1 /* $NetBSD: rtld.c,v 1.224 2026/02/10 19:58:13 skrll Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt (at) 3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root (at) ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp (at) polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: rtld.c,v 1.224 2026/02/10 19:58:13 skrll Exp $"); 44 #endif /* not lint */ 45 46 #include <sys/param.h> 47 #include <sys/atomic.h> 48 #include <sys/mman.h> 49 #include <err.h> 50 #include <errno.h> 51 #include <fcntl.h> 52 #include <lwp.h> 53 #include <stdarg.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <string.h> 57 #include <unistd.h> 58 #include <dirent.h> 59 60 #include <ctype.h> 61 62 #include <dlfcn.h> 63 64 #include "debug.h" 65 #include "hash.h" 66 #include "rtld.h" 67 68 #if !defined(lint) 69 #include "sysident.h" 70 #endif 71 72 /* 73 * Hidden function from common/lib/libc/atomic - nop on machines 74 * with enough atomic ops. Need to explicitly call it early. 75 * libc has the same symbol and will initialize itself, but not our copy. 76 */ 77 void __libc_atomic_init(void); 78 79 /* 80 * Function declarations. 81 */ 82 static void _rtld_init(caddr_t, caddr_t, const char *); 83 static void _rtld_exit(void); 84 85 Elf_Addr _rtld(Elf_Addr *, Elf_Addr); 86 87 88 /* 89 * Data declarations. 90 */ 91 static char *error_message; /* Message for dlopen(), or NULL */ 92 93 struct r_debug _rtld_debug; /* The SVR4 interface for the debugger */ 94 bool _rtld_trust; /* False for setuid and setgid programs */ 95 Obj_Entry *_rtld_objlist; /* Head of linked list of shared objects */ 96 Obj_Entry **_rtld_objtail; /* Link field of last object in list */ 97 Obj_Entry *_rtld_objmain; /* The main program shared object */ 98 Obj_Entry _rtld_objself; /* The dynamic linker shared object */ 99 u_int _rtld_objcount; /* Number of objects in _rtld_objlist */ 100 u_int _rtld_objloads; /* Number of objects loaded in _rtld_objlist */ 101 u_int _rtld_objgen; /* Generation count for _rtld_objlist */ 102 const char _rtld_path[] = _PATH_RTLD; 103 104 /* Initialize a fake symbol for resolving undefined weak references. */ 105 Elf_Sym _rtld_sym_zero = { 106 .st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE), 107 .st_shndx = SHN_ABS, 108 }; 109 size_t _rtld_pagesz; /* Page size, as provided by kernel */ 110 111 Search_Path *_rtld_default_paths; 112 Search_Path *_rtld_paths; 113 114 Library_Xform *_rtld_xforms; 115 static void *auxinfo; 116 117 /* 118 * Global declarations normally provided by crt0. 119 */ 120 char *__progname; 121 char **environ; 122 123 static volatile bool _rtld_mutex_may_recurse; 124 125 #if defined(RTLD_DEBUG) 126 #ifndef __sh__ 127 extern Elf_Addr _GLOBAL_OFFSET_TABLE_[]; 128 #else /* 32-bit SuperH */ 129 register Elf_Addr *_GLOBAL_OFFSET_TABLE_ asm("r12"); 130 #endif 131 #endif /* RTLD_DEBUG */ 132 extern Elf_Dyn _DYNAMIC; 133 134 static void _rtld_call_fini_functions(sigset_t *, int); 135 static void _rtld_call_init_functions(sigset_t *); 136 static void _rtld_call_preinit_functions(sigset_t *); 137 static void _rtld_initlist_visit(Objlist *, Obj_Entry *, int); 138 static void _rtld_initlist_tsort(Objlist *, int); 139 static Obj_Entry *_rtld_dlcheck(void *); 140 static void _rtld_init_dag(Obj_Entry *); 141 static void _rtld_init_dag1(Obj_Entry *, Obj_Entry *); 142 static void _rtld_objlist_remove(Objlist *, Obj_Entry *); 143 static void _rtld_objlist_clear(Objlist *); 144 static void _rtld_unload_object(sigset_t *, Obj_Entry *, bool); 145 static void _rtld_unref_dag(Obj_Entry *); 146 static Obj_Entry *_rtld_obj_from_addr(const void *); 147 static void _rtld_fill_dl_phdr_info(const Obj_Entry *, struct dl_phdr_info *); 148 149 static inline void 150 _rtld_call_initfini_function(fptr_t func, sigset_t *mask) 151 { 152 _rtld_exclusive_exit(mask); 153 (*func)(); 154 _rtld_exclusive_enter(mask); 155 } 156 157 static void 158 _rtld_call_fini_function(Obj_Entry *obj, sigset_t *mask, u_int cur_objgen) 159 { 160 if (obj->fini_arraysz == 0 && (obj->fini == NULL || obj->fini_called)) 161 return; 162 163 if (obj->fini != NULL && !obj->fini_called) { 164 dbg (("calling fini function %s at %p%s", obj->path, 165 (void *)obj->fini, 166 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 167 obj->fini_called = 1; 168 _rtld_call_initfini_function(obj->fini, mask); 169 } 170 #ifdef HAVE_INITFINI_ARRAY 171 /* 172 * Now process the fini_array if it exists. Simply go from 173 * start to end. We need to make restartable so just advance 174 * the array pointer and decrement the size each time through 175 * the loop. 176 */ 177 while (obj->fini_arraysz > 0 && _rtld_objgen == cur_objgen) { 178 fptr_t fini = *obj->fini_array++; 179 obj->fini_arraysz--; 180 dbg (("calling fini array function %s at %p%s", obj->path, 181 (void *)fini, 182 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 183 _rtld_call_initfini_function(fini, mask); 184 } 185 #endif /* HAVE_INITFINI_ARRAY */ 186 } 187 188 static void 189 _rtld_call_fini_functions(sigset_t *mask, int force) 190 { 191 Objlist_Entry *elm; 192 Objlist finilist; 193 u_int cur_objgen; 194 195 dbg(("_rtld_call_fini_functions(%d)", force)); 196 197 restart: 198 cur_objgen = ++_rtld_objgen; 199 SIMPLEQ_INIT(&finilist); 200 _rtld_initlist_tsort(&finilist, 1); 201 202 /* First pass: objects _not_ marked with DF_1_INITFIRST. */ 203 SIMPLEQ_FOREACH(elm, &finilist, link) { 204 Obj_Entry * const obj = elm->obj; 205 if (!obj->z_initfirst) { 206 if (obj->refcount > 0 && !force) { 207 continue; 208 } 209 /* 210 * XXX This can race against a concurrent dlclose(). 211 * XXX In that case, the object could be unmapped before 212 * XXX the fini() call or the fini_array has completed. 213 */ 214 _rtld_call_fini_function(obj, mask, cur_objgen); 215 if (_rtld_objgen != cur_objgen) { 216 dbg(("restarting fini iteration")); 217 _rtld_objlist_clear(&finilist); 218 goto restart; 219 } 220 } 221 } 222 223 /* Second pass: objects marked with DF_1_INITFIRST. */ 224 SIMPLEQ_FOREACH(elm, &finilist, link) { 225 Obj_Entry * const obj = elm->obj; 226 if (obj->refcount > 0 && !force) { 227 continue; 228 } 229 /* XXX See above for the race condition here */ 230 _rtld_call_fini_function(obj, mask, cur_objgen); 231 if (_rtld_objgen != cur_objgen) { 232 dbg(("restarting fini iteration")); 233 _rtld_objlist_clear(&finilist); 234 goto restart; 235 } 236 } 237 238 _rtld_objlist_clear(&finilist); 239 } 240 241 static void 242 _rtld_call_init_function(Obj_Entry *obj, sigset_t *mask, u_int cur_objgen) 243 { 244 if (obj->init_arraysz == 0 && (obj->init_called || obj->init == NULL)) 245 return; 246 247 if (!obj->init_called && obj->init != NULL) { 248 dbg (("calling init function %s at %p%s", 249 obj->path, (void *)obj->init, 250 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 251 obj->init_called = 1; 252 _rtld_call_initfini_function(obj->init, mask); 253 } 254 255 #ifdef HAVE_INITFINI_ARRAY 256 /* 257 * Now process the init_array if it exists. Simply go from 258 * start to end. We need to make restartable so just advance 259 * the array pointer and decrement the size each time through 260 * the loop. 261 */ 262 while (obj->init_arraysz > 0 && _rtld_objgen == cur_objgen) { 263 fptr_t init = *obj->init_array++; 264 obj->init_arraysz--; 265 dbg (("calling init_array function %s at %p%s", 266 obj->path, (void *)init, 267 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 268 _rtld_call_initfini_function(init, mask); 269 } 270 #endif /* HAVE_INITFINI_ARRAY */ 271 } 272 273 static bool 274 _rtld_call_ifunc_functions(sigset_t *mask, Obj_Entry *obj, u_int cur_objgen) 275 { 276 if (obj->ifunc_remaining 277 #if defined(IFUNC_NONPLT) 278 || obj->ifunc_remaining_nonplt 279 #endif 280 ) { 281 _rtld_call_ifunc(obj, mask, cur_objgen); 282 if (_rtld_objgen != cur_objgen) { 283 return true; 284 } 285 } 286 return false; 287 } 288 289 static void 290 _rtld_call_preinit_functions(sigset_t *mask) 291 { 292 #ifdef HAVE_INITFINI_ARRAY 293 Obj_Entry *obj = _rtld_objmain; 294 295 /* 296 * Process the init_array if it exists. Simply go from start 297 * to end. 298 */ 299 for (size_t i = 0; i < obj->preinit_arraysz; i++) { 300 fptr_t preinit = obj->preinit_array[i]; 301 dbg (("calling preinit_array function %s at %p", 302 obj->path, (void *)preinit)); 303 _rtld_call_initfini_function(preinit, mask); 304 } 305 #endif /* HAVE_INITFINI_ARRAY */ 306 } 307 308 static void 309 _rtld_call_init_functions(sigset_t *mask) 310 { 311 Objlist_Entry *elm; 312 Objlist initlist; 313 u_int cur_objgen; 314 315 dbg(("_rtld_call_init_functions()")); 316 317 restart: 318 cur_objgen = ++_rtld_objgen; 319 SIMPLEQ_INIT(&initlist); 320 _rtld_initlist_tsort(&initlist, 0); 321 322 /* First pass: objects with IRELATIVE relocations. */ 323 SIMPLEQ_FOREACH(elm, &initlist, link) { 324 if (_rtld_call_ifunc_functions(mask, elm->obj, cur_objgen)) { 325 dbg(("restarting init iteration")); 326 _rtld_objlist_clear(&initlist); 327 goto restart; 328 } 329 } 330 /* 331 * XXX: For historic reasons, init/fini of the main object are called 332 * from crt0. Don't introduce that mistake for ifunc, so look at 333 * the head of _rtld_objlist that _rtld_initlist_tsort skipped. 334 */ 335 if (_rtld_call_ifunc_functions(mask, _rtld_objlist, cur_objgen)) { 336 dbg(("restarting init iteration")); 337 _rtld_objlist_clear(&initlist); 338 goto restart; 339 } 340 341 /* Second pass: objects marked with DF_1_INITFIRST. */ 342 SIMPLEQ_FOREACH(elm, &initlist, link) { 343 Obj_Entry * const obj = elm->obj; 344 if (obj->z_initfirst) { 345 _rtld_call_init_function(obj, mask, cur_objgen); 346 if (_rtld_objgen != cur_objgen) { 347 dbg(("restarting init iteration")); 348 _rtld_objlist_clear(&initlist); 349 goto restart; 350 } 351 } 352 } 353 354 /* Third pass: all other objects. */ 355 SIMPLEQ_FOREACH(elm, &initlist, link) { 356 _rtld_call_init_function(elm->obj, mask, cur_objgen); 357 if (_rtld_objgen != cur_objgen) { 358 dbg(("restarting init iteration")); 359 _rtld_objlist_clear(&initlist); 360 goto restart; 361 } 362 } 363 364 _rtld_objlist_clear(&initlist); 365 } 366 367 /* 368 * Initialize the dynamic linker. The argument is the address at which 369 * the dynamic linker has been mapped into memory. The primary task of 370 * this function is to create an Obj_Entry for the dynamic linker and 371 * to resolve the PLT relocation for platforms that need it (those that 372 * define __HAVE_FUNCTION_DESCRIPTORS 373 */ 374 static void 375 _rtld_init(caddr_t mapbase, caddr_t relocbase, const char *execname) 376 { 377 const Elf_Ehdr *ehdr; 378 379 /* Conjure up an Obj_Entry structure for the dynamic linker. */ 380 _rtld_objself.path = __UNCONST(_rtld_path); 381 _rtld_objself.pathlen = sizeof(_rtld_path)-1; 382 _rtld_objself.rtld = true; 383 _rtld_objself.mapbase = mapbase; 384 _rtld_objself.relocbase = relocbase; 385 _rtld_objself.dynamic = (Elf_Dyn *) &_DYNAMIC; 386 _rtld_objself.strtab = "_rtld_sym_zero"; 387 388 /* 389 * Set value to -relocbase so that 390 * 391 * _rtld_objself.relocbase + _rtld_sym_zero.st_value == 0 392 * 393 * This allows unresolved references to weak symbols to be computed 394 * to a value of 0. 395 */ 396 _rtld_sym_zero.st_value = -(uintptr_t)relocbase; 397 398 _rtld_digest_dynamic(_rtld_path, &_rtld_objself); 399 assert(!_rtld_objself.needed); 400 #if !defined(__hppa__) 401 assert(!_rtld_objself.pltrel && !_rtld_objself.pltrela); 402 #else 403 _rtld_relocate_plt_objects(&_rtld_objself); 404 #endif 405 #if !defined(__mips__) && !defined(__hppa__) 406 assert(!_rtld_objself.pltgot); 407 #endif 408 #if !defined(__arm__) && !defined(__mips__) && !defined(__sh__) 409 /* ARM, MIPS and SH{3,5} have a bogus DT_TEXTREL. */ 410 assert(!_rtld_objself.textrel); 411 #endif 412 413 _rtld_add_paths(execname, &_rtld_default_paths, 414 RTLD_DEFAULT_LIBRARY_PATH); 415 416 #ifdef RTLD_ARCH_SUBDIR 417 _rtld_add_paths(execname, &_rtld_default_paths, 418 RTLD_DEFAULT_LIBRARY_PATH "/" RTLD_ARCH_SUBDIR); 419 #endif 420 421 /* Make the object list empty. */ 422 _rtld_objlist = NULL; 423 _rtld_objtail = &_rtld_objlist; 424 _rtld_objcount = 0; 425 426 _rtld_debug.r_version = R_DEBUG_VERSION; 427 _rtld_debug.r_brk = _rtld_debug_state; 428 _rtld_debug.r_state = RT_CONSISTENT; 429 _rtld_debug.r_ldbase = _rtld_objself.relocbase; 430 431 ehdr = (Elf_Ehdr *)mapbase; 432 _rtld_objself.phdr = (Elf_Phdr *)((char *)mapbase + ehdr->e_phoff); 433 _rtld_objself.phsize = ehdr->e_phnum * sizeof(_rtld_objself.phdr[0]); 434 435 __libc_atomic_init(); 436 } 437 438 /* 439 * Cleanup procedure. It will be called (by the atexit() mechanism) just 440 * before the process exits. 441 */ 442 static void 443 _rtld_exit(void) 444 { 445 sigset_t mask; 446 447 dbg(("rtld_exit()")); 448 449 _rtld_exclusive_enter(&mask); 450 451 _rtld_call_fini_functions(&mask, 1); 452 453 _rtld_exclusive_exit(&mask); 454 } 455 456 __dso_public void * 457 _dlauxinfo(void) 458 { 459 return auxinfo; 460 } 461 462 /* 463 * Main entry point for dynamic linking. The argument is the stack 464 * pointer. The stack is expected to be laid out as described in the 465 * SVR4 ABI specification, Intel 386 Processor Supplement. Specifically, 466 * the stack pointer points to a word containing ARGC. Following that 467 * in the stack is a null-terminated sequence of pointers to argument 468 * strings. Then comes a null-terminated sequence of pointers to 469 * environment strings. Finally, there is a sequence of "auxiliary 470 * vector" entries. 471 * 472 * This function returns the entry point for the main program, the dynamic 473 * linker's exit procedure in sp[0], and a pointer to the main object in 474 * sp[1]. 475 */ 476 Elf_Addr 477 _rtld(Elf_Addr *sp, Elf_Addr relocbase) 478 { 479 const AuxInfo *pAUX_base, *pAUX_entry, *pAUX_execfd, *pAUX_phdr, 480 *pAUX_phent, *pAUX_phnum, *pAUX_euid, *pAUX_egid, 481 *pAUX_ruid, *pAUX_rgid; 482 const AuxInfo *pAUX_pagesz; 483 char **env, **oenvp; 484 const AuxInfo *auxp; 485 Obj_Entry *obj; 486 Elf_Addr *const osp = sp; 487 bool bind_now = 0; 488 const char *ld_bind_now, *ld_preload, *ld_library_path; 489 const char **argv; 490 const char *execname, *objmain_name; 491 long argc; 492 const char **real___progname; 493 const Obj_Entry **real___mainprog_obj; 494 char ***real_environ; 495 sigset_t mask; 496 #ifdef DEBUG 497 const char *ld_debug; 498 #endif 499 #ifdef RTLD_DEBUG 500 int i = 0; 501 #endif 502 503 /* 504 * On entry, the dynamic linker itself has not been relocated yet. 505 * Be very careful not to reference any global data until after 506 * _rtld_init has returned. It is OK to reference file-scope statics 507 * and string constants, and to call static and global functions. 508 */ 509 /* Find the auxiliary vector on the stack. */ 510 /* first Elf_Word reserved to address of exit routine */ 511 #if defined(RTLD_DEBUG) 512 debug = 1; 513 dbg(("sp = %p, argc = %ld, argv = %p <%s> relocbase %p", sp, 514 (long)sp[2], &sp[3], (char *) sp[3], (void *)relocbase)); 515 #ifndef __x86_64__ 516 dbg(("got is at %p, dynamic is at %p", _GLOBAL_OFFSET_TABLE_, 517 &_DYNAMIC)); 518 #endif 519 #endif 520 521 sp += 2; /* skip over return argument space */ 522 argv = (const char **) &sp[1]; 523 argc = *(long *)sp; 524 sp += 2 + argc; /* Skip over argc, arguments, and NULL 525 * terminator */ 526 env = (char **) sp; 527 while (*sp++ != 0) { /* Skip over environment, and NULL terminator */ 528 #if defined(RTLD_DEBUG) 529 dbg(("env[%d] = %p %s", i++, (void *)sp[-1], (char *)sp[-1])); 530 #endif 531 } 532 auxinfo = (AuxInfo *) sp; 533 534 pAUX_base = pAUX_entry = pAUX_execfd = NULL; 535 pAUX_phdr = pAUX_phent = pAUX_phnum = NULL; 536 pAUX_euid = pAUX_ruid = pAUX_egid = pAUX_rgid = NULL; 537 pAUX_pagesz = NULL; 538 539 execname = NULL; 540 541 /* Digest the auxiliary vector. */ 542 for (auxp = auxinfo; auxp->a_type != AT_NULL; ++auxp) { 543 switch (auxp->a_type) { 544 case AT_BASE: 545 pAUX_base = auxp; 546 break; 547 case AT_ENTRY: 548 pAUX_entry = auxp; 549 break; 550 case AT_EXECFD: 551 pAUX_execfd = auxp; 552 break; 553 case AT_PHDR: 554 pAUX_phdr = auxp; 555 break; 556 case AT_PHENT: 557 pAUX_phent = auxp; 558 break; 559 case AT_PHNUM: 560 pAUX_phnum = auxp; 561 break; 562 #ifdef AT_EUID 563 case AT_EUID: 564 pAUX_euid = auxp; 565 break; 566 case AT_RUID: 567 pAUX_ruid = auxp; 568 break; 569 case AT_EGID: 570 pAUX_egid = auxp; 571 break; 572 case AT_RGID: 573 pAUX_rgid = auxp; 574 break; 575 #endif 576 #ifdef AT_SUN_EXECNAME 577 case AT_SUN_EXECNAME: 578 execname = (const char *)(const void *)auxp->a_v; 579 break; 580 #endif 581 case AT_PAGESZ: 582 pAUX_pagesz = auxp; 583 break; 584 } 585 } 586 587 /* Initialize and relocate ourselves. */ 588 if (pAUX_base == NULL) { 589 _rtld_error("Bad pAUX_base"); 590 _rtld_die(); 591 } 592 assert(pAUX_pagesz != NULL); 593 _rtld_pagesz = (int)pAUX_pagesz->a_v; 594 _rtld_init((caddr_t)pAUX_base->a_v, (caddr_t)relocbase, execname); 595 596 __progname = _rtld_objself.path; 597 environ = env; 598 599 _rtld_trust = ((pAUX_euid ? (uid_t)pAUX_euid->a_v : geteuid()) == 600 (pAUX_ruid ? (uid_t)pAUX_ruid->a_v : getuid())) && 601 ((pAUX_egid ? (gid_t)pAUX_egid->a_v : getegid()) == 602 (pAUX_rgid ? (gid_t)pAUX_rgid->a_v : getgid())); 603 604 #ifdef DEBUG 605 ld_debug = NULL; 606 #endif 607 ld_bind_now = NULL; 608 ld_library_path = NULL; 609 ld_preload = NULL; 610 /* 611 * Inline avoid using normal getenv/unsetenv here as the libc 612 * code is quite a bit more complicated. 613 */ 614 for (oenvp = env; *env != NULL; ++env) { 615 static const char bind_var[] = "LD_BIND_NOW="; 616 static const char debug_var[] = "LD_DEBUG="; 617 static const char path_var[] = "LD_LIBRARY_PATH="; 618 static const char preload_var[] = "LD_PRELOAD="; 619 #define LEN(x) (sizeof(x) - 1) 620 621 if ((*env)[0] != 'L' || (*env)[1] != 'D') { 622 /* 623 * Special case to skip most entries without 624 * the more expensive calls to strncmp. 625 */ 626 *oenvp++ = *env; 627 } else if (strncmp(*env, debug_var, LEN(debug_var)) == 0) { 628 if (_rtld_trust) { 629 #ifdef DEBUG 630 ld_debug = *env + LEN(debug_var); 631 #endif 632 *oenvp++ = *env; 633 } 634 } else if (strncmp(*env, bind_var, LEN(bind_var)) == 0) { 635 if (_rtld_trust) { 636 ld_bind_now = *env + LEN(bind_var); 637 *oenvp++ = *env; 638 } 639 } else if (strncmp(*env, path_var, LEN(path_var)) == 0) { 640 if (_rtld_trust) { 641 ld_library_path = *env + LEN(path_var); 642 *oenvp++ = *env; 643 } 644 } else if (strncmp(*env, preload_var, LEN(preload_var)) == 0) { 645 if (_rtld_trust) { 646 ld_preload = *env + LEN(preload_var); 647 *oenvp++ = *env; 648 } 649 } else { 650 *oenvp++ = *env; 651 } 652 #undef LEN 653 } 654 *oenvp++ = NULL; 655 656 /* 657 * Set the main name. Prefer the name passed by the kernel first, 658 * then the argument vector, and fall back to "main program" 659 * This way the name will be an absolute path if available. 660 */ 661 objmain_name = execname ? execname : 662 (argv[0] ? argv[0] : "main program"); 663 664 if (ld_bind_now != NULL && *ld_bind_now != '\0') 665 bind_now = true; 666 if (_rtld_trust) { 667 #ifdef DEBUG 668 #ifdef RTLD_DEBUG 669 debug = 0; 670 #endif 671 if (ld_debug != NULL && *ld_debug != '\0') 672 debug = 1; 673 #endif 674 _rtld_add_paths(execname, &_rtld_paths, ld_library_path); 675 } else { 676 // Prevent $ORIGIN expansion 677 execname = NULL; 678 } 679 _rtld_process_hints(execname, &_rtld_paths, &_rtld_xforms, 680 _PATH_LD_HINTS); 681 dbg(("dynamic linker is initialized, mapbase=%p, relocbase=%p", 682 _rtld_objself.mapbase, _rtld_objself.relocbase)); 683 684 /* 685 * Load the main program, or process its program header if it is 686 * already loaded. 687 */ 688 if (pAUX_execfd != NULL) { /* Load the main program. */ 689 int fd = pAUX_execfd->a_v; 690 dbg(("loading main program")); 691 _rtld_objmain = _rtld_map_object(objmain_name, fd, NULL); 692 close(fd); 693 if (_rtld_objmain == NULL) 694 _rtld_die(); 695 } else { /* Main program already loaded. */ 696 const Elf_Phdr *phdr; 697 int phnum; 698 caddr_t entry; 699 700 dbg(("processing main program's program header")); 701 assert(pAUX_phdr != NULL); 702 phdr = (const Elf_Phdr *) pAUX_phdr->a_v; 703 assert(pAUX_phnum != NULL); 704 phnum = pAUX_phnum->a_v; 705 assert(pAUX_phent != NULL); 706 assert(pAUX_phent->a_v == sizeof(Elf_Phdr)); 707 assert(pAUX_entry != NULL); 708 entry = (caddr_t) pAUX_entry->a_v; 709 _rtld_objmain = _rtld_digest_phdr(phdr, phnum, entry); 710 _rtld_objmain->path = xstrdup(objmain_name); 711 _rtld_objmain->pathlen = strlen(_rtld_objmain->path); 712 } 713 714 _rtld_objmain->mainprog = true; 715 716 /* 717 * Get the actual dynamic linker pathname from the executable if 718 * possible. (It should always be possible.) That ensures that 719 * the debugger will find the right dynamic linker even if a 720 * non-standard one is being used. 721 */ 722 if (_rtld_objmain->interp != NULL && 723 strcmp(_rtld_objmain->interp, _rtld_objself.path) != 0) { 724 _rtld_objself.path = xstrdup(_rtld_objmain->interp); 725 _rtld_objself.pathlen = strlen(_rtld_objself.path); 726 } 727 dbg(("actual dynamic linker is %s", _rtld_objself.path)); 728 729 _rtld_digest_dynamic(execname, _rtld_objmain); 730 731 /* Link the main program into the list of objects. */ 732 *_rtld_objtail = _rtld_objmain; 733 _rtld_objtail = &_rtld_objmain->next; 734 _rtld_objcount++; 735 _rtld_objloads++; 736 737 _rtld_linkmap_add(_rtld_objmain); 738 _rtld_objself.path = xstrdup(_rtld_objself.path); 739 _rtld_linkmap_add(&_rtld_objself); 740 741 ++_rtld_objmain->refcount; 742 _rtld_objmain->mainref = 1; 743 _rtld_objlist_push_tail(&_rtld_list_main, _rtld_objmain); 744 745 if (ld_preload) { 746 /* 747 * Pre-load user-specified objects after the main program 748 * but before any shared object dependencies. 749 */ 750 dbg(("preloading objects")); 751 if (_rtld_preload(ld_preload) == -1) 752 _rtld_die(); 753 } 754 755 dbg(("loading needed objects")); 756 if (_rtld_load_needed_objects(_rtld_objmain, _RTLD_MAIN) == -1) 757 _rtld_die(); 758 759 dbg(("checking for required versions")); 760 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 761 if (_rtld_verify_object_versions(obj) == -1) 762 _rtld_die(); 763 } 764 765 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 766 dbg(("initializing initial Thread Local Storage offsets")); 767 /* 768 * All initial objects get the TLS space from the static block. 769 */ 770 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) 771 _rtld_tls_offset_allocate(obj); 772 #endif 773 774 dbg(("relocating objects")); 775 if (_rtld_relocate_objects(_rtld_objmain, bind_now) == -1) 776 _rtld_die(); 777 778 dbg(("doing copy relocations")); 779 if (_rtld_do_copy_relocations(_rtld_objmain) == -1) 780 _rtld_die(); 781 782 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 783 dbg(("initializing Thread Local Storage for main thread")); 784 /* 785 * Set up TLS area for the main thread. 786 * This has to be done after all relocations are processed, 787 * since .tdata may contain relocations. 788 */ 789 _rtld_tls_initial_allocation(); 790 #endif 791 792 /* 793 * Set the __progname, environ and, __mainprog_obj before 794 * calling anything that might use them. 795 */ 796 real___progname = _rtld_objmain_sym("__progname"); 797 if (real___progname) { 798 if (argv[0] != NULL) { 799 if ((*real___progname = strrchr(argv[0], '/')) == NULL) 800 (*real___progname) = argv[0]; 801 else 802 (*real___progname)++; 803 } else { 804 (*real___progname) = NULL; 805 } 806 } 807 real_environ = _rtld_objmain_sym("environ"); 808 if (real_environ) 809 *real_environ = environ; 810 /* 811 * Set __mainprog_obj for old binaries. 812 */ 813 real___mainprog_obj = _rtld_objmain_sym("__mainprog_obj"); 814 if (real___mainprog_obj) 815 *real___mainprog_obj = _rtld_objmain; 816 817 _rtld_debug_state(); /* say hello to the debugger! */ 818 819 _rtld_exclusive_enter(&mask); 820 821 dbg(("calling main preinit array functions")); 822 _rtld_call_preinit_functions(&mask); 823 824 dbg(("calling _init functions")); 825 _rtld_call_init_functions(&mask); 826 827 dbg(("control at program entry point = %p, obj = %p, exit = %p", 828 _rtld_objmain->entry, _rtld_objmain, _rtld_exit)); 829 830 _rtld_exclusive_exit(&mask); 831 832 #ifdef GNU_RELRO 833 /* 834 * If the main program is lazily bound (default -- whether or 835 * not LD_BINDNOW is set in the calling environment), its RELRO 836 * region has already been mapped read-only in 837 * _rtld_do_copy_relocations. The ifunc resolutions lie 838 * outside this region, so future lazy ifunc resolution is 839 * unaffected by the RELRO region's being read-only. 840 * 841 * If the main program is eagerly bound (i.e., the object has 842 * DF_1_NOW set in DT_FLAGS_1, whether or not LD_BIND_NOW is 843 * set in the calling environment), we deferred that from 844 * _rtld_do_copy_relocations so that the ifunc resolution, we 845 * have now resolved all ifuncs in it, so we can commit the 846 * RELRO region to be read-only -- and that means ifunc 847 * resolutions are read-only too. 848 */ 849 if (_rtld_objmain->z_now && _rtld_relro(_rtld_objmain, true) == -1) 850 _rtld_die(); 851 #endif 852 853 /* 854 * Return with the entry point and the exit procedure in at the top 855 * of stack. 856 */ 857 858 ((void **) osp)[0] = _rtld_exit; 859 ((void **) osp)[1] = __UNCONST(_rtld_compat_obj); 860 return (Elf_Addr) _rtld_objmain->entry; 861 } 862 863 void 864 _rtld_die(void) 865 { 866 const char *msg = dlerror(); 867 868 if (msg == NULL) 869 msg = "Fatal error"; 870 xerrx(1, "%s", msg); 871 } 872 873 static Obj_Entry * 874 _rtld_dlcheck(void *handle) 875 { 876 Obj_Entry *obj; 877 878 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) 879 if (obj == (Obj_Entry *) handle) 880 break; 881 882 if (obj == NULL || obj->dl_refcount == 0) { 883 _rtld_error("Invalid shared object handle %p", handle); 884 return NULL; 885 } 886 return obj; 887 } 888 889 static void 890 _rtld_initlist_visit(Objlist* list, Obj_Entry *obj, int rev) 891 { 892 Needed_Entry* elm; 893 894 /* dbg(("_rtld_initlist_visit(%s)", obj->path)); */ 895 896 if (obj->init_done) 897 return; 898 obj->init_done = 1; 899 900 for (elm = obj->needed; elm != NULL; elm = elm->next) { 901 if (elm->obj != NULL) { 902 _rtld_initlist_visit(list, elm->obj, rev); 903 } 904 } 905 906 if (rev) { 907 _rtld_objlist_push_head(list, obj); 908 } else { 909 _rtld_objlist_push_tail(list, obj); 910 } 911 } 912 913 static void 914 _rtld_initlist_tsort(Objlist* list, int rev) 915 { 916 dbg(("_rtld_initlist_tsort")); 917 918 Obj_Entry* obj; 919 920 /* 921 * We don't include objmain here (starting from next) 922 * because csu handles it 923 */ 924 for (obj = _rtld_objlist->next; obj; obj = obj->next) { 925 obj->init_done = 0; 926 } 927 928 for (obj = _rtld_objlist->next; obj; obj = obj->next) { 929 _rtld_initlist_visit(list, obj, rev); 930 } 931 } 932 933 static void 934 _rtld_init_dag(Obj_Entry *root) 935 { 936 937 _rtld_init_dag1(root, root); 938 } 939 940 static void 941 _rtld_init_dag1(Obj_Entry *root, Obj_Entry *obj) 942 { 943 const Needed_Entry *needed; 944 945 if (!obj->mainref) { 946 if (_rtld_objlist_find(&obj->dldags, root)) 947 return; 948 dbg(("add %p (%s) to %p (%s) DAG", obj, obj->path, root, 949 root->path)); 950 _rtld_objlist_push_tail(&obj->dldags, root); 951 _rtld_objlist_push_tail(&root->dagmembers, obj); 952 } 953 for (needed = obj->needed; needed != NULL; needed = needed->next) 954 if (needed->obj != NULL) 955 _rtld_init_dag1(root, needed->obj); 956 } 957 958 /* 959 * Note, this is called only for objects loaded by dlopen(). 960 */ 961 static void 962 _rtld_unload_object(sigset_t *mask, Obj_Entry *root, bool do_fini_funcs) 963 { 964 965 _rtld_unref_dag(root); 966 if (root->refcount == 0) { /* We are finished with some objects. */ 967 Obj_Entry *obj; 968 Obj_Entry **linkp; 969 Objlist_Entry *elm; 970 971 /* Finalize objects that are about to be unmapped. */ 972 if (do_fini_funcs) 973 _rtld_call_fini_functions(mask, 0); 974 975 /* Remove the DAG from all objects' DAG lists. */ 976 SIMPLEQ_FOREACH(elm, &root->dagmembers, link) 977 _rtld_objlist_remove(&elm->obj->dldags, root); 978 979 /* Remove the DAG from the RTLD_GLOBAL list. */ 980 if (root->globalref) { 981 root->globalref = 0; 982 _rtld_objlist_remove(&_rtld_list_global, root); 983 } 984 985 /* Unmap all objects that are no longer referenced. */ 986 linkp = &_rtld_objlist->next; 987 while ((obj = *linkp) != NULL) { 988 if (obj->refcount == 0) { 989 dbg(("unloading \"%s\"", obj->path)); 990 if (obj->ehdr != MAP_FAILED) 991 munmap(obj->ehdr, _rtld_pagesz); 992 munmap(obj->mapbase, obj->mapsize); 993 _rtld_objlist_remove(&_rtld_list_global, obj); 994 _rtld_linkmap_delete(obj); 995 *linkp = obj->next; 996 _rtld_objcount--; 997 _rtld_obj_free(obj); 998 } else 999 linkp = &obj->next; 1000 } 1001 _rtld_objtail = linkp; 1002 } 1003 } 1004 1005 void 1006 _rtld_ref_dag(Obj_Entry *root) 1007 { 1008 const Needed_Entry *needed; 1009 1010 assert(root); 1011 1012 ++root->refcount; 1013 1014 dbg(("incremented reference on \"%s\" (%d)", root->path, 1015 root->refcount)); 1016 for (needed = root->needed; needed != NULL; 1017 needed = needed->next) { 1018 if (needed->obj != NULL) 1019 _rtld_ref_dag(needed->obj); 1020 } 1021 } 1022 1023 static void 1024 _rtld_unref_dag(Obj_Entry *root) 1025 { 1026 1027 assert(root); 1028 assert(root->refcount != 0); 1029 1030 --root->refcount; 1031 dbg(("decremented reference on \"%s\" (%d)", root->path, 1032 root->refcount)); 1033 1034 if (root->refcount == 0) { 1035 const Needed_Entry *needed; 1036 1037 for (needed = root->needed; needed != NULL; 1038 needed = needed->next) { 1039 if (needed->obj != NULL) 1040 _rtld_unref_dag(needed->obj); 1041 } 1042 } 1043 } 1044 1045 __strong_alias(__dlclose,dlclose) 1046 int 1047 dlclose(void *handle) 1048 { 1049 Obj_Entry *root; 1050 sigset_t mask; 1051 1052 dbg(("dlclose of %p", handle)); 1053 1054 _rtld_exclusive_enter(&mask); 1055 1056 root = _rtld_dlcheck(handle); 1057 1058 if (root == NULL) { 1059 _rtld_exclusive_exit(&mask); 1060 return -1; 1061 } 1062 1063 _rtld_debug.r_state = RT_DELETE; 1064 _rtld_debug_state(); 1065 1066 --root->dl_refcount; 1067 _rtld_unload_object(&mask, root, true); 1068 1069 _rtld_debug.r_state = RT_CONSISTENT; 1070 _rtld_debug_state(); 1071 1072 _rtld_exclusive_exit(&mask); 1073 1074 return 0; 1075 } 1076 1077 __strong_alias(__dlerror,dlerror) 1078 char * 1079 dlerror(void) 1080 { 1081 char *msg = error_message; 1082 1083 error_message = NULL; 1084 return msg; 1085 } 1086 1087 __strong_alias(__dlopen,dlopen) 1088 void * 1089 dlopen(const char *name, int mode) 1090 { 1091 Obj_Entry **old_obj_tail; 1092 Obj_Entry *obj = NULL; 1093 int flags = _RTLD_DLOPEN; 1094 bool nodelete; 1095 bool now; 1096 sigset_t mask; 1097 int result; 1098 1099 dbg(("dlopen of %s 0x%x", name, mode)); 1100 1101 _rtld_exclusive_enter(&mask); 1102 1103 old_obj_tail = _rtld_objtail; 1104 1105 flags |= (mode & RTLD_GLOBAL) ? _RTLD_GLOBAL : 0; 1106 flags |= (mode & RTLD_NOLOAD) ? _RTLD_NOLOAD : 0; 1107 1108 nodelete = (mode & RTLD_NODELETE) ? true : false; 1109 now = ((mode & RTLD_MODEMASK) == RTLD_NOW) ? true : false; 1110 1111 _rtld_debug.r_state = RT_ADD; 1112 _rtld_debug_state(); 1113 1114 if (name == NULL) { 1115 obj = _rtld_objmain; 1116 obj->refcount++; 1117 } else 1118 obj = _rtld_load_library(name, _rtld_objmain, flags); 1119 1120 1121 if (obj != NULL) { 1122 ++obj->dl_refcount; 1123 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1124 assert(*old_obj_tail == obj); 1125 1126 result = _rtld_load_needed_objects(obj, flags); 1127 if (result != -1) { 1128 Objlist_Entry *entry; 1129 _rtld_init_dag(obj); 1130 SIMPLEQ_FOREACH(entry, &obj->dagmembers, link) { 1131 result = _rtld_verify_object_versions(entry->obj); 1132 if (result == -1) 1133 break; 1134 } 1135 } 1136 if (result == -1 || _rtld_relocate_objects(obj, 1137 (now || obj->z_now)) == -1) { 1138 _rtld_unload_object(&mask, obj, false); 1139 obj->dl_refcount--; 1140 obj = NULL; 1141 } else { 1142 _rtld_call_init_functions(&mask); 1143 } 1144 } 1145 if (obj != NULL) { 1146 if ((nodelete || obj->z_nodelete) && !obj->ref_nodel) { 1147 dbg(("dlopen obj %s nodelete", obj->path)); 1148 _rtld_ref_dag(obj); 1149 obj->z_nodelete = obj->ref_nodel = true; 1150 } 1151 } 1152 } 1153 _rtld_debug.r_state = RT_CONSISTENT; 1154 _rtld_debug_state(); 1155 1156 dbg(("dlopen of %s 0x%x returned %p%s%s%s", name, mode, obj, 1157 obj ? "" : " (", obj ? "" : error_message, obj ? "" : ")")); 1158 1159 _rtld_exclusive_exit(&mask); 1160 1161 return obj; 1162 } 1163 1164 /* 1165 * Find a symbol in the main program. 1166 */ 1167 _Pragma("GCC diagnostic push") /* _rtld_donelist_init: -Wno-stack-protector */ 1168 _Pragma("GCC diagnostic ignored \"-Wstack-protector\"") 1169 void * 1170 _rtld_objmain_sym(const char *name) 1171 { 1172 Elf_Hash hash; 1173 const Elf_Sym *def; 1174 const Obj_Entry *obj; 1175 DoneList donelist; 1176 1177 hash.sysv = _rtld_sysv_hash(name); 1178 hash.gnu = _rtld_gnu_hash(name); 1179 obj = _rtld_objmain; 1180 _rtld_donelist_init(&donelist); 1181 1182 def = _rtld_symlook_list(name, &hash, &_rtld_list_main, &obj, 0, 1183 NULL, &donelist); 1184 1185 if (def != NULL) 1186 return obj->relocbase + def->st_value; 1187 return NULL; 1188 } 1189 _Pragma("GCC diagnostic pop") 1190 1191 #if defined(__powerpc__) && !defined(__clang__) 1192 static __noinline void * 1193 hackish_return_address(void) 1194 { 1195 #if __GNUC_PREREQ__(6,0) 1196 #pragma GCC diagnostic push 1197 #pragma GCC diagnostic ignored "-Wframe-address" 1198 #endif 1199 return __builtin_return_address(1); 1200 #if __GNUC_PREREQ__(6,0) 1201 #pragma GCC diagnostic pop 1202 #endif 1203 } 1204 #endif 1205 1206 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1207 #define lookup_mutex_enter() _rtld_exclusive_enter(&mask) 1208 #define lookup_mutex_exit() _rtld_exclusive_exit(&mask) 1209 #else 1210 #define lookup_mutex_enter() _rtld_shared_enter() 1211 #define lookup_mutex_exit() _rtld_shared_exit() 1212 #endif 1213 1214 _Pragma("GCC diagnostic push") /* _rtld_donelist_init: -Wno-stack-protector */ 1215 _Pragma("GCC diagnostic ignored \"-Wstack-protector\"") 1216 static void * 1217 do_dlsym(void *handle, const char *name, const Ver_Entry *ventry, void *retaddr) 1218 { 1219 const Obj_Entry *obj; 1220 Elf_Hash hash; 1221 const Elf_Sym *def; 1222 const Obj_Entry *defobj; 1223 DoneList donelist; 1224 const u_int flags = SYMLOOK_DLSYM | SYMLOOK_IN_PLT; 1225 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1226 sigset_t mask; 1227 #endif 1228 1229 lookup_mutex_enter(); 1230 1231 hash.sysv = _rtld_sysv_hash(name); 1232 hash.gnu = _rtld_gnu_hash(name); 1233 def = NULL; 1234 defobj = NULL; 1235 1236 switch ((intptr_t)handle) { 1237 case (intptr_t)NULL: 1238 case (intptr_t)RTLD_NEXT: 1239 case (intptr_t)RTLD_DEFAULT: 1240 case (intptr_t)RTLD_SELF: 1241 if ((obj = _rtld_obj_from_addr(retaddr)) == NULL) { 1242 _rtld_error("Cannot determine caller's shared object"); 1243 lookup_mutex_exit(); 1244 return NULL; 1245 } 1246 1247 switch ((intptr_t)handle) { 1248 case (intptr_t)NULL: /* Just the caller's shared object. */ 1249 def = _rtld_symlook_obj(name, &hash, obj, flags, ventry); 1250 defobj = obj; 1251 break; 1252 1253 case (intptr_t)RTLD_NEXT: /* Objects after callers */ 1254 obj = obj->next; 1255 /*FALLTHROUGH*/ 1256 1257 case (intptr_t)RTLD_SELF: /* Caller included */ 1258 for (; obj; obj = obj->next) { 1259 if ((def = _rtld_symlook_obj(name, &hash, obj, 1260 flags, ventry)) != NULL) { 1261 defobj = obj; 1262 break; 1263 } 1264 } 1265 /* 1266 * Search the dynamic linker itself, and possibly 1267 * resolve the symbol from there if it is not defined 1268 * already or weak. This is how the application links 1269 * to dynamic linker services such as dlopen. 1270 */ 1271 if (!def || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1272 const Elf_Sym *symp = _rtld_symlook_obj(name, 1273 &hash, &_rtld_objself, flags, ventry); 1274 if (symp != NULL) { 1275 def = symp; 1276 defobj = &_rtld_objself; 1277 } 1278 } 1279 break; 1280 1281 case (intptr_t)RTLD_DEFAULT: 1282 def = _rtld_symlook_default(name, &hash, obj, &defobj, 1283 flags, ventry); 1284 break; 1285 1286 default: 1287 abort(); 1288 } 1289 break; 1290 1291 default: 1292 if ((obj = _rtld_dlcheck(handle)) == NULL) { 1293 lookup_mutex_exit(); 1294 return NULL; 1295 } 1296 1297 _rtld_donelist_init(&donelist); 1298 1299 if (obj->mainprog) { 1300 /* Search main program and all libraries loaded by it */ 1301 def = _rtld_symlook_list(name, &hash, &_rtld_list_main, 1302 &defobj, flags, ventry, &donelist); 1303 } else { 1304 Needed_Entry fake; 1305 DoneList depth; 1306 1307 /* Search the object and all the libraries loaded by it. */ 1308 fake.next = NULL; 1309 fake.obj = __UNCONST(obj); 1310 fake.name = 0; 1311 1312 _rtld_donelist_init(&depth); 1313 def = _rtld_symlook_needed(name, &hash, &fake, &defobj, 1314 flags, ventry, &donelist, &depth); 1315 } 1316 1317 break; 1318 } 1319 1320 if (def != NULL) { 1321 void *p; 1322 1323 if (ELF_ST_TYPE(def->st_info) == STT_GNU_IFUNC) { 1324 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1325 lookup_mutex_exit(); 1326 _rtld_shared_enter(); 1327 #endif 1328 p = (void *)_rtld_resolve_ifunc(defobj, def); 1329 _rtld_shared_exit(); 1330 return p; 1331 } 1332 1333 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1334 if (ELF_ST_TYPE(def->st_info) == STT_FUNC) { 1335 p = (void *)_rtld_function_descriptor_alloc(defobj, 1336 def, 0); 1337 lookup_mutex_exit(); 1338 return p; 1339 } 1340 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1341 p = defobj->relocbase + def->st_value; 1342 lookup_mutex_exit(); 1343 return p; 1344 } 1345 1346 _rtld_error("Undefined symbol \"%s\"", name); 1347 lookup_mutex_exit(); 1348 return NULL; 1349 } 1350 _Pragma("GCC diagnostic pop") 1351 1352 __strong_alias(__dlsym,dlsym) 1353 void * 1354 dlsym(void *handle, const char *name) 1355 { 1356 void *retaddr; 1357 1358 dbg(("dlsym of %s in %p", name, handle)); 1359 1360 #if defined(__powerpc__) && !defined(__clang__) 1361 retaddr = hackish_return_address(); 1362 #else 1363 retaddr = __builtin_return_address(0); 1364 #endif 1365 return do_dlsym(handle, name, NULL, retaddr); 1366 } 1367 1368 __strong_alias(__dlvsym,dlvsym) 1369 void * 1370 dlvsym(void *handle, const char *name, const char *version) 1371 { 1372 Ver_Entry *ventry = NULL; 1373 Ver_Entry ver_entry; 1374 void *retaddr; 1375 1376 dbg(("dlvsym of %s@%s in %p", name, version ? version : NULL, handle)); 1377 1378 if (version != NULL) { 1379 ver_entry.name = version; 1380 ver_entry.file = NULL; 1381 ver_entry.hash = _rtld_sysv_hash(version); 1382 ver_entry.flags = 0; 1383 ventry = &ver_entry; 1384 } 1385 #if defined(__powerpc__) && !defined(__clang__) 1386 retaddr = hackish_return_address(); 1387 #else 1388 retaddr = __builtin_return_address(0); 1389 #endif 1390 return do_dlsym(handle, name, ventry, retaddr); 1391 } 1392 1393 __strong_alias(__dladdr,dladdr) 1394 int 1395 dladdr(const void *addr, Dl_info *info) 1396 { 1397 const Obj_Entry *obj; 1398 const Elf_Sym *def, *best_def; 1399 void *symbol_addr; 1400 unsigned long symoffset; 1401 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1402 sigset_t mask; 1403 #endif 1404 1405 dbg(("dladdr of %p", addr)); 1406 1407 lookup_mutex_enter(); 1408 1409 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1410 addr = _rtld_function_descriptor_function(addr); 1411 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1412 1413 obj = _rtld_obj_from_addr(addr); 1414 if (obj == NULL) { 1415 _rtld_error("No shared object contains address"); 1416 lookup_mutex_exit(); 1417 return 0; 1418 } 1419 info->dli_fname = obj->path; 1420 info->dli_fbase = obj->mapbase; 1421 info->dli_saddr = (void *)0; 1422 info->dli_sname = NULL; 1423 1424 /* 1425 * Walk the symbol list looking for the symbol whose address is 1426 * closest to the address sent in. 1427 */ 1428 best_def = NULL; 1429 for (symoffset = 0; symoffset < obj->nchains; symoffset++) { 1430 def = obj->symtab + symoffset; 1431 1432 /* 1433 * For skip the symbol if st_shndx is either SHN_UNDEF or 1434 * SHN_COMMON. 1435 */ 1436 if (def->st_shndx == SHN_UNDEF || def->st_shndx == SHN_COMMON) 1437 continue; 1438 1439 /* 1440 * If the symbol is greater than the specified address, or if it 1441 * is further away from addr than the current nearest symbol, 1442 * then reject it. 1443 */ 1444 symbol_addr = obj->relocbase + def->st_value; 1445 if (symbol_addr > addr || symbol_addr < info->dli_saddr) 1446 continue; 1447 1448 /* Update our idea of the nearest symbol. */ 1449 info->dli_sname = obj->strtab + def->st_name; 1450 info->dli_saddr = symbol_addr; 1451 best_def = def; 1452 1453 1454 /* Exact match? */ 1455 if (info->dli_saddr == addr) 1456 break; 1457 } 1458 1459 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1460 if (best_def != NULL && ELF_ST_TYPE(best_def->st_info) == STT_FUNC) 1461 info->dli_saddr = (void *)_rtld_function_descriptor_alloc(obj, 1462 best_def, 0); 1463 #else 1464 __USE(best_def); 1465 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1466 1467 lookup_mutex_exit(); 1468 return 1; 1469 } 1470 1471 __strong_alias(__dlinfo,dlinfo) 1472 int 1473 dlinfo(void *handle, int req, void *v) 1474 { 1475 const Obj_Entry *obj; 1476 void *retaddr; 1477 1478 dbg(("dlinfo for %p %d", handle, req)); 1479 1480 _rtld_shared_enter(); 1481 1482 if (handle == RTLD_SELF) { 1483 #if defined(__powerpc__) && !defined(__clang__) 1484 retaddr = hackish_return_address(); 1485 #else 1486 retaddr = __builtin_return_address(0); 1487 #endif 1488 if ((obj = _rtld_obj_from_addr(retaddr)) == NULL) { 1489 _rtld_error("Cannot determine caller's shared object"); 1490 _rtld_shared_exit(); 1491 return -1; 1492 } 1493 } else { 1494 if ((obj = _rtld_dlcheck(handle)) == NULL) { 1495 _rtld_shared_exit(); 1496 return -1; 1497 } 1498 } 1499 1500 switch (req) { 1501 case RTLD_DI_LINKMAP: 1502 { 1503 const struct link_map **map = v; 1504 1505 *map = &obj->linkmap; 1506 break; 1507 } 1508 1509 default: 1510 _rtld_error("Invalid request"); 1511 _rtld_shared_exit(); 1512 return -1; 1513 } 1514 1515 _rtld_shared_exit(); 1516 return 0; 1517 } 1518 1519 static void 1520 _rtld_fill_dl_phdr_info(const Obj_Entry *obj, struct dl_phdr_info *phdr_info) 1521 { 1522 1523 phdr_info->dlpi_addr = (Elf_Addr)obj->relocbase; 1524 /* XXX: wrong but not fixing it yet */ 1525 phdr_info->dlpi_name = obj->path; 1526 phdr_info->dlpi_phdr = obj->phdr; 1527 phdr_info->dlpi_phnum = obj->phsize / sizeof(obj->phdr[0]); 1528 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 1529 phdr_info->dlpi_tls_modid = obj->tlsindex; 1530 phdr_info->dlpi_tls_data = obj->tlsinit; 1531 #else 1532 phdr_info->dlpi_tls_modid = 0; 1533 phdr_info->dlpi_tls_data = 0; 1534 #endif 1535 phdr_info->dlpi_adds = _rtld_objloads; 1536 phdr_info->dlpi_subs = _rtld_objloads - _rtld_objcount; 1537 } 1538 1539 __strong_alias(__dl_iterate_phdr,dl_iterate_phdr); 1540 int 1541 dl_iterate_phdr(int (*callback)(struct dl_phdr_info *, size_t, void *), void *param) 1542 { 1543 struct dl_phdr_info phdr_info; 1544 const Obj_Entry *obj; 1545 int error = 0; 1546 1547 dbg(("dl_iterate_phdr")); 1548 1549 _rtld_shared_enter(); 1550 1551 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 1552 _rtld_fill_dl_phdr_info(obj, &phdr_info); 1553 1554 /* XXXlocking: exit point */ 1555 error = callback(&phdr_info, sizeof(phdr_info), param); 1556 if (error) 1557 break; 1558 } 1559 1560 if (error == 0) { 1561 _rtld_fill_dl_phdr_info(&_rtld_objself, &phdr_info); 1562 1563 /* XXXlocking: exit point */ 1564 error = callback(&phdr_info, sizeof(phdr_info), param); 1565 } 1566 1567 _rtld_shared_exit(); 1568 return error; 1569 } 1570 1571 void 1572 __dl_cxa_refcount(void *addr, ssize_t delta) 1573 { 1574 sigset_t mask; 1575 Obj_Entry *obj; 1576 1577 if (delta == 0) 1578 return; 1579 1580 dbg(("__dl_cxa_refcount of %p with %zd", addr, delta)); 1581 1582 _rtld_exclusive_enter(&mask); 1583 obj = _rtld_obj_from_addr(addr); 1584 1585 if (obj == NULL) { 1586 dbg(("__dl_cxa_refcont: address not found")); 1587 _rtld_error("No shared object contains address"); 1588 _rtld_exclusive_exit(&mask); 1589 return; 1590 } 1591 if (delta > 0 && obj->cxa_refcount > SIZE_MAX - delta) 1592 _rtld_error("Reference count overflow"); 1593 else if (delta < 0 && obj->cxa_refcount < -1 + (size_t)-(delta + 1)) 1594 _rtld_error("Reference count underflow"); 1595 else { 1596 if (obj->cxa_refcount == 0) 1597 ++obj->refcount; 1598 obj->cxa_refcount += delta; 1599 dbg(("new reference count: %zu", obj->cxa_refcount)); 1600 if (obj->cxa_refcount == 0) { 1601 --obj->refcount; 1602 if (obj->refcount == 0) 1603 _rtld_unload_object(&mask, obj, true); 1604 } 1605 } 1606 1607 _rtld_exclusive_exit(&mask); 1608 } 1609 1610 __dso_public pid_t 1611 __locked_fork(int *my_errno) 1612 { 1613 pid_t result; 1614 1615 _rtld_shared_enter(); 1616 result = __fork(); 1617 if (result == -1) 1618 *my_errno = errno; 1619 _rtld_shared_exit(); 1620 1621 return result; 1622 } 1623 1624 /* 1625 * Error reporting function. Use it like printf. If formats the message 1626 * into a buffer, and sets things up so that the next call to dlerror() 1627 * will return the message. 1628 */ 1629 void 1630 _rtld_error(const char *fmt,...) 1631 { 1632 static char buf[512]; 1633 va_list ap; 1634 1635 va_start(ap, fmt); 1636 xvsnprintf(buf, sizeof buf, fmt, ap); 1637 dbg(("%s: %s", __func__, buf)); 1638 error_message = buf; 1639 va_end(ap); 1640 } 1641 1642 void 1643 _rtld_debug_state(void) 1644 { 1645 #if defined(__hppa__) 1646 __asm volatile("nop" ::: "memory"); 1647 #endif 1648 1649 /* Prevent optimizer from removing calls to this function */ 1650 __insn_barrier(); 1651 } 1652 1653 void 1654 _rtld_linkmap_add(Obj_Entry *obj) 1655 { 1656 struct link_map *l = &obj->linkmap; 1657 struct link_map *prev; 1658 1659 obj->linkmap.l_name = obj->path; 1660 obj->linkmap.l_addr = obj->relocbase; 1661 obj->linkmap.l_ld = obj->dynamic; 1662 #ifdef __mips__ 1663 /* XXX This field is not standard and will be removed eventually. */ 1664 obj->linkmap.l_offs = obj->relocbase; 1665 #endif 1666 1667 if (_rtld_debug.r_map == NULL) { 1668 _rtld_debug.r_map = l; 1669 return; 1670 } 1671 1672 /* 1673 * Scan to the end of the list, but not past the entry for the 1674 * dynamic linker, which we want to keep at the very end. 1675 */ 1676 for (prev = _rtld_debug.r_map; 1677 prev->l_next != NULL && prev->l_next != &_rtld_objself.linkmap; 1678 prev = prev->l_next); 1679 1680 l->l_prev = prev; 1681 l->l_next = prev->l_next; 1682 if (l->l_next != NULL) 1683 l->l_next->l_prev = l; 1684 prev->l_next = l; 1685 } 1686 1687 void 1688 _rtld_linkmap_delete(Obj_Entry *obj) 1689 { 1690 struct link_map *l = &obj->linkmap; 1691 1692 if (l->l_prev == NULL) { 1693 if ((_rtld_debug.r_map = l->l_next) != NULL) 1694 l->l_next->l_prev = NULL; 1695 return; 1696 } 1697 if ((l->l_prev->l_next = l->l_next) != NULL) 1698 l->l_next->l_prev = l->l_prev; 1699 } 1700 1701 static Obj_Entry * 1702 _rtld_obj_from_addr(const void *addr) 1703 { 1704 Obj_Entry *obj; 1705 1706 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 1707 if (addr < (void *) obj->mapbase) 1708 continue; 1709 if (addr < (void *) (obj->mapbase + obj->mapsize)) 1710 return obj; 1711 } 1712 return NULL; 1713 } 1714 1715 static void 1716 _rtld_objlist_clear(Objlist *list) 1717 { 1718 while (!SIMPLEQ_EMPTY(list)) { 1719 Objlist_Entry* elm = SIMPLEQ_FIRST(list); 1720 SIMPLEQ_REMOVE_HEAD(list, link); 1721 xfree(elm); 1722 } 1723 } 1724 1725 static void 1726 _rtld_objlist_remove(Objlist *list, Obj_Entry *obj) 1727 { 1728 Objlist_Entry *elm; 1729 1730 if ((elm = _rtld_objlist_find(list, obj)) != NULL) { 1731 SIMPLEQ_REMOVE(list, elm, Struct_Objlist_Entry, link); 1732 xfree(elm); 1733 } 1734 } 1735 1736 #define RTLD_EXCLUSIVE_MASK 0x80000000U 1737 static volatile unsigned int _rtld_mutex; 1738 static volatile unsigned int _rtld_waiter_exclusive; 1739 static volatile unsigned int _rtld_waiter_shared; 1740 1741 void 1742 _rtld_shared_enter(void) 1743 { 1744 unsigned int cur; 1745 lwpid_t waiter, self = 0; 1746 1747 for (;;) { 1748 cur = _rtld_mutex; 1749 /* 1750 * First check if we are currently not exclusively locked. 1751 */ 1752 if ((cur & RTLD_EXCLUSIVE_MASK) == 0) { 1753 /* Yes, so increment use counter */ 1754 if (atomic_cas_uint(&_rtld_mutex, cur, cur + 1) != cur) 1755 continue; 1756 membar_acquire(); 1757 return; 1758 } 1759 /* 1760 * Someone has an exclusive lock. Puts us on the waiter list. 1761 */ 1762 if (!self) 1763 self = _lwp_self(); 1764 if (cur == (self | RTLD_EXCLUSIVE_MASK)) { 1765 if (_rtld_mutex_may_recurse) 1766 return; 1767 _rtld_error("%s: dead lock detected", __func__); 1768 _rtld_die(); 1769 } 1770 waiter = atomic_swap_uint(&_rtld_waiter_shared, self); 1771 /* 1772 * Check for race against _rtld_exclusive_exit before sleeping. 1773 */ 1774 membar_sync(); 1775 if ((_rtld_mutex & RTLD_EXCLUSIVE_MASK) || 1776 _rtld_waiter_exclusive) 1777 _lwp_park(CLOCK_REALTIME, 0, NULL, 0, 1778 __UNVOLATILE(&_rtld_mutex), NULL); 1779 /* Try to remove us from the waiter list. */ 1780 atomic_cas_uint(&_rtld_waiter_shared, self, 0); 1781 if (waiter) 1782 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1783 } 1784 } 1785 1786 void 1787 _rtld_shared_exit(void) 1788 { 1789 lwpid_t waiter; 1790 1791 /* 1792 * Shared lock taken after an exclusive lock. 1793 * Just assume this is a partial recursion. 1794 */ 1795 if (_rtld_mutex & RTLD_EXCLUSIVE_MASK) 1796 return; 1797 1798 /* 1799 * Wakeup LWPs waiting for an exclusive lock if this is the last 1800 * LWP on the shared lock. 1801 */ 1802 membar_release(); 1803 if (atomic_dec_uint_nv(&_rtld_mutex)) 1804 return; 1805 membar_sync(); 1806 if ((waiter = _rtld_waiter_exclusive) != 0) 1807 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1808 } 1809 1810 void 1811 _rtld_exclusive_enter(sigset_t *mask) 1812 { 1813 lwpid_t waiter, self = _lwp_self(); 1814 unsigned int locked_value = (unsigned int)self | RTLD_EXCLUSIVE_MASK; 1815 unsigned int cur; 1816 sigset_t blockmask; 1817 1818 sigfillset(&blockmask); 1819 sigdelset(&blockmask, SIGTRAP); /* Allow the debugger */ 1820 sigprocmask(SIG_BLOCK, &blockmask, mask); 1821 1822 for (;;) { 1823 if (atomic_cas_uint(&_rtld_mutex, 0, locked_value) == 0) { 1824 membar_acquire(); 1825 break; 1826 } 1827 waiter = atomic_swap_uint(&_rtld_waiter_exclusive, self); 1828 membar_sync(); 1829 cur = _rtld_mutex; 1830 if (cur == locked_value) { 1831 _rtld_error("%s: dead lock detected", __func__); 1832 _rtld_die(); 1833 } 1834 if (cur) 1835 _lwp_park(CLOCK_REALTIME, 0, NULL, 0, 1836 __UNVOLATILE(&_rtld_mutex), NULL); 1837 atomic_cas_uint(&_rtld_waiter_exclusive, self, 0); 1838 if (waiter) 1839 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1840 } 1841 } 1842 1843 void 1844 _rtld_exclusive_exit(sigset_t *mask) 1845 { 1846 lwpid_t waiter; 1847 1848 membar_release(); 1849 _rtld_mutex = 0; 1850 membar_sync(); 1851 if ((waiter = _rtld_waiter_exclusive) != 0) 1852 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1853 1854 if ((waiter = _rtld_waiter_shared) != 0) 1855 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1856 1857 sigprocmask(SIG_SETMASK, mask, NULL); 1858 } 1859 1860 int 1861 _rtld_relro(const Obj_Entry *obj, bool wantmain) 1862 { 1863 #ifdef GNU_RELRO 1864 /* 1865 * If our VM page size is larger than the page size used by the 1866 * linker when laying out the object, we could end up making data 1867 * read-only that is unintended. Detect and avoid this situation. 1868 * It may mean we are unable to protect everything we'd like, but 1869 * it's better than crashing. 1870 */ 1871 uintptr_t relro_end = (uintptr_t)obj->relro_page + obj->relro_size; 1872 uintptr_t relro_start = round_down((uintptr_t)obj->relro_page); 1873 assert(relro_end >= relro_start); 1874 size_t relro_size = round_down(relro_end) - relro_start; 1875 1876 if (relro_size == 0) 1877 return 0; 1878 if (wantmain != (obj ==_rtld_objmain)) 1879 return 0; 1880 1881 dbg(("RELRO %s %p %zx", obj->path, (void *)relro_start, relro_size)); 1882 if (mprotect((void *)relro_start, relro_size, PROT_READ) == -1) { 1883 _rtld_error("%s: Cannot enforce relro " "protection: %s", 1884 obj->path, xstrerror(errno)); 1885 return -1; 1886 } 1887 #endif 1888 return 0; 1889 } 1890
Indexes created Sat Feb 21 16:20:20 UTC 2026