Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Disable ltrace for objects linked with -znow, as at least on amd64, linking
that was deletes the lazy relocation trampoline which ltrace currently
depends on

problem reported by tb@
directional feedback kettenis@
ok mpi@

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Prefer the size-independent ELF identifiers over the size-specific ones.
Strip superfluous parens from return statements while here.

Done programatically with two perl invocations

idea ok kettenis@ drahn@
ok visa@

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Delete some obsolete debugging #ifdefs blocks

ok mlarkin@, mpi@, krw@, deraadt@

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Delete the last argument to fit recent _dl_find_symbol change.

ok guenther@

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Factor out TEXTREL mprotecting from the per-arch files into _dl_rtld(),
hiding the actual grotty bits in inline functions

ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Delete superfluous libc reacharounds.
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.

from miod@

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.

Remove superfluous mprotect()ing of the PLT that's been obsoleted by
the generic handling of RWX segments.

ok aoyama@

Make this build (and run) with gcc 4.

To format r_addr, use %p and cast to 'void *'. From comparison with
other archs

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Implement the DT_RELACOUNT optimization. Missed previously because I
didn't recognize that RELOC_BBASED_32 was the m88k name for a pure-relative
relocation

testing by aoyama@

Remove the fallback to the __plt_{start,end} symbols, as the dynamic tags
with the same info (DT_88K_PLT{START,END} have been around since 5.4

testing by aoyama@

When handling DT_TEXTREL only set the mapping to READ+WRITE, ignore
possible EXEC permission for the section, because the proper permission
is set late, and there are no thread concerns here. Avoids W^X issues
in oddball cases.
ok guenther kettenis

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

Use kbind for lazy binding GOT/PLT updates on m88k and sparc.

Much discussion with and assistance from miod and deraadt
ok miod@

Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

When a public symbol in a library is referenced by the main program's plt,
the address of the symbol must always resolve to the entry in the main
program's plt, regardless of which object the address resolution is performed
for, so that addresses (pointers) can be compared reliably.

However, depending on how far away library load address randomization places
the library, the main program's plt address might be too far away from the
library itself for its DISP26 relocations to fit in the required relative
displacement range.

Since DISP26 relocations can only be used in code for branches, it is safe
to resolve them to the actual address within the library, and avoid producing
out of bounds displacements.

Appease LLVM warning..

error: indirection of non-volatile null pointer will be deleted, not trap [-Werror,-Wnull-dereference]

Suggestion from matthew@
Ok matthew@ miod@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Try and support the non-PIC TEXTREL relocations which may creep in binaries
when linked against non-pic material (such as linking against libgcc without
passing -fpic or -fPIC on the commandline).

Given the large userland address space (4GB) and random library placement, it
is unlikely that these relocations can ever suceed anyway (DISP26 only allows
for a 256MB offset); _dl_exit() in that case, after printing a warning message.
That's better than dumping core.

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

Prefer the processor-specific _DYNAMIC[] tags value to find out the boundaries
of the .plt whenever possible, and fallback to the old behaviour of searching
for special symbols pointing to its boundaries. No functional change.

Make sure to flush I$ over the plt in case of non-lazy relocation as well.

Cache flush .plt after updating its pointers to .got during the initial
object relocation, if loaded at a different address than the one it was
compiled for; unsurprisingly fixes some spurious crashes.

Use jmp, not jsr, to jump through registers. Doh!
This makes lazy binding work, so don't disable it anymore.

A first cut at ld.so bits for m88k. Lazy binding is currently disabled as it
does not work beyond the first few lazy resolver calls. But that's already
enough to run simple binaries.