ld.so boot cleanup support:
- put functions and data which are only used before calling the executable's
start function into their own page-aligned segments for unmapping
(only done on amd64, arm64, armv7, powerpc, and sparc64 so far)
- pass .init_array and .preinit_array functions an addition argument which
is a callback to get a structure which includes a function that frees
the boot text and data
- sometimes delay doing RELRO processing: for a shared-object marked
DF_1_INITFIRST do it after the object's .init_array, for the executable
do it after the .preinit_array
- improve test-ld.so to link against libpthread and trigger its initialization
late
libc changes to use this will come later

ok kettenis@

Replace heaps of hand-written syscall stubs with a simpler framework
which is largely MI.
ok visa kettenis

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

ld.so doesn't need gettimeofday or lstat stubs any more

ok deraadt@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Rename the system call sendsyslog2 to sendsyslog. Keep the old one
as osendsyslog for a while. The three argument variant is the only
one that will stay.
input kettenis@; OK deraadt@

Switch ld.so's stack smash handler from sendsyslog to sendsyslog2
and pass the LOG_CONS flag like libc's handler.

ok deraadt@ bluhm@ (who had a similar diff)

ldd(1) sets environment variable LD_TRACE_LOADED_OBJECTS to tell ld.so
that it should show information about the program it loads, rather than
run it. In that specific case, ld.so can pledge to "stdio rpath" to
ensure that code path in ld.so has no bugs.
Yes, a pledge in ld.so.... who'd have thought!
ok guenther

kbind has eliminated the need for and use of the bind lock. Delete it, the
the callback, and the sigprocmask stub.
Keep around the DL_SETBINDLCK case until libpthread stops using it.

discussed with miod@ at l2k15
ok kettenis@

Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer
necessary

ok deraadt@ jsing@

Now that we have sendsyslog(2), we can directly use it in the
(previously completely retarded) stack_smash_handler of ld.so
ok beck miod tedu

_dl_fcntl() is no longer used; kill the stubs

ok otto@ miod@

move from sysclt(KERN_ARND) to getentropy(2); ok miod@, kettenis@

Use slightly diffrerent code to get the global offset table address. This
version will match the (upcoming) 32-bit version (for sparc) and allegedly
is slightly faster.

Make ld.so pass its cleanup handler in %g1 as required by the SPARC System V
ABI, and stop calling atexit(4) directly from ld.so on sparc64

Switch time_t, ino_t, clock_t, and struct kevent's ident and data
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.

Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.

DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.

Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

Garbage-collect the _dl_stat() routine, now unused

ok matthew@ deraadt@

Stop passing around PS_STRINGS in %g1. The ELF ABI reserves this register
for passing around a pointer to a cleanup function and we'd like to use it
for that purpose in the near future.

ok miod@

Fix comment; no binary change. OK deraadt@

Reserve space for 6 extended word argument slots required by the ABI.
Apparently gcc4 uses them in cases where gcc3 didn't. Fixes segmentation
faults with gcc4 because the space for the slots was colliding with
the space for dl_data that we allocated on the stack.

ok miod@

Fix handling of more than 32768 PLT entries. Mostly from NetBSD.

eyeballed by deraadt@ and drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

spacing

the sparcv9 ABI requires registers %g2, %g3 to be first announced before
it can use them, and gcc3 catches this
ok henric

use _ENTRY consistently, remove some #if 0 code, and clean up some comments; ok drahn

changes to ld.so to be compatible with newer binutils, requires
slight changes in the startup code on most archs. ok art@ brad@

nuke clause 3 & 4

When loading a shared object or libraries dependant object, load them
in random order. This will reduce the possiblity of a buffer overflow
being able to predict the addresss of useful code. Can be disabled
with the LD_NORANDOM environment variable for debugging purposes.
ok deraadt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

clean up comments.

Simplify the ld.so asm api, the data is available other ways.
tested by naddy@ and myself.

The parameter dynp was never used, rather than pass in a dummy on most
archs and a nasty calcuation on others, remove the parameter.

Change ld.so search order/method to match the a.out ld.so.

run destructors on dlclose()

Move more symbols into _dl_ private space, so that the proper (libc)
version of the function will be used.

Add readdir() functionality to perform the proper library searching.

Support DL_PRELOAD

Do not relocate symbols if ld.so is being traced (and will exit).

Misc lint cleanup.

ok art@

more KNF

various KNF

Clean up the zapping of bad variables. Instead of implementing
_dl_suid_ok, just use the issetugid syscall.
ok drahn@.

Add support for binutils 2.11. Work around change in PLT generation new ld
generates. From NetBSD. ok art@

Do mmap the right way.

Another attempt at getting this right. This time, play safe.

Some cleanup.

Get the bootstrapping right.

dl_data is at the start of the stack, not after env. load loff.
Now _dl_boot starts correctly.

add munmap syscall
change _rtld references to _dl to match C code.
change relocation types in archdep.h to be sparc64 relocs.

rtld_machine.c copied from alpha, with some modes to compile for sparc64

This is in-tree development.

first whack at ldasm.S... this will not work yet (partially based on NetBSD,
partially based on alpha)

Replace heaps of hand-written syscall stubs with a simpler framework
which is largely MI.
ok visa kettenis

On fatal errors, kill ourselves with thrkill(0,9,NULL) instead of
simply exiting, via helper functions _dl_die(), _dl_diedie(), and
_dl_oom().

prompted by a complaint from jsing@
ok jsing@ deraadt@

ld.so doesn't need gettimeofday or lstat stubs any more

ok deraadt@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Rename the system call sendsyslog2 to sendsyslog. Keep the old one
as osendsyslog for a while. The three argument variant is the only
one that will stay.
input kettenis@; OK deraadt@

Switch ld.so's stack smash handler from sendsyslog to sendsyslog2
and pass the LOG_CONS flag like libc's handler.

ok deraadt@ bluhm@ (who had a similar diff)

ldd(1) sets environment variable LD_TRACE_LOADED_OBJECTS to tell ld.so
that it should show information about the program it loads, rather than
run it. In that specific case, ld.so can pledge to "stdio rpath" to
ensure that code path in ld.so has no bugs.
Yes, a pledge in ld.so.... who'd have thought!
ok guenther

kbind has eliminated the need for and use of the bind lock. Delete it, the
the callback, and the sigprocmask stub.
Keep around the DL_SETBINDLCK case until libpthread stops using it.

discussed with miod@ at l2k15
ok kettenis@

Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer
necessary

ok deraadt@ jsing@

Now that we have sendsyslog(2), we can directly use it in the
(previously completely retarded) stack_smash_handler of ld.so
ok beck miod tedu

_dl_fcntl() is no longer used; kill the stubs

ok otto@ miod@

move from sysclt(KERN_ARND) to getentropy(2); ok miod@, kettenis@

Use slightly diffrerent code to get the global offset table address. This
version will match the (upcoming) 32-bit version (for sparc) and allegedly
is slightly faster.

Make ld.so pass its cleanup handler in %g1 as required by the SPARC System V
ABI, and stop calling atexit(4) directly from ld.so on sparc64

Switch time_t, ino_t, clock_t, and struct kevent's ident and data
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.

Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.

DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.

Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@

Introduce ltrace(1). This tool works with ld.so to inject utrace record for
each plt call, allowing to trace a binary linked against shared library at the
public function call level.

To do so, ltrace(1) sets up some environment variables to enable plt tracing
in ld.so, and invokes ktrace(2) for utrace events. ld.so will force lazy
binding and will send an utrace record in the plt resolver, without updating
the plt.

Minimal filtering capabilities are provided, inspired by Solaris' truss -u,
to limit tracing to libraries and/or symbol names. Non-traced libraries and
symbols will have the regular resolver processing, with the expected plt
update.

"Get it in" deraadt

- Add ORIGIN, OSNAME, OSREL and PLATFORM substitution support for rpaths.
Improvements and okay matthew@, millert@, guenther@

Garbage-collect the _dl_stat() routine, now unused

ok matthew@ deraadt@

Stop passing around PS_STRINGS in %g1. The ELF ABI reserves this register
for passing around a pointer to a cleanup function and we'd like to use it
for that purpose in the near future.

ok miod@

Fix comment; no binary change. OK deraadt@

Reserve space for 6 extended word argument slots required by the ABI.
Apparently gcc4 uses them in cases where gcc3 didn't. Fixes segmentation
faults with gcc4 because the space for the slots was colliding with
the space for dl_data that we allocated on the stack.

ok miod@

Fix handling of more than 32768 PLT entries. Mostly from NetBSD.

eyeballed by deraadt@ and drahn@

prebind - how to prelink a binary without throwing security out the window

Prelink fixes the address of libraries making 'return to libc' attacks trival,
prebind uses a different method to achieve most of the same gains, however
without adding any security conerns.

Still under development, now in-tree.

spacing

the sparcv9 ABI requires registers %g2, %g3 to be first announced before
it can use them, and gcc3 catches this
ok henric

use _ENTRY consistently, remove some #if 0 code, and clean up some comments; ok drahn

changes to ld.so to be compatible with newer binutils, requires
slight changes in the startup code on most archs. ok art@ brad@

nuke clause 3 & 4

When loading a shared object or libraries dependant object, load them
in random order. This will reduce the possiblity of a buffer overflow
being able to predict the addresss of useful code. Can be disabled
with the LD_NORANDOM environment variable for debugging purposes.
ok deraadt.

knf & ansi; drahn ok

Prepare for an upcoming ELF executable change. This will allow ld.so to
protect the GOT and PLT sections of the executable from being overwritten.
This behavior is enabled by changes in the executable/shared object layout,
and does not occur without the ld changes.

clean up comments.

Simplify the ld.so asm api, the data is available other ways.
tested by naddy@ and myself.

The parameter dynp was never used, rather than pass in a dummy on most
archs and a nasty calcuation on others, remove the parameter.

Change ld.so search order/method to match the a.out ld.so.

run destructors on dlclose()

Move more symbols into _dl_ private space, so that the proper (libc)
version of the function will be used.

Add readdir() functionality to perform the proper library searching.

Support DL_PRELOAD

Do not relocate symbols if ld.so is being traced (and will exit).

Misc lint cleanup.

ok art@

more KNF

various KNF

Clean up the zapping of bad variables. Instead of implementing
_dl_suid_ok, just use the issetugid syscall.
ok drahn@.

Add support for binutils 2.11. Work around change in PLT generation new ld
generates. From NetBSD. ok art@

Do mmap the right way.

Another attempt at getting this right. This time, play safe.

Some cleanup.

Get the bootstrapping right.

dl_data is at the start of the stack, not after env. load loff.
Now _dl_boot starts correctly.

add munmap syscall
change _rtld references to _dl to match C code.
change relocation types in archdep.h to be sparc64 relocs.

rtld_machine.c copied from alpha, with some modes to compile for sparc64

This is in-tree development.

first whack at ldasm.S... this will not work yet (partially based on NetBSD,
partially based on alpha)