ugly whitespaces

Read PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table for
pinsyscalls(2).
ok kettenis

turn an ifdef'd _dl_printf call into DL_DEB and various whitespace fixes

sure deraadt@

Avoid an overflow in the ELF SYSV ABI hash function.
The hash function is supposed to return a value less than or equal
to 0x0fffffff. Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@

Treat symlinks better in $ORIGIN determination in ld.so

Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.

Swapped the order of dirname/realpath in _dl_origin_path.

Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.

Suggestion by semarie@, OK deraadt@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Add support for RELR relocations in the executable and share objects.
This doesn't affect ld.so's self-reloc, which still requires DT_REL/DT_RELA

ok kettenis@

add RTLD_NODELETE support

if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.

ok kettenis@ on previous version
with help from and ok guenther@

diff partially inspired from a diff from brad@

Convert the child_list member from a linked list to a vector.

ok mpi@

Use a better algorithm for calculating the grpsym library order.
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.

To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.

Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list

Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.

Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

In 2004, we upgraded to binutils 2.14 with did -zcombreloc by default.
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.

ok mpi@

ld.so's $ORIGIN handling when argv[0] is a relative path was broken by
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().

problem caught by regress and noted by bluhm@
ok deraadt@

Now that all Elf_foo types are correct, we don't need to use Elf32_Word
anywhere and can use Elf_Word instead.
ok guenther

On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This was
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.

ok deraadt@

Implement support for DT_GNU_HASH, taking all the interesting bits
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.

ok kettenis@ mpi@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Borrow an idea from DragonFly BSD: factor out the "does this symbol match what
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.

matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.

ok mpi@

Put all the symbol lookup parameters (except the object being searched) and
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.

ok mpi@

Use int, not char*, for booleans

ok millert@

Add support for the DF_TEXTREL flag.

ok patrick@, millert@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Unbreak $ORIGIN support when only one of DT_RUNPATH and DT_RPATH is used

remove line that slipped in with rev 1.77 but doesn't belong there; ok sthen@

Whoops, lost the adjustment of DT_RUNPATH value as a DT_STRTAB value.

problem reported by semarie@

Mark a bunch of stuff static

ok kettenis@

Add support for DT_RUNPATH and DT_FLAGS

ok kettenis@

Implement support for DT_INIT_ARRAY, DT_FINI_ARRAY and DT_PREINIT_ARRAY.
Don't skip DT_INIT and DT_FINI for the main executable. This matches what
Linux and Solaris do.

ok guenther@

Look for a PT_GNU_RELRO section per object and, if present, mprotect that
range instead of the [__got_start, __got_end) range.
On many archs this will cover _DYNAMIC too, so move up the DT_DEBUG handling
to before relocations and the mprotect are done.

ok kettenis@

Remove prebind support: binding to symbol table indices is too fragile
for our development process.

ok kettenis@ deraadt@

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Delete remnants of grpsym cache setting during symbol search: it's done at
load time only nwo. Rename _dl_searchnum and lastlookup to _dl_grpsym_gen
and grpsym_gen as they are generation numbers. Merge _dl_newsymsearch()
into _dl_cache_grpsym_list_setup().

ok millert@

Lacking precise dependency-from-relocation tracking, a nodelete object
needs to lock down the entire load group, not just the specific object.

problem report and ok sthen@
been in snaps for a week

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

delete annoying white space that annoy

check all memory allocations; ok miod@ guenther@

Move to a non-zeroing _dl_malloc, a _dl_calloc and _dl_reallocarry and
fix _dl_strdup to return NULL instead of crash; ok deraadt@

unsigned char for ctype
ok okan kettenis

prototype & void * math cleanup
ok guenther

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

- Parse colon separated paths into NULL terminated arrays of string
pointers to prepare for adding rpath ORIGIN support.
okay matthew@ millert@

Fix LD_DEBUG=1 regression introduced by previous commit.

ok kurt

Add support for DF_1_NOOPEN. Based on an origional diff from matthew@.

ok matthew@

Add support for getting some flags from DT_FLAGS_1: new flags
DF_1_NODELETE and DF_1_INITFIRST, as well as DF_1_NOW and DF_1_GLOBAL.

Committing for kurt@ who worked out the final version; ok guenther@ drahn@

Backout the dynamic linker speed improvement diff for now, it still
has some issues. Discussed with various, ok drahn@

No need to call _dl_newsymsearch() twice; ok drahn@

Dynamic linker speed improvement diff. tested by several sinc k2k11.
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.

Fix previous. On i386, library.c isn't compiled

Search loaded libs first and add support for SONAME matching. ok drahn@

Make _dl_searchnum signed as originally intended.
Pointed out by patrick keshish.

When generating grpsym lists, avoid duplicates without searching the
already generated list. Speeds up startup on deeply nested dlopen binaries.
ok guenther@, tested by ckuethe@ and ajacoutot@

Constantly fill in the program header pointer and count in elf_object_t
for all objects which simplifies phdr usage in a few places.
"go for it" drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

add RTLD_NOW support to dlopen and propogate -z now to dep libs.
ok drahn@

using _dl_link_grpsym to increment refcounts made _dl_notify_unload_shlib
simpler, however it broke ldd refcount output. use _dl_link_child to
increment refcounts and adjust _dl_notify_unload_shlib to match.
work by drahn@ and myself. ok drahn@

Fix possible buffer overflow caused by unknown tags in the range
[DT_LOPROC, DT_HIPROC].
ok kurt@

Split grpsym_list creation away from child_list creation and change
grpsym_list order to match Sun's docs. Also corrects bugs where
grpsym_list was either not created or partially created.

introduce object ref count macros (suggested by dale). no functional
change.

rename dload_list to grpsym_list which better represents its usage.

remove dep_next "shadow object" dead code.

separate load group references from dep lib child/dload lists. move load
group refs to own per object ref counter (grprefcount) and list
(grpref_list). corrects more complex load group ref cases and side effects
from initial implementation. design ideas and ok drahn@

refcount corrections: count common dep libs once and centralize dep lib
refcount increments to _dl_link_sub. adjust _dl_notify_unload_shlib to
match new refcount method. ok drahn@

handle references to load groups caused by dlopen()ing of depenant
members of the load group. work by kurt@ and myself

keep a state flag if a library has been unloaded, and then free the list
seperately ok kurt@

keep track of opencounts for dlopened objects, so that they
get unloaded the right number of times on exit.

knf; ok drahn

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

stop searching after first matching symbol is found. okay drahn@

simplify code by putting executable in misnamed _dlopened_child_list,
also move RTLD_NEXT/RTLD_SELF code into that code, it is a single test.
okay kurt@

Now that the bug requiring it has been fixed, remove the lastchance kludge
ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

Recommit the destructor order fix, now that the amd64 bug was fixed.
'no problem' pval@

backout -- breaks at least amd64; spotted by marc

Do a better job of running destructors in the right order.

Fix an issue where a shared library could be loaded at two different
locations by resolving all dlopens back to a dev/inode.

i.e. Don't load a library if the dev/inode it stats back to matches one
already in our list.

fix started (and ok'ed) drahn@. ok deraadt@.
"doesn't break anything yet" pval@ art@ brad@

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

Dynamic linking random order fixes. This enables random library ordering.
Tested by naddy@ and others.

pefo 3/4 licence cleanups

knf & ansi; drahn ok

Change the constructor execution order to initialize dependant libraries
first. This mirrors the commit espie put in a.out ld.so recently.

Remove some error messages which were incorrectly printed. Some cleanup.
ok pvalchev@

Make error messages on symbol lookup failures more useful.

Change arguments to _dl_find_symbol() myself, warnnotfound, and inplt into
a single flags field with bits representing each. Use defines to create
the appropriate masks.

Add a new argument sym_size to warn about symbols which have
the incorrect size. This replaces 'ifdef notyet' code which
was in several of the md files with a single version.
sym_size == 0 means do not check, and symbols of type FUNC are
not checked.

Fix for Elfbug, the Xtiherit problem which has been seen on most OpenBSD
ELF dynamic systems. This was due to an oddity in ELF where the address of
fuctions refer to the PLT address in the program, rather than the actual
function address.

typos/grammar/better words
in comments.

more KNF

more KNF

various KNF

Keep _dl_last_object in sync with reality if last element in list is deleted.
allocated memory is not necessarily 0ed, make sure next pointer is inited.

cleanup of MD/MI ld.so (elf), most changes by art@ cleanup by me.
tested on alpha sparc64 powerpc.

Cleaner hash bucket init and some KNF.

style

unsigned long, not u_int32_t

Cleanup for 64bit support.
Pieces by art, niklas and me.
Only tested on powerpc.

branches: 1.1.1;
Initial revision

Read PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table for
pinsyscalls(2).
ok kettenis

turn an ifdef'd _dl_printf call into DL_DEB and various whitespace fixes

sure deraadt@

Avoid an overflow in the ELF SYSV ABI hash function.
The hash function is supposed to return a value less than or equal
to 0x0fffffff. Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@

Treat symlinks better in $ORIGIN determination in ld.so

Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.

Swapped the order of dirname/realpath in _dl_origin_path.

Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.

Suggestion by semarie@, OK deraadt@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Add support for RELR relocations in the executable and share objects.
This doesn't affect ld.so's self-reloc, which still requires DT_REL/DT_RELA

ok kettenis@

add RTLD_NODELETE support

if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.

ok kettenis@ on previous version
with help from and ok guenther@

diff partially inspired from a diff from brad@

Convert the child_list member from a linked list to a vector.

ok mpi@

Use a better algorithm for calculating the grpsym library order.
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.

To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.

Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list

Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.

Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

In 2004, we upgraded to binutils 2.14 with did -zcombreloc by default.
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.

ok mpi@

ld.so's $ORIGIN handling when argv[0] is a relative path was broken by
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().

problem caught by regress and noted by bluhm@
ok deraadt@

Now that all Elf_foo types are correct, we don't need to use Elf32_Word
anywhere and can use Elf_Word instead.
ok guenther

On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This was
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.

ok deraadt@

Implement support for DT_GNU_HASH, taking all the interesting bits
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.

ok kettenis@ mpi@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Borrow an idea from DragonFly BSD: factor out the "does this symbol match what
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.

matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.

ok mpi@

Put all the symbol lookup parameters (except the object being searched) and
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.

ok mpi@

Use int, not char*, for booleans

ok millert@

Add support for the DF_TEXTREL flag.

ok patrick@, millert@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Unbreak $ORIGIN support when only one of DT_RUNPATH and DT_RPATH is used

remove line that slipped in with rev 1.77 but doesn't belong there; ok sthen@

Whoops, lost the adjustment of DT_RUNPATH value as a DT_STRTAB value.

problem reported by semarie@

Mark a bunch of stuff static

ok kettenis@

Add support for DT_RUNPATH and DT_FLAGS

ok kettenis@

Implement support for DT_INIT_ARRAY, DT_FINI_ARRAY and DT_PREINIT_ARRAY.
Don't skip DT_INIT and DT_FINI for the main executable. This matches what
Linux and Solaris do.

ok guenther@

Look for a PT_GNU_RELRO section per object and, if present, mprotect that
range instead of the [__got_start, __got_end) range.
On many archs this will cover _DYNAMIC too, so move up the DT_DEBUG handling
to before relocations and the mprotect are done.

ok kettenis@

Remove prebind support: binding to symbol table indices is too fragile
for our development process.

ok kettenis@ deraadt@

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Delete remnants of grpsym cache setting during symbol search: it's done at
load time only nwo. Rename _dl_searchnum and lastlookup to _dl_grpsym_gen
and grpsym_gen as they are generation numbers. Merge _dl_newsymsearch()
into _dl_cache_grpsym_list_setup().

ok millert@

Lacking precise dependency-from-relocation tracking, a nodelete object
needs to lock down the entire load group, not just the specific object.

problem report and ok sthen@
been in snaps for a week

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

delete annoying white space that annoy

check all memory allocations; ok miod@ guenther@

Move to a non-zeroing _dl_malloc, a _dl_calloc and _dl_reallocarry and
fix _dl_strdup to return NULL instead of crash; ok deraadt@

unsigned char for ctype
ok okan kettenis

prototype & void * math cleanup
ok guenther

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

- Parse colon separated paths into NULL terminated arrays of string
pointers to prepare for adding rpath ORIGIN support.
okay matthew@ millert@

Fix LD_DEBUG=1 regression introduced by previous commit.

ok kurt

Add support for DF_1_NOOPEN. Based on an origional diff from matthew@.

ok matthew@

Add support for getting some flags from DT_FLAGS_1: new flags
DF_1_NODELETE and DF_1_INITFIRST, as well as DF_1_NOW and DF_1_GLOBAL.

Committing for kurt@ who worked out the final version; ok guenther@ drahn@

Backout the dynamic linker speed improvement diff for now, it still
has some issues. Discussed with various, ok drahn@

No need to call _dl_newsymsearch() twice; ok drahn@

Dynamic linker speed improvement diff. tested by several sinc k2k11.
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.

Fix previous. On i386, library.c isn't compiled

Search loaded libs first and add support for SONAME matching. ok drahn@

Make _dl_searchnum signed as originally intended.
Pointed out by patrick keshish.

When generating grpsym lists, avoid duplicates without searching the
already generated list. Speeds up startup on deeply nested dlopen binaries.
ok guenther@, tested by ckuethe@ and ajacoutot@

Constantly fill in the program header pointer and count in elf_object_t
for all objects which simplifies phdr usage in a few places.
"go for it" drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

add RTLD_NOW support to dlopen and propogate -z now to dep libs.
ok drahn@

using _dl_link_grpsym to increment refcounts made _dl_notify_unload_shlib
simpler, however it broke ldd refcount output. use _dl_link_child to
increment refcounts and adjust _dl_notify_unload_shlib to match.
work by drahn@ and myself. ok drahn@

Fix possible buffer overflow caused by unknown tags in the range
[DT_LOPROC, DT_HIPROC].
ok kurt@

Split grpsym_list creation away from child_list creation and change
grpsym_list order to match Sun's docs. Also corrects bugs where
grpsym_list was either not created or partially created.

introduce object ref count macros (suggested by dale). no functional
change.

rename dload_list to grpsym_list which better represents its usage.

remove dep_next "shadow object" dead code.

separate load group references from dep lib child/dload lists. move load
group refs to own per object ref counter (grprefcount) and list
(grpref_list). corrects more complex load group ref cases and side effects
from initial implementation. design ideas and ok drahn@

refcount corrections: count common dep libs once and centralize dep lib
refcount increments to _dl_link_sub. adjust _dl_notify_unload_shlib to
match new refcount method. ok drahn@

handle references to load groups caused by dlopen()ing of depenant
members of the load group. work by kurt@ and myself

keep a state flag if a library has been unloaded, and then free the list
seperately ok kurt@

keep track of opencounts for dlopened objects, so that they
get unloaded the right number of times on exit.

knf; ok drahn

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

stop searching after first matching symbol is found. okay drahn@

simplify code by putting executable in misnamed _dlopened_child_list,
also move RTLD_NEXT/RTLD_SELF code into that code, it is a single test.
okay kurt@

Now that the bug requiring it has been fixed, remove the lastchance kludge
ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

Recommit the destructor order fix, now that the amd64 bug was fixed.
'no problem' pval@

backout -- breaks at least amd64; spotted by marc

Do a better job of running destructors in the right order.

Fix an issue where a shared library could be loaded at two different
locations by resolving all dlopens back to a dev/inode.

i.e. Don't load a library if the dev/inode it stats back to matches one
already in our list.

fix started (and ok'ed) drahn@. ok deraadt@.
"doesn't break anything yet" pval@ art@ brad@

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

Dynamic linking random order fixes. This enables random library ordering.
Tested by naddy@ and others.

pefo 3/4 licence cleanups

knf & ansi; drahn ok

Change the constructor execution order to initialize dependant libraries
first. This mirrors the commit espie put in a.out ld.so recently.

Remove some error messages which were incorrectly printed. Some cleanup.
ok pvalchev@

Make error messages on symbol lookup failures more useful.

Change arguments to _dl_find_symbol() myself, warnnotfound, and inplt into
a single flags field with bits representing each. Use defines to create
the appropriate masks.

Add a new argument sym_size to warn about symbols which have
the incorrect size. This replaces 'ifdef notyet' code which
was in several of the md files with a single version.
sym_size == 0 means do not check, and symbols of type FUNC are
not checked.

Fix for Elfbug, the Xtiherit problem which has been seen on most OpenBSD
ELF dynamic systems. This was due to an oddity in ELF where the address of
fuctions refer to the PLT address in the program, rather than the actual
function address.

typos/grammar/better words
in comments.

more KNF

more KNF

various KNF

Keep _dl_last_object in sync with reality if last element in list is deleted.
allocated memory is not necessarily 0ed, make sure next pointer is inited.

cleanup of MD/MI ld.so (elf), most changes by art@ cleanup by me.
tested on alpha sparc64 powerpc.

Cleaner hash bucket init and some KNF.

style

unsigned long, not u_int32_t

Cleanup for 64bit support.
Pieces by art, niklas and me.
Only tested on powerpc.

branches: 1.1.1;
Initial revision

turn an ifdef'd _dl_printf call into DL_DEB and various whitespace fixes

sure deraadt@

Avoid an overflow in the ELF SYSV ABI hash function.
The hash function is supposed to return a value less than or equal
to 0x0fffffff. Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@

Treat symlinks better in $ORIGIN determination in ld.so

Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.

Swapped the order of dirname/realpath in _dl_origin_path.

Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.

Suggestion by semarie@, OK deraadt@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Add support for RELR relocations in the executable and share objects.
This doesn't affect ld.so's self-reloc, which still requires DT_REL/DT_RELA

ok kettenis@

add RTLD_NODELETE support

if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.

ok kettenis@ on previous version
with help from and ok guenther@

diff partially inspired from a diff from brad@

Convert the child_list member from a linked list to a vector.

ok mpi@

Use a better algorithm for calculating the grpsym library order.
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.

To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.

Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list

Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.

Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

In 2004, we upgraded to binutils 2.14 with did -zcombreloc by default.
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.

ok mpi@

ld.so's $ORIGIN handling when argv[0] is a relative path was broken by
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().

problem caught by regress and noted by bluhm@
ok deraadt@

Now that all Elf_foo types are correct, we don't need to use Elf32_Word
anywhere and can use Elf_Word instead.
ok guenther

On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This was
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.

ok deraadt@

Implement support for DT_GNU_HASH, taking all the interesting bits
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.

ok kettenis@ mpi@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Borrow an idea from DragonFly BSD: factor out the "does this symbol match what
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.

matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.

ok mpi@

Put all the symbol lookup parameters (except the object being searched) and
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.

ok mpi@

Use int, not char*, for booleans

ok millert@

Add support for the DF_TEXTREL flag.

ok patrick@, millert@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Unbreak $ORIGIN support when only one of DT_RUNPATH and DT_RPATH is used

remove line that slipped in with rev 1.77 but doesn't belong there; ok sthen@

Whoops, lost the adjustment of DT_RUNPATH value as a DT_STRTAB value.

problem reported by semarie@

Mark a bunch of stuff static

ok kettenis@

Add support for DT_RUNPATH and DT_FLAGS

ok kettenis@

Implement support for DT_INIT_ARRAY, DT_FINI_ARRAY and DT_PREINIT_ARRAY.
Don't skip DT_INIT and DT_FINI for the main executable. This matches what
Linux and Solaris do.

ok guenther@

Look for a PT_GNU_RELRO section per object and, if present, mprotect that
range instead of the [__got_start, __got_end) range.
On many archs this will cover _DYNAMIC too, so move up the DT_DEBUG handling
to before relocations and the mprotect are done.

ok kettenis@

Remove prebind support: binding to symbol table indices is too fragile
for our development process.

ok kettenis@ deraadt@

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Delete remnants of grpsym cache setting during symbol search: it's done at
load time only nwo. Rename _dl_searchnum and lastlookup to _dl_grpsym_gen
and grpsym_gen as they are generation numbers. Merge _dl_newsymsearch()
into _dl_cache_grpsym_list_setup().

ok millert@

Lacking precise dependency-from-relocation tracking, a nodelete object
needs to lock down the entire load group, not just the specific object.

problem report and ok sthen@
been in snaps for a week

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

delete annoying white space that annoy

check all memory allocations; ok miod@ guenther@

Move to a non-zeroing _dl_malloc, a _dl_calloc and _dl_reallocarry and
fix _dl_strdup to return NULL instead of crash; ok deraadt@

unsigned char for ctype
ok okan kettenis

prototype & void * math cleanup
ok guenther

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

- Parse colon separated paths into NULL terminated arrays of string
pointers to prepare for adding rpath ORIGIN support.
okay matthew@ millert@

Fix LD_DEBUG=1 regression introduced by previous commit.

ok kurt

Add support for DF_1_NOOPEN. Based on an origional diff from matthew@.

ok matthew@

Add support for getting some flags from DT_FLAGS_1: new flags
DF_1_NODELETE and DF_1_INITFIRST, as well as DF_1_NOW and DF_1_GLOBAL.

Committing for kurt@ who worked out the final version; ok guenther@ drahn@

Backout the dynamic linker speed improvement diff for now, it still
has some issues. Discussed with various, ok drahn@

No need to call _dl_newsymsearch() twice; ok drahn@

Dynamic linker speed improvement diff. tested by several sinc k2k11.
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.

Fix previous. On i386, library.c isn't compiled

Search loaded libs first and add support for SONAME matching. ok drahn@

Make _dl_searchnum signed as originally intended.
Pointed out by patrick keshish.

When generating grpsym lists, avoid duplicates without searching the
already generated list. Speeds up startup on deeply nested dlopen binaries.
ok guenther@, tested by ckuethe@ and ajacoutot@

Constantly fill in the program header pointer and count in elf_object_t
for all objects which simplifies phdr usage in a few places.
"go for it" drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

add RTLD_NOW support to dlopen and propogate -z now to dep libs.
ok drahn@

using _dl_link_grpsym to increment refcounts made _dl_notify_unload_shlib
simpler, however it broke ldd refcount output. use _dl_link_child to
increment refcounts and adjust _dl_notify_unload_shlib to match.
work by drahn@ and myself. ok drahn@

Fix possible buffer overflow caused by unknown tags in the range
[DT_LOPROC, DT_HIPROC].
ok kurt@

Split grpsym_list creation away from child_list creation and change
grpsym_list order to match Sun's docs. Also corrects bugs where
grpsym_list was either not created or partially created.

introduce object ref count macros (suggested by dale). no functional
change.

rename dload_list to grpsym_list which better represents its usage.

remove dep_next "shadow object" dead code.

separate load group references from dep lib child/dload lists. move load
group refs to own per object ref counter (grprefcount) and list
(grpref_list). corrects more complex load group ref cases and side effects
from initial implementation. design ideas and ok drahn@

refcount corrections: count common dep libs once and centralize dep lib
refcount increments to _dl_link_sub. adjust _dl_notify_unload_shlib to
match new refcount method. ok drahn@

handle references to load groups caused by dlopen()ing of depenant
members of the load group. work by kurt@ and myself

keep a state flag if a library has been unloaded, and then free the list
seperately ok kurt@

keep track of opencounts for dlopened objects, so that they
get unloaded the right number of times on exit.

knf; ok drahn

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

stop searching after first matching symbol is found. okay drahn@

simplify code by putting executable in misnamed _dlopened_child_list,
also move RTLD_NEXT/RTLD_SELF code into that code, it is a single test.
okay kurt@

Now that the bug requiring it has been fixed, remove the lastchance kludge
ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

Recommit the destructor order fix, now that the amd64 bug was fixed.
'no problem' pval@

backout -- breaks at least amd64; spotted by marc

Do a better job of running destructors in the right order.

Fix an issue where a shared library could be loaded at two different
locations by resolving all dlopens back to a dev/inode.

i.e. Don't load a library if the dev/inode it stats back to matches one
already in our list.

fix started (and ok'ed) drahn@. ok deraadt@.
"doesn't break anything yet" pval@ art@ brad@

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

Dynamic linking random order fixes. This enables random library ordering.
Tested by naddy@ and others.

pefo 3/4 licence cleanups

knf & ansi; drahn ok

Change the constructor execution order to initialize dependant libraries
first. This mirrors the commit espie put in a.out ld.so recently.

Remove some error messages which were incorrectly printed. Some cleanup.
ok pvalchev@

Make error messages on symbol lookup failures more useful.

Change arguments to _dl_find_symbol() myself, warnnotfound, and inplt into
a single flags field with bits representing each. Use defines to create
the appropriate masks.

Add a new argument sym_size to warn about symbols which have
the incorrect size. This replaces 'ifdef notyet' code which
was in several of the md files with a single version.
sym_size == 0 means do not check, and symbols of type FUNC are
not checked.

Fix for Elfbug, the Xtiherit problem which has been seen on most OpenBSD
ELF dynamic systems. This was due to an oddity in ELF where the address of
fuctions refer to the PLT address in the program, rather than the actual
function address.

typos/grammar/better words
in comments.

more KNF

more KNF

various KNF

Keep _dl_last_object in sync with reality if last element in list is deleted.
allocated memory is not necessarily 0ed, make sure next pointer is inited.

cleanup of MD/MI ld.so (elf), most changes by art@ cleanup by me.
tested on alpha sparc64 powerpc.

Cleaner hash bucket init and some KNF.

style

unsigned long, not u_int32_t

Cleanup for 64bit support.
Pieces by art, niklas and me.
Only tested on powerpc.

branches: 1.1.1;
Initial revision

Avoid an overflow in the ELF SYSV ABI hash function.
The hash function is supposed to return a value less than or equal
to 0x0fffffff. Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@

Treat symlinks better in $ORIGIN determination in ld.so

Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.

Swapped the order of dirname/realpath in _dl_origin_path.

Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.

Suggestion by semarie@, OK deraadt@

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Add support for RELR relocations in the executable and share objects.
This doesn't affect ld.so's self-reloc, which still requires DT_REL/DT_RELA

ok kettenis@

add RTLD_NODELETE support

if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.

ok kettenis@ on previous version
with help from and ok guenther@

diff partially inspired from a diff from brad@

Convert the child_list member from a linked list to a vector.

ok mpi@

Use a better algorithm for calculating the grpsym library order.
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.

To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.

Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list

Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.

Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

In 2004, we upgraded to binutils 2.14 with did -zcombreloc by default.
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.

ok mpi@

ld.so's $ORIGIN handling when argv[0] is a relative path was broken by
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().

problem caught by regress and noted by bluhm@
ok deraadt@

Now that all Elf_foo types are correct, we don't need to use Elf32_Word
anywhere and can use Elf_Word instead.
ok guenther

On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This was
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.

ok deraadt@

Implement support for DT_GNU_HASH, taking all the interesting bits
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.

ok kettenis@ mpi@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Borrow an idea from DragonFly BSD: factor out the "does this symbol match what
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.

matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.

ok mpi@

Put all the symbol lookup parameters (except the object being searched) and
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.

ok mpi@

Use int, not char*, for booleans

ok millert@

Add support for the DF_TEXTREL flag.

ok patrick@, millert@

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

Unbreak $ORIGIN support when only one of DT_RUNPATH and DT_RPATH is used

remove line that slipped in with rev 1.77 but doesn't belong there; ok sthen@

Whoops, lost the adjustment of DT_RUNPATH value as a DT_STRTAB value.

problem reported by semarie@

Mark a bunch of stuff static

ok kettenis@

Add support for DT_RUNPATH and DT_FLAGS

ok kettenis@

Implement support for DT_INIT_ARRAY, DT_FINI_ARRAY and DT_PREINIT_ARRAY.
Don't skip DT_INIT and DT_FINI for the main executable. This matches what
Linux and Solaris do.

ok guenther@

Look for a PT_GNU_RELRO section per object and, if present, mprotect that
range instead of the [__got_start, __got_end) range.
On many archs this will cover _DYNAMIC too, so move up the DT_DEBUG handling
to before relocations and the mprotect are done.

ok kettenis@

Remove prebind support: binding to symbol table indices is too fragile
for our development process.

ok kettenis@ deraadt@

Export environ and __progname, making the latter a copy of just the filename
portion like crt0 does. This is prep for eliminating _dl_fixup_user_env()
Mark almost everything in resolve.h as hidden, to improve code generation.

ok kettenis@ mpi@ "good time" deraadt@

Delete remnants of grpsym cache setting during symbol search: it's done at
load time only nwo. Rename _dl_searchnum and lastlookup to _dl_grpsym_gen
and grpsym_gen as they are generation numbers. Merge _dl_newsymsearch()
into _dl_cache_grpsym_list_setup().

ok millert@

Lacking precise dependency-from-relocation tracking, a nodelete object
needs to lock down the entire load group, not just the specific object.

problem report and ok sthen@
been in snaps for a week

Factor out the logic for mprotecting the memory between two symbols into
a new MI routine _dl_protect_segment(), and use that for protecting the
GOT and--on some archs--the PLT.

Amazing testing turnaround by miod@, who apparently violated relativity
to get back results on some archs as fast as he did

delete annoying white space that annoy

check all memory allocations; ok miod@ guenther@

Move to a non-zeroing _dl_malloc, a _dl_calloc and _dl_reallocarry and
fix _dl_strdup to return NULL instead of crash; ok deraadt@

unsigned char for ctype
ok okan kettenis

prototype & void * math cleanup
ok guenther

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

Implement symbol caching and RELACOUNT/RELCOUNT optimizations.
Much assistance and testing by miod

ok miod@

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

- Parse colon separated paths into NULL terminated arrays of string
pointers to prepare for adding rpath ORIGIN support.
okay matthew@ millert@

Fix LD_DEBUG=1 regression introduced by previous commit.

ok kurt

Add support for DF_1_NOOPEN. Based on an origional diff from matthew@.

ok matthew@

Add support for getting some flags from DT_FLAGS_1: new flags
DF_1_NODELETE and DF_1_INITFIRST, as well as DF_1_NOW and DF_1_GLOBAL.

Committing for kurt@ who worked out the final version; ok guenther@ drahn@

Backout the dynamic linker speed improvement diff for now, it still
has some issues. Discussed with various, ok drahn@

No need to call _dl_newsymsearch() twice; ok drahn@

Dynamic linker speed improvement diff. tested by several sinc k2k11.
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.

Fix previous. On i386, library.c isn't compiled

Search loaded libs first and add support for SONAME matching. ok drahn@

Make _dl_searchnum signed as originally intended.
Pointed out by patrick keshish.

When generating grpsym lists, avoid duplicates without searching the
already generated list. Speeds up startup on deeply nested dlopen binaries.
ok guenther@, tested by ckuethe@ and ajacoutot@

Constantly fill in the program header pointer and count in elf_object_t
for all objects which simplifies phdr usage in a few places.
"go for it" drahn@

Improve support for shared libs linked at non-zero addreses:
- rename private values in struct elf_object to better
describe their meaning:
s/load_offs/obj_base/ "object's address '0' base"
s/load_addr/load_base/ "The base address of the loadable
segments"
- gdb needs the obj_base value so swap positions with load_base in
struct elf_object
- fix a few occurrences of where load_base was used instead of
obj_base.

With help and okay drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

add RTLD_NOW support to dlopen and propogate -z now to dep libs.
ok drahn@

using _dl_link_grpsym to increment refcounts made _dl_notify_unload_shlib
simpler, however it broke ldd refcount output. use _dl_link_child to
increment refcounts and adjust _dl_notify_unload_shlib to match.
work by drahn@ and myself. ok drahn@

Fix possible buffer overflow caused by unknown tags in the range
[DT_LOPROC, DT_HIPROC].
ok kurt@

Split grpsym_list creation away from child_list creation and change
grpsym_list order to match Sun's docs. Also corrects bugs where
grpsym_list was either not created or partially created.

introduce object ref count macros (suggested by dale). no functional
change.

rename dload_list to grpsym_list which better represents its usage.

remove dep_next "shadow object" dead code.

separate load group references from dep lib child/dload lists. move load
group refs to own per object ref counter (grprefcount) and list
(grpref_list). corrects more complex load group ref cases and side effects
from initial implementation. design ideas and ok drahn@

refcount corrections: count common dep libs once and centralize dep lib
refcount increments to _dl_link_sub. adjust _dl_notify_unload_shlib to
match new refcount method. ok drahn@

handle references to load groups caused by dlopen()ing of depenant
members of the load group. work by kurt@ and myself

keep a state flag if a library has been unloaded, and then free the list
seperately ok kurt@

keep track of opencounts for dlopened objects, so that they
get unloaded the right number of times on exit.

knf; ok drahn

Use std missing symbol print instead of MD custom, do not warn on weak
undefined symbols, or count them as failures. inspired kurt@

Simplify the internal symbol finding API, with some cleanup, prep for
next step. ok kurt@

stop searching after first matching symbol is found. okay drahn@

simplify code by putting executable in misnamed _dlopened_child_list,
also move RTLD_NEXT/RTLD_SELF code into that code, it is a single test.
okay kurt@

Now that the bug requiring it has been fixed, remove the lastchance kludge
ok kurt@

Rework symbol lookup to more closely match sun's documentation, now
treats dlopens as load groups. ok kurt@

Recommit the destructor order fix, now that the amd64 bug was fixed.
'no problem' pval@

backout -- breaks at least amd64; spotted by marc

Do a better job of running destructors in the right order.

Fix an issue where a shared library could be loaded at two different
locations by resolving all dlopens back to a dev/inode.

i.e. Don't load a library if the dev/inode it stats back to matches one
already in our list.

fix started (and ok'ed) drahn@. ok deraadt@.
"doesn't break anything yet" pval@ art@ brad@

return object* the symbol is in for _dl_find_symbol*; drahn@ ok

spacing

Symbol cache for GOT lookup. When a symbol is found it is saved in a cache
for future lookups in the same GOT relocation table. Uses static buffer
for small symbol tables, mmap for larger ones. ok deraadt@

Fix PR 3371, symbol lookup in dlopen()ed objects is not correct. Correct
behavior for RTLD_GLOBAL/RTLD_LOCAL is now supported. ok espie@

Dynamic linking random order fixes. This enables random library ordering.
Tested by naddy@ and others.

pefo 3/4 licence cleanups

knf & ansi; drahn ok

Change the constructor execution order to initialize dependant libraries
first. This mirrors the commit espie put in a.out ld.so recently.

Remove some error messages which were incorrectly printed. Some cleanup.
ok pvalchev@

Make error messages on symbol lookup failures more useful.

Change arguments to _dl_find_symbol() myself, warnnotfound, and inplt into
a single flags field with bits representing each. Use defines to create
the appropriate masks.

Add a new argument sym_size to warn about symbols which have
the incorrect size. This replaces 'ifdef notyet' code which
was in several of the md files with a single version.
sym_size == 0 means do not check, and symbols of type FUNC are
not checked.

Fix for Elfbug, the Xtiherit problem which has been seen on most OpenBSD
ELF dynamic systems. This was due to an oddity in ELF where the address of
fuctions refer to the PLT address in the program, rather than the actual
function address.

typos/grammar/better words
in comments.

more KNF

more KNF

various KNF

Keep _dl_last_object in sync with reality if last element in list is deleted.
allocated memory is not necessarily 0ed, make sure next pointer is inited.

cleanup of MD/MI ld.so (elf), most changes by art@ cleanup by me.
tested on alpha sparc64 powerpc.

Cleaner hash bucket init and some KNF.

style

unsigned long, not u_int32_t

Cleanup for 64bit support.
Pieces by art, niklas and me.
Only tested on powerpc.

branches: 1.1.1;
Initial revision

Prep .c files for removing the #includes from */archdep.h
* replace #include "archdep.h" with #includes of what is used, pulling in
"syscall.h", "util.h", and "archdep.h" as needed
* delete #include <sys/syscall.h> from syscall.h
* only pull in <sys/stat.h> to the three files that use _dl_fstat(),
forward declare struct stat in syscall.h for the others
* NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
* <machine/vmparam.h> is only needed on i386; conditionalize it
* stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
where necessary
* delete other bogus #includes, order legit per style: <sys/*> then
<*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

Add support for RELR relocations in the executable and share objects.
This doesn't affect ld.so's self-reloc, which still requires DT_REL/DT_RELA

ok kettenis@

add RTLD_NODELETE support

if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.

ok kettenis@ on previous version
with help from and ok guenther@

diff partially inspired from a diff from brad@

Convert the child_list member from a linked list to a vector.

ok mpi@

Use a better algorithm for calculating the grpsym library order.
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.

To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.

Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list

Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.

Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@

Simplify _dl_find_symbol(). Currently, it returns three values:
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument

Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.

ok mpi@, kettenis@

In 2004, we upgraded to binutils 2.14 with did -zcombreloc by default.
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.

ok mpi@

ld.so's $ORIGIN handling when argv[0] is a relative path was broken by
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().

problem caught by regress and noted by bluhm@
ok deraadt@

Now that all Elf_foo types are correct, we don't need to use Elf32_Word
anywhere and can use Elf_Word instead.
ok guenther

On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This was
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.

ok deraadt@

Implement support for DT_GNU_HASH, taking all the interesting bits
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.

ok kettenis@ mpi@

Finish ld.so's transition to GNU_RELRO: eliminate support for using
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.

ok mpi@

Borrow an idea from DragonFly BSD: factor out the "does this symbol match what
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.

matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.

ok mpi@

Put all the symbol lookup parameters (except the object being searched) and
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.

ok mpi@