#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
#
# Check ELF information.
#
# This script descends a directory hierarchy inspecting ELF dynamic executables
# and shared objects. The general theme is to verify that common Makefile rules
# have been used to build these objects. Typical failures occur when Makefile
#
# As always, a number of components don't follow the rules, and these are
# excluded to reduce this scripts output.
#
# By default any file that has conditions that should be reported is first
# listed and then each condition follows. The -o (one-line) option produces a
#
# NOTE: missing dependencies, symbols or versions are reported by running the
# file through ldd(1). As objects within a proto area are built to exist in a
# base system, standard use of ldd(1) will bind any objects to dependencies
# that exist in the base system. It is frequently the case that newer objects
# exist in the proto area that are required to satisfy other objects
# dependencies, and without using these newer objects an ldd(1) will produce
# misleading error messages. To compensate for this, the -D/-d options, or the
# existence of the CODEMSG_WS/ROOT environment variables, cause the creation of
# alternative dependency mappings via crle(1) configuration files that establish
# any proto shared objects as alternatives to their base system location. Thus
# ldd(1) can be executed against these configuration files so that objects in a
# proto area bind to their dependencies in the same proto area.
# Define all global variables (required for strict)
use vars qw(%opt);
# An exception file is used to specify regular expressions to match
# objects. These directives specify special attributes of the object.
# The regular expressions are read from the file and compiled into the
# regular expression variables.
#
# The name of each regular expression variable is of the form
#
# $EXRE_xxx
#
# where xxx is the name of the exception in lower case. For example,
# the regular expression variable for EXEC_STACK is $EXRE_exec_stack.
#
# onbld_elfmod::LoadExceptionsToEXRE() depends on this naming convention
# to initialize the regular expression variables, and to detect invalid
# exception names.
#
# If a given exception is not used in the exception file, its regular
# expression variable will be undefined. Users of these variables must
# test the variable with defined() prior to use:
#
# defined($EXRE_exec_stack) && ($foo =~ $EXRE_exec_stack)
#
# or if the test is to make sure the item is not specified:
#
# !defined($EXRE_exec_stack) || ($foo !~ $EXRE_exec_stack)
#
# ----
#
# The exceptions are:
#
# EXEC_DATA
# Objects that are not required to have non-executable writable
# data segments.
#
# EXEC_STACK
# Objects that are not required to have a non-executable stack
#
# NOCRLEALT
# Objects that should be skipped by AltObjectConfig() when building
# the crle script that maps objects to the proto area.
#
# NODIRECT
# Objects that are not required to use direct bindings
#
# NOSYMSORT
# Objects we should not check for duplicate addresses in
# the symbol sort sections.
#
# OLDDEP
# Objects that are no longer needed because their functionalty
# has migrated elsewhere. These are usually pure filters that
# point at libc.
#
# SKIP
# Files and directories that should be excluded from analysis.
#
# STAB
# Objects that are allowed to contain stab debugging sections
#
# TEXTREL
# Object for which relocations are allowed to the text segment
#
# UNDEF_REF
# Objects that are allowed undefined references
#
# UNREF_OBJ
# "unreferenced object=" ldd(1) diagnostics.
#
# UNUSED_DEPS
# Objects that are allowed to have unused dependencies
#
# UNUSED_OBJ
# Objects that are allowed to be unused dependencies
#
# UNUSED_RPATH
# Objects with unused runpaths
#
use vars qw($EXRE_nodirect $EXRE_nosymsort);
use vars qw($EXRE_unused_rpath);
use strict;
# Reliably compare two OS revisions. Arguments are <ver1> <op> <ver2>.
# <op> is the string form of a normal numeric comparison operator.
sub cmp_os_ver {
my @ver1 = split(/\./, $_[0]);
my $op = $_[1];
my @ver2 = split(/\./, $_[2]);
my $diff = 0;
last;
}
}
return (eval "$diff $op 0" ? 1 : 0);
}
## ProcFile(FullPath, RelPath, File, Class, Type, Verdef)
#
# Determine whether this a ELF dynamic object and if so investigate its runtime
# attributes.
#
sub ProcFile {
my($HasDirectBinding);
# Only look at executables and sharable objects
# Ignore symbolic links
return if -l $FullPath;
# Is this an object or directory hierarchy we don't care about?
return if !stat($FullPath);
# Reset output message counts for new input file
@Ldd = 0;
# Determine whether we have access to inspect the file.
if (!(-r $FullPath)) {
"unable to inspect file: permission denied");
return;
}
# Determine whether we have a executable (static or dynamic) or a
# shared object.
$Header = 'None';
# If we have an invalid file type (which we can tell from the
# first line), or we're processing an archive, bail.
if ($Header eq 'None') {
return;
}
}
$Header = 'Ehdr';
next;
}
$Header = 'Phdr';
$RWX = 0;
next;
}
# A dynamic section indicates we're a dynamic object
# (this makes sure we don't check static executables).
$Dyn = 1;
next;
}
# If it's a X86 object, we need to enforce RW- data.
next;
}
if (($Header eq 'Phdr') &&
# RWX segment seen.
$RWX = 1;
next;
}
if (($Header eq 'Phdr') &&
# Seen an RWX PT_LOAD segment.
if (!defined($EXRE_exec_data) ||
($RelPath !~ $EXRE_exec_data)) {
"application requires non-executable " .
"data\t<no -Mmapfile_noexdata?>");
}
next;
}
# This object defines a non-executable stack.
$Stack = 1;
next;
}
}
# Determine whether this ELF executable or shared object has a
# conforming mcs(1) comment section. If the correct $(POST_PROCESS)
# macros are used, only a 3 or 4 line .comment section should exist
# containing one or two "@(#)SunOS" identifying comments (one comment
# for a non-debug build, and two for a debug build). The results of
# the following split should be three or four lines, the last empty
# line being discarded by the split.
if ($opt{m}) {
$Val++;
$Con = 1;
last;
}
$Dev = 1;
next;
}
$Con = 1;
last;
}
$Con = 1;
last;
}
}
"non-conforming mcs(1) comment\t<no \$(POST_PROCESS)?>");
}
}
# Applications should contain a non-executable stack definition.
"non-executable stack required\t<no -Mmapfile_noexstk?>");
}
# Having caught any static executables in the mcs(1) check and non-
# executable stack definition check, continue with dynamic objects
# from now on.
if ($Dyn eq 0) {
return;
}
# Use ldd unless its a 64-bit object and we lack the hardware.
my $LDDFullPath = $FullPath;
if ($Secure) {
# The execution of a secure application over an nfs file
# system mounted nosuid will result in warning messages
# environment can occur with root builds, move the file
# being investigated to a safe place first. In addition
# remove its secure permission so that it can be
# influenced by any alternative dependency mappings.
$File =~ s!^.*/!!; # basename
my($TmpPath) = "$Tmpdir/$File";
chmod 0777, $TmpPath;
$LDDFullPath = $TmpPath;
}
# Use ldd(1) to determine the objects relocatability and use.
# By default look for all unreferenced dependencies. However,
# some objects have legitimate dependencies that they do not
# reference.
if ($LddNoU) {
$Lddopt = "-ru";
} else {
$Lddopt = "-rU";
}
if ($Secure) {
unlink $LDDFullPath;
}
}
$Val = 0;
$Sym = 5;
$UnDep = 1;
if ($Val == 0) {
$Val = 1;
# Make sure ldd(1) worked. One possible failure is that
# this is an old ldd(1) prior to -e addition (4390308).
last;
last;
}
# It's possible this binary can't be executed, ie. we've
# found a sparc binary while running on an intel system,
# or a sparcv9 binary on a sparcv7/8 system.
"has wrong class or data encoding");
next;
}
# Historically, ldd(1) likes executable objects to have
# their execute bit set.
if ($Line =~ /not executable/) {
"is not executable");
next;
}
}
# Look for "file" or "versions" that aren't found. Note that
# these lines will occur before we find any symbol referencing
# errors.
}
next;
}
# Look for relocations whose symbols can't be found. Note, we
# only print out the first 5 relocations for any file as this
# output can be excessive.
# Determine if this file is allowed undefined
# references.
($RelPath =~ $EXRE_undef_ref)) {
$Sym = 0;
next;
}
if ($Sym-- == 1) {
"continued ...") if !$opt{o};
next;
}
# Just print the symbol name.
next;
}
# Look for any unused search paths.
next if defined($EXRE_unused_rpath) &&
($Line =~ $EXRE_unused_rpath);
if ($Secure) {
}
next;
}
# Look for unreferenced dependencies. Note, if any unreferenced
# objects are ignored, then set $UnDep so as to suppress any
# associated unused-object messages.
if (defined($EXRE_unref_obj) &&
($Line =~ $EXRE_unref_obj)) {
$UnDep = 0;
next;
}
if ($Secure) {
}
next;
}
# Look for any unused dependencies.
# Skip if object is allowed to have unused dependencies
next if defined($EXRE_unused_deps) &&
($RelPath =~ $EXRE_unused_deps);
# Skip if dependency is always allowed to be unused
next if defined($EXRE_unused_obj) &&
($Line =~ $EXRE_unused_obj);
next;
}
}
# Reuse the elfdump(1) data to investigate additional dynamic linking
# information.
$HasDirectBinding = 0;
$Header = 'None';
# We're only interested in the section headers and the dynamic
# section.
$Header = 'Shdr';
# This object has a combined relocation section.
$Sun = 1;
# This object contain .stabs sections
$Stab = 1;
} elsif (($SymSort == 0) &&
# This object contains a symbol sort section
$SymSort = 1;
}
# This object contains a complete symbol table.
$Strip = 0;
}
next;
$Header = 'Dyn';
next;
$Header = 'Syminfo';
next;
next;
}
# Look into the Syminfo section.
# Does this object have at least one Directly Bound symbol?
if (($Header eq 'Syminfo')) {
my(@Symword);
if ($HasDirectBinding == 1) {
next;
}
if (!defined($Symword[1])) {
next;
}
if ($Symword[1] =~ /B/) {
$HasDirectBinding = 1;
}
next;
}
# Does this object contain text relocations.
# Determine if this file is allowed text relocations.
if (defined($EXRE_textrel) &&
($RelPath =~ $EXRE_textrel)) {
$Tex = 0;
next ELF;
}
"TEXTREL .dynamic tag\t\t\t<no -Kpic?>");
$Tex = 0;
next;
}
# Does this file have any relocation sections (there are a few
# psr libraries with no relocations at all, thus a .SUNW_reloc
# section won't exist either).
next;
}
# Does this file have any plt relocations. If the plt size is
# equivalent to the total relocation size then we don't have
# any relocations suitable for combining into a .SUNW_reloc
# section.
next;
}
# Does this object have any dependencies.
# Catch any old (unnecessary) dependencies.
"NEEDED=$Need\t<dependency no longer necessary>");
} elsif ($opt{i}) {
# Under the -i (information) option print out
# any useful dynamic entries.
"NEEDED=$Need");
}
next;
}
# Is this object built with -B direct flag on?
$HasDirectBinding = 1;
}
# Does this object specify a runpath.
$RelPath, "RPATH=$Rpath");
next;
}
}
# A shared object, that contains non-plt relocations, should have a
# combined relocation section indicating it was built with -z combreloc.
".SUNW_reloc section missing\t\t<no -zcombreloc?>");
}
# No objects released to a customer should have any .stabs sections
# remaining, they should be stripped.
"debugging sections should be deleted\t<no strip -x?>");
}
# Identify an object that is not built with either -B direct or
# -z direct.
goto DONESTAB
"object has no direct bindings\t<no -B direct or -z direct?>");
}
# All objects should have a full symbol table to provide complete
# debugging stack traces.
"symbol table should not be stripped\t<remove -s?>") if $Strip;
# If there are symbol sort sections in this object, report on
# any that have duplicate addresses.
# If -v was specified, and the object has a version definition
# section, generate output showing each public symbol and the
# version it belongs to.
}
## ProcSymSortOutMsg(RelPath, secname, addr, names...)
#
# Call onbld_elfmod::OutMsg for a duplicate address error in a symbol sort
# section
#
sub ProcSymSortOutMsg {
}
## ProcSymSort(FullPath, RelPath)
#
# Examine the symbol sort sections for the given object and report
# on any duplicate addresses found. Ideally, mapfile directives
# should be used when building objects that have multiple symbols
# with the same address so that only one of them appears in the sort
# section. This saves space, reduces user confusion, and ensures that
# libproc and debuggers always display public names instead of symbols
# that are merely implementation details.
#
sub ProcSymSort {
# If this object is exempt from checking, return quietly
open(SORT, "elfdump -S $FullPath|") ||
die "$Prog: Unable to execute elfdump (symbol sort sections)\n";
my $line;
my $last_addr;
my @dups = ();
my $secname;
chomp $line;
next if ($line eq '');
# If this is a header line, pick up the section name
$secname = $1;
# Every new section is followed by a column header line
# Flush anything left from previous section
if (scalar(@dups) > 1);
# Reset variables for new sort section
$last_addr = '';
@dups = ();
next;
}
# Process symbol line
if ($new_type eq 'UNDEF') {
"$secname: unexpected UNDEF symbol " .
"(link-editor error): $new_name");
next;
}
} else {
}
}
if (scalar(@dups) > 1);
close SORT;
}
## ProcVerdef(FullPath, RelPath)
#
# Examine the version definition section for the given object and report
# each public symbol along with the version it belongs to.
#
sub ProcVerdef {
my $line;
my $cur_ver = '';
# pvs -dov provides information about the versioning hierarchy
# in the file. Lines are of the format:
# path - version[XXX];
# where [XXX] indicates optional information, such as flags
# or inherited versions.
#
# Private versions are allowed to change freely, so ignore them.
open(PVS, "pvs -dov $FullPath|") ||
die "$Prog: Unable to execute pvs (version definition section)\n";
chomp $line;
if ($line =~ /^[^\s]+\s+-\s+([^;]+)/) {
my $ver = $1;
"${tab}VERDEF=$ver");
}
}
close PVS;
# pvs -dos lists the symbols assigned to each version definition.
# Lines are of the format:
# path - version: symbol;
# path - version: symbol (size);
# where the (size) is added to data items, but not for functions.
# We strip off the size, if present.
open(PVS, "pvs -dos $FullPath|") ||
die "$Prog: Unable to execute pvs (version definition section)\n";
chomp $line;
if ($line =~ /^[^\s]+\s+-\s+([^:]+):\s*([^\s;]+)/) {
my $ver = $1;
my $sym = $2;
if ($opt{o}) {
"VERSION=$ver, SYMBOL=$sym");
} else {
$RelPath, "VERSION=$ver");
}
$RelPath, "SYMBOL=$sym");
}
}
}
close PVS;
}
## OpenFindElf(file, FileHandleRef, LineNumRef)
#
# Open file in 'find_elf -r' format, and return the value of
# the opening PREFIX line.
#
# entry:
# file - file, or find_elf child process, to open
# FileHandleRef - Reference to file handle to open
# LineNumRef - Reference to integer to increment as lines are input
#
# exit:
# This routine issues a fatal error and does not return on error.
# Otherwise, the value of PREFIX is returned.
#
sub OpenFindElf {
my $line;
my $prefix;
$$LineNum = 0;
# This script requires relative paths as created by 'find_elf -r'.
# When this is done, the first non-comment line will always
# be PREFIX. Obtain that line, or issue a fatal error.
$prefix = $1;
last;
}
die "$Prog: No PREFIX line seen on line $$LineNum: $file";
}
$prefix;
}
## ProcFindElf(file)
#
# Open the specified file, which must be produced by "find_elf -r",
# and process the files it describes.
#
sub ProcFindElf {
my $file = $_[0];
my $line;
my $LineNum;
split(/\s+/, $line, 5);
}
close FIND_ELF;
}
## AltObjectConfig(file)
#
# Recurse through a directory hierarchy looking for appropriate dependencies
# to map from their standard system locations to the proto area via a crle
# config file.
#
# entry:
# file - File of ELF objects, in 'find_elf -r' format, to examine.
#
# exit:
# Scripts are generated for the 32 and 64-bit cases to run crle
# and create runtime configuration files that will establish
# alternative dependency mappings for the objects identified.
#
# $Env - Set to environment variable definitions that will cause
# the config files generated by this routine to be used
# by ldd.
# $Conf32, $Conf64 - Undefined, or set to the config files generated
# by this routine. If defined, the caller is responsible for
# unlinking the files before exiting.
#
sub AltObjectConfig {
my $file = $_[0];
my $line;
my $LineNum;
my $obj_path;
my $obj_active = 0;
my $obj_class;
LINE:
ITEM: {
split(/\s+/, $line, 5);
if ($type eq 'DYN') {
$obj_active = 1;
} else {
# Only want sharable objects
$obj_active = 0;
}
last ITEM;
}
# We need to follow links to sharable objects so
# that any dependencies are expressed in all their
# available forms. We depend on ALIAS lines directly
# following the object they alias, so if we have
# a current object, this alias belongs to it.
split(/\s+/, $line, 3);
last ITEM;
}
# Skip unrecognized item
next LINE;
}
next if !$obj_active;
my $full = "$prefix/$obj_path";
next if defined($EXRE_nocrlealt) &&
($obj_path =~ $EXRE_nocrlealt);
$Dir =~ s/^(.*)\/.*$/$1/;
# Create a crle(1) script for the dependency we've found.
# We build separate scripts for the 32 and 64-bit cases.
# We create and initialize each script when we encounter
# the first object that needs it.
if ($obj_class == 32) {
if (!$Crle32) {
$Crle32 = "$Tmpdir/$Prog.crle32.$$";
open(CRLE32, "> $Crle32") ||
die "$Prog: open failed: $Crle32: $!";
}
print CRLE32 "\t-o $Dir -a /$obj_path \\\n";
} elsif ($Ena64) {
if (!$Crle64) {
$Crle64 = "$Tmpdir/$Prog.crle64.$$";
open(CRLE64, "> $Crle64") ||
die "$Prog: open failed: $Crle64: $!";
}
print CRLE64 "\t-o $Dir -a /$obj_path \\\n";
}
}
close FIND_ELF;
# Now that the config scripts are complete, use them to generate
# runtime linker config files.
if ($Crle64) {
print CRLE64 "\t-c $Conf64\n";
chmod 0755, $Crle64;
close CRLE64;
# Done with the script
unlink $Crle64;
}
if ($Crle32) {
print CRLE32 "\t-c $Conf32\n";
chmod 0755, $Crle32;
close CRLE32;
# Done with the script
unlink $Crle32;
}
# Set $Env so that we will use the config files generated above
# when we run ldd.
$Env = "-e LD_FLAGS=config_64=$Conf64,config_32=$Conf32";
$Env = "-e LD_FLAGS=config_64=$Conf64";
$Env = "-e LD_FLAGS=config_32=$Conf32";
}
}
# -----------------------------------------------------------------------------
# This script relies on ldd returning output reflecting only the binary
# contents. But if LD_PRELOAD* environment variables are present, libraries
# named by them will also appear in the output, disrupting our analysis.
# So, before we get too far, scrub the environment.
delete($ENV{LD_PRELOAD});
delete($ENV{LD_PRELOAD_32});
delete($ENV{LD_PRELOAD_64});
# Establish a program name for any error diagnostics.
# The onbld_elfmod package is maintained in the same directory as this
# and the installed one otherwise.
require "$moddir/onbld_elfmod.pm";
# Determine what machinery is available.
$Ena64 = "ok";
}
$Ena64 = "ok";
}
}
# $Env is used with all calls to ldd. It is set by AltObjectConfig to
# cause an alternate object mapping runtime config file to be used.
$Env = '';
# Check that we have arguments.
(!$opt{f} && ($#ARGV == -1))) {
print "usage: $Prog [-imosv] [-D depfile | -d depdir] [-E errfile]\n";
print "\t\t[-e exfile] [-f listfile] [-I infofile] [-w outdir]\n";
print "\t\t[file | dir]...\n";
print "\n";
print "\t[-D depfile]\testablish dependencies from 'find_elf -r' file list\n";
print "\t[-d depdir]\testablish dependencies from under directory\n";
print "\t[-E errfile]\tdirect error output to file\n";
print "\t[-e exfile]\texceptions file\n";
print "\t[-f listfile]\tuse file list produced by find_elf -r\n";
print "\t[-I infofile]\tdirect informational output (-i, -v) to file\n";
print "\t[-i]\t\tproduce dynamic table entry information\n";
print "\t[-m]\t\tprocess mcs(1) comments\n";
print "\t[-o]\t\tproduce one-liner output (prefixed with pathname)\n";
print "\t[-s]\t\tprocess .stab and .symtab entries\n";
print "\t[-v]\t\tprocess version definition entries\n";
print "\t[-w outdir]\tinterpret all files relative to given directory\n";
exit 1;
}
# If -w, change working directory to given location
# Locate and process the exceptions file
# Is there a proto area available, either via the -d option, or because
# we are part of an activated workspace?
my $Proto;
if ($opt{d}) {
# User specified dependency directory - make sure it exists.
-d $opt{d} || die "$Prog: $opt{d} is not a directory\n";
} elsif ($ENV{CODEMGR_WS}) {
my $Root;
# Without a user specified dependency directory see if we're
# part of a codemanager workspace and if a proto area exists.
}
# If we are basing this analysis off the sharable objects found in
# a proto area, then gather dependencies and construct an alternative
# dependency mapping via a crle(1) configuration file.
#
# To support alternative dependency mapping we'll need ldd(1)'s
# -e option. This is relatively new (s81_30), so make sure
# ldd(1) is capable before gathering any dependency information.
print "ldd: does not support -e, unable to ";
print "create alternative dependency mappingings.\n";
print "ldd: option added under 4390308 (s81_30).\n\n";
} else {
# If -D was specified, it supplies a list of files in
# 'find_elf -r' format, and can use it directly. Otherwise,
# we will run find_elf as a child process to find the
# sharable objects found under $Proto.
}
}
# To support unreferenced dependency detection we'll need ldd(1)'s -U
# option. This is relatively new (4638070), and if not available we
# can still fall back to -u. Even with this option, don't use -U with
# releases prior to 5.10 as the cleanup for -U use only got integrated
# into 5.10 under 4642023. Note, that nightly doesn't typically set a
# RELEASE from the standard <env> files. Users who wish to disable use
# of ldd(1)'s -U should set (or uncomment) RELEASE in their <env> file
# if using nightly, or otherwise establish it in their environment.
$LddNoU = 1;
} else {
my($Release);
$LddNoU = 1;
} else {
$LddNoU = 0;
}
}
# Set up variables used to handle output files:
#
# Error messages go to stdout unless -E is specified. $ErrFH is a
# file handle reference that points at the file handle where error messages
# are sent, and $ErrTtl is a reference that points at an integer used
# to count how many lines have been sent there.
#
# Informational messages go to stdout unless -I is specified. $InfoFH is a
# file handle reference that points at the file handle where info messages
# are sent, and $InfoTtl is a reference that points at an integer used
# to count how many lines have been sent there.
#
if ($opt{E}) {
} else {
}
if ($opt{I}) {
} else {
}
# If we were given a list of objects in 'find_elf -r' format, then
# process it.
# Process each argument
# Run find_elf to find the files given by $Arg and process them
ProcFindElf("find_elf -fr $Arg|");
}
# Cleanup output files
exit 0;