist[tlsmodndx]->tm_modname = PATHNAME(lmp); tlsmodlist[tlsmodndx]->tm_modid = TLSMODID(lmp); tlsmodlist[tlsmodndx]->tm_tlsblock = (void *)(tlsphdr->p_vaddr); if (!(FLAGS(lmp) & FLG_RT_FIXED)) { tlsmodlist[tlsmodndx]->tm_tlsblock = (void *) ((uintptr_t)tlsmodlist[tlsmodndx]->tm_tlsblock + ADDR(lmp)); } tlsmodlist[tlsmodndx]->tm_filesz = tlsphdr->p_filesz; tlsmodlist[tlsmodndx]->tm_memsz = tlsphdr->p_memsz; tlsmodlist[tlsmodndx]->tm_flags = TM_FLG_STATICTLS; tlsmodlist[tlsmodndx]->tm_stattlsoffset = TLSSTATOFF(lmp); tlsmodndx++; } DBG_CALL(Dbg_tls_static_block(&lml_main, (void *)tlsmodlist, tls_static_size, tls_static_resv)); (*fptr)(tlsmodlist, (tls_static_size + tls_static_resv)); /* * We're done with the list - clean it up. */ free(tlsmodlist); return (1); }
/* * la_symbind() caller. Traverses through all audit library and calls any * la_symbind() entry points found. */ static Addr _audit_symbind(List *list, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, uint_t ndx, uint_t *flags, int *called) { Audit_list *alp; Listnode *lnp; #if defined(_ELF64) const char *name = (const char *)(sym->st_name + STRTAB(dlmp)); #else const char *name = (const char *)(sym->st_name); #endif for (LIST_TRAVERSE(list, lnp, alp)) { Audit_client *racp, *dacp; Addr prev = sym->st_value; uint_t lflags; if (alp->al_symbind == 0) continue; if ((racp = _audit_client(AUDINFO(rlmp), alp->al_lmp)) == 0) continue; if ((dacp = _audit_client(AUDINFO(dlmp), alp->al_lmp)) == 0) continue; if (((racp->ac_flags & FLG_AC_BINDFROM) == 0) || ((dacp->ac_flags & FLG_AC_BINDTO) == 0)) continue; /* * The la_symbind interface is only called when the calling * object has been identified as BINDFROM, and the destination * object has been identified as BINDTO. Use a local version of * the flags, so that any user update can be collected. */ called++; lflags = (*flags & ~(LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT)); leave(LIST(alp->al_lmp)); sym->st_value = (*alp->al_symbind)(sym, ndx, &(racp->ac_cookie), &(dacp->ac_cookie), #if defined(_ELF64) &lflags, name); #else &lflags); #endif (void) enter(); /* * If the auditor indicated that they did not want to process * pltenter, or pltexit audits for this symbol, retain this * information. Also retain whether an alternative symbol value * has been supplied. */ *flags |= (lflags & (LA_SYMB_NOPLTENTER | LA_SYMB_NOPLTEXIT)); if ((prev != sym->st_value) && (alp->al_vernum >= LAV_VERSION2)) *flags |= LA_SYMB_ALTVALUE; DBG_CALL(Dbg_audit_symval(LIST(alp->al_lmp), alp->al_libname, MSG_ORIG(MSG_AUD_SYMBIND), name, prev, sym->st_value)); } return (sym->st_value); }
uintptr_t ld_group_process(Is_desc *gisc, Ofl_desc *ofl) { Ifl_desc *gifl = gisc->is_file; Shdr *sshdr, *gshdr = gisc->is_shdr; Is_desc *isc; Sym *sym; const char *str; Group_desc gd; size_t ndx; int gnu_stt_section; /* * Confirm that the sh_link points to a valid section. */ if ((gshdr->sh_link == SHN_UNDEF) || (gshdr->sh_link >= gifl->ifl_shnum) || ((isc = gifl->ifl_isdesc[gshdr->sh_link]) == NULL)) { ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_FIL_INVSHLINK), gifl->ifl_name, EC_WORD(gisc->is_scnndx), gisc->is_name, EC_XWORD(gshdr->sh_link)); return (0); } if (gshdr->sh_entsize == 0) { ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_FIL_INVSHENTSIZE), gifl->ifl_name, EC_WORD(gisc->is_scnndx), gisc->is_name, EC_XWORD(gshdr->sh_entsize)); return (0); } /* * Get the associated symbol table. Sanity check the sh_info field * (which points to the signature symbol table entry) against the size * of the symbol table. */ sshdr = isc->is_shdr; sym = (Sym *)isc->is_indata->d_buf; if ((sshdr->sh_info == SHN_UNDEF) || (gshdr->sh_info >= (Word)(sshdr->sh_size / sshdr->sh_entsize)) || ((isc = gifl->ifl_isdesc[sshdr->sh_link]) == NULL)) { ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_FIL_INVSHINFO), gifl->ifl_name, EC_WORD(gisc->is_scnndx), gisc->is_name, EC_XWORD(gshdr->sh_info)); return (0); } sym += gshdr->sh_info; /* * Get the symbol name from the associated string table. */ str = (char *)isc->is_indata->d_buf; str += sym->st_name; /* * The GNU assembler can use section symbols as the signature symbol * as described by this comment in the gold linker (found via google): * * It seems that some versions of gas will create a section group * associated with a section symbol, and then fail to give a name * to the section symbol. In such a case, use the name of the * section. * * In order to support such objects, we do the same. */ gnu_stt_section = ((sym->st_name == 0) || (*str == '\0')) && (ELF_ST_TYPE(sym->st_info) == STT_SECTION); if (gnu_stt_section) str = gisc->is_name; /* * Generate a group descriptor. */ gd.gd_isc = gisc; gd.gd_oisc = NULL; gd.gd_name = str; gd.gd_data = gisc->is_indata->d_buf; gd.gd_cnt = gisc->is_indata->d_size / sizeof (Word); /* * If this group is a COMDAT group, validate the signature symbol. */ if ((gd.gd_data[0] & GRP_COMDAT) && !gnu_stt_section && ((ELF_ST_BIND(sym->st_info) == STB_LOCAL) || (sym->st_shndx == SHN_UNDEF))) { /* If section symbol, construct a printable name for it */ if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) { if (gisc->is_sym_name == NULL) (void) ld_stt_section_sym_name(gisc); if (gisc->is_sym_name != NULL) str = gisc->is_sym_name; } ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_GRP_INVALSYM), gifl->ifl_name, EC_WORD(gisc->is_scnndx), gisc->is_name, str); return (0); } /* * If the signature symbol is a name generated by the GNU compiler to * refer to a header, we need sloppy relocation. */ if (is_header_gensym(str)) { if ((ofl->ofl_flags1 & FLG_OF1_NRLXREL) == 0) ofl->ofl_flags1 |= FLG_OF1_RLXREL; DBG_CALL(Dbg_sec_gnu_comdat(ofl->ofl_lml, gisc, TRUE, (ofl->ofl_flags1 & FLG_OF1_RLXREL) != 0)); } /* * Validate the section indices within the group. If this is a COMDAT * group, mark each section as COMDAT. */ for (ndx = 1; ndx < gd.gd_cnt; ndx++) { Word gndx; if ((gndx = gd.gd_data[ndx]) >= gifl->ifl_shnum) { ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_GRP_INVALNDX), gifl->ifl_name, EC_WORD(gisc->is_scnndx), gisc->is_name, ndx, gndx); return (0); } if (gd.gd_data[0] & GRP_COMDAT) gifl->ifl_isdesc[gndx]->is_flags |= FLG_IS_COMDAT; } /* * If this is a COMDAT group, determine whether this group has already * been encountered, or whether this is the first instance of the group. */ if ((gd.gd_data[0] & GRP_COMDAT) && (gpavl_loaded(ofl, &gd) == S_ERROR)) return (S_ERROR); /* * Associate the group descriptor with this input file. */ if (alist_append(&(gifl->ifl_groups), &gd, sizeof (Group_desc), AL_CNT_IFL_GROUPS) == NULL) return (S_ERROR); return (1); }
/* * Move data. Apply sparse initialization to data in zeroed bss. */ int move_data(Rt_map *lmp, APlist **textrel) { Lm_list *lml = LIST(lmp); Move *mv = MOVETAB(lmp); ulong_t num, mvnum = MOVESZ(lmp) / MOVEENT(lmp); int moves; /* * If these records are against the executable, and the executable was * built prior to Solaris 8, keep track of the move record symbol. See * comment in analyze.c:lookup_sym_interpose() in regards Solaris 8 * objects and DT_FLAGS. */ moves = (lmp == lml->lm_head) && ((FLAGS1(lmp) & FL1_RT_DTFLAGS) == 0); DBG_CALL(Dbg_move_data(lmp)); for (num = 0; num < mvnum; num++, mv++) { mmapobj_result_t *mpp; Addr addr, taddr; Half rep, repno, stride; Sym *sym; if ((sym = (Sym *)SYMTAB(lmp) + ELF_M_SYM(mv->m_info)) == 0) continue; stride = mv->m_stride + 1; addr = sym->st_value; /* * Determine the move data target, and verify the address is * writable. */ if ((FLAGS(lmp) & FLG_RT_FIXED) == 0) addr += ADDR(lmp); taddr = addr + mv->m_poffset; if ((mpp = find_segment((caddr_t)taddr, lmp)) == NULL) { elf_move_bad(lml, lmp, sym, num, taddr); continue; } if (((mpp->mr_prot & PROT_WRITE) == 0) && ((set_prot(lmp, mpp, 1) == 0) || (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) return (0); DBG_CALL(Dbg_move_entry2(lml, mv, sym->st_name, (const char *)(sym->st_name + STRTAB(lmp)))); for (rep = 0, repno = 0; rep < mv->m_repeat; rep++) { DBG_CALL(Dbg_move_expand(lml, mv, taddr)); switch (ELF_M_SIZE(mv->m_info)) { case 1: *((char *)taddr) = (char)mv->m_value; taddr += stride; repno++; break; case 2: /* LINTED */ *((Half *)taddr) = (Half)mv->m_value; taddr += 2 * stride; repno++; break; case 4: /* LINTED */ *((Word *)taddr) = (Word)mv->m_value; taddr += 4 * stride; repno++; break; case 8: /* LINTED */ *((unsigned long long *)taddr) = mv->m_value; taddr += 8 * stride; repno++; break; default: eprintf(lml, ERR_NONE, MSG_INTL(MSG_MOVE_ERR1)); break; } } /* * If any move records have been applied to this symbol, retain * the symbol address if required for backward compatibility * copy relocation processing. */ if (moves && repno && (aplist_append(&alp, (void *)addr, AL_CNT_MOVES) == NULL)) return (0); } /* * Binaries built in the early 1990's prior to Solaris 8, using the ild * incremental linker are known to have zero filled move sections * (presumably place holders for new, incoming move sections). If no * move records have been processed, remove the move identifier to * optimize the amount of backward compatibility copy relocation * processing that is needed. */ if (moves && (alp == NULL)) FLAGS(lmp) &= ~FLG_RT_MOVE; return (1); }