1#define _GNU_SOURCE 2#include "dynlink.h" 3#include "relr.h" 4#include "libc.h" 5#include "asan_impl.h" 6#include "zircon_impl.h" 7#include "threads_impl.h" 8#include "stdio_impl.h" 9#include <ctype.h> 10#include <dlfcn.h> 11#include <elf.h> 12#include <errno.h> 13#include <fcntl.h> 14#include <limits.h> 15#include <link.h> 16#include <zircon/dlfcn.h> 17#include <zircon/process.h> 18#include <zircon/status.h> 19#include <zircon/syscalls/log.h> 20#include <pthread.h> 21#include <setjmp.h> 22#include <stdalign.h> 23#include <stdarg.h> 24#include <stdatomic.h> 25#include <stddef.h> 26#include <stdint.h> 27#include <stdio.h> 28#include <stdlib.h> 29#include <string.h> 30#include <sys/mman.h> 31#include <sys/stat.h> 32#include <sys/uio.h> 33#include <unistd.h> 34 35#include <inttypes.h> 36 37#include <ldmsg/ldmsg.h> 38#include <runtime/message.h> 39#include <runtime/processargs.h> 40#include <runtime/thread.h> 41 42 43static void early_init(void); 44static void error(const char*, ...); 45static void debugmsg(const char*, ...); 46static zx_status_t get_library_vmo(const char* name, zx_handle_t* vmo); 47static void loader_svc_config(const char* config); 48 49#define MAXP2(a, b) (-(-(a) & -(b))) 50#define ALIGN(x, y) (((x) + (y)-1) & -(y)) 51 52#define VMO_NAME_DL_ALLOC "ld.so.1-internal-heap" 53#define VMO_NAME_UNKNOWN "<unknown ELF file>" 54#define VMO_NAME_PREFIX_BSS "bss:" 55#define VMO_NAME_PREFIX_DATA "data:" 56 57struct dso { 58 // Must be first. 59 struct link_map l_map; 60 61 const struct gnu_note* build_id_note; 62 // TODO(mcgrathr): Remove build_id_log when everything uses markup. 63 struct iovec build_id_log; 64 atomic_flag logged; 65 66 // ID of this module for symbolizer markup. 67 unsigned int module_id; 68 69 const char* soname; 70 Phdr* phdr; 71 unsigned int phnum; 72 size_t phentsize; 73 int refcnt; 74 zx_handle_t vmar; // Closed after relocation. 75 Sym* syms; 76 uint32_t* hashtab; 77 uint32_t* ghashtab; 78 int16_t* versym; 79 char* strings; 80 unsigned char* map; 81 size_t map_len; 82 signed char global; 83 char relocated; 84 char constructed; 85 struct dso **deps, *needed_by; 86 struct tls_module tls; 87 size_t tls_id; 88 size_t relro_start, relro_end; 89 void** new_dtv; 90 unsigned char* new_tls; 91 atomic_int new_dtv_idx, new_tls_idx; 92 struct dso* fini_next; 93 struct funcdesc { 94 void* addr; 95 size_t* got; 96 } * funcdescs; 97 size_t* got; 98 struct dso* buf[]; 99}; 100 101struct symdef { 102 Sym* sym; 103 struct dso* dso; 104}; 105 106union gnu_note_name { 107 char name[sizeof("GNU")]; 108 uint32_t word; 109}; 110#define GNU_NOTE_NAME ((union gnu_note_name){.name = "GNU"}) 111_Static_assert(sizeof(GNU_NOTE_NAME.name) == sizeof(GNU_NOTE_NAME.word), ""); 112 113struct gnu_note { 114 Elf64_Nhdr nhdr; 115 union gnu_note_name name; 116 alignas(4) uint8_t desc[]; 117}; 118 119#define MIN_TLS_ALIGN alignof(struct pthread) 120 121#define ADDEND_LIMIT 4096 122static size_t *saved_addends, *apply_addends_to; 123 124static struct dso ldso, vdso; 125static struct dso *head, *tail, *fini_head; 126static struct dso *detached_head; 127static unsigned long long gencnt; 128static int runtime __asm__("_dynlink_runtime") __USED; 129static int ldso_fail; 130static jmp_buf* rtld_fail; 131static pthread_rwlock_t lock; 132static struct r_debug debug; 133static struct tls_module* tls_tail; 134static size_t tls_cnt, tls_offset = 16, tls_align = MIN_TLS_ALIGN; 135static size_t static_tls_cnt; 136static pthread_mutex_t init_fini_lock = {._m_type = PTHREAD_MUTEX_RECURSIVE}; 137 138static bool log_libs = false; 139static atomic_uintptr_t unlogged_tail; 140 141static zx_handle_t loader_svc = ZX_HANDLE_INVALID; 142static zx_handle_t logger = ZX_HANDLE_INVALID; 143 144// Various tools use this value to bootstrap their knowledge of the process. 145// E.g., the list of loaded shared libraries is obtained from here. 146// The value is stored in the process's ZX_PROPERTY_PROCESS_DEBUG_ADDR so that 147// tools can obtain the value when aslr is enabled. 148struct r_debug* _dl_debug_addr = &debug; 149 150// If true then dump load map data in a specific format for tracing. 151// This is used by Intel PT (Processor Trace) support for example when 152// post-processing the h/w trace. 153static bool trace_maps = false; 154 155NO_ASAN static int dl_strcmp(const char* l, const char* r) { 156 for (; *l == *r && *l; l++, r++) 157 ; 158 return *(unsigned char*)l - *(unsigned char*)r; 159} 160#define strcmp(l, r) dl_strcmp(l, r) 161 162// Signals a debug breakpoint. It does't use __builtin_trap() because that's 163// actually an "undefined instruction" rather than a debug breakpoint, and 164// __builtin_trap() documented to never return. We don't want the compiler to 165// optimize later code away because it assumes the trap will never be returned 166// from. 167static void debug_break(void) { 168#if defined(__x86_64__) 169 __asm__("int3"); 170#elif defined(__aarch64__) 171 __asm__("brk 0"); 172#else 173#error 174#endif 175} 176 177// Simple bump allocator for dynamic linker internal data structures. 178// This allocator is single-threaded: it can be used only at startup or 179// while holding the big lock. These allocations can never be freed 180// once in use. But it does support a simple checkpoint and rollback 181// mechanism to undo all allocations since the checkpoint, used for the 182// abortive dlopen case. 183 184union allocated_types { 185 struct dso dso; 186 size_t tlsdesc[2]; 187}; 188#define DL_ALLOC_ALIGN alignof(union allocated_types) 189 190static uintptr_t alloc_base, alloc_limit, alloc_ptr; 191 192__NO_SAFESTACK NO_ASAN __attribute__((malloc)) 193static void* dl_alloc(size_t size) { 194 // Round the size up so the allocation pointer always stays aligned. 195 size = (size + DL_ALLOC_ALIGN - 1) & -DL_ALLOC_ALIGN; 196 197 // Get more pages if needed. The remaining partial page, if any, 198 // is wasted unless the system happens to give us the adjacent page. 199 if (alloc_limit - alloc_ptr < size) { 200 size_t chunk_size = (size + PAGE_SIZE - 1) & -PAGE_SIZE; 201 zx_handle_t vmo; 202 zx_status_t status = _zx_vmo_create(chunk_size, 0, &vmo); 203 if (status != ZX_OK) 204 return NULL; 205 _zx_object_set_property(vmo, ZX_PROP_NAME, 206 VMO_NAME_DL_ALLOC, sizeof(VMO_NAME_DL_ALLOC)); 207 uintptr_t chunk; 208 status = _zx_vmar_map(_zx_vmar_root_self(), 209 ZX_VM_PERM_READ | ZX_VM_PERM_WRITE, 210 0, vmo, 0, chunk_size, &chunk); 211 _zx_handle_close(vmo); 212 if (status != ZX_OK) 213 return NULL; 214 if (chunk != alloc_limit) 215 alloc_ptr = alloc_base = chunk; 216 alloc_limit = chunk + chunk_size; 217 } 218 219 void* block = (void*)alloc_ptr; 220 alloc_ptr += size; 221 222 return block; 223} 224 225struct dl_alloc_checkpoint { 226 uintptr_t ptr, base; 227}; 228 229__NO_SAFESTACK 230static void dl_alloc_checkpoint(struct dl_alloc_checkpoint *state) { 231 state->ptr = alloc_ptr; 232 state->base = alloc_base; 233} 234 235__NO_SAFESTACK 236static void dl_alloc_rollback(const struct dl_alloc_checkpoint *state) { 237 uintptr_t frontier = alloc_ptr; 238 // If we're still using the same contiguous chunk as the checkpoint 239 // state, we can just restore the old state directly and waste nothing. 240 // If we've allocated new chunks since then, the best we can do is 241 // reset to the beginning of the current chunk, since we haven't kept 242 // track of the past chunks. 243 alloc_ptr = alloc_base == state->base ? state->ptr : alloc_base; 244 memset((void*)alloc_ptr, 0, frontier - alloc_ptr); 245} 246 247 248/* Compute load address for a virtual address in a given dso. */ 249__NO_SAFESTACK NO_ASAN static inline size_t saddr(struct dso* p, size_t v) { 250 return p->l_map.l_addr + v; 251} 252 253__NO_SAFESTACK NO_ASAN static inline void* laddr(struct dso* p, size_t v) { 254 return (void*)saddr(p, v); 255} 256 257__NO_SAFESTACK NO_ASAN 258static inline void (*fpaddr(struct dso* p, size_t v))(void) { 259 return (void (*)(void))saddr(p, v); 260} 261 262// Accessors for dso previous and next pointers. 263__NO_SAFESTACK NO_ASAN static inline struct dso* dso_next(struct dso* p) { 264 return (struct dso*)p->l_map.l_next; 265} 266 267__NO_SAFESTACK NO_ASAN static inline struct dso* dso_prev(struct dso* p) { 268 return (struct dso*)p->l_map.l_prev; 269} 270 271__NO_SAFESTACK NO_ASAN 272static inline void dso_set_next(struct dso* p, struct dso* next) { 273 p->l_map.l_next = next ? &next->l_map : NULL; 274} 275 276__NO_SAFESTACK NO_ASAN 277static inline void dso_set_prev(struct dso* p, struct dso* prev) { 278 p->l_map.l_prev = prev ? &prev->l_map : NULL; 279} 280 281// TODO(mcgrathr): Working around arcane compiler issues; find a better way. 282// The compiler can decide to turn the loop below into a memset call. Since 283// memset is an exported symbol, calls to that name are PLT calls. But this 284// code runs before PLT calls are available. So use the .weakref trick to 285// tell the assembler to rename references (the compiler generates) to memset 286// to __libc_memset. That's a hidden symbol that won't cause a PLT entry to 287// be generated, so it's safe to use in calls here. 288__asm__(".weakref memset,__libc_memset"); 289 290__NO_SAFESTACK NO_ASAN 291 static void decode_vec(ElfW(Dyn)* v, size_t* a, size_t cnt) { 292 size_t i; 293 for (i = 0; i < cnt; i++) 294 a[i] = 0; 295 for (; v->d_tag; v++) 296 if (v->d_tag - 1 < cnt - 1) { 297 a[0] |= 1UL << v->d_tag; 298 a[v->d_tag] = v->d_un.d_val; 299 } 300} 301 302__NO_SAFESTACK NO_ASAN 303 static int search_vec(ElfW(Dyn)* v, size_t* r, size_t key) { 304 for (; v->d_tag != key; v++) 305 if (!v->d_tag) 306 return 0; 307 *r = v->d_un.d_val; 308 return 1; 309} 310 311__NO_SAFESTACK NO_ASAN static uint32_t sysv_hash(const char* s0) { 312 const unsigned char* s = (void*)s0; 313 uint_fast32_t h = 0; 314 while (*s) { 315 h = 16 * h + *s++; 316 h ^= h >> 24 & 0xf0; 317 } 318 return h & 0xfffffff; 319} 320 321__NO_SAFESTACK NO_ASAN static uint32_t gnu_hash(const char* s0) { 322 const unsigned char* s = (void*)s0; 323 uint_fast32_t h = 5381; 324 for (; *s; s++) 325 h += h * 32 + *s; 326 return h; 327} 328 329__NO_SAFESTACK NO_ASAN static Sym* sysv_lookup(const char* s, uint32_t h, 330 struct dso* dso) { 331 size_t i; 332 Sym* syms = dso->syms; 333 uint32_t* hashtab = dso->hashtab; 334 char* strings = dso->strings; 335 for (i = hashtab[2 + h % hashtab[0]]; i; i = hashtab[2 + hashtab[0] + i]) { 336 if ((!dso->versym || dso->versym[i] >= 0) && (!strcmp(s, strings + syms[i].st_name))) 337 return syms + i; 338 } 339 return 0; 340} 341 342__NO_SAFESTACK NO_ASAN static Sym* gnu_lookup(uint32_t h1, uint32_t* hashtab, 343 struct dso* dso, const char* s) { 344 uint32_t nbuckets = hashtab[0]; 345 uint32_t* buckets = hashtab + 4 + hashtab[2] * (sizeof(size_t) / 4); 346 uint32_t i = buckets[h1 % nbuckets]; 347 348 if (!i) 349 return 0; 350 351 uint32_t* hashval = buckets + nbuckets + (i - hashtab[1]); 352 353 for (h1 |= 1;; i++) { 354 uint32_t h2 = *hashval++; 355 if ((h1 == (h2 | 1)) && (!dso->versym || dso->versym[i] >= 0) && 356 !strcmp(s, dso->strings + dso->syms[i].st_name)) 357 return dso->syms + i; 358 if (h2 & 1) 359 break; 360 } 361 362 return 0; 363} 364 365__NO_SAFESTACK NO_ASAN 366static Sym* gnu_lookup_filtered(uint32_t h1, uint32_t* hashtab, 367 struct dso* dso, const char* s, 368 uint32_t fofs, size_t fmask) { 369 const size_t* bloomwords = (const void*)(hashtab + 4); 370 size_t f = bloomwords[fofs & (hashtab[2] - 1)]; 371 if (!(f & fmask)) 372 return 0; 373 374 f >>= (h1 >> hashtab[3]) % (8 * sizeof f); 375 if (!(f & 1)) 376 return 0; 377 378 return gnu_lookup(h1, hashtab, dso, s); 379} 380 381#define OK_TYPES \ 382 (1 << STT_NOTYPE | 1 << STT_OBJECT | 1 << STT_FUNC | 1 << STT_COMMON | 1 << STT_TLS) 383#define OK_BINDS (1 << STB_GLOBAL | 1 << STB_WEAK | 1 << STB_GNU_UNIQUE) 384 385__NO_SAFESTACK NO_ASAN 386static struct symdef find_sym(struct dso* dso, const char* s, int need_def) { 387 uint32_t h = 0, gh = 0, gho = 0, *ght; 388 size_t ghm = 0; 389 struct symdef def = {}; 390 for (; dso; dso = dso_next(dso)) { 391 Sym* sym; 392 if (!dso->global) 393 continue; 394 if ((ght = dso->ghashtab)) { 395 if (!ghm) { 396 gh = gnu_hash(s); 397 int maskbits = 8 * sizeof ghm; 398 gho = gh / maskbits; 399 ghm = 1ul << gh % maskbits; 400 } 401 sym = gnu_lookup_filtered(gh, ght, dso, s, gho, ghm); 402 } else { 403 if (!h) 404 h = sysv_hash(s); 405 sym = sysv_lookup(s, h, dso); 406 } 407 if (!sym) 408 continue; 409 if (!sym->st_shndx) 410 if (need_def || (sym->st_info & 0xf) == STT_TLS) 411 continue; 412 if (!sym->st_value) 413 if ((sym->st_info & 0xf) != STT_TLS) 414 continue; 415 if (!(1 << (sym->st_info & 0xf) & OK_TYPES)) 416 continue; 417 if (!(1 << (sym->st_info >> 4) & OK_BINDS)) 418 continue; 419 420 if (def.sym && sym->st_info >> 4 == STB_WEAK) 421 continue; 422 def.sym = sym; 423 def.dso = dso; 424 if (sym->st_info >> 4 == STB_GLOBAL) 425 break; 426 } 427 return def; 428} 429 430__attribute__((__visibility__("hidden"))) ptrdiff_t __tlsdesc_static(void), __tlsdesc_dynamic(void); 431 432__NO_SAFESTACK NO_ASAN static void do_relocs(struct dso* dso, size_t* rel, 433 size_t rel_size, size_t stride) { 434 ElfW(Addr) base = dso->l_map.l_addr; 435 Sym* syms = dso->syms; 436 char* strings = dso->strings; 437 Sym* sym; 438 const char* name; 439 void* ctx; 440 int type; 441 int sym_index; 442 struct symdef def; 443 size_t* reloc_addr; 444 size_t sym_val; 445 size_t tls_val; 446 size_t addend; 447 int skip_relative = 0, reuse_addends = 0, save_slot = 0; 448 449 if (dso == &ldso) { 450 /* Only ldso's REL table needs addend saving/reuse. */ 451 if (rel == apply_addends_to) 452 reuse_addends = 1; 453 skip_relative = 1; 454 } 455 456 for (; rel_size; rel += stride, rel_size -= stride * sizeof(size_t)) { 457 if (skip_relative && R_TYPE(rel[1]) == REL_RELATIVE) 458 continue; 459 type = R_TYPE(rel[1]); 460 if (type == REL_NONE) 461 continue; 462 sym_index = R_SYM(rel[1]); 463 reloc_addr = laddr(dso, rel[0]); 464 if (sym_index) { 465 sym = syms + sym_index; 466 name = strings + sym->st_name; 467 ctx = type == REL_COPY ? dso_next(head) : head; 468 def = (sym->st_info & 0xf) == STT_SECTION ? (struct symdef){.dso = dso, .sym = sym} 469 : find_sym(ctx, name, type == REL_PLT); 470 if (!def.sym && (sym->st_shndx != SHN_UNDEF || sym->st_info >> 4 != STB_WEAK)) { 471 error("Error relocating %s: %s: symbol not found", dso->l_map.l_name, name); 472 if (runtime) 473 longjmp(*rtld_fail, 1); 474 continue; 475 } 476 } else { 477 sym = 0; 478 def.sym = 0; 479 def.dso = dso; 480 } 481 482 if (stride > 2) { 483 addend = rel[2]; 484 } else if (type == REL_GOT || type == REL_PLT || type == REL_COPY) { 485 addend = 0; 486 } else if (reuse_addends) { 487 /* Save original addend in stage 2 where the dso 488 * chain consists of just ldso; otherwise read back 489 * saved addend since the inline one was clobbered. */ 490 if (head == &ldso) 491 saved_addends[save_slot] = *reloc_addr; 492 addend = saved_addends[save_slot++]; 493 } else { 494 addend = *reloc_addr; 495 } 496 497 sym_val = def.sym ? saddr(def.dso, def.sym->st_value) : 0; 498 tls_val = def.sym ? def.sym->st_value : 0; 499 500 switch (type) { 501 case REL_NONE: 502 break; 503 case REL_OFFSET: 504 addend -= (size_t)reloc_addr; 505 case REL_SYMBOLIC: 506 case REL_GOT: 507 case REL_PLT: 508 *reloc_addr = sym_val + addend; 509 break; 510 case REL_RELATIVE: 511 *reloc_addr = base + addend; 512 break; 513 case REL_COPY: 514 memcpy(reloc_addr, (void*)sym_val, sym->st_size); 515 break; 516 case REL_OFFSET32: 517 *(uint32_t*)reloc_addr = sym_val + addend - (size_t)reloc_addr; 518 break; 519 case REL_FUNCDESC: 520 *reloc_addr = def.sym ? (size_t)(def.dso->funcdescs + (def.sym - def.dso->syms)) : 0; 521 break; 522 case REL_FUNCDESC_VAL: 523 if ((sym->st_info & 0xf) == STT_SECTION) 524 *reloc_addr += sym_val; 525 else 526 *reloc_addr = sym_val; 527 reloc_addr[1] = def.sym ? (size_t)def.dso->got : 0; 528 break; 529 case REL_DTPMOD: 530 *reloc_addr = def.dso->tls_id; 531 break; 532 case REL_DTPOFF: 533 *reloc_addr = tls_val + addend - DTP_OFFSET; 534 break; 535#ifdef TLS_ABOVE_TP 536 case REL_TPOFF: 537 *reloc_addr = tls_val + def.dso->tls.offset + addend; 538 break; 539#else 540 case REL_TPOFF: 541 *reloc_addr = tls_val - def.dso->tls.offset + addend; 542 break; 543 case REL_TPOFF_NEG: 544 *reloc_addr = def.dso->tls.offset - tls_val + addend; 545 break; 546#endif 547 case REL_TLSDESC: 548 if (stride < 3) 549 addend = reloc_addr[1]; 550 if (runtime && def.dso->tls_id >= static_tls_cnt) { 551 size_t* new = dl_alloc(2 * sizeof(size_t)); 552 if (!new) { 553 error("Error relocating %s: cannot allocate TLSDESC for %s", dso->l_map.l_name, 554 sym ? name : "(local)"); 555 longjmp(*rtld_fail, 1); 556 } 557 new[0] = def.dso->tls_id; 558 new[1] = tls_val + addend; 559 reloc_addr[0] = (size_t)__tlsdesc_dynamic; 560 reloc_addr[1] = (size_t) new; 561 } else { 562 reloc_addr[0] = (size_t)__tlsdesc_static; 563#ifdef TLS_ABOVE_TP 564 reloc_addr[1] = tls_val + def.dso->tls.offset + addend; 565#else 566 reloc_addr[1] = tls_val - def.dso->tls.offset + addend; 567#endif 568 } 569 break; 570 default: 571 error("Error relocating %s: unsupported relocation type %d", dso->l_map.l_name, type); 572 if (runtime) 573 longjmp(*rtld_fail, 1); 574 continue; 575 } 576 } 577} 578 579__NO_SAFESTACK static void unmap_library(struct dso* dso) { 580 if (dso->map && dso->map_len) { 581 munmap(dso->map, dso->map_len); 582 } 583 if (dso->vmar != ZX_HANDLE_INVALID) { 584 _zx_vmar_destroy(dso->vmar); 585 _zx_handle_close(dso->vmar); 586 dso->vmar = ZX_HANDLE_INVALID; 587 } 588} 589 590// app.module_id is always zero, so assignments start with 1. 591__NO_SAFESTACK NO_ASAN static void assign_module_id(struct dso* dso) { 592 static unsigned int last_module_id; 593 dso->module_id = ++last_module_id; 594} 595 596// Locate the build ID note just after mapping the segments in. 597// This is called from dls2, so it cannot use any non-static functions. 598__NO_SAFESTACK NO_ASAN static bool find_buildid_note(struct dso* dso, 599 const Phdr* seg) { 600 const char* end = laddr(dso, seg->p_vaddr + seg->p_filesz); 601 for (const struct gnu_note* n = laddr(dso, seg->p_vaddr); 602 (const char*)n < end; 603 n = (const void*)(n->name.name + 604 ((n->nhdr.n_namesz + 3) & -4) + 605 ((n->nhdr.n_descsz + 3) & -4))) { 606 if (n->nhdr.n_type == NT_GNU_BUILD_ID && 607 n->nhdr.n_namesz == sizeof(GNU_NOTE_NAME) && 608 n->name.word == GNU_NOTE_NAME.word) { 609 dso->build_id_note = n; 610 return true; 611 } 612 } 613 return false; 614} 615 616// TODO(mcgrathr): Remove this all when everything uses markup. 617 618// We pre-format the log line for each DSO early so that we can log it 619// without running any nontrivial code. We use hand-rolled formatting 620// code to avoid using large and complex code like the printf engine. 621// Each line looks like "dso: id=... base=0x... name=...\n". 622#define BUILD_ID_LOG_1 "dso: id=" 623#define BUILD_ID_LOG_NONE "none" 624#define BUILD_ID_LOG_2 " base=0x" 625#define BUILD_ID_LOG_3 " name=" 626 627__NO_SAFESTACK static size_t build_id_log_size(struct dso* dso, 628 size_t namelen) { 629 size_t id_size = (dso->build_id_note == NULL ? 630 sizeof(BUILD_ID_LOG_NONE) - 1 : 631 dso->build_id_note->nhdr.n_descsz * 2); 632 return (sizeof(BUILD_ID_LOG_1) - 1 + id_size + 633 sizeof(BUILD_ID_LOG_2) - 1 + (sizeof(size_t) * 2) + 634 sizeof(BUILD_ID_LOG_3) - 1 + namelen + 1); 635} 636 637__NO_SAFESTACK static void format_build_id_log( 638 struct dso* dso, char *buffer, const char *name, size_t namelen) { 639#define HEXDIGITS "0123456789abcdef" 640 const struct gnu_note* note = dso->build_id_note; 641 dso->build_id_log.iov_base = buffer; 642 memcpy(buffer, BUILD_ID_LOG_1, sizeof(BUILD_ID_LOG_1) - 1); 643 char *p = buffer + sizeof(BUILD_ID_LOG_1) - 1; 644 if (note == NULL) { 645 memcpy(p, BUILD_ID_LOG_NONE, sizeof(BUILD_ID_LOG_NONE) - 1); 646 p += sizeof(BUILD_ID_LOG_NONE) - 1; 647 } else { 648 for (Elf64_Word i = 0; i < note->nhdr.n_descsz; ++i) { 649 uint8_t byte = note->desc[i]; 650 *p++ = HEXDIGITS[byte >> 4]; 651 *p++ = HEXDIGITS[byte & 0xf]; 652 } 653 } 654 memcpy(p, BUILD_ID_LOG_2, sizeof(BUILD_ID_LOG_2) - 1); 655 p += sizeof(BUILD_ID_LOG_2) - 1; 656 uintptr_t base = (uintptr_t)dso->l_map.l_addr; 657 unsigned int shift = sizeof(uintptr_t) * 8; 658 do { 659 shift -= 4; 660 *p++ = HEXDIGITS[(base >> shift) & 0xf]; 661 } while (shift > 0); 662 memcpy(p, BUILD_ID_LOG_3, sizeof(BUILD_ID_LOG_3) - 1); 663 p += sizeof(BUILD_ID_LOG_3) - 1; 664 memcpy(p, name, namelen); 665 p += namelen; 666 *p++ = '\n'; 667 dso->build_id_log.iov_len = p - buffer; 668#undef HEXDIGITS 669} 670 671__NO_SAFESTACK static void allocate_and_format_build_id_log(struct dso* dso) { 672 const char* name = dso->l_map.l_name; 673 if (name[0] == '\0') 674 name = dso->soname == NULL ? "<application>" : dso->soname; 675 size_t namelen = strlen(name); 676 char *buffer = dl_alloc(build_id_log_size(dso, namelen)); 677 format_build_id_log(dso, buffer, name, namelen); 678} 679 680// TODO(mcgrathr): Remove above when everything uses markup. 681 682// Format the markup elements by hand to avoid using large and complex code 683// like the printf engine. 684 685__NO_SAFESTACK static char* format_string(char* p, 686 const char* string, size_t len) { 687 return memcpy(p, string, len) + len; 688} 689 690#define FORMAT_HEX_VALUE_SIZE (2 + (sizeof(uint64_t) * 2)) 691#define HEXDIGITS "0123456789abcdef" 692 693__NO_SAFESTACK static char* format_hex_value( 694 char buffer[FORMAT_HEX_VALUE_SIZE], uint64_t value) { 695 char* p = buffer; 696 if (value == 0) { 697 // No "0x" prefix on zero. 698 *p++ = '0'; 699 } else { 700 *p++ = '0'; 701 *p++ = 'x'; 702 // Skip the high nybbles that are zero. 703 int shift = 60; 704 while ((value >> shift) == 0) { 705 shift -= 4; 706 } 707 do { 708 *p++ = HEXDIGITS[(value >> shift) & 0xf]; 709 shift -= 4; 710 } while (shift >= 0); 711 } 712 return p; 713} 714 715__NO_SAFESTACK static char* format_hex_string(char* p, const uint8_t* string, 716 size_t len) { 717 for (size_t i = 0; i < len; ++i) { 718 uint8_t byte = string[i]; 719 *p++ = HEXDIGITS[byte >> 4]; 720 *p++ = HEXDIGITS[byte & 0xf]; 721 } 722 return p; 723} 724 725// The format theoretically does not constrain the size of build ID notes, 726// but there is a reasonable upper bound. 727#define MAX_BUILD_ID_SIZE 64 728 729// Likewise, there's no real limit on the length of module names. 730// But they're only included in the markup output to be informative, 731// so truncating them is OK. 732#define MODULE_NAME_SIZE 64 733 734#define MODULE_ELEMENT_BEGIN "{{{module:" 735#define MODULE_ELEMENT_BUILD_ID_BEGIN ":elf:" 736#define MODULE_ELEMENT_END "}}}\n" 737#define MODULE_ELEMENT_SIZE \ 738 (sizeof(MODULE_ELEMENT_BEGIN) - 1 + FORMAT_HEX_VALUE_SIZE + \ 739 1 + MODULE_NAME_SIZE + sizeof(MODULE_ELEMENT_BUILD_ID_BEGIN) - 1 + \ 740 (MAX_BUILD_ID_SIZE * 2) + 1 + sizeof(MODULE_ELEMENT_END)) 741 742__NO_SAFESTACK static void log_module_element(struct dso* dso) { 743 char buffer[MODULE_ELEMENT_SIZE]; 744 char* p = format_string(buffer, MODULE_ELEMENT_BEGIN, 745 sizeof(MODULE_ELEMENT_BEGIN) - 1); 746 p = format_hex_value(p, dso->module_id); 747 *p++ = ':'; 748 const char* name = dso->l_map.l_name; 749 if (name[0] == '\0') { 750 name = dso->soname == NULL ? "<application>" : dso->soname; 751 } 752 size_t namelen = strlen(name); 753 if (namelen > MODULE_NAME_SIZE) { 754 namelen = MODULE_NAME_SIZE; 755 } 756 p = format_string(p, name, namelen); 757 p = format_string(p, MODULE_ELEMENT_BUILD_ID_BEGIN, 758 sizeof(MODULE_ELEMENT_BUILD_ID_BEGIN) - 1); 759 if (dso->build_id_note) { 760 p = format_hex_string(p, dso->build_id_note->desc, 761 dso->build_id_note->nhdr.n_descsz); 762 } 763 p = format_string(p, MODULE_ELEMENT_END, sizeof(MODULE_ELEMENT_END) - 1); 764 _dl_log_write(buffer, p - buffer); 765} 766 767#define MMAP_ELEMENT_BEGIN "{{{mmap:" 768#define MMAP_ELEMENT_LOAD_BEGIN ":load:" 769#define MMAP_ELEMENT_END "}}}\n" 770#define MMAP_ELEMENT_SIZE \ 771 (sizeof(MMAP_ELEMENT_BEGIN) - 1 + \ 772 FORMAT_HEX_VALUE_SIZE + 1 + \ 773 FORMAT_HEX_VALUE_SIZE + 1 + \ 774 sizeof(MMAP_ELEMENT_LOAD_BEGIN) - 1 + FORMAT_HEX_VALUE_SIZE + 1 + \ 775 3 + 1 + FORMAT_HEX_VALUE_SIZE) 776 777__NO_SAFESTACK static void log_mmap_element(struct dso* dso, const Phdr* ph) { 778 size_t start = ph->p_vaddr & -PAGE_SIZE; 779 size_t end = (ph->p_vaddr + ph->p_memsz + PAGE_SIZE - 1) & -PAGE_SIZE; 780 char buffer[MMAP_ELEMENT_SIZE]; 781 char* p = format_string(buffer, MMAP_ELEMENT_BEGIN, 782 sizeof(MMAP_ELEMENT_BEGIN) - 1); 783 p = format_hex_value(p, saddr(dso, start)); 784 *p++ = ':'; 785 p = format_hex_value(p, end - start); 786 p = format_string(p, MMAP_ELEMENT_LOAD_BEGIN, 787 sizeof(MMAP_ELEMENT_LOAD_BEGIN) - 1); 788 p = format_hex_value(p, dso->module_id); 789 *p++ = ':'; 790 if (ph->p_flags & PF_R) { 791 *p++ = 'r'; 792 } 793 if (ph->p_flags & PF_W) { 794 *p++ = 'w'; 795 } 796 if (ph->p_flags & PF_X) { 797 *p++ = 'x'; 798 } 799 *p++ = ':'; 800 p = format_hex_value(p, start); 801 p = format_string(p, MMAP_ELEMENT_END, sizeof(MMAP_ELEMENT_END) - 1); 802 _dl_log_write(buffer, p - buffer); 803} 804 805// No newline because it's immediately followed by a {{{module:...}}}. 806#define RESET_ELEMENT "{{{reset}}}" 807 808__NO_SAFESTACK static void log_dso(struct dso* dso) { 809 if (dso == head) { 810 // Write the reset element before the first thing listed. 811 _dl_log_write(RESET_ELEMENT, sizeof(RESET_ELEMENT) - 1); 812 } 813 log_module_element(dso); 814 if (dso->phdr) { 815 for (unsigned int i = 0; i < dso->phnum; ++i) { 816 if (dso->phdr[i].p_type == PT_LOAD) { 817 log_mmap_element(dso, &dso->phdr[i]); 818 } 819 } 820 } 821 // TODO(mcgrathr): Remove this when everything uses markup. 822 _dl_log_write(dso->build_id_log.iov_base, dso->build_id_log.iov_len); 823} 824 825__NO_SAFESTACK void _dl_log_unlogged(void) { 826 // The first thread to successfully swap in 0 and get an old value 827 // for unlogged_tail is responsible for logging all the unlogged 828 // DSOs up through that pointer. If dlopen calls move the tail 829 // and another thread then calls into here, we can race with that 830 // thread. So we use a separate atomic_flag on each 'struct dso' 831 // to ensure only one thread prints each one. 832 uintptr_t last_unlogged = 833 atomic_load_explicit(&unlogged_tail, memory_order_acquire); 834 do { 835 if (last_unlogged == 0) 836 return; 837 } while (!atomic_compare_exchange_weak_explicit(&unlogged_tail, 838 &last_unlogged, 0, 839 memory_order_acq_rel, 840 memory_order_relaxed)); 841 for (struct dso* p = head; true; p = dso_next(p)) { 842 if (!atomic_flag_test_and_set_explicit( 843 &p->logged, memory_order_relaxed)) { 844 log_dso(p); 845 } 846 if ((struct dso*)last_unlogged == p) { 847 break; 848 } 849 } 850} 851 852__NO_SAFESTACK NO_ASAN static zx_status_t map_library(zx_handle_t vmo, 853 struct dso* dso) { 854 struct { 855 Ehdr ehdr; 856 // A typical ELF file has 7 or 8 phdrs, so in practice 857 // this is always enough. Life is simpler if there is no 858 // need for dynamic allocation here. 859 Phdr phdrs[16]; 860 } buf; 861 size_t phsize; 862 size_t addr_min = SIZE_MAX, addr_max = 0, map_len; 863 size_t this_min, this_max; 864 size_t nsegs = 0; 865 const Ehdr* const eh = &buf.ehdr; 866 Phdr *ph, *ph0; 867 unsigned char *map = MAP_FAILED, *base; 868 size_t dyn = 0; 869 size_t tls_image = 0; 870 size_t i; 871 872 size_t l; 873 zx_status_t status = _zx_vmo_get_size(vmo, &l); 874 if (status != ZX_OK) 875 return status; 876 status = _zx_vmo_read(vmo, &buf, 0, sizeof(buf) < l ? sizeof(buf) : l); 877 if (status != ZX_OK) 878 return status; 879 // We cannot support ET_EXEC in the general case, because its fixed 880 // addresses might conflict with where the dynamic linker has already 881 // been loaded. It's also policy in Fuchsia that all executables are 882 // PIEs to maximize ASLR security benefits. So don't even try to 883 // handle loading ET_EXEC. 884 if (l < sizeof *eh || eh->e_type != ET_DYN) 885 goto noexec; 886 phsize = eh->e_phentsize * eh->e_phnum; 887 if (phsize > sizeof(buf.phdrs)) 888 goto noexec; 889 if (eh->e_phoff + phsize > l) { 890 status = _zx_vmo_read(vmo, buf.phdrs, eh->e_phoff, phsize); 891 if (status != ZX_OK) 892 goto error; 893 ph = ph0 = buf.phdrs; 894 } else { 895 ph = ph0 = (void*)((char*)&buf + eh->e_phoff); 896 } 897 const Phdr* first_note = NULL; 898 const Phdr* last_note = NULL; 899 for (i = eh->e_phnum; i; i--, ph = (void*)((char*)ph + eh->e_phentsize)) { 900 switch (ph->p_type) { 901 case PT_LOAD: 902 nsegs++; 903 if (ph->p_vaddr < addr_min) { 904 addr_min = ph->p_vaddr; 905 } 906 if (ph->p_vaddr + ph->p_memsz > addr_max) { 907 addr_max = ph->p_vaddr + ph->p_memsz; 908 } 909 break; 910 case PT_DYNAMIC: 911 dyn = ph->p_vaddr; 912 break; 913 case PT_TLS: 914 tls_image = ph->p_vaddr; 915 dso->tls.align = ph->p_align; 916 dso->tls.len = ph->p_filesz; 917 dso->tls.size = ph->p_memsz; 918 break; 919 case PT_GNU_RELRO: 920 dso->relro_start = ph->p_vaddr & -PAGE_SIZE; 921 dso->relro_end = (ph->p_vaddr + ph->p_memsz) & -PAGE_SIZE; 922 break; 923 case PT_NOTE: 924 if (first_note == NULL) 925 first_note = ph; 926 last_note = ph; 927 break; 928 case PT_GNU_STACK: 929 if (ph->p_flags & PF_X) { 930 error("%s requires executable stack" 931 " (built with -z execstack?)," 932 " which Fuchsia will never support", 933 dso->soname == NULL ? dso->l_map.l_name : dso->soname); 934 goto noexec; 935 } 936 break; 937 } 938 } 939 if (!dyn) 940 goto noexec; 941 addr_max += PAGE_SIZE - 1; 942 addr_max &= -PAGE_SIZE; 943 addr_min &= -PAGE_SIZE; 944 map_len = addr_max - addr_min; 945 946 // Allocate a VMAR to reserve the whole address range. Stash 947 // the new VMAR's handle until relocation has finished, because 948 // we need it to adjust page protections for RELRO. 949 uintptr_t vmar_base; 950 status = _zx_vmar_allocate(__zircon_vmar_root_self, 951 ZX_VM_CAN_MAP_READ | 952 ZX_VM_CAN_MAP_WRITE | 953 ZX_VM_CAN_MAP_EXECUTE | 954 ZX_VM_CAN_MAP_SPECIFIC, 955 0, map_len, &dso->vmar, &vmar_base); 956 if (status != ZX_OK) { 957 error("failed to reserve %zu bytes of address space: %d\n", 958 map_len, status); 959 goto error; 960 } 961 962 char vmo_name[ZX_MAX_NAME_LEN]; 963 if (_zx_object_get_property(vmo, ZX_PROP_NAME, 964 vmo_name, sizeof(vmo_name)) != ZX_OK || 965 vmo_name[0] == '\0') 966 memcpy(vmo_name, VMO_NAME_UNKNOWN, sizeof(VMO_NAME_UNKNOWN)); 967 968 dso->map = map = (void*)vmar_base; 969 dso->map_len = map_len; 970 base = map - addr_min; 971 dso->phdr = 0; 972 dso->phnum = 0; 973 for (ph = ph0, i = eh->e_phnum; i; i--, ph = (void*)((char*)ph + eh->e_phentsize)) { 974 if (ph->p_type != PT_LOAD) 975 continue; 976 /* Check if the programs headers are in this load segment, and 977 * if so, record the address for use by dl_iterate_phdr. */ 978 if (!dso->phdr && eh->e_phoff >= ph->p_offset && 979 eh->e_phoff + phsize <= ph->p_offset + ph->p_filesz) { 980 dso->phdr = (void*)(base + ph->p_vaddr + (eh->e_phoff - ph->p_offset)); 981 dso->phnum = eh->e_phnum; 982 dso->phentsize = eh->e_phentsize; 983 } 984 this_min = ph->p_vaddr & -PAGE_SIZE; 985 this_max = (ph->p_vaddr + ph->p_memsz + PAGE_SIZE - 1) & -PAGE_SIZE; 986 size_t off_start = ph->p_offset & -PAGE_SIZE; 987 zx_vm_option_t zx_options = ZX_VM_SPECIFIC; 988 zx_options |= (ph->p_flags & PF_R) ? ZX_VM_PERM_READ : 0; 989 zx_options |= (ph->p_flags & PF_W) ? ZX_VM_PERM_WRITE : 0; 990 zx_options |= (ph->p_flags & PF_X) ? ZX_VM_PERM_EXECUTE : 0; 991 uintptr_t mapaddr = (uintptr_t)base + this_min; 992 zx_handle_t map_vmo = vmo; 993 size_t map_size = this_max - this_min; 994 if (map_size == 0) 995 continue; 996 997 if (ph->p_flags & PF_W) { 998 size_t data_size = 999 ((ph->p_vaddr + ph->p_filesz + PAGE_SIZE - 1) & -PAGE_SIZE) - 1000 this_min; 1001 if (data_size == 0) { 1002 // This segment is purely zero-fill. 1003 status = _zx_vmo_create(map_size, 0, &map_vmo); 1004 if (status == ZX_OK) { 1005 char name[ZX_MAX_NAME_LEN] = VMO_NAME_PREFIX_BSS; 1006 memcpy(&name[sizeof(VMO_NAME_PREFIX_BSS) - 1], vmo_name, 1007 ZX_MAX_NAME_LEN - sizeof(VMO_NAME_PREFIX_BSS)); 1008 _zx_object_set_property(map_vmo, ZX_PROP_NAME, 1009 name, strlen(name)); 1010 } 1011 } else { 1012 // Get a writable (lazy) copy of the portion of the file VMO. 1013 status = _zx_vmo_clone(vmo, ZX_VMO_CLONE_COPY_ON_WRITE, 1014 off_start, data_size, &map_vmo); 1015 if (status == ZX_OK && map_size > data_size) { 1016 // Extend the writable VMO to cover the .bss pages too. 1017 // These pages will be zero-filled, not copied from the 1018 // file VMO. 1019 status = _zx_vmo_set_size(map_vmo, map_size); 1020 if (status != ZX_OK) { 1021 _zx_handle_close(map_vmo); 1022 goto error; 1023 } 1024 } 1025 if (status == ZX_OK) { 1026 char name[ZX_MAX_NAME_LEN] = VMO_NAME_PREFIX_DATA; 1027 memcpy(&name[sizeof(VMO_NAME_PREFIX_DATA) - 1], vmo_name, 1028 ZX_MAX_NAME_LEN - sizeof(VMO_NAME_PREFIX_DATA)); 1029 _zx_object_set_property(map_vmo, ZX_PROP_NAME, 1030 name, strlen(name)); 1031 } 1032 } 1033 if (status != ZX_OK) 1034 goto error; 1035 off_start = 0; 1036 } else if (ph->p_memsz > ph->p_filesz) { 1037 // Read-only .bss is not a thing. 1038 goto noexec; 1039 } 1040 1041 status = _zx_vmar_map(dso->vmar, zx_options, mapaddr - vmar_base, map_vmo, 1042 off_start, map_size, &mapaddr); 1043 if (map_vmo != vmo) 1044 _zx_handle_close(map_vmo); 1045 if (status != ZX_OK) 1046 goto error; 1047 1048 if (ph->p_memsz > ph->p_filesz) { 1049 // The final partial page of data from the file is followed by 1050 // whatever the file's contents there are, but in the memory 1051 // image that partial page should be all zero. 1052 uintptr_t file_end = (uintptr_t)base + ph->p_vaddr + ph->p_filesz; 1053 uintptr_t map_end = mapaddr + map_size; 1054 if (map_end > file_end) 1055 memset((void*)file_end, 0, map_end - file_end); 1056 } 1057 } 1058 1059 dso->l_map.l_addr = (uintptr_t)base; 1060 dso->l_map.l_ld = laddr(dso, dyn); 1061 if (dso->tls.size) 1062 dso->tls.image = laddr(dso, tls_image); 1063 1064 for (const Phdr* seg = first_note; seg <= last_note; ++seg) { 1065 if (seg->p_type == PT_NOTE && find_buildid_note(dso, seg)) 1066 break; 1067 } 1068 1069 return ZX_OK; 1070noexec: 1071 // We overload this to translate into ENOEXEC later. 1072 status = ZX_ERR_WRONG_TYPE; 1073error: 1074 if (map != MAP_FAILED) 1075 unmap_library(dso); 1076 if (dso->vmar != ZX_HANDLE_INVALID) 1077 _zx_handle_close(dso->vmar); 1078 return status; 1079} 1080 1081__NO_SAFESTACK NO_ASAN static void decode_dyn(struct dso* p) { 1082 size_t dyn[DT_NUM]; 1083 decode_vec(p->l_map.l_ld, dyn, DT_NUM); 1084 p->syms = laddr(p, dyn[DT_SYMTAB]); 1085 p->strings = laddr(p, dyn[DT_STRTAB]); 1086 if (dyn[0] & (1 << DT_SONAME)) 1087 p->soname = p->strings + dyn[DT_SONAME]; 1088 if (dyn[0] & (1 << DT_HASH)) 1089 p->hashtab = laddr(p, dyn[DT_HASH]); 1090 if (dyn[0] & (1 << DT_PLTGOT)) 1091 p->got = laddr(p, dyn[DT_PLTGOT]); 1092 if (search_vec(p->l_map.l_ld, dyn, DT_GNU_HASH)) 1093 p->ghashtab = laddr(p, *dyn); 1094 if (search_vec(p->l_map.l_ld, dyn, DT_VERSYM)) 1095 p->versym = laddr(p, *dyn); 1096} 1097 1098static size_t count_syms(struct dso* p) { 1099 if (p->hashtab) 1100 return p->hashtab[1]; 1101 1102 size_t nsym, i; 1103 uint32_t* buckets = p->ghashtab + 4 + (p->ghashtab[2] * sizeof(size_t) / 4); 1104 uint32_t* hashval; 1105 for (i = nsym = 0; i < p->ghashtab[0]; i++) { 1106 if (buckets[i] > nsym) 1107 nsym = buckets[i]; 1108 } 1109 if (nsym) { 1110 hashval = buckets + p->ghashtab[0] + (nsym - p->ghashtab[1]); 1111 do 1112 nsym++; 1113 while (!(*hashval++ & 1)); 1114 } 1115 return nsym; 1116} 1117 1118__NO_SAFESTACK static struct dso* find_library_in(struct dso* p, 1119 const char* name) { 1120 while (p != NULL) { 1121 if (!strcmp(p->l_map.l_name, name) || 1122 (p->soname != NULL && !strcmp(p->soname, name))) { 1123 ++p->refcnt; 1124 break; 1125 } 1126 p = dso_next(p); 1127 } 1128 return p; 1129} 1130 1131__NO_SAFESTACK static struct dso* find_library(const char* name) { 1132 // First see if it's in the general list. 1133 struct dso* p = find_library_in(head, name); 1134 if (p == NULL && detached_head != NULL) { 1135 // ldso is not in the list yet, so the first search didn't notice 1136 // anything that is only a dependency of ldso, i.e. the vDSO. 1137 // See if the lookup by name matches ldso or its dependencies. 1138 p = find_library_in(detached_head, name); 1139 if (p == &ldso) { 1140 // If something depends on libc (&ldso), we actually want 1141 // to pull in the entire detached list in its existing 1142 // order (&ldso is always last), so that libc stays after 1143 // its own dependencies. 1144 dso_set_prev(detached_head, tail); 1145 dso_set_next(tail, detached_head); 1146 tail = p; 1147 detached_head = NULL; 1148 } else if (p != NULL) { 1149 // Take it out of its place in the list rooted at detached_head. 1150 if (dso_prev(p) != NULL) 1151 dso_set_next(dso_prev(p), dso_next(p)); 1152 else 1153 detached_head = dso_next(p); 1154 if (dso_next(p) != NULL) { 1155 dso_set_prev(dso_next(p), dso_prev(p)); 1156 dso_set_next(p, NULL); 1157 } 1158 // Stick it on the main list. 1159 dso_set_next(tail, p); 1160 dso_set_prev(p, tail); 1161 tail = p; 1162 } 1163 } 1164 return p; 1165} 1166 1167#define MAX_BUILDID_SIZE 64 1168 1169__NO_SAFESTACK static void read_buildid(struct dso* p, 1170 char* buf, size_t buf_size) { 1171 Phdr* ph = p->phdr; 1172 size_t cnt; 1173 1174 for (cnt = p->phnum; cnt--; ph = (void*)((char*)ph + p->phentsize)) { 1175 if (ph->p_type != PT_NOTE) 1176 continue; 1177 1178 // Find the PT_LOAD segment we live in. 1179 Phdr* ph2 = p->phdr; 1180 Phdr* ph_load = NULL; 1181 size_t cnt2; 1182 for (cnt2 = p->phnum; cnt2--; ph2 = (void*)((char*)ph2 + p->phentsize)) { 1183 if (ph2->p_type != PT_LOAD) 1184 continue; 1185 if (ph->p_vaddr >= ph2->p_vaddr && 1186 ph->p_vaddr < ph2->p_vaddr + ph2->p_filesz) { 1187 ph_load = ph2; 1188 break; 1189 } 1190 } 1191 if (ph_load == NULL) 1192 continue; 1193 1194 size_t off = ph_load->p_vaddr + (ph->p_offset - ph_load->p_offset); 1195 size_t size = ph->p_filesz; 1196 1197 struct { 1198 Elf32_Nhdr hdr; 1199 char name[sizeof("GNU")]; 1200 } hdr; 1201 1202 while (size > sizeof(hdr)) { 1203 memcpy(&hdr, (char*)p->l_map.l_addr + off, sizeof(hdr)); 1204 size_t header_size = sizeof(Elf32_Nhdr) + ((hdr.hdr.n_namesz + 3) & -4); 1205 size_t payload_size = (hdr.hdr.n_descsz + 3) & -4; 1206 off += header_size; 1207 size -= header_size; 1208 uint8_t* payload = (uint8_t*)p->l_map.l_addr + off; 1209 off += payload_size; 1210 size -= payload_size; 1211 if (hdr.hdr.n_type != NT_GNU_BUILD_ID || 1212 hdr.hdr.n_namesz != sizeof("GNU") || 1213 memcmp(hdr.name, "GNU", sizeof("GNU")) != 0) { 1214 continue; 1215 } 1216 if (hdr.hdr.n_descsz > MAX_BUILDID_SIZE) { 1217 // TODO(dje): Revisit. 1218 snprintf(buf, buf_size, "build_id_too_large_%u", hdr.hdr.n_descsz); 1219 } else { 1220 for (size_t i = 0; i < hdr.hdr.n_descsz; ++i) { 1221 snprintf(&buf[i * 2], 3, "%02x", payload[i]); 1222 } 1223 } 1224 return; 1225 } 1226 } 1227 1228 strcpy(buf, "<none>"); 1229} 1230 1231__NO_SAFESTACK static void trace_load(struct dso* p) { 1232 static zx_koid_t pid = ZX_KOID_INVALID; 1233 if (pid == ZX_KOID_INVALID) { 1234 zx_info_handle_basic_t process_info; 1235 if (_zx_object_get_info(__zircon_process_self, 1236 ZX_INFO_HANDLE_BASIC, 1237 &process_info, sizeof(process_info), 1238 NULL, NULL) == ZX_OK) { 1239 pid = process_info.koid; 1240 } else { 1241 // No point in continually calling zx_object_get_info. 1242 // The first 100 are reserved. 1243 pid = 1; 1244 } 1245 } 1246 1247 // Compute extra values useful to tools. 1248 // This is done here so that it's only done when necessary. 1249 char buildid[MAX_BUILDID_SIZE * 2 + 1]; 1250 read_buildid(p, buildid, sizeof(buildid)); 1251 1252 const char* name = p->soname == NULL ? "<application>" : p->l_map.l_name; 1253 const char* soname = p->soname == NULL ? "<application>" : p->soname; 1254 1255 // The output is in multiple lines to cope with damn line wrapping. 1256 // N.B. Programs like the Intel Processor Trace decoder parse this output. 1257 // Do not change without coordination with consumers. 1258 // TODO(ZX-519): Switch to official tracing mechanism when ready. 1259 static int seqno; 1260 debugmsg("@trace_load: %" PRIu64 ":%da %p %p %p", 1261 pid, seqno, p->l_map.l_addr, p->map, p->map + p->map_len); 1262 debugmsg("@trace_load: %" PRIu64 ":%db %s", 1263 pid, seqno, buildid); 1264 debugmsg("@trace_load: %" PRIu64 ":%dc %s %s", 1265 pid, seqno, soname, name); 1266 ++seqno; 1267} 1268 1269__NO_SAFESTACK static void do_tls_layout(struct dso* p, 1270 char* tls_buffer, int n_th) { 1271 if (p->tls.size == 0) 1272 return; 1273 1274 p->tls_id = ++tls_cnt; 1275 tls_align = MAXP2(tls_align, p->tls.align); 1276#ifdef TLS_ABOVE_TP 1277 p->tls.offset = (tls_offset + p->tls.align - 1) & -p->tls.align; 1278 tls_offset = p->tls.offset + p->tls.size; 1279#else 1280 tls_offset += p->tls.size + p->tls.align - 1; 1281 tls_offset -= (tls_offset + (uintptr_t)p->tls.image) & (p->tls.align - 1); 1282 p->tls.offset = tls_offset; 1283#endif 1284 1285 if (tls_buffer != NULL) { 1286 p->new_dtv = (void*)(-sizeof(size_t) & 1287 (uintptr_t)(tls_buffer + sizeof(size_t))); 1288 p->new_tls = (void*)(p->new_dtv + n_th * (tls_cnt + 1)); 1289 } 1290 1291 if (tls_tail) 1292 tls_tail->next = &p->tls; 1293 else 1294 libc.tls_head = &p->tls; 1295 tls_tail = &p->tls; 1296} 1297 1298__NO_SAFESTACK static zx_status_t load_library_vmo(zx_handle_t vmo, 1299 const char* name, 1300 int rtld_mode, 1301 struct dso* needed_by, 1302 struct dso** loaded) { 1303 struct dso *p, temp_dso = {}; 1304 size_t alloc_size; 1305 int n_th = 0; 1306 1307 if (rtld_mode & RTLD_NOLOAD) { 1308 *loaded = NULL; 1309 return ZX_OK; 1310 } 1311 1312 zx_status_t status = map_library(vmo, &temp_dso); 1313 if (status != ZX_OK) 1314 return status; 1315 1316 decode_dyn(&temp_dso); 1317 if (temp_dso.soname != NULL) { 1318 // Now check again if we opened the same file a second time. 1319 // That is, a file with the same DT_SONAME string. 1320 p = find_library(temp_dso.soname); 1321 if (p != NULL) { 1322 unmap_library(&temp_dso); 1323 *loaded = p; 1324 return ZX_OK; 1325 } 1326 } 1327 1328 // If this was loaded by VMO rather than by name, we have to synthesize 1329 // one. If the SONAME if present. Otherwise synthesize something 1330 // informative from the VMO (that won't look like any sensible SONAME). 1331 char synthetic_name[ZX_MAX_NAME_LEN + 32]; 1332 if (name == NULL) 1333 name = temp_dso.soname; 1334 if (name == NULL) { 1335 char vmo_name[ZX_MAX_NAME_LEN]; 1336 if (_zx_object_get_property(vmo, ZX_PROP_NAME, 1337 vmo_name, sizeof(vmo_name)) != ZX_OK) 1338 vmo_name[0] = '\0'; 1339 zx_info_handle_basic_t info; 1340 if (_zx_object_get_info(vmo, ZX_INFO_HANDLE_BASIC, &info, sizeof(info), 1341 NULL, NULL) != ZX_OK) { 1342 name = "<dlopen_vmo>"; 1343 } else { 1344 if (vmo_name[0] == '\0') { 1345 snprintf(synthetic_name, sizeof(synthetic_name), 1346 "<VMO#%" PRIu64 ">", info.koid); 1347 } else { 1348 snprintf(synthetic_name, sizeof(synthetic_name), 1349 "<VMO#%" PRIu64 "=%s>", info.koid, vmo_name); 1350 } 1351 name = synthetic_name; 1352 } 1353 } 1354 1355 // Calculate how many slots are needed for dependencies. 1356 size_t ndeps = 1; // Account for a NULL terminator. 1357 for (size_t i = 0; temp_dso.l_map.l_ld[i].d_tag; i++) { 1358 if (temp_dso.l_map.l_ld[i].d_tag == DT_NEEDED) 1359 ++ndeps; 1360 } 1361 1362 /* Allocate storage for the new DSO. When there is TLS, this 1363 * storage must include a reservation for all pre-existing 1364 * threads to obtain copies of both the new TLS, and an 1365 * extended DTV capable of storing an additional slot for 1366 * the newly-loaded DSO. */ 1367 size_t namelen = strlen(name); 1368 size_t build_id_log_len = build_id_log_size(&temp_dso, namelen); 1369 alloc_size = (sizeof *p + ndeps * sizeof(p->deps[0]) + 1370 namelen + 1 + build_id_log_len); 1371 if (runtime && temp_dso.tls.image) { 1372 size_t per_th = temp_dso.tls.size + temp_dso.tls.align + sizeof(void*) * (tls_cnt + 3); 1373 n_th = atomic_load(&libc.thread_count); 1374 if (n_th > SSIZE_MAX / per_th) 1375 alloc_size = SIZE_MAX; 1376 else 1377 alloc_size += n_th * per_th; 1378 } 1379 p = dl_alloc(alloc_size); 1380 if (!p) { 1381 unmap_library(&temp_dso); 1382 return ZX_ERR_NO_MEMORY; 1383 } 1384 *p = temp_dso; 1385 p->refcnt = 1; 1386 p->needed_by = needed_by; 1387 p->l_map.l_name = (void*)&p->buf[ndeps]; 1388 memcpy(p->l_map.l_name, name, namelen); 1389 p->l_map.l_name[namelen] = '\0'; 1390 assign_module_id(p); 1391 format_build_id_log(p, p->l_map.l_name + namelen + 1, p->l_map.l_name, namelen); 1392 if (runtime) 1393 do_tls_layout(p, p->l_map.l_name + namelen + 1 + build_id_log_len, n_th); 1394 1395 dso_set_next(tail, p); 1396 dso_set_prev(p, tail); 1397 tail = p; 1398 1399 *loaded = p; 1400 return ZX_OK; 1401} 1402 1403__NO_SAFESTACK static zx_status_t load_library(const char* name, int rtld_mode, 1404 struct dso* needed_by, 1405 struct dso** loaded) { 1406 if (!*name) 1407 return ZX_ERR_INVALID_ARGS; 1408 1409 *loaded = find_library(name); 1410 if (*loaded != NULL) 1411 return ZX_OK; 1412 1413 zx_handle_t vmo; 1414 zx_status_t status = get_library_vmo(name, &vmo); 1415 if (status == ZX_OK) { 1416 status = load_library_vmo(vmo, name, rtld_mode, needed_by, loaded); 1417 _zx_handle_close(vmo); 1418 } 1419 1420 return status; 1421} 1422 1423__NO_SAFESTACK static void load_deps(struct dso* p) { 1424 for (; p; p = dso_next(p)) { 1425 struct dso** deps = NULL; 1426 // The two preallocated DSOs don't get space allocated for ->deps. 1427 if (runtime && p->deps == NULL && p != &ldso && p != &vdso) 1428 deps = p->deps = p->buf; 1429 for (size_t i = 0; p->l_map.l_ld[i].d_tag; i++) { 1430 if (p->l_map.l_ld[i].d_tag != DT_NEEDED) 1431 continue; 1432 const char* name = p->strings + p->l_map.l_ld[i].d_un.d_val; 1433 struct dso* dep; 1434 zx_status_t status = load_library(name, 0, p, &dep); 1435 if (status != ZX_OK) { 1436 error("Error loading shared library %s: %s (needed by %s)", 1437 name, _zx_status_get_string(status), p->l_map.l_name); 1438 if (runtime) 1439 longjmp(*rtld_fail, 1); 1440 } else if (deps != NULL) { 1441 *deps++ = dep; 1442 } 1443 } 1444 } 1445} 1446 1447__NO_SAFESTACK NO_ASAN static void reloc_all(struct dso* p) { 1448 size_t dyn[DT_NUM]; 1449 for (; p; p = dso_next(p)) { 1450 if (p->relocated) 1451 continue; 1452 decode_vec(p->l_map.l_ld, dyn, DT_NUM); 1453 // _dl_start did apply_relr already. 1454 if (p != &ldso) { 1455 apply_relr(p->l_map.l_addr, 1456 laddr(p, dyn[DT_RELR]), dyn[DT_RELRSZ]); 1457 } 1458 do_relocs(p, laddr(p, dyn[DT_JMPREL]), dyn[DT_PLTRELSZ], 2 + (dyn[DT_PLTREL] == DT_RELA)); 1459 do_relocs(p, laddr(p, dyn[DT_REL]), dyn[DT_RELSZ], 2); 1460 do_relocs(p, laddr(p, dyn[DT_RELA]), dyn[DT_RELASZ], 3); 1461 1462 if (head != &ldso && p->relro_start != p->relro_end) { 1463 zx_status_t status = 1464 _zx_vmar_protect(p->vmar, 1465 ZX_VM_PERM_READ, 1466 saddr(p, p->relro_start), 1467 p->relro_end - p->relro_start); 1468 if (status == ZX_ERR_BAD_HANDLE && 1469 p == &ldso && p->vmar == ZX_HANDLE_INVALID) { 1470 debugmsg("No VMAR_LOADED handle received;" 1471 " cannot protect RELRO for %s\n", 1472 p->l_map.l_name); 1473 } else if (status != ZX_OK) { 1474 error("Error relocating %s: RELRO protection" 1475 " %p+%#zx failed: %s", 1476 p->l_map.l_name, 1477 laddr(p, p->relro_start), p->relro_end - p->relro_start, 1478 _zx_status_get_string(status)); 1479 if (runtime) 1480 longjmp(*rtld_fail, 1); 1481 } 1482 } 1483 1484 // Hold the VMAR handle only long enough to apply RELRO. 1485 // Now it's no longer needed and the mappings cannot be 1486 // changed any more (only unmapped). 1487 if (p->vmar != ZX_HANDLE_INVALID) { 1488 _zx_handle_close(p->vmar); 1489 p->vmar = ZX_HANDLE_INVALID; 1490 } 1491 1492 p->relocated = 1; 1493 } 1494} 1495 1496__NO_SAFESTACK NO_ASAN static void kernel_mapped_dso(struct dso* p) { 1497 size_t min_addr = -1, max_addr = 0, cnt; 1498 const Phdr* ph = p->phdr; 1499 for (cnt = p->phnum; cnt--; ph = (void*)((char*)ph + p->phentsize)) { 1500 switch (ph->p_type) { 1501 case PT_LOAD: 1502 if (ph->p_vaddr < min_addr) 1503 min_addr = ph->p_vaddr; 1504 if (ph->p_vaddr + ph->p_memsz > max_addr) 1505 max_addr = ph->p_vaddr + ph->p_memsz; 1506 break; 1507 case PT_DYNAMIC: 1508 p->l_map.l_ld = laddr(p, ph->p_vaddr); 1509 break; 1510 case PT_GNU_RELRO: 1511 p->relro_start = ph->p_vaddr & -PAGE_SIZE; 1512 p->relro_end = (ph->p_vaddr + ph->p_memsz) & -PAGE_SIZE; 1513 break; 1514 case PT_NOTE: 1515 if (p->build_id_note == NULL) 1516 find_buildid_note(p, ph); 1517 break; 1518 } 1519 } 1520 min_addr &= -PAGE_SIZE; 1521 max_addr = (max_addr + PAGE_SIZE - 1) & -PAGE_SIZE; 1522 p->map = laddr(p, min_addr); 1523 p->map_len = max_addr - min_addr; 1524 assign_module_id(p); 1525} 1526 1527void __libc_exit_fini(void) { 1528 struct dso* p; 1529 size_t dyn[DT_NUM]; 1530 for (p = fini_head; p; p = p->fini_next) { 1531 if (!p->constructed) 1532 continue; 1533 decode_vec(p->l_map.l_ld, dyn, DT_NUM); 1534 if (dyn[0] & (1 << DT_FINI_ARRAY)) { 1535 size_t n = dyn[DT_FINI_ARRAYSZ] / sizeof(size_t); 1536 size_t* fn = (size_t*)laddr(p, dyn[DT_FINI_ARRAY]) + n; 1537 while (n--) 1538 ((void (*)(void)) * --fn)(); 1539 } 1540#ifndef NO_LEGACY_INITFINI 1541 if ((dyn[0] & (1 << DT_FINI)) && dyn[DT_FINI]) 1542 fpaddr(p, dyn[DT_FINI])(); 1543#endif 1544 } 1545} 1546 1547static void do_init_fini(struct dso* p) { 1548 size_t dyn[DT_NUM]; 1549 /* Allow recursive calls that arise when a library calls 1550 * dlopen from one of its constructors, but block any 1551 * other threads until all ctors have finished. */ 1552 pthread_mutex_lock(&init_fini_lock); 1553 for (; p; p = dso_prev(p)) { 1554 if (p->constructed) 1555 continue; 1556 p->constructed = 1; 1557 decode_vec(p->l_map.l_ld, dyn, DT_NUM); 1558 if (dyn[0] & ((1 << DT_FINI) | (1 << DT_FINI_ARRAY))) { 1559 p->fini_next = fini_head; 1560 fini_head = p; 1561 } 1562#ifndef NO_LEGACY_INITFINI 1563 if ((dyn[0] & (1 << DT_INIT)) && dyn[DT_INIT]) 1564 fpaddr(p, dyn[DT_INIT])(); 1565#endif 1566 if (dyn[0] & (1 << DT_INIT_ARRAY)) { 1567 size_t n = dyn[DT_INIT_ARRAYSZ] / sizeof(size_t); 1568 size_t* fn = laddr(p, dyn[DT_INIT_ARRAY]); 1569 while (n--) 1570 ((void (*)(void)) * fn++)(); 1571 } 1572 } 1573 pthread_mutex_unlock(&init_fini_lock); 1574} 1575 1576void __libc_start_init(void) { 1577 // If a preinit hook spawns a thread that calls dlopen, that thread will 1578 // get to do_init_fini and block on the lock. Now the main thread finishes 1579 // preinit hooks and releases the lock. Then it's a race for which thread 1580 // gets the lock and actually runs all the normal constructors. This is 1581 // expected, but to avoid such races preinit hooks should be very careful 1582 // about what they do and rely on. 1583 pthread_mutex_lock(&init_fini_lock); 1584 size_t dyn[DT_NUM]; 1585 decode_vec(head->l_map.l_ld, dyn, DT_NUM); 1586 if (dyn[0] & (1ul << DT_PREINIT_ARRAY)) { 1587 size_t n = dyn[DT_PREINIT_ARRAYSZ] / sizeof(size_t); 1588 size_t* fn = laddr(head, dyn[DT_PREINIT_ARRAY]); 1589 while (n--) 1590 ((void (*)(void)) * fn++)(); 1591 } 1592 pthread_mutex_unlock(&init_fini_lock); 1593 1594 do_init_fini(tail); 1595} 1596 1597static void dl_debug_state(void) {} 1598 1599weak_alias(dl_debug_state, _dl_debug_state); 1600 1601__attribute__((__visibility__("hidden"))) void* __tls_get_new(size_t* v) { 1602 pthread_t self = __pthread_self(); 1603 1604 if (v[0] <= (size_t)self->head.dtv[0]) { 1605 return (char*)self->head.dtv[v[0]] + v[1] + DTP_OFFSET; 1606 } 1607 1608 /* This is safe without any locks held because, if the caller 1609 * is able to request the Nth entry of the DTV, the DSO list 1610 * must be valid at least that far out and it was synchronized 1611 * at program startup or by an already-completed call to dlopen. */ 1612 struct dso* p; 1613 for (p = head; p->tls_id != v[0]; p = dso_next(p)) 1614 ; 1615 1616 /* Get new DTV space from new DSO if needed */ 1617 if (v[0] > (size_t)self->head.dtv[0]) { 1618 void** newdtv = p->new_dtv + (v[0] + 1) * atomic_fetch_add(&p->new_dtv_idx, 1); 1619 memcpy(newdtv, self->head.dtv, ((size_t)self->head.dtv[0] + 1) * sizeof(void*)); 1620 newdtv[0] = (void*)v[0]; 1621 self->head.dtv = newdtv; 1622 } 1623 1624 /* Get new TLS memory from all new DSOs up to the requested one */ 1625 unsigned char* mem; 1626 for (p = head;; p = dso_next(p)) { 1627 if (!p->tls_id || self->head.dtv[p->tls_id]) 1628 continue; 1629 mem = p->new_tls + (p->tls.size + p->tls.align) * atomic_fetch_add(&p->new_tls_idx, 1); 1630 mem += ((uintptr_t)p->tls.image - (uintptr_t)mem) & (p->tls.align - 1); 1631 self->head.dtv[p->tls_id] = mem; 1632 memcpy(mem, p->tls.image, p->tls.len); 1633 if (p->tls_id == v[0]) 1634 break; 1635 } 1636 return mem + v[1] + DTP_OFFSET; 1637} 1638 1639__NO_SAFESTACK struct pthread* __init_main_thread(zx_handle_t thread_self) { 1640 pthread_attr_t attr = DEFAULT_PTHREAD_ATTR; 1641 attr._a_stacksize = libc.stack_size; 1642 1643 char thread_self_name[ZX_MAX_NAME_LEN]; 1644 if (_zx_object_get_property(thread_self, ZX_PROP_NAME, thread_self_name, 1645 sizeof(thread_self_name)) != ZX_OK) 1646 strcpy(thread_self_name, "(initial-thread)"); 1647 thrd_t td = __allocate_thread(attr._a_guardsize, attr._a_stacksize, thread_self_name, NULL); 1648 if (td == NULL) { 1649 debugmsg("No memory for %zu bytes thread-local storage.\n", 1650 libc.tls_size); 1651 _exit(127); 1652 } 1653 1654 zx_status_t status = zxr_thread_adopt(thread_self, &td->zxr_thread); 1655 if (status != ZX_OK) 1656 __builtin_trap(); 1657 1658 zxr_tp_set(thread_self, pthread_to_tp(td)); 1659 1660 // Now that the thread descriptor is set up, it's safe to use the 1661 // dlerror machinery. 1662 runtime = 1; 1663 1664 return td; 1665} 1666 1667__NO_SAFESTACK static void update_tls_size(void) { 1668 libc.tls_cnt = tls_cnt; 1669 libc.tls_align = tls_align; 1670 libc.tls_size = 1671 ALIGN((1 + tls_cnt) * sizeof(void*) + tls_offset + sizeof(struct pthread) + tls_align * 2, 1672 tls_align); 1673 // TODO(mcgrathr): The TLS block is always allocated in whole pages. 1674 // We should keep track of the available slop to the end of the page 1675 // and make dlopen use that for new dtv/TLS space when it fits. 1676} 1677 1678/* Stage 1 of the dynamic linker is defined in dlstart.c. It calls the 1679 * following stage 2 and stage 3 functions via primitive symbolic lookup 1680 * since it does not have access to their addresses to begin with. */ 1681 1682/* Stage 2 of the dynamic linker is called after relative relocations 1683 * have been processed. It can make function calls to static functions 1684 * and access string literals and static data, but cannot use extern 1685 * symbols. Its job is to perform symbolic relocations on the dynamic 1686 * linker itself, but some of the relocations performed may need to be 1687 * replaced later due to copy relocations in the main program. */ 1688 1689static dl_start_return_t __dls3(void* start_arg); 1690 1691__NO_SAFESTACK NO_ASAN __attribute__((__visibility__("hidden"))) 1692dl_start_return_t __dls2( 1693 void* start_arg, void* vdso_map) { 1694 ldso.l_map.l_addr = (uintptr_t)__ehdr_start; 1695 1696 Ehdr* ehdr = (void*)ldso.l_map.l_addr; 1697 ldso.l_map.l_name = (char*)"libc.so"; 1698 ldso.global = -1; 1699 ldso.phnum = ehdr->e_phnum; 1700 ldso.phdr = laddr(&ldso, ehdr->e_phoff); 1701 ldso.phentsize = ehdr->e_phentsize; 1702 kernel_mapped_dso(&ldso); 1703 decode_dyn(&ldso); 1704 1705 if (vdso_map != NULL) { 1706 // The vDSO was mapped in by our creator. Stitch it in as 1707 // a preloaded shared object right away, so ld.so itself 1708 // can depend on it and require its symbols. 1709 1710 vdso.l_map.l_addr = (uintptr_t)vdso_map; 1711 vdso.l_map.l_name = (char*)"<vDSO>"; 1712 vdso.global = -1; 1713 1714 Ehdr* ehdr = vdso_map; 1715 vdso.phnum = ehdr->e_phnum; 1716 vdso.phdr = laddr(&vdso, ehdr->e_phoff); 1717 vdso.phentsize = ehdr->e_phentsize; 1718 kernel_mapped_dso(&vdso); 1719 decode_dyn(&vdso); 1720 1721 dso_set_prev(&vdso, &ldso); 1722 dso_set_next(&ldso, &vdso); 1723 tail = &vdso; 1724 } 1725 1726 /* Prepare storage for to save clobbered REL addends so they 1727 * can be reused in stage 3. There should be very few. If 1728 * something goes wrong and there are a huge number, abort 1729 * instead of risking stack overflow. */ 1730 size_t dyn[DT_NUM]; 1731 decode_vec(ldso.l_map.l_ld, dyn, DT_NUM); 1732 size_t* rel = laddr(&ldso, dyn[DT_REL]); 1733 size_t rel_size = dyn[DT_RELSZ]; 1734 size_t symbolic_rel_cnt = 0; 1735 apply_addends_to = rel; 1736 for (; rel_size; rel += 2, rel_size -= 2 * sizeof(size_t)) 1737 if (R_TYPE(rel[1]) != REL_RELATIVE) 1738 symbolic_rel_cnt++; 1739 if (symbolic_rel_cnt >= ADDEND_LIMIT) 1740 __builtin_trap(); 1741 size_t addends[symbolic_rel_cnt + 1]; 1742 saved_addends = addends; 1743 1744 head = &ldso; 1745 reloc_all(&ldso); 1746 1747 ldso.relocated = 0; 1748 1749 // Make sure all the relocations have landed before calling __dls3, 1750 // which relies on them. 1751 atomic_signal_fence(memory_order_seq_cst); 1752 1753 return __dls3(start_arg); 1754} 1755 1756/* Stage 3 of the dynamic linker is called with the dynamic linker/libc 1757 * fully functional. Its job is to load (if not already loaded) and 1758 * process dependencies and relocations for the main application and 1759 * transfer control to its entry point. */ 1760 1761__NO_SAFESTACK static void* dls3(zx_handle_t exec_vmo, int argc, char** argv) { 1762 // First load our own dependencies. Usually this will be just the 1763 // vDSO, which is already loaded, so there will be nothing to do. 1764 // In a sanitized build, we'll depend on the sanitizer runtime DSO 1765 // and load that now (and its dependencies, such as the unwinder). 1766 load_deps(&ldso); 1767 1768 // Now reorder the list so that we appear last, after all our 1769 // dependencies. This ensures that e.g. the sanitizer runtime's 1770 // malloc will be chosen over ours, even if the application 1771 // doesn't itself depend on the sanitizer runtime SONAME. 1772 dso_set_prev(dso_next(&ldso), NULL); 1773 detached_head = dso_next(&ldso); 1774 dso_set_prev(&ldso, tail); 1775 dso_set_next(&ldso, NULL); 1776 dso_set_next(tail, &ldso); 1777 1778 static struct dso app; 1779 1780 if (argc < 1 || argv[0] == NULL) { 1781 static const char* dummy_argv0 = ""; 1782 argv = (char**)&dummy_argv0; 1783 } 1784 1785 libc.page_size = PAGE_SIZE; 1786 1787 const char* ld_debug = getenv("LD_DEBUG"); 1788 if (ld_debug != NULL && ld_debug[0] != '\0') 1789 log_libs = true; 1790 1791 { 1792 // Features like Intel Processor Trace require specific output in a 1793 // specific format. Thus this output has its own env var. 1794 const char* ld_trace = getenv("LD_TRACE"); 1795 if (ld_trace != NULL && ld_trace[0] != '\0') 1796 trace_maps = true; 1797 } 1798 1799 zx_status_t status = map_library(exec_vmo, &app); 1800 _zx_handle_close(exec_vmo); 1801 if (status != ZX_OK) { 1802 debugmsg("%s: %s: Not a valid dynamic program (%s)\n", 1803 ldso.l_map.l_name, argv[0], _zx_status_get_string(status)); 1804 _exit(1); 1805 } 1806 1807 app.l_map.l_name = argv[0]; 1808 1809 if (app.tls.size) { 1810 libc.tls_head = tls_tail = &app.tls; 1811 app.tls_id = tls_cnt = 1; 1812#ifdef TLS_ABOVE_TP 1813 app.tls.offset = (tls_offset + app.tls.align - 1) & -app.tls.align; 1814 tls_offset = app.tls.offset + app.tls.size; 1815#else 1816 tls_offset = app.tls.offset = 1817 app.tls.size + (-((uintptr_t)app.tls.image + app.tls.size) & (app.tls.align - 1)); 1818#endif 1819 tls_align = MAXP2(tls_align, app.tls.align); 1820 } 1821 1822 app.global = 1; 1823 decode_dyn(&app); 1824 1825 // Format the build ID log lines for the three special cases. 1826 allocate_and_format_build_id_log(&ldso); 1827 allocate_and_format_build_id_log(&vdso); 1828 allocate_and_format_build_id_log(&app); 1829 1830 /* Initial dso chain consists only of the app. */ 1831 head = tail = &app; 1832 1833 // Load preload/needed libraries, add their symbols to the global 1834 // namespace, and perform all remaining relocations. 1835 // 1836 // Do TLS layout for DSOs after loading, but before relocation. 1837 // This needs to be after the main program's TLS setup (just 1838 // above), which has to be the first since it can use static TLS 1839 // offsets (local-exec TLS model) that are presumed to start at 1840 // the beginning of the static TLS block. But we may have loaded 1841 // some libraries (sanitizer runtime) before that, so we don't do 1842 // each library's TLS setup directly in load_library_vmo. 1843 1844 load_deps(&app); 1845 1846 app.global = 1; 1847 for (struct dso* p = dso_next(&app); p != NULL; p = dso_next(p)) { 1848 p->global = 1; 1849 do_tls_layout(p, NULL, 0); 1850 } 1851 1852 for (size_t i = 0; app.l_map.l_ld[i].d_tag; i++) { 1853 if (!DT_DEBUG_INDIRECT && app.l_map.l_ld[i].d_tag == DT_DEBUG) 1854 app.l_map.l_ld[i].d_un.d_ptr = (size_t)&debug; 1855 if (DT_DEBUG_INDIRECT && app.l_map.l_ld[i].d_tag == DT_DEBUG_INDIRECT) { 1856 size_t* ptr = (size_t*)app.l_map.l_ld[i].d_un.d_ptr; 1857 *ptr = (size_t)&debug; 1858 } 1859 } 1860 1861 /* The main program must be relocated LAST since it may contin 1862 * copy relocations which depend on libraries' relocations. */ 1863 reloc_all(dso_next(&app)); 1864 reloc_all(&app); 1865 1866 update_tls_size(); 1867 static_tls_cnt = tls_cnt; 1868 1869 if (ldso_fail) 1870 _exit(127); 1871 1872 // Logically we could now switch to "runtime mode", because 1873 // startup-time dynamic linking work per se is done now. However, 1874 // the real concrete meaning of "runtime mode" is that the dlerror 1875 // machinery is usable. It's not usable until the thread descriptor 1876 // has been set up. So the switch to "runtime mode" happens in 1877 // __init_main_thread instead. 1878 1879 atomic_init(&unlogged_tail, (uintptr_t)tail); 1880 1881 debug.r_version = 1; 1882 debug.r_brk = (uintptr_t)dl_debug_state; 1883 debug.r_map = &head->l_map; 1884 debug.r_ldbase = ldso.l_map.l_addr; 1885 debug.r_state = 0; 1886 1887 // The ZX_PROP_PROCESS_DEBUG_ADDR being set to 1 on startup is a signal 1888 // to issue a debug breakpoint after setting the property to signal to a 1889 // debugger that the property is now valid. 1890 intptr_t existing_debug_addr = 0; 1891 status = _zx_object_get_property(__zircon_process_self, 1892 ZX_PROP_PROCESS_DEBUG_ADDR, 1893 &existing_debug_addr, 1894 sizeof(existing_debug_addr)); 1895 bool break_after_set = 1896 (status == ZX_OK) && 1897 (existing_debug_addr == ZX_PROCESS_DEBUG_ADDR_BREAK_ON_SET); 1898 1899 status = _zx_object_set_property(__zircon_process_self, 1900 ZX_PROP_PROCESS_DEBUG_ADDR, 1901 &_dl_debug_addr, sizeof(_dl_debug_addr)); 1902 if (status != ZX_OK) { 1903 // Bummer. Crashlogger backtraces, debugger sessions, etc. will be 1904 // problematic, but this isn't fatal. 1905 // TODO(dje): Is there a way to detect we're here because of being 1906 // an injected process (launchpad_start_injected)? IWBN to print a 1907 // warning here but launchpad_start_injected can trigger this. 1908 } 1909 if (break_after_set) { 1910 debug_break(); 1911 } 1912 1913 _dl_debug_state(); 1914 1915 if (log_libs) 1916 _dl_log_unlogged(); 1917 1918 if (trace_maps) { 1919 for (struct dso* p = &app; p != NULL; p = dso_next(p)) { 1920 trace_load(p); 1921 } 1922 } 1923 1924 // Reset from the argv[0] value so we don't save a dangling pointer 1925 // into the caller's stack frame. 1926 app.l_map.l_name = (char*)""; 1927 1928 // Check for a PT_GNU_STACK header requesting a main thread stack size. 1929 libc.stack_size = DEFAULT_PTHREAD_ATTR._a_stacksize; 1930 for (size_t i = 0; i < app.phnum; i++) { 1931 if (app.phdr[i].p_type == PT_GNU_STACK) { 1932 size_t size = app.phdr[i].p_memsz; 1933 if (size > 0) 1934 libc.stack_size = size; 1935 break; 1936 } 1937 } 1938 1939 const Ehdr* ehdr = (void*)app.map; 1940 return laddr(&app, ehdr->e_entry); 1941} 1942 1943__NO_SAFESTACK NO_ASAN static dl_start_return_t __dls3(void* start_arg) { 1944 zx_handle_t bootstrap = (uintptr_t)start_arg; 1945 1946 uint32_t nbytes, nhandles; 1947 zx_status_t status = zxr_message_size(bootstrap, &nbytes, &nhandles); 1948 if (status != ZX_OK) { 1949 error("zxr_message_size bootstrap handle %#x failed: %d (%s)", 1950 bootstrap, status, _zx_status_get_string(status)); 1951 nbytes = nhandles = 0; 1952 } 1953 1954 ZXR_PROCESSARGS_BUFFER(buffer, nbytes); 1955 zx_handle_t handles[nhandles]; 1956 zx_proc_args_t* procargs; 1957 uint32_t* handle_info; 1958 if (status == ZX_OK) 1959 status = zxr_processargs_read(bootstrap, buffer, nbytes, 1960 handles, nhandles, 1961 &procargs, &handle_info); 1962 if (status != ZX_OK) { 1963 error("bad message of %u bytes, %u handles" 1964 " from bootstrap handle %#x: %d (%s)", 1965 nbytes, nhandles, bootstrap, status, 1966 _zx_status_get_string(status)); 1967 nbytes = nhandles = 0; 1968 } 1969 1970 zx_handle_t exec_vmo = ZX_HANDLE_INVALID; 1971 for (int i = 0; i < nhandles; ++i) { 1972 switch (PA_HND_TYPE(handle_info[i])) { 1973 case PA_LDSVC_LOADER: 1974 if (loader_svc != ZX_HANDLE_INVALID || 1975 handles[i] == ZX_HANDLE_INVALID) { 1976 error("bootstrap message bad LOADER_SVC %#x vs %#x", 1977 handles[i], loader_svc); 1978 } 1979 loader_svc = handles[i]; 1980 break; 1981 case PA_VMO_EXECUTABLE: 1982 if (exec_vmo != ZX_HANDLE_INVALID || 1983 handles[i] == ZX_HANDLE_INVALID) { 1984 error("bootstrap message bad EXEC_VMO %#x vs %#x", 1985 handles[i], exec_vmo); 1986 } 1987 exec_vmo = handles[i]; 1988 break; 1989 case PA_FDIO_LOGGER: 1990 if (logger != ZX_HANDLE_INVALID || 1991 handles[i] == ZX_HANDLE_INVALID) { 1992 error("bootstrap message bad FDIO_LOGGER %#x vs %#x", 1993 handles[i], logger); 1994 } 1995 logger = handles[i]; 1996 break; 1997 case PA_VMAR_LOADED: 1998 if (ldso.vmar != ZX_HANDLE_INVALID || 1999 handles[i] == ZX_HANDLE_INVALID) { 2000 error("bootstrap message bad VMAR_LOADED %#x vs %#x", 2001 handles[i], ldso.vmar); 2002 } 2003 ldso.vmar = handles[i]; 2004 break; 2005 case PA_PROC_SELF: 2006 __zircon_process_self = handles[i]; 2007 break; 2008 case PA_VMAR_ROOT: 2009 __zircon_vmar_root_self = handles[i]; 2010 break; 2011 default: 2012 _zx_handle_close(handles[i]); 2013 break; 2014 } 2015 } 2016 2017 // TODO(mcgrathr): For now, always use a kernel log channel. 2018 // This needs to be replaced by a proper unprivileged logging scheme ASAP. 2019 if (logger == ZX_HANDLE_INVALID) { 2020 _zx_debuglog_create(ZX_HANDLE_INVALID, 0, &logger); 2021 } 2022 2023 if (__zircon_process_self == ZX_HANDLE_INVALID) 2024 error("bootstrap message bad no proc self"); 2025 if (__zircon_vmar_root_self == ZX_HANDLE_INVALID) 2026 error("bootstrap message bad no root vmar"); 2027 2028 // Unpack the environment strings so dls3 can use getenv. 2029 char* argv[procargs->args_num + 1]; 2030 char* envp[procargs->environ_num + 1]; 2031 status = zxr_processargs_strings(buffer, nbytes, argv, envp, NULL); 2032 if (status == ZX_OK) 2033 __environ = envp; 2034 2035 // At this point we can make system calls and have our essential 2036 // handles, so things are somewhat normal. 2037 early_init(); 2038 2039 void* entry = dls3(exec_vmo, procargs->args_num, argv); 2040 2041 // Reset it so there's no dangling pointer to this stack frame. 2042 // Presumably the parent will send the same strings in the main 2043 // bootstrap message, but that's for __libc_start_main to see. 2044 __environ = NULL; 2045 2046 if (vdso.global <= 0) { 2047 // Nothing linked against the vDSO. Ideally we would unmap the 2048 // vDSO, but there is no way to do it because the unmap system call 2049 // would try to return to the vDSO code and crash. 2050 if (ldso.global < 0) { 2051 // TODO(mcgrathr): We could free all heap data structures, and 2052 // with some vDSO assistance unmap ourselves and unwind back to 2053 // the user entry point. Thus a program could link against the 2054 // vDSO alone and not use this libc/ldso at all after startup. 2055 // We'd need to be sure there are no TLSDESC entries pointing 2056 // back to our code, but other than that there should no longer 2057 // be a way to enter our code. 2058 } else { 2059 debugmsg("Dynamic linker %s doesn't link in vDSO %s???\n", 2060 ldso.l_map.l_name, vdso.l_map.l_name); 2061 _exit(127); 2062 } 2063 } else if (ldso.global <= 0) { 2064 // This should be impossible. 2065 __builtin_trap(); 2066 } 2067 2068 return DL_START_RETURN(entry, start_arg); 2069} 2070 2071// Do sanitizer setup and whatever else must be done before dls3. 2072__NO_SAFESTACK NO_ASAN static void early_init(void) { 2073#if __has_feature(address_sanitizer) 2074 __asan_early_init(); 2075 // Inform the loader service that we prefer ASan-supporting libraries. 2076 loader_svc_config("asan"); 2077#endif 2078} 2079 2080static void set_global(struct dso* p, int global) { 2081 if (p->global > 0) { 2082 // Short-circuit if it's already fully global. Its deps will be too. 2083 return; 2084 } else if (p->global == global) { 2085 // This catches circular references as well as other redundant walks. 2086 return; 2087 } 2088 p->global = global; 2089 if (p->deps != NULL) { 2090 for (struct dso **dep = p->deps; *dep != NULL; ++dep) { 2091 set_global(*dep, global); 2092 } 2093 } 2094} 2095 2096static void* dlopen_internal(zx_handle_t vmo, const char* file, int mode) { 2097 pthread_rwlock_wrlock(&lock); 2098 __thread_allocation_inhibit(); 2099 2100 struct dso* orig_tail = tail; 2101 2102 struct dso* p; 2103 zx_status_t status = (vmo != ZX_HANDLE_INVALID ? 2104 load_library_vmo(vmo, file, mode, head, &p) : 2105 load_library(file, mode, head, &p)); 2106 2107 if (status != ZX_OK) { 2108 error("Error loading shared library %s: %s", 2109 file, _zx_status_get_string(status)); 2110 fail: 2111 __thread_allocation_release(); 2112 pthread_rwlock_unlock(&lock); 2113 return NULL; 2114 } 2115 2116 if (p == NULL) { 2117 if (!(mode & RTLD_NOLOAD)) 2118 __builtin_trap(); 2119 error("Library %s is not already loaded", file); 2120 goto fail; 2121 } 2122 2123 struct tls_module* orig_tls_tail = tls_tail; 2124 size_t orig_tls_cnt = tls_cnt; 2125 size_t orig_tls_offset = tls_offset; 2126 size_t orig_tls_align = tls_align; 2127 2128 struct dl_alloc_checkpoint checkpoint; 2129 dl_alloc_checkpoint(&checkpoint); 2130 2131 jmp_buf jb; 2132 rtld_fail = &jb; 2133 if (setjmp(*rtld_fail)) { 2134 /* Clean up anything new that was (partially) loaded */ 2135 if (p && p->deps) 2136 set_global(p, 0); 2137 for (p = dso_next(orig_tail); p; p = dso_next(p)) 2138 unmap_library(p); 2139 if (!orig_tls_tail) 2140 libc.tls_head = 0; 2141 tls_tail = orig_tls_tail; 2142 tls_cnt = orig_tls_cnt; 2143 tls_offset = orig_tls_offset; 2144 tls_align = orig_tls_align; 2145 tail = orig_tail; 2146 dso_set_next(tail, NULL); 2147 dl_alloc_rollback(&checkpoint); 2148 goto fail; 2149 } 2150 2151 /* First load handling */ 2152 if (!p->deps) { 2153 load_deps(p); 2154 set_global(p, -1); 2155 reloc_all(p); 2156 set_global(p, 0); 2157 } 2158 2159 if (mode & RTLD_GLOBAL) { 2160 set_global(p, 1); 2161 } 2162 2163 update_tls_size(); 2164 _dl_debug_state(); 2165 if (trace_maps) { 2166 trace_load(p); 2167 } 2168 2169 // Allow thread creation, now that the TLS bookkeeping is consistent. 2170 __thread_allocation_release(); 2171 2172 // Bump the dl_iterate_phdr dlpi_adds counter. 2173 gencnt++; 2174 2175 // Collect the current new tail before we release the lock. 2176 // Another dlopen can come in and advance the tail, but we 2177 // alone are responsible for making sure that do_init_fini 2178 // starts with the first object we just added. 2179 struct dso* new_tail = tail; 2180 2181 // The next _dl_log_unlogged can safely read the 'struct dso' list from 2182 // head up through new_tail. Most fields will never change again. 2183 atomic_store_explicit(&unlogged_tail, (uintptr_t)new_tail, 2184 memory_order_release); 2185 2186 pthread_rwlock_unlock(&lock); 2187 2188 if (log_libs) 2189 _dl_log_unlogged(); 2190 2191 do_init_fini(new_tail); 2192 2193 return p; 2194} 2195 2196void* dlopen(const char* file, int mode) { 2197 if (!file) 2198 return head; 2199 return dlopen_internal(ZX_HANDLE_INVALID, file, mode); 2200} 2201 2202void* dlopen_vmo(zx_handle_t vmo, int mode) { 2203 if (vmo == ZX_HANDLE_INVALID) { 2204 errno = EINVAL; 2205 return NULL; 2206 } 2207 return dlopen_internal(vmo, NULL, mode); 2208} 2209 2210zx_handle_t dl_set_loader_service(zx_handle_t new_svc) { 2211 zx_handle_t old_svc; 2212 pthread_rwlock_wrlock(&lock); 2213 old_svc = loader_svc; 2214 loader_svc = new_svc; 2215 pthread_rwlock_unlock(&lock); 2216 return old_svc; 2217} 2218 2219__attribute__((__visibility__("hidden"))) int __dl_invalid_handle(void* h) { 2220 struct dso* p; 2221 for (p = head; p; p = dso_next(p)) 2222 if (h == p) 2223 return 0; 2224 error("Invalid library handle %p", (void*)h); 2225 return 1; 2226} 2227 2228static void* addr2dso(size_t a) { 2229 struct dso* p; 2230 for (p = head; p; p = dso_next(p)) { 2231 if (a - (size_t)p->map < p->map_len) 2232 return p; 2233 } 2234 return 0; 2235} 2236 2237void* __tls_get_addr(size_t*); 2238 2239static bool find_sym_for_dlsym(struct dso* p, 2240 const char* name, 2241 uint32_t* name_gnu_hash, 2242 uint32_t* name_sysv_hash, 2243 void** result) { 2244 const Sym* sym; 2245 if (p->ghashtab != NULL) { 2246 if (*name_gnu_hash == 0) 2247 *name_gnu_hash = gnu_hash(name); 2248 sym = gnu_lookup(*name_gnu_hash, p->ghashtab, p, name); 2249 } else { 2250 if (*name_sysv_hash == 0) 2251 *name_sysv_hash = sysv_hash(name); 2252 sym = sysv_lookup(name, *name_sysv_hash, p); 2253 } 2254 if (sym && (sym->st_info & 0xf) == STT_TLS) { 2255 *result = __tls_get_addr((size_t[]){p->tls_id, sym->st_value}); 2256 return true; 2257 } 2258 if (sym && sym->st_value && (1 << (sym->st_info & 0xf) & OK_TYPES)) { 2259 *result = laddr(p, sym->st_value); 2260 return true; 2261 } 2262 if (p->deps) { 2263 for (struct dso** dep = p->deps; *dep != NULL; ++dep) { 2264 if (find_sym_for_dlsym(*dep, name, name_gnu_hash, name_sysv_hash, 2265 result)) 2266 return true; 2267 } 2268 } 2269 return false; 2270} 2271 2272static void* do_dlsym(struct dso* p, const char* s, void* ra) { 2273 if (p == head || p == RTLD_DEFAULT || p == RTLD_NEXT) { 2274 if (p == RTLD_DEFAULT) { 2275 p = head; 2276 } else if (p == RTLD_NEXT) { 2277 p = addr2dso((size_t)ra); 2278 if (!p) 2279 p = head; 2280 p = dso_next(p); 2281 } 2282 struct symdef def = find_sym(p, s, 0); 2283 if (!def.sym) 2284 goto failed; 2285 if ((def.sym->st_info & 0xf) == STT_TLS) 2286 return __tls_get_addr((size_t[]){def.dso->tls_id, def.sym->st_value}); 2287 return laddr(def.dso, def.sym->st_value); 2288 } 2289 if (__dl_invalid_handle(p)) 2290 return 0; 2291 uint32_t gnu_hash = 0, sysv_hash = 0; 2292 void* result; 2293 if (find_sym_for_dlsym(p, s, &gnu_hash, &sysv_hash, &result)) 2294 return result; 2295failed: 2296 error("Symbol not found: %s", s); 2297 return 0; 2298} 2299 2300int dladdr(const void* addr, Dl_info* info) { 2301 struct dso* p; 2302 2303 pthread_rwlock_rdlock(&lock); 2304 p = addr2dso((size_t)addr); 2305 pthread_rwlock_unlock(&lock); 2306 2307 if (!p) 2308 return 0; 2309 2310 Sym* bestsym = NULL; 2311 void* best = 0; 2312 2313 Sym* sym = p->syms; 2314 uint32_t nsym = count_syms(p); 2315 for (; nsym; nsym--, sym++) { 2316 if (sym->st_value && (1 << (sym->st_info & 0xf) & OK_TYPES) && 2317 (1 << (sym->st_info >> 4) & OK_BINDS)) { 2318 void* symaddr = laddr(p, sym->st_value); 2319 if (symaddr > addr || symaddr < best) 2320 continue; 2321 best = symaddr; 2322 bestsym = sym; 2323 if (addr == symaddr) 2324 break; 2325 } 2326 } 2327 2328 info->dli_fname = p->l_map.l_name; 2329 info->dli_fbase = (void*)p->l_map.l_addr; 2330 info->dli_sname = bestsym == NULL ? NULL : p->strings + bestsym->st_name; 2331 info->dli_saddr = bestsym == NULL ? NULL : best; 2332 2333 return 1; 2334} 2335 2336void* dlsym(void* restrict p, const char* restrict s) { 2337 void* res; 2338 pthread_rwlock_rdlock(&lock); 2339 res = do_dlsym(p, s, __builtin_return_address(0)); 2340 pthread_rwlock_unlock(&lock); 2341 return res; 2342} 2343 2344int dl_iterate_phdr(int (*callback)(struct dl_phdr_info* info, size_t size, void* data), 2345 void* data) { 2346 struct dso* current; 2347 struct dl_phdr_info info; 2348 int ret = 0; 2349 for (current = head; current;) { 2350 info.dlpi_addr = (uintptr_t)current->l_map.l_addr; 2351 info.dlpi_name = current->l_map.l_name; 2352 info.dlpi_phdr = current->phdr; 2353 info.dlpi_phnum = current->phnum; 2354 info.dlpi_adds = gencnt; 2355 info.dlpi_subs = 0; 2356 info.dlpi_tls_modid = current->tls_id; 2357 info.dlpi_tls_data = current->tls.image; 2358 2359 ret = (callback)(&info, sizeof(info), data); 2360 2361 if (ret != 0) 2362 break; 2363 2364 pthread_rwlock_rdlock(&lock); 2365 current = dso_next(current); 2366 pthread_rwlock_unlock(&lock); 2367 } 2368 return ret; 2369} 2370 2371__attribute__((__visibility__("hidden"))) void __dl_vseterr(const char*, va_list); 2372 2373#define LOADER_SVC_MSG_MAX 1024 2374 2375__NO_SAFESTACK static zx_status_t loader_svc_rpc(uint32_t ordinal, 2376 const void* data, size_t len, 2377 zx_handle_t request_handle, 2378 zx_handle_t* result) { 2379 // Use a static buffer rather than one on the stack to avoid growing 2380 // the stack size too much. Calls to this function are always 2381 // serialized anyway, so there is no danger of collision. 2382 ldmsg_req_t req; 2383 2384 memset(&req.header, 0, sizeof(req.header)); 2385 req.header.ordinal = ordinal; 2386 2387 size_t req_len; 2388 zx_status_t status = ldmsg_req_encode(&req, &req_len, (const char*) data, len); 2389 if (status != ZX_OK) { 2390 _zx_handle_close(request_handle); 2391 error("message of %zu bytes too large for loader service protocol", 2392 len); 2393 return status; 2394 } 2395 2396 if (result != NULL) { 2397 // Don't return an uninitialized value if the channel call 2398 // succeeds but doesn't provide any handles. 2399 *result = ZX_HANDLE_INVALID; 2400 } 2401 2402 ldmsg_rsp_t rsp; 2403 memset(&rsp, 0, sizeof(rsp)); 2404 2405 zx_channel_call_args_t call = { 2406 .wr_bytes = &req, 2407 .wr_num_bytes = req_len, 2408 .wr_handles = &request_handle, 2409 .wr_num_handles = request_handle == ZX_HANDLE_INVALID ? 0 : 1, 2410 .rd_bytes = &rsp, 2411 .rd_num_bytes = sizeof(rsp), 2412 .rd_handles = result, 2413 .rd_num_handles = result == NULL ? 0 : 1, 2414 }; 2415 2416 uint32_t reply_size; 2417 uint32_t handle_count; 2418 status = _zx_channel_call(loader_svc, 0, ZX_TIME_INFINITE, 2419 &call, &reply_size, &handle_count); 2420 if (status != ZX_OK) { 2421 error("_zx_channel_call of %u bytes to loader service: %d (%s)", 2422 call.wr_num_bytes, status, _zx_status_get_string(status)); 2423 return status; 2424 } 2425 2426 size_t expected_reply_size = ldmsg_rsp_get_size(&rsp); 2427 if (reply_size != expected_reply_size) { 2428 error("loader service reply %u bytes != %u", 2429 reply_size, expected_reply_size); 2430 status = ZX_ERR_INVALID_ARGS; 2431 goto err; 2432 } 2433 if (rsp.header.ordinal != ordinal) { 2434 error("loader service reply opcode %u != %u", 2435 rsp.header.ordinal, ordinal); 2436 status = ZX_ERR_INVALID_ARGS; 2437 goto err; 2438 } 2439 if (rsp.rv != ZX_OK) { 2440 // |result| is non-null if |handle_count| > 0, because 2441 // |handle_count| <= |rd_num_handles|. 2442 if (handle_count > 0 && *result != ZX_HANDLE_INVALID) { 2443 error("loader service error %d reply contains handle %#x", 2444 rsp.rv, *result); 2445 status = ZX_ERR_INVALID_ARGS; 2446 goto err; 2447 } 2448 status = rsp.rv; 2449 } 2450 return status; 2451 2452err: 2453 if (handle_count > 0) { 2454 _zx_handle_close(*result); 2455 *result = ZX_HANDLE_INVALID; 2456 } 2457 return status; 2458} 2459 2460__NO_SAFESTACK static void loader_svc_config(const char* config) { 2461 zx_status_t status = loader_svc_rpc(LDMSG_OP_CONFIG, 2462 config, strlen(config), 2463 ZX_HANDLE_INVALID, NULL); 2464 if (status != ZX_OK) 2465 debugmsg("LDMSG_OP_CONFIG(%s): %s\n", 2466 config, _zx_status_get_string(status)); 2467} 2468 2469__NO_SAFESTACK static zx_status_t get_library_vmo(const char* name, 2470 zx_handle_t* result) { 2471 if (loader_svc == ZX_HANDLE_INVALID) { 2472 error("cannot look up \"%s\" with no loader service", name); 2473 return ZX_ERR_UNAVAILABLE; 2474 } 2475 return loader_svc_rpc(LDMSG_OP_LOAD_OBJECT, name, strlen(name), 2476 ZX_HANDLE_INVALID, result); 2477} 2478 2479__NO_SAFESTACK zx_status_t dl_clone_loader_service(zx_handle_t* out) { 2480 if (loader_svc == ZX_HANDLE_INVALID) { 2481 return ZX_ERR_UNAVAILABLE; 2482 } 2483 zx_handle_t h0, h1; 2484 zx_status_t status; 2485 if ((status = _zx_channel_create(0, &h0, &h1)) != ZX_OK) { 2486 return status; 2487 } 2488 struct { 2489 fidl_message_header_t header; 2490 ldmsg_clone_t clone; 2491 } req = { 2492 .header = { 2493 .ordinal = LDMSG_OP_CLONE, 2494 }, 2495 .clone = { 2496 .object = FIDL_HANDLE_PRESENT, 2497 }, 2498 }; 2499 2500 ldmsg_rsp_t rsp; 2501 memset(&rsp, 0, sizeof(rsp)); 2502 2503 zx_channel_call_args_t call = { 2504 .wr_bytes = &req, 2505 .wr_num_bytes = sizeof(req), 2506 .wr_handles = &h1, 2507 .wr_num_handles = 1, 2508 .rd_bytes = &rsp, 2509 .rd_num_bytes = sizeof(rsp), 2510 .rd_handles = NULL, 2511 .rd_num_handles = 0, 2512 }; 2513 uint32_t reply_size; 2514 uint32_t handle_count; 2515 if ((status = _zx_channel_call(loader_svc, 0, ZX_TIME_INFINITE, 2516 &call, &reply_size, &handle_count)) != ZX_OK) { 2517 // Do nothing. 2518 } else if ((reply_size != ldmsg_rsp_get_size(&rsp)) || 2519 (rsp.header.ordinal != LDMSG_OP_CLONE)) { 2520 status = ZX_ERR_INVALID_ARGS; 2521 } else if (rsp.rv != ZX_OK) { 2522 status = rsp.rv; 2523 } 2524 2525 if (status != ZX_OK) { 2526 _zx_handle_close(h0); 2527 } else { 2528 *out = h0; 2529 } 2530 return status; 2531} 2532 2533__NO_SAFESTACK __attribute__((__visibility__("hidden"))) void _dl_log_write( 2534 const char* buffer, size_t len) { 2535 if (logger != ZX_HANDLE_INVALID) { 2536 const size_t kLogWriteMax = 2537 (ZX_LOG_RECORD_MAX - offsetof(zx_log_record_t, data)); 2538 while (len > 0) { 2539 size_t chunk = len < kLogWriteMax ? len : kLogWriteMax; 2540 // Write only a single line at a time so each line gets tagged. 2541 const char* nl = memchr(buffer, '\n', chunk); 2542 if (nl != NULL) { 2543 chunk = nl + 1 - buffer; 2544 } 2545 zx_status_t status = _zx_debuglog_write(logger, 0, buffer, chunk); 2546 if (status != ZX_OK) { 2547 __builtin_trap(); 2548 } 2549 buffer += chunk; 2550 len -= chunk; 2551 } 2552 } else { 2553 zx_status_t status = _zx_debug_write(buffer, len); 2554 if (status != ZX_OK) { 2555 __builtin_trap(); 2556 } 2557 } 2558} 2559 2560__NO_SAFESTACK static size_t errormsg_write(FILE* f, const unsigned char* buf, 2561 size_t len) { 2562 if (f != NULL && f->wpos > f->wbase) { 2563 _dl_log_write((const char*)f->wbase, f->wpos - f->wbase); 2564 } 2565 2566 if (len > 0) { 2567 _dl_log_write((const char*)buf, len); 2568 } 2569 2570 if (f != NULL) { 2571 f->wend = f->buf + f->buf_size; 2572 f->wpos = f->wbase = f->buf; 2573 } 2574 2575 return len; 2576} 2577 2578__NO_SAFESTACK static int errormsg_vprintf(const char* restrict fmt, 2579 va_list ap) { 2580 FILE f = { 2581 .lbf = EOF, 2582 .write = errormsg_write, 2583 .buf = (void*)fmt, 2584 .buf_size = 0, 2585 .lock = -1, 2586 }; 2587 return vfprintf(&f, fmt, ap); 2588} 2589 2590__NO_SAFESTACK static void debugmsg(const char* fmt, ...) { 2591 va_list ap; 2592 va_start(ap, fmt); 2593 errormsg_vprintf(fmt, ap); 2594 va_end(ap); 2595} 2596 2597__NO_SAFESTACK static void error(const char* fmt, ...) { 2598 va_list ap; 2599 va_start(ap, fmt); 2600 if (!runtime) { 2601 errormsg_vprintf(fmt, ap); 2602 ldso_fail = 1; 2603 va_end(ap); 2604 return; 2605 } 2606 __dl_vseterr(fmt, ap); 2607 va_end(ap); 2608} 2609 2610// We piggy-back on the loader service to publish data from sanitizers. 2611void __sanitizer_publish_data(const char* sink_name, zx_handle_t vmo) { 2612 pthread_rwlock_rdlock(&lock); 2613 zx_status_t status = loader_svc_rpc(LDMSG_OP_DEBUG_PUBLISH_DATA_SINK, 2614 sink_name, strlen(sink_name), 2615 vmo, NULL); 2616 if (status != ZX_OK) { 2617 // TODO(mcgrathr): Send this whereever sanitizer logging goes. 2618 debugmsg("Failed to publish data sink \"%s\" (%s): %s\n", 2619 sink_name, _zx_status_get_string(status), dlerror()); 2620 } 2621 pthread_rwlock_unlock(&lock); 2622} 2623 2624// ... and to get configuration files for them. 2625zx_status_t __sanitizer_get_configuration(const char* name, 2626 zx_handle_t *out_vmo) { 2627 pthread_rwlock_rdlock(&lock); 2628 zx_status_t status = loader_svc_rpc(LDMSG_OP_DEBUG_LOAD_CONFIG, 2629 name, strlen(name), 2630 ZX_HANDLE_INVALID, out_vmo); 2631 if (status != ZX_OK) { 2632 // TODO(mcgrathr): Send this whereever sanitizer logging goes. 2633 debugmsg("Failed to get configuration file \"%s\" (%s): %s\n", 2634 name, _zx_status_get_string(status), dlerror()); 2635 } 2636 pthread_rwlock_unlock(&lock); 2637 return status; 2638} 2639 2640#ifdef __clang__ 2641// Under -fsanitize-coverage, the startup code path before __dls3 cannot 2642// use PLT calls, so its calls to the sancov hook are a problem. We use 2643// some assembler chicanery to redirect those calls to the local symbol 2644// _dynlink_sancov_trampoline. Since the target of the PLT relocs is 2645// local, the linker will elide the PLT entry and resolve the calls 2646// directly to our definition. The trampoline checks the 'runtime' flag to 2647// distinguish calls before final relocation is complete, and only calls 2648// into the sanitizer runtime once it's actually up. Because of the 2649// .weakref chicanery, _dynlink_sancov_trace_pc_guard must be in a separate 2650// assembly file. 2651__asm__(".weakref __sanitizer_cov_trace_pc_guard, _dynlink_sancov_trampoline"); 2652__asm__(".hidden _dynlink_sancov_trace_pc_guard"); 2653__asm__(".pushsection .text._dynlink_sancov_trampoline,\"ax\",%progbits\n" 2654 ".local _dynlink_sancov_trampoline\n" 2655 ".type _dynlink_sancov_trampoline,%function\n" 2656 "_dynlink_sancov_trampoline:\n" 2657# ifdef __x86_64__ 2658 "cmpl $0, _dynlink_runtime(%rip)\n" 2659 "jne _dynlink_sancov_trace_pc_guard\n" 2660 "ret\n" 2661# elif defined(__aarch64__) 2662 "adrp x16, _dynlink_runtime\n" 2663 "ldr w16, [x16, #:lo12:_dynlink_runtime]\n" 2664 "cbnz w16, _dynlink_sancov_trace_pc_guard\n" 2665 "ret\n" 2666# else 2667# error unsupported architecture 2668# endif 2669 ".size _dynlink_sancov_trampoline, . - _dynlink_sancov_trampoline\n" 2670 ".popsection"); 2671#endif 2672