1 /* $NetBSD: rtld.c,v 1.221 2025/05/02 23:04:31 riastradh Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt (at) 3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root (at) ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp (at) polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: rtld.c,v 1.221 2025/05/02 23:04:31 riastradh Exp $"); 44 #endif /* not lint */ 45 46 #include <sys/param.h> 47 #include <sys/atomic.h> 48 #include <sys/mman.h> 49 #include <err.h> 50 #include <errno.h> 51 #include <fcntl.h> 52 #include <lwp.h> 53 #include <stdarg.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <string.h> 57 #include <unistd.h> 58 #include <dirent.h> 59 60 #include <ctype.h> 61 62 #include <dlfcn.h> 63 64 #include "debug.h" 65 #include "hash.h" 66 #include "rtld.h" 67 68 #if !defined(lint) 69 #include "sysident.h" 70 #endif 71 72 /* 73 * Hidden function from common/lib/libc/atomic - nop on machines 74 * with enough atomic ops. Need to explicitly call it early. 75 * libc has the same symbol and will initialize itself, but not our copy. 76 */ 77 void __libc_atomic_init(void); 78 79 /* 80 * Function declarations. 81 */ 82 static void _rtld_init(caddr_t, caddr_t, const char *); 83 static void _rtld_exit(void); 84 85 Elf_Addr _rtld(Elf_Addr *, Elf_Addr); 86 87 88 /* 89 * Data declarations. 90 */ 91 static char *error_message; /* Message for dlopen(), or NULL */ 92 93 struct r_debug _rtld_debug; /* The SVR4 interface for the debugger */ 94 bool _rtld_trust; /* False for setuid and setgid programs */ 95 Obj_Entry *_rtld_objlist; /* Head of linked list of shared objects */ 96 Obj_Entry **_rtld_objtail; /* Link field of last object in list */ 97 Obj_Entry *_rtld_objmain; /* The main program shared object */ 98 Obj_Entry _rtld_objself; /* The dynamic linker shared object */ 99 u_int _rtld_objcount; /* Number of objects in _rtld_objlist */ 100 u_int _rtld_objloads; /* Number of objects loaded in _rtld_objlist */ 101 u_int _rtld_objgen; /* Generation count for _rtld_objlist */ 102 const char _rtld_path[] = _PATH_RTLD; 103 104 /* Initialize a fake symbol for resolving undefined weak references. */ 105 Elf_Sym _rtld_sym_zero = { 106 .st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE), 107 .st_shndx = SHN_ABS, 108 }; 109 size_t _rtld_pagesz; /* Page size, as provided by kernel */ 110 111 Search_Path *_rtld_default_paths; 112 Search_Path *_rtld_paths; 113 114 Library_Xform *_rtld_xforms; 115 static void *auxinfo; 116 117 /* 118 * Global declarations normally provided by crt0. 119 */ 120 char *__progname; 121 char **environ; 122 123 static volatile bool _rtld_mutex_may_recurse; 124 125 #if defined(RTLD_DEBUG) 126 #ifndef __sh__ 127 extern Elf_Addr _GLOBAL_OFFSET_TABLE_[]; 128 #else /* 32-bit SuperH */ 129 register Elf_Addr *_GLOBAL_OFFSET_TABLE_ asm("r12"); 130 #endif 131 #endif /* RTLD_DEBUG */ 132 extern Elf_Dyn _DYNAMIC; 133 134 static void _rtld_call_fini_functions(sigset_t *, int); 135 static void _rtld_call_init_functions(sigset_t *); 136 static void _rtld_initlist_visit(Objlist *, Obj_Entry *, int); 137 static void _rtld_initlist_tsort(Objlist *, int); 138 static Obj_Entry *_rtld_dlcheck(void *); 139 static void _rtld_init_dag(Obj_Entry *); 140 static void _rtld_init_dag1(Obj_Entry *, Obj_Entry *); 141 static void _rtld_objlist_remove(Objlist *, Obj_Entry *); 142 static void _rtld_objlist_clear(Objlist *); 143 static void _rtld_unload_object(sigset_t *, Obj_Entry *, bool); 144 static void _rtld_unref_dag(Obj_Entry *); 145 static Obj_Entry *_rtld_obj_from_addr(const void *); 146 static void _rtld_fill_dl_phdr_info(const Obj_Entry *, struct dl_phdr_info *); 147 148 static inline void 149 _rtld_call_initfini_function(fptr_t func, sigset_t *mask) 150 { 151 _rtld_exclusive_exit(mask); 152 (*func)(); 153 _rtld_exclusive_enter(mask); 154 } 155 156 static void 157 _rtld_call_fini_function(Obj_Entry *obj, sigset_t *mask, u_int cur_objgen) 158 { 159 if (obj->fini_arraysz == 0 && (obj->fini == NULL || obj->fini_called)) 160 return; 161 162 if (obj->fini != NULL && !obj->fini_called) { 163 dbg (("calling fini function %s at %p%s", obj->path, 164 (void *)obj->fini, 165 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 166 obj->fini_called = 1; 167 _rtld_call_initfini_function(obj->fini, mask); 168 } 169 #ifdef HAVE_INITFINI_ARRAY 170 /* 171 * Now process the fini_array if it exists. Simply go from 172 * start to end. We need to make restartable so just advance 173 * the array pointer and decrement the size each time through 174 * the loop. 175 */ 176 while (obj->fini_arraysz > 0 && _rtld_objgen == cur_objgen) { 177 fptr_t fini = *obj->fini_array++; 178 obj->fini_arraysz--; 179 dbg (("calling fini array function %s at %p%s", obj->path, 180 (void *)fini, 181 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 182 _rtld_call_initfini_function(fini, mask); 183 } 184 #endif /* HAVE_INITFINI_ARRAY */ 185 } 186 187 static void 188 _rtld_call_fini_functions(sigset_t *mask, int force) 189 { 190 Objlist_Entry *elm; 191 Objlist finilist; 192 u_int cur_objgen; 193 194 dbg(("_rtld_call_fini_functions(%d)", force)); 195 196 restart: 197 cur_objgen = ++_rtld_objgen; 198 SIMPLEQ_INIT(&finilist); 199 _rtld_initlist_tsort(&finilist, 1); 200 201 /* First pass: objects _not_ marked with DF_1_INITFIRST. */ 202 SIMPLEQ_FOREACH(elm, &finilist, link) { 203 Obj_Entry * const obj = elm->obj; 204 if (!obj->z_initfirst) { 205 if (obj->refcount > 0 && !force) { 206 continue; 207 } 208 /* 209 * XXX This can race against a concurrent dlclose(). 210 * XXX In that case, the object could be unmapped before 211 * XXX the fini() call or the fini_array has completed. 212 */ 213 _rtld_call_fini_function(obj, mask, cur_objgen); 214 if (_rtld_objgen != cur_objgen) { 215 dbg(("restarting fini iteration")); 216 _rtld_objlist_clear(&finilist); 217 goto restart; 218 } 219 } 220 } 221 222 /* Second pass: objects marked with DF_1_INITFIRST. */ 223 SIMPLEQ_FOREACH(elm, &finilist, link) { 224 Obj_Entry * const obj = elm->obj; 225 if (obj->refcount > 0 && !force) { 226 continue; 227 } 228 /* XXX See above for the race condition here */ 229 _rtld_call_fini_function(obj, mask, cur_objgen); 230 if (_rtld_objgen != cur_objgen) { 231 dbg(("restarting fini iteration")); 232 _rtld_objlist_clear(&finilist); 233 goto restart; 234 } 235 } 236 237 _rtld_objlist_clear(&finilist); 238 } 239 240 static void 241 _rtld_call_init_function(Obj_Entry *obj, sigset_t *mask, u_int cur_objgen) 242 { 243 if (obj->init_arraysz == 0 && (obj->init_called || obj->init == NULL)) 244 return; 245 246 if (!obj->init_called && obj->init != NULL) { 247 dbg (("calling init function %s at %p%s", 248 obj->path, (void *)obj->init, 249 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 250 obj->init_called = 1; 251 _rtld_call_initfini_function(obj->init, mask); 252 } 253 254 #ifdef HAVE_INITFINI_ARRAY 255 /* 256 * Now process the init_array if it exists. Simply go from 257 * start to end. We need to make restartable so just advance 258 * the array pointer and decrement the size each time through 259 * the loop. 260 */ 261 while (obj->init_arraysz > 0 && _rtld_objgen == cur_objgen) { 262 fptr_t init = *obj->init_array++; 263 obj->init_arraysz--; 264 dbg (("calling init_array function %s at %p%s", 265 obj->path, (void *)init, 266 obj->z_initfirst ? " (DF_1_INITFIRST)" : "")); 267 _rtld_call_initfini_function(init, mask); 268 } 269 #endif /* HAVE_INITFINI_ARRAY */ 270 } 271 272 static bool 273 _rtld_call_ifunc_functions(sigset_t *mask, Obj_Entry *obj, u_int cur_objgen) 274 { 275 if (obj->ifunc_remaining 276 #if defined(IFUNC_NONPLT) 277 || obj->ifunc_remaining_nonplt 278 #endif 279 ) { 280 _rtld_call_ifunc(obj, mask, cur_objgen); 281 if (_rtld_objgen != cur_objgen) { 282 return true; 283 } 284 } 285 return false; 286 } 287 288 static void 289 _rtld_call_init_functions(sigset_t *mask) 290 { 291 Objlist_Entry *elm; 292 Objlist initlist; 293 u_int cur_objgen; 294 295 dbg(("_rtld_call_init_functions()")); 296 297 restart: 298 cur_objgen = ++_rtld_objgen; 299 SIMPLEQ_INIT(&initlist); 300 _rtld_initlist_tsort(&initlist, 0); 301 302 /* First pass: objects with IRELATIVE relocations. */ 303 SIMPLEQ_FOREACH(elm, &initlist, link) { 304 if (_rtld_call_ifunc_functions(mask, elm->obj, cur_objgen)) { 305 dbg(("restarting init iteration")); 306 _rtld_objlist_clear(&initlist); 307 goto restart; 308 } 309 } 310 /* 311 * XXX: For historic reasons, init/fini of the main object are called 312 * from crt0. Don't introduce that mistake for ifunc, so look at 313 * the head of _rtld_objlist that _rtld_initlist_tsort skipped. 314 */ 315 if (_rtld_call_ifunc_functions(mask, _rtld_objlist, cur_objgen)) { 316 dbg(("restarting init iteration")); 317 _rtld_objlist_clear(&initlist); 318 goto restart; 319 } 320 321 /* Second pass: objects marked with DF_1_INITFIRST. */ 322 SIMPLEQ_FOREACH(elm, &initlist, link) { 323 Obj_Entry * const obj = elm->obj; 324 if (obj->z_initfirst) { 325 _rtld_call_init_function(obj, mask, cur_objgen); 326 if (_rtld_objgen != cur_objgen) { 327 dbg(("restarting init iteration")); 328 _rtld_objlist_clear(&initlist); 329 goto restart; 330 } 331 } 332 } 333 334 /* Third pass: all other objects. */ 335 SIMPLEQ_FOREACH(elm, &initlist, link) { 336 _rtld_call_init_function(elm->obj, mask, cur_objgen); 337 if (_rtld_objgen != cur_objgen) { 338 dbg(("restarting init iteration")); 339 _rtld_objlist_clear(&initlist); 340 goto restart; 341 } 342 } 343 344 _rtld_objlist_clear(&initlist); 345 } 346 347 /* 348 * Initialize the dynamic linker. The argument is the address at which 349 * the dynamic linker has been mapped into memory. The primary task of 350 * this function is to create an Obj_Entry for the dynamic linker and 351 * to resolve the PLT relocation for platforms that need it (those that 352 * define __HAVE_FUNCTION_DESCRIPTORS 353 */ 354 static void 355 _rtld_init(caddr_t mapbase, caddr_t relocbase, const char *execname) 356 { 357 const Elf_Ehdr *ehdr; 358 359 /* Conjure up an Obj_Entry structure for the dynamic linker. */ 360 _rtld_objself.path = __UNCONST(_rtld_path); 361 _rtld_objself.pathlen = sizeof(_rtld_path)-1; 362 _rtld_objself.rtld = true; 363 _rtld_objself.mapbase = mapbase; 364 _rtld_objself.relocbase = relocbase; 365 _rtld_objself.dynamic = (Elf_Dyn *) &_DYNAMIC; 366 _rtld_objself.strtab = "_rtld_sym_zero"; 367 368 /* 369 * Set value to -relocbase so that 370 * 371 * _rtld_objself.relocbase + _rtld_sym_zero.st_value == 0 372 * 373 * This allows unresolved references to weak symbols to be computed 374 * to a value of 0. 375 */ 376 _rtld_sym_zero.st_value = -(uintptr_t)relocbase; 377 378 _rtld_digest_dynamic(_rtld_path, &_rtld_objself); 379 assert(!_rtld_objself.needed); 380 #if !defined(__hppa__) 381 assert(!_rtld_objself.pltrel && !_rtld_objself.pltrela); 382 #else 383 _rtld_relocate_plt_objects(&_rtld_objself); 384 #endif 385 #if !defined(__mips__) && !defined(__hppa__) 386 assert(!_rtld_objself.pltgot); 387 #endif 388 #if !defined(__arm__) && !defined(__mips__) && !defined(__sh__) 389 /* ARM, MIPS and SH{3,5} have a bogus DT_TEXTREL. */ 390 assert(!_rtld_objself.textrel); 391 #endif 392 393 _rtld_add_paths(execname, &_rtld_default_paths, 394 RTLD_DEFAULT_LIBRARY_PATH); 395 396 #ifdef RTLD_ARCH_SUBDIR 397 _rtld_add_paths(execname, &_rtld_default_paths, 398 RTLD_DEFAULT_LIBRARY_PATH "/" RTLD_ARCH_SUBDIR); 399 #endif 400 401 /* Make the object list empty. */ 402 _rtld_objlist = NULL; 403 _rtld_objtail = &_rtld_objlist; 404 _rtld_objcount = 0; 405 406 _rtld_debug.r_version = R_DEBUG_VERSION; 407 _rtld_debug.r_brk = _rtld_debug_state; 408 _rtld_debug.r_state = RT_CONSISTENT; 409 _rtld_debug.r_ldbase = _rtld_objself.relocbase; 410 411 ehdr = (Elf_Ehdr *)mapbase; 412 _rtld_objself.phdr = (Elf_Phdr *)((char *)mapbase + ehdr->e_phoff); 413 _rtld_objself.phsize = ehdr->e_phnum * sizeof(_rtld_objself.phdr[0]); 414 415 __libc_atomic_init(); 416 } 417 418 /* 419 * Cleanup procedure. It will be called (by the atexit() mechanism) just 420 * before the process exits. 421 */ 422 static void 423 _rtld_exit(void) 424 { 425 sigset_t mask; 426 427 dbg(("rtld_exit()")); 428 429 _rtld_exclusive_enter(&mask); 430 431 _rtld_call_fini_functions(&mask, 1); 432 433 _rtld_exclusive_exit(&mask); 434 } 435 436 __dso_public void * 437 _dlauxinfo(void) 438 { 439 return auxinfo; 440 } 441 442 /* 443 * Main entry point for dynamic linking. The argument is the stack 444 * pointer. The stack is expected to be laid out as described in the 445 * SVR4 ABI specification, Intel 386 Processor Supplement. Specifically, 446 * the stack pointer points to a word containing ARGC. Following that 447 * in the stack is a null-terminated sequence of pointers to argument 448 * strings. Then comes a null-terminated sequence of pointers to 449 * environment strings. Finally, there is a sequence of "auxiliary 450 * vector" entries. 451 * 452 * This function returns the entry point for the main program, the dynamic 453 * linker's exit procedure in sp[0], and a pointer to the main object in 454 * sp[1]. 455 */ 456 Elf_Addr 457 _rtld(Elf_Addr *sp, Elf_Addr relocbase) 458 { 459 const AuxInfo *pAUX_base, *pAUX_entry, *pAUX_execfd, *pAUX_phdr, 460 *pAUX_phent, *pAUX_phnum, *pAUX_euid, *pAUX_egid, 461 *pAUX_ruid, *pAUX_rgid; 462 const AuxInfo *pAUX_pagesz; 463 char **env, **oenvp; 464 const AuxInfo *auxp; 465 Obj_Entry *obj; 466 Elf_Addr *const osp = sp; 467 bool bind_now = 0; 468 const char *ld_bind_now, *ld_preload, *ld_library_path; 469 const char **argv; 470 const char *execname, *objmain_name; 471 long argc; 472 const char **real___progname; 473 const Obj_Entry **real___mainprog_obj; 474 char ***real_environ; 475 sigset_t mask; 476 #ifdef DEBUG 477 const char *ld_debug; 478 #endif 479 #ifdef RTLD_DEBUG 480 int i = 0; 481 #endif 482 483 /* 484 * On entry, the dynamic linker itself has not been relocated yet. 485 * Be very careful not to reference any global data until after 486 * _rtld_init has returned. It is OK to reference file-scope statics 487 * and string constants, and to call static and global functions. 488 */ 489 /* Find the auxiliary vector on the stack. */ 490 /* first Elf_Word reserved to address of exit routine */ 491 #if defined(RTLD_DEBUG) 492 debug = 1; 493 dbg(("sp = %p, argc = %ld, argv = %p <%s> relocbase %p", sp, 494 (long)sp[2], &sp[3], (char *) sp[3], (void *)relocbase)); 495 #ifndef __x86_64__ 496 dbg(("got is at %p, dynamic is at %p", _GLOBAL_OFFSET_TABLE_, 497 &_DYNAMIC)); 498 #endif 499 #endif 500 501 sp += 2; /* skip over return argument space */ 502 argv = (const char **) &sp[1]; 503 argc = *(long *)sp; 504 sp += 2 + argc; /* Skip over argc, arguments, and NULL 505 * terminator */ 506 env = (char **) sp; 507 while (*sp++ != 0) { /* Skip over environment, and NULL terminator */ 508 #if defined(RTLD_DEBUG) 509 dbg(("env[%d] = %p %s", i++, (void *)sp[-1], (char *)sp[-1])); 510 #endif 511 } 512 auxinfo = (AuxInfo *) sp; 513 514 pAUX_base = pAUX_entry = pAUX_execfd = NULL; 515 pAUX_phdr = pAUX_phent = pAUX_phnum = NULL; 516 pAUX_euid = pAUX_ruid = pAUX_egid = pAUX_rgid = NULL; 517 pAUX_pagesz = NULL; 518 519 execname = NULL; 520 521 /* Digest the auxiliary vector. */ 522 for (auxp = auxinfo; auxp->a_type != AT_NULL; ++auxp) { 523 switch (auxp->a_type) { 524 case AT_BASE: 525 pAUX_base = auxp; 526 break; 527 case AT_ENTRY: 528 pAUX_entry = auxp; 529 break; 530 case AT_EXECFD: 531 pAUX_execfd = auxp; 532 break; 533 case AT_PHDR: 534 pAUX_phdr = auxp; 535 break; 536 case AT_PHENT: 537 pAUX_phent = auxp; 538 break; 539 case AT_PHNUM: 540 pAUX_phnum = auxp; 541 break; 542 #ifdef AT_EUID 543 case AT_EUID: 544 pAUX_euid = auxp; 545 break; 546 case AT_RUID: 547 pAUX_ruid = auxp; 548 break; 549 case AT_EGID: 550 pAUX_egid = auxp; 551 break; 552 case AT_RGID: 553 pAUX_rgid = auxp; 554 break; 555 #endif 556 #ifdef AT_SUN_EXECNAME 557 case AT_SUN_EXECNAME: 558 execname = (const char *)(const void *)auxp->a_v; 559 break; 560 #endif 561 case AT_PAGESZ: 562 pAUX_pagesz = auxp; 563 break; 564 } 565 } 566 567 /* Initialize and relocate ourselves. */ 568 if (pAUX_base == NULL) { 569 _rtld_error("Bad pAUX_base"); 570 _rtld_die(); 571 } 572 assert(pAUX_pagesz != NULL); 573 _rtld_pagesz = (int)pAUX_pagesz->a_v; 574 _rtld_init((caddr_t)pAUX_base->a_v, (caddr_t)relocbase, execname); 575 576 __progname = _rtld_objself.path; 577 environ = env; 578 579 _rtld_trust = ((pAUX_euid ? (uid_t)pAUX_euid->a_v : geteuid()) == 580 (pAUX_ruid ? (uid_t)pAUX_ruid->a_v : getuid())) && 581 ((pAUX_egid ? (gid_t)pAUX_egid->a_v : getegid()) == 582 (pAUX_rgid ? (gid_t)pAUX_rgid->a_v : getgid())); 583 584 #ifdef DEBUG 585 ld_debug = NULL; 586 #endif 587 ld_bind_now = NULL; 588 ld_library_path = NULL; 589 ld_preload = NULL; 590 /* 591 * Inline avoid using normal getenv/unsetenv here as the libc 592 * code is quite a bit more complicated. 593 */ 594 for (oenvp = env; *env != NULL; ++env) { 595 static const char bind_var[] = "LD_BIND_NOW="; 596 static const char debug_var[] = "LD_DEBUG="; 597 static const char path_var[] = "LD_LIBRARY_PATH="; 598 static const char preload_var[] = "LD_PRELOAD="; 599 #define LEN(x) (sizeof(x) - 1) 600 601 if ((*env)[0] != 'L' || (*env)[1] != 'D') { 602 /* 603 * Special case to skip most entries without 604 * the more expensive calls to strncmp. 605 */ 606 *oenvp++ = *env; 607 } else if (strncmp(*env, debug_var, LEN(debug_var)) == 0) { 608 if (_rtld_trust) { 609 #ifdef DEBUG 610 ld_debug = *env + LEN(debug_var); 611 #endif 612 *oenvp++ = *env; 613 } 614 } else if (strncmp(*env, bind_var, LEN(bind_var)) == 0) { 615 if (_rtld_trust) { 616 ld_bind_now = *env + LEN(bind_var); 617 *oenvp++ = *env; 618 } 619 } else if (strncmp(*env, path_var, LEN(path_var)) == 0) { 620 if (_rtld_trust) { 621 ld_library_path = *env + LEN(path_var); 622 *oenvp++ = *env; 623 } 624 } else if (strncmp(*env, preload_var, LEN(preload_var)) == 0) { 625 if (_rtld_trust) { 626 ld_preload = *env + LEN(preload_var); 627 *oenvp++ = *env; 628 } 629 } else { 630 *oenvp++ = *env; 631 } 632 #undef LEN 633 } 634 *oenvp++ = NULL; 635 636 /* 637 * Set the main name. Prefer the name passed by the kernel first, 638 * then the argument vector, and fall back to "main program" 639 * This way the name will be an absolute path if available. 640 */ 641 objmain_name = execname ? execname : 642 (argv[0] ? argv[0] : "main program"); 643 644 if (ld_bind_now != NULL && *ld_bind_now != '\0') 645 bind_now = true; 646 if (_rtld_trust) { 647 #ifdef DEBUG 648 #ifdef RTLD_DEBUG 649 debug = 0; 650 #endif 651 if (ld_debug != NULL && *ld_debug != '\0') 652 debug = 1; 653 #endif 654 _rtld_add_paths(execname, &_rtld_paths, ld_library_path); 655 } else { 656 // Prevent $ORIGIN expansion 657 execname = NULL; 658 } 659 _rtld_process_hints(execname, &_rtld_paths, &_rtld_xforms, 660 _PATH_LD_HINTS); 661 dbg(("dynamic linker is initialized, mapbase=%p, relocbase=%p", 662 _rtld_objself.mapbase, _rtld_objself.relocbase)); 663 664 /* 665 * Load the main program, or process its program header if it is 666 * already loaded. 667 */ 668 if (pAUX_execfd != NULL) { /* Load the main program. */ 669 int fd = pAUX_execfd->a_v; 670 dbg(("loading main program")); 671 _rtld_objmain = _rtld_map_object(objmain_name, fd, NULL); 672 close(fd); 673 if (_rtld_objmain == NULL) 674 _rtld_die(); 675 } else { /* Main program already loaded. */ 676 const Elf_Phdr *phdr; 677 int phnum; 678 caddr_t entry; 679 680 dbg(("processing main program's program header")); 681 assert(pAUX_phdr != NULL); 682 phdr = (const Elf_Phdr *) pAUX_phdr->a_v; 683 assert(pAUX_phnum != NULL); 684 phnum = pAUX_phnum->a_v; 685 assert(pAUX_phent != NULL); 686 assert(pAUX_phent->a_v == sizeof(Elf_Phdr)); 687 assert(pAUX_entry != NULL); 688 entry = (caddr_t) pAUX_entry->a_v; 689 _rtld_objmain = _rtld_digest_phdr(phdr, phnum, entry); 690 _rtld_objmain->path = xstrdup(objmain_name); 691 _rtld_objmain->pathlen = strlen(_rtld_objmain->path); 692 } 693 694 _rtld_objmain->mainprog = true; 695 696 /* 697 * Get the actual dynamic linker pathname from the executable if 698 * possible. (It should always be possible.) That ensures that 699 * the debugger will find the right dynamic linker even if a 700 * non-standard one is being used. 701 */ 702 if (_rtld_objmain->interp != NULL && 703 strcmp(_rtld_objmain->interp, _rtld_objself.path) != 0) { 704 _rtld_objself.path = xstrdup(_rtld_objmain->interp); 705 _rtld_objself.pathlen = strlen(_rtld_objself.path); 706 } 707 dbg(("actual dynamic linker is %s", _rtld_objself.path)); 708 709 _rtld_digest_dynamic(execname, _rtld_objmain); 710 711 /* Link the main program into the list of objects. */ 712 *_rtld_objtail = _rtld_objmain; 713 _rtld_objtail = &_rtld_objmain->next; 714 _rtld_objcount++; 715 _rtld_objloads++; 716 717 _rtld_linkmap_add(_rtld_objmain); 718 _rtld_objself.path = xstrdup(_rtld_objself.path); 719 _rtld_linkmap_add(&_rtld_objself); 720 721 ++_rtld_objmain->refcount; 722 _rtld_objmain->mainref = 1; 723 _rtld_objlist_push_tail(&_rtld_list_main, _rtld_objmain); 724 725 if (ld_preload) { 726 /* 727 * Pre-load user-specified objects after the main program 728 * but before any shared object dependencies. 729 */ 730 dbg(("preloading objects")); 731 if (_rtld_preload(ld_preload) == -1) 732 _rtld_die(); 733 } 734 735 dbg(("loading needed objects")); 736 if (_rtld_load_needed_objects(_rtld_objmain, _RTLD_MAIN) == -1) 737 _rtld_die(); 738 739 dbg(("checking for required versions")); 740 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 741 if (_rtld_verify_object_versions(obj) == -1) 742 _rtld_die(); 743 } 744 745 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 746 dbg(("initializing initial Thread Local Storage offsets")); 747 /* 748 * All initial objects get the TLS space from the static block. 749 */ 750 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) 751 _rtld_tls_offset_allocate(obj); 752 #endif 753 754 dbg(("relocating objects")); 755 if (_rtld_relocate_objects(_rtld_objmain, bind_now) == -1) 756 _rtld_die(); 757 758 dbg(("doing copy relocations")); 759 if (_rtld_do_copy_relocations(_rtld_objmain) == -1) 760 _rtld_die(); 761 762 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 763 dbg(("initializing Thread Local Storage for main thread")); 764 /* 765 * Set up TLS area for the main thread. 766 * This has to be done after all relocations are processed, 767 * since .tdata may contain relocations. 768 */ 769 _rtld_tls_initial_allocation(); 770 #endif 771 772 /* 773 * Set the __progname, environ and, __mainprog_obj before 774 * calling anything that might use them. 775 */ 776 real___progname = _rtld_objmain_sym("__progname"); 777 if (real___progname) { 778 if (argv[0] != NULL) { 779 if ((*real___progname = strrchr(argv[0], '/')) == NULL) 780 (*real___progname) = argv[0]; 781 else 782 (*real___progname)++; 783 } else { 784 (*real___progname) = NULL; 785 } 786 } 787 real_environ = _rtld_objmain_sym("environ"); 788 if (real_environ) 789 *real_environ = environ; 790 /* 791 * Set __mainprog_obj for old binaries. 792 */ 793 real___mainprog_obj = _rtld_objmain_sym("__mainprog_obj"); 794 if (real___mainprog_obj) 795 *real___mainprog_obj = _rtld_objmain; 796 797 _rtld_debug_state(); /* say hello to the debugger! */ 798 799 _rtld_exclusive_enter(&mask); 800 801 dbg(("calling _init functions")); 802 _rtld_call_init_functions(&mask); 803 804 dbg(("control at program entry point = %p, obj = %p, exit = %p", 805 _rtld_objmain->entry, _rtld_objmain, _rtld_exit)); 806 807 _rtld_exclusive_exit(&mask); 808 809 #ifdef GNU_RELRO 810 /* 811 * If the main program is lazily bound (default -- whether or 812 * not LD_BINDNOW is set in the calling environment), its RELRO 813 * region has already been mapped read-only in 814 * _rtld_do_copy_relocations. The ifunc resolutions lie 815 * outside this region, so future lazy ifunc resolution is 816 * unaffected by the RELRO region's being read-only. 817 * 818 * If the main program is eagerly bound (i.e., the object has 819 * DF_1_NOW set in DT_FLAGS_1, whether or not LD_BIND_NOW is 820 * set in the calling environment), we deferred that from 821 * _rtld_do_copy_relocations so that the ifunc resolution, we 822 * have now resolved all ifuncs in it, so we can commit the 823 * RELRO region to be read-only -- and that means ifunc 824 * resolutions are read-only too. 825 */ 826 if (_rtld_objmain->z_now && _rtld_relro(_rtld_objmain, true) == -1) 827 _rtld_die(); 828 #endif 829 830 /* 831 * Return with the entry point and the exit procedure in at the top 832 * of stack. 833 */ 834 835 ((void **) osp)[0] = _rtld_exit; 836 ((void **) osp)[1] = __UNCONST(_rtld_compat_obj); 837 return (Elf_Addr) _rtld_objmain->entry; 838 } 839 840 void 841 _rtld_die(void) 842 { 843 const char *msg = dlerror(); 844 845 if (msg == NULL) 846 msg = "Fatal error"; 847 xerrx(1, "%s", msg); 848 } 849 850 static Obj_Entry * 851 _rtld_dlcheck(void *handle) 852 { 853 Obj_Entry *obj; 854 855 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) 856 if (obj == (Obj_Entry *) handle) 857 break; 858 859 if (obj == NULL || obj->dl_refcount == 0) { 860 _rtld_error("Invalid shared object handle %p", handle); 861 return NULL; 862 } 863 return obj; 864 } 865 866 static void 867 _rtld_initlist_visit(Objlist* list, Obj_Entry *obj, int rev) 868 { 869 Needed_Entry* elm; 870 871 /* dbg(("_rtld_initlist_visit(%s)", obj->path)); */ 872 873 if (obj->init_done) 874 return; 875 obj->init_done = 1; 876 877 for (elm = obj->needed; elm != NULL; elm = elm->next) { 878 if (elm->obj != NULL) { 879 _rtld_initlist_visit(list, elm->obj, rev); 880 } 881 } 882 883 if (rev) { 884 _rtld_objlist_push_head(list, obj); 885 } else { 886 _rtld_objlist_push_tail(list, obj); 887 } 888 } 889 890 static void 891 _rtld_initlist_tsort(Objlist* list, int rev) 892 { 893 dbg(("_rtld_initlist_tsort")); 894 895 Obj_Entry* obj; 896 897 /* 898 * We don't include objmain here (starting from next) 899 * because csu handles it 900 */ 901 for (obj = _rtld_objlist->next; obj; obj = obj->next) { 902 obj->init_done = 0; 903 } 904 905 for (obj = _rtld_objlist->next; obj; obj = obj->next) { 906 _rtld_initlist_visit(list, obj, rev); 907 } 908 } 909 910 static void 911 _rtld_init_dag(Obj_Entry *root) 912 { 913 914 _rtld_init_dag1(root, root); 915 } 916 917 static void 918 _rtld_init_dag1(Obj_Entry *root, Obj_Entry *obj) 919 { 920 const Needed_Entry *needed; 921 922 if (!obj->mainref) { 923 if (_rtld_objlist_find(&obj->dldags, root)) 924 return; 925 dbg(("add %p (%s) to %p (%s) DAG", obj, obj->path, root, 926 root->path)); 927 _rtld_objlist_push_tail(&obj->dldags, root); 928 _rtld_objlist_push_tail(&root->dagmembers, obj); 929 } 930 for (needed = obj->needed; needed != NULL; needed = needed->next) 931 if (needed->obj != NULL) 932 _rtld_init_dag1(root, needed->obj); 933 } 934 935 /* 936 * Note, this is called only for objects loaded by dlopen(). 937 */ 938 static void 939 _rtld_unload_object(sigset_t *mask, Obj_Entry *root, bool do_fini_funcs) 940 { 941 942 _rtld_unref_dag(root); 943 if (root->refcount == 0) { /* We are finished with some objects. */ 944 Obj_Entry *obj; 945 Obj_Entry **linkp; 946 Objlist_Entry *elm; 947 948 /* Finalize objects that are about to be unmapped. */ 949 if (do_fini_funcs) 950 _rtld_call_fini_functions(mask, 0); 951 952 /* Remove the DAG from all objects' DAG lists. */ 953 SIMPLEQ_FOREACH(elm, &root->dagmembers, link) 954 _rtld_objlist_remove(&elm->obj->dldags, root); 955 956 /* Remove the DAG from the RTLD_GLOBAL list. */ 957 if (root->globalref) { 958 root->globalref = 0; 959 _rtld_objlist_remove(&_rtld_list_global, root); 960 } 961 962 /* Unmap all objects that are no longer referenced. */ 963 linkp = &_rtld_objlist->next; 964 while ((obj = *linkp) != NULL) { 965 if (obj->refcount == 0) { 966 dbg(("unloading \"%s\"", obj->path)); 967 if (obj->ehdr != MAP_FAILED) 968 munmap(obj->ehdr, _rtld_pagesz); 969 munmap(obj->mapbase, obj->mapsize); 970 _rtld_objlist_remove(&_rtld_list_global, obj); 971 _rtld_linkmap_delete(obj); 972 *linkp = obj->next; 973 _rtld_objcount--; 974 _rtld_obj_free(obj); 975 } else 976 linkp = &obj->next; 977 } 978 _rtld_objtail = linkp; 979 } 980 } 981 982 void 983 _rtld_ref_dag(Obj_Entry *root) 984 { 985 const Needed_Entry *needed; 986 987 assert(root); 988 989 ++root->refcount; 990 991 dbg(("incremented reference on \"%s\" (%d)", root->path, 992 root->refcount)); 993 for (needed = root->needed; needed != NULL; 994 needed = needed->next) { 995 if (needed->obj != NULL) 996 _rtld_ref_dag(needed->obj); 997 } 998 } 999 1000 static void 1001 _rtld_unref_dag(Obj_Entry *root) 1002 { 1003 1004 assert(root); 1005 assert(root->refcount != 0); 1006 1007 --root->refcount; 1008 dbg(("decremented reference on \"%s\" (%d)", root->path, 1009 root->refcount)); 1010 1011 if (root->refcount == 0) { 1012 const Needed_Entry *needed; 1013 1014 for (needed = root->needed; needed != NULL; 1015 needed = needed->next) { 1016 if (needed->obj != NULL) 1017 _rtld_unref_dag(needed->obj); 1018 } 1019 } 1020 } 1021 1022 __strong_alias(__dlclose,dlclose) 1023 int 1024 dlclose(void *handle) 1025 { 1026 Obj_Entry *root; 1027 sigset_t mask; 1028 1029 dbg(("dlclose of %p", handle)); 1030 1031 _rtld_exclusive_enter(&mask); 1032 1033 root = _rtld_dlcheck(handle); 1034 1035 if (root == NULL) { 1036 _rtld_exclusive_exit(&mask); 1037 return -1; 1038 } 1039 1040 _rtld_debug.r_state = RT_DELETE; 1041 _rtld_debug_state(); 1042 1043 --root->dl_refcount; 1044 _rtld_unload_object(&mask, root, true); 1045 1046 _rtld_debug.r_state = RT_CONSISTENT; 1047 _rtld_debug_state(); 1048 1049 _rtld_exclusive_exit(&mask); 1050 1051 return 0; 1052 } 1053 1054 __strong_alias(__dlerror,dlerror) 1055 char * 1056 dlerror(void) 1057 { 1058 char *msg = error_message; 1059 1060 error_message = NULL; 1061 return msg; 1062 } 1063 1064 __strong_alias(__dlopen,dlopen) 1065 void * 1066 dlopen(const char *name, int mode) 1067 { 1068 Obj_Entry **old_obj_tail; 1069 Obj_Entry *obj = NULL; 1070 int flags = _RTLD_DLOPEN; 1071 bool nodelete; 1072 bool now; 1073 sigset_t mask; 1074 int result; 1075 1076 dbg(("dlopen of %s 0x%x", name, mode)); 1077 1078 _rtld_exclusive_enter(&mask); 1079 1080 old_obj_tail = _rtld_objtail; 1081 1082 flags |= (mode & RTLD_GLOBAL) ? _RTLD_GLOBAL : 0; 1083 flags |= (mode & RTLD_NOLOAD) ? _RTLD_NOLOAD : 0; 1084 1085 nodelete = (mode & RTLD_NODELETE) ? true : false; 1086 now = ((mode & RTLD_MODEMASK) == RTLD_NOW) ? true : false; 1087 1088 _rtld_debug.r_state = RT_ADD; 1089 _rtld_debug_state(); 1090 1091 if (name == NULL) { 1092 obj = _rtld_objmain; 1093 obj->refcount++; 1094 } else 1095 obj = _rtld_load_library(name, _rtld_objmain, flags); 1096 1097 1098 if (obj != NULL) { 1099 ++obj->dl_refcount; 1100 if (*old_obj_tail != NULL) { /* We loaded something new. */ 1101 assert(*old_obj_tail == obj); 1102 1103 result = _rtld_load_needed_objects(obj, flags); 1104 if (result != -1) { 1105 Objlist_Entry *entry; 1106 _rtld_init_dag(obj); 1107 SIMPLEQ_FOREACH(entry, &obj->dagmembers, link) { 1108 result = _rtld_verify_object_versions(entry->obj); 1109 if (result == -1) 1110 break; 1111 } 1112 } 1113 if (result == -1 || _rtld_relocate_objects(obj, 1114 (now || obj->z_now)) == -1) { 1115 _rtld_unload_object(&mask, obj, false); 1116 obj->dl_refcount--; 1117 obj = NULL; 1118 } else { 1119 _rtld_call_init_functions(&mask); 1120 } 1121 } 1122 if (obj != NULL) { 1123 if ((nodelete || obj->z_nodelete) && !obj->ref_nodel) { 1124 dbg(("dlopen obj %s nodelete", obj->path)); 1125 _rtld_ref_dag(obj); 1126 obj->z_nodelete = obj->ref_nodel = true; 1127 } 1128 } 1129 } 1130 _rtld_debug.r_state = RT_CONSISTENT; 1131 _rtld_debug_state(); 1132 1133 dbg(("dlopen of %s 0x%x returned %p%s%s%s", name, mode, obj, 1134 obj ? "" : " (", obj ? "" : error_message, obj ? "" : ")")); 1135 1136 _rtld_exclusive_exit(&mask); 1137 1138 return obj; 1139 } 1140 1141 /* 1142 * Find a symbol in the main program. 1143 */ 1144 _Pragma("GCC diagnostic push") /* _rtld_donelist_init: -Wno-stack-protector */ 1145 _Pragma("GCC diagnostic ignored \"-Wstack-protector\"") 1146 void * 1147 _rtld_objmain_sym(const char *name) 1148 { 1149 Elf_Hash hash; 1150 const Elf_Sym *def; 1151 const Obj_Entry *obj; 1152 DoneList donelist; 1153 1154 hash.sysv = _rtld_sysv_hash(name); 1155 hash.gnu = _rtld_gnu_hash(name); 1156 obj = _rtld_objmain; 1157 _rtld_donelist_init(&donelist); 1158 1159 def = _rtld_symlook_list(name, &hash, &_rtld_list_main, &obj, 0, 1160 NULL, &donelist); 1161 1162 if (def != NULL) 1163 return obj->relocbase + def->st_value; 1164 return NULL; 1165 } 1166 _Pragma("GCC diagnostic pop") 1167 1168 #if defined(__powerpc__) && !defined(__clang__) 1169 static __noinline void * 1170 hackish_return_address(void) 1171 { 1172 #if __GNUC_PREREQ__(6,0) 1173 #pragma GCC diagnostic push 1174 #pragma GCC diagnostic ignored "-Wframe-address" 1175 #endif 1176 return __builtin_return_address(1); 1177 #if __GNUC_PREREQ__(6,0) 1178 #pragma GCC diagnostic pop 1179 #endif 1180 } 1181 #endif 1182 1183 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1184 #define lookup_mutex_enter() _rtld_exclusive_enter(&mask) 1185 #define lookup_mutex_exit() _rtld_exclusive_exit(&mask) 1186 #else 1187 #define lookup_mutex_enter() _rtld_shared_enter() 1188 #define lookup_mutex_exit() _rtld_shared_exit() 1189 #endif 1190 1191 _Pragma("GCC diagnostic push") /* _rtld_donelist_init: -Wno-stack-protector */ 1192 _Pragma("GCC diagnostic ignored \"-Wstack-protector\"") 1193 static void * 1194 do_dlsym(void *handle, const char *name, const Ver_Entry *ventry, void *retaddr) 1195 { 1196 const Obj_Entry *obj; 1197 Elf_Hash hash; 1198 const Elf_Sym *def; 1199 const Obj_Entry *defobj; 1200 DoneList donelist; 1201 const u_int flags = SYMLOOK_DLSYM | SYMLOOK_IN_PLT; 1202 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1203 sigset_t mask; 1204 #endif 1205 1206 lookup_mutex_enter(); 1207 1208 hash.sysv = _rtld_sysv_hash(name); 1209 hash.gnu = _rtld_gnu_hash(name); 1210 def = NULL; 1211 defobj = NULL; 1212 1213 switch ((intptr_t)handle) { 1214 case (intptr_t)NULL: 1215 case (intptr_t)RTLD_NEXT: 1216 case (intptr_t)RTLD_DEFAULT: 1217 case (intptr_t)RTLD_SELF: 1218 if ((obj = _rtld_obj_from_addr(retaddr)) == NULL) { 1219 _rtld_error("Cannot determine caller's shared object"); 1220 lookup_mutex_exit(); 1221 return NULL; 1222 } 1223 1224 switch ((intptr_t)handle) { 1225 case (intptr_t)NULL: /* Just the caller's shared object. */ 1226 def = _rtld_symlook_obj(name, &hash, obj, flags, ventry); 1227 defobj = obj; 1228 break; 1229 1230 case (intptr_t)RTLD_NEXT: /* Objects after callers */ 1231 obj = obj->next; 1232 /*FALLTHROUGH*/ 1233 1234 case (intptr_t)RTLD_SELF: /* Caller included */ 1235 for (; obj; obj = obj->next) { 1236 if ((def = _rtld_symlook_obj(name, &hash, obj, 1237 flags, ventry)) != NULL) { 1238 defobj = obj; 1239 break; 1240 } 1241 } 1242 /* 1243 * Search the dynamic linker itself, and possibly 1244 * resolve the symbol from there if it is not defined 1245 * already or weak. This is how the application links 1246 * to dynamic linker services such as dlopen. 1247 */ 1248 if (!def || ELF_ST_BIND(def->st_info) == STB_WEAK) { 1249 const Elf_Sym *symp = _rtld_symlook_obj(name, 1250 &hash, &_rtld_objself, flags, ventry); 1251 if (symp != NULL) { 1252 def = symp; 1253 defobj = &_rtld_objself; 1254 } 1255 } 1256 break; 1257 1258 case (intptr_t)RTLD_DEFAULT: 1259 def = _rtld_symlook_default(name, &hash, obj, &defobj, 1260 flags, ventry); 1261 break; 1262 1263 default: 1264 abort(); 1265 } 1266 break; 1267 1268 default: 1269 if ((obj = _rtld_dlcheck(handle)) == NULL) { 1270 lookup_mutex_exit(); 1271 return NULL; 1272 } 1273 1274 _rtld_donelist_init(&donelist); 1275 1276 if (obj->mainprog) { 1277 /* Search main program and all libraries loaded by it */ 1278 def = _rtld_symlook_list(name, &hash, &_rtld_list_main, 1279 &defobj, flags, ventry, &donelist); 1280 } else { 1281 Needed_Entry fake; 1282 DoneList depth; 1283 1284 /* Search the object and all the libraries loaded by it. */ 1285 fake.next = NULL; 1286 fake.obj = __UNCONST(obj); 1287 fake.name = 0; 1288 1289 _rtld_donelist_init(&depth); 1290 def = _rtld_symlook_needed(name, &hash, &fake, &defobj, 1291 flags, ventry, &donelist, &depth); 1292 } 1293 1294 break; 1295 } 1296 1297 if (def != NULL) { 1298 void *p; 1299 1300 if (ELF_ST_TYPE(def->st_info) == STT_GNU_IFUNC) { 1301 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1302 lookup_mutex_exit(); 1303 _rtld_shared_enter(); 1304 #endif 1305 p = (void *)_rtld_resolve_ifunc(defobj, def); 1306 _rtld_shared_exit(); 1307 return p; 1308 } 1309 1310 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1311 if (ELF_ST_TYPE(def->st_info) == STT_FUNC) { 1312 p = (void *)_rtld_function_descriptor_alloc(defobj, 1313 def, 0); 1314 lookup_mutex_exit(); 1315 return p; 1316 } 1317 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1318 p = defobj->relocbase + def->st_value; 1319 lookup_mutex_exit(); 1320 return p; 1321 } 1322 1323 _rtld_error("Undefined symbol \"%s\"", name); 1324 lookup_mutex_exit(); 1325 return NULL; 1326 } 1327 _Pragma("GCC diagnostic pop") 1328 1329 __strong_alias(__dlsym,dlsym) 1330 void * 1331 dlsym(void *handle, const char *name) 1332 { 1333 void *retaddr; 1334 1335 dbg(("dlsym of %s in %p", name, handle)); 1336 1337 #if defined(__powerpc__) && !defined(__clang__) 1338 retaddr = hackish_return_address(); 1339 #else 1340 retaddr = __builtin_return_address(0); 1341 #endif 1342 return do_dlsym(handle, name, NULL, retaddr); 1343 } 1344 1345 __strong_alias(__dlvsym,dlvsym) 1346 void * 1347 dlvsym(void *handle, const char *name, const char *version) 1348 { 1349 Ver_Entry *ventry = NULL; 1350 Ver_Entry ver_entry; 1351 void *retaddr; 1352 1353 dbg(("dlvsym of %s@%s in %p", name, version ? version : NULL, handle)); 1354 1355 if (version != NULL) { 1356 ver_entry.name = version; 1357 ver_entry.file = NULL; 1358 ver_entry.hash = _rtld_sysv_hash(version); 1359 ver_entry.flags = 0; 1360 ventry = &ver_entry; 1361 } 1362 #if defined(__powerpc__) && !defined(__clang__) 1363 retaddr = hackish_return_address(); 1364 #else 1365 retaddr = __builtin_return_address(0); 1366 #endif 1367 return do_dlsym(handle, name, ventry, retaddr); 1368 } 1369 1370 __strong_alias(__dladdr,dladdr) 1371 int 1372 dladdr(const void *addr, Dl_info *info) 1373 { 1374 const Obj_Entry *obj; 1375 const Elf_Sym *def, *best_def; 1376 void *symbol_addr; 1377 unsigned long symoffset; 1378 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1379 sigset_t mask; 1380 #endif 1381 1382 dbg(("dladdr of %p", addr)); 1383 1384 lookup_mutex_enter(); 1385 1386 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1387 addr = _rtld_function_descriptor_function(addr); 1388 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1389 1390 obj = _rtld_obj_from_addr(addr); 1391 if (obj == NULL) { 1392 _rtld_error("No shared object contains address"); 1393 lookup_mutex_exit(); 1394 return 0; 1395 } 1396 info->dli_fname = obj->path; 1397 info->dli_fbase = obj->mapbase; 1398 info->dli_saddr = (void *)0; 1399 info->dli_sname = NULL; 1400 1401 /* 1402 * Walk the symbol list looking for the symbol whose address is 1403 * closest to the address sent in. 1404 */ 1405 best_def = NULL; 1406 for (symoffset = 0; symoffset < obj->nchains; symoffset++) { 1407 def = obj->symtab + symoffset; 1408 1409 /* 1410 * For skip the symbol if st_shndx is either SHN_UNDEF or 1411 * SHN_COMMON. 1412 */ 1413 if (def->st_shndx == SHN_UNDEF || def->st_shndx == SHN_COMMON) 1414 continue; 1415 1416 /* 1417 * If the symbol is greater than the specified address, or if it 1418 * is further away from addr than the current nearest symbol, 1419 * then reject it. 1420 */ 1421 symbol_addr = obj->relocbase + def->st_value; 1422 if (symbol_addr > addr || symbol_addr < info->dli_saddr) 1423 continue; 1424 1425 /* Update our idea of the nearest symbol. */ 1426 info->dli_sname = obj->strtab + def->st_name; 1427 info->dli_saddr = symbol_addr; 1428 best_def = def; 1429 1430 1431 /* Exact match? */ 1432 if (info->dli_saddr == addr) 1433 break; 1434 } 1435 1436 #ifdef __HAVE_FUNCTION_DESCRIPTORS 1437 if (best_def != NULL && ELF_ST_TYPE(best_def->st_info) == STT_FUNC) 1438 info->dli_saddr = (void *)_rtld_function_descriptor_alloc(obj, 1439 best_def, 0); 1440 #else 1441 __USE(best_def); 1442 #endif /* __HAVE_FUNCTION_DESCRIPTORS */ 1443 1444 lookup_mutex_exit(); 1445 return 1; 1446 } 1447 1448 __strong_alias(__dlinfo,dlinfo) 1449 int 1450 dlinfo(void *handle, int req, void *v) 1451 { 1452 const Obj_Entry *obj; 1453 void *retaddr; 1454 1455 dbg(("dlinfo for %p %d", handle, req)); 1456 1457 _rtld_shared_enter(); 1458 1459 if (handle == RTLD_SELF) { 1460 #if defined(__powerpc__) && !defined(__clang__) 1461 retaddr = hackish_return_address(); 1462 #else 1463 retaddr = __builtin_return_address(0); 1464 #endif 1465 if ((obj = _rtld_obj_from_addr(retaddr)) == NULL) { 1466 _rtld_error("Cannot determine caller's shared object"); 1467 _rtld_shared_exit(); 1468 return -1; 1469 } 1470 } else { 1471 if ((obj = _rtld_dlcheck(handle)) == NULL) { 1472 _rtld_shared_exit(); 1473 return -1; 1474 } 1475 } 1476 1477 switch (req) { 1478 case RTLD_DI_LINKMAP: 1479 { 1480 const struct link_map **map = v; 1481 1482 *map = &obj->linkmap; 1483 break; 1484 } 1485 1486 default: 1487 _rtld_error("Invalid request"); 1488 _rtld_shared_exit(); 1489 return -1; 1490 } 1491 1492 _rtld_shared_exit(); 1493 return 0; 1494 } 1495 1496 static void 1497 _rtld_fill_dl_phdr_info(const Obj_Entry *obj, struct dl_phdr_info *phdr_info) 1498 { 1499 1500 phdr_info->dlpi_addr = (Elf_Addr)obj->relocbase; 1501 /* XXX: wrong but not fixing it yet */ 1502 phdr_info->dlpi_name = obj->path; 1503 phdr_info->dlpi_phdr = obj->phdr; 1504 phdr_info->dlpi_phnum = obj->phsize / sizeof(obj->phdr[0]); 1505 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 1506 phdr_info->dlpi_tls_modid = obj->tlsindex; 1507 phdr_info->dlpi_tls_data = obj->tlsinit; 1508 #else 1509 phdr_info->dlpi_tls_modid = 0; 1510 phdr_info->dlpi_tls_data = 0; 1511 #endif 1512 phdr_info->dlpi_adds = _rtld_objloads; 1513 phdr_info->dlpi_subs = _rtld_objloads - _rtld_objcount; 1514 } 1515 1516 __strong_alias(__dl_iterate_phdr,dl_iterate_phdr); 1517 int 1518 dl_iterate_phdr(int (*callback)(struct dl_phdr_info *, size_t, void *), void *param) 1519 { 1520 struct dl_phdr_info phdr_info; 1521 const Obj_Entry *obj; 1522 int error = 0; 1523 1524 dbg(("dl_iterate_phdr")); 1525 1526 _rtld_shared_enter(); 1527 1528 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 1529 _rtld_fill_dl_phdr_info(obj, &phdr_info); 1530 1531 /* XXXlocking: exit point */ 1532 error = callback(&phdr_info, sizeof(phdr_info), param); 1533 if (error) 1534 break; 1535 } 1536 1537 if (error == 0) { 1538 _rtld_fill_dl_phdr_info(&_rtld_objself, &phdr_info); 1539 1540 /* XXXlocking: exit point */ 1541 error = callback(&phdr_info, sizeof(phdr_info), param); 1542 } 1543 1544 _rtld_shared_exit(); 1545 return error; 1546 } 1547 1548 void 1549 __dl_cxa_refcount(void *addr, ssize_t delta) 1550 { 1551 sigset_t mask; 1552 Obj_Entry *obj; 1553 1554 if (delta == 0) 1555 return; 1556 1557 dbg(("__dl_cxa_refcount of %p with %zd", addr, delta)); 1558 1559 _rtld_exclusive_enter(&mask); 1560 obj = _rtld_obj_from_addr(addr); 1561 1562 if (obj == NULL) { 1563 dbg(("__dl_cxa_refcont: address not found")); 1564 _rtld_error("No shared object contains address"); 1565 _rtld_exclusive_exit(&mask); 1566 return; 1567 } 1568 if (delta > 0 && obj->cxa_refcount > SIZE_MAX - delta) 1569 _rtld_error("Reference count overflow"); 1570 else if (delta < 0 && obj->cxa_refcount < -1 + (size_t)-(delta + 1)) 1571 _rtld_error("Reference count underflow"); 1572 else { 1573 if (obj->cxa_refcount == 0) 1574 ++obj->refcount; 1575 obj->cxa_refcount += delta; 1576 dbg(("new reference count: %zu", obj->cxa_refcount)); 1577 if (obj->cxa_refcount == 0) { 1578 --obj->refcount; 1579 if (obj->refcount == 0) 1580 _rtld_unload_object(&mask, obj, true); 1581 } 1582 } 1583 1584 _rtld_exclusive_exit(&mask); 1585 } 1586 1587 __dso_public pid_t 1588 __locked_fork(int *my_errno) 1589 { 1590 pid_t result; 1591 1592 _rtld_shared_enter(); 1593 result = __fork(); 1594 if (result == -1) 1595 *my_errno = errno; 1596 _rtld_shared_exit(); 1597 1598 return result; 1599 } 1600 1601 /* 1602 * Error reporting function. Use it like printf. If formats the message 1603 * into a buffer, and sets things up so that the next call to dlerror() 1604 * will return the message. 1605 */ 1606 void 1607 _rtld_error(const char *fmt,...) 1608 { 1609 static char buf[512]; 1610 va_list ap; 1611 1612 va_start(ap, fmt); 1613 xvsnprintf(buf, sizeof buf, fmt, ap); 1614 dbg(("%s: %s", __func__, buf)); 1615 error_message = buf; 1616 va_end(ap); 1617 } 1618 1619 void 1620 _rtld_debug_state(void) 1621 { 1622 #if defined(__hppa__) 1623 __asm volatile("nop" ::: "memory"); 1624 #endif 1625 1626 /* Prevent optimizer from removing calls to this function */ 1627 __insn_barrier(); 1628 } 1629 1630 void 1631 _rtld_linkmap_add(Obj_Entry *obj) 1632 { 1633 struct link_map *l = &obj->linkmap; 1634 struct link_map *prev; 1635 1636 obj->linkmap.l_name = obj->path; 1637 obj->linkmap.l_addr = obj->relocbase; 1638 obj->linkmap.l_ld = obj->dynamic; 1639 #ifdef __mips__ 1640 /* XXX This field is not standard and will be removed eventually. */ 1641 obj->linkmap.l_offs = obj->relocbase; 1642 #endif 1643 1644 if (_rtld_debug.r_map == NULL) { 1645 _rtld_debug.r_map = l; 1646 return; 1647 } 1648 1649 /* 1650 * Scan to the end of the list, but not past the entry for the 1651 * dynamic linker, which we want to keep at the very end. 1652 */ 1653 for (prev = _rtld_debug.r_map; 1654 prev->l_next != NULL && prev->l_next != &_rtld_objself.linkmap; 1655 prev = prev->l_next); 1656 1657 l->l_prev = prev; 1658 l->l_next = prev->l_next; 1659 if (l->l_next != NULL) 1660 l->l_next->l_prev = l; 1661 prev->l_next = l; 1662 } 1663 1664 void 1665 _rtld_linkmap_delete(Obj_Entry *obj) 1666 { 1667 struct link_map *l = &obj->linkmap; 1668 1669 if (l->l_prev == NULL) { 1670 if ((_rtld_debug.r_map = l->l_next) != NULL) 1671 l->l_next->l_prev = NULL; 1672 return; 1673 } 1674 if ((l->l_prev->l_next = l->l_next) != NULL) 1675 l->l_next->l_prev = l->l_prev; 1676 } 1677 1678 static Obj_Entry * 1679 _rtld_obj_from_addr(const void *addr) 1680 { 1681 Obj_Entry *obj; 1682 1683 for (obj = _rtld_objlist; obj != NULL; obj = obj->next) { 1684 if (addr < (void *) obj->mapbase) 1685 continue; 1686 if (addr < (void *) (obj->mapbase + obj->mapsize)) 1687 return obj; 1688 } 1689 return NULL; 1690 } 1691 1692 static void 1693 _rtld_objlist_clear(Objlist *list) 1694 { 1695 while (!SIMPLEQ_EMPTY(list)) { 1696 Objlist_Entry* elm = SIMPLEQ_FIRST(list); 1697 SIMPLEQ_REMOVE_HEAD(list, link); 1698 xfree(elm); 1699 } 1700 } 1701 1702 static void 1703 _rtld_objlist_remove(Objlist *list, Obj_Entry *obj) 1704 { 1705 Objlist_Entry *elm; 1706 1707 if ((elm = _rtld_objlist_find(list, obj)) != NULL) { 1708 SIMPLEQ_REMOVE(list, elm, Struct_Objlist_Entry, link); 1709 xfree(elm); 1710 } 1711 } 1712 1713 #define RTLD_EXCLUSIVE_MASK 0x80000000U 1714 static volatile unsigned int _rtld_mutex; 1715 static volatile unsigned int _rtld_waiter_exclusive; 1716 static volatile unsigned int _rtld_waiter_shared; 1717 1718 void 1719 _rtld_shared_enter(void) 1720 { 1721 unsigned int cur; 1722 lwpid_t waiter, self = 0; 1723 1724 for (;;) { 1725 cur = _rtld_mutex; 1726 /* 1727 * First check if we are currently not exclusively locked. 1728 */ 1729 if ((cur & RTLD_EXCLUSIVE_MASK) == 0) { 1730 /* Yes, so increment use counter */ 1731 if (atomic_cas_uint(&_rtld_mutex, cur, cur + 1) != cur) 1732 continue; 1733 membar_acquire(); 1734 return; 1735 } 1736 /* 1737 * Someone has an exclusive lock. Puts us on the waiter list. 1738 */ 1739 if (!self) 1740 self = _lwp_self(); 1741 if (cur == (self | RTLD_EXCLUSIVE_MASK)) { 1742 if (_rtld_mutex_may_recurse) 1743 return; 1744 _rtld_error("%s: dead lock detected", __func__); 1745 _rtld_die(); 1746 } 1747 waiter = atomic_swap_uint(&_rtld_waiter_shared, self); 1748 /* 1749 * Check for race against _rtld_exclusive_exit before sleeping. 1750 */ 1751 membar_sync(); 1752 if ((_rtld_mutex & RTLD_EXCLUSIVE_MASK) || 1753 _rtld_waiter_exclusive) 1754 _lwp_park(CLOCK_REALTIME, 0, NULL, 0, 1755 __UNVOLATILE(&_rtld_mutex), NULL); 1756 /* Try to remove us from the waiter list. */ 1757 atomic_cas_uint(&_rtld_waiter_shared, self, 0); 1758 if (waiter) 1759 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1760 } 1761 } 1762 1763 void 1764 _rtld_shared_exit(void) 1765 { 1766 lwpid_t waiter; 1767 1768 /* 1769 * Shared lock taken after an exclusive lock. 1770 * Just assume this is a partial recursion. 1771 */ 1772 if (_rtld_mutex & RTLD_EXCLUSIVE_MASK) 1773 return; 1774 1775 /* 1776 * Wakeup LWPs waiting for an exclusive lock if this is the last 1777 * LWP on the shared lock. 1778 */ 1779 membar_release(); 1780 if (atomic_dec_uint_nv(&_rtld_mutex)) 1781 return; 1782 membar_sync(); 1783 if ((waiter = _rtld_waiter_exclusive) != 0) 1784 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1785 } 1786 1787 void 1788 _rtld_exclusive_enter(sigset_t *mask) 1789 { 1790 lwpid_t waiter, self = _lwp_self(); 1791 unsigned int locked_value = (unsigned int)self | RTLD_EXCLUSIVE_MASK; 1792 unsigned int cur; 1793 sigset_t blockmask; 1794 1795 sigfillset(&blockmask); 1796 sigdelset(&blockmask, SIGTRAP); /* Allow the debugger */ 1797 sigprocmask(SIG_BLOCK, &blockmask, mask); 1798 1799 for (;;) { 1800 if (atomic_cas_uint(&_rtld_mutex, 0, locked_value) == 0) { 1801 membar_acquire(); 1802 break; 1803 } 1804 waiter = atomic_swap_uint(&_rtld_waiter_exclusive, self); 1805 membar_sync(); 1806 cur = _rtld_mutex; 1807 if (cur == locked_value) { 1808 _rtld_error("%s: dead lock detected", __func__); 1809 _rtld_die(); 1810 } 1811 if (cur) 1812 _lwp_park(CLOCK_REALTIME, 0, NULL, 0, 1813 __UNVOLATILE(&_rtld_mutex), NULL); 1814 atomic_cas_uint(&_rtld_waiter_exclusive, self, 0); 1815 if (waiter) 1816 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1817 } 1818 } 1819 1820 void 1821 _rtld_exclusive_exit(sigset_t *mask) 1822 { 1823 lwpid_t waiter; 1824 1825 membar_release(); 1826 _rtld_mutex = 0; 1827 membar_sync(); 1828 if ((waiter = _rtld_waiter_exclusive) != 0) 1829 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1830 1831 if ((waiter = _rtld_waiter_shared) != 0) 1832 _lwp_unpark(waiter, __UNVOLATILE(&_rtld_mutex)); 1833 1834 sigprocmask(SIG_SETMASK, mask, NULL); 1835 } 1836 1837 int 1838 _rtld_relro(const Obj_Entry *obj, bool wantmain) 1839 { 1840 #ifdef GNU_RELRO 1841 /* 1842 * If our VM page size is larger than the page size used by the 1843 * linker when laying out the object, we could end up making data 1844 * read-only that is unintended. Detect and avoid this situation. 1845 * It may mean we are unable to protect everything we'd like, but 1846 * it's better than crashing. 1847 */ 1848 uintptr_t relro_end = (uintptr_t)obj->relro_page + obj->relro_size; 1849 uintptr_t relro_start = round_down((uintptr_t)obj->relro_page); 1850 assert(relro_end >= relro_start); 1851 size_t relro_size = round_down(relro_end) - relro_start; 1852 1853 if (relro_size == 0) 1854 return 0; 1855 if (wantmain != (obj ==_rtld_objmain)) 1856 return 0; 1857 1858 dbg(("RELRO %s %p %zx\n", obj->path, (void *)relro_start, relro_size)); 1859 if (mprotect((void *)relro_start, relro_size, PROT_READ) == -1) { 1860 _rtld_error("%s: Cannot enforce relro " "protection: %s", 1861 obj->path, xstrerror(errno)); 1862 return -1; 1863 } 1864 #endif 1865 return 0; 1866 } 1867
Indexes created Sat Sep 20 22:09:52 GMT 2025