1 /* $NetBSD: headers.c,v 1.79 2026/02/10 18:35:59 skrll Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt (at) 3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root (at) ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp (at) polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: headers.c,v 1.79 2026/02/10 18:35:59 skrll Exp $"); 44 #endif /* not lint */ 45 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <stdarg.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <sys/types.h> 55 #include <sys/mman.h> 56 #include <sys/bitops.h> 57 #include <dirent.h> 58 59 #include "debug.h" 60 #include "rtld.h" 61 62 /* 63 * Process a shared object's DYNAMIC section, and save the important 64 * information in its Obj_Entry structure. 65 */ 66 void 67 _rtld_digest_dynamic(const char *execname, Obj_Entry *obj) 68 { 69 Elf_Dyn *dynp; 70 Needed_Entry **needed_tail = &obj->needed; 71 const Elf_Dyn *dyn_soname = NULL; 72 const Elf_Dyn *dyn_rpath = NULL; 73 bool use_pltrel = false; 74 bool use_pltrela = false; 75 Elf_Addr relsz = 0, relasz = 0, relrsz = 0; 76 Elf_Addr pltrel = 0, pltrelsz = 0; 77 #ifdef RTLD_LOADER 78 Elf_Addr init = 0, fini = 0; 79 #endif 80 81 dbg(("headers: digesting PT_DYNAMIC at %p", obj->dynamic)); 82 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; ++dynp) { 83 dbg((" d_tag %ld at %p", (long)dynp->d_tag, dynp)); 84 switch (dynp->d_tag) { 85 86 case DT_REL: 87 obj->rel = (const Elf_Rel *) 88 (obj->relocbase + dynp->d_un.d_ptr); 89 break; 90 91 case DT_RELSZ: 92 relsz = dynp->d_un.d_val; 93 break; 94 95 case DT_RELENT: 96 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 97 break; 98 99 case DT_JMPREL: 100 pltrel = dynp->d_un.d_ptr; 101 break; 102 103 case DT_PLTRELSZ: 104 pltrelsz = dynp->d_un.d_val; 105 break; 106 107 case DT_RELA: 108 obj->rela = (const Elf_Rela *) 109 (obj->relocbase + dynp->d_un.d_ptr); 110 break; 111 112 case DT_RELASZ: 113 relasz = dynp->d_un.d_val; 114 break; 115 116 case DT_RELAENT: 117 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 118 break; 119 120 case DT_RELR: 121 obj->relr = (const Elf_Relr *)(obj->relocbase + 122 dynp->d_un.d_ptr); 123 break; 124 125 case DT_RELRSZ: 126 relrsz = dynp->d_un.d_val; 127 break; 128 129 case DT_RELRENT: 130 assert(dynp->d_un.d_val == sizeof(Elf_Relr)); 131 break; 132 133 case DT_PLTREL: 134 use_pltrel = dynp->d_un.d_val == DT_REL; 135 use_pltrela = dynp->d_un.d_val == DT_RELA; 136 assert(use_pltrel || use_pltrela); 137 break; 138 139 case DT_SYMTAB: 140 obj->symtab = (const Elf_Sym *) 141 (obj->relocbase + dynp->d_un.d_ptr); 142 break; 143 144 case DT_SYMENT: 145 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 146 break; 147 148 case DT_STRTAB: 149 obj->strtab = (const char *) 150 (obj->relocbase + dynp->d_un.d_ptr); 151 break; 152 153 case DT_STRSZ: 154 obj->strsize = dynp->d_un.d_val; 155 break; 156 157 case DT_VERNEED: 158 obj->verneed = (const Elf_Verneed *) 159 (obj->relocbase + dynp->d_un.d_ptr); 160 break; 161 162 case DT_VERNEEDNUM: 163 obj->verneednum = dynp->d_un.d_val; 164 break; 165 166 case DT_VERDEF: 167 obj->verdef = (const Elf_Verdef *) 168 (obj->relocbase + dynp->d_un.d_ptr); 169 break; 170 171 case DT_VERDEFNUM: 172 obj->verdefnum = dynp->d_un.d_val; 173 break; 174 175 case DT_VERSYM: 176 obj->versyms = (const Elf_Versym *) 177 (obj->relocbase + dynp->d_un.d_ptr); 178 break; 179 180 case DT_HASH: 181 { 182 uint32_t nbuckets, nchains; 183 const Elf_Symindx *hashtab = (const Elf_Symindx *) 184 (obj->relocbase + dynp->d_un.d_ptr); 185 186 if (hashtab[0] > UINT32_MAX) 187 nbuckets = UINT32_MAX; 188 else 189 nbuckets = hashtab[0]; 190 obj->nbuckets = nbuckets; 191 obj->nchains = (nchains = hashtab[1]); 192 obj->buckets = hashtab + 2; 193 obj->chains = obj->buckets + obj->nbuckets; 194 195 /* Validity check */ 196 if (!obj->buckets || !nbuckets || !nchains) 197 continue; 198 199 obj->sysv_hash = true; 200 201 /* 202 * Should really be in _rtld_relocate_objects, 203 * but _rtld_symlook_obj might be used before. 204 */ 205 fast_divide32_prepare(obj->nbuckets, 206 &obj->nbuckets_m, 207 &obj->nbuckets_s1, 208 &obj->nbuckets_s2); 209 } 210 break; 211 212 case DT_GNU_HASH: 213 { 214 uint32_t nmaskwords; 215 uint32_t nbuckets, symndx; 216 int bloom_size32; 217 bool nmw_power2; 218 const Elf_Symindx *hashtab = (const Elf_Symindx *) 219 (obj->relocbase + dynp->d_un.d_ptr); 220 221 if (hashtab[0] > UINT32_MAX) 222 nbuckets = UINT32_MAX; 223 else 224 nbuckets = hashtab[0]; 225 obj->nbuckets_gnu = nbuckets; 226 227 nmaskwords = hashtab[2]; 228 bloom_size32 = nmaskwords * (ELFSIZE / 32); 229 230 obj->buckets_gnu = (const uint32_t *)(hashtab + 4 + bloom_size32); 231 232 nmw_power2 = powerof2(nmaskwords); 233 234 /* Validity check */ 235 if (!nmw_power2 || !nbuckets || !obj->buckets_gnu) 236 continue; 237 238 obj->gnu_hash = true; 239 240 obj->mask_bm_gnu = nmaskwords - 1; 241 obj->symndx_gnu = (symndx = hashtab[1]); 242 obj->shift2_gnu = hashtab[3]; 243 obj->bloom_gnu = (const Elf_Addr *)(hashtab + 4); 244 obj->chains_gnu = obj->buckets_gnu + nbuckets - symndx; 245 246 /* 247 * Should really be in _rtld_relocate_objects, 248 * but _rtld_symlook_obj might be used before. 249 */ 250 fast_divide32_prepare(nbuckets, 251 &obj->nbuckets_m_gnu, 252 &obj->nbuckets_s1_gnu, 253 &obj->nbuckets_s2_gnu); 254 255 dbg(("found GNU Hash: buckets=%p " 256 "nbuckets=%u chains=%p nchains=%lu " 257 "bloom=%p mask_bm=%u shift2=%u " 258 "symndx=%u", 259 obj->buckets_gnu, obj->nbuckets_gnu, 260 obj->chains_gnu, obj->nchains_gnu, 261 obj->bloom_gnu, obj->mask_bm_gnu, 262 obj->shift2_gnu, obj->symndx_gnu)); 263 } 264 break; 265 266 case DT_NEEDED: 267 { 268 Needed_Entry *nep = NEW(Needed_Entry); 269 270 nep->name = dynp->d_un.d_val; 271 nep->obj = NULL; 272 nep->next = NULL; 273 274 *needed_tail = nep; 275 needed_tail = &nep->next; 276 } 277 break; 278 279 case DT_PLTGOT: 280 obj->pltgot = (Elf_Addr *) 281 (obj->relocbase + dynp->d_un.d_ptr); 282 break; 283 284 case DT_TEXTREL: 285 obj->textrel = true; 286 break; 287 288 case DT_SYMBOLIC: 289 obj->symbolic = true; 290 break; 291 292 case DT_RPATH: 293 case DT_RUNPATH: 294 /* 295 * We have to wait until later to process this, because 296 * we might not have gotten the address of the string 297 * table yet. 298 */ 299 dyn_rpath = dynp; 300 break; 301 302 case DT_SONAME: 303 dyn_soname = dynp; 304 break; 305 306 case DT_INIT: 307 #ifdef RTLD_LOADER 308 init = dynp->d_un.d_ptr; 309 #endif 310 break; 311 312 #ifdef HAVE_INITFINI_ARRAY 313 case DT_INIT_ARRAY: 314 obj->init_array = 315 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 316 dbg(("headers: DT_INIT_ARRAY at %p", 317 obj->init_array)); 318 break; 319 320 case DT_INIT_ARRAYSZ: 321 obj->init_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 322 dbg(("headers: DT_INIT_ARRAYSZ %zu", 323 obj->init_arraysz)); 324 break; 325 #endif 326 327 case DT_FINI: 328 #ifdef RTLD_LOADER 329 fini = dynp->d_un.d_ptr; 330 #endif 331 break; 332 333 #ifdef HAVE_INITFINI_ARRAY 334 case DT_FINI_ARRAY: 335 obj->fini_array = 336 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 337 dbg(("headers: DT_FINI_ARRAY at %p", 338 obj->fini_array)); 339 break; 340 341 case DT_FINI_ARRAYSZ: 342 obj->fini_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 343 dbg(("headers: DT_FINI_ARRAYSZ %zu", 344 obj->fini_arraysz)); 345 break; 346 #endif 347 348 #ifdef HAVE_INITFINI_ARRAY 349 case DT_PREINIT_ARRAY: 350 obj->preinit_array = 351 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 352 dbg(("headers: DT_PREINIT_ARRAY at %p", 353 obj->preinit_array)); 354 break; 355 356 case DT_PREINIT_ARRAYSZ: 357 obj->preinit_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 358 dbg(("headers: DT_PREINIT_ARRAYSZ %zu", 359 obj->preinit_arraysz)); 360 break; 361 #endif 362 363 /* 364 * Don't process DT_DEBUG on MIPS as the dynamic 365 * section is mapped read-only. DT_MIPS_RLD_MAP or 366 * DT_MIPS_RLD_MAP_REL is used instead. 367 * 368 * XXX: n32/n64 may use DT_DEBUG, not sure yet. 369 */ 370 #ifndef __mips__ 371 case DT_DEBUG: 372 #ifdef RTLD_LOADER 373 dynp->d_un.d_ptr = (Elf_Addr)&_rtld_debug; 374 #endif 375 break; 376 #endif 377 378 #ifdef __alpha__ 379 case DT_ALPHA_PLTRO: 380 obj->secureplt = (dynp->d_un.d_val != 0); 381 break; 382 #endif 383 #ifdef __mips__ 384 case DT_MIPS_LOCAL_GOTNO: 385 obj->local_gotno = dynp->d_un.d_val; 386 break; 387 388 case DT_MIPS_SYMTABNO: 389 obj->symtabno = dynp->d_un.d_val; 390 break; 391 392 case DT_MIPS_GOTSYM: 393 obj->gotsym = dynp->d_un.d_val; 394 break; 395 396 /* 397 * The .dynamic section is read-only, so the loader 398 * can't write to it; instead, the linker reserves 399 * space in a read/write .rld_map section for the 400 * loader write to, and leaves a pointer to that space 401 * in a DT_MIPS_RLD_MAP entry. 402 * 403 * Except pointers like that don't work for 404 * position-independent executables, which use 405 * DT_MIPS_RLD_MAP_REL instead. 406 */ 407 case DT_MIPS_RLD_MAP: 408 #ifdef RTLD_LOADER 409 *((Elf_Addr *)dynp->d_un.d_ptr) = 410 (Elf_Addr)&_rtld_debug; 411 #endif 412 break; 413 414 /* 415 * The .dynamic section is read-only, so the loader 416 * can't write to it; instead, the linker reserves 417 * space in a read/write .rld_map section for the 418 * loader write to, which might be mapped anywhere in 419 * virtual address space for position-independent 420 * executables, so the linker leaves its offset 421 * relative to the .dynamic entry itself in the dynamic 422 * entry. 423 */ 424 case DT_MIPS_RLD_MAP_REL: 425 #ifdef RTLD_LOADER 426 *(Elf_Addr *)((Elf_Addr)dynp + dynp->d_un.d_val) = 427 (Elf_Addr)&_rtld_debug; 428 #endif 429 break; 430 #endif 431 #ifdef __powerpc__ 432 #ifdef _LP64 433 case DT_PPC64_GLINK: 434 obj->glink = (Elf_Addr)(uintptr_t)obj->relocbase + dynp->d_un.d_ptr; 435 break; 436 #else 437 case DT_PPC_GOT: 438 obj->gotptr = (Elf_Addr *)(obj->relocbase + dynp->d_un.d_ptr); 439 break; 440 #endif 441 #endif 442 case DT_FLAGS_1: 443 obj->z_now = 444 ((dynp->d_un.d_val & DF_1_NOW) != 0); 445 obj->z_nodelete = 446 ((dynp->d_un.d_val & DF_1_NODELETE) != 0); 447 obj->z_initfirst = 448 ((dynp->d_un.d_val & DF_1_INITFIRST) != 0); 449 obj->z_noopen = 450 ((dynp->d_un.d_val & DF_1_NOOPEN) != 0); 451 break; 452 } 453 } 454 455 obj->rellim = (const Elf_Rel *)((const uint8_t *)obj->rel + relsz); 456 obj->relalim = (const Elf_Rela *)((const uint8_t *)obj->rela + relasz); 457 obj->relrlim = (const Elf_Relr *)((const uint8_t *)obj->relr + relrsz); 458 if (use_pltrel) { 459 obj->pltrel = (const Elf_Rel *)(obj->relocbase + pltrel); 460 obj->pltrellim = (const Elf_Rel *)(obj->relocbase + pltrel + pltrelsz); 461 obj->pltrelalim = 0; 462 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 463 Trim rel(a)lim to save time later. */ 464 if (obj->rellim && obj->pltrel && 465 obj->rellim > obj->pltrel && 466 obj->rellim <= obj->pltrellim) 467 obj->rellim = obj->pltrel; 468 } else if (use_pltrela) { 469 obj->pltrela = (const Elf_Rela *)(obj->relocbase + pltrel); 470 obj->pltrellim = 0; 471 obj->pltrelalim = (const Elf_Rela *)(obj->relocbase + pltrel + pltrelsz); 472 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 473 Trim rel(a)lim to save time later. */ 474 if (obj->relalim && obj->pltrela && 475 obj->relalim > obj->pltrela && 476 obj->relalim <= obj->pltrelalim) 477 obj->relalim = obj->pltrela; 478 } 479 480 /* If the ELF Hash is present, "nchains" is the same in both hashes. */ 481 if (!obj->sysv_hash && obj->gnu_hash) { 482 uint_fast32_t i, nbucket, symndx; 483 484 /* Otherwise, count the entries from the GNU Hash chain. */ 485 nbucket = obj->nbuckets_gnu; 486 symndx = obj->symndx_gnu; 487 488 for (i = 0; i < nbucket; i++) { 489 Elf_Word bkt = obj->buckets_gnu[i]; 490 if (bkt == 0) 491 continue; 492 const uint32_t *hashval = &obj->chains_gnu[bkt]; 493 do { 494 symndx++; 495 } while ((*hashval++ & 1U) == 0); 496 } 497 obj->nchains_gnu = (uint32_t)symndx; 498 } 499 500 #ifdef RTLD_LOADER 501 #if defined(__HAVE_FUNCTION_DESCRIPTORS) 502 if (init != 0) 503 obj->init = (void (*)(void)) 504 _rtld_function_descriptor_alloc(obj, NULL, init); 505 if (fini != 0) 506 obj->fini = (void (*)(void)) 507 _rtld_function_descriptor_alloc(obj, NULL, fini); 508 #else 509 if (init != 0) 510 obj->init = (void (*)(void)) (obj->relocbase + init); 511 if (fini != 0) 512 obj->fini = (void (*)(void)) (obj->relocbase + fini); 513 #endif 514 #endif 515 516 if (dyn_rpath != NULL) { 517 _rtld_add_paths(execname, &obj->rpaths, obj->strtab + 518 dyn_rpath->d_un.d_val); 519 } 520 if (dyn_soname != NULL) { 521 _rtld_object_add_name(obj, obj->strtab + 522 dyn_soname->d_un.d_val); 523 } 524 } 525 526 #ifdef RTLD_LOADER 527 /* 528 * Process a shared object's program header. This is used only for the 529 * main program, when the kernel has already loaded the main program 530 * into memory before calling the dynamic linker. It creates and 531 * returns an Obj_Entry structure. 532 */ 533 Obj_Entry * 534 _rtld_digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 535 { 536 Obj_Entry *obj; 537 const Elf_Phdr *phlimit = phdr + phnum; 538 const Elf_Phdr *ph; 539 bool first_seg = true; 540 Elf_Addr vaddr; 541 size_t size; 542 543 obj = _rtld_obj_new(); 544 545 for (ph = phdr; ph < phlimit; ++ph) { 546 if (ph->p_type != PT_PHDR) 547 continue; 548 549 obj->relocbase = (caddr_t)((uintptr_t)phdr - (uintptr_t)ph->p_vaddr); 550 obj->phdr = phdr; /* Equivalent to relocbase + p_vaddr. */ 551 obj->phsize = ph->p_memsz; 552 dbg(("headers: phdr %p (%p) phsize %zu relocbase %p", 553 obj->phdr, phdr, obj->phsize, obj->relocbase)); 554 break; 555 } 556 557 for (ph = phdr; ph < phlimit; ++ph) { 558 vaddr = (Elf_Addr)(uintptr_t)(obj->relocbase + ph->p_vaddr); 559 switch (ph->p_type) { 560 561 case PT_INTERP: 562 obj->interp = (const char *)(uintptr_t)vaddr; 563 dbg(("headers: %s %p phsize %" PRImemsz, 564 "PT_INTERP", (void *)(uintptr_t)vaddr, 565 ph->p_memsz)); 566 break; 567 568 case PT_LOAD: 569 if (first_seg) { /* First load segment */ 570 obj->vaddrbase = round_down(vaddr); 571 obj->mapbase = 572 (caddr_t)(uintptr_t)obj->vaddrbase; 573 size = round_up(vaddr + ph->p_memsz) - 574 obj->vaddrbase; 575 obj->textsize = size; 576 obj->mapsize = size; 577 first_seg = false; 578 } else { /* Last load segment */ 579 size = round_up(vaddr + ph->p_memsz) - 580 obj->vaddrbase; 581 obj->mapsize = MAX(obj->mapsize, size); 582 } 583 dbg(("headers: %s %p phsize %" PRImemsz, 584 "PT_LOAD", (void *)(uintptr_t)vaddr, 585 ph->p_memsz)); 586 break; 587 588 case PT_DYNAMIC: 589 obj->dynamic = (Elf_Dyn *)(uintptr_t)vaddr; 590 dbg(("headers: %s %p phsize %" PRImemsz, 591 "PT_DYNAMIC", (void *)(uintptr_t)vaddr, 592 ph->p_memsz)); 593 break; 594 595 #ifdef GNU_RELRO 596 case PT_GNU_RELRO: 597 /* rounding happens later. */ 598 obj->relro_page = obj->relocbase + ph->p_vaddr; 599 obj->relro_size = ph->p_memsz; 600 dbg(("headers: %s %p phsize %" PRImemsz, 601 "PT_GNU_RELRO", (void *)(uintptr_t)vaddr, 602 ph->p_memsz)); 603 break; 604 #endif 605 606 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 607 case PT_TLS: 608 obj->tlsindex = 1; 609 obj->tlssize = ph->p_memsz; 610 obj->tlsalign = ph->p_align; 611 obj->tlsinitsize = ph->p_filesz; 612 obj->tlsinit = (void *)(obj->relocbase + 613 (uintptr_t)ph->p_vaddr); 614 dbg(("headers: %s %p phsize %" PRImemsz, 615 "PT_TLS", (void *)(uintptr_t)vaddr, 616 ph->p_memsz)); 617 break; 618 #endif 619 #ifdef __ARM_EABI__ 620 case PT_ARM_EXIDX: 621 obj->exidx_start = (void *)(uintptr_t)vaddr; 622 obj->exidx_sz = ph->p_memsz; 623 dbg(("headers: %s %p phsize %" PRImemsz, 624 "PT_ARM_EXIDX", (void *)(uintptr_t)vaddr, 625 ph->p_memsz)); 626 break; 627 #endif 628 } 629 } 630 631 obj->entry = entry; 632 return obj; 633 } 634 #endif 635
Indexes created Mon Jun 22 00:25:11 UTC 2026