/*
* la_objopen() caller. Create an audit information structure for the indicated
* link-map, regardless of an la_objopen() entry point. This structure is used
* to supply information to various audit interfaces (see LML_MSK_AUDINFO).
* Traverses through all audit library and calls any la_objopen() entry points
* found.
*/
static int
_audit_objopen(List *list, Rt_map *nlmp, Lmid_t lmid, Audit_info *aip,
int *ndx)
{
Audit_list *alp;
Listnode *lnp;
for (LIST_TRAVERSE(list, lnp, alp)) {
uint_t flags;
Audit_client *acp;
/*
* Associate a cookie with the audit library, and assign the
* initial cookie as the present link-map.
*/
acp = &aip->ai_clients[(*ndx)++];
acp->ac_lmp = alp->al_lmp;
acp->ac_cookie = (uintptr_t)nlmp;
if (alp->al_objopen == 0)
continue;
DBG_CALL(Dbg_audit_object(LIST(alp->al_lmp), alp->al_libname,
NAME(nlmp)));
leave(LIST(alp->al_lmp));
flags = (*alp->al_objopen)((Link_map *)nlmp, lmid,
&(acp->ac_cookie));
(void) enter();
if (flags & LA_FLG_BINDTO)
acp->ac_flags |= FLG_AC_BINDTO;
if (flags & LA_FLG_BINDFROM) {
ulong_t pltcnt;
acp->ac_flags |= FLG_AC_BINDFROM;
/*
* We only need dynamic plt's if a pltenter and/or a
* pltexit() entry point exist in one of our auditing
* libraries.
*/
if (aip->ai_dynplts || (JMPREL(nlmp) == 0) ||
((audit_flags & (AF_PLTENTER | AF_PLTEXIT)) == 0))
continue;
/*
* Create one dynplt for every 'PLT' that exists in the
* object.
*/
pltcnt = PLTRELSZ(nlmp) / RELENT(nlmp);
if ((aip->ai_dynplts = calloc(pltcnt,
dyn_plt_ent_size)) == 0)
return (0);
}
}
return (1);
}
/*
* Read and process the relocations for one link object, we assume all
* relocation sections for loadable segments are stored contiguously in
* the file.
*/
int
elf_reloc(Rt_map *lmp, uint_t plt, int *in_nfavl, APlist **textrel)
{
ulong_t relbgn, relend, relsiz, basebgn, pltbgn, pltend;
ulong_t _pltbgn, _pltend;
ulong_t dsymndx, roffset, rsymndx, psymndx = 0;
uchar_t rtype;
long value, pvalue;
Sym *symref, *psymref, *symdef, *psymdef;
Syminfo *sip;
char *name, *pname;
Rt_map *_lmp, *plmp;
int ret = 1, noplt = 0;
int relacount = RELACOUNT(lmp), plthint = 0;
Rel *rel;
uint_t binfo, pbinfo;
APlist *bound = NULL;
/*
* Although only necessary for lazy binding, initialize the first
* global offset entry to go to elf_rtbndr(). dbx(1) seems
* to find this useful.
*/
if ((plt == 0) && PLTGOT(lmp)) {
mmapobj_result_t *mpp;
/*
* Make sure the segment is writable.
*/
if ((((mpp =
find_segment((caddr_t)PLTGOT(lmp), lmp)) != NULL) &&
((mpp->mr_prot & PROT_WRITE) == 0)) &&
((set_prot(lmp, mpp, 1) == 0) ||
(aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL)))
return (0);
elf_plt_init(PLTGOT(lmp), (caddr_t)lmp);
}
/*
* Initialize the plt start and end addresses.
*/
if ((pltbgn = (ulong_t)JMPREL(lmp)) != 0)
pltend = pltbgn + (ulong_t)(PLTRELSZ(lmp));
relsiz = (ulong_t)(RELENT(lmp));
basebgn = ADDR(lmp);
if (PLTRELSZ(lmp))
plthint = PLTRELSZ(lmp) / relsiz;
/*
* If we've been called upon to promote an RTLD_LAZY object to an
* RTLD_NOW then we're only interested in scaning the .plt table.
* An uninitialized .plt is the case where the associated got entry
* points back to the plt itself. Determine the range of the real .plt
* entries using the _PROCEDURE_LINKAGE_TABLE_ symbol.
*/
if (plt) {
Slookup sl;
Sresult sr;
relbgn = pltbgn;
relend = pltend;
if (!relbgn || (relbgn == relend))
return (1);
/*
* Initialize the symbol lookup, and symbol result, data
* structures.
*/
SLOOKUP_INIT(sl, MSG_ORIG(MSG_SYM_PLT), lmp, lmp, ld_entry_cnt,
elf_hash(MSG_ORIG(MSG_SYM_PLT)), 0, 0, 0, LKUP_DEFT);
SRESULT_INIT(sr, MSG_ORIG(MSG_SYM_PLT));
if (elf_find_sym(&sl, &sr, &binfo, NULL) == 0)
return (1);
symdef = sr.sr_sym;
_pltbgn = symdef->st_value;
if (!(FLAGS(lmp) & FLG_RT_FIXED) &&
(symdef->st_shndx != SHN_ABS))
_pltbgn += basebgn;
_pltend = _pltbgn + (((PLTRELSZ(lmp) / relsiz)) *
M_PLT_ENTSIZE) + M_PLT_RESERVSZ;
} else {
/*
* The relocation sections appear to the run-time linker as a
* single table. Determine the address of the beginning and end
* of this table. There are two different interpretations of
* the ABI at this point:
*
* o The REL table and its associated RELSZ indicate the
* concatenation of *all* relocation sections (this is the
* model our link-editor constructs).
*
* o The REL table and its associated RELSZ indicate the
* concatenation of all *but* the .plt relocations. These
* relocations are specified individually by the JMPREL and
* PLTRELSZ entries.
*
* Determine from our knowledege of the relocation range and
* .plt range, the range of the total relocation table. Note
* that one other ABI assumption seems to be that the .plt
* relocations always follow any other relocations, the
* following range checking drops that assumption.
*/
relbgn = (ulong_t)(REL(lmp));
relend = relbgn + (ulong_t)(RELSZ(lmp));
if (pltbgn) {
if (!relbgn || (relbgn > pltbgn))
relbgn = pltbgn;
if (!relbgn || (relend < pltend))
relend = pltend;
}
}
if (!relbgn || (relbgn == relend)) {
DBG_CALL(Dbg_reloc_run(lmp, 0, plt, DBG_REL_NONE));
return (1);
}
DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, plt, DBG_REL_START));
/*
* If we're processing a dynamic executable in lazy mode there is no
* need to scan the .rel.plt table, however if we're processing a shared
* object in lazy mode the .got addresses associated to each .plt must
* be relocated to reflect the location of the shared object.
*/
if (pltbgn && ((MODE(lmp) & RTLD_NOW) == 0) &&
(FLAGS(lmp) & FLG_RT_FIXED))
noplt = 1;
sip = SYMINFO(lmp);
/*
* Loop through relocations.
*/
while (relbgn < relend) {
mmapobj_result_t *mpp;
uint_t sb_flags = 0;
rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH);
/*
* If this is a RELATIVE relocation in a shared object (the
* common case), and if we are not debugging, then jump into a
* tighter relocation loop (elf_reloc_relative).
*/
if ((rtype == R_386_RELATIVE) &&
((FLAGS(lmp) & FLG_RT_FIXED) == 0) && (DBG_ENABLED == 0)) {
if (relacount) {
relbgn = elf_reloc_relative_count(relbgn,
relacount, relsiz, basebgn, lmp,
textrel, 0);
relacount = 0;
} else {
relbgn = elf_reloc_relative(relbgn, relend,
relsiz, basebgn, lmp, textrel, 0);
}
if (relbgn >= relend)
break;
rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH);
}
roffset = ((Rel *)relbgn)->r_offset;
/*
* If this is a shared object, add the base address to offset.
*/
if (!(FLAGS(lmp) & FLG_RT_FIXED)) {
/*
* If we're processing lazy bindings, we have to step
* through the plt entries and add the base address
* to the corresponding got entry.
*/
if (plthint && (plt == 0) &&
(rtype == R_386_JMP_SLOT) &&
((MODE(lmp) & RTLD_NOW) == 0)) {
relbgn = elf_reloc_relative_count(relbgn,
plthint, relsiz, basebgn, lmp, textrel, 0);
plthint = 0;
continue;
}
roffset += basebgn;
}
rsymndx = ELF_R_SYM(((Rel *)relbgn)->r_info);
rel = (Rel *)relbgn;
relbgn += relsiz;
/*
* Optimizations.
*/
if (rtype == R_386_NONE)
continue;
if (noplt && ((ulong_t)rel >= pltbgn) &&
((ulong_t)rel < pltend)) {
relbgn = pltend;
continue;
}
/*
* If we're promoting plts, determine if this one has already
* been written.
*/
if (plt && ((*(ulong_t *)roffset < _pltbgn) ||
(*(ulong_t *)roffset > _pltend)))
continue;
/*
* If this relocation is not against part of the image
* mapped into memory we skip it.
*/
if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) {
elf_reloc_bad(lmp, (void *)rel, rtype, roffset,
rsymndx);
continue;
}
binfo = 0;
/*
* If a symbol index is specified then get the symbol table
* entry, locate the symbol definition, and determine its
* address.
*/
if (rsymndx) {
/*
* If a Syminfo section is provided, determine if this
* symbol is deferred, and if so, skip this relocation.
*/
if (sip && is_sym_deferred((ulong_t)rel, basebgn, lmp,
textrel, sip, rsymndx))
continue;
/*
* Get the local symbol table entry.
*/
symref = (Sym *)((ulong_t)SYMTAB(lmp) +
(rsymndx * SYMENT(lmp)));
/*
* If this is a local symbol, just use the base address.
* (we should have no local relocations in the
* executable).
*/
if (ELF_ST_BIND(symref->st_info) == STB_LOCAL) {
value = basebgn;
name = NULL;
/*
* Special case TLS relocations.
*/
if (rtype == R_386_TLS_DTPMOD32) {
/*
* Use the TLS modid.
*/
value = TLSMODID(lmp);
} else if (rtype == R_386_TLS_TPOFF) {
if ((value = elf_static_tls(lmp, symref,
rel, rtype, 0, roffset, 0)) == 0) {
ret = 0;
break;
}
}
} else {
/*
* If the symbol index is equal to the previous
* symbol index relocation we processed then
* reuse the previous values. (Note that there
* have been cases where a relocation exists
* against a copy relocation symbol, our ld(1)
* should optimize this away, but make sure we
* don't use the same symbol information should
* this case exist).
*/
if ((rsymndx == psymndx) &&
(rtype != R_386_COPY)) {
/* LINTED */
if (psymdef == 0) {
DBG_CALL(Dbg_bind_weak(lmp,
(Addr)roffset, (Addr)
(roffset - basebgn), name));
continue;
}
/* LINTED */
value = pvalue;
/* LINTED */
name = pname;
/* LINTED */
symdef = psymdef;
/* LINTED */
symref = psymref;
/* LINTED */
_lmp = plmp;
/* LINTED */
binfo = pbinfo;
if ((LIST(_lmp)->lm_tflags |
AFLAGS(_lmp)) &
LML_TFLG_AUD_SYMBIND) {
value = audit_symbind(lmp, _lmp,
/* LINTED */
symdef, dsymndx, value,
&sb_flags);
}
} else {
Slookup sl;
Sresult sr;
/*
* Lookup the symbol definition.
* Initialize the symbol lookup, and
* symbol result, data structures.
*/
name = (char *)(STRTAB(lmp) +
symref->st_name);
SLOOKUP_INIT(sl, name, lmp, 0,
ld_entry_cnt, 0, rsymndx, symref,
rtype, LKUP_STDRELOC);
SRESULT_INIT(sr, name);
symdef = NULL;
if (lookup_sym(&sl, &sr, &binfo,
in_nfavl)) {
name = (char *)sr.sr_name;
_lmp = sr.sr_dmap;
symdef = sr.sr_sym;
}
/*
* If the symbol is not found and the
* reference was not to a weak symbol,
* report an error. Weak references
* may be unresolved.
*/
/* BEGIN CSTYLED */
if (symdef == 0) {
if (sl.sl_bind != STB_WEAK) {
if (elf_reloc_error(lmp, name,
rel, binfo))
continue;
ret = 0;
break;
} else {
psymndx = rsymndx;
psymdef = 0;
DBG_CALL(Dbg_bind_weak(lmp,
(Addr)roffset, (Addr)
(roffset - basebgn), name));
continue;
}
}
/* END CSTYLED */
/*
* If symbol was found in an object
* other than the referencing object
* then record the binding.
*/
if ((lmp != _lmp) && ((FLAGS1(_lmp) &
FL1_RT_NOINIFIN) == 0)) {
if (aplist_test(&bound, _lmp,
AL_CNT_RELBIND) == 0) {
ret = 0;
break;
}
}
/*
* Calculate the location of definition;
* symbol value plus base address of
* containing shared object.
*/
if (IS_SIZE(rtype))
value = symdef->st_size;
else
value = symdef->st_value;
if (!(FLAGS(_lmp) & FLG_RT_FIXED) &&
!(IS_SIZE(rtype)) &&
(symdef->st_shndx != SHN_ABS) &&
(ELF_ST_TYPE(symdef->st_info) !=
STT_TLS))
value += ADDR(_lmp);
/*
* Retain this symbol index and the
* value in case it can be used for the
* subsequent relocations.
*/
if (rtype != R_386_COPY) {
psymndx = rsymndx;
pvalue = value;
pname = name;
psymdef = symdef;
psymref = symref;
plmp = _lmp;
pbinfo = binfo;
}
if ((LIST(_lmp)->lm_tflags |
AFLAGS(_lmp)) &
LML_TFLG_AUD_SYMBIND) {
dsymndx = (((uintptr_t)symdef -
(uintptr_t)SYMTAB(_lmp)) /
SYMENT(_lmp));
value = audit_symbind(lmp, _lmp,
symdef, dsymndx, value,
&sb_flags);
}
}
/*
* If relocation is PC-relative, subtract
* offset address.
*/
if (IS_PC_RELATIVE(rtype))
value -= roffset;
/*
* Special case TLS relocations.
*/
if (rtype == R_386_TLS_DTPMOD32) {
/*
* Relocation value is the TLS modid.
*/
value = TLSMODID(_lmp);
} else if (rtype == R_386_TLS_TPOFF) {
if ((value = elf_static_tls(_lmp,
symdef, rel, rtype, name, roffset,
value)) == 0) {
ret = 0;
break;
}
}
}
} else {
/*
* Special cases.
*/
if (rtype == R_386_TLS_DTPMOD32) {
/*
* TLS relocation value is the TLS modid.
*/
value = TLSMODID(lmp);
} else
value = basebgn;
name = NULL;
}
DBG_CALL(Dbg_reloc_in(LIST(lmp), ELF_DBG_RTLD, M_MACH,
M_REL_SHT_TYPE, rel, NULL, 0, name));
/*
* Make sure the segment is writable.
*/
if (((mpp->mr_prot & PROT_WRITE) == 0) &&
((set_prot(lmp, mpp, 1) == 0) ||
(aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) {
ret = 0;
break;
}
/*
* Call relocation routine to perform required relocation.
*/
switch (rtype) {
case R_386_COPY:
if (elf_copy_reloc(name, symref, lmp, (void *)roffset,
symdef, _lmp, (const void *)value) == 0)
ret = 0;
break;
case R_386_JMP_SLOT:
if (((LIST(lmp)->lm_tflags | AFLAGS(lmp)) &
(LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) &&
AUDINFO(lmp)->ai_dynplts) {
int fail = 0;
int pltndx = (((ulong_t)rel -
(uintptr_t)JMPREL(lmp)) / relsiz);
int symndx = (((uintptr_t)symdef -
(uintptr_t)SYMTAB(_lmp)) / SYMENT(_lmp));
(void) elf_plt_trace_write(roffset, lmp, _lmp,
symdef, symndx, pltndx, (caddr_t)value,
sb_flags, &fail);
if (fail)
ret = 0;
} else {
/*
* Write standard PLT entry to jump directly
* to newly bound function.
*/
DBG_CALL(Dbg_reloc_apply_val(LIST(lmp),
ELF_DBG_RTLD, (Xword)roffset,
(Xword)value));
*(ulong_t *)roffset = value;
}
break;
default:
/*
* Write the relocation out.
*/
if (do_reloc_rtld(rtype, (uchar_t *)roffset,
(Word *)&value, name, NAME(lmp), LIST(lmp)) == 0)
ret = 0;
DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), ELF_DBG_RTLD,
(Xword)roffset, (Xword)value));
}
if ((ret == 0) &&
((LIST(lmp)->lm_flags & LML_FLG_TRC_WARN) == 0))
break;
if (binfo) {
DBG_CALL(Dbg_bind_global(lmp, (Addr)roffset,
(Off)(roffset - basebgn), (Xword)(-1), PLT_T_FULL,
_lmp, (Addr)value, symdef->st_value, name, binfo));
}
}
return (relocate_finish(lmp, bound, ret));
}