elf.c revision 75e7992ad4e186443b61dab39f79c9d79802f295
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1988 AT&T 2N/A * All Rights Reserved 2N/A * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A#
pragma ident "%Z%%M% %I% %E% SMI" 2N/A * Object file dependent support for ELF objects. 2N/A * Default and secure dependency search paths. 2N/A * Defines for local functions. 2N/A * Functions and data accessed through indirect pointers. 2N/A * Redefine NEEDED name if necessary. 2N/A * For ABI compliance, if we are asked for ld.so.1, then really give 2N/A * Determine if we have been given an ELF file and if so determine if the file 2N/A * is compatible. Returns 1 if true, else 0 and sets the reject descriptor 2N/A * with associated error information. 2N/A * Determine if we're an elf file. If not simply return, we don't set 2N/A * any rejection information as this test allows use to scroll through 2N/A * the objects we support (ELF, AOUT). 2N/A * Check class and encoding. 2N/A * Verify machine specific flags, and hardware capability requirements. 2N/A * Verify ELF version. ??? is this too restrictive ??? 2N/A * The runtime linker employs lazy loading to provide the libraries needed for 2N/A * debugging, preloading .o's and dldump(). As these are seldom used, the 2N/A * standard startup of ld.so.1 doesn't initialize all the information necessary 2N/A * to perform plt relocation on ld.so.1's link-map. The first time lazy loading 2N/A * is called we get here to perform these initializations: 2N/A * o elf_needed() is called to set up the DYNINFO() indexes for each lazy 2N/A * dependency. Typically, for all other objects, this is called during 2N/A * analyze_so(), but as ld.so.1 is set-contained we skip this processing. 2N/A * o For intel, ld.so.1's JMPSLOT relocations need relative updates. These 2N/A * are by default skipped thus delaying all relative relocation processing 2N/A * As we need to refer to the DYNINFO() information, insure that it has 2N/A * This is a kludge to give ld.so.1 a performance benefit on i386. 2N/A * It's based around two factors. 2N/A * o JMPSLOT relocations (PLT's) actually need a relative relocation 2N/A * applied to the GOT entry so that they can find PLT0. 2N/A * o ld.so.1 does not exercise *any* PLT's before it has made a call 2N/A * to elf_lazy_load(). This is because all dynamic dependencies 2N/A * are recorded as lazy dependencies. 2N/A * Lazy load an object. 2N/A * If this dependency has already been processed, we're done. 2N/A * If we're running under ldd(1), indicate that this dependency has been 2N/A * processed (see test above). It doesn't matter whether the object is 2N/A * successfully loaded or not, this flag simply ensures that we don't 2N/A * repeatedly attempt to load an object that has already failed to load. 2N/A * To do so would create multiple failure diagnostics for the same 2N/A * object under ldd(1). 2N/A * Determine the initial dependency name. 2N/A * If this object needs to establish its own group, make sure a handle 2N/A * Lazy dependencies are identified as DT_NEEDED entries with a 2N/A * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element. The 2N/A * dynamic information element that corresponds to the DT_POSFLAG_1 2N/A * entry is free, and thus used to store the present entrance 2N/A * identifier. This identifier is used to prevent multiple attempts to 2N/A * load a failed lazy loadable dependency within the same runtime linker 2N/A * operation. However, future attempts to reload this dependency are 2N/A * Expand the requested name if necessary. 2N/A * Provided the object on the head of the link-map has completed its 2N/A * relocation, create a new link-map control list for this request. 2N/A * Load the associated object. 2N/A * Remove any expanded pathname infrastructure. Reduce the pending lazy 2N/A * dependency count of the caller, together with the link-map lists 2N/A * count of objects that still have lazy dependencies pending. 2N/A * Finish processing the objects associated with this request, and 2N/A * create an association between the caller and this dependency. 2N/A * If this lazyload has failed, and we've created a new link-map 2N/A * control list to which this request has added objects, then remove 2N/A * all the objects that have been associated to this request. 2N/A * Finally, remove any link-map control list that was created. 2N/A * If this lazy loading failed, record the fact, and bump the lazy 2N/A * Return the entry point of the ELF executable. 2N/A * Unmap a given ELF shared object from the address space. 2N/A * If this link map represents a relocatable object concatenation, then 2N/A * the image was simply generated in allocated memory. Free the memory. 2N/A * Note: the memory was originally allocated in the libelf:_elf_outmap 2N/A * routine and would normally have been free'd in elf_outsync(), but 2N/A * because we 'interpose' on that routine the memory wasn't free'd at 2N/A * If padding was enabled via rtld_db, then we have at least one page 2N/A * in front of the image - and possibly a trailing page. 2N/A * Unmap the front page first: 2N/A * Unmap any trailing padding. 2N/A * Unmmap all mapped segments. 2N/A * Determine if a dependency requires a particular version and if so verify 2N/A * that the version exists in the dependency. 2N/A * Traverse the callers version needed information and determine if any 2N/A * specific versions are required from the dependency. 2N/A * Determine if a needed entry matches this dependency. 2N/A * Validate that each version required actually exists in the 2N/A * If we're being traced print out any matched version 2N/A * when the verbose (-v) option is in effect. Always 2N/A * print any unmatched versions. 2N/A * If the version hasn't been found then this is a 2N/A * candidate for a fatal error condition. Weak 2N/A * version definition requirements are silently 2N/A * ignored. Also, if the image inspected for a version 2N/A * definition has no versioning recorded at all then 2N/A * silently ignore this (this provides better backward 2N/A * compatibility to old images created prior to 2N/A * versioning being available). Both of these skipped 2N/A * diagnostics are available under tracing (see above). 2N/A * Search through the dynamic section for DT_NEEDED entries and perform one 2N/A * of two functions. If only the first argument is specified then load the 2N/A * defined shared object, otherwise add the link map representing the defined 2N/A * link map the the dlopen list. 2N/A * Process each shared object on needed list. 2N/A * NOTE, libc.so.1 can't be lazy loaded. Although a 2N/A * lazy position flag won't be produced when a RTLDINFO 2N/A * .dynamic entry is found (introduced with the UPM in 2N/A * Solaris 10), it was possible to mark libc for lazy 2N/A * loading on previous releases. To reduce the overhead 2N/A * of testing for this occurrence, only carry out this 2N/A * check for the first object on the link-map list 2N/A * (there aren't many applications built without libc). 2N/A * Don't bring in lazy loaded objects yet unless we've 2N/A * been asked to attempt to load all available objects 2N/A * (crle(1) sets LD_FLAGS=loadavail). Even under 2N/A * RTLD_NOW we don't process this - RTLD_NOW will cause 2N/A * relocation processing which in turn might trigger 2N/A * lazy loading, but its possible that the object has a 2N/A * lazy loaded file with no bindings (i.e., it should 2N/A * never have been a dependency in the first place). 2N/A * Silence any error messages - see description 2N/A * under elf_lookup_filtee(). 2N/A * If we're running under ldd(1), indicate that this dependency 2N/A * has been processed. It doesn't matter whether the object is 2N/A * successfully loaded or not, this flag simply ensures that we 2N/A * don't repeatedly attempt to load an object that has already 2N/A * failed to load. To do so would create multiple failure 2N/A * diagnostics for the same object under ldd(1). 2N/A * Establish the objects name, load it and establish a binding 2N/A * Clean up any infrastructure, including the removal of the 2N/A * error suppression state, if it had been previously set in 2N/A * If the object could not be mapped, continue if error 2N/A * suppression is established or we're here with ldd(1). 2N/A * If memory reservations have been established for alternative objects 2N/A * determine if this object falls within the reservation, if it does no 2N/A * further checking is required. 2N/A * Determine the mappings presently in use by this process. 2N/A * Determine if the supplied address clashes with any of the present 2N/A * We have a memory clash. See if one of the known dynamic 2N/A * dependency mappings represents this space so as to provide 2N/A * the user a more meaningful message. 2N/A * Obtain a memory reservation. On newer systems, both MAP_ANON and MAP_ALIGN 2N/A * are used to obtained an aligned reservation from anonymous memory. If 2N/A * MAP_ANON isn't available, then MAP_ALIGN isn't either, so obtain a standard 2N/A * reservation using the file as backing. 2N/A * If an anonymous memory request failed (which should only be the 2N/A * case if it is unsupported on the system we're running on), establish 2N/A * the initial mapping directly from the file. 2N/A * If MAP_TEXT and MAP_INITDATA are available, select the appropriate 2N/A * MAP_TEXT and MAP_INITDATA may not be supported on this 2N/A * platform, try again without. 2N/A const char *
name,
/* actual name stored for pathname */ 2N/A int fixed,
/* image is resolved to a fixed addr */ 2N/A int fd,
/* images file descriptor */ 2N/A * If padding is required extend both the front and rear of the image. 2N/A * To insure the image itself is mapped at the correct alignment the 2N/A * initial padding is rounded up to the nearest page. Once the image is 2N/A * mapped the excess can be pruned to the nearest page required for the 2N/A * actual padding itself. 2N/A * Determine the initial permissions used to map in the first segment. 2N/A * If this segments memsz is greater that its filesz then the difference 2N/A * must be zeroed. Make sure this segment is writable. 2N/A * Determine whether or not to let system reserve address space based on 2N/A * whether this is a dynamic executable (addresses in object are fixed) 2N/A * or a shared object (addresses in object are relative to the objects' 2N/A * Determine the reservation address and size, and insure that 2N/A * this reservation isn't already in use. 2N/A * As this is a fixed image, all segments must be individually 2N/A * If this isn't a fixed image, reserve enough address space for 2N/A * the entire image to be mapped. The amount of reservation is 2N/A * the range between the beginning of the first, and end of the 2N/A * last loadable segment, together with any padding, plus the 2N/A * alignment of the first segment. 2N/A * The optimal reservation is made as a no-reserve mapping from 2N/A * anonymous memory. Each segment is then mapped into this 2N/A * reservation. If the anonymous mapping capability isn't 2N/A * available, the reservation is obtained from the file itself. 2N/A * In this case the first segment of the image is mapped as part 2N/A * of the reservation, thus only the following segments need to 2N/A * If this reservation has been obtained from anonymous memory, 2N/A * then all segments must be individually mapped. Otherwise, 2N/A * the first segment heads the reservation. 2N/A * For backward compatibility (where MAP_ALIGN isn't available), 2N/A * insure the alignment of the reservation is adequate for this 2N/A * object, and if not remap the object to obtain the correct 2N/A * As ths image has been realigned, the first segment 2N/A * of the file needs to be remapped to its correct 2N/A * If this reservation included padding, remove any excess for 2N/A * the start of the image (the padding was adjusted to insure 2N/A * the image was aligned appropriately). 2N/A * At this point we know the initial location of the image, and its 2N/A * size. Pass these back to the caller for inclusion in the link-map 2N/A * that will eventually be created. 2N/A * The first loadable segment is now pointed to by maddr. This segment 2N/A * will eventually contain the elf header and program headers, so reset 2N/A * the program header. Pass this back to the caller for inclusion in 2N/A * the link-map so it can be used for later unmapping operations. 2N/A * If padding is required at the front of the image, obtain that now. 2N/A * Note, if we've already obtained a reservation from anonymous memory 2N/A * then this reservation will already include suitable padding. 2N/A * Otherwise this reservation is backed by the file, or in the case of 2N/A * a fixed image, doesn't yet exist. Map the padding so that it is 2N/A * suitably protected (PROT_NONE), and insure the first segment of the 2N/A * file is mapped to its correct location. 2N/A * Map individual segments. For a fixed image, these will each be 2N/A * unique mappings. For a reservation these will fill in the 2N/A * Skip non-loadable segments or segments that don't occupy 2N/A * Establish this segments address relative to our base. 2N/A * Determine the mapping protection from the segment attributes. 2N/A * Also determine the etext address from the last loadable 2N/A * segment which has permissions but no write access. 2N/A * Determine the type of mapping required. 2N/A * Potentially, we can defer the loading of any SUNWBSS 2N/A * segment, depending on whether the symbols it provides 2N/A * have been bound to. In this manner, large segments 2N/A * that are interposed upon between shared libraries 2N/A * may not require mapping. Note, that the mapping 2N/A * information is recorded in our mapping descriptor at 2N/A * If this segment has no backing file and no flags 2N/A * specified, then it defines a reservation. At this 2N/A * point all standard loadable segments will have been 2N/A * processed. The segment reservation is mapped 2N/A * If this segment has no backing file then it defines a 2N/A * nobits segment and is mapped directly from /dev/zero. 2N/A * This mapping originates from the file. Determine the 2N/A * file offset to which the mapping will be directed 2N/A * (must be aligned) and how much to map (might be more 2N/A * than the file in the case of .bss). 2N/A * If this is a non-fixed, non-anonymous mapping, and no 2N/A * padding is involved, then the first loadable segment 2N/A * is already part of the initial reservation. In this 2N/A * case there is no need to remap this segment. 2N/A * If this segments memsz is greater that its 2N/A * filesz then the difference must be zeroed. 2N/A * Make sure this segment is writable. 2N/A * If the memory occupancy of the segment overflows the 2N/A * definition in the file, we need to "zero out" the end 2N/A * of the mapping we've established, and if necessary, 2N/A * map some more space from /dev/zero. Note, zero'ed 2N/A * memory must end on a double word boundary to satisfy 2N/A * Determine whether the number of bytes that 2N/A * must be zero'ed overflow to the next page. 2N/A * If not, simply clear the exact bytes 2N/A * (filesz to memsz) from this page. Otherwise, 2N/A * clear the remaining bytes of this page, and 2N/A * Unmap anything from the last mapping address to this one and 2N/A * update the mapping claim pointer. 2N/A * Retain this segments mapping information. 2N/A * If padding is required at the end of the image, obtain that now. 2N/A * Note, if we've already obtained a reservation from anonymous memory 2N/A * then this reservation will already include suitable padding. 2N/A * maddr is currently page aligned from the last segment 2N/A * Unmap any final reservation. 2N/A * A null symbol interpretor. Used if a filter has no associated filtees. 2N/A * Disable filtee use. 2N/A * If this is an object filter, free the filtee's duplication. 2N/A * Indicate that this filtee is no longer available. 2N/A * Indicate that this standard filtee is no longer available. 2N/A * Indicate that this auxiliary filtee is no longer available. 2N/A * Find symbol interpreter - filters. 2N/A * This function is called when the symbols from a shared object should 2N/A * be resolved from the shared objects filtees instead of from within itself. 2N/A * A symbol name of 0 is used to trigger filtee loading. 2N/A * Indicate that the filter has been used. If a binding already exists 2N/A * to the caller, indicate that this object is referenced. This insures 2N/A * we don't generate false unreferenced diagnostics from ldd -u/U or 2N/A * debugging. Don't create a binding regardless, as this filter may 2N/A * have been dlopen()'ed. 2N/A * If this is the first call to process this filter, establish the 2N/A * filtee list. If a configuration file exists, determine if any 2N/A * filtee associations for this filter, and its filtee reference, are 2N/A * defined. Otherwise, process the filtee reference. Any token 2N/A * expansion is also completed at this point (i.e., $PLATFORM). 2N/A * Traverse the filtee list, dlopen()'ing any objects specified and 2N/A * using their group handle to lookup the symbol. 2N/A * Establish the mode of the filtee from the filter. As filtees 2N/A * are loaded via a dlopen(), make sure that RTLD_GROUP is set 2N/A * and the filtees aren't global. It would be nice to have 2N/A * RTLD_FIRST used here also, but as filters got out long before 2N/A * RTLD_FIRST was introduced it's a little too late now. 2N/A * Insure that any auxiliary filter can locate symbols from its 2N/A * Process any hardware capability directory. Establish a new 2N/A * link-map control list from which to analyze any newly added 2N/A * Now that any hardware capability objects have been 2N/A * processed, remove any link-map control list. 2N/A * Process an individual filtee. 2N/A * Determine if the reference link map is already 2N/A * loaded. As an optimization compare the filtee with 2N/A * our interpretor. The most common filter is 2N/A * Create an association between ld.so.1 and the 2N/A * filter. As an optimization, a handle for 2N/A * ld.so.1 itself (required for the dlopen() 2N/A * family filtering mechanism) shouldn't search 2N/A * any dependencies of ld.so.1. Omitting 2N/A * GPD_ADDEPS prevents the addition of any 2N/A * ld.so.1 dependencies to this handle. 2N/A * Establish the filter handle to prevent any 2N/A * any return from the auditor, as we can't 2N/A * allow ignore filtering to ld.so.1, otherwise 2N/A * nothing is going to work. 2N/A * Establish a new link-map control list from 2N/A * which to analyze any newly added objects. 2N/A * Load the filtee. Note, an auditor can 2N/A * provide an alternative name. 2N/A * Establish the filter handle to prevent any 2N/A * return of 0 indicates the auditor wishes to 2N/A * ignore this filtee. 2N/A * Finish processing the objects associated with 2N/A * this request. Create an association between 2N/A * this object and the originating filter to 2N/A * provide sufficient information to tear down 2N/A * this filtee if necessary. 2N/A * If the filtee has been successfully 2N/A * processed, then create an association 2N/A * between the filter and filtee. This 2N/A * association provides sufficient information 2N/A * to tear down the filter and filtee if 2N/A * If this filtee loading has failed, and we've 2N/A * created a new link-map control list to which 2N/A * this request has added objects, then remove 2N/A * all the objects that have been associated to 2N/A * Remove any link-map control list that was 2N/A * Generate a diagnostic if the filtee couldn't be 2N/A * loaded, null out the pnode entry, and continue 2N/A * the search. Otherwise, retain this group handle 2N/A * for future symbol searches. 2N/A * If we're just here to trigger filtee loading skip the symbol 2N/A * lookup so we'll continue looking for additional filtees. 2N/A * Look for the symbol in the handles dependencies. 2N/A * If our parent is a dependency don't look at 2N/A * it (otherwise we are in a recursive loop). 2N/A * This situation can occur with auxiliary 2N/A * filters if the filtee has a dependency on the 2N/A * filter. This dependency isn't necessary as 2N/A * auxiliary filters are opened RTLD_PARENT, but 2N/A * users may still unknowingly add an explicit 2N/A * dependency to the parent. 2N/A * If a symbol has been found, indicate the binding 2N/A * and return the symbol. 2N/A * If this object is tagged to terminate filtee processing we're 2N/A * If we're just here to trigger filtee loading then we're done. 2N/A * If no filtees have been found for a filter, clean up any Pnode 2N/A * structures and disable their search completely. For auxiliary 2N/A * filters we can reselect the symbol search function so that we never 2N/A * enter this routine again for this object. For standard filters we 2N/A * use the null symbol routine. 2N/A * Focal point for disabling error messages for auxiliary filters. As an 2N/A * auxiliary filter allows for filtee use, but provides a fallback should a 2N/A * filtee not exist (or fail to load), any errors generated as a consequence of 2N/A * trying to load the filtees are typically suppressed. Setting RT_FL_SILENCERR 2N/A * suppresses errors generated by eprint(), but insures a debug diagnostic is 2N/A * produced. ldd(1) employs printf(), and here, the selection of whether to 2N/A * print a diagnostic in regards to auxiliary filters is a little more complex. 2N/A * . The determination of whether to produce an ldd message, or a fatal 2N/A * error message is driven by LML_FLG_TRC_ENABLE. 2N/A * . More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN, 2N/A * (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s), 2N/A * . If the calling object is lddstub, then several classes of message are 2N/A * suppressed. The user isn't trying to diagnose lddstub, this is simply 2N/A * a stub executable employed to preload a user specified library against. 2N/A * . If RT_FL_SILENCERR is in effect then any generic ldd() messages should 2N/A * be suppressed. All detailed ldd messages should still be produced. 2N/A * Make sure this entry is still acting as a filter. We may have tried 2N/A * to process this previously, and disabled it if the filtee couldn't 2N/A * be processed. However, other entries may provide different filtees 2N/A * that are yet to be completed. 2N/A * Indicate whether an error message is required should this filtee not 2N/A * be found, based on the type of filter. 2N/A * Compute the elf hash value (as defined in the ELF access library). 2N/A * The form of the hash table is: 2N/A if ((g = (
hval &
0xf0000000)) != 0)
2N/A * If flag argument has LKUP_SPEC set, we treat undefined symbols of type 2N/A * function specially in the executable - if they have a value, even though 2N/A * undefined, we use that value. This allows us to associate all references 2N/A * to a function's address to a single place in the process: the plt entry 2N/A * for that function in the executable. Calls to lookup from plt binding 2N/A * routines do NOT set LKUP_SPEC in the flag. 2N/A * If we're only here to establish a symbols index, skip the diagnostic 2N/A * used to trace a symbol search. 2N/A * Get the first symbol on hash chain and initialize the string 2N/A * and symbol table pointers. 2N/A * Compare the symbol found with the name required. If the 2N/A * names don't match continue with the next hash entry. 2N/A * The Solaris ld does not put DT_VERSYM in the dynamic 2N/A * section, but the GNU ld does. The GNU runtime linker 2N/A * interprets the top bit of the 16-bit Versym value 2N/A * (0x8000) as the "hidden" bit. If this bit is set, 2N/A * the linker is supposed to act as if that symbol does 2N/A * not exist. The hidden bit supports their versioning 2N/A * scheme, which allows multiple incompatible functions 2N/A * with the same name to exist at different versions 2N/A * within an object. The Solaris linker does not support this 2N/A * mechanism, or the model of interface evolution that 2N/A * it allows, but we honor the hidden bit in GNU ld 2N/A * produced objects in order to interoperate with them. 2N/A * If we're only here to establish a symbols index, we're done. 2N/A * If we find a match and the symbol is defined, return the 2N/A * symbol pointer and the link map in which it was found. 2N/A * If we find a match and the symbol is undefined, the 2N/A * symbol type is a function, and the value of the symbol 2N/A * is non zero, then this is a special case. This allows 2N/A * the resolution of a function address to the plt[] entry. 2N/A * See SPARC ABI, Dynamic Linking, Function Addresses for 2N/A * We've found a match. Determine if the defining object contains 2N/A * symbol binding information. 2N/A * If this definition is a singleton, and we haven't followed a default 2N/A * symbol search knowing that we're looking for a singleton (presumably 2N/A * because the symbol definition has been changed since the referring 2N/A * object was built), then reject this binding so that the caller can 2N/A * fall back to a standard symbol search. 2N/A * If this is a direct binding request, but the symbol definition has 2N/A * disabled directly binding to it (presumably because the symbol 2N/A * definition has been changed since the referring object was built), 2N/A * indicate this failure so that the caller can fall back to a standard 2N/A * Determine whether this object is acting as a filter. 2N/A * Determine if this object offers per-symbol filtering, and if so, 2N/A * whether this symbol references a filtee. 2N/A * If this is a standard filter reference, and no standard 2N/A * filtees remain to be inspected, we're done. If this is an 2N/A * auxiliary filter reference, and no auxiliary filtees remain, 2N/A * we'll fall through in case any object filtering is available. 2N/A * This symbol has an associated filtee. Lookup the 2N/A * symbol in the filtee, and if it is found return it. 2N/A * If the symbol doesn't exist, and this is a standard 2N/A * filter, return an error, otherwise fall through to 2N/A * catch any object filtering that may be available. 2N/A * Determine if this object provides global filtering. 2N/A * This object has an associated filtee. Lookup the 2N/A * symbol in the filtee, and if it is found return it. 2N/A * If the symbol doesn't exist, and this is a standard 2N/A * filter, return and error, otherwise return the symbol 2N/A * within the filter itself. 2N/A * Create a new Rt_map structure for an ELF object and initialize 2N/A * Allocate space for the link-map and private elf information. Once 2N/A * these are allocated and initialized, we can use remove_so(0, lmp) to 2N/A * tear down the link-map should any failures occur. 2N/A * All fields not filled in were set to 0 by calloc. 2N/A * If this is a shared object, add the base address to each address. 2N/A * if this is an executable, use address as is. 2N/A * Fill in rest of the link map entries with information from the file's 2N/A * dynamic structure. 2N/A * At this time, ld.so. can only handle one 2N/A * type of relocation per object. 2N/A * DT_DEBUG entries are only created in 2N/A * dynamic objects that require an interpretor 2N/A * (ie. all dynamic executables and some shared 2N/A * objects), and provide for a hand-shake with 2N/A * debuggers. This entry is initialized to 2N/A * zero by the link-editor. If a debugger has 2N/A * us and updated this entry set the debugger 2N/A * flag, and finish initializing the debugging 2N/A * structure (see setup() also). Switch off any 2N/A * configuration object use as most debuggers 2N/A * can't handle fixed dynamic executables as 2N/A * dependencies, and we can't handle requests 2N/A * like object padding for alternative objects. 2N/A * The Solaris ld does not produce DT_VERSYM, 2N/A * but the GNU ld does, in order to support 2N/A * their style of versioning, which differs 2N/A * from ours in some ways, while using the 2N/A * same data structures. The presence of 2N/A * DT_VERSYM therefore means that GNU 2N/A * versioning rules apply to the given file. 2N/A * If DT_VERSYM is not present, then Solaris 2N/A * versioning rules apply. 2N/A * Capture any static TLS use, and enforce that 2N/A * this object be non-deletable. 2N/A * Global auditing is only meaningful when 2N/A * specified by the initiating object of the 2N/A * process - typically the dynamic executable. 2N/A * If this is the initiaiting object, its link- 2N/A * map will not yet have been added to the 2N/A * link-map list, and consequently the link-map 2N/A * list is empty. (see setup()). 2N/A * If this object identifies itself as an 2N/A * interposer, but relocation processing has 2N/A * already started, then demote it. It's too 2N/A * late to guarantee complete interposition. 2N/A * Maintain a list of RTLDINFO structures. 2N/A * Typically, libc is the only supplier, and 2N/A * only one structure is provided. However, 2N/A * multiple suppliers and multiple structures 2N/A * are supported. For example, one structure 2N/A * may provide thread_init, and another 2N/A * structure may provide atexit reservations. 2N/A * Allocate a Dynamic Info structure. 2N/A * A dynsym contains only global functions. We want to have 2N/A * a version of it that also includes local functions, so that 2N/A * dladdr() will be able to report names for local functions 2N/A * when used to generate a stack trace for a stripped file. 2N/A * This version of the dynsym is provided via DT_SUNW_SYMTAB. 2N/A * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick 2N/A * in order to avoid having to have two copies of the global 2N/A * symbols held in DT_SYMTAB: The local symbols are placed in 2N/A * a separate section than the globals in the dynsym, but the 2N/A * linker conspires to put the data for these two sections adjacent 2N/A * to each other. DT_SUNW_SYMTAB points at the top of the local 2N/A * symbols, and DT_SUNW_SYMSZ is the combined length of both tables. 2N/A * If the two sections are not adjacent, then something went wrong 2N/A * at link time. We use ASSERT to kill the process if this is 2N/A * a debug build. In a production build, we will silently ignore 2N/A * the presence of the .ldynsym and proceed. We can detect this 2N/A * situation by checking to see that DT_SYMTAB lies in 2N/A * If configuration file use hasn't been disabled, and a configuration 2N/A * file hasn't already been set via an environment variable, see if any 2N/A * application specific configuration file is specified. An LD_CONFIG 2N/A * setting is used first, but if this image was generated via crle(1) 2N/A * then a default configuration file is a fall-back. 2N/A * If this object is a global filter, duplicate the filtee 2N/A * string name(s) so that REFNAME() is available in core files. 2N/A * This cludge was useful for debuggers at one point, but only 2N/A * when the filtee name was an individual full path. 2N/A * For Intel ABI compatibility. It's possible that a JMPREL can be 2N/A * specified without any other relocations (e.g. a dynamic executable 2N/A * normally only contains .plt relocations). If this is the case then 2N/A * no REL, RELSZ or RELENT will have been created. For us to be able 2N/A * to traverse the .plt relocations under LD_BIND_NOW we need to know 2N/A * the RELENT for these relocations. Refer to elf_reloc() for more 2N/A * Establish any per-object auditing. If we're establishing `main's 2N/A * link-map its too early to go searching for audit objects so just 2N/A * hold the object name for later (see setup()). 2N/A * Add the mapped object to the end of the link map list. 2N/A * Map in an ELF object. 2N/A * Takes an open file descriptor for the object to map and its pathname; returns 2N/A * a pointer to a Rt_map structure for this object, or 0 on error. 2N/A int i;
/* general temporary */ 2N/A Cap *
cap = 0;
/* program header for SUNWCAP */ 2N/A Dyn *
mld = 0;
/* DYNAMIC structure for pathname */ 2N/A * If this a relocatable object then special processing is required. 2N/A * If this isn't a dynamic executable or shared object we can't process 2N/A * it. If this is a dynamic executable then all addresses are fixed. 2N/A * If our original mapped page was not large enough to hold all the 2N/A * program headers remap them. 2N/A * Point at program headers and perform some basic validation. 2N/A /* LINTED argument lph is initialized in first pass */ 2N/A * Make sure the maximum page alignment is a power of 2 >= the default 2N/A * segment alignment, for use with MAP_ALIGN. 2N/A * We'd better have at least one loadable segment, together with some 2N/A * specified file and memory size. * Check that the files size accounts for the loadable sections * we're going to map in (failure to do this may cause spurious * bus errors if we're given a truncated file). * Memsize must be page rounded so that if we add object padding * at the end it will start at the beginning of a page. * Determine if an existing mapping is acceptable. * If this is the interpreter then it has already been mapped * and we have the address so don't map it again. Note that * the common occurrence of a reference to the interpretor * (libdl -> ld.so.1) will have been caught during filter * initialization (see elf_lookup_filtee()). However, some * ELF implementations are known to record libc.so.1 as the * interpretor, and thus this test catches this behavior. * If the file contains a single segment, and the mapping * required has already been established from the initial fmap * mapping, then we don't need to do anything more. Reset the * fmap address so that any later files start a new fmap. This * is really an optimization for filters, such as libdl.so, * libthread, etc. that are constructed to be a single text * Free any unused mapping by assigning the fmap buffer to the * unused region. fmap_setup() will unmap this area and * establish defaults for future mappings. * Allocate a mapping array to retain mapped segment information. * If we're reusing an existing mapping determine the objects etext * address. Otherwise map the file (which will calculate the etext * address as part of the mapping process). * Calculate absolute base addresses and entry points. * Create new link map structure for newly mapped shared object. * Start the system loading in the ELF information we'll be processing. * If this shared object contains any special segments, record them. * Function to correct protection settings. Segments are all mapped initially * with permissions as given in the segment header. We need to turn on write * permissions on a text segment if there are any relocations against that * segment, and them turn write permission back off again before returning * control to the user. This function turns the permission on or off depending * on the value of the argument. * If this is an allocated image (ie. a relocatable object) we can't * Build full pathname of shared object from given directory name and filename. * The copy relocation is recorded in a copy structure which will be applied * after all other relocations are carried out. This provides for copying data * that must be relocated itself (ie. pointers in shared objects). This * structure also provides a means of binding RTLD_GROUP dependencies to any * copy relocations that have been taken from any group members. * If the size of the .bss area available for the copy information is not the * same as the source of the data inform the user if we're under ldd(1) control * (this checking was only established in 5.3, so by only issuing an error via * ldd(1) we maintain the standard set by previous releases). * If we are tracing (ldd), warn the user if * 1) the size from the reference symbol differs from the * copy definition. We can only copy as much data as the * reference (dynamic executables) entry allows. * 2) the copy definition has STV_PROTECTED visibility. * Determine the symbol location of an address within a link-map. Look for * the nearest symbol (whose value is less than or equal to the required * address). This is the object specific part of dladdr(). * If SUNWSYMTAB() is non-NULL, then it sees a special version of * the dynsym that starts with any local function symbols that exist in * the library and then moves to the data held in SYMTAB(). In this * case, SUNWSYMSZ tells us how long the symbol table is. The * availability of local function symbols will enhance the results * If SUNWSYMTAB() is non-NULL, then there might also be a * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains * an array of indices into SUNWSYMTAB, sorted by increasing * address. We can use this to do an O(log N) search instead of a * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that * contains only global symbols. In that case, the length of * the symbol table comes from the nchain field of the related * symbol lookup hash table. * If we don't have a .hash table there are no symbols * Note that SUNWSYMSORT only contains symbols types that * supply memory addresses, so there's no need to check and * filter out any other types. * If the above didn't find it exactly, then we must * return the closest symbol with a value that doesn't * exceed the one we are looking for. If that symbol exists, * it will lie in the range bounded by low_bnd and * high_bnd. This is a linear search, but a short one. }
else {
/* Linear search */ * Skip expected symbol types that are not functions * - A symbol table starts with an undefined symbol * in slot 0. If we are using SUNWSYMTAB(), * there will be a second undefined symbol * right before the globals. * - The local part of SUNWSYMTAB() contains a * series of function symbols. Each section * starts with an initial STT_FILE symbol. * Note, because we accept local and global symbols * we could find a section symbol that matches the * associated address, which means that the symbol * name will be null. In this case continue the * search in case we can find a global symbol of * addr lies between the beginning of the mapped segment and * the first global symbol. We have no symbol to return * and the caller requires one. We use _START_, the base * address of the mapping. * An actual symbol struct is needed, so we * construct one for _START_. To do this in a * fully accurate way requires a different symbol * for each mapped segment. This requires the * use of dynamic memory and a mutex. That's too much * plumbing for a fringe case of limited importance. * Fortunately, we can simplify: * - Only the st_size and st_info fields are useful * outside of the linker internals. The others * reference things that outside code cannot see, * - It's just a label and there is no size * to report. So, the size should be 0. * This means that only st_info needs a non-zero * (constant) value. A static struct will suffice. * It must be const (readonly) so the caller can't * change its meaning for subsequent callers. * Cleanup any link-maps added to this dynamic list and free it. * This routine is called as a last fall-back to search for a symbol from a * standard relocation. To maintain lazy loadings goal of reducing the number * of objects mapped, any symbol search is first carried out using the objects * that already exist in the process (either on a link-map list or handle). * If a symbol can't be found, and lazy dependencies are still pending, this * routine loads the dependencies in an attempt to locate the symbol. * Only new objects are inspected as we will have already inspected presently * loaded objects before calling this routine. However, a new object may not * be new - although the di_lmp might be zero, the object may have been mapped * as someone elses dependency. Thus there's a possibility of some symbol * Generate a local list of new objects to process. This list can grow * as each object supplies its own lazy dependencies. * Discard any relocation index from further symbol searches. * This index will have already been used to trigger any * necessary lazy-loads, and it might be because one of these * lazy loads have failed that we're here performing this * fallback. By removing the relocation index we don't try * and perform the same failed lazy loading activity again. * Loop through the lazy DT_NEEDED entries examining each object * for the required symbol. If the symbol is not found, the * object is in turn added to the local alist, so that the * objects lazy DT_NEEDED entries can be examined. * If this object has already failed to lazy load, and * we're still processing the same runtime linker * operation that produced the failure, don't bother * to try and load the object again. * Try loading this lazy dependency. If the object * can't be loaded, consider this non-fatal and continue * the search. Lazy loaded dependencies need not exist * and their loading should only turn out to be fatal * if they are required to satisfy a relocation. * If the file is already loaded and relocated we must * still inspect it for symbols, even though it might * have already been searched. This lazy load operation * might have promoted the permissions of the object, * and thus made the object applicable for this symbol * search, whereas before the object might have been * If this object isn't yet a part of the dynamic list * then inspect it for the symbol. If the symbol isn't * found add the object to the dynamic list so that we * can inspect its dependencies. * Some dlsym() operations are already traversing a * link-map (dlopen(0)), and thus there's no need to * build our own dynamic dependency list. * Warning message for bad r_offset. const char *
name = (
char *)0;
* Resolve a static TLS relocation. * Relocations against a static TLS block have limited support once * process initialization has completed. Any error condition should be * discovered by testing for DF_STATIC_TLS as part of loading an object, * however individual relocations are tested in case the dynamic flag * had not been set when this object was built. * If no static TLS has been set aside for this object, determine if * any can be obtained. Enforce that any object using static TLS is * Typically, a static TLS offset is maintained as a symbols value. * For local symbols that are not apart of the dynamic symbol table, * the TLS relocation points to a section symbol, and the static TLS * offset was deposited in the associated GOT table. Make sure the GOT * is cleared, so that the value isn't reused in do_reloc().