rtld.c revision 105753
1/*- 2 * Copyright 1996, 1997, 1998, 1999, 2000 John D. Polstra. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 * $FreeBSD: head/libexec/rtld-elf/rtld.c 105753 2002-10-23 01:43:29Z kan $ 26 */ 27 28/* 29 * Dynamic linker for ELF. 30 * 31 * John Polstra <jdp@polstra.com>. 32 */ 33 34#ifndef __GNUC__ 35#error "GCC is needed to compile this file" 36#endif 37 38#include <sys/param.h> 39#include <sys/mman.h> 40#include <sys/stat.h> 41 42#include <dlfcn.h> 43#include <err.h> 44#include <errno.h> 45#include <fcntl.h> 46#include <stdarg.h> 47#include <stdio.h> 48#include <stdlib.h> 49#include <string.h> 50#include <unistd.h> 51 52#include "debug.h" 53#include "rtld.h" 54 55#define END_SYM "_end" 56#define PATH_RTLD "/usr/libexec/ld-elf.so.1" 57 58/* Types. */ 59typedef void (*func_ptr_type)(); 60 61/* 62 * This structure provides a reentrant way to keep a list of objects and 63 * check which ones have already been processed in some way. 64 */ 65typedef struct Struct_DoneList { 66 const Obj_Entry **objs; /* Array of object pointers */ 67 unsigned int num_alloc; /* Allocated size of the array */ 68 unsigned int num_used; /* Number of array slots used */ 69} DoneList; 70 71/* 72 * Function declarations. 73 */ 74static const char *basename(const char *); 75static void die(void); 76static void digest_dynamic(Obj_Entry *, int); 77static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t, const char *); 78static Obj_Entry *dlcheck(void *); 79static bool donelist_check(DoneList *, const Obj_Entry *); 80static void errmsg_restore(char *); 81static char *errmsg_save(void); 82static char *find_library(const char *, const Obj_Entry *); 83static const char *gethints(void); 84static void init_dag(Obj_Entry *); 85static void init_dag1(Obj_Entry *root, Obj_Entry *obj, DoneList *); 86static void init_rtld(caddr_t); 87static void initlist_add_neededs(Needed_Entry *needed, Objlist *list); 88static void initlist_add_objects(Obj_Entry *obj, Obj_Entry **tail, 89 Objlist *list); 90static bool is_exported(const Elf_Sym *); 91static void linkmap_add(Obj_Entry *); 92static void linkmap_delete(Obj_Entry *); 93static int load_needed_objects(Obj_Entry *); 94static int load_preload_objects(void); 95static Obj_Entry *load_object(char *); 96static void lock_check(void); 97static Obj_Entry *obj_from_addr(const void *); 98static void objlist_call_fini(Objlist *); 99static void objlist_call_init(Objlist *); 100static void objlist_clear(Objlist *); 101static Objlist_Entry *objlist_find(Objlist *, const Obj_Entry *); 102static void objlist_init(Objlist *); 103static void objlist_push_head(Objlist *, Obj_Entry *); 104static void objlist_push_tail(Objlist *, Obj_Entry *); 105static void objlist_remove(Objlist *, Obj_Entry *); 106static void objlist_remove_unref(Objlist *); 107static int relocate_objects(Obj_Entry *, bool, Obj_Entry *); 108static void rtld_exit(void); 109static char *search_library_path(const char *, const char *); 110static const void **get_program_var_addr(const char *name); 111static void set_program_var(const char *, const void *); 112static const Elf_Sym *symlook_default(const char *, unsigned long hash, 113 const Obj_Entry *refobj, const Obj_Entry **defobj_out, bool in_plt); 114static const Elf_Sym *symlook_list(const char *, unsigned long, 115 Objlist *, const Obj_Entry **, bool in_plt, DoneList *); 116static void trace_loaded_objects(Obj_Entry *obj); 117static void unload_object(Obj_Entry *); 118static void unref_dag(Obj_Entry *); 119 120void r_debug_state(struct r_debug*, struct link_map*); 121void xprintf(const char *, ...) __printflike(1, 2); 122 123/* 124 * Data declarations. 125 */ 126static char *error_message; /* Message for dlerror(), or NULL */ 127struct r_debug r_debug; /* for GDB; */ 128static bool trust; /* False for setuid and setgid programs */ 129static char *ld_bind_now; /* Environment variable for immediate binding */ 130static char *ld_debug; /* Environment variable for debugging */ 131static char *ld_library_path; /* Environment variable for search path */ 132static char *ld_preload; /* Environment variable for libraries to 133 load first */ 134static char *ld_tracing; /* Called from ldd to print libs */ 135static Obj_Entry *obj_list; /* Head of linked list of shared objects */ 136static Obj_Entry **obj_tail; /* Link field of last object in list */ 137static Obj_Entry *obj_main; /* The main program shared object */ 138static Obj_Entry obj_rtld; /* The dynamic linker shared object */ 139static unsigned int obj_count; /* Number of objects in obj_list */ 140 141static Objlist list_global = /* Objects dlopened with RTLD_GLOBAL */ 142 STAILQ_HEAD_INITIALIZER(list_global); 143static Objlist list_main = /* Objects loaded at program startup */ 144 STAILQ_HEAD_INITIALIZER(list_main); 145static Objlist list_fini = /* Objects needing fini() calls */ 146 STAILQ_HEAD_INITIALIZER(list_fini); 147 148static LockInfo lockinfo; 149 150static Elf_Sym sym_zero; /* For resolving undefined weak refs. */ 151 152#define GDB_STATE(s,m) r_debug.r_state = s; r_debug_state(&r_debug,m); 153 154extern Elf_Dyn _DYNAMIC; 155#pragma weak _DYNAMIC 156 157/* 158 * These are the functions the dynamic linker exports to application 159 * programs. They are the only symbols the dynamic linker is willing 160 * to export from itself. 161 */ 162static func_ptr_type exports[] = { 163 (func_ptr_type) &_rtld_error, 164 (func_ptr_type) &dlclose, 165 (func_ptr_type) &dlerror, 166 (func_ptr_type) &dlopen, 167 (func_ptr_type) &dlsym, 168 (func_ptr_type) &dladdr, 169 (func_ptr_type) &dllockinit, 170 NULL 171}; 172 173/* 174 * Global declarations normally provided by crt1. The dynamic linker is 175 * not built with crt1, so we have to provide them ourselves. 176 */ 177char *__progname; 178char **environ; 179 180/* 181 * Fill in a DoneList with an allocation large enough to hold all of 182 * the currently-loaded objects. Keep this as a macro since it calls 183 * alloca and we want that to occur within the scope of the caller. 184 */ 185#define donelist_init(dlp) \ 186 ((dlp)->objs = alloca(obj_count * sizeof (dlp)->objs[0]), \ 187 assert((dlp)->objs != NULL), \ 188 (dlp)->num_alloc = obj_count, \ 189 (dlp)->num_used = 0) 190 191static __inline void 192rlock_acquire(void) 193{ 194 lockinfo.rlock_acquire(lockinfo.thelock); 195 atomic_incr_int(&lockinfo.rcount); 196 lock_check(); 197} 198 199static __inline void 200wlock_acquire(void) 201{ 202 lockinfo.wlock_acquire(lockinfo.thelock); 203 atomic_incr_int(&lockinfo.wcount); 204 lock_check(); 205} 206 207static __inline void 208rlock_release(void) 209{ 210 atomic_decr_int(&lockinfo.rcount); 211 lockinfo.rlock_release(lockinfo.thelock); 212} 213 214static __inline void 215wlock_release(void) 216{ 217 atomic_decr_int(&lockinfo.wcount); 218 lockinfo.wlock_release(lockinfo.thelock); 219} 220 221/* 222 * Main entry point for dynamic linking. The first argument is the 223 * stack pointer. The stack is expected to be laid out as described 224 * in the SVR4 ABI specification, Intel 386 Processor Supplement. 225 * Specifically, the stack pointer points to a word containing 226 * ARGC. Following that in the stack is a null-terminated sequence 227 * of pointers to argument strings. Then comes a null-terminated 228 * sequence of pointers to environment strings. Finally, there is a 229 * sequence of "auxiliary vector" entries. 230 * 231 * The second argument points to a place to store the dynamic linker's 232 * exit procedure pointer and the third to a place to store the main 233 * program's object. 234 * 235 * The return value is the main program's entry point. 236 */ 237func_ptr_type 238_rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) 239{ 240 Elf_Auxinfo *aux_info[AT_COUNT]; 241 int i; 242 int argc; 243 char **argv; 244 char **env; 245 Elf_Auxinfo *aux; 246 Elf_Auxinfo *auxp; 247 const char *argv0; 248 Obj_Entry *obj; 249 Obj_Entry **preload_tail; 250 Objlist initlist; 251 252 /* 253 * On entry, the dynamic linker itself has not been relocated yet. 254 * Be very careful not to reference any global data until after 255 * init_rtld has returned. It is OK to reference file-scope statics 256 * and string constants, and to call static and global functions. 257 */ 258 259 /* Find the auxiliary vector on the stack. */ 260 argc = *sp++; 261 argv = (char **) sp; 262 sp += argc + 1; /* Skip over arguments and NULL terminator */ 263 env = (char **) sp; 264 while (*sp++ != 0) /* Skip over environment, and NULL terminator */ 265 ; 266 aux = (Elf_Auxinfo *) sp; 267 268 /* Digest the auxiliary vector. */ 269 for (i = 0; i < AT_COUNT; i++) 270 aux_info[i] = NULL; 271 for (auxp = aux; auxp->a_type != AT_NULL; auxp++) { 272 if (auxp->a_type < AT_COUNT) 273 aux_info[auxp->a_type] = auxp; 274 } 275 276 /* Initialize and relocate ourselves. */ 277 assert(aux_info[AT_BASE] != NULL); 278 init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 279 280 __progname = obj_rtld.path; 281 argv0 = argv[0] != NULL ? argv[0] : "(null)"; 282 environ = env; 283 284 trust = geteuid() == getuid() && getegid() == getgid(); 285 286 ld_bind_now = getenv("LD_BIND_NOW"); 287 if (trust) { 288 ld_debug = getenv("LD_DEBUG"); 289 ld_library_path = getenv("LD_LIBRARY_PATH"); 290 ld_preload = getenv("LD_PRELOAD"); 291 } 292 ld_tracing = getenv("LD_TRACE_LOADED_OBJECTS"); 293 294 if (ld_debug != NULL && *ld_debug != '\0') 295 debug = 1; 296 dbg("%s is initialized, base address = %p", __progname, 297 (caddr_t) aux_info[AT_BASE]->a_un.a_ptr); 298 dbg("RTLD dynamic = %p", obj_rtld.dynamic); 299 dbg("RTLD pltgot = %p", obj_rtld.pltgot); 300 301 /* 302 * Load the main program, or process its program header if it is 303 * already loaded. 304 */ 305 if (aux_info[AT_EXECFD] != NULL) { /* Load the main program. */ 306 int fd = aux_info[AT_EXECFD]->a_un.a_val; 307 dbg("loading main program"); 308 obj_main = map_object(fd, argv0, NULL); 309 close(fd); 310 if (obj_main == NULL) 311 die(); 312 } else { /* Main program already loaded. */ 313 const Elf_Phdr *phdr; 314 int phnum; 315 caddr_t entry; 316 317 dbg("processing main program's program header"); 318 assert(aux_info[AT_PHDR] != NULL); 319 phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr; 320 assert(aux_info[AT_PHNUM] != NULL); 321 phnum = aux_info[AT_PHNUM]->a_un.a_val; 322 assert(aux_info[AT_PHENT] != NULL); 323 assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr)); 324 assert(aux_info[AT_ENTRY] != NULL); 325 entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr; 326 if ((obj_main = digest_phdr(phdr, phnum, entry, argv0)) == NULL) 327 die(); 328 } 329 330 obj_main->path = xstrdup(argv0); 331 obj_main->mainprog = true; 332 333 /* 334 * Get the actual dynamic linker pathname from the executable if 335 * possible. (It should always be possible.) That ensures that 336 * gdb will find the right dynamic linker even if a non-standard 337 * one is being used. 338 */ 339 if (obj_main->interp != NULL && 340 strcmp(obj_main->interp, obj_rtld.path) != 0) { 341 free(obj_rtld.path); 342 obj_rtld.path = xstrdup(obj_main->interp); 343 } 344 345 digest_dynamic(obj_main, 0); 346 347 linkmap_add(obj_main); 348 linkmap_add(&obj_rtld); 349 350 /* Link the main program into the list of objects. */ 351 *obj_tail = obj_main; 352 obj_tail = &obj_main->next; 353 obj_count++; 354 obj_main->refcount++; 355 /* Make sure we don't call the main program's init and fini functions. */ 356 obj_main->init = obj_main->fini = NULL; 357 358 /* Initialize a fake symbol for resolving undefined weak references. */ 359 sym_zero.st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE); 360 sym_zero.st_shndx = SHN_UNDEF; 361 362 dbg("loading LD_PRELOAD libraries"); 363 if (load_preload_objects() == -1) 364 die(); 365 preload_tail = obj_tail; 366 367 dbg("loading needed objects"); 368 if (load_needed_objects(obj_main) == -1) 369 die(); 370 371 /* Make a list of all objects loaded at startup. */ 372 for (obj = obj_list; obj != NULL; obj = obj->next) 373 objlist_push_tail(&list_main, obj); 374 375 if (ld_tracing) { /* We're done */ 376 trace_loaded_objects(obj_main); 377 exit(0); 378 } 379 380 if (relocate_objects(obj_main, 381 ld_bind_now != NULL && *ld_bind_now != '\0', &obj_rtld) == -1) 382 die(); 383 384 dbg("doing copy relocations"); 385 if (do_copy_relocations(obj_main) == -1) 386 die(); 387 388 dbg("initializing key program variables"); 389 set_program_var("__progname", argv[0] != NULL ? basename(argv[0]) : ""); 390 set_program_var("environ", env); 391 392 dbg("initializing thread locks"); 393 lockdflt_init(&lockinfo); 394 lockinfo.thelock = lockinfo.lock_create(lockinfo.context); 395 396 /* Make a list of init functions to call. */ 397 objlist_init(&initlist); 398 initlist_add_objects(obj_list, preload_tail, &initlist); 399 400 r_debug_state(NULL, &obj_main->linkmap); /* say hello to gdb! */ 401 402 objlist_call_init(&initlist); 403 wlock_acquire(); 404 objlist_clear(&initlist); 405 wlock_release(); 406 407 dbg("transferring control to program entry point = %p", obj_main->entry); 408 409 /* Return the exit procedure and the program entry point. */ 410 *exit_proc = rtld_exit; 411 *objp = obj_main; 412 return (func_ptr_type) obj_main->entry; 413} 414 415Elf_Addr 416_rtld_bind(Obj_Entry *obj, Elf_Word reloff) 417{ 418 const Elf_Rel *rel; 419 const Elf_Sym *def; 420 const Obj_Entry *defobj; 421 Elf_Addr *where; 422 Elf_Addr target; 423 424 rlock_acquire(); 425 if (obj->pltrel) 426 rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff); 427 else 428 rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff); 429 430 where = (Elf_Addr *) (obj->relocbase + rel->r_offset); 431 def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true, NULL); 432 if (def == NULL) 433 die(); 434 435 target = (Elf_Addr)(defobj->relocbase + def->st_value); 436 437 dbg("\"%s\" in \"%s\" ==> %p in \"%s\"", 438 defobj->strtab + def->st_name, basename(obj->path), 439 (void *)target, basename(defobj->path)); 440 441 /* 442 * Write the new contents for the jmpslot. Note that depending on 443 * architecture, the value which we need to return back to the 444 * lazy binding trampoline may or may not be the target 445 * address. The value returned from reloc_jmpslot() is the value 446 * that the trampoline needs. 447 */ 448 target = reloc_jmpslot(where, target, defobj); 449 rlock_release(); 450 return target; 451} 452 453/* 454 * Error reporting function. Use it like printf. If formats the message 455 * into a buffer, and sets things up so that the next call to dlerror() 456 * will return the message. 457 */ 458void 459_rtld_error(const char *fmt, ...) 460{ 461 static char buf[512]; 462 va_list ap; 463 464 va_start(ap, fmt); 465 vsnprintf(buf, sizeof buf, fmt, ap); 466 error_message = buf; 467 va_end(ap); 468} 469 470/* 471 * Return a dynamically-allocated copy of the current error message, if any. 472 */ 473static char * 474errmsg_save(void) 475{ 476 return error_message == NULL ? NULL : xstrdup(error_message); 477} 478 479/* 480 * Restore the current error message from a copy which was previously saved 481 * by errmsg_save(). The copy is freed. 482 */ 483static void 484errmsg_restore(char *saved_msg) 485{ 486 if (saved_msg == NULL) 487 error_message = NULL; 488 else { 489 _rtld_error("%s", saved_msg); 490 free(saved_msg); 491 } 492} 493 494static const char * 495basename(const char *name) 496{ 497 const char *p = strrchr(name, '/'); 498 return p != NULL ? p + 1 : name; 499} 500 501static void 502die(void) 503{ 504 const char *msg = dlerror(); 505 506 if (msg == NULL) 507 msg = "Fatal error"; 508 errx(1, "%s", msg); 509} 510 511/* 512 * Process a shared object's DYNAMIC section, and save the important 513 * information in its Obj_Entry structure. 514 */ 515static void 516digest_dynamic(Obj_Entry *obj, int early) 517{ 518 const Elf_Dyn *dynp; 519 Needed_Entry **needed_tail = &obj->needed; 520 const Elf_Dyn *dyn_rpath = NULL; 521 int plttype = DT_REL; 522 523 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; dynp++) { 524 switch (dynp->d_tag) { 525 526 case DT_REL: 527 obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr); 528 break; 529 530 case DT_RELSZ: 531 obj->relsize = dynp->d_un.d_val; 532 break; 533 534 case DT_RELENT: 535 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 536 break; 537 538 case DT_JMPREL: 539 obj->pltrel = (const Elf_Rel *) 540 (obj->relocbase + dynp->d_un.d_ptr); 541 break; 542 543 case DT_PLTRELSZ: 544 obj->pltrelsize = dynp->d_un.d_val; 545 break; 546 547 case DT_RELA: 548 obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr); 549 break; 550 551 case DT_RELASZ: 552 obj->relasize = dynp->d_un.d_val; 553 break; 554 555 case DT_RELAENT: 556 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 557 break; 558 559 case DT_PLTREL: 560 plttype = dynp->d_un.d_val; 561 assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA); 562 break; 563 564 case DT_SYMTAB: 565 obj->symtab = (const Elf_Sym *) 566 (obj->relocbase + dynp->d_un.d_ptr); 567 break; 568 569 case DT_SYMENT: 570 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 571 break; 572 573 case DT_STRTAB: 574 obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr); 575 break; 576 577 case DT_STRSZ: 578 obj->strsize = dynp->d_un.d_val; 579 break; 580 581 case DT_HASH: 582 { 583 const Elf_Hashelt *hashtab = (const Elf_Hashelt *) 584 (obj->relocbase + dynp->d_un.d_ptr); 585 obj->nbuckets = hashtab[0]; 586 obj->nchains = hashtab[1]; 587 obj->buckets = hashtab + 2; 588 obj->chains = obj->buckets + obj->nbuckets; 589 } 590 break; 591 592 case DT_NEEDED: 593 if (!obj->rtld) { 594 Needed_Entry *nep = NEW(Needed_Entry); 595 nep->name = dynp->d_un.d_val; 596 nep->obj = NULL; 597 nep->next = NULL; 598 599 *needed_tail = nep; 600 needed_tail = &nep->next; 601 } 602 break; 603 604 case DT_PLTGOT: 605 obj->pltgot = (Elf_Addr *) (obj->relocbase + dynp->d_un.d_ptr); 606 break; 607 608 case DT_TEXTREL: 609 obj->textrel = true; 610 break; 611 612 case DT_SYMBOLIC: 613 obj->symbolic = true; 614 break; 615 616 case DT_RPATH: 617 /* 618 * We have to wait until later to process this, because we 619 * might not have gotten the address of the string table yet. 620 */ 621 dyn_rpath = dynp; 622 break; 623 624 case DT_SONAME: 625 /* Not used by the dynamic linker. */ 626 break; 627 628 case DT_INIT: 629 obj->init = (Elf_Addr) (obj->relocbase + dynp->d_un.d_ptr); 630 break; 631 632 case DT_FINI: 633 obj->fini = (Elf_Addr) (obj->relocbase + dynp->d_un.d_ptr); 634 break; 635 636 case DT_DEBUG: 637 /* XXX - not implemented yet */ 638 if (!early) 639 dbg("Filling in DT_DEBUG entry"); 640 ((Elf_Dyn*)dynp)->d_un.d_ptr = (Elf_Addr) &r_debug; 641 break; 642 643 default: 644 if (!early) { 645 dbg("Ignoring d_tag %ld = %#lx", (long)dynp->d_tag, 646 (long)dynp->d_tag); 647 } 648 break; 649 } 650 } 651 652 obj->traced = false; 653 654 if (plttype == DT_RELA) { 655 obj->pltrela = (const Elf_Rela *) obj->pltrel; 656 obj->pltrel = NULL; 657 obj->pltrelasize = obj->pltrelsize; 658 obj->pltrelsize = 0; 659 } 660 661 if (dyn_rpath != NULL) 662 obj->rpath = obj->strtab + dyn_rpath->d_un.d_val; 663} 664 665/* 666 * Process a shared object's program header. This is used only for the 667 * main program, when the kernel has already loaded the main program 668 * into memory before calling the dynamic linker. It creates and 669 * returns an Obj_Entry structure. 670 */ 671static Obj_Entry * 672digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry, const char *path) 673{ 674 Obj_Entry *obj; 675 const Elf_Phdr *phlimit = phdr + phnum; 676 const Elf_Phdr *ph; 677 int nsegs = 0; 678 679 obj = obj_new(); 680 for (ph = phdr; ph < phlimit; ph++) { 681 switch (ph->p_type) { 682 683 case PT_PHDR: 684 if ((const Elf_Phdr *)ph->p_vaddr != phdr) { 685 _rtld_error("%s: invalid PT_PHDR", path); 686 return NULL; 687 } 688 obj->phdr = (const Elf_Phdr *) ph->p_vaddr; 689 obj->phsize = ph->p_memsz; 690 break; 691 692 case PT_INTERP: 693 obj->interp = (const char *) ph->p_vaddr; 694 break; 695 696 case PT_LOAD: 697 if (nsegs == 0) { /* First load segment */ 698 obj->vaddrbase = trunc_page(ph->p_vaddr); 699 obj->mapbase = (caddr_t) obj->vaddrbase; 700 obj->relocbase = obj->mapbase - obj->vaddrbase; 701 obj->textsize = round_page(ph->p_vaddr + ph->p_memsz) - 702 obj->vaddrbase; 703 } else { /* Last load segment */ 704 obj->mapsize = round_page(ph->p_vaddr + ph->p_memsz) - 705 obj->vaddrbase; 706 } 707 nsegs++; 708 break; 709 710 case PT_DYNAMIC: 711 obj->dynamic = (const Elf_Dyn *) ph->p_vaddr; 712 break; 713 } 714 } 715 716 obj->entry = entry; 717 return obj; 718} 719 720static Obj_Entry * 721dlcheck(void *handle) 722{ 723 Obj_Entry *obj; 724 725 for (obj = obj_list; obj != NULL; obj = obj->next) 726 if (obj == (Obj_Entry *) handle) 727 break; 728 729 if (obj == NULL || obj->refcount == 0 || obj->dl_refcount == 0) { 730 _rtld_error("Invalid shared object handle %p", handle); 731 return NULL; 732 } 733 return obj; 734} 735 736/* 737 * If the given object is already in the donelist, return true. Otherwise 738 * add the object to the list and return false. 739 */ 740static bool 741donelist_check(DoneList *dlp, const Obj_Entry *obj) 742{ 743 unsigned int i; 744 745 for (i = 0; i < dlp->num_used; i++) 746 if (dlp->objs[i] == obj) 747 return true; 748 /* 749 * Our donelist allocation should always be sufficient. But if 750 * our threads locking isn't working properly, more shared objects 751 * could have been loaded since we allocated the list. That should 752 * never happen, but we'll handle it properly just in case it does. 753 */ 754 if (dlp->num_used < dlp->num_alloc) 755 dlp->objs[dlp->num_used++] = obj; 756 return false; 757} 758 759/* 760 * Hash function for symbol table lookup. Don't even think about changing 761 * this. It is specified by the System V ABI. 762 */ 763unsigned long 764elf_hash(const char *name) 765{ 766 const unsigned char *p = (const unsigned char *) name; 767 unsigned long h = 0; 768 unsigned long g; 769 770 while (*p != '\0') { 771 h = (h << 4) + *p++; 772 if ((g = h & 0xf0000000) != 0) 773 h ^= g >> 24; 774 h &= ~g; 775 } 776 return h; 777} 778 779/* 780 * Find the library with the given name, and return its full pathname. 781 * The returned string is dynamically allocated. Generates an error 782 * message and returns NULL if the library cannot be found. 783 * 784 * If the second argument is non-NULL, then it refers to an already- 785 * loaded shared object, whose library search path will be searched. 786 * 787 * The search order is: 788 * rpath in the referencing file 789 * LD_LIBRARY_PATH 790 * ldconfig hints 791 * /usr/lib 792 */ 793static char * 794find_library(const char *name, const Obj_Entry *refobj) 795{ 796 char *pathname; 797 798 if (strchr(name, '/') != NULL) { /* Hard coded pathname */ 799 if (name[0] != '/' && !trust) { 800 _rtld_error("Absolute pathname required for shared object \"%s\"", 801 name); 802 return NULL; 803 } 804 return xstrdup(name); 805 } 806 807 dbg(" Searching for \"%s\"", name); 808 809 if ((pathname = search_library_path(name, ld_library_path)) != NULL || 810 (refobj != NULL && 811 (pathname = search_library_path(name, refobj->rpath)) != NULL) || 812 (pathname = search_library_path(name, gethints())) != NULL || 813 (pathname = search_library_path(name, STANDARD_LIBRARY_PATH)) != NULL) 814 return pathname; 815 816 _rtld_error("Shared object \"%s\" not found", name); 817 return NULL; 818} 819 820/* 821 * Given a symbol number in a referencing object, find the corresponding 822 * definition of the symbol. Returns a pointer to the symbol, or NULL if 823 * no definition was found. Returns a pointer to the Obj_Entry of the 824 * defining object via the reference parameter DEFOBJ_OUT. 825 */ 826const Elf_Sym * 827find_symdef(unsigned long symnum, const Obj_Entry *refobj, 828 const Obj_Entry **defobj_out, bool in_plt, SymCache *cache) 829{ 830 const Elf_Sym *ref; 831 const Elf_Sym *def; 832 const Obj_Entry *defobj; 833 const char *name; 834 unsigned long hash; 835 836 /* 837 * If we have already found this symbol, get the information from 838 * the cache. 839 */ 840 if (symnum >= refobj->nchains) 841 return NULL; /* Bad object */ 842 if (cache != NULL && cache[symnum].sym != NULL) { 843 *defobj_out = cache[symnum].obj; 844 return cache[symnum].sym; 845 } 846 847 ref = refobj->symtab + symnum; 848 name = refobj->strtab + ref->st_name; 849 defobj = NULL; 850 851 /* 852 * We don't have to do a full scale lookup if the symbol is local. 853 * We know it will bind to the instance in this load module; to 854 * which we already have a pointer (ie ref). By not doing a lookup, 855 * we not only improve performance, but it also avoids unresolvable 856 * symbols when local symbols are not in the hash table. This has 857 * been seen with the ia64 toolchain. 858 */ 859 if (ELF_ST_BIND(ref->st_info) != STB_LOCAL) { 860 if (ELF_ST_TYPE(ref->st_info) == STT_SECTION) { 861 _rtld_error("%s: Bogus symbol table entry %lu", refobj->path, 862 symnum); 863 } 864 hash = elf_hash(name); 865 def = symlook_default(name, hash, refobj, &defobj, in_plt); 866 } else { 867 def = ref; 868 defobj = refobj; 869 } 870 871 /* 872 * If we found no definition and the reference is weak, treat the 873 * symbol as having the value zero. 874 */ 875 if (def == NULL && ELF_ST_BIND(ref->st_info) == STB_WEAK) { 876 def = &sym_zero; 877 defobj = obj_main; 878 } 879 880 if (def != NULL) { 881 *defobj_out = defobj; 882 /* Record the information in the cache to avoid subsequent lookups. */ 883 if (cache != NULL) { 884 cache[symnum].sym = def; 885 cache[symnum].obj = defobj; 886 } 887 } else { 888 if (refobj != &obj_rtld) 889 _rtld_error("%s: Undefined symbol \"%s\"", refobj->path, name); 890 } 891 return def; 892} 893 894/* 895 * Return the search path from the ldconfig hints file, reading it if 896 * necessary. Returns NULL if there are problems with the hints file, 897 * or if the search path there is empty. 898 */ 899static const char * 900gethints(void) 901{ 902 static char *hints; 903 904 if (hints == NULL) { 905 int fd; 906 struct elfhints_hdr hdr; 907 char *p; 908 909 /* Keep from trying again in case the hints file is bad. */ 910 hints = ""; 911 912 if ((fd = open(_PATH_ELF_HINTS, O_RDONLY)) == -1) 913 return NULL; 914 if (read(fd, &hdr, sizeof hdr) != sizeof hdr || 915 hdr.magic != ELFHINTS_MAGIC || 916 hdr.version != 1) { 917 close(fd); 918 return NULL; 919 } 920 p = xmalloc(hdr.dirlistlen + 1); 921 if (lseek(fd, hdr.strtab + hdr.dirlist, SEEK_SET) == -1 || 922 read(fd, p, hdr.dirlistlen + 1) != hdr.dirlistlen + 1) { 923 free(p); 924 close(fd); 925 return NULL; 926 } 927 hints = p; 928 close(fd); 929 } 930 return hints[0] != '\0' ? hints : NULL; 931} 932 933static void 934init_dag(Obj_Entry *root) 935{ 936 DoneList donelist; 937 938 donelist_init(&donelist); 939 init_dag1(root, root, &donelist); 940} 941 942static void 943init_dag1(Obj_Entry *root, Obj_Entry *obj, DoneList *dlp) 944{ 945 const Needed_Entry *needed; 946 947 if (donelist_check(dlp, obj)) 948 return; 949 objlist_push_tail(&obj->dldags, root); 950 objlist_push_tail(&root->dagmembers, obj); 951 for (needed = obj->needed; needed != NULL; needed = needed->next) 952 if (needed->obj != NULL) 953 init_dag1(root, needed->obj, dlp); 954} 955 956/* 957 * Initialize the dynamic linker. The argument is the address at which 958 * the dynamic linker has been mapped into memory. The primary task of 959 * this function is to relocate the dynamic linker. 960 */ 961static void 962init_rtld(caddr_t mapbase) 963{ 964 Obj_Entry objtmp; /* Temporary rtld object */ 965 966 /* 967 * Conjure up an Obj_Entry structure for the dynamic linker. 968 * 969 * The "path" member can't be initialized yet because string constatns 970 * cannot yet be acessed. Below we will set it correctly. 971 */ 972 objtmp.path = NULL; 973 objtmp.rtld = true; 974 objtmp.mapbase = mapbase; 975#ifdef PIC 976 objtmp.relocbase = mapbase; 977#endif 978 if (&_DYNAMIC != 0) { 979 objtmp.dynamic = rtld_dynamic(&objtmp); 980 digest_dynamic(&objtmp, 1); 981 assert(objtmp.needed == NULL); 982 assert(!objtmp.textrel); 983 984 /* 985 * Temporarily put the dynamic linker entry into the object list, so 986 * that symbols can be found. 987 */ 988 989 relocate_objects(&objtmp, true, &objtmp); 990 } 991 992 /* Initialize the object list. */ 993 obj_tail = &obj_list; 994 995 /* Now that non-local variables can be accesses, copy out obj_rtld. */ 996 memcpy(&obj_rtld, &objtmp, sizeof(obj_rtld)); 997 998 /* Replace the path with a dynamically allocated copy. */ 999 obj_rtld.path = xstrdup(PATH_RTLD); 1000 1001 r_debug.r_brk = r_debug_state; 1002 r_debug.r_state = RT_CONSISTENT; 1003} 1004 1005/* 1006 * Add the init functions from a needed object list (and its recursive 1007 * needed objects) to "list". This is not used directly; it is a helper 1008 * function for initlist_add_objects(). The write lock must be held 1009 * when this function is called. 1010 */ 1011static void 1012initlist_add_neededs(Needed_Entry *needed, Objlist *list) 1013{ 1014 /* Recursively process the successor needed objects. */ 1015 if (needed->next != NULL) 1016 initlist_add_neededs(needed->next, list); 1017 1018 /* Process the current needed object. */ 1019 if (needed->obj != NULL) 1020 initlist_add_objects(needed->obj, &needed->obj->next, list); 1021} 1022 1023/* 1024 * Scan all of the DAGs rooted in the range of objects from "obj" to 1025 * "tail" and add their init functions to "list". This recurses over 1026 * the DAGs and ensure the proper init ordering such that each object's 1027 * needed libraries are initialized before the object itself. At the 1028 * same time, this function adds the objects to the global finalization 1029 * list "list_fini" in the opposite order. The write lock must be 1030 * held when this function is called. 1031 */ 1032static void 1033initlist_add_objects(Obj_Entry *obj, Obj_Entry **tail, Objlist *list) 1034{ 1035 if (obj->init_done) 1036 return; 1037 obj->init_done = true; 1038 1039 /* Recursively process the successor objects. */ 1040 if (&obj->next != tail) 1041 initlist_add_objects(obj->next, tail, list); 1042 1043 /* Recursively process the needed objects. */ 1044 if (obj->needed != NULL) 1045 initlist_add_neededs(obj->needed, list); 1046 1047 /* Add the object to the init list. */ 1048 if (obj->init != NULL) 1049 objlist_push_tail(list, obj); 1050 1051 /* Add the object to the global fini list in the reverse order. */ 1052 if (obj->fini != NULL) 1053 objlist_push_head(&list_fini, obj); 1054} 1055 1056#ifndef FPTR_TARGET 1057#define FPTR_TARGET(f) ((Elf_Addr) (f)) 1058#endif 1059 1060static bool 1061is_exported(const Elf_Sym *def) 1062{ 1063 Elf_Addr value; 1064 const func_ptr_type *p; 1065 1066 value = (Elf_Addr)(obj_rtld.relocbase + def->st_value); 1067 for (p = exports; *p != NULL; p++) 1068 if (FPTR_TARGET(*p) == value) 1069 return true; 1070 return false; 1071} 1072 1073/* 1074 * Given a shared object, traverse its list of needed objects, and load 1075 * each of them. Returns 0 on success. Generates an error message and 1076 * returns -1 on failure. 1077 */ 1078static int 1079load_needed_objects(Obj_Entry *first) 1080{ 1081 Obj_Entry *obj; 1082 1083 for (obj = first; obj != NULL; obj = obj->next) { 1084 Needed_Entry *needed; 1085 1086 for (needed = obj->needed; needed != NULL; needed = needed->next) { 1087 const char *name = obj->strtab + needed->name; 1088 char *path = find_library(name, obj); 1089 1090 needed->obj = NULL; 1091 if (path == NULL && !ld_tracing) 1092 return -1; 1093 1094 if (path) { 1095 needed->obj = load_object(path); 1096 if (needed->obj == NULL && !ld_tracing) 1097 return -1; /* XXX - cleanup */ 1098 } 1099 } 1100 } 1101 1102 return 0; 1103} 1104 1105static int 1106load_preload_objects(void) 1107{ 1108 char *p = ld_preload; 1109 static const char delim[] = " \t:;"; 1110 1111 if (p == NULL) 1112 return NULL; 1113 1114 p += strspn(p, delim); 1115 while (*p != '\0') { 1116 size_t len = strcspn(p, delim); 1117 char *path; 1118 char savech; 1119 1120 savech = p[len]; 1121 p[len] = '\0'; 1122 if ((path = find_library(p, NULL)) == NULL) 1123 return -1; 1124 if (load_object(path) == NULL) 1125 return -1; /* XXX - cleanup */ 1126 p[len] = savech; 1127 p += len; 1128 p += strspn(p, delim); 1129 } 1130 return 0; 1131} 1132 1133/* 1134 * Load a shared object into memory, if it is not already loaded. The 1135 * argument must be a string allocated on the heap. This function assumes 1136 * responsibility for freeing it when necessary. 1137 * 1138 * Returns a pointer to the Obj_Entry for the object. Returns NULL 1139 * on failure. 1140 */ 1141static Obj_Entry * 1142load_object(char *path) 1143{ 1144 Obj_Entry *obj; 1145 int fd = -1; 1146 struct stat sb; 1147 1148 for (obj = obj_list->next; obj != NULL; obj = obj->next) 1149 if (strcmp(obj->path, path) == 0) 1150 break; 1151 1152 /* 1153 * If we didn't find a match by pathname, open the file and check 1154 * again by device and inode. This avoids false mismatches caused 1155 * by multiple links or ".." in pathnames. 1156 * 1157 * To avoid a race, we open the file and use fstat() rather than 1158 * using stat(). 1159 */ 1160 if (obj == NULL) { 1161 if ((fd = open(path, O_RDONLY)) == -1) { 1162 _rtld_error("Cannot open \"%s\"", path); 1163 return NULL; 1164 } 1165 if (fstat(fd, &sb) == -1) { 1166 _rtld_error("Cannot fstat \"%s\"", path); 1167 close(fd); 1168 return NULL; 1169 } 1170 for (obj = obj_list->next; obj != NULL; obj = obj->next) { 1171 if (obj->ino == sb.st_ino && obj->dev == sb.st_dev) { 1172 close(fd); 1173 break; 1174 } 1175 } 1176 } 1177 1178 if (obj == NULL) { /* First use of this object, so we must map it in */ 1179 dbg("loading \"%s\"", path); 1180 obj = map_object(fd, path, &sb); 1181 close(fd); 1182 if (obj == NULL) { 1183 free(path); 1184 return NULL; 1185 } 1186 1187 obj->path = path; 1188 digest_dynamic(obj, 0); 1189 1190 *obj_tail = obj; 1191 obj_tail = &obj->next; 1192 obj_count++; 1193 linkmap_add(obj); /* for GDB */ 1194 1195 dbg(" %p .. %p: %s", obj->mapbase, 1196 obj->mapbase + obj->mapsize - 1, obj->path); 1197 if (obj->textrel) 1198 dbg(" WARNING: %s has impure text", obj->path); 1199 } else 1200 free(path); 1201 1202 obj->refcount++; 1203 return obj; 1204} 1205 1206/* 1207 * Check for locking violations and die if one is found. 1208 */ 1209static void 1210lock_check(void) 1211{ 1212 int rcount, wcount; 1213 1214 rcount = lockinfo.rcount; 1215 wcount = lockinfo.wcount; 1216 assert(rcount >= 0); 1217 assert(wcount >= 0); 1218 if (wcount > 1 || (wcount != 0 && rcount != 0)) { 1219 _rtld_error("Application locking error: %d readers and %d writers" 1220 " in dynamic linker. See DLLOCKINIT(3) in manual pages.", 1221 rcount, wcount); 1222 die(); 1223 } 1224} 1225 1226static Obj_Entry * 1227obj_from_addr(const void *addr) 1228{ 1229 unsigned long endhash; 1230 Obj_Entry *obj; 1231 1232 endhash = elf_hash(END_SYM); 1233 for (obj = obj_list; obj != NULL; obj = obj->next) { 1234 const Elf_Sym *endsym; 1235 1236 if (addr < (void *) obj->mapbase) 1237 continue; 1238 if ((endsym = symlook_obj(END_SYM, endhash, obj, true)) == NULL) 1239 continue; /* No "end" symbol?! */ 1240 if (addr < (void *) (obj->relocbase + endsym->st_value)) 1241 return obj; 1242 } 1243 return NULL; 1244} 1245 1246/* 1247 * Call the finalization functions for each of the objects in "list" 1248 * which are unreferenced. All of the objects are expected to have 1249 * non-NULL fini functions. 1250 */ 1251static void 1252objlist_call_fini(Objlist *list) 1253{ 1254 Objlist_Entry *elm; 1255 char *saved_msg; 1256 1257 /* 1258 * Preserve the current error message since a fini function might 1259 * call into the dynamic linker and overwrite it. 1260 */ 1261 saved_msg = errmsg_save(); 1262 STAILQ_FOREACH(elm, list, link) { 1263 if (elm->obj->refcount == 0) { 1264 dbg("calling fini function for %s at %p", elm->obj->path, 1265 (void *)elm->obj->fini); 1266 call_initfini_pointer(elm->obj, elm->obj->fini); 1267 } 1268 } 1269 errmsg_restore(saved_msg); 1270} 1271 1272/* 1273 * Call the initialization functions for each of the objects in 1274 * "list". All of the objects are expected to have non-NULL init 1275 * functions. 1276 */ 1277static void 1278objlist_call_init(Objlist *list) 1279{ 1280 Objlist_Entry *elm; 1281 char *saved_msg; 1282 1283 /* 1284 * Preserve the current error message since an init function might 1285 * call into the dynamic linker and overwrite it. 1286 */ 1287 saved_msg = errmsg_save(); 1288 STAILQ_FOREACH(elm, list, link) { 1289 dbg("calling init function for %s at %p", elm->obj->path, 1290 (void *)elm->obj->init); 1291 call_initfini_pointer(elm->obj, elm->obj->init); 1292 } 1293 errmsg_restore(saved_msg); 1294} 1295 1296static void 1297objlist_clear(Objlist *list) 1298{ 1299 Objlist_Entry *elm; 1300 1301 while (!STAILQ_EMPTY(list)) { 1302 elm = STAILQ_FIRST(list); 1303 STAILQ_REMOVE_HEAD(list, link); 1304 free(elm); 1305 } 1306} 1307 1308static Objlist_Entry * 1309objlist_find(Objlist *list, const Obj_Entry *obj) 1310{ 1311 Objlist_Entry *elm; 1312 1313 STAILQ_FOREACH(elm, list, link) 1314 if (elm->obj == obj) 1315 return elm; 1316 return NULL; 1317} 1318 1319static void 1320objlist_init(Objlist *list) 1321{ 1322 STAILQ_INIT(list); 1323} 1324 1325static void 1326objlist_push_head(Objlist *list, Obj_Entry *obj) 1327{ 1328 Objlist_Entry *elm; 1329 1330 elm = NEW(Objlist_Entry); 1331 elm->obj = obj; 1332 STAILQ_INSERT_HEAD(list, elm, link); 1333} 1334 1335static void 1336objlist_push_tail(Objlist *list, Obj_Entry *obj) 1337{ 1338 Objlist_Entry *elm; 1339 1340 elm = NEW(Objlist_Entry); 1341 elm->obj = obj; 1342 STAILQ_INSERT_TAIL(list, elm, link); 1343} 1344 1345static void 1346objlist_remove(Objlist *list, Obj_Entry *obj) 1347{ 1348 Objlist_Entry *elm; 1349 1350 if ((elm = objlist_find(list, obj)) != NULL) { 1351 STAILQ_REMOVE(list, elm, Struct_Objlist_Entry, link); 1352 free(elm); 1353 } 1354} 1355 1356/* 1357 * Remove all of the unreferenced objects from "list". 1358 */ 1359static void 1360objlist_remove_unref(Objlist *list) 1361{ 1362 Objlist newlist; 1363 Objlist_Entry *elm; 1364 1365 STAILQ_INIT(&newlist); 1366 while (!STAILQ_EMPTY(list)) { 1367 elm = STAILQ_FIRST(list); 1368 STAILQ_REMOVE_HEAD(list, link); 1369 if (elm->obj->refcount == 0) 1370 free(elm); 1371 else 1372 STAILQ_INSERT_TAIL(&newlist, elm, link); 1373 } 1374 *list = newlist; 1375} 1376 1377/* 1378 * Relocate newly-loaded shared objects. The argument is a pointer to 1379 * the Obj_Entry for the first such object. All objects from the first 1380 * to the end of the list of objects are relocated. Returns 0 on success, 1381 * or -1 on failure. 1382 */ 1383static int 1384relocate_objects(Obj_Entry *first, bool bind_now, Obj_Entry *rtldobj) 1385{ 1386 Obj_Entry *obj; 1387 1388 for (obj = first; obj != NULL; obj = obj->next) { 1389 if (obj != rtldobj) 1390 dbg("relocating \"%s\"", obj->path); 1391 if (obj->nbuckets == 0 || obj->nchains == 0 || obj->buckets == NULL || 1392 obj->symtab == NULL || obj->strtab == NULL) { 1393 _rtld_error("%s: Shared object has no run-time symbol table", 1394 obj->path); 1395 return -1; 1396 } 1397 1398 if (obj->textrel) { 1399 /* There are relocations to the write-protected text segment. */ 1400 if (mprotect(obj->mapbase, obj->textsize, 1401 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) { 1402 _rtld_error("%s: Cannot write-enable text segment: %s", 1403 obj->path, strerror(errno)); 1404 return -1; 1405 } 1406 } 1407 1408 /* Process the non-PLT relocations. */ 1409 if (reloc_non_plt(obj, rtldobj)) 1410 return -1; 1411 1412 if (obj->textrel) { /* Re-protected the text segment. */ 1413 if (mprotect(obj->mapbase, obj->textsize, 1414 PROT_READ|PROT_EXEC) == -1) { 1415 _rtld_error("%s: Cannot write-protect text segment: %s", 1416 obj->path, strerror(errno)); 1417 return -1; 1418 } 1419 } 1420 1421 /* Process the PLT relocations. */ 1422 if (reloc_plt(obj) == -1) 1423 return -1; 1424 /* Relocate the jump slots if we are doing immediate binding. */ 1425 if (bind_now) 1426 if (reloc_jmpslots(obj) == -1) 1427 return -1; 1428 1429 1430 /* 1431 * Set up the magic number and version in the Obj_Entry. These 1432 * were checked in the crt1.o from the original ElfKit, so we 1433 * set them for backward compatibility. 1434 */ 1435 obj->magic = RTLD_MAGIC; 1436 obj->version = RTLD_VERSION; 1437 1438 /* Set the special PLT or GOT entries. */ 1439 init_pltgot(obj); 1440 } 1441 1442 return 0; 1443} 1444 1445/* 1446 * Cleanup procedure. It will be called (by the atexit mechanism) just 1447 * before the process exits. 1448 */ 1449static void 1450rtld_exit(void) 1451{ 1452 Obj_Entry *obj; 1453 1454 dbg("rtld_exit()"); 1455 /* Clear all the reference counts so the fini functions will be called. */ 1456 for (obj = obj_list; obj != NULL; obj = obj->next) 1457 obj->refcount = 0; 1458 objlist_call_fini(&list_fini); 1459 /* No need to remove the items from the list, since we are exiting. */ 1460} 1461 1462static char * 1463search_library_path(const char *name, const char *path) 1464{ 1465 size_t namelen = strlen(name); 1466 const char *p = path; 1467 1468 if (p == NULL) 1469 return NULL; 1470 1471 p += strspn(p, ":;"); 1472 while (*p != '\0') { 1473 size_t len = strcspn(p, ":;"); 1474 1475 if (*p == '/' || trust) { 1476 char *pathname; 1477 const char *dir = p; 1478 size_t dirlen = len; 1479 1480 pathname = xmalloc(dirlen + 1 + namelen + 1); 1481 strncpy(pathname, dir, dirlen); 1482 pathname[dirlen] = '/'; 1483 strcpy(pathname + dirlen + 1, name); 1484 1485 dbg(" Trying \"%s\"", pathname); 1486 if (access(pathname, F_OK) == 0) /* We found it */ 1487 return pathname; 1488 1489 free(pathname); 1490 } 1491 p += len; 1492 p += strspn(p, ":;"); 1493 } 1494 1495 return NULL; 1496} 1497 1498int 1499dlclose(void *handle) 1500{ 1501 Obj_Entry *root; 1502 1503 wlock_acquire(); 1504 root = dlcheck(handle); 1505 if (root == NULL) { 1506 wlock_release(); 1507 return -1; 1508 } 1509 1510 /* Unreference the object and its dependencies. */ 1511 root->dl_refcount--; 1512 unref_dag(root); 1513 1514 if (root->refcount == 0) { 1515 /* 1516 * The object is no longer referenced, so we must unload it. 1517 * First, call the fini functions with no locks held. 1518 */ 1519 wlock_release(); 1520 objlist_call_fini(&list_fini); 1521 wlock_acquire(); 1522 objlist_remove_unref(&list_fini); 1523 1524 /* Finish cleaning up the newly-unreferenced objects. */ 1525 GDB_STATE(RT_DELETE,&root->linkmap); 1526 unload_object(root); 1527 GDB_STATE(RT_CONSISTENT,NULL); 1528 } 1529 wlock_release(); 1530 return 0; 1531} 1532 1533const char * 1534dlerror(void) 1535{ 1536 char *msg = error_message; 1537 error_message = NULL; 1538 return msg; 1539} 1540 1541/* 1542 * This function is deprecated and has no effect. 1543 */ 1544void 1545dllockinit(void *context, 1546 void *(*lock_create)(void *context), 1547 void (*rlock_acquire)(void *lock), 1548 void (*wlock_acquire)(void *lock), 1549 void (*lock_release)(void *lock), 1550 void (*lock_destroy)(void *lock), 1551 void (*context_destroy)(void *context)) 1552{ 1553 static void *cur_context; 1554 static void (*cur_context_destroy)(void *); 1555 1556 /* Just destroy the context from the previous call, if necessary. */ 1557 if (cur_context_destroy != NULL) 1558 cur_context_destroy(cur_context); 1559 cur_context = context; 1560 cur_context_destroy = context_destroy; 1561} 1562 1563void * 1564dlopen(const char *name, int mode) 1565{ 1566 Obj_Entry **old_obj_tail; 1567 Obj_Entry *obj; 1568 Objlist initlist; 1569 int result; 1570 1571 ld_tracing = (mode & RTLD_TRACE) == 0 ? NULL : "1"; 1572 if (ld_tracing != NULL) 1573 environ = (char **)*get_program_var_addr("environ"); 1574 1575 objlist_init(&initlist); 1576 1577 wlock_acquire(); 1578 GDB_STATE(RT_ADD,NULL); 1579 1580 old_obj_tail = obj_tail; 1581 obj = NULL; 1582 if (name == NULL) { 1583 obj = obj_main; 1584 obj->refcount++; 1585 } else { 1586 char *path = find_library(name, obj_main); 1587 if (path != NULL) 1588 obj = load_object(path); 1589 } 1590 1591 if (obj) { 1592 obj->dl_refcount++; 1593 if (mode & RTLD_GLOBAL && objlist_find(&list_global, obj) == NULL) 1594 objlist_push_tail(&list_global, obj); 1595 mode &= RTLD_MODEMASK; 1596 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1597 assert(*old_obj_tail == obj); 1598 1599 result = load_needed_objects(obj); 1600 if (result != -1 && ld_tracing) 1601 goto trace; 1602 1603 if (result == -1 || 1604 (init_dag(obj), relocate_objects(obj, mode == RTLD_NOW, 1605 &obj_rtld)) == -1) { 1606 obj->dl_refcount--; 1607 unref_dag(obj); 1608 if (obj->refcount == 0) 1609 unload_object(obj); 1610 obj = NULL; 1611 } else { 1612 /* Make list of init functions to call. */ 1613 initlist_add_objects(obj, &obj->next, &initlist); 1614 } 1615 } else if (ld_tracing) 1616 goto trace; 1617 } 1618 1619 GDB_STATE(RT_CONSISTENT,obj ? &obj->linkmap : NULL); 1620 1621 /* Call the init functions with no locks held. */ 1622 wlock_release(); 1623 objlist_call_init(&initlist); 1624 wlock_acquire(); 1625 objlist_clear(&initlist); 1626 wlock_release(); 1627 return obj; 1628trace: 1629 trace_loaded_objects(obj); 1630 wlock_release(); 1631 exit(0); 1632} 1633 1634void * 1635dlsym(void *handle, const char *name) 1636{ 1637 const Obj_Entry *obj; 1638 unsigned long hash; 1639 const Elf_Sym *def; 1640 const Obj_Entry *defobj; 1641 1642 hash = elf_hash(name); 1643 def = NULL; 1644 defobj = NULL; 1645 1646 rlock_acquire(); 1647 if (handle == NULL || handle == RTLD_NEXT || handle == RTLD_DEFAULT) { 1648 void *retaddr; 1649 1650 retaddr = __builtin_return_address(0); /* __GNUC__ only */ 1651 if ((obj = obj_from_addr(retaddr)) == NULL) { 1652 _rtld_error("Cannot determine caller's shared object"); 1653 rlock_release(); 1654 return NULL; 1655 } 1656 if (handle == NULL) { /* Just the caller's shared object. */ 1657 def = symlook_obj(name, hash, obj, true); 1658 defobj = obj; 1659 } else if (handle == RTLD_NEXT) { /* Objects after caller's */ 1660 while ((obj = obj->next) != NULL) { 1661 if ((def = symlook_obj(name, hash, obj, true)) != NULL) { 1662 defobj = obj; 1663 break; 1664 } 1665 } 1666 } else { 1667 assert(handle == RTLD_DEFAULT); 1668 def = symlook_default(name, hash, obj, &defobj, true); 1669 } 1670 } else { 1671 if ((obj = dlcheck(handle)) == NULL) { 1672 rlock_release(); 1673 return NULL; 1674 } 1675 1676 if (obj->mainprog) { 1677 DoneList donelist; 1678 1679 /* Search main program and all libraries loaded by it. */ 1680 donelist_init(&donelist); 1681 def = symlook_list(name, hash, &list_main, &defobj, true, 1682 &donelist); 1683 } else { 1684 /* 1685 * XXX - This isn't correct. The search should include the whole 1686 * DAG rooted at the given object. 1687 */ 1688 def = symlook_obj(name, hash, obj, true); 1689 defobj = obj; 1690 } 1691 } 1692 1693 if (def != NULL) { 1694 rlock_release(); 1695 1696 /* 1697 * The value required by the caller is derived from the value 1698 * of the symbol. For the ia64 architecture, we need to 1699 * construct a function descriptor which the caller can use to 1700 * call the function with the right 'gp' value. For other 1701 * architectures and for non-functions, the value is simply 1702 * the relocated value of the symbol. 1703 */ 1704 if (ELF_ST_TYPE(def->st_info) == STT_FUNC) 1705 return make_function_pointer(def, defobj); 1706 else 1707 return defobj->relocbase + def->st_value; 1708 } 1709 1710 _rtld_error("Undefined symbol \"%s\"", name); 1711 rlock_release(); 1712 return NULL; 1713} 1714 1715int 1716dladdr(const void *addr, Dl_info *info) 1717{ 1718 const Obj_Entry *obj; 1719 const Elf_Sym *def; 1720 void *symbol_addr; 1721 unsigned long symoffset; 1722 1723 rlock_acquire(); 1724 obj = obj_from_addr(addr); 1725 if (obj == NULL) { 1726 _rtld_error("No shared object contains address"); 1727 rlock_release(); 1728 return 0; 1729 } 1730 info->dli_fname = obj->path; 1731 info->dli_fbase = obj->mapbase; 1732 info->dli_saddr = (void *)0; 1733 info->dli_sname = NULL; 1734 1735 /* 1736 * Walk the symbol list looking for the symbol whose address is 1737 * closest to the address sent in. 1738 */ 1739 for (symoffset = 0; symoffset < obj->nchains; symoffset++) { 1740 def = obj->symtab + symoffset; 1741 1742 /* 1743 * For skip the symbol if st_shndx is either SHN_UNDEF or 1744 * SHN_COMMON. 1745 */ 1746 if (def->st_shndx == SHN_UNDEF || def->st_shndx == SHN_COMMON) 1747 continue; 1748 1749 /* 1750 * If the symbol is greater than the specified address, or if it 1751 * is further away from addr than the current nearest symbol, 1752 * then reject it. 1753 */ 1754 symbol_addr = obj->relocbase + def->st_value; 1755 if (symbol_addr > addr || symbol_addr < info->dli_saddr) 1756 continue; 1757 1758 /* Update our idea of the nearest symbol. */ 1759 info->dli_sname = obj->strtab + def->st_name; 1760 info->dli_saddr = symbol_addr; 1761 1762 /* Exact match? */ 1763 if (info->dli_saddr == addr) 1764 break; 1765 } 1766 rlock_release(); 1767 return 1; 1768} 1769 1770static void 1771linkmap_add(Obj_Entry *obj) 1772{ 1773 struct link_map *l = &obj->linkmap; 1774 struct link_map *prev; 1775 1776 obj->linkmap.l_name = obj->path; 1777 obj->linkmap.l_addr = obj->mapbase; 1778 obj->linkmap.l_ld = obj->dynamic; 1779#ifdef __mips__ 1780 /* GDB needs load offset on MIPS to use the symbols */ 1781 obj->linkmap.l_offs = obj->relocbase; 1782#endif 1783 1784 if (r_debug.r_map == NULL) { 1785 r_debug.r_map = l; 1786 return; 1787 } 1788 1789 /* 1790 * Scan to the end of the list, but not past the entry for the 1791 * dynamic linker, which we want to keep at the very end. 1792 */ 1793 for (prev = r_debug.r_map; 1794 prev->l_next != NULL && prev->l_next != &obj_rtld.linkmap; 1795 prev = prev->l_next) 1796 ; 1797 1798 /* Link in the new entry. */ 1799 l->l_prev = prev; 1800 l->l_next = prev->l_next; 1801 if (l->l_next != NULL) 1802 l->l_next->l_prev = l; 1803 prev->l_next = l; 1804} 1805 1806static void 1807linkmap_delete(Obj_Entry *obj) 1808{ 1809 struct link_map *l = &obj->linkmap; 1810 1811 if (l->l_prev == NULL) { 1812 if ((r_debug.r_map = l->l_next) != NULL) 1813 l->l_next->l_prev = NULL; 1814 return; 1815 } 1816 1817 if ((l->l_prev->l_next = l->l_next) != NULL) 1818 l->l_next->l_prev = l->l_prev; 1819} 1820 1821/* 1822 * Function for the debugger to set a breakpoint on to gain control. 1823 * 1824 * The two parameters allow the debugger to easily find and determine 1825 * what the runtime loader is doing and to whom it is doing it. 1826 * 1827 * When the loadhook trap is hit (r_debug_state, set at program 1828 * initialization), the arguments can be found on the stack: 1829 * 1830 * +8 struct link_map *m 1831 * +4 struct r_debug *rd 1832 * +0 RetAddr 1833 */ 1834void 1835r_debug_state(struct r_debug* rd, struct link_map *m) 1836{ 1837} 1838 1839/* 1840 * Get address of the pointer variable in the main program. 1841 */ 1842static const void ** 1843get_program_var_addr(const char *name) 1844{ 1845 const Obj_Entry *obj; 1846 unsigned long hash; 1847 1848 hash = elf_hash(name); 1849 for (obj = obj_main; obj != NULL; obj = obj->next) { 1850 const Elf_Sym *def; 1851 1852 if ((def = symlook_obj(name, hash, obj, false)) != NULL) { 1853 const void **addr; 1854 1855 addr = (const void **)(obj->relocbase + def->st_value); 1856 return addr; 1857 } 1858 } 1859 return NULL; 1860} 1861 1862/* 1863 * Set a pointer variable in the main program to the given value. This 1864 * is used to set key variables such as "environ" before any of the 1865 * init functions are called. 1866 */ 1867static void 1868set_program_var(const char *name, const void *value) 1869{ 1870 const void **addr; 1871 1872 if ((addr = get_program_var_addr(name)) != NULL) { 1873 dbg("\"%s\": *%p <-- %p", name, addr, value); 1874 *addr = value; 1875 } 1876} 1877 1878/* 1879 * Given a symbol name in a referencing object, find the corresponding 1880 * definition of the symbol. Returns a pointer to the symbol, or NULL if 1881 * no definition was found. Returns a pointer to the Obj_Entry of the 1882 * defining object via the reference parameter DEFOBJ_OUT. 1883 */ 1884static const Elf_Sym * 1885symlook_default(const char *name, unsigned long hash, 1886 const Obj_Entry *refobj, const Obj_Entry **defobj_out, bool in_plt) 1887{ 1888 DoneList donelist; 1889 const Elf_Sym *def; 1890 const Elf_Sym *symp; 1891 const Obj_Entry *obj; 1892 const Obj_Entry *defobj; 1893 const Objlist_Entry *elm; 1894 def = NULL; 1895 defobj = NULL; 1896 donelist_init(&donelist); 1897 1898 /* Look first in the referencing object if linked symbolically. */ 1899 if (refobj->symbolic && !donelist_check(&donelist, refobj)) { 1900 symp = symlook_obj(name, hash, refobj, in_plt); 1901 if (symp != NULL) { 1902 def = symp; 1903 defobj = refobj; 1904 } 1905 } 1906 1907 /* Search all objects loaded at program start up. */ 1908 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1909 symp = symlook_list(name, hash, &list_main, &obj, in_plt, &donelist); 1910 if (symp != NULL && 1911 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1912 def = symp; 1913 defobj = obj; 1914 } 1915 } 1916 1917 /* Search all DAGs whose roots are RTLD_GLOBAL objects. */ 1918 STAILQ_FOREACH(elm, &list_global, link) { 1919 if (def != NULL && ELF_ST_BIND(def->st_info) != STB_WEAK) 1920 break; 1921 symp = symlook_list(name, hash, &elm->obj->dagmembers, &obj, in_plt, 1922 &donelist); 1923 if (symp != NULL && 1924 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1925 def = symp; 1926 defobj = obj; 1927 } 1928 } 1929 1930 /* Search all dlopened DAGs containing the referencing object. */ 1931 STAILQ_FOREACH(elm, &refobj->dldags, link) { 1932 if (def != NULL && ELF_ST_BIND(def->st_info) != STB_WEAK) 1933 break; 1934 symp = symlook_list(name, hash, &elm->obj->dagmembers, &obj, in_plt, 1935 &donelist); 1936 if (symp != NULL && 1937 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 1938 def = symp; 1939 defobj = obj; 1940 } 1941 } 1942 1943 /* 1944 * Search the dynamic linker itself, and possibly resolve the 1945 * symbol from there. This is how the application links to 1946 * dynamic linker services such as dlopen. Only the values listed 1947 * in the "exports" array can be resolved from the dynamic linker. 1948 */ 1949 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1950 symp = symlook_obj(name, hash, &obj_rtld, in_plt); 1951 if (symp != NULL && is_exported(symp)) { 1952 def = symp; 1953 defobj = &obj_rtld; 1954 } 1955 } 1956 1957 if (def != NULL) 1958 *defobj_out = defobj; 1959 return def; 1960} 1961 1962static const Elf_Sym * 1963symlook_list(const char *name, unsigned long hash, Objlist *objlist, 1964 const Obj_Entry **defobj_out, bool in_plt, DoneList *dlp) 1965{ 1966 const Elf_Sym *symp; 1967 const Elf_Sym *def; 1968 const Obj_Entry *defobj; 1969 const Objlist_Entry *elm; 1970 1971 def = NULL; 1972 defobj = NULL; 1973 STAILQ_FOREACH(elm, objlist, link) { 1974 if (donelist_check(dlp, elm->obj)) 1975 continue; 1976 if ((symp = symlook_obj(name, hash, elm->obj, in_plt)) != NULL) { 1977 if (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK) { 1978 def = symp; 1979 defobj = elm->obj; 1980 if (ELF_ST_BIND(def->st_info) != STB_WEAK) 1981 break; 1982 } 1983 } 1984 } 1985 if (def != NULL) 1986 *defobj_out = defobj; 1987 return def; 1988} 1989 1990/* 1991 * Search the symbol table of a single shared object for a symbol of 1992 * the given name. Returns a pointer to the symbol, or NULL if no 1993 * definition was found. 1994 * 1995 * The symbol's hash value is passed in for efficiency reasons; that 1996 * eliminates many recomputations of the hash value. 1997 */ 1998const Elf_Sym * 1999symlook_obj(const char *name, unsigned long hash, const Obj_Entry *obj, 2000 bool in_plt) 2001{ 2002 if (obj->buckets != NULL) { 2003 unsigned long symnum = obj->buckets[hash % obj->nbuckets]; 2004 2005 while (symnum != STN_UNDEF) { 2006 const Elf_Sym *symp; 2007 const char *strp; 2008 2009 if (symnum >= obj->nchains) 2010 return NULL; /* Bad object */ 2011 symp = obj->symtab + symnum; 2012 strp = obj->strtab + symp->st_name; 2013 2014 if (name[0] == strp[0] && strcmp(name, strp) == 0) 2015 return symp->st_shndx != SHN_UNDEF || 2016 (!in_plt && symp->st_value != 0 && 2017 ELF_ST_TYPE(symp->st_info) == STT_FUNC) ? symp : NULL; 2018 2019 symnum = obj->chains[symnum]; 2020 } 2021 } 2022 return NULL; 2023} 2024 2025static void 2026trace_loaded_objects(Obj_Entry *obj) 2027{ 2028 char *fmt1, *fmt2, *fmt, *main_local, *list_containers; 2029 int c; 2030 2031 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL) 2032 main_local = ""; 2033 2034 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL) 2035 fmt1 = "\t%o => %p (%x)\n"; 2036 2037 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL) 2038 fmt2 = "\t%o (%x)\n"; 2039 2040 list_containers = getenv("LD_TRACE_LOADED_OBJECTS_ALL"); 2041 2042 for (; obj; obj = obj->next) { 2043 Needed_Entry *needed; 2044 char *name, *path; 2045 bool is_lib; 2046 2047 if (list_containers && obj->needed != NULL) 2048 printf("%s:\n", obj->path); 2049 for (needed = obj->needed; needed; needed = needed->next) { 2050 if (needed->obj != NULL) { 2051 if (needed->obj->traced && !list_containers) 2052 continue; 2053 needed->obj->traced = true; 2054 path = needed->obj->path; 2055 } else 2056 path = "not found"; 2057 2058 name = (char *)obj->strtab + needed->name; 2059 is_lib = strncmp(name, "lib", 3) == 0; /* XXX - bogus */ 2060 2061 fmt = is_lib ? fmt1 : fmt2; 2062 while ((c = *fmt++) != '\0') { 2063 switch (c) { 2064 default: 2065 putchar(c); 2066 continue; 2067 case '\\': 2068 switch (c = *fmt) { 2069 case '\0': 2070 continue; 2071 case 'n': 2072 putchar('\n'); 2073 break; 2074 case 't': 2075 putchar('\t'); 2076 break; 2077 } 2078 break; 2079 case '%': 2080 switch (c = *fmt) { 2081 case '\0': 2082 continue; 2083 case '%': 2084 default: 2085 putchar(c); 2086 break; 2087 case 'A': 2088 printf("%s", main_local); 2089 break; 2090 case 'a': 2091 printf("%s", obj_main->path); 2092 break; 2093 case 'o': 2094 printf("%s", name); 2095 break; 2096#if 0 2097 case 'm': 2098 printf("%d", sodp->sod_major); 2099 break; 2100 case 'n': 2101 printf("%d", sodp->sod_minor); 2102 break; 2103#endif 2104 case 'p': 2105 printf("%s", path); 2106 break; 2107 case 'x': 2108 printf("%p", needed->obj ? needed->obj->mapbase : 0); 2109 break; 2110 } 2111 break; 2112 } 2113 ++fmt; 2114 } 2115 } 2116 } 2117} 2118 2119/* 2120 * Unload a dlopened object and its dependencies from memory and from 2121 * our data structures. It is assumed that the DAG rooted in the 2122 * object has already been unreferenced, and that the object has a 2123 * reference count of 0. 2124 */ 2125static void 2126unload_object(Obj_Entry *root) 2127{ 2128 Obj_Entry *obj; 2129 Obj_Entry **linkp; 2130 Objlist_Entry *elm; 2131 2132 assert(root->refcount == 0); 2133 2134 /* Remove the DAG from all objects' DAG lists. */ 2135 STAILQ_FOREACH(elm, &root->dagmembers , link) 2136 objlist_remove(&elm->obj->dldags, root); 2137 2138 /* Remove the DAG from the RTLD_GLOBAL list. */ 2139 objlist_remove(&list_global, root); 2140 2141 /* Unmap all objects that are no longer referenced. */ 2142 linkp = &obj_list->next; 2143 while ((obj = *linkp) != NULL) { 2144 if (obj->refcount == 0) { 2145 dbg("unloading \"%s\"", obj->path); 2146 munmap(obj->mapbase, obj->mapsize); 2147 linkmap_delete(obj); 2148 *linkp = obj->next; 2149 obj_count--; 2150 obj_free(obj); 2151 } else 2152 linkp = &obj->next; 2153 } 2154 obj_tail = linkp; 2155} 2156 2157static void 2158unref_dag(Obj_Entry *root) 2159{ 2160 const Needed_Entry *needed; 2161 2162 if (root->refcount == 0) 2163 return; 2164 root->refcount--; 2165 if (root->refcount == 0) 2166 for (needed = root->needed; needed != NULL; needed = needed->next) 2167 if (needed->obj != NULL) 2168 unref_dag(needed->obj); 2169} 2170 2171/* 2172 * Non-mallocing printf, for use by malloc itself. 2173 * XXX - This doesn't belong in this module. 2174 */ 2175void 2176xprintf(const char *fmt, ...) 2177{ 2178 char buf[256]; 2179 va_list ap; 2180 2181 va_start(ap, fmt); 2182 vsprintf(buf, fmt, ap); 2183 (void)write(STDOUT_FILENO, buf, strlen(buf)); 2184 va_end(ap); 2185} 2186