rtld.c 136 KB
Newer Older
1
/*-
2
 * Copyright 1996, 1997, 1998, 1999, 2000 John D. Polstra.
kan's avatar
kan committed
3
 * Copyright 2003 Alexander Kabaev <kan@FreeBSD.ORG>.
4
5
 * Copyright 2009-2012 Konstantin Belousov <kib@FreeBSD.ORG>.
 * Copyright 2012 John Marino <draco@marino.st>.
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
peter's avatar
peter committed
28
 * $FreeBSD$
29
30
31
32
33
34
35
36
37
38
39
40
41
 */

/*
 * Dynamic linker for ELF.
 *
 * John Polstra <jdp@polstra.com>.
 */

#ifndef __GNUC__
#error "GCC is needed to compile this file"
#endif

#include <sys/param.h>
42
#include <sys/mount.h>
43
#include <sys/mman.h>
44
#include <sys/stat.h>
45
#include <sys/sysctl.h>
46
#include <sys/uio.h>
47
#include <sys/utsname.h>
48
#include <sys/ktrace.h>
49
50
51
52
53
54
55
56
57
58
59
60
61

#include <dlfcn.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "debug.h"
#include "rtld.h"
62
#include "libmap.h"
dfr's avatar
dfr committed
63
#include "rtld_tls.h"
64
#include "rtld_printf.h"
65
#include "notes.h"
66

67
#ifndef COMPAT_32BIT
68
#define PATH_RTLD	"/libexec/ld-elf.so.1"
69
70
71
#else
#define PATH_RTLD	"/libexec/ld-elf32.so.1"
#endif
72
73
74

/* Types. */
typedef void (*func_ptr_type)();
kan's avatar
kan committed
75
typedef void * (*path_enum_proc) (const char *path, size_t len, void *arg);
76

77
78
79
80
81
typedef struct integriforce_so_check {
	char	 isc_path[MAXPATHLEN];
	int	 isc_result;
} integriforce_so_check_t;

82
83
84
/*
 * Function declarations.
 */
85
static const char *basename(const char *);
86
static void digest_dynamic1(Obj_Entry *, int, const Elf_Dyn **,
87
88
89
    const Elf_Dyn **, const Elf_Dyn **);
static void digest_dynamic2(Obj_Entry *, const Elf_Dyn *, const Elf_Dyn *,
    const Elf_Dyn *);
90
static void digest_dynamic(Obj_Entry *, int);
91
static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t, const char *);
92
static Obj_Entry *dlcheck(void *);
93
static Obj_Entry *dlopen_object(const char *name, int fd, Obj_Entry *refobj,
94
    int lo_flags, int mode, RtldLockState *lockstate);
95
static Obj_Entry *do_load_object(int, const char *, char *, struct stat *, int);
kan's avatar
kan committed
96
static int do_search_info(const Obj_Entry *obj, int, struct dl_serinfo *);
97
static bool donelist_check(DoneList *, const Obj_Entry *);
98
99
static void errmsg_restore(char *);
static char *errmsg_save(void);
kan's avatar
kan committed
100
static void *fill_search_info(const char *, size_t, void *);
101
static char *find_library(const char *, const Obj_Entry *, int *);
102
static const char *gethints(bool);
103
static void init_dag(Obj_Entry *);
104
static void init_pagesizes(Elf_Auxinfo **aux_info);
105
static void init_rtld(caddr_t, Elf_Auxinfo **);
jkim's avatar
jkim committed
106
107
static void initlist_add_neededs(Needed_Entry *, Objlist *);
static void initlist_add_objects(Obj_Entry *, Obj_Entry **, Objlist *);
108
109
static void linkmap_add(Obj_Entry *);
static void linkmap_delete(Obj_Entry *);
110
111
static void load_filtees(Obj_Entry *, int flags, RtldLockState *);
static void unload_filtees(Obj_Entry *);
112
static void randomize_neededs(Obj_Entry *obj, int flags);
113
static int load_needed_objects(Obj_Entry *, int);
jdp's avatar
jdp committed
114
static int load_preload_objects(void);
115
static Obj_Entry *load_object(const char *, int fd, const Obj_Entry *, int);
116
static void map_stacks_exec(RtldLockState *);
117
static Obj_Entry *obj_from_addr(const void *);
118
119
static void objlist_call_fini(Objlist *, Obj_Entry *, RtldLockState *);
static void objlist_call_init(Objlist *, RtldLockState *);
120
static void objlist_clear(Objlist *);
121
static Objlist_Entry *objlist_find(Objlist *, const Obj_Entry *);
122
123
124
static void objlist_init(Objlist *);
static void objlist_push_head(Objlist *, Obj_Entry *);
static void objlist_push_tail(Objlist *, Obj_Entry *);
125
static void objlist_put_after(Objlist *, Obj_Entry *, Obj_Entry *);
126
static void objlist_remove(Objlist *, Obj_Entry *);
127
static int parse_libdir(const char *);
kan's avatar
kan committed
128
static void *path_enumerate(const char *, path_enum_proc, void *);
129
130
131
132
static int relocate_object_dag(Obj_Entry *root, bool bind_now,
    Obj_Entry *rtldobj, int flags, RtldLockState *lockstate);
static int relocate_object(Obj_Entry *obj, bool bind_now, Obj_Entry *rtldobj,
    int flags, RtldLockState *lockstate);
133
134
static int relocate_objects(Obj_Entry *, bool, Obj_Entry *, int,
    RtldLockState *);
135
static int resolve_objects_ifunc(Obj_Entry *first, bool bind_now,
136
    int flags, RtldLockState *lockstate);
kan's avatar
kan committed
137
static int rtld_dirname(const char *, char *);
138
static int rtld_dirname_abs(const char *, char *);
139
static void *rtld_dlopen(const char *name, int fd, int mode);
140
141
static void rtld_exit(void);
static char *search_library_path(const char *, const char *);
142
static char *search_library_pathfds(const char *, const char *, int *);
143
static const void **get_program_var_addr(const char *, RtldLockState *);
144
static void set_program_var(const char *, const void *);
145
static int symlook_default(SymLook *, const Obj_Entry *refobj);
146
static int symlook_global(SymLook *, DoneList *);
147
148
149
static void symlook_init_from_req(SymLook *, const SymLook *);
static int symlook_list(SymLook *, const Objlist *, DoneList *);
static int symlook_needed(SymLook *, const Needed_Entry *, DoneList *);
kib's avatar
kib committed
150
151
static int symlook_obj1_sysv(SymLook *, const Obj_Entry *);
static int symlook_obj1_gnu(SymLook *, const Obj_Entry *);
jkim's avatar
jkim committed
152
static void trace_loaded_objects(Obj_Entry *);
153
static void unlink_object(Obj_Entry *);
154
static void unload_object(Obj_Entry *);
155
static void unref_dag(Obj_Entry *);
156
static void ref_dag(Obj_Entry *);
157
158
159
160
static char *origin_subst_one(Obj_Entry *, char *, const char *,
    const char *, bool);
static char *origin_subst(Obj_Entry *, char *);
static bool obj_resolve_origin(Obj_Entry *obj);
161
static void preinit_main(void);
162
163
164
165
static int  rtld_verify_versions(const Objlist *);
static int  rtld_verify_object_versions(Obj_Entry *);
static void object_add_name(Obj_Entry *, const char *);
static int  object_match_name(const Obj_Entry *, const char *);
166
static void ld_utrace_log(int, void *, void *, size_t, int, const char *);
167
168
static void rtld_fill_dl_phdr_info(const Obj_Entry *obj,
    struct dl_phdr_info *phdr_info);
kib's avatar
kib committed
169
static uint32_t gnu_hash(const char *);
170
171
static bool matched_symbol(SymLook *, const Obj_Entry *, Sym_Match_Result *,
    const unsigned long);
172

173
174
void r_debug_state(struct r_debug *, struct link_map *) __noinline __exported;
void _r_debug_postinit(struct link_map *) __noinline __exported;
175

176
177
int __sys_openat(int, const char *, int, ...);

178
179
180
181
/*
 * Data declarations.
 */
static char *error_message;	/* Message for dlerror(), or NULL */
182
struct r_debug r_debug __exported;	/* for GDB; */
183
static bool libmap_disable;	/* Disable libmap */
184
static bool ld_loadfltr;	/* Immediate filters processing */
mdodd's avatar
mdodd committed
185
static char *libmap_override;	/* Maps to use in addition to libmap.conf */
186
static bool trust;		/* False for setuid and setgid programs */
187
188
static bool dangerous_ld_env;	/* True if environment variables have been
				   used to affect the libraries loaded */
189
190
191
static char *ld_bind_now;	/* Environment variable for immediate binding */
static char *ld_debug;		/* Environment variable for debugging */
static char *ld_library_path;	/* Environment variable for search path */
192
static char *ld_library_dirs;	/* Environment variable for library descriptors */
jdp's avatar
jdp committed
193
194
static char *ld_preload;	/* Environment variable for libraries to
				   load first */
195
static char *ld_elf_hints_path;	/* Environment variable for alternative hints path */
dfr's avatar
dfr committed
196
static char *ld_tracing;	/* Called from ldd to print libs */
197
static char *ld_utrace;		/* Use utrace() to log events. */
198
199
200
201
static Obj_Entry *obj_list;	/* Head of linked list of shared objects */
static Obj_Entry **obj_tail;	/* Link field of last object in list */
static Obj_Entry *obj_main;	/* The main program shared object */
static Obj_Entry obj_rtld;	/* The dynamic linker shared object */
202
static unsigned int obj_count;	/* Number of objects in obj_list */
kan's avatar
kan committed
203
static unsigned int obj_loads;	/* Number of objects in obj_list */
204
205
206
207
208

static Objlist list_global =	/* Objects dlopened with RTLD_GLOBAL */
  STAILQ_HEAD_INITIALIZER(list_global);
static Objlist list_main =	/* Objects loaded at program startup */
  STAILQ_HEAD_INITIALIZER(list_main);
209
210
static Objlist list_fini =	/* Objects needing fini() calls */
  STAILQ_HEAD_INITIALIZER(list_fini);
211

212
Elf_Sym sym_zero;		/* For resolving undefined weak refs. */
213

214
#define GDB_STATE(s,m)	r_debug.r_state = s; r_debug_state(&r_debug,m);
215

dfr's avatar
dfr committed
216
extern Elf_Dyn _DYNAMIC;
217
#pragma weak _DYNAMIC
218
219
220
#ifndef RTLD_IS_DYNAMIC
#define	RTLD_IS_DYNAMIC()	(&_DYNAMIC != NULL)
#endif
221

222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
int dlclose(void *) __exported;
char *dlerror(void) __exported;
void *dlopen(const char *, int) __exported;
void *fdlopen(int, int) __exported;
void *dlsym(void *, const char *) __exported;
dlfunc_t dlfunc(void *, const char *) __exported;
void *dlvsym(void *, const char *, const char *) __exported;
int dladdr(const void *, Dl_info *) __exported;
void dllockinit(void *, void *(*)(void *), void (*)(void *), void (*)(void *),
    void (*)(void *), void (*)(void *), void (*)(void *)) __exported;
int dlinfo(void *, int , void *) __exported;
int dl_iterate_phdr(__dl_iterate_hdr_callback, void *) __exported;
int _rtld_addr_phdr(const void *, struct dl_phdr_info *) __exported;
int _rtld_get_stack_prot(void) __exported;
int _rtld_is_dlopened(void *) __exported;
void _rtld_error(const char *, ...) __exported;

239
240
int npagesizes, osreldate;
size_t *pagesizes;
241

kib's avatar
kib committed
242
243
long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};

244
static int stack_prot = PROT_READ | PROT_WRITE | RTLD_DEFAULT_STACK_EXEC;
245
246
static int max_stack_flags;

247
248
/*
 * Global declarations normally provided by crt1.  The dynamic linker is
249
 * not built with crt1, so we have to provide them ourselves.
250
251
252
253
 */
char *__progname;
char **environ;

254
255
256
257
258
259
/*
 * Used to pass argc, argv to init functions.
 */
int main_argc;
char **main_argv;

dfr's avatar
dfr committed
260
261
262
263
264
265
/*
 * Globals to control TLS allocation.
 */
size_t tls_last_offset;		/* Static TLS offset of last module */
size_t tls_last_size;		/* Static TLS size of last module */
size_t tls_static_space;	/* Static TLS space allocated */
266
size_t tls_static_max_align;
dfr's avatar
dfr committed
267
268
269
int tls_dtv_generation = 1;	/* Used to detect when dtv size changes  */
int tls_max_index = 1;		/* Largest module index allocated */

270
271
bool ld_library_path_rpath = false;

272
273
274
275
276
277
278
279
280
281
282
/*
 * Fill in a DoneList with an allocation large enough to hold all of
 * the currently-loaded objects.  Keep this as a macro since it calls
 * alloca and we want that to occur within the scope of the caller.
 */
#define donelist_init(dlp)					\
    ((dlp)->objs = alloca(obj_count * sizeof (dlp)->objs[0]),	\
    assert((dlp)->objs != NULL),				\
    (dlp)->num_alloc = obj_count,				\
    (dlp)->num_used = 0)

283
284
285
286
287
288
289
290
291
292
#define	UTRACE_DLOPEN_START		1
#define	UTRACE_DLOPEN_STOP		2
#define	UTRACE_DLCLOSE_START		3
#define	UTRACE_DLCLOSE_STOP		4
#define	UTRACE_LOAD_OBJECT		5
#define	UTRACE_UNLOAD_OBJECT		6
#define	UTRACE_ADD_RUNDEP		7
#define	UTRACE_PRELOAD_FINISHED		8
#define	UTRACE_INIT_CALL		9
#define	UTRACE_FINI_CALL		10
des's avatar
des committed
293
294
#define	UTRACE_DLSYM_START		11
#define	UTRACE_DLSYM_STOP		12
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331

struct utrace_rtld {
	char sig[4];			/* 'RTLD' */
	int event;
	void *handle;
	void *mapbase;			/* Used for 'parent' and 'init/fini' */
	size_t mapsize;
	int refcnt;			/* Used for 'mode' */
	char name[MAXPATHLEN];
};

#define	LD_UTRACE(e, h, mb, ms, r, n) do {			\
	if (ld_utrace != NULL)					\
		ld_utrace_log(e, h, mb, ms, r, n);		\
} while (0)

static void
ld_utrace_log(int event, void *handle, void *mapbase, size_t mapsize,
    int refcnt, const char *name)
{
	struct utrace_rtld ut;

	ut.sig[0] = 'R';
	ut.sig[1] = 'T';
	ut.sig[2] = 'L';
	ut.sig[3] = 'D';
	ut.event = event;
	ut.handle = handle;
	ut.mapbase = mapbase;
	ut.mapsize = mapsize;
	ut.refcnt = refcnt;
	bzero(ut.name, sizeof(ut.name));
	if (name)
		strlcpy(ut.name, name, sizeof(ut.name));
	utrace(&ut, sizeof(ut));
}

332
333
334
335
336
337
338
339
340
341
342
/*
 * Main entry point for dynamic linking.  The first argument is the
 * stack pointer.  The stack is expected to be laid out as described
 * in the SVR4 ABI specification, Intel 386 Processor Supplement.
 * Specifically, the stack pointer points to a word containing
 * ARGC.  Following that in the stack is a null-terminated sequence
 * of pointers to argument strings.  Then comes a null-terminated
 * sequence of pointers to environment strings.  Finally, there is a
 * sequence of "auxiliary vector" entries.
 *
 * The second argument points to a place to store the dynamic linker's
dfr's avatar
dfr committed
343
344
 * exit procedure pointer and the third to a place to store the main
 * program's object.
345
346
347
348
 *
 * The return value is the main program's entry point.
 */
func_ptr_type
dfr's avatar
dfr committed
349
_rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
350
{
dfr's avatar
dfr committed
351
    Elf_Auxinfo *aux_info[AT_COUNT];
352
353
354
355
    int i;
    int argc;
    char **argv;
    char **env;
dfr's avatar
dfr committed
356
357
    Elf_Auxinfo *aux;
    Elf_Auxinfo *auxp;
358
    const char *argv0;
dfr's avatar
dfr committed
359
    Objlist_Entry *entry;
360
    Obj_Entry *obj;
361
    Obj_Entry **preload_tail;
362
    Obj_Entry *last_interposer;
363
    Objlist initlist;
364
    RtldLockState lockstate;
365
    char *library_path_rpath;
kib's avatar
kib committed
366
367
    int mib[2];
    size_t len;
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382

    /*
     * On entry, the dynamic linker itself has not been relocated yet.
     * Be very careful not to reference any global data until after
     * init_rtld has returned.  It is OK to reference file-scope statics
     * and string constants, and to call static and global functions.
     */

    /* Find the auxiliary vector on the stack. */
    argc = *sp++;
    argv = (char **) sp;
    sp += argc + 1;	/* Skip over arguments and NULL terminator */
    env = (char **) sp;
    while (*sp++ != 0)	/* Skip over environment, and NULL terminator */
	;
dfr's avatar
dfr committed
383
    aux = (Elf_Auxinfo *) sp;
384
385
386
387
388
389
390
391
392
393
394

    /* Digest the auxiliary vector. */
    for (i = 0;  i < AT_COUNT;  i++)
	aux_info[i] = NULL;
    for (auxp = aux;  auxp->a_type != AT_NULL;  auxp++) {
	if (auxp->a_type < AT_COUNT)
	    aux_info[auxp->a_type] = auxp;
    }

    /* Initialize and relocate ourselves. */
    assert(aux_info[AT_BASE] != NULL);
395
    init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr, aux_info);
396
397

    __progname = obj_rtld.path;
398
    argv0 = argv[0] != NULL ? argv[0] : "(null)";
399
    environ = env;
400
401
    main_argc = argc;
    main_argv = argv;
402

403
404
    if (aux_info[AT_CANARY] != NULL &&
	aux_info[AT_CANARY]->a_un.a_ptr != NULL) {
kib's avatar
kib committed
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
	    i = aux_info[AT_CANARYLEN]->a_un.a_val;
	    if (i > sizeof(__stack_chk_guard))
		    i = sizeof(__stack_chk_guard);
	    memcpy(__stack_chk_guard, aux_info[AT_CANARY]->a_un.a_ptr, i);
    } else {
	mib[0] = CTL_KERN;
	mib[1] = KERN_ARND;

	len = sizeof(__stack_chk_guard);
	if (sysctl(mib, 2, __stack_chk_guard, &len, NULL, 0) == -1 ||
	    len != sizeof(__stack_chk_guard)) {
		/* If sysctl was unsuccessful, use the "terminator canary". */
		((unsigned char *)(void *)__stack_chk_guard)[0] = 0;
		((unsigned char *)(void *)__stack_chk_guard)[1] = 0;
		((unsigned char *)(void *)__stack_chk_guard)[2] = '\n';
		((unsigned char *)(void *)__stack_chk_guard)[3] = 255;
	}
    }

mdodd's avatar
mdodd committed
424
    trust = !issetugid();
425

426
    ld_bind_now = getenv(LD_ "BIND_NOW");
427
428
429
430
431
432
433
    /* 
     * If the process is tainted, then we un-set the dangerous environment
     * variables.  The process will be marked as tainted until setuid(2)
     * is called.  If any child process calls setuid(2) we do not want any
     * future processes to honor the potentially un-safe variables.
     */
    if (!trust) {
cperciva's avatar
cperciva committed
434
        if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
435
436
	    unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBRARY_PATH_FDS") ||
	    unsetenv(LD_ "LIBMAP_DISABLE") ||
437
	    unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH") ||
438
	    unsetenv(LD_ "LOADFLTR") || unsetenv(LD_ "LIBRARY_PATH_RPATH")) {
cperciva's avatar
cperciva committed
439
		_rtld_error("environment corrupt; aborting");
440
		rtld_die();
cperciva's avatar
cperciva committed
441
	}
442
443
444
445
446
    }
    ld_debug = getenv(LD_ "DEBUG");
    libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
    libmap_override = getenv(LD_ "LIBMAP");
    ld_library_path = getenv(LD_ "LIBRARY_PATH");
447
    ld_library_dirs = getenv(LD_ "LIBRARY_PATH_FDS");
448
    ld_preload = getenv(LD_ "PRELOAD");
449
    ld_elf_hints_path = getenv(LD_ "ELF_HINTS_PATH");
450
    ld_loadfltr = getenv(LD_ "LOADFLTR") != NULL;
451
452
453
454
455
456
457
458
459
    library_path_rpath = getenv(LD_ "LIBRARY_PATH_RPATH");
    if (library_path_rpath != NULL) {
	    if (library_path_rpath[0] == 'y' ||
		library_path_rpath[0] == 'Y' ||
		library_path_rpath[0] == '1')
		    ld_library_path_rpath = true;
	    else
		    ld_library_path_rpath = false;
    }
460
    dangerous_ld_env = libmap_disable || (libmap_override != NULL) ||
461
	(ld_library_path != NULL) || (ld_preload != NULL) ||
462
	(ld_elf_hints_path != NULL) || ld_loadfltr;
463
    ld_tracing = getenv(LD_ "TRACE_LOADED_OBJECTS");
464
    ld_utrace = getenv(LD_ "UTRACE");
465

466
467
468
    if ((ld_elf_hints_path == NULL) || strlen(ld_elf_hints_path) == 0)
	ld_elf_hints_path = _PATH_ELF_HINTS;

469
470
471
472
    if (ld_debug != NULL && *ld_debug != '\0')
	debug = 1;
    dbg("%s is initialized, base address = %p", __progname,
	(caddr_t) aux_info[AT_BASE]->a_un.a_ptr);
473
474
    dbg("RTLD dynamic = %p", obj_rtld.dynamic);
    dbg("RTLD pltgot  = %p", obj_rtld.pltgot);
475

476
477
478
    dbg("initializing thread locks");
    lockdflt_init();

479
480
481
482
483
484
485
    /*
     * Load the main program, or process its program header if it is
     * already loaded.
     */
    if (aux_info[AT_EXECFD] != NULL) {	/* Load the main program. */
	int fd = aux_info[AT_EXECFD]->a_un.a_val;
	dbg("loading main program");
486
	obj_main = map_object(fd, argv0, NULL);
487
488
	close(fd);
	if (obj_main == NULL)
489
	    rtld_die();
490
	max_stack_flags = obj->stack_flags;
491
    } else {				/* Main program already loaded. */
dfr's avatar
dfr committed
492
	const Elf_Phdr *phdr;
493
494
495
496
497
	int phnum;
	caddr_t entry;

	dbg("processing main program's program header");
	assert(aux_info[AT_PHDR] != NULL);
dfr's avatar
dfr committed
498
	phdr = (const Elf_Phdr *) aux_info[AT_PHDR]->a_un.a_ptr;
499
500
501
	assert(aux_info[AT_PHNUM] != NULL);
	phnum = aux_info[AT_PHNUM]->a_un.a_val;
	assert(aux_info[AT_PHENT] != NULL);
dfr's avatar
dfr committed
502
	assert(aux_info[AT_PHENT]->a_un.a_val == sizeof(Elf_Phdr));
503
504
	assert(aux_info[AT_ENTRY] != NULL);
	entry = (caddr_t) aux_info[AT_ENTRY]->a_un.a_ptr;
505
	if ((obj_main = digest_phdr(phdr, phnum, entry, argv0)) == NULL)
506
	    rtld_die();
507
508
    }

509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
    if (aux_info[AT_EXECPATH] != 0) {
	    char *kexecpath;
	    char buf[MAXPATHLEN];

	    kexecpath = aux_info[AT_EXECPATH]->a_un.a_ptr;
	    dbg("AT_EXECPATH %p %s", kexecpath, kexecpath);
	    if (kexecpath[0] == '/')
		    obj_main->path = kexecpath;
	    else if (getcwd(buf, sizeof(buf)) == NULL ||
		     strlcat(buf, "/", sizeof(buf)) >= sizeof(buf) ||
		     strlcat(buf, kexecpath, sizeof(buf)) >= sizeof(buf))
		    obj_main->path = xstrdup(argv0);
	    else
		    obj_main->path = xstrdup(buf);
    } else {
	    dbg("No AT_EXECPATH");
	    obj_main->path = xstrdup(argv0);
    }
    dbg("obj_main path %s", obj_main->path);
528
    obj_main->mainprog = true;
529

530
531
532
533
    if (aux_info[AT_STACKPROT] != NULL &&
      aux_info[AT_STACKPROT]->a_un.a_val != 0)
	    stack_prot = aux_info[AT_STACKPROT]->a_un.a_val;

534
#ifndef COMPAT_32BIT
535
536
537
538
539
540
541
542
543
544
    /*
     * Get the actual dynamic linker pathname from the executable if
     * possible.  (It should always be possible.)  That ensures that
     * gdb will find the right dynamic linker even if a non-standard
     * one is being used.
     */
    if (obj_main->interp != NULL &&
      strcmp(obj_main->interp, obj_rtld.path) != 0) {
	free(obj_rtld.path);
	obj_rtld.path = xstrdup(obj_main->interp);
545
        __progname = obj_rtld.path;
546
    }
547
#endif
548

549
    digest_dynamic(obj_main, 0);
kib's avatar
kib committed
550
551
552
    dbg("%s valid_hash_sysv %d valid_hash_gnu %d dynsymcount %d",
	obj_main->path, obj_main->valid_hash_sysv, obj_main->valid_hash_gnu,
	obj_main->dynsymcount);
553

554
555
556
    linkmap_add(obj_main);
    linkmap_add(&obj_rtld);

557
558
559
    /* Link the main program into the list of objects. */
    *obj_tail = obj_main;
    obj_tail = &obj_main->next;
560
    obj_count++;
kan's avatar
kan committed
561
    obj_loads++;
562

563
564
    /* Initialize a fake symbol for resolving undefined weak references. */
    sym_zero.st_info = ELF_ST_INFO(STB_GLOBAL, STT_NOTYPE);
565
    sym_zero.st_shndx = SHN_UNDEF;
566
    sym_zero.st_value = -(uintptr_t)obj_main->relocbase;
567

568
    if (!libmap_disable)
mdodd's avatar
mdodd committed
569
        libmap_disable = (bool)lm_init(libmap_override);
570

jdp's avatar
jdp committed
571
572
    dbg("loading LD_PRELOAD libraries");
    if (load_preload_objects() == -1)
573
	rtld_die();
574
    preload_tail = obj_tail;
jdp's avatar
jdp committed
575

576
    dbg("loading needed objects");
577
    if (load_needed_objects(obj_main, 0) == -1)
578
	rtld_die();
579

580
    /* Make a list of all objects loaded at startup. */
581
    last_interposer = obj_main;
582
    for (obj = obj_list;  obj != NULL;  obj = obj->next) {
583
584
585
586
587
588
	if (obj->z_interpose && obj != obj_main) {
	    objlist_put_after(&list_main, last_interposer, obj);
	    last_interposer = obj;
	} else {
	    objlist_push_tail(&list_main, obj);
	}
589
590
    	obj->refcount++;
    }
591

592
593
    dbg("checking for required versions");
    if (rtld_verify_versions(&list_main) == -1 && !ld_tracing)
594
	rtld_die();
595

dfr's avatar
dfr committed
596
597
598
599
600
    if (ld_tracing) {		/* We're done */
	trace_loaded_objects(obj_main);
	exit(0);
    }

601
    if (getenv(LD_ "DUMP_REL_PRE") != NULL) {
602
603
604
605
       dump_relocations(obj_main);
       exit (0);
    }

606
607
608
609
610
611
    /*
     * Processing tls relocations requires having the tls offsets
     * initialized.  Prepare offsets before starting initial
     * relocation processing.
     */
    dbg("initializing initial thread local storage offsets");
612
613
614
615
616
617
618
619
    STAILQ_FOREACH(entry, &list_main, link) {
	/*
	 * Allocate all the initial objects out of the static TLS
	 * block even if they didn't ask for it.
	 */
	allocate_tls_offset(entry->obj);
    }

620
    if (relocate_objects(obj_main,
621
622
      ld_bind_now != NULL && *ld_bind_now != '\0',
      &obj_rtld, SYMLOOK_EARLY, NULL) == -1)
623
	rtld_die();
624
625
626

    dbg("doing copy relocations");
    if (do_copy_relocations(obj_main) == -1)
627
	rtld_die();
628

629
    if (getenv(LD_ "DUMP_REL_POST") != NULL) {
630
631
632
633
       dump_relocations(obj_main);
       exit (0);
    }

634
635
636
637
638
639
640
641
    /*
     * Setup TLS for main thread.  This must be done after the
     * relocations are processed, since tls initialization section
     * might be the subject for relocations.
     */
    dbg("initializing initial thread local storage");
    allocate_initial_tls(obj_list);

642
643
644
    dbg("initializing key program variables");
    set_program_var("__progname", argv[0] != NULL ? basename(argv[0]) : "");
    set_program_var("environ", env);
645
    set_program_var("__elf_aux_vector", aux);
646

647
648
649
650
    /* Make a list of init functions to call. */
    objlist_init(&initlist);
    initlist_add_objects(obj_list, preload_tail, &initlist);

651
    r_debug_state(NULL, &obj_main->linkmap); /* say hello to gdb! */
652

653
    map_stacks_exec(NULL);
654

655
656
    dbg("resolving ifuncs");
    if (resolve_objects_ifunc(obj_main,
657
658
      ld_bind_now != NULL && *ld_bind_now != '\0', SYMLOOK_EARLY,
      NULL) == -1)
659
	rtld_die();
660

661
662
663
664
665
666
667
668
669
670
671
    if (!obj_main->crt_no_init) {
	/*
	 * Make sure we don't call the main program's init and fini
	 * functions for binaries linked with old crt1 which calls
	 * _init itself.
	 */
	obj_main->init = obj_main->fini = (Elf_Addr)NULL;
	obj_main->preinit_array = obj_main->init_array =
	    obj_main->fini_array = (Elf_Addr)NULL;
    }

672
    wlock_acquire(rtld_bind_lock, &lockstate);
673
674
    if (obj_main->crt_no_init)
	preinit_main();
675
    objlist_call_init(&initlist, &lockstate);
676
    _r_debug_postinit(&obj_main->linkmap);
677
    objlist_clear(&initlist);
678
679
680
681
682
683
    dbg("loading filtees");
    for (obj = obj_list->next; obj != NULL; obj = obj->next) {
	if (ld_loadfltr || obj->z_loadfltr)
	    load_filtees(obj, 0, &lockstate);
    }
    lock_release(rtld_bind_lock, &lockstate);
684
685
686
687

    dbg("transferring control to program entry point = %p", obj_main->entry);

    /* Return the exit procedure and the program entry point. */
dfr's avatar
dfr committed
688
689
    *exit_proc = rtld_exit;
    *objp = obj_main;
690
691
692
    return (func_ptr_type) obj_main->entry;
}

693
694
695
696
697
698
699
700
701
702
703
void *
rtld_resolve_ifunc(const Obj_Entry *obj, const Elf_Sym *def)
{
	void *ptr;
	Elf_Addr target;

	ptr = (void *)make_function_pointer(def, obj);
	target = ((Elf_Addr (*)(void))ptr)();
	return ((void *)target);
}

704
Elf_Addr
705
_rtld_bind(Obj_Entry *obj, Elf_Size reloff)
706
{
dfr's avatar
dfr committed
707
708
    const Elf_Rel *rel;
    const Elf_Sym *def;
709
    const Obj_Entry *defobj;
dfr's avatar
dfr committed
710
    Elf_Addr *where;
711
    Elf_Addr target;
712
    RtldLockState lockstate;
713

714
    rlock_acquire(rtld_bind_lock, &lockstate);
715
    if (sigsetjmp(lockstate.env, 0) != 0)
716
	    lock_upgrade(rtld_bind_lock, &lockstate);
dfr's avatar
dfr committed
717
718
719
720
    if (obj->pltrel)
	rel = (const Elf_Rel *) ((caddr_t) obj->pltrel + reloff);
    else
	rel = (const Elf_Rel *) ((caddr_t) obj->pltrela + reloff);
721

dfr's avatar
dfr committed
722
    where = (Elf_Addr *) (obj->relocbase + rel->r_offset);
723
724
    def = find_symdef(ELF_R_SYM(rel->r_info), obj, &defobj, true, NULL,
	&lockstate);
725
    if (def == NULL)
726
	rtld_die();
727
728
729
730
    if (ELF_ST_TYPE(def->st_info) == STT_GNU_IFUNC)
	target = (Elf_Addr)rtld_resolve_ifunc(defobj, def);
    else
	target = (Elf_Addr)(defobj->relocbase + def->st_value);
731
732
733

    dbg("\"%s\" in \"%s\" ==> %p in \"%s\"",
      defobj->strtab + def->st_name, basename(obj->path),
734
      (void *)target, basename(defobj->path));
735

736
737
738
739
740
741
742
    /*
     * Write the new contents for the jmpslot. Note that depending on
     * architecture, the value which we need to return back to the
     * lazy binding trampoline may or may not be the target
     * address. The value returned from reloc_jmpslot() is the value
     * that the trampoline needs.
     */
743
    target = reloc_jmpslot(where, target, defobj, obj, rel);
744
    lock_release(rtld_bind_lock, &lockstate);
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
    return target;
}

/*
 * Error reporting function.  Use it like printf.  If formats the message
 * into a buffer, and sets things up so that the next call to dlerror()
 * will return the message.
 */
void
_rtld_error(const char *fmt, ...)
{
    static char buf[512];
    va_list ap;

    va_start(ap, fmt);
760
    rtld_vsnprintf(buf, sizeof buf, fmt, ap);
761
762
763
764
    error_message = buf;
    va_end(ap);
}

765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
/*
 * Return a dynamically-allocated copy of the current error message, if any.
 */
static char *
errmsg_save(void)
{
    return error_message == NULL ? NULL : xstrdup(error_message);
}

/*
 * Restore the current error message from a copy which was previously saved
 * by errmsg_save().  The copy is freed.
 */
static void
errmsg_restore(char *saved_msg)
{
    if (saved_msg == NULL)
	error_message = NULL;
    else {
	_rtld_error("%s", saved_msg);
	free(saved_msg);
    }
}

789
790
791
792
793
794
795
static const char *
basename(const char *name)
{
    const char *p = strrchr(name, '/');
    return p != NULL ? p + 1 : name;
}

796
797
static struct utsname uts;

798
static char *
799
800
origin_subst_one(Obj_Entry *obj, char *real, const char *kw,
    const char *subst, bool may_free)
801
{
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
	char *p, *p1, *res, *resp;
	int subst_len, kw_len, subst_count, old_len, new_len;

	kw_len = strlen(kw);

	/*
	 * First, count the number of the keyword occurences, to
	 * preallocate the final string.
	 */
	for (p = real, subst_count = 0;; p = p1 + kw_len, subst_count++) {
		p1 = strstr(p, kw);
		if (p1 == NULL)
			break;
	}

	/*
	 * If the keyword is not found, just return.
819
820
821
822
	 *
	 * Return non-substituted string if resolution failed.  We
	 * cannot do anything more reasonable, the failure mode of the
	 * caller is unresolved library anyway.
823
	 */
824
	if (subst_count == 0 || (obj != NULL && !obj_resolve_origin(obj)))
825
		return (may_free ? real : xstrdup(real));
826
827
	if (obj != NULL)
		subst = obj->origin_path;
828
829
830
831
832
833
834
835
836
837
838
839
840

	/*
	 * There is indeed something to substitute.  Calculate the
	 * length of the resulting string, and allocate it.
	 */
	subst_len = strlen(subst);
	old_len = strlen(real);
	new_len = old_len + (subst_len - kw_len) * subst_count;
	res = xmalloc(new_len + 1);

	/*
	 * Now, execute the substitution loop.
	 */
841
	for (p = real, resp = res, *resp = '\0';;) {
842
843
844
845
846
847
848
849
		p1 = strstr(p, kw);
		if (p1 != NULL) {
			/* Copy the prefix before keyword. */
			memcpy(resp, p, p1 - p);
			resp += p1 - p;
			/* Keyword replacement. */
			memcpy(resp, subst, subst_len);
			resp += subst_len;
850
			*resp = '\0';
851
852
853
854
855
856
857
858
859
860
			p = p1 + kw_len;
		} else
			break;
	}

	/* Copy to the end of string and finish. */
	strcat(resp, p);
	if (may_free)
		free(real);
	return (res);
861
862
863
}

static char *
864
origin_subst(Obj_Entry *obj, char *real)
865
{
866
	char *res1, *res2, *res3, *res4;
867

868
869
	if (obj == NULL || !trust)
		return (xstrdup(real));
870
871
872
873
874
	if (uts.sysname[0] == '\0') {
		if (uname(&uts) != 0) {
			_rtld_error("utsname failed: %d", errno);
			return (NULL);
		}
875
	}
876
877
878
879
	res1 = origin_subst_one(obj, real, "$ORIGIN", NULL, false);
	res2 = origin_subst_one(NULL, res1, "$OSNAME", uts.sysname, true);
	res3 = origin_subst_one(NULL, res2, "$OSREL", uts.release, true);
	res4 = origin_subst_one(NULL, res3, "$PLATFORM", uts.machine, true);
880
	return (res4);
881
882
}

883
884
void
rtld_die(void)
885
886
887
888
889
{
    const char *msg = dlerror();

    if (msg == NULL)
	msg = "Fatal error";
890
    rtld_fdputstr(STDERR_FILENO, msg);
891
    rtld_fdputchar(STDERR_FILENO, '\n');
892
    _exit(1);
893
894
895
896
897
898
899
}

/*
 * Process a shared object's DYNAMIC section, and save the important
 * information in its Obj_Entry structure.
 */
static void
900
digest_dynamic1(Obj_Entry *obj, int early, const Elf_Dyn **dyn_rpath,
901
    const Elf_Dyn **dyn_soname, const Elf_Dyn **dyn_runpath)
902
{
dfr's avatar
dfr committed
903
    const Elf_Dyn *dynp;
904
    Needed_Entry **needed_tail = &obj->needed;
905
906
    Needed_Entry **needed_filtees_tail = &obj->needed_filtees;
    Needed_Entry **needed_aux_filtees_tail = &obj->needed_aux_filtees;
kib's avatar
kib committed
907
908
909
    const Elf_Hashelt *hashtab;
    const Elf32_Word *hashval;
    Elf32_Word bkt, nmaskwords;
910
    unsigned int bloom_size32;
dfr's avatar
dfr committed
911
    int plttype = DT_REL;
912

913
914
    *dyn_rpath = NULL;
    *dyn_soname = NULL;
915
    *dyn_runpath = NULL;
916

dfr's avatar
dfr committed
917
    obj->bind_now = false;
918
919
920
921
    for (dynp = obj->dynamic;  dynp->d_tag != DT_NULL;  dynp++) {
	switch (dynp->d_tag) {

	case DT_REL:
dfr's avatar
dfr committed
922
	    obj->rel = (const Elf_Rel *) (obj->relocbase + dynp->d_un.d_ptr);
923
924
925
926
927
928
929
	    break;

	case DT_RELSZ:
	    obj->relsize = dynp->d_un.d_val;
	    break;

	case DT_RELENT:
dfr's avatar
dfr committed
930
	    assert(dynp->d_un.d_val == sizeof(Elf_Rel));
931
932
933
	    break;

	case DT_JMPREL:
dfr's avatar
dfr committed
934
	    obj->pltrel = (const Elf_Rel *)
935
936
937
938
939
940
941
942
	      (obj->relocbase + dynp->d_un.d_ptr);
	    break;

	case DT_PLTRELSZ:
	    obj->pltrelsize = dynp->d_un.d_val;
	    break;

	case DT_RELA:
dfr's avatar
dfr committed
943
944
945
	    obj->rela = (const Elf_Rela *) (obj->relocbase + dynp->d_un.d_ptr);
	    break;

946
	case DT_RELASZ:
dfr's avatar
dfr committed
947
948
949
	    obj->relasize = dynp->d_un.d_val;
	    break;

950
	case DT_RELAENT:
dfr's avatar
dfr committed
951
	    assert(dynp->d_un.d_val == sizeof(Elf_Rela));
952
953
954
	    break;

	case DT_PLTREL:
dfr's avatar
dfr committed
955
956
	    plttype = dynp->d_un.d_val;
	    assert(dynp->d_un.d_val == DT_REL || plttype == DT_RELA);
957
958
959
	    break;

	case DT_SYMTAB:
dfr's avatar
dfr committed
960
	    obj->symtab = (const Elf_Sym *)
961
962
963
964
	      (obj->relocbase + dynp->d_un.d_ptr);
	    break;

	case DT_SYMENT:
dfr's avatar
dfr committed
965
	    assert(dynp->d_un.d_val == sizeof(Elf_Sym));
966
967
968
969
970
971
972
973
974
975
	    break;

	case DT_STRTAB:
	    obj->strtab = (const char *) (obj->relocbase + dynp->d_un.d_ptr);
	    break;

	case DT_STRSZ:
	    obj->strsize = dynp->d_un.d_val;
	    break;

976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
	case DT_VERNEED:
	    obj->verneed = (const Elf_Verneed *) (obj->relocbase +
		dynp->d_un.d_val);
	    break;

	case DT_VERNEEDNUM:
	    obj->verneednum = dynp->d_un.d_val;
	    break;

	case DT_VERDEF:
	    obj->verdef = (const Elf_Verdef *) (obj->relocbase +
		dynp->d_un.d_val);
	    break;

	case DT_VERDEFNUM:
	    obj->verdefnum = dynp->d_un.d_val;
	    break;

	case DT_VERSYM:
	    obj->versyms = (const Elf_Versym *)(obj->relocbase +
		dynp->d_un.d_val);
	    break;

999
1000
	case DT_HASH:
	    {