Unite all nitems copies in ld.so/util.h

OK deraadt

Prevent out-of-bounds array access with binaries that use unsupported
relocations.

ok guenther@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Revert yesterday's _dl_md_reloc() and _dl_md_reloc_got() changes:
something's broken on at least i386.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Prevent out-of-bounds array access with binaries that use unsupported
relocations.

ok guenther@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Revert yesterday's _dl_md_reloc() and _dl_md_reloc_got() changes:
something's broken on at least i386.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Revert yesterday's _dl_md_reloc() and _dl_md_reloc_got() changes:
something's broken on at least i386.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Revert yesterday's _dl_md_reloc() and _dl_md_reloc_got() changes:
something's broken on at least i386.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Revert yesterday's _dl_md_reloc() and _dl_md_reloc_got() changes:
something's broken on at least i386.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Clean up _dl_md_reloc(): instead of having tables and piles of conditionals
that handle a dozen relocation types for each, just have a nice little switch
for the four specific relocations that actually occur.

Besides being smaller and easier to understand, this fixes the COPY
relocation handling to only do one symbol lookup, instead of looking
up the symbol and then immediately looking it up again (with the
correct flags to find the instance it needs).

ok kettenis@

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Make aarch64, amd64, arm, and i386 more like sparc64: move non-lazy
relocation from _dl_md_reloc() to _dl_md_reloc_all_plt() which has
the minimal code to do it.

Also, avoid division on PLTRELSZ; just use it to offset to the end.

ok kettenis@

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Delete unused support for relocations that don't require alignment.

ok mpi@ kettenis@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

Make _dl_md_reloc_got() report errors, and take them into account.
Fixes PR #5579.

Provide hook so that rthreads can provide a spinlock to protect from races
in lazy binding. ok art@, kurt@

Only mprotect pages during relocation if the library is marked TEXTREL
mips64 version still needs testing.

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

provide one version of _dl_bcopy instead of copy in every arch; drahn@ ok

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Fix W^X mistake. If the dynamic linker is workin in non-lazy mode, it
should still mprotect the GOT and PLT as appropriate. ok deraadt@ miod@

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

The fifth argument to _dl_find_symbol is a 'int size', not a SYM_ define.
Fix several calls which had the incorrect but working define in that position
It happened that SYM_NOTPLT was 0, which was the desired size value.

three four gone.

Paranoia about mprotect, mprotect page aligned regions for got and plt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

Put in a required item. Should not have been deleted to start with.

Make error messages on symbol lookup failures more useful.

Check for NULL on pltgot, appearently libraries with no external references
will not create a PLT on i386.

Make sure that the symbol return value is always initialized before
the address of it is passed to dl_find_symbol(). fixes xpdf lazy
binding problem. ok art@

Support for i386 ELF. Not an indication that the change is going to be made,
just so that these files are maintained in the tree.

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

The compilers already put static arrays in .rodata when not written to;
marking them const will keep a source change from silently moving them
back to .data

ok deraadt@ kettenis@

For the memory operand, clang passes in an address relative to the
stack pointer. We cannot use this twice while pushing values on
the stack. Instead load the operand address into a register and
use this as base address. Use %edx since it is already marked as
clobbered. Also fixes a syntax problem for clang.
ok mlarkin@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

The GOT has been initally mapped RW for *years*; ld.so doesn't need to
mprotect it to RW when filling in the references from the PLT

in snaps for a week, ok deraadt@

for textrels (sthen ran into one...):
Ignore the listed protection (which may contain X) when making page
writeable temporary.

Ignore the listed protection (which may contain X) when making page
writeable temporary.
As pointed out by kettenis, discussed with guenther

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on i386 and powerpc; still others
to follow. While here add some gcc __predict hints.

Much discussion with and assistance from miod and deraadt
ok deraadt@

Copy relocations can't be jump-slot relocations, so delete the test for that.

ok miod@

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Remove excessive sys/cdefs.h inclusion
ok guenther millert kettenis

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Combine the signal mask handling into _dl_thread_bind_lock(), as it's MI.

ok drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@