headers.c revision 1.74
1 /* $NetBSD: headers.c,v 1.74 2025/04/18 17:56:49 riastradh Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt (at) 3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root (at) ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp (at) polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: headers.c,v 1.74 2025/04/18 17:56:49 riastradh Exp $"); 44 #endif /* not lint */ 45 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <stdarg.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <sys/types.h> 55 #include <sys/mman.h> 56 #include <sys/bitops.h> 57 #include <dirent.h> 58 59 #include "debug.h" 60 #include "rtld.h" 61 62 /* 63 * Process a shared object's DYNAMIC section, and save the important 64 * information in its Obj_Entry structure. 65 */ 66 void 67 _rtld_digest_dynamic(const char *execname, Obj_Entry *obj) 68 { 69 Elf_Dyn *dynp; 70 Needed_Entry **needed_tail = &obj->needed; 71 const Elf_Dyn *dyn_soname = NULL; 72 const Elf_Dyn *dyn_rpath = NULL; 73 bool use_pltrel = false; 74 bool use_pltrela = false; 75 Elf_Addr relsz = 0, relasz = 0; 76 Elf_Addr pltrel = 0, pltrelsz = 0; 77 #ifdef RTLD_LOADER 78 Elf_Addr init = 0, fini = 0; 79 #endif 80 81 dbg(("headers: digesting PT_DYNAMIC at %p", obj->dynamic)); 82 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; ++dynp) { 83 dbg((" d_tag %ld at %p", (long)dynp->d_tag, dynp)); 84 switch (dynp->d_tag) { 85 86 case DT_REL: 87 obj->rel = (const Elf_Rel *) 88 (obj->relocbase + dynp->d_un.d_ptr); 89 break; 90 91 case DT_RELSZ: 92 relsz = dynp->d_un.d_val; 93 break; 94 95 case DT_RELENT: 96 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 97 break; 98 99 case DT_JMPREL: 100 pltrel = dynp->d_un.d_ptr; 101 break; 102 103 case DT_PLTRELSZ: 104 pltrelsz = dynp->d_un.d_val; 105 break; 106 107 case DT_RELA: 108 obj->rela = (const Elf_Rela *) 109 (obj->relocbase + dynp->d_un.d_ptr); 110 break; 111 112 case DT_RELASZ: 113 relasz = dynp->d_un.d_val; 114 break; 115 116 case DT_RELAENT: 117 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 118 break; 119 120 case DT_PLTREL: 121 use_pltrel = dynp->d_un.d_val == DT_REL; 122 use_pltrela = dynp->d_un.d_val == DT_RELA; 123 assert(use_pltrel || use_pltrela); 124 break; 125 126 case DT_SYMTAB: 127 obj->symtab = (const Elf_Sym *) 128 (obj->relocbase + dynp->d_un.d_ptr); 129 break; 130 131 case DT_SYMENT: 132 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 133 break; 134 135 case DT_STRTAB: 136 obj->strtab = (const char *) 137 (obj->relocbase + dynp->d_un.d_ptr); 138 break; 139 140 case DT_STRSZ: 141 obj->strsize = dynp->d_un.d_val; 142 break; 143 144 case DT_VERNEED: 145 obj->verneed = (const Elf_Verneed *) 146 (obj->relocbase + dynp->d_un.d_ptr); 147 break; 148 149 case DT_VERNEEDNUM: 150 obj->verneednum = dynp->d_un.d_val; 151 break; 152 153 case DT_VERDEF: 154 obj->verdef = (const Elf_Verdef *) 155 (obj->relocbase + dynp->d_un.d_ptr); 156 break; 157 158 case DT_VERDEFNUM: 159 obj->verdefnum = dynp->d_un.d_val; 160 break; 161 162 case DT_VERSYM: 163 obj->versyms = (const Elf_Versym *) 164 (obj->relocbase + dynp->d_un.d_ptr); 165 break; 166 167 case DT_HASH: 168 { 169 uint32_t nbuckets, nchains; 170 const Elf_Symindx *hashtab = (const Elf_Symindx *) 171 (obj->relocbase + dynp->d_un.d_ptr); 172 173 if (hashtab[0] > UINT32_MAX) 174 nbuckets = UINT32_MAX; 175 else 176 nbuckets = hashtab[0]; 177 obj->nbuckets = nbuckets; 178 obj->nchains = (nchains = hashtab[1]); 179 obj->buckets = hashtab + 2; 180 obj->chains = obj->buckets + obj->nbuckets; 181 182 /* Validity check */ 183 if (!obj->buckets || !nbuckets || !nchains) 184 continue; 185 186 obj->sysv_hash = true; 187 188 /* 189 * Should really be in _rtld_relocate_objects, 190 * but _rtld_symlook_obj might be used before. 191 */ 192 fast_divide32_prepare(obj->nbuckets, 193 &obj->nbuckets_m, 194 &obj->nbuckets_s1, 195 &obj->nbuckets_s2); 196 } 197 break; 198 199 case DT_GNU_HASH: 200 { 201 uint32_t nmaskwords; 202 uint32_t nbuckets, symndx; 203 int bloom_size32; 204 bool nmw_power2; 205 const Elf_Symindx *hashtab = (const Elf_Symindx *) 206 (obj->relocbase + dynp->d_un.d_ptr); 207 208 if (hashtab[0] > UINT32_MAX) 209 nbuckets = UINT32_MAX; 210 else 211 nbuckets = hashtab[0]; 212 obj->nbuckets_gnu = nbuckets; 213 214 nmaskwords = hashtab[2]; 215 bloom_size32 = nmaskwords * (ELFSIZE / 32); 216 217 obj->buckets_gnu = (const uint32_t *)(hashtab + 4 + bloom_size32); 218 219 nmw_power2 = powerof2(nmaskwords); 220 221 /* Validity check */ 222 if (!nmw_power2 || !nbuckets || !obj->buckets_gnu) 223 continue; 224 225 obj->gnu_hash = true; 226 227 obj->mask_bm_gnu = nmaskwords - 1; 228 obj->symndx_gnu = (symndx = hashtab[1]); 229 obj->shift2_gnu = hashtab[3]; 230 obj->bloom_gnu = (const Elf_Addr *)(hashtab + 4); 231 obj->chains_gnu = obj->buckets_gnu + nbuckets - symndx; 232 233 /* 234 * Should really be in _rtld_relocate_objects, 235 * but _rtld_symlook_obj might be used before. 236 */ 237 fast_divide32_prepare(nbuckets, 238 &obj->nbuckets_m_gnu, 239 &obj->nbuckets_s1_gnu, 240 &obj->nbuckets_s2_gnu); 241 242 dbg(("found GNU Hash: buckets=%p " 243 "nbuckets=%u chains=%p nchains=%lu " 244 "bloom=%p mask_bm=%u shift2=%u " 245 "symndx=%u", 246 obj->buckets_gnu, obj->nbuckets_gnu, 247 obj->chains_gnu, obj->nchains_gnu, 248 obj->bloom_gnu, obj->mask_bm_gnu, 249 obj->shift2_gnu, obj->symndx_gnu)); 250 } 251 break; 252 253 case DT_NEEDED: 254 { 255 Needed_Entry *nep = NEW(Needed_Entry); 256 257 nep->name = dynp->d_un.d_val; 258 nep->obj = NULL; 259 nep->next = NULL; 260 261 *needed_tail = nep; 262 needed_tail = &nep->next; 263 } 264 break; 265 266 case DT_PLTGOT: 267 obj->pltgot = (Elf_Addr *) 268 (obj->relocbase + dynp->d_un.d_ptr); 269 break; 270 271 case DT_TEXTREL: 272 obj->textrel = true; 273 break; 274 275 case DT_SYMBOLIC: 276 obj->symbolic = true; 277 break; 278 279 case DT_RPATH: 280 case DT_RUNPATH: 281 /* 282 * We have to wait until later to process this, because 283 * we might not have gotten the address of the string 284 * table yet. 285 */ 286 dyn_rpath = dynp; 287 break; 288 289 case DT_SONAME: 290 dyn_soname = dynp; 291 break; 292 293 case DT_INIT: 294 #ifdef RTLD_LOADER 295 init = dynp->d_un.d_ptr; 296 #endif 297 break; 298 299 #ifdef HAVE_INITFINI_ARRAY 300 case DT_INIT_ARRAY: 301 obj->init_array = 302 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 303 dbg(("headers: DT_INIT_ARRAY at %p", 304 obj->init_array)); 305 break; 306 307 case DT_INIT_ARRAYSZ: 308 obj->init_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 309 dbg(("headers: DT_INIT_ARRAYZ %zu", 310 obj->init_arraysz)); 311 break; 312 #endif 313 314 case DT_FINI: 315 #ifdef RTLD_LOADER 316 fini = dynp->d_un.d_ptr; 317 #endif 318 break; 319 320 #ifdef HAVE_INITFINI_ARRAY 321 case DT_FINI_ARRAY: 322 obj->fini_array = 323 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 324 dbg(("headers: DT_FINI_ARRAY at %p", 325 obj->fini_array)); 326 break; 327 328 case DT_FINI_ARRAYSZ: 329 obj->fini_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 330 dbg(("headers: DT_FINI_ARRAYZ %zu", 331 obj->fini_arraysz)); 332 break; 333 #endif 334 335 /* 336 * Don't process DT_DEBUG on MIPS as the dynamic 337 * section is mapped read-only. DT_MIPS_RLD_MAP or 338 * DT_MIPS_RLD_MAP_REL is used instead. 339 * 340 * XXX: n32/n64 may use DT_DEBUG, not sure yet. 341 */ 342 #ifndef __mips__ 343 case DT_DEBUG: 344 #ifdef RTLD_LOADER 345 dynp->d_un.d_ptr = (Elf_Addr)&_rtld_debug; 346 #endif 347 break; 348 #endif 349 350 #ifdef __alpha__ 351 case DT_ALPHA_PLTRO: 352 obj->secureplt = (dynp->d_un.d_val != 0); 353 break; 354 #endif 355 #ifdef __mips__ 356 case DT_MIPS_LOCAL_GOTNO: 357 obj->local_gotno = dynp->d_un.d_val; 358 break; 359 360 case DT_MIPS_SYMTABNO: 361 obj->symtabno = dynp->d_un.d_val; 362 break; 363 364 case DT_MIPS_GOTSYM: 365 obj->gotsym = dynp->d_un.d_val; 366 break; 367 368 /* 369 * The .dynamic section is read-only, so the loader 370 * can't write to it; instead, the linker reserves 371 * space in a read/write .rld_map section for the 372 * loader write to, and leaves a pointer to that space 373 * in a DT_MIPS_RLD_MAP entry. 374 * 375 * Except pointers like that don't work for 376 * position-independent executables, which use 377 * DT_MIPS_RLD_MAP_REL instead. 378 */ 379 case DT_MIPS_RLD_MAP: 380 #ifdef RTLD_LOADER 381 *((Elf_Addr *)dynp->d_un.d_ptr) = 382 (Elf_Addr)&_rtld_debug; 383 #endif 384 break; 385 386 /* 387 * The .dynamic section is read-only, so the loader 388 * can't write to it; instead, the linker reserves 389 * space in a read/write .rld_map section for the 390 * loader write to, which might be mapped anywhere in 391 * virtual address space for position-independent 392 * executables, so the linker leaves its offset 393 * relative to the .dynamic entry itself in the dynamic 394 * entry. 395 */ 396 case DT_MIPS_RLD_MAP_REL: 397 #ifdef RTLD_LOADER 398 *(Elf_Addr *)((Elf_Addr)dynp + dynp->d_un.d_val) = 399 (Elf_Addr)&_rtld_debug; 400 #endif 401 break; 402 #endif 403 #ifdef __powerpc__ 404 #ifdef _LP64 405 case DT_PPC64_GLINK: 406 obj->glink = (Elf_Addr)(uintptr_t)obj->relocbase + dynp->d_un.d_ptr; 407 break; 408 #else 409 case DT_PPC_GOT: 410 obj->gotptr = (Elf_Addr *)(obj->relocbase + dynp->d_un.d_ptr); 411 break; 412 #endif 413 #endif 414 case DT_FLAGS_1: 415 obj->z_now = 416 ((dynp->d_un.d_val & DF_1_NOW) != 0); 417 obj->z_nodelete = 418 ((dynp->d_un.d_val & DF_1_NODELETE) != 0); 419 obj->z_initfirst = 420 ((dynp->d_un.d_val & DF_1_INITFIRST) != 0); 421 obj->z_noopen = 422 ((dynp->d_un.d_val & DF_1_NOOPEN) != 0); 423 break; 424 } 425 } 426 427 obj->rellim = (const Elf_Rel *)((const uint8_t *)obj->rel + relsz); 428 obj->relalim = (const Elf_Rela *)((const uint8_t *)obj->rela + relasz); 429 if (use_pltrel) { 430 obj->pltrel = (const Elf_Rel *)(obj->relocbase + pltrel); 431 obj->pltrellim = (const Elf_Rel *)(obj->relocbase + pltrel + pltrelsz); 432 obj->pltrelalim = 0; 433 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 434 Trim rel(a)lim to save time later. */ 435 if (obj->rellim && obj->pltrel && 436 obj->rellim > obj->pltrel && 437 obj->rellim <= obj->pltrellim) 438 obj->rellim = obj->pltrel; 439 } else if (use_pltrela) { 440 obj->pltrela = (const Elf_Rela *)(obj->relocbase + pltrel); 441 obj->pltrellim = 0; 442 obj->pltrelalim = (const Elf_Rela *)(obj->relocbase + pltrel + pltrelsz); 443 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 444 Trim rel(a)lim to save time later. */ 445 if (obj->relalim && obj->pltrela && 446 obj->relalim > obj->pltrela && 447 obj->relalim <= obj->pltrelalim) 448 obj->relalim = obj->pltrela; 449 } 450 451 /* If the ELF Hash is present, "nchains" is the same in both hashes. */ 452 if (!obj->sysv_hash && obj->gnu_hash) { 453 uint_fast32_t i, nbucket, symndx; 454 455 /* Otherwise, count the entries from the GNU Hash chain. */ 456 nbucket = obj->nbuckets_gnu; 457 symndx = obj->symndx_gnu; 458 459 for (i = 0; i < nbucket; i++) { 460 Elf_Word bkt = obj->buckets_gnu[i]; 461 if (bkt == 0) 462 continue; 463 const uint32_t *hashval = &obj->chains_gnu[bkt]; 464 do { 465 symndx++; 466 } while ((*hashval++ & 1U) == 0); 467 } 468 obj->nchains_gnu = (uint32_t)symndx; 469 } 470 471 #ifdef RTLD_LOADER 472 #if defined(__HAVE_FUNCTION_DESCRIPTORS) 473 if (init != 0) 474 obj->init = (void (*)(void)) 475 _rtld_function_descriptor_alloc(obj, NULL, init); 476 if (fini != 0) 477 obj->fini = (void (*)(void)) 478 _rtld_function_descriptor_alloc(obj, NULL, fini); 479 #else 480 if (init != 0) 481 obj->init = (void (*)(void)) (obj->relocbase + init); 482 if (fini != 0) 483 obj->fini = (void (*)(void)) (obj->relocbase + fini); 484 #endif 485 #endif 486 487 if (dyn_rpath != NULL) { 488 _rtld_add_paths(execname, &obj->rpaths, obj->strtab + 489 dyn_rpath->d_un.d_val); 490 } 491 if (dyn_soname != NULL) { 492 _rtld_object_add_name(obj, obj->strtab + 493 dyn_soname->d_un.d_val); 494 } 495 } 496 497 #ifdef RTLD_LOADER 498 /* 499 * Process a shared object's program header. This is used only for the 500 * main program, when the kernel has already loaded the main program 501 * into memory before calling the dynamic linker. It creates and 502 * returns an Obj_Entry structure. 503 */ 504 Obj_Entry * 505 _rtld_digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 506 { 507 Obj_Entry *obj; 508 const Elf_Phdr *phlimit = phdr + phnum; 509 const Elf_Phdr *ph; 510 bool first_seg = true; 511 Elf_Addr vaddr; 512 size_t size; 513 514 obj = _rtld_obj_new(); 515 516 for (ph = phdr; ph < phlimit; ++ph) { 517 if (ph->p_type != PT_PHDR) 518 continue; 519 520 obj->relocbase = (caddr_t)((uintptr_t)phdr - (uintptr_t)ph->p_vaddr); 521 obj->phdr = phdr; /* Equivalent to relocbase + p_vaddr. */ 522 obj->phsize = ph->p_memsz; 523 dbg(("headers: phdr %p (%p) phsize %zu relocbase %p", 524 obj->phdr, phdr, obj->phsize, obj->relocbase)); 525 break; 526 } 527 528 for (ph = phdr; ph < phlimit; ++ph) { 529 vaddr = (Elf_Addr)(uintptr_t)(obj->relocbase + ph->p_vaddr); 530 switch (ph->p_type) { 531 532 case PT_INTERP: 533 obj->interp = (const char *)(uintptr_t)vaddr; 534 dbg(("headers: %s %p phsize %" PRImemsz, 535 "PT_INTERP", (void *)(uintptr_t)vaddr, 536 ph->p_memsz)); 537 break; 538 539 case PT_LOAD: 540 size = round_up(vaddr + ph->p_memsz) - obj->vaddrbase; 541 if (first_seg) { /* First load segment */ 542 obj->vaddrbase = round_down(vaddr); 543 obj->mapbase = (caddr_t)(uintptr_t)obj->vaddrbase; 544 obj->textsize = size; 545 obj->mapsize = size; 546 first_seg = false; 547 } else { /* Last load segment */ 548 obj->mapsize = MAX(obj->mapsize, size); 549 } 550 dbg(("headers: %s %p phsize %" PRImemsz, 551 "PT_LOAD", (void *)(uintptr_t)vaddr, 552 ph->p_memsz)); 553 break; 554 555 case PT_DYNAMIC: 556 obj->dynamic = (Elf_Dyn *)(uintptr_t)vaddr; 557 dbg(("headers: %s %p phsize %" PRImemsz, 558 "PT_DYNAMIC", (void *)(uintptr_t)vaddr, 559 ph->p_memsz)); 560 break; 561 562 #ifdef GNU_RELRO 563 case PT_GNU_RELRO: 564 /* rounding happens later. */ 565 obj->relro_page = obj->relocbase + ph->p_vaddr; 566 obj->relro_size = ph->p_memsz; 567 dbg(("headers: %s %p phsize %" PRImemsz, 568 "PT_GNU_RELRO", (void *)(uintptr_t)vaddr, 569 ph->p_memsz)); 570 break; 571 #endif 572 573 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 574 case PT_TLS: 575 obj->tlsindex = 1; 576 obj->tlssize = ph->p_memsz; 577 obj->tlsalign = ph->p_align; 578 obj->tlsinitsize = ph->p_filesz; 579 obj->tlsinit = (void *)(obj->relocbase + 580 (uintptr_t)ph->p_vaddr); 581 dbg(("headers: %s %p phsize %" PRImemsz, 582 "PT_TLS", (void *)(uintptr_t)vaddr, 583 ph->p_memsz)); 584 break; 585 #endif 586 #ifdef __ARM_EABI__ 587 case PT_ARM_EXIDX: 588 obj->exidx_start = (void *)(uintptr_t)vaddr; 589 obj->exidx_sz = ph->p_memsz; 590 dbg(("headers: %s %p phsize %" PRImemsz, 591 "PT_ARM_EXIDX", (void *)(uintptr_t)vaddr, 592 ph->p_memsz)); 593 break; 594 #endif 595 } 596 } 597 598 obj->entry = entry; 599 return obj; 600 } 601 #endif 602
Indexes created Wed Oct 15 16:09:53 GMT 2025